1660 files changed, 56961 insertions, 72830 deletions

diff --git a/.cirrus.yml b/.cirrus.yml
index 9daf33ba2..17902a430 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -14,6 +14,8 @@ env:
     GOPATH: &gopath "/var/tmp/go"
     GOCACHE: "${GOPATH}/cache"
     GOSRC: &gosrc "/var/tmp/go/src/github.com/containers/podman"
+    # Store the unaltered default location, for tasks that need it
+    CIRRUS_DEFAULT_WORK: ${CIRRUS_WORKING_DIR}
     CIRRUS_WORKING_DIR: *gosrc
     # The default is 'sh' if unspecified
     CIRRUS_SHELL: "/bin/bash"
@@ -33,14 +35,14 @@ env:
     UBUNTU_NAME: "ubuntu-2204"
 
     # Image identifiers
-    IMAGE_SUFFIX: "c5495735033528320"
-    FEDORA_AMI_ID: "ami-0df5df528071f1052"  # matches c5495735033528320
-    FEDORA_AARCH64_AMI_ID: "ami-02ee8b3a782a78791"  # matches c5495735033528320
-    # Complete image names
+    IMAGE_SUFFIX: "c5823947156488192"
+    # EC2 images
+    FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
+    FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}"
+    # GCP Images
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     #PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
     UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
-
     # Container FQIN's
     FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
     #PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
@@ -60,9 +62,10 @@ env:
 
     # Curl-command prefix for downloading task artifacts, simply add the
     # the url-encoded task name, artifact name, and path as a suffix.
+    ART_URL: https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID}
     ARTCURL: >-
-        curl --fail --location -O
-        --url https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID}
+        curl --retry 5 --retry-delay 8 --fail --location -O
+        --url ${ART_URL}
 
 
 # Default timeout for each task
@@ -204,12 +207,13 @@ build_aarch64_task:
     only_if: "$CIRRUS_CRON != 'multiarch'"
     ec2_instance: &standard_build_ec2_aarch64
         image: ${VM_IMAGE_NAME}
-        type: t4g.xlarge
+        type: ${EC2_INST_TYPE}
         region: us-east-1
         architecture: arm64  # CAUTION: This has to be "arm64", not "aarch64".
     env: &stdenvars_aarch64
+        EC2_INST_TYPE: "t4g.xlarge"
         DISTRO_NV: ${FEDORA_AARCH64_NAME}
-        VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI_ID}
+        VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI}
         CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
         CI_DESIRED_RUNTIME: crun
         TEST_FLAVOR: build
@@ -307,6 +311,7 @@ bindings_task:
     only_if: >-
         $CIRRUS_PR != '' &&
         $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
+        $CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
         $CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*'
     depends_on:
         - build
@@ -414,9 +419,7 @@ alt_build_task:
     alias: alt_build
     # Don't create task for [CI:DOCS] or multiarch builds
     # Docs: ./contrib/cirrus/CIModes.md
-    only_if: &not_docs_multiarch >-
-        $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
-        $CIRRUS_CRON != 'multiarch'
+    only_if: $CIRRUS_CRON != 'multiarch'
     depends_on:
         - build
     env:
@@ -431,7 +434,7 @@ alt_build_task:
       - env:
             ALT_NAME: 'Build Without CGO'
       - env:
-            ALT_NAME: 'Test build RPM'
+            ALT_NAME: 'Test build podman-next Copr RPM'
       - env:
             ALT_NAME: 'Alt Arch. Cross'
     # This task cannot make use of the shared repo.tbz artifact.
@@ -449,7 +452,7 @@ osx_alt_build_task:
     name: "OSX Cross"
     alias: osx_alt_build
     # Docs: ./contrib/cirrus/CIModes.md
-    only_if: *not_docs_multiarch
+    only_if: $CIRRUS_CRON != 'multiarch'
     depends_on:
         - build
     env:
@@ -484,6 +487,7 @@ docker-py_test_task:
     only_if: &not_tag_branch_build_docs >-
         $CIRRUS_PR != '' &&
         $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
+        $CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
         $CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*'
 
     depends_on:
@@ -499,8 +503,7 @@ docker-py_test_task:
     always: *runner_stats
 
 
-# Does exactly what it says, execute the podman unit-tests on all primary
-# platforms and release versions.
+# Does exactly what it says, execute the podman unit-tests on Fedora.
 unit_test_task:
     name: "Unit tests on $DISTRO_NV"
     alias: unit_test
@@ -511,9 +514,6 @@ unit_test_task:
         - validate
     matrix:
         - env: *stdenvars
-        # Fedora 35 skipped for podman4
-        #- env: *priorfedora_envvars
-        - env: *ubuntu_envvars
         # Special-case: Rootless on latest Fedora (standard) VM
         - name: "Rootless unit on $DISTRO_NV"
           env:
@@ -635,13 +635,11 @@ container_integration_test_task:
     matrix: &fedora_vm_axis
         - env:
               DISTRO_NV: ${FEDORA_NAME}
-              _BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
               VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
               CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
               CI_DESIRED_RUNTIME: crun
         #- env:
         #DISTRO_NV: ${PRIOR_FEDORA_NAME}
-        #_BUILD_CACHE_HANDLE: ${PRIOR_FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
         #VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
         #CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
     gce_instance: *standardvm
@@ -682,11 +680,6 @@ podman_machine_task:
     # Required_pr_labels does not apply to non-PRs.
     # Do not run on tags, branches, [CI:BUILD], or [CI:DOCS].
     only_if: *not_tag_branch_build_docs
-    # This task costs about $4 per attempt to execute.
-    # Only run it if a magic PR label is present.
-    # DO NOT ADD THIS TASK AS DEPENDENCY FOR `success_task`
-    # it will cause an infinate-block / never completing build.
-    required_pr_labels: test_podman_machine
     depends_on:
         - build
         - local_integration_test
@@ -695,19 +688,45 @@ podman_machine_task:
         - rootless_integration_test
     ec2_instance:
         image: "${VM_IMAGE_NAME}"
-        type: m5zn.metal  # Bare-metal instance is required
+        type: "${EC2_INST_TYPE}"
         region: us-east-1
     env:
+      EC2_INST_TYPE: "m5zn.metal"  # Bare-metal instance is required
       TEST_FLAVOR: "machine"
       PRIV_NAME: "rootless"  # intended use-case
       DISTRO_NV: "${FEDORA_NAME}"
-      VM_IMAGE_NAME: "${FEDORA_AMI_ID}"
+      VM_IMAGE_NAME: "${FEDORA_AMI}"
     clone_script: *get_gosrc
     setup_script: *setup
     main_script: *main
     always: *int_logs_artifacts
 
 
+podman_machine_aarch64_task:
+    name: *std_name_fmt
+    alias: podman_machine_aarch64
+    only_if: *not_tag_branch_build_docs
+    depends_on:
+        - build_aarch64
+        - validate_aarch64
+        - local_integration_test
+        - remote_integration_test
+        - container_integration_test
+        - rootless_integration_test
+    ec2_instance:
+        <<: *standard_build_ec2_aarch64
+    env:
+        TEST_FLAVOR: "machine"
+        EC2_INST_TYPE: c6g.metal
+        PRIV_NAME: "rootless"  # intended use-case
+        DISTRO_NV: "${FEDORA_AARCH64_NAME}"
+        VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}"
+    clone_script: *get_gosrc_aarch64
+    setup_script: *setup
+    main_script: *main
+    always: *int_logs_artifacts
+
+
 # Always run subsequent to integration tests.  While parallelism is lost
 # with runtime, debugging system-test failures can be more challenging
 # for some golang developers.  Otherwise the following tasks run across
@@ -720,6 +739,7 @@ local_system_test_task: &local_system_test_task
     only_if: &not_tag_build_docs_multiarch >-
         $CIRRUS_TAG == '' &&
         $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
+        $CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
         $CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
         $CIRRUS_CRON != 'multiarch'
     depends_on:
@@ -785,8 +805,6 @@ rootless_remote_system_test_task:
               # Not used here, is used in other tasks
               VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
               CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
-              # ID for re-use of build output
-              _BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
               CI_DESIRED_RUNTIME: crun
     <<: *local_system_test_task
     alias: rootless_remote_system_test
@@ -833,8 +851,6 @@ buildah_bud_test_task:
         # Not used here, is used in other tasks
         VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
         CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
-        # ID for re-use of build output
-        _BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
     matrix:
         - env:
             PODBIN_NAME: podman
@@ -896,8 +912,6 @@ upgrade_test_task:
         TEST_FLAVOR: upgrade_test
         DISTRO_NV: ${FEDORA_NAME}
         VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
-        # ID for re-use of build output
-        _BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
     clone_script: *get_gosrc
     setup_script: *setup
     main_script: *main
@@ -971,8 +985,12 @@ meta_task:
             ${FEDORA_CACHE_IMAGE_NAME}
             ${UBUNTU_CACHE_IMAGE_NAME}
             build-push-${IMAGE_SUFFIX}
+        EC2IMGNAMES: >-
+          ${FEDORA_AARCH64_AMI}
+          ${FEDORA_AMI}
         BUILDID: "${CIRRUS_BUILD_ID}"
         REPOREF: "${CIRRUS_REPO_NAME}"
+        AWSINI: ENCRYPTED[21b2db557171b11eb5abdbccae593f48c9caeba86dfcc4d4ff109edee9b4656ab6720a110dadfcd51e88cc59a71cc7af]
         GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4]
         GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6]
         GCPPROJECT: libpod-218412
@@ -1000,6 +1018,7 @@ success_task:
         - consistency_aarch64
         - alt_build
         - osx_alt_build
+        - win_installer
         - docker-py_test
         - unit_test
         - apiv2_test
@@ -1008,9 +1027,8 @@ success_task:
         - remote_integration_test
         - container_integration_test
         - rootless_integration_test
-        # Label triggered task. If made automatic, remove line below
-        # AND bypass in contrib/cirrus/cirrus_yaml_test.py for this name.
-        # - podman_machine
+        - podman_machine
+        - podman_machine_aarch64
         - local_system_test
         - local_system_test_aarch64
         - remote_system_test
@@ -1034,7 +1052,10 @@ artifacts_task:
     name: "Artifacts"
     alias: artifacts
     # Docs: ./contrib/cirrus/CIModes.md
-    only_if: *not_docs_multiarch
+    only_if: >-
+        $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
+        $CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
+        $CIRRUS_CRON != 'multiarch'
     depends_on:
         - success
     # This task is a secondary/convenience for downstream consumers, don't
@@ -1082,6 +1103,25 @@ artifacts_task:
           type: application/octet-stream
 
 
+win_installer_task:
+    name: "Verify Win Installer Build"
+    alias: win_installer
+    # Don't run for multiarch container image cirrus-cron job.
+    only_if: $CIRRUS_CRON != 'multiarch'
+    depends_on:
+      - alt_build
+    windows_container:
+        image: cirrusci/windowsservercore:2019
+    env:
+        PATH: "${PATH};C:\\ProgramData\\chocolatey\\bin"
+        CIRRUS_SHELL: powershell
+        # Fake version, we are only testing the installer functions, so version doesn't matter
+        WIN_INST_VER: 9.9.9
+        CIRRUS_WORKING_DIR: "${CIRRUS_DEFAULT_WORK}"
+    install_script: '.\contrib\cirrus\win-installer-install.ps1'
+    main_script: '.\contrib\cirrus\win-installer-main.ps1'
+
+
 # When a new tag is pushed, confirm that the code and commits
 # meet criteria for an official release.
 release_task:
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 6ad306f0f..5946fa6a1 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -55,7 +55,7 @@ Briefly describe the problem you are having in a few paragraphs.
 (paste your output here)
 ```
 
-**Output of `podman info --debug`:**
+**Output of `podman info`:**
 
 ```
 (paste your output here)
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 000000000..4d00baca9
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,4 @@
+# Add labels based on file paths in PR
+#   https://github.com/actions/labeler
+kind/api-change:
+  - pkg/api/**/*
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
new file mode 100644
index 000000000..64505bbfe
--- /dev/null
+++ b/.github/workflows/labeler.yml
@@ -0,0 +1,15 @@
+# https://github.com/actions/labeler
+name: "Pull Request Labeler"
+on:
+- pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/upload-win-installer.yml b/.github/workflows/upload-win-installer.yml
new file mode 100644
index 000000000..125100a28
--- /dev/null
+++ b/.github/workflows/upload-win-installer.yml
@@ -0,0 +1,96 @@
+name: Upload Windows Installer
+
+on:
+  release:
+    types: [created, published, edited]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version to build and upload (e.g. "4.2.1")'
+        required: true
+jobs:
+  build:
+    runs-on: windows-latest
+    env:
+        FETCH_BASE_URL: ${{ github.server_url }}/${{ github.repository }}
+    steps:
+    - name: Determine version
+      id: getversion
+      run: |
+        $version = "${{ inputs.version }}"
+        if ($version.Length -lt 1) {
+          $version = "${{ github.event.release.tag_name }}"
+          if ($version.Length -lt 1) {
+            Write-Host "Could not determine version!"
+            Exit 1
+          }
+        }
+        Write-Output "::set-output name=version::$version"
+    - uses: actions/checkout@v3
+    - name: Check
+      id: check
+      run: |
+        Push-Location contrib\win-installer
+        .\check.ps1 ${{steps.getversion.outputs.version}}
+        $code = $LASTEXITCODE
+        if ($code -eq 2) {
+          Write-Output "::set-output name=already-exists::true"
+          Pop-Location
+          Exit 0
+        }
+        Write-Output "UPLOAD_ASSET_NAME=$env:UPLOAD_ASSET_NAME" | Out-File -FilePath $env:GITHUB_ENV -Append
+        Pop-Location
+        Exit $code
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      if: steps.check.outputs.already-exists != 'true'
+      with:
+        go-version: 1.18
+    - name: Setup Signature Tooling
+      if: steps.Check.outputs.already-exists != 'true'
+      run: |
+          dotnet tool install --global AzureSignTool --version 3.0.0
+          echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append
+          echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
+          echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
+          echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
+          echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append
+    - name: Build
+      id: build
+      if: steps.check.outputs.already-exists != 'true'
+      run: |
+        Push-Location contrib\win-installer
+        .\build.ps1 ${{steps.getversion.outputs.version}} prod
+        $code = $LASTEXITCODE
+        if ($code -eq 2) {
+          Write-Output "::set-output name=artifact-missing::true"
+          Pop-Location
+          Exit 0
+        }
+        Pop-Location
+        Exit $code
+    - name: Upload
+      if: steps.check.outputs.already-exists != 'true' && steps.build.outputs.artifact-missing != 'true'
+      env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        Push-Location contrib\win-installer
+        $version = "${{ steps.getversion.outputs.version }}"
+        if ($version[0] -ne "v") {
+          $version = "v$version"
+        }
+        gh release upload $version $ENV:UPLOAD_ASSET_NAME
+        if ($LASTEXITCODE -ne 0) {
+          .\check.ps1 $version
+          if ($LASTEXITCODE -eq 2) {
+            Write-Host "Another job uploaded before us, skipping"
+            Pop-Location
+            Exit 0
+          }
+          Pop-Location
+          Exit 1
+        }
+        if (Test-Path -Path shasums) {
+          gh release upload --clobber $version shasums
+        }
+        Pop-Location
diff --git a/.gitignore b/.gitignore
index b8059e69a..44e291b22 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@ coverprofile
 /docs/*.[158].gz
 /docs/build/
 /docs/remote
+**.DS_Store
 .gopathok
 .idea*
 .nfs*
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index eddd35cba..d0f4ceb02 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
-![PODMAN logo](logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 # Contributing to Podman
 
 We'd love to have you join the community! Below summarizes the processes
@@ -97,6 +97,13 @@ You need install some dependencies before building a binary.
   $ export PKG_CONFIG_PATH="/usr/lib/pkgconfig"
   ```
 
+#### Debian / Ubuntu
+
+  ```shell
+  $ sudo apt-get install -y libsystemd-dev libgpgme-dev libseccomp-dev
+  $ export PKG_CONFIG_PATH="/usr/lib/pkgconfig"
+  ```
+
 ### Building binaries and test your changes
 
 To test your changes do `make binaries` to generate your binaries.
diff --git a/Makefile b/Makefile
index ad4b0f594..a42f1f181 100644
--- a/Makefile
+++ b/Makefile
@@ -38,6 +38,7 @@ MANDIR ?= ${PREFIX}/share/man
 SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers
 ETCDIR ?= ${PREFIX}/etc
 TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d
+USERTMPFILESDIR ?= ${PREFIX}/share/user-tmpfiles.d
 MODULESLOADDIR ?= ${PREFIX}/lib/modules-load.d
 SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system
 USERSYSTEMDDIR ?= ${PREFIX}/lib/systemd/user
@@ -77,7 +78,12 @@ BUILDTAGS_CROSS ?= containers_image_openpgp exclude_graphdriver_btrfs exclude_gr
 CONTAINER_RUNTIME := $(shell command -v podman 2> /dev/null || echo docker)
 OCI_RUNTIME ?= ""
 
-MANPAGES_MD ?= $(wildcard docs/source/markdown/*.md)
+# The 'sort' below is crucial: without it, 'make docs' behaves differently
+# on the first run than on subsequent ones, because the generated .md
+MANPAGES_SOURCE_DIR = docs/source/markdown
+MANPAGES_MD_IN ?= $(wildcard $(MANPAGES_SOURCE_DIR)/*.md.in)
+MANPAGES_MD_GENERATED ?= $(MANPAGES_MD_IN:%.md.in=%.md)
+MANPAGES_MD ?= $(sort $(wildcard $(MANPAGES_SOURCE_DIR)/*.md) $(MANPAGES_MD_GENERATED))
 MANPAGES ?= $(MANPAGES_MD:%.md=%)
 MANPAGES_DEST ?= $(subst markdown,man, $(subst source,build,$(MANPAGES)))
 
@@ -261,7 +267,7 @@ test/version/version: version/version.go
 
 .PHONY: codespell
 codespell:
-	codespell -S bin,vendor,.git,go.sum,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.ps1,*.tar,swagger.yaml,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L pullrequest,uint,iff,od,seeked,splitted,marge,erro,hist,ether -w
+	codespell -S bin,vendor,.git,go.sum,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.ps1,*.tar,swagger.yaml,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L clos,ans,pullrequest,uint,iff,od,seeked,splitted,marge,erro,hist,ether -w
 
 .PHONY: validate
 validate: lint .gitvalidation validate.completions man-page-check swagger-check tests-included tests-expect-exit pr-removes-fixed-skips
@@ -279,8 +285,9 @@ vendor:
 
 .PHONY: vendor-in-container
 vendor-in-container:
-	podman run --privileged --rm --env HOME=/root \
+	podman run --rm --env HOME=/root \
 		-v $(CURDIR):/src -w /src \
+		--security-opt label=disable \
 		docker.io/library/golang:1.17 \
 		make vendor
 
@@ -416,17 +423,24 @@ completions: podman podman-remote
 pkg/api/swagger.yaml:
 	make -C pkg/api
 
-$(MANPAGES): %: %.md .install.md2man docdir
+$(MANPAGES_MD_GENERATED): %.md: %.md.in $(MANPAGES_SOURCE_DIR)/options/*.md
+	hack/markdown-preprocess $<
 
-### sed is used to filter http/s links as well as relative links
-### replaces "\" at the end of a line with two spaces
-### this ensures that manpages are renderd correctly
+$(MANPAGES): %: %.md .install.md2man docdir
 
-	@$(SED) -e 's/\((podman[^)]*\.md\(#.*\)\?)\)//g' \
-	 -e 's/\[\(podman[^]]*\)\]/\1/g' \
-		 -e 's/\[\([^]]*\)](http[^)]\+)/\1/g' \
-	 -e 's;<\(/\)\?\(a\|a\s\+[^>]*\|sup\)>;;g' \
-	 -e 's/\\$$/  /g' $<  | \
+# This does a bunch of filtering needed for man pages:
+#  1. Strip markdown link targets like '[podman(1)](podman.1.md)'
+#     to just '[podman(1)]', because man pages have no link mechanism;
+#  2. Then remove the brackets: '[podman(1)]' -> 'podman(1)';
+#  3. Then do the same for all other markdown links,
+#     like '[cgroups(7)](https://.....)'  -> just 'cgroups(7)';
+#  4. Remove HTML-ish stuff like '<sup>..</sup>' and '<a>..</a>'
+#  5. Replace "\" (backslash) at EOL with two spaces (no idea why)
+	@$(SED) -e 's/\((podman[^)]*\.md\(#.*\)\?)\)//g'    \
+	       -e 's/\[\(podman[^]]*\)\]/\1/g'              \
+	       -e 's/\[\([^]]*\)](http[^)]\+)/\1/g'         \
+	       -e 's;<\(/\)\?\(a\|a\s\+[^>]*\|sup\)>;;g'    \
+	       -e 's/\\$$/  /g' $<                         |\
 	$(GOMD2MAN) -in /dev/stdin -out $(subst source/markdown,build/man,$@)
 
 .PHONY: docdir
@@ -676,6 +690,9 @@ podman-remote-release-%.zip: test/version/version ## Build podman-remote for %=$
 	else \
 		$(MAKE) $(GOPLAT) podman-remote; \
 	fi
+	if [[ "$(GOOS)" == "windows" ]]; then \
+		$(MAKE) $(GOPLAT) TMPDIR="" win-sshproxy; \
+	fi
 	cp -r ./docs/build/remote/$(GOOS) "$(TMPDIR)/$(SUBDIR)/docs/"
 	cp ./contrib/remote/containers.conf "$(TMPDIR)/$(SUBDIR)/"
 	$(MAKE) $(GOPLAT) $(_DSTARGS) SELINUXOPT="" install.remote
@@ -738,6 +755,8 @@ install.remote:
 	install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(BINDIR)
 	install ${SELINUXOPT} -m 755 $(SRCBINDIR)/podman$(BINSFX) \
 		$(DESTDIR)$(BINDIR)/podman$(BINSFX)
+	test "${GOOS}" != "windows" || \
+		install -m 755 $(SRCBINDIR)/win-sshproxy.exe $(DESTDIR)$(BINDIR)
 	test -z "${SELINUXOPT}" || \
 		chcon --verbose --reference=$(DESTDIR)$(BINDIR)/podman-remote \
 		bin/podman-remote
@@ -783,8 +802,9 @@ install.completions:
 install.docker:
 	install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(BINDIR)
 	install ${SELINUXOPT} -m 755 docker $(DESTDIR)$(BINDIR)/docker
-	install ${SELINUXOPT} -m 755 -d ${DESTDIR}${SYSTEMDDIR}  ${DESTDIR}${USERSYSTEMDDIR} ${DESTDIR}${TMPFILESDIR}
+	install ${SELINUXOPT} -m 755 -d ${DESTDIR}${SYSTEMDDIR}  ${DESTDIR}${USERSYSTEMDDIR} ${DESTDIR}${TMPFILESDIR} ${DESTDIR}${USERTMPFILESDIR}
 	install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-docker.conf -t ${DESTDIR}${TMPFILESDIR}
+	install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-docker.conf -t ${DESTDIR}${USERTMPFILESDIR}
 
 .PHONY: install.docker-docs
 install.docker-docs:
diff --git a/README.md b/README.md
index a6292a548..aed70ad4f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![PODMAN logo](logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # Podman: A tool for managing OCI containers and pods
 
@@ -6,7 +6,7 @@ Podman (the POD MANager) is a tool for managing containers and images, volumes m
 Podman runs containers on Linux, but can also be used on Mac and Windows systems using a Podman-managed virtual machine.
 Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes.
 
-* [Latest Version: 4.1.1](https://github.com/containers/podman/releases/tag/v4.1.1)
+* [Latest Version: 4.2.0](https://github.com/containers/podman/releases/tag/v4.2.0)
   * Latest Remote client for Windows
   * Latest Remote client for macOS
   * Latest Static Remote client for Linux
@@ -61,10 +61,14 @@ Some of these restrictions can be lifted (via `--privileged`, for example), but
 If you run Podman as your user and mount in `/etc/passwd` from the host, you still won't be able to change it, since your user doesn't have permission to do so.
 
 Almost all normal Podman functionality is available, though there are some [shortcomings](https://github.com/containers/podman/blob/main/rootless.md).
-Any recent Podman release should be able to run rootless without any additional configuration, though your operating system may require some additional configuration detailed in the [install guide](https://github.com/containers/podman/blob/main/install.md).
+Any recent Podman release should be able to run rootless without any additional configuration, though your operating system may require some additional configuration detailed in the [install guide](https://podman.io/getting-started/installation).
 
 A little configuration by an administrator is required before rootless Podman can be used, the necessary setup is documented [here](https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md).
 
+## Podman Desktop
+
+[Podman Desktop](https://podman-desktop.io/) is a new project under the container organization built to help the developers working with containers from their local environment with a desktop UI. Podman Desktop is still in its early days, but already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). The project develops on [Github](https://github.com/containers/podman-desktop) and contributors are welcome.
+
 ## Out of scope
 
 * Specialized signing and pushing of images to various storage backends.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 9e76bf028..8a9672507 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,5 +1,135 @@
 # Release Notes
 
+## 4.2.0
+### Features
+- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
+- A new command has been added, `podman pod clone`, to create a copy of an existing pod. It supports several options, including `--start` to start the new pod, `--destroy` to remove the original pod, and `--name` to change the name of the new pod ([#12843](https://github.com/containers/podman/issues/12843)).
+- A new command has been added, `podman volume reload`, to sync changes in state between Podman's database and any configured volume plugins ([#14207](https://github.com/containers/podman/issues/14207)).
+- A new command has been added, `podman machine info`, which displays information about the host and the versions of various machine components.
+- Pods created by `podman play kube` can now be managed by systemd unit files. This can be done via a new systemd service, `podman-kube@.service` - e.g. `systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service` will run the Kubernetes pod or deployment contained in `my.yaml` under systemd.
+- The `podman play kube` command now honors the `RunAsUser`, `RunAsGroup`, and `SupplementalGroups` setting from the Kubernetes pod's security context.
+- The `podman play kube` command now supports volumes with the `BlockDevice` and `CharDevice` types ([#13951](https://github.com/containers/podman/issues/13951)).
+- The `podman play kube` command now features a new flag, `--userns`, to set the user namespace of created pods. Two values are allowed at present: `host` and `auto` ([#7504](https://github.com/containers/podman/issues/7504)).
+- The `podman play kube` command now supports setting the type of created init containers via the `io.podman.annotations.init.container.type` annotation.
+- The `podman pod create` command now supports an exit policy (configurable via the `--exit-policy` option), which determines what will happen to the pod's infra container when the entire pod stops. The default, `continue`, acts as Podman currently does, while a new option, `stop`, stops the infra container after the last container in the pod stops.  The latter is used for pods created via `podman play kube` ([#13464](https://github.com/containers/podman/issues/13464)).
+- The `podman pod create` command now allows the pod's name to be specified as an argument, instead of using the `--name` option - for example, `podman pod create mypod` instead of the prior `podman pod create --name mypod`. Please note that the `--name` option is not deprecated and will continue to work.
+- The `podman pod create` command's `--share` option now supports adding namespaces to the set by prefacing them with `+` (as opposed to specifying all namespaces that should be shared) ([#13422](https://github.com/containers/podman/issues/13422)).
+- The `podman pod create` command has a new option, `--shm-size`, to specify the size of the `/dev/shm` mount that will be shared if the pod shares its UTS namespace ([#14609](https://github.com/containers/podman/issues/14609)).
+- The `podman pod create` command has a new option, `--uts`, to configure the UTS namespace that will be shared by containers in the pod.
+- The `podman pod create` command now supports setting pod-level resource limits via the `--cpus`, `--cpuset-cpus`, and `--memory` options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
+- The `podman create` and `podman run` commands now include the `-c` short option for the `--cpu-shares` option.
+- The `podman create` and `podman run` commands can now create containers from a manifest list (and not an image) as long as the `--platform` option is specified ([#14773](https://github.com/containers/podman/issues/14773)).
+- The `podman build` command now supports a new option, `--cpp-flag`, to specify options for the C preprocessor when using `Containerfile.in` files that require preprocessing.
+- The `podman build` command now supports a new option, `--build-context`, allowing the user to specify an additional build context.
+- The `podman machine inspect` command now prints the location of the VM's Podman API socket on the host ([#14231](https://github.com/containers/podman/issues/14231)).
+- The `podman machine init` command on Windows now fetches an image with packages pre-installed ([#14698](https://github.com/containers/podman/issues/14698)).
+- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change ([#14697](https://github.com/containers/podman/issues/14697)).
+- The default for the `--image-volume` option to `podman run` and `podman create` can now have its default set through the `image_volume_mode` setting in `containers.conf` ([#14230](https://github.com/containers/podman/issues/14230)).
+- Overlay volumes now support two new options, `workdir` and `upperdir`, to allow multiple overlay volumes from different containers to reuse the same `workdir` or `upperdir` ([#14427](https://github.com/containers/podman/issues/14427)).
+- The `podman volume create` command now supports two new options, `copy` and `nocopy`, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
+- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the `--opt o=timeout=` option to `podman volume create` ([BZ 2080458](https://bugzilla.redhat.com/show_bug.cgi?id=2080458)).
+- The `podman volume ls` command's `--filter name=` option now supports regular expression matching for volume names ([#14583](https://github.com/containers/podman/issues/14583)).
+- When used with a `podman machine` VM, volumes now support specification of the 9p security model using the `security_model` option to `podman create -v` and `podman run -v`.
+- The remote Podman client's `podman push` command now supports the `--remove-signatures` option ([#14558](https://github.com/containers/podman/issues/14558)).
+- The remote Podman client now supports the `podman image scp` command.
+- The `podman image scp` command now supports tagging the transferred image with a new name.
+- The `podman network ls` command supports a new filter, `--filter dangling=`, to list networks not presently used by any containers ([#14595](https://github.com/containers/podman/issues/14595)).
+- The `--condition` option to `podman wait` can now be specified multiple times to wait on any one of multiple conditions.
+- The `podman events` command now includes the `-f` short option for the `--filter` option.
+- The `podman pull` command now includes the `-a` short option for the `--all-tags` option.
+- The `podman stop` command now includes a new flag, `--filter`, to filter which containers will be stopped (e.g. `podman stop --all --filter label=COM.MY.APP`).
+- The Podman global option `--url` now has two aliases: `-H` and `--host`.
+- The `podman network create` command now supports a new option with the default `bridge` driver, `--opt isolate=`, which isolates the network by blocking any traffic from it to any other network with the `isolate` option enabled. This option is enabled by default for networks created using the Docker-compatible API.
+- Added the ability to create sigstore signatures in `podman push` and `podman manifest push`.
+- Added an option to read image signing passphrase from a file.
+
+### Changes
+- Paused containers can now be killed with the `podman kill` command.
+- The `podman system prune` command now removes unused networks.
+- The `--userns=keep-id` and `--userns=nomap` options to the `podman run` and `podman create` commands are no longer allowed (instead of simply being ignored) with root Podman.
+- If the `/run` directory for a container is part of a volume, Podman will not create the `/run/.containerenv` file ([#14577](https://github.com/containers/podman/issues/14577)).
+- The `podman machine stop` command on macOS now waits for the machine to be completely stopped to exit ([#14148](https://github.com/containers/podman/issues/14148)).
+- All `podman machine` commands now only support being run as rootless, given that VMs only functioned when run rootless.
+- The `podman unpause --all` command will now only attempt to unpause containers that are paused, not all containers.
+- Init containers created with `podman play kube` now default to the `once` type ([#14877](https://github.com/containers/podman/issues/14877)).
+- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested ([#15048](https://github.com/containers/podman/issues/15048)).
+- The `podman create`, `podman run`, and `podman cp` commands can now autocomplete paths in the image or container via the shell completion.
+- The `libpod/common` package has been removed as it's not used anywhere.
+- The `--userns` option to `podman create` and `podman run` is no longer accepted when an explicit UID or GID mapping is specified ([#15233](https://github.com/containers/podman/issues/15233)).
+
+### Bugfixes
+- Fixed a bug where bind-mounting `/dev` into a container which used the `--init` flag would cause the container to fail to start ([#14251](https://github.com/containers/podman/issues/14251)).
+- Fixed a bug where the `podman image mount` command would not pretty-print its output when multiple images were mounted.
+- Fixed a bug where the `podman volume import` command would print an unrelated error when attempting to import into a nonexistent volume ([#14411](https://github.com/containers/podman/issues/14411)).
+- Fixed a bug where the `podman system reset` command could race against other Podman commands ([#9075](https://github.com/containers/podman/issues/9075)).
+- Fixed a bug where privileged containers were not able to restart if the layout of host devices changed ([#13899](https://github.com/containers/podman/issues/13899)).
+- Fixed a bug where the `podman cp` command would overwrite directories with non-directories and vice versa.  A new `--overwrite` flag to `podman cp` allows for retaining the old behavior if needed ([#14420](https://github.com/containers/podman/issues/14420)).
+- Fixed a bug where the `podman machine ssh` command would not preserve the exit code from the command run via ssh ([#14401](https://github.com/containers/podman/issues/14401)).
+- Fixed a bug where VMs created by `podman machine` would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs ([#14303](https://github.com/containers/podman/issues/14303)).
+- Fixed a bug where the `podman machine init` command would fail when run from `C:\Windows\System32` on Windows systems ([#14416](https://github.com/containers/podman/issues/14416)).
+- Fixed a bug where the `podman machine init --now` did not respect proxy environment variables ([#14640](https://github.com/containers/podman/issues/14640)).
+- Fixed a bug where the `podman machine init` command would fail if there is no `$HOME/.ssh` dir ([#14572](https://github.com/containers/podman/issues/14572)).
+- Fixed a bug where the `podman machine init` command would add a connection even if creating the VM failed ([#15154](https://github.com/containers/podman/issues/15154)).
+- Fixed a bug where interrupting the `podman machine start` command could render the VM unable to start.
+- Fixed a bug where the `podman machine list --format` command would still print a heading.
+- Fixed a bug where the `podman machine list` command did not properly set the `Starting` field ([#14738](https://github.com/containers/podman/issues/14738)).
+- Fixed a bug where the `podman machine start` command could fail to start QEMU VMs when the machine name started with a number.
+- Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once ([#14636](https://github.com/containers/podman/issues/14636) and [#14837](https://github.com/containers/podman/issues/14837)).
+- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped ([BZ 2052697](https://bugzilla.redhat.com/show_bug.cgi?id=2052697)).
+- Fixed a bug where the `podman -h` command did not show help output.
+- Fixed a bug where the `podman wait` command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
+- Fixed a bug where healthchecks generated `exec` events, instead of `health_status` events ([#13493](https://github.com/containers/podman/issues/13493)).
+- Fixed a bug where the `podman pod ps` command could return an error when run at the same time as `podman pod rm` ([#14736](https://github.com/containers/podman/issues/14736)).
+- Fixed a bug where the `podman systemd df` command incorrectly calculated reclaimable storage for volumes ([#13516](https://github.com/containers/podman/issues/13516)).
+- Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
+- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
+- Fixed a bug where the remote Podman client's `podman manifest rm` command would remove images, not manifests ([#14763](https://github.com/containers/podman/issues/14763)).
+- Fixed a bug where Podman did not correctly parse wildcards for device major number in the `podman run` and `podman create` commands' `--device-cgroup-rule` option.
+- Fixed a bug where the `podman play kube` command on 32 bit systems where the total memory was calculated incorrectly ([#14819](https://github.com/containers/podman/issues/14819)).
+- Fixed a bug where the `podman generate kube` command could set ports and hostname incorrectly in generated YAML ([#13030](https://github.com/containers/podman/issues/13030)).
+- Fixed a bug where the `podman system df --format "{{ json . }}"` command would not output the `Size` and `Reclaimable` fields ([#14769](https://github.com/containers/podman/issues/14769)).
+- Fixed a bug where the remote Podman client's `podman pull` command would display duplicate progress output.
+- Fixed a bug where the `podman system service` command could leak memory when a client unexpectedly closed a connection when reading events or logs ([#14879](https://github.com/containers/podman/issues/14879)).
+- Fixed a bug where Podman containers could fail to run if the image did not contain an `/etc/passwd` file ([#14966](https://github.com/containers/podman/issues/14966)).
+- Fixed a bug where the remote Podman client's `podman push` command did not display progress information ([#14971](https://github.com/containers/podman/issues/14971)).
+- Fixed a bug where a lock ordering issue could cause `podman pod rm` to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once ([#14929](https://github.com/containers/podman/issues/14929)).
+- Fixed a bug where the `podman rm --force` command would exit with a non-0 code if the container in question did not exist ([#14612](https://github.com/containers/podman/issues/14612)).
+- Fixed a bug where the `podman container restore` command would fail when attempting to restore a checkpoint for a container with the same name as an image ([#15055](https://github.com/containers/podman/issues/15055)).
+- Fixed a bug where the `podman manifest push --rm` command could remove image, instead of manifest lists ([#15033](https://github.com/containers/podman/issues/15033)).
+- Fixed a bug where the `podman run --rm` command could fail to remove the container if it failed to start ([#15049](https://github.com/containers/podman/issues/15049)).
+- Fixed a bug where the `podman generate systemd --new` command would create incorrect unit files when the container was created with the `--sdnotify` parameter ([#15052](https://github.com/containers/podman/issues/15052)).
+- Fixed a bug where the `podman generate systemd --new` command would fail when `-h <hostname>` was used to create the container ([#15124](https://github.com/containers/podman/pull/15124)).
+
+### API
+- The Docker-compatible API now supports API version v1.41 ([#14204](https://github.com/containers/podman/issues/14204)).
+- Fixed a bug where containers created via the Libpod API had an incorrect umask set ([#15036](https://github.com/containers/podman/issues/15036)).
+- Fixed a bug where the `remote` parameter to the Libpod API's Build endpoint for Images was nonfunctional ([#13831](https://github.com/containers/podman/issues/13831)).
+- Fixed a bug where the Libpod List endpoint for Containers did not return the `application/json` content type header when there were no containers present ([#14647](https://github.com/containers/podman/issues/14647)).
+- Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits ([#14676](https://github.com/containers/podman/issues/14676)).
+- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
+- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks ([#14493](https://github.com/containers/podman/issues/14493)).
+- Fixed a bug where the Compat Create endpoint for Networks did not support the `mtu`, `name`, `mode`, and `parent` options ([#14482](https://github.com/containers/podman/issues/14482)).
+- Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name `bridge` ([#14983](https://github.com/containers/podman/issues/14983)).
+- Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the `SecondaryIPAddresses` and `SecondaryIPv6Addresses` fields ([#14674](https://github.com/containers/podman/issues/14674)).
+- The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, `stream` and `delay` ([#14674](https://github.com/containers/podman/issues/14674)).
+
+### Misc
+- Podman will now check for nameservers in `/run/NetworkManager/no-stub-resolv.conf` if the `/etc/resolv.conf` file only contains a localhost server.
+- The `podman build` command now supports caching with builds that specify `--squash-all` by allowing the `--layers` flag to be used at the same time.
+- Podman Machine support for QEMU installations at non-default paths has been improved.
+- The `podman machine ssh` command no longer prints spurious warnings every time it is run.
+- When accessing the WSL prompt on Windows, the rootless user will be preferred.
+- The `podman info` command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
+- The `podman system prune` command now no longer prints the `Deleted Images` header if no images were pruned.
+- The `podman system service` command now automatically creates and moves to a sub-cgroup when running in the root cgroup ([#14573](https://github.com/containers/podman/issues/14573)).
+- Updated Buildah to v1.27.0
+- Updated the containers/image library to v5.22.0
+- Updated the containers/storage library to v1.42.0
+- Updated the containers/common library to v0.49.1
+- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container ([#14884](https://github.com/containers/podman/issues/14884)).
+- Fixed an incorrect release note about regexp.
+- A new MacOS installer (via pkginstaller) is now supported.
+
 ## 4.1.1
 ### Features
 - Podman machine events are now supported on Windows.
@@ -204,7 +334,7 @@
 - The `podman run` and `podman create` commands now support a new option, `--hostuser`, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).
 - The `podman create` and `podman run` commands now support two new options, `--unsetenv` and `--unsetenv-all`, to clear default environment variables set by Podman and by the container image ([#11836](https://github.com/containers/podman/issues/11836)).
 - The `podman rm` command now supports a new option, `--depend`, which recursively removes a given container and all containers that depend on it ([#10360](https://github.com/containers/podman/issues/10360)).
-- All commands that support filtering their output based on labels (e.g. `podman volume ls`, `podman ps`) now support labels specified using regular expressions (e.g. `--filter label=some.prefix.com/key/*`).
+- All commands that support filtering their output based on labels (e.g. `podman volume ls`, `podman ps`) now support labels specified using glob matching (e.g. `--filter label=some.prefix.com/key/*`).
 - The `podman pod create` command now supports the `--volume` option, allowing volumes to be specified that will be mounted automatically to all containers in the pod ([#10379](https://github.com/containers/podman/issues/10379)).
 - The `podman pod create` command now supports the `--device` option, allowing devices to be specified that will be mounted automatically to all containers in the pod.
 - The `podman pod create` command now supports the `--volumes-from` option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.
diff --git a/RELEASE_PROCESS.md b/RELEASE_PROCESS.md
index 66cc74693..17590be97 100644
--- a/RELEASE_PROCESS.md
+++ b/RELEASE_PROCESS.md
@@ -244,18 +244,17 @@ spelled with complete minutiae.
       $ make podman-remote-release-darwin_amd64.zip \
           podman-remote-release-darwin_arm64.zip \
           podman-remote-release-windows_amd64.zip \
-          podman.msi \
           podman-remote-static
       $ mv podman-* bin/
       $ cd bin/
       $ tar -cvzf podman-remote-static.tar.gz podman-remote-static
-      $ sha256sum *.zip *.msi *.tar.gz > shasums
+      $ sha256sum *.zip *.tar.gz > shasums
       ```
 
    1. The `podman-vX.Y.Z.dmg` file is produced manually by someone in
       possession of a developer signing key.
    1. In the directory where you downloaded the archives, run
-      `sha256sum *.tar.gz *.zip *.msi > shasums` to generate SHA sums.
+      `sha256sum *.tar.gz *.zip > shasums` to generate SHA sums.
    1. Go to `https://github.com/containers/podman/releases/tag/vX.Y.Z` and
       press the "Edit Release" button.  Change the name to the form `vX.Y.Z`
    1. If this is a release candidate be certain to click the pre-release
@@ -273,4 +272,34 @@ spelled with complete minutiae.
       * podman-vX.Y.Z.msi
       * podman-remote-static.tar.gz
       * shasums
-   1. Save the release.
+   1. Click the Publish button to make the release (or pre-release)
+      available.
+   1. Check the "Actions" tab, after the publish you should see a job
+      automatically launch to build the windows installer (named after
+      the release). There may be more than one running due to the multiple
+      event states triggered, but this can be ignored, as any duplicates
+      will gracefully back-off. The job takes 5-6 minutes to complete.
+   1. Confirm the podman-[version]-setup.exe file is now on the release
+      page. This might not be the case if you accidentally published the
+      release before uploading the binaries, as the job may look before
+      they are available. If that happens, you can either manually kick
+      off the job (see below), or just make a harmless edit to the
+      release (e.g. add an extra whitespace character somewhere). As
+      long as the body content is different in some way, a new run will
+      be triggered.
+
+      ## Manually Triggering Windows Installer Build & Upload
+
+
+      ### *CLI Approach*
+      1. Install the GitHub CLI (e.g. `sudo dnf install gh`)
+      1. Run (replacing below version number to release version)
+         ```
+         gh workflow run "Upload Windows Installer" -F version="4.2.0"
+         ```
+      ### *GUI Approach*
+      1. Go to the "Actions" tab
+      1. On the left pick the "Update Windows Installer" category
+      1. A blue box will appear above the job list with a right side drop
+         -down. Click the drop-down and specify the version number in the
+         dialog that appears
diff --git a/cmd/podman-msihooks/main.go b/cmd/podman-msihooks/main.go
new file mode 100644
index 000000000..903c91abb
--- /dev/null
+++ b/cmd/podman-msihooks/main.go
@@ -0,0 +1,46 @@
+//go:build windows
+// +build windows
+
+package main
+
+import (
+	"C"
+	"syscall"
+	"unsafe"
+
+	"github.com/containers/podman/v4/pkg/machine/wsl"
+)
+
+const KernelWarning = "WSL Kernel installation did not complete successfully. " +
+	"Podman machine will attempt to install this at a later time. " +
+	"You can also manually complete the installation using the " +
+	"\"wsl --update\" command."
+
+//export CheckWSL
+func CheckWSL(hInstall uint32) uint32 {
+	installed := wsl.IsWSLInstalled()
+	feature := wsl.IsWSLFeatureEnabled()
+	setMsiProperty(hInstall, "HAS_WSL", strBool(installed))
+	setMsiProperty(hInstall, "HAS_WSLFEATURE", strBool(feature))
+
+	return 0
+}
+
+func setMsiProperty(hInstall uint32, name string, value string) {
+	nameW, _ := syscall.UTF16PtrFromString(name)
+	valueW, _ := syscall.UTF16PtrFromString(value)
+
+	msi := syscall.NewLazyDLL("msi")
+	proc := msi.NewProc("MsiSetPropertyW")
+	_, _, _ = proc.Call(uintptr(hInstall), uintptr(unsafe.Pointer(nameW)), uintptr(unsafe.Pointer(valueW)))
+
+}
+func strBool(val bool) string {
+	if val {
+		return "1"
+	}
+
+	return "0"
+}
+
+func main() {}
diff --git a/cmd/podman-wslkerninst/event-hook.go b/cmd/podman-wslkerninst/event-hook.go
new file mode 100644
index 000000000..a5c23e4cf
--- /dev/null
+++ b/cmd/podman-wslkerninst/event-hook.go
@@ -0,0 +1,73 @@
+//go:build windows
+// +build windows
+
+package main
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows/svc/eventlog"
+)
+
+// Logrus hook that delegates to windows event log
+type EventLogHook struct {
+	events *eventlog.Log
+}
+
+type LogFormat struct {
+	name string
+}
+
+func (f *LogFormat) Format(entry *logrus.Entry) ([]byte, error) {
+	var b *bytes.Buffer
+
+	if entry.Buffer != nil {
+		b = entry.Buffer
+	} else {
+		b = &bytes.Buffer{}
+	}
+
+	fmt.Fprintf(b, "[%-5s] %s: %s", entry.Level.String(), f.name, entry.Message)
+
+	for key, value := range entry.Data {
+		fmt.Fprintf(b, " {%s = %s}", key, value)
+	}
+
+	b.WriteByte('\n')
+	return b.Bytes(), nil
+}
+
+func NewEventHook(events *eventlog.Log, name string) *EventLogHook {
+	logrus.SetFormatter(&LogFormat{name})
+	return &EventLogHook{events}
+}
+
+func (hook *EventLogHook) Fire(entry *logrus.Entry) error {
+	line, err := entry.String()
+	if err != nil {
+		return err
+	}
+
+	switch entry.Level {
+	case logrus.PanicLevel:
+		return hook.events.Error(1002, line)
+	case logrus.FatalLevel:
+		return hook.events.Error(1001, line)
+	case logrus.ErrorLevel:
+		return hook.events.Error(1000, line)
+	case logrus.WarnLevel:
+		return hook.events.Warning(1000, line)
+	case logrus.InfoLevel:
+		return hook.events.Info(1000, line)
+	case logrus.DebugLevel, logrus.TraceLevel:
+		return hook.events.Info(1001, line)
+	default:
+		return nil
+	}
+}
+
+func (hook *EventLogHook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
diff --git a/cmd/podman-wslkerninst/main.go b/cmd/podman-wslkerninst/main.go
new file mode 100644
index 000000000..0485db13c
--- /dev/null
+++ b/cmd/podman-wslkerninst/main.go
@@ -0,0 +1,103 @@
+//go:build windows
+// +build windows
+
+package main
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"github.com/containers/podman/v4/pkg/machine/wsl"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows/svc/eventlog"
+)
+
+const (
+	MB_ICONWARNING = 0x00000030
+	MB_OK          = 0x00000000
+	MB_DEFBUTTON1  = 0x00000000
+)
+
+const KernelWarning = "WSL Kernel installation did not complete successfully. " +
+	"Podman machine will attempt to install this at a later time. " +
+	"You can also manually complete the installation using the " +
+	"\"wsl --update\" command."
+
+func setupLogging(name string) (*eventlog.Log, error) {
+	// Reuse the Built-in .NET Runtime Source so that we do not
+	// have to provide a messaage table and modify the system
+	// event configuration
+	log, err := eventlog.Open(".NET Runtime")
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.AddHook(NewEventHook(log, name))
+	logrus.SetLevel(logrus.InfoLevel)
+
+	return log, nil
+}
+
+func installWslKernel() error {
+	logrus.Info("Installing WSL Kernel update")
+	var (
+		err error
+	)
+	backoff := 500 * time.Millisecond
+	for i := 1; i < 6; i++ {
+		err = wsl.SilentExec("wsl", "--update")
+		if err == nil {
+			break
+		}
+
+		// In case of unusual circumstances (e.g. race with installer actions)
+		// retry a few times
+		logrus.Warn("An error occurred attempting the WSL Kernel update, retrying...")
+		time.Sleep(backoff)
+		backoff *= 2
+	}
+
+	if err != nil {
+		err = fmt.Errorf("could not install WSL Kernel: %w", err)
+	}
+
+	return err
+}
+
+// Creates an "warn" style pop-up window
+func warn(title string, caption string) int {
+	format := MB_ICONWARNING | MB_OK | MB_DEFBUTTON1
+
+	user32 := syscall.NewLazyDLL("user32.dll")
+	captionPtr, _ := syscall.UTF16PtrFromString(caption)
+	titlePtr, _ := syscall.UTF16PtrFromString(title)
+	ret, _, _ := user32.NewProc("MessageBoxW").Call(
+		uintptr(0),
+		uintptr(unsafe.Pointer(captionPtr)),
+		uintptr(unsafe.Pointer(titlePtr)),
+		uintptr(format))
+
+	return int(ret)
+}
+
+func main() {
+	args := os.Args
+	setupLogging(path.Base(args[0]))
+	if wsl.IsWSLInstalled() {
+		// nothing to do
+		logrus.Info("WSL Kernel already installed")
+		return
+	}
+
+	result := installWslKernel()
+	if result != nil {
+		logrus.Error(result.Error())
+		_ = warn("Podman Setup", KernelWarning)
+	}
+
+	logrus.Info("WSL Kernel update successful")
+}
diff --git a/cmd/podman/auto-update.go b/cmd/podman/auto-update.go
index 88ef0ec88..6a0446422 100644
--- a/cmd/podman/auto-update.go
+++ b/cmd/podman/auto-update.go
@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"strings"
 
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
@@ -104,15 +103,15 @@ func reportsToOutput(allReports []*entities.AutoUpdateReport) []autoUpdateOutput
 }
 
 func writeTemplate(allReports []*entities.AutoUpdateReport, inputFormat string) error {
-	var format string
-	var printHeader bool
+	rpt := report.New(os.Stdout, "auto-update")
+	defer rpt.Flush()
 
 	output := reportsToOutput(allReports)
+	var err error
 	switch inputFormat {
 	case "":
-		rows := []string{"{{.Unit}}", "{{.Container}}", "{{.Image}}", "{{.Policy}}", "{{.Updated}}"}
-		format = "{{range . }}" + strings.Join(rows, "\t") + "\n{{end -}}"
-		printHeader = true
+		format := "{{range . }}\t{{.Unit}}\t{{.Container}}\t{{.Image}}\t{{.Policy}}\t{{.Updated}}\n{{end -}}"
+		rpt, err = rpt.Parse(report.OriginPodman, format)
 	case "json":
 		prettyJSON, err := json.MarshalIndent(output, "", "    ")
 		if err != nil {
@@ -121,26 +120,17 @@ func writeTemplate(allReports []*entities.AutoUpdateReport, inputFormat string)
 		fmt.Println(string(prettyJSON))
 		return nil
 	default:
-		format = "{{range . }}" + inputFormat + "\n{{end -}}"
+		rpt, err = rpt.Parse(report.OriginUser, inputFormat)
 	}
-
-	tmpl, err := report.NewTemplate("auto-update").Parse(format)
-	if err != nil {
-		return err
-	}
-
-	w, err := report.NewWriterDefault(os.Stdout)
 	if err != nil {
 		return err
 	}
-	defer w.Flush()
 
-	if printHeader {
+	if rpt.RenderHeaders {
 		headers := report.Headers(autoUpdateOutput{}, nil)
-		if err := tmpl.Execute(w, headers); err != nil {
+		if err := rpt.Execute(headers); err != nil {
 			return err
 		}
 	}
-
-	return tmpl.Execute(w, output)
+	return rpt.Execute(output)
 }
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go
index 02369c74a..60d056aaa 100644
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@@ -13,6 +13,7 @@ import (
 	libimageDefine "github.com/containers/common/libimage/define"
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/libpod/define"
@@ -543,6 +544,10 @@ func AutocompleteForKube(cmd *cobra.Command, args []string, toComplete string) (
 	return objs, cobra.ShellCompDirectiveNoFileComp
 }
 
+func AutocompleteForGenerate(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return AutocompleteForKube(cmd, args, toComplete)
+}
+
 // AutocompleteContainersAndPods - Autocomplete container names and pod names.
 func AutocompleteContainersAndPods(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	if !validCurrentCmdLine(cmd, args, toComplete) {
@@ -1628,3 +1633,16 @@ func AutocompleteClone(cmd *cobra.Command, args []string, toComplete string) ([]
 	}
 	return nil, cobra.ShellCompDirectiveNoFileComp
 }
+
+// AutocompleteSSH - Autocomplete ssh modes
+func AutocompleteSSH(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	if !validCurrentCmdLine(cmd, args, toComplete) {
+		return nil, cobra.ShellCompDirectiveNoFileComp
+	}
+	return []string{string(ssh.GolangMode), string(ssh.NativeMode)}, cobra.ShellCompDirectiveNoFileComp
+}
+
+// AutocompleteHealthOnFailure - action to take once the container turns unhealthy.
+func AutocompleteHealthOnFailure(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return define.SupportedHealthCheckOnFailureActions, cobra.ShellCompDirectiveNoFileComp
+}
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 00873b95b..8fff03773 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -28,10 +28,10 @@ func ContainerToPodOptions(containerCreate *entities.ContainerCreateOptions, pod
 }
 
 // DefineCreateFlags declares and instantiates the container create flags
-func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, isInfra bool, clone bool) {
+func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, mode entities.ContainerMode) {
 	createFlags := cmd.Flags()
 
-	if !isInfra && !clone { // regular create flags
+	if mode == entities.CreateMode { // regular create flags
 		annotationFlagName := "annotation"
 		createFlags.StringSliceVar(
 			&cf.Annotation,
@@ -103,27 +103,19 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(deviceCgroupRuleFlagName, completion.AutocompleteNone)
 
-		deviceReadIopsFlagName := "device-read-iops"
-		createFlags.StringSliceVar(
-			&cf.DeviceReadIOPs,
-			deviceReadIopsFlagName, []string{},
-			"Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)",
-		)
-		_ = cmd.RegisterFlagCompletionFunc(deviceReadIopsFlagName, completion.AutocompleteDefault)
-
-		deviceWriteIopsFlagName := "device-write-iops"
-		createFlags.StringSliceVar(
-			&cf.DeviceWriteIOPs,
-			deviceWriteIopsFlagName, []string{},
-			"Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)",
-		)
-		_ = cmd.RegisterFlagCompletionFunc(deviceWriteIopsFlagName, completion.AutocompleteDefault)
-
 		createFlags.Bool(
 			"disable-content-trust", false,
 			"This is a Docker specific option and is a NOOP",
 		)
 
+		envMergeFlagName := "env-merge"
+		createFlags.StringArrayVar(
+			&cf.EnvMerge,
+			envMergeFlagName, []string{},
+			"Preprocess environment variables from image before injecting them into the container",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(envMergeFlagName, completion.AutocompleteNone)
+
 		envFlagName := "env"
 		createFlags.StringArrayP(
 			envFlagName, "e", Env(),
@@ -216,6 +208,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(healthTimeoutFlagName, completion.AutocompleteNone)
 
+		healthOnFailureFlagName := "health-on-failure"
+		createFlags.StringVar(
+			&cf.HealthOnFailure,
+			healthOnFailureFlagName, "none",
+			"action to take once the container turns unhealthy",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(healthOnFailureFlagName, AutocompleteHealthOnFailure)
+
 		createFlags.BoolVar(
 			&cf.HTTPProxy,
 			"http-proxy", containerConfig.Containers.HTTPProxy,
@@ -589,7 +589,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 			`If a container with the same name exists, replace it`,
 		)
 	}
-	if isInfra || (!clone && !isInfra) { // infra container flags, create should also pick these up
+	if mode == entities.InfraMode || (mode == entities.CreateMode) { // infra container flags, create should also pick these up
 		shmSizeFlagName := "shm-size"
 		createFlags.String(
 			shmSizeFlagName, shmSize(),
@@ -669,7 +669,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(cgroupParentFlagName, completion.AutocompleteDefault)
 		var conmonPidfileFlagName string
-		if !isInfra {
+		if mode == entities.CreateMode {
 			conmonPidfileFlagName = "conmon-pidfile"
 		} else {
 			conmonPidfileFlagName = "infra-conmon-pidfile"
@@ -682,7 +682,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		_ = cmd.RegisterFlagCompletionFunc(conmonPidfileFlagName, completion.AutocompleteDefault)
 
 		var entrypointFlagName string
-		if !isInfra {
+		if mode == entities.CreateMode {
 			entrypointFlagName = "entrypoint"
 		} else {
 			entrypointFlagName = "infra-command"
@@ -717,7 +717,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(labelFileFlagName, completion.AutocompleteDefault)
 
-		if isInfra {
+		if mode == entities.InfraMode {
 			nameFlagName := "infra-name"
 			createFlags.StringVar(
 				&cf.Name,
@@ -767,7 +767,8 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(volumesFromFlagName, AutocompleteContainers)
 	}
-	if clone || !isInfra { // clone and create only flags, we need this level of separation so clone does not pick up all of the flags
+
+	if mode == entities.CloneMode || mode == entities.CreateMode {
 		nameFlagName := "name"
 		createFlags.StringVar(
 			&cf.Name,
@@ -783,7 +784,8 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 			"Run container in an existing pod",
 		)
 		_ = cmd.RegisterFlagCompletionFunc(podFlagName, AutocompletePods)
-
+	}
+	if mode != entities.InfraMode { // clone create and update only flags, we need this level of separation so clone does not pick up all of the flags
 		cpuPeriodFlagName := "cpu-period"
 		createFlags.Uint64Var(
 			&cf.CPUPeriod,
@@ -832,8 +834,24 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(memorySwappinessFlagName, completion.AutocompleteNone)
 	}
-	// anyone can use these
+	if mode == entities.CreateMode || mode == entities.UpdateMode {
+		deviceReadIopsFlagName := "device-read-iops"
+		createFlags.StringSliceVar(
+			&cf.DeviceReadIOPs,
+			deviceReadIopsFlagName, []string{},
+			"Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(deviceReadIopsFlagName, completion.AutocompleteDefault)
 
+		deviceWriteIopsFlagName := "device-write-iops"
+		createFlags.StringSliceVar(
+			&cf.DeviceWriteIOPs,
+			deviceWriteIopsFlagName, []string{},
+			"Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(deviceWriteIopsFlagName, completion.AutocompleteDefault)
+	}
+	// anyone can use these
 	cpusFlagName := "cpus"
 	createFlags.Float64Var(
 		&cf.CPUS,
diff --git a/cmd/podman/common/inspect.go b/cmd/podman/common/inspect.go
index 12a5af5a9..f82161d31 100644
--- a/cmd/podman/common/inspect.go
+++ b/cmd/podman/common/inspect.go
@@ -11,6 +11,10 @@ const (
 	NetworkType = "network"
 	// PodType is the pod type.
 	PodType = "pod"
+	// PodLegacyType is the pod type for backwards compatibility with the old pod inspect code.
+	// This allows us to use the shared inspect code but still provide the correct output format
+	// when podman pod inspect was called.
+	PodLegacyType = "pod-legacy"
 	// VolumeType is the volume type
 	VolumeType = "volume"
 )
diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go
index e7aa265d1..90f05ab15 100644
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@@ -39,6 +39,11 @@ func DefineNetFlags(cmd *cobra.Command) {
 		"Set custom DNS options",
 	)
 	_ = cmd.RegisterFlagCompletionFunc(dnsOptFlagName, completion.AutocompleteNone)
+	netFlags.StringSlice(
+		"dns-option", containerConfig.DNSOptions(),
+		"Docker compatibility option== --dns-opt",
+	)
+	_ = netFlags.MarkHidden("dns-option")
 
 	dnsSearchFlagName := "dns-search"
 	netFlags.StringSlice(
@@ -146,6 +151,14 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti
 		opts.DNSOptions = options
 	}
 
+	if flags.Changed("dns-option") {
+		options, err := flags.GetStringSlice("dns-option")
+		if err != nil {
+			return nil, err
+		}
+		opts.DNSOptions = append(opts.DNSOptions, options...)
+	}
+
 	if flags.Changed("dns-search") {
 		dnsSearches, err := flags.GetStringSlice("dns-search")
 		if err != nil {
diff --git a/cmd/podman/common/sign.go b/cmd/podman/common/sign.go
new file mode 100644
index 000000000..dc0d3ff5d
--- /dev/null
+++ b/cmd/podman/common/sign.go
@@ -0,0 +1,36 @@
+package common
+
+import (
+	"fmt"
+
+	"github.com/containers/common/pkg/ssh"
+	"github.com/containers/image/v5/pkg/cli"
+	"github.com/containers/podman/v4/pkg/domain/entities"
+)
+
+// PrepareSigningPassphrase updates pushOpts.SignPassphrase and SignSigstorePrivateKeyPassphrase based on a --sign-passphrase-file value signPassphraseFile,
+// and validates pushOpts.Sign* consistency.
+// It may interactively prompt for a passphrase if one is required and wasn’t provided otherwise.
+func PrepareSigningPassphrase(pushOpts *entities.ImagePushOptions, signPassphraseFile string) error {
+	// c/common/libimage.Image does allow creating both simple signing and sigstore signatures simultaneously,
+	// with independent passphrases, but that would make the CLI probably too confusing.
+	// For now, use the passphrase with either, but only one of them.
+	if signPassphraseFile != "" && pushOpts.SignBy != "" && pushOpts.SignBySigstorePrivateKeyFile != "" {
+		return fmt.Errorf("only one of --sign-by and sign-by-sigstore-private-key can be used with --sign-passphrase-file")
+	}
+
+	var passphrase string
+	if signPassphraseFile != "" {
+		p, err := cli.ReadPassphraseFile(signPassphraseFile)
+		if err != nil {
+			return err
+		}
+		passphrase = p
+	} else if pushOpts.SignBySigstorePrivateKeyFile != "" {
+		p := ssh.ReadPassphrase()
+		passphrase = string(p)
+	} // pushOpts.SignBy triggers a GPG-agent passphrase prompt, possibly using a more secure channel, so we usually shouldn’t prompt ourselves if no passphrase was explicitly provided.
+	pushOpts.SignPassphrase = passphrase
+	pushOpts.SignSigstorePrivateKeyPassphrase = []byte(passphrase)
+	return nil
+}
diff --git a/cmd/podman/containers/checkpoint.go b/cmd/podman/containers/checkpoint.go
index 0eb0db394..4350e5586 100644
--- a/cmd/podman/containers/checkpoint.go
+++ b/cmd/podman/containers/checkpoint.go
@@ -130,14 +130,15 @@ func checkpoint(cmd *cobra.Command, args []string) error {
 	var statistics checkpointStatistics
 
 	for _, r := range responses {
-		if r.Err == nil {
-			if checkpointOptions.PrintStats {
-				statistics.ContainerStatistics = append(statistics.ContainerStatistics, r)
-			} else {
-				fmt.Println(r.Id)
-			}
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case checkpointOptions.PrintStats:
+			statistics.ContainerStatistics = append(statistics.ContainerStatistics, r)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 
diff --git a/cmd/podman/containers/cleanup.go b/cmd/podman/containers/cleanup.go
index c9a5cb28b..6abc5df19 100644
--- a/cmd/podman/containers/cleanup.go
+++ b/cmd/podman/containers/cleanup.go
@@ -84,21 +84,20 @@ func cleanup(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	for _, r := range responses {
-		if r.CleanErr == nil && r.RmErr == nil && r.RmiErr == nil {
-			fmt.Println(r.Id)
-			continue
-		}
-		if r.RmErr != nil {
+		switch {
+		case r.RmErr != nil:
 			logrus.Errorf("Removing container: %v", r.RmErr)
 			errs = append(errs, r.RmErr)
-		}
-		if r.RmiErr != nil {
+		case r.RmiErr != nil:
 			logrus.Errorf("Removing image: %v", r.RmiErr)
 			errs = append(errs, r.RmiErr)
-		}
-		if r.CleanErr != nil {
+		case r.CleanErr != nil:
 			logrus.Errorf("Cleaning up container: %v", r.CleanErr)
 			errs = append(errs, r.CleanErr)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 	return errs.PrintErrors()
diff --git a/cmd/podman/containers/clone.go b/cmd/podman/containers/clone.go
index 9881a791c..62bc90a2c 100644
--- a/cmd/podman/containers/clone.go
+++ b/cmd/podman/containers/clone.go
@@ -41,7 +41,7 @@ func cloneFlags(cmd *cobra.Command) {
 	flags.BoolVarP(&ctrClone.Force, forceFlagName, "f", false, "force the existing container to be destroyed")
 
 	common.DefineCreateDefaults(&ctrClone.CreateOpts)
-	common.DefineCreateFlags(cmd, &ctrClone.CreateOpts, false, true)
+	common.DefineCreateFlags(cmd, &ctrClone.CreateOpts, entities.CloneMode)
 }
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
diff --git a/cmd/podman/containers/cp.go b/cmd/podman/containers/cp.go
index c38cba66e..93477feb8 100644
--- a/cmd/podman/containers/cp.go
+++ b/cmd/podman/containers/cp.go
@@ -172,7 +172,7 @@ func copyContainerToContainer(sourceContainer string, sourcePath string, destCon
 			return err
 		}
 		if err := copyFunc(); err != nil {
-			return fmt.Errorf("error copying from container: %w", err)
+			return fmt.Errorf("copying from container: %w", err)
 		}
 		return nil
 	}
@@ -192,7 +192,7 @@ func copyContainerToContainer(sourceContainer string, sourcePath string, destCon
 			return err
 		}
 		if err := copyFunc(); err != nil {
-			return fmt.Errorf("error copying to container: %w", err)
+			return fmt.Errorf("copying to container: %w", err)
 		}
 		return nil
 	}
@@ -315,7 +315,7 @@ func copyFromContainer(container string, containerPath string, hostPath string)
 			dir = filepath.Dir(dir)
 		}
 		if err := buildahCopiah.Put(dir, "", putOptions, reader); err != nil {
-			return fmt.Errorf("error copying to host: %w", err)
+			return fmt.Errorf("copying to host: %w", err)
 		}
 		return nil
 	}
@@ -327,7 +327,7 @@ func copyFromContainer(container string, containerPath string, hostPath string)
 			return err
 		}
 		if err := copyFunc(); err != nil {
-			return fmt.Errorf("error copying from container: %w", err)
+			return fmt.Errorf("copying from container: %w", err)
 		}
 		return nil
 	}
@@ -424,7 +424,7 @@ func copyToContainer(container string, containerPath string, hostPath string) er
 			getOptions.Rename = map[string]string{filepath.Base(hostTarget): containerBaseName}
 		}
 		if err := buildahCopiah.Get("/", "", getOptions, []string{hostTarget}, writer); err != nil {
-			return fmt.Errorf("error copying from host: %w", err)
+			return fmt.Errorf("copying from host: %w", err)
 		}
 		return nil
 	}
@@ -441,7 +441,7 @@ func copyToContainer(container string, containerPath string, hostPath string) er
 			return err
 		}
 		if err := copyFunc(); err != nil {
-			return fmt.Errorf("error copying to container: %w", err)
+			return fmt.Errorf("copying to container: %w", err)
 		}
 		return nil
 	}
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 7d0f4d9ae..b854ff4b2 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -72,7 +72,7 @@ func createFlags(cmd *cobra.Command) {
 
 	flags.SetInterspersed(false)
 	common.DefineCreateDefaults(&cliVals)
-	common.DefineCreateFlags(cmd, &cliVals, false, false)
+	common.DefineCreateFlags(cmd, &cliVals, entities.CreateMode)
 	common.DefineNetFlags(cmd)
 
 	flags.SetNormalizeFunc(utils.AliasFlags)
@@ -192,16 +192,14 @@ func replaceContainer(name string) error {
 }
 
 func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra bool) (entities.ContainerCreateOptions, error) {
-	vals.UserNS = c.Flag("userns").Value.String()
-	// if user did not modify --userns flag and did turn on
-	// uid/gid mappings, set userns flag to "private"
-	if !c.Flag("userns").Changed && vals.UserNS == "host" {
-		if len(vals.UIDMap) > 0 ||
-			len(vals.GIDMap) > 0 ||
-			vals.SubUIDName != "" ||
-			vals.SubGIDName != "" {
-			vals.UserNS = "private"
+	if len(vals.UIDMap) > 0 || len(vals.GIDMap) > 0 || vals.SubUIDName != "" || vals.SubGIDName != "" {
+		if c.Flag("userns").Changed {
+			return vals, errors.New("--userns and --uidmap/--gidmap/--subuidname/--subgidname are mutually exclusive")
 		}
+		// force userns flag to "private"
+		vals.UserNS = "private"
+	} else {
+		vals.UserNS = c.Flag("userns").Value.String()
 	}
 	if c.Flag("kernel-memory") != nil && c.Flag("kernel-memory").Changed {
 		logrus.Warnf("The --kernel-memory flag is no longer supported. This flag is a noop.")
diff --git a/cmd/podman/containers/exec.go b/cmd/podman/containers/exec.go
index 303795489..cbd090852 100644
--- a/cmd/podman/containers/exec.go
+++ b/cmd/podman/containers/exec.go
@@ -126,7 +126,7 @@ func exec(_ *cobra.Command, args []string) error {
 
 	cliEnv, err := envLib.ParseSlice(envInput)
 	if err != nil {
-		return fmt.Errorf("error parsing environment variables: %w", err)
+		return fmt.Errorf("parsing environment variables: %w", err)
 	}
 
 	execOpts.Envs = envLib.Join(execOpts.Envs, cliEnv)
diff --git a/cmd/podman/containers/init.go b/cmd/podman/containers/init.go
index 649cdf1c9..8f53dca45 100644
--- a/cmd/podman/containers/init.go
+++ b/cmd/podman/containers/init.go
@@ -74,10 +74,13 @@ func initContainer(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	for _, r := range report {
-		if r.Err == nil {
-			fmt.Println(r.Id)
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 	return errs.PrintErrors()
diff --git a/cmd/podman/containers/kill.go b/cmd/podman/containers/kill.go
index 5a5379389..86a7e3ff2 100644
--- a/cmd/podman/containers/kill.go
+++ b/cmd/podman/containers/kill.go
@@ -49,7 +49,8 @@ var (
 )
 
 var (
-	killOptions = entities.KillOptions{}
+	killOptions  = entities.KillOptions{}
+	killCidFiles = []string{}
 )
 
 func killFlags(cmd *cobra.Command) {
@@ -61,7 +62,7 @@ func killFlags(cmd *cobra.Command) {
 	flags.StringVarP(&killOptions.Signal, signalFlagName, "s", "KILL", "Signal to send to the container")
 	_ = cmd.RegisterFlagCompletionFunc(signalFlagName, common.AutocompleteStopSignal)
 	cidfileFlagName := "cidfile"
-	flags.StringArrayVar(&cidFiles, cidfileFlagName, []string{}, "Read the container ID from the file")
+	flags.StringArrayVar(&killCidFiles, cidfileFlagName, nil, "Read the container ID from the file")
 	_ = cmd.RegisterFlagCompletionFunc(cidfileFlagName, completion.AutocompleteDefault)
 }
 
@@ -94,10 +95,10 @@ func kill(_ *cobra.Command, args []string) error {
 	if sig < 1 || sig > 64 {
 		return errors.New("valid signals are 1 through 64")
 	}
-	for _, cidFile := range cidFiles {
+	for _, cidFile := range killCidFiles {
 		content, err := ioutil.ReadFile(cidFile)
 		if err != nil {
-			return fmt.Errorf("error reading CIDFile: %w", err)
+			return fmt.Errorf("reading CIDFile: %w", err)
 		}
 		id := strings.Split(string(content), "\n")[0]
 		args = append(args, id)
diff --git a/cmd/podman/containers/logs.go b/cmd/podman/containers/logs.go
index 9a9749210..e285a24d8 100644
--- a/cmd/podman/containers/logs.go
+++ b/cmd/podman/containers/logs.go
@@ -126,7 +126,7 @@ func logs(_ *cobra.Command, args []string) error {
 		// parse time, error out if something is wrong
 		since, err := util.ParseInputTime(logsOptions.SinceRaw, true)
 		if err != nil {
-			return fmt.Errorf("error parsing --since %q: %w", logsOptions.SinceRaw, err)
+			return fmt.Errorf("parsing --since %q: %w", logsOptions.SinceRaw, err)
 		}
 		logsOptions.Since = since
 	}
@@ -134,7 +134,7 @@ func logs(_ *cobra.Command, args []string) error {
 		// parse time, error out if something is wrong
 		until, err := util.ParseInputTime(logsOptions.UntilRaw, false)
 		if err != nil {
-			return fmt.Errorf("error parsing --until %q: %w", logsOptions.UntilRaw, err)
+			return fmt.Errorf("parsing --until %q: %w", logsOptions.UntilRaw, err)
 		}
 		logsOptions.Until = until
 	}
diff --git a/cmd/podman/containers/pause.go b/cmd/podman/containers/pause.go
index 53aa423ac..591523cf9 100644
--- a/cmd/podman/containers/pause.go
+++ b/cmd/podman/containers/pause.go
@@ -94,7 +94,7 @@ func pause(cmd *cobra.Command, args []string) error {
 	for _, cidFile := range pauseCidFiles {
 		content, err := ioutil.ReadFile(cidFile)
 		if err != nil {
-			return fmt.Errorf("error reading CIDFile: %w", err)
+			return fmt.Errorf("reading CIDFile: %w", err)
 		}
 		id := strings.Split(string(content), "\n")[0]
 		args = append(args, id)
@@ -113,10 +113,13 @@ func pause(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	for _, r := range responses {
-		if r.Err == nil {
-			fmt.Println(r.RawInput)
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 	return errs.PrintErrors()
diff --git a/cmd/podman/containers/restart.go b/cmd/podman/containers/restart.go
index 9d704d671..0cc7901f9 100644
--- a/cmd/podman/containers/restart.go
+++ b/cmd/podman/containers/restart.go
@@ -3,13 +3,14 @@ package containers
 import (
 	"context"
 	"fmt"
+	"io/ioutil"
+	"strings"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/podman/v4/cmd/podman/common"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/utils"
 	"github.com/containers/podman/v4/cmd/podman/validate"
-	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/spf13/cobra"
 )
@@ -25,7 +26,7 @@ var (
 		Long:  restartDescription,
 		RunE:  restart,
 		Args: func(cmd *cobra.Command, args []string) error {
-			return validate.CheckAllLatestAndIDFile(cmd, args, false, "")
+			return validate.CheckAllLatestAndIDFile(cmd, args, false, "cidfile")
 		},
 		ValidArgsFunction: common.AutocompleteContainers,
 		Example: `podman restart ctrID
@@ -47,20 +48,35 @@ var (
 )
 
 var (
-	restartOptions = entities.RestartOptions{}
-	restartTimeout uint
+	restartOpts = entities.RestartOptions{
+		Filters: make(map[string][]string),
+	}
+	restartCidFiles = []string{}
+	restartTimeout  uint
 )
 
 func restartFlags(cmd *cobra.Command) {
 	flags := cmd.Flags()
 
-	flags.BoolVarP(&restartOptions.All, "all", "a", false, "Restart all non-running containers")
-	flags.BoolVar(&restartOptions.Running, "running", false, "Restart only running containers when --all is used")
+	flags.BoolVarP(&restartOpts.All, "all", "a", false, "Restart all non-running containers")
+	flags.BoolVar(&restartOpts.Running, "running", false, "Restart only running containers")
+
+	cidfileFlagName := "cidfile"
+	flags.StringArrayVar(&restartCidFiles, cidfileFlagName, nil, "Read the container ID from the file")
+	_ = cmd.RegisterFlagCompletionFunc(cidfileFlagName, completion.AutocompleteDefault)
+
+	filterFlagName := "filter"
+	flags.StringSliceVarP(&filters, filterFlagName, "f", []string{}, "Filter output based on conditions given")
+	_ = cmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompletePsFilters)
 
 	timeFlagName := "time"
 	flags.UintVarP(&restartTimeout, timeFlagName, "t", containerConfig.Engine.StopTimeout, "Seconds to wait for stop before killing the container")
 	_ = cmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone)
 
+	if registry.IsRemote() {
+		_ = flags.MarkHidden("cidfile")
+	}
+
 	flags.SetNormalizeFunc(utils.AliasFlags)
 }
 
@@ -69,39 +85,54 @@ func init() {
 		Command: restartCommand,
 	})
 	restartFlags(restartCommand)
-	validate.AddLatestFlag(restartCommand, &restartOptions.Latest)
+	validate.AddLatestFlag(restartCommand, &restartOpts.Latest)
 
 	registry.Commands = append(registry.Commands, registry.CliCommand{
 		Command: containerRestartCommand,
 		Parent:  containerCmd,
 	})
 	restartFlags(containerRestartCommand)
-	validate.AddLatestFlag(containerRestartCommand, &restartOptions.Latest)
+	validate.AddLatestFlag(containerRestartCommand, &restartOpts.Latest)
 }
 
 func restart(cmd *cobra.Command, args []string) error {
 	var (
 		errs utils.OutputErrors
 	)
-	if len(args) < 1 && !restartOptions.Latest && !restartOptions.All {
-		return fmt.Errorf("you must provide at least one container name or ID: %w", define.ErrInvalidArg)
+
+	if cmd.Flag("time").Changed {
+		restartOpts.Timeout = &restartTimeout
 	}
-	if len(args) > 0 && restartOptions.Latest {
-		return fmt.Errorf("--latest and containers cannot be used together: %w", define.ErrInvalidArg)
+
+	for _, cidFile := range restartCidFiles {
+		content, err := ioutil.ReadFile(cidFile)
+		if err != nil {
+			return fmt.Errorf("reading CIDFile: %w", err)
+		}
+		id := strings.Split(string(content), "\n")[0]
+		args = append(args, id)
 	}
 
-	if cmd.Flag("time").Changed {
-		restartOptions.Timeout = &restartTimeout
+	for _, f := range filters {
+		split := strings.SplitN(f, "=", 2)
+		if len(split) < 2 {
+			return fmt.Errorf("invalid filter %q", f)
+		}
+		restartOpts.Filters[split[0]] = append(restartOpts.Filters[split[0]], split[1])
 	}
-	responses, err := registry.ContainerEngine().ContainerRestart(context.Background(), args, restartOptions)
+
+	responses, err := registry.ContainerEngine().ContainerRestart(context.Background(), args, restartOpts)
 	if err != nil {
 		return err
 	}
 	for _, r := range responses {
-		if r.Err == nil {
-			fmt.Println(r.Id)
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 	return errs.PrintErrors()
diff --git a/cmd/podman/containers/restore.go b/cmd/podman/containers/restore.go
index 6106f2bed..ee01e19b8 100644
--- a/cmd/podman/containers/restore.go
+++ b/cmd/podman/containers/restore.go
@@ -193,14 +193,15 @@ func restore(cmd *cobra.Command, args []string) error {
 	var statistics restoreStatistics
 
 	for _, r := range responses {
-		if r.Err == nil {
-			if restoreOptions.PrintStats {
-				statistics.ContainerStatistics = append(statistics.ContainerStatistics, r)
-			} else {
-				fmt.Println(r.Id)
-			}
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case restoreOptions.PrintStats:
+			statistics.ContainerStatistics = append(statistics.ContainerStatistics, r)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 
diff --git a/cmd/podman/containers/rm.go b/cmd/podman/containers/rm.go
index 056e32651..44d03e9de 100644
--- a/cmd/podman/containers/rm.go
+++ b/cmd/podman/containers/rm.go
@@ -52,8 +52,10 @@ var (
 )
 
 var (
-	rmOptions = entities.RmOptions{}
-	cidFiles  = []string{}
+	rmOptions = entities.RmOptions{
+		Filters: make(map[string][]string),
+	}
+	rmCidFiles = []string{}
 )
 
 func rmFlags(cmd *cobra.Command) {
@@ -69,9 +71,13 @@ func rmFlags(cmd *cobra.Command) {
 	flags.BoolVarP(&rmOptions.Volumes, "volumes", "v", false, "Remove anonymous volumes associated with the container")
 
 	cidfileFlagName := "cidfile"
-	flags.StringArrayVar(&cidFiles, cidfileFlagName, nil, "Read the container ID from the file")
+	flags.StringArrayVar(&rmCidFiles, cidfileFlagName, nil, "Read the container ID from the file")
 	_ = cmd.RegisterFlagCompletionFunc(cidfileFlagName, completion.AutocompleteDefault)
 
+	filterFlagName := "filter"
+	flags.StringSliceVar(&filters, filterFlagName, []string{}, "Filter output based on conditions given")
+	_ = cmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompletePsFilters)
+
 	if !registry.IsRemote() {
 		// This option is deprecated, but needs to still exists for backwards compatibility
 		flags.Bool("storage", false, "Remove container from storage library")
@@ -101,15 +107,23 @@ func rm(cmd *cobra.Command, args []string) error {
 		}
 		rmOptions.Timeout = &stopTimeout
 	}
-	for _, cidFile := range cidFiles {
+	for _, cidFile := range rmCidFiles {
 		content, err := ioutil.ReadFile(cidFile)
 		if err != nil {
-			return fmt.Errorf("error reading CIDFile: %w", err)
+			return fmt.Errorf("reading CIDFile: %w", err)
 		}
 		id := strings.Split(string(content), "\n")[0]
 		args = append(args, id)
 	}
 
+	for _, f := range filters {
+		split := strings.SplitN(f, "=", 2)
+		if len(split) < 2 {
+			return fmt.Errorf("invalid filter %q", f)
+		}
+		rmOptions.Filters[split[0]] = append(rmOptions.Filters[split[0]], split[1])
+	}
+
 	if rmOptions.All {
 		logrus.Debug("--all is set: enforcing --depend=true")
 		rmOptions.Depend = true
@@ -135,7 +149,8 @@ func removeContainers(namesOrIDs []string, rmOptions entities.RmOptions, setExit
 		return err
 	}
 	for _, r := range responses {
-		if r.Err != nil {
+		switch {
+		case r.Err != nil:
 			if errors.Is(r.Err, define.ErrWillDeadlock) {
 				logrus.Errorf("Potential deadlock detected - please run 'podman system renumber' to resolve")
 			}
@@ -146,7 +161,9 @@ func removeContainers(namesOrIDs []string, rmOptions entities.RmOptions, setExit
 				setExitCode(r.Err)
 			}
 			errs = append(errs, r.Err)
-		} else {
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
 			fmt.Println(r.Id)
 		}
 	}
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index ef13ea95e..f66d4d4d3 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -61,7 +61,7 @@ func runFlags(cmd *cobra.Command) {
 
 	flags.SetInterspersed(false)
 	common.DefineCreateDefaults(&cliVals)
-	common.DefineCreateFlags(cmd, &cliVals, false, false)
+	common.DefineCreateFlags(cmd, &cliVals, entities.CreateMode)
 	common.DefineNetFlags(cmd)
 
 	flags.SetNormalizeFunc(utils.AliasFlags)
diff --git a/cmd/podman/containers/start.go b/cmd/podman/containers/start.go
index cd4fa17b8..061f0953d 100644
--- a/cmd/podman/containers/start.go
+++ b/cmd/podman/containers/start.go
@@ -59,8 +59,10 @@ func startFlags(cmd *cobra.Command) {
 
 	flags.BoolVarP(&startOptions.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
 	flags.BoolVar(&startOptions.SigProxy, "sig-proxy", false, "Proxy received signals to the process (default true if attaching, false otherwise)")
-	flags.StringSliceVarP(&filters, "filter", "f", []string{}, "Filter output based on conditions given")
-	_ = cmd.RegisterFlagCompletionFunc("filter", common.AutocompletePsFilters)
+
+	filterFlagName := "filter"
+	flags.StringSliceVarP(&filters, filterFlagName, "f", []string{}, "Filter output based on conditions given")
+	_ = cmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompletePsFilters)
 
 	flags.BoolVar(&startOptions.All, "all", false, "Start all containers regardless of their state or configuration")
 
@@ -84,7 +86,7 @@ func init() {
 }
 
 func validateStart(cmd *cobra.Command, args []string) error {
-	if len(args) == 0 && !startOptions.Latest && !startOptions.All {
+	if len(args) == 0 && !startOptions.Latest && !startOptions.All && len(filters) < 1 {
 		return errors.New("start requires at least one argument")
 	}
 	if startOptions.All && startOptions.Latest {
@@ -123,33 +125,30 @@ func start(cmd *cobra.Command, args []string) error {
 	}
 
 	containers := args
-	if len(filters) > 0 {
-		for _, f := range filters {
-			split := strings.SplitN(f, "=", 2)
-			if len(split) == 1 {
-				return fmt.Errorf("invalid filter %q", f)
-			}
-			startOptions.Filters[split[0]] = append(startOptions.Filters[split[0]], split[1])
+	for _, f := range filters {
+		split := strings.SplitN(f, "=", 2)
+		if len(split) < 2 {
+			return fmt.Errorf("invalid filter %q", f)
 		}
+		startOptions.Filters[split[0]] = append(startOptions.Filters[split[0]], split[1])
 	}
 
 	responses, err := registry.ContainerEngine().ContainerStart(registry.GetContext(), containers, startOptions)
 	if err != nil {
 		return err
 	}
-
 	for _, r := range responses {
-		if r.Err == nil {
-			if startOptions.Attach {
-				// Implement the exitcode when the only one container is enabled attach
-				registry.SetExitCode(r.ExitCode)
-			} else {
-				fmt.Println(r.RawInput)
-			}
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case startOptions.Attach:
+			// Implement the exitcode when the only one container is enabled attach
+			registry.SetExitCode(r.ExitCode)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
-
 	return errs.PrintErrors()
 }
diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go
index 0dd8ce80a..f29bbf34c 100644
--- a/cmd/podman/containers/stats.go
+++ b/cmd/podman/containers/stats.go
@@ -58,6 +58,7 @@ type statsOptionsCLI struct {
 
 var (
 	statsOptions statsOptionsCLI
+	notrunc      bool
 )
 
 func statFlags(cmd *cobra.Command) {
@@ -69,6 +70,7 @@ func statFlags(cmd *cobra.Command) {
 	flags.StringVar(&statsOptions.Format, formatFlagName, "", "Pretty-print container statistics to JSON or using a Go template")
 	_ = cmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&containerStats{}))
 
+	flags.BoolVar(&notrunc, "no-trunc", false, "Do not truncate output")
 	flags.BoolVar(&statsOptions.NoReset, "no-reset", false, "Disable resetting the screen between intervals")
 	flags.BoolVar(&statsOptions.NoStream, "no-stream", false, "Disable streaming stats and only pull the first result, default setting is false")
 	intervalFlagName := "interval"
@@ -186,6 +188,9 @@ type containerStats struct {
 }
 
 func (s *containerStats) ID() string {
+	if notrunc {
+		return s.ContainerID
+	}
 	return s.ContainerID[0:12]
 }
 
diff --git a/cmd/podman/containers/stop.go b/cmd/podman/containers/stop.go
index 261f441c3..412c513e1 100644
--- a/cmd/podman/containers/stop.go
+++ b/cmd/podman/containers/stop.go
@@ -52,7 +52,8 @@ var (
 	stopOptions = entities.StopOptions{
 		Filters: make(map[string][]string),
 	}
-	stopTimeout uint
+	stopCidFiles = []string{}
+	stopTimeout  uint
 )
 
 func stopFlags(cmd *cobra.Command) {
@@ -62,7 +63,7 @@ func stopFlags(cmd *cobra.Command) {
 	flags.BoolVarP(&stopOptions.Ignore, "ignore", "i", false, "Ignore errors when a specified container is missing")
 
 	cidfileFlagName := "cidfile"
-	flags.StringArrayVar(&cidFiles, cidfileFlagName, nil, "Read the container ID from the file")
+	flags.StringArrayVar(&stopCidFiles, cidfileFlagName, nil, "Read the container ID from the file")
 	_ = cmd.RegisterFlagCompletionFunc(cidfileFlagName, completion.AutocompleteDefault)
 
 	timeFlagName := "time"
@@ -103,10 +104,10 @@ func stop(cmd *cobra.Command, args []string) error {
 	if cmd.Flag("time").Changed {
 		stopOptions.Timeout = &stopTimeout
 	}
-	for _, cidFile := range cidFiles {
+	for _, cidFile := range stopCidFiles {
 		content, err := ioutil.ReadFile(cidFile)
 		if err != nil {
-			return fmt.Errorf("error reading CIDFile: %w", err)
+			return fmt.Errorf("reading CIDFile: %w", err)
 		}
 		id := strings.Split(string(content), "\n")[0]
 		args = append(args, id)
@@ -125,10 +126,13 @@ func stop(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	for _, r := range responses {
-		if r.Err == nil {
-			fmt.Println(r.RawInput)
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 	return errs.PrintErrors()
diff --git a/cmd/podman/containers/unpause.go b/cmd/podman/containers/unpause.go
index 4282e490e..988964266 100644
--- a/cmd/podman/containers/unpause.go
+++ b/cmd/podman/containers/unpause.go
@@ -101,7 +101,7 @@ func unpause(cmd *cobra.Command, args []string) error {
 	for _, cidFile := range unpauseCidFiles {
 		content, err := ioutil.ReadFile(cidFile)
 		if err != nil {
-			return fmt.Errorf("error reading CIDFile: %w", err)
+			return fmt.Errorf("reading CIDFile: %w", err)
 		}
 		id := strings.Split(string(content), "\n")[0]
 		args = append(args, id)
@@ -121,10 +121,13 @@ func unpause(cmd *cobra.Command, args []string) error {
 	}
 
 	for _, r := range responses {
-		if r.Err == nil {
-			fmt.Println(r.RawInput)
-		} else {
+		switch {
+		case r.Err != nil:
 			errs = append(errs, r.Err)
+		case r.RawInput != "":
+			fmt.Println(r.RawInput)
+		default:
+			fmt.Println(r.Id)
 		}
 	}
 	return errs.PrintErrors()
diff --git a/cmd/podman/containers/update.go b/cmd/podman/containers/update.go
new file mode 100644
index 000000000..33aa25f8e
--- /dev/null
+++ b/cmd/podman/containers/update.go
@@ -0,0 +1,83 @@
+package containers
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/containers/podman/v4/cmd/podman/common"
+	"github.com/containers/podman/v4/cmd/podman/registry"
+	"github.com/containers/podman/v4/pkg/domain/entities"
+	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/containers/podman/v4/pkg/specgenutil"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/spf13/cobra"
+)
+
+var (
+	updateDescription = `Updates the cgroup configuration of a given container`
+
+	updateCommand = &cobra.Command{
+		Use:               "update [options] CONTAINER",
+		Short:             "update an existing container",
+		Long:              updateDescription,
+		RunE:              update,
+		Args:              cobra.ExactArgs(1),
+		ValidArgsFunction: common.AutocompleteContainers,
+		Example:           `podman update --cpus=5 foobar_container`,
+	}
+
+	containerUpdateCommand = &cobra.Command{
+		Args:              updateCommand.Args,
+		Use:               updateCommand.Use,
+		Short:             updateCommand.Short,
+		Long:              updateCommand.Long,
+		RunE:              updateCommand.RunE,
+		ValidArgsFunction: updateCommand.ValidArgsFunction,
+		Example:           `podman container update --cpus=5 foobar_container`,
+	}
+)
+var (
+	updateOpts entities.ContainerCreateOptions
+)
+
+func updateFlags(cmd *cobra.Command) {
+	common.DefineCreateDefaults(&updateOpts)
+	common.DefineCreateFlags(cmd, &updateOpts, entities.UpdateMode)
+}
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Command: updateCommand,
+	})
+	updateFlags(updateCommand)
+
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Command: containerUpdateCommand,
+		Parent:  containerCmd,
+	})
+	updateFlags(containerUpdateCommand)
+}
+
+func update(cmd *cobra.Command, args []string) error {
+	var err error
+	// use a specgen since this is the easiest way to hold resource info
+	s := &specgen.SpecGenerator{}
+	s.ResourceLimits = &specs.LinuxResources{}
+
+	// we need to pass the whole specgen since throttle devices are parsed later due to cross compat.
+	s.ResourceLimits, err = specgenutil.GetResources(s, &updateOpts)
+	if err != nil {
+		return err
+	}
+
+	opts := &entities.ContainerUpdateOptions{
+		NameOrID: args[0],
+		Specgen:  s,
+	}
+	rep, err := registry.ContainerEngine().ContainerUpdate(context.Background(), opts)
+	if err != nil {
+		return err
+	}
+	fmt.Println(rep)
+	return nil
+}
diff --git a/cmd/podman/early_init_linux.go b/cmd/podman/early_init_linux.go
index e26c4264e..99046a02b 100644
--- a/cmd/podman/early_init_linux.go
+++ b/cmd/podman/early_init_linux.go
@@ -14,11 +14,11 @@ func setRLimits() error {
 	rlimits.Max = define.RLimitDefaultValue
 	if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
 		if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
-			return fmt.Errorf("error getting rlimits: %w", err)
+			return fmt.Errorf("getting rlimits: %w", err)
 		}
 		rlimits.Cur = rlimits.Max
 		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
-			return fmt.Errorf("error setting new rlimits: %w", err)
+			return fmt.Errorf("setting new rlimits: %w", err)
 		}
 	}
 	return nil
diff --git a/cmd/podman/generate/generate.go b/cmd/podman/generate/generate.go
index 0a12961f4..f1dea6816 100644
--- a/cmd/podman/generate/generate.go
+++ b/cmd/podman/generate/generate.go
@@ -1,4 +1,4 @@
-package pods
+package generate
 
 import (
 	"github.com/containers/podman/v4/cmd/podman/registry"
@@ -9,7 +9,7 @@ import (
 
 var (
 	// Command: podman _generate_
-	generateCmd = &cobra.Command{
+	GenerateCmd = &cobra.Command{
 		Use:   "generate",
 		Short: "Generate structured data based on containers, pods or volumes",
 		Long:  "Generate structured data (e.g., Kubernetes YAML or systemd units) based on containers, pods or volumes.",
@@ -20,6 +20,6 @@ var (
 
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
-		Command: generateCmd,
+		Command: GenerateCmd,
 	})
 }
diff --git a/cmd/podman/generate/kube.go b/cmd/podman/generate/kube.go
deleted file mode 100644
index 7bfc3dcf7..000000000
--- a/cmd/podman/generate/kube.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package pods
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-
-	"github.com/containers/common/pkg/completion"
-	"github.com/containers/podman/v4/cmd/podman/common"
-	"github.com/containers/podman/v4/cmd/podman/registry"
-	"github.com/containers/podman/v4/cmd/podman/utils"
-	"github.com/containers/podman/v4/pkg/domain/entities"
-	"github.com/spf13/cobra"
-)
-
-var (
-	kubeOptions     = entities.GenerateKubeOptions{}
-	kubeFile        = ""
-	kubeDescription = `Command generates Kubernetes Pod, Service or PersistenVolumeClaim YAML (v1 specification) from Podman containers, pods or volumes.
-
-  Whether the input is for a container or pod, Podman will always generate the specification as a pod.`
-
-	kubeCmd = &cobra.Command{
-		Use:               "kube [options] {CONTAINER...|POD...|VOLUME...}",
-		Short:             "Generate Kubernetes YAML from containers, pods or volumes.",
-		Long:              kubeDescription,
-		RunE:              kube,
-		Args:              cobra.MinimumNArgs(1),
-		ValidArgsFunction: common.AutocompleteForKube,
-		Example: `podman generate kube ctrID
-  podman generate kube podID
-  podman generate kube --service podID
-  podman generate kube volumeName
-  podman generate kube ctrID podID volumeName --service`,
-	}
-)
-
-func init() {
-	registry.Commands = append(registry.Commands, registry.CliCommand{
-		Command: kubeCmd,
-		Parent:  generateCmd,
-	})
-	flags := kubeCmd.Flags()
-	flags.BoolVarP(&kubeOptions.Service, "service", "s", false, "Generate YAML for a Kubernetes service object")
-
-	filenameFlagName := "filename"
-	flags.StringVarP(&kubeFile, filenameFlagName, "f", "", "Write output to the specified path")
-	_ = kubeCmd.RegisterFlagCompletionFunc(filenameFlagName, completion.AutocompleteDefault)
-
-	flags.SetNormalizeFunc(utils.AliasFlags)
-}
-
-func kube(cmd *cobra.Command, args []string) error {
-	report, err := registry.ContainerEngine().GenerateKube(registry.GetContext(), args, kubeOptions)
-	if err != nil {
-		return err
-	}
-
-	content, err := ioutil.ReadAll(report.Reader)
-	if err != nil {
-		return err
-	}
-	if r, ok := report.Reader.(io.ReadCloser); ok {
-		defer r.Close()
-	}
-
-	if cmd.Flags().Changed("filename") {
-		if _, err := os.Stat(kubeFile); err == nil {
-			return fmt.Errorf("cannot write to %q; file exists", kubeFile)
-		}
-		if err := ioutil.WriteFile(kubeFile, content, 0644); err != nil {
-			return fmt.Errorf("cannot write to %q: %w", kubeFile, err)
-		}
-		return nil
-	}
-
-	fmt.Println(string(content))
-	return nil
-}
diff --git a/cmd/podman/generate/spec.go b/cmd/podman/generate/spec.go
new file mode 100644
index 000000000..bf451ebc5
--- /dev/null
+++ b/cmd/podman/generate/spec.go
@@ -0,0 +1,71 @@
+package generate
+
+import (
+	"fmt"
+	"io/ioutil"
+
+	"github.com/containers/common/pkg/completion"
+	"github.com/containers/podman/v4/cmd/podman/common"
+	"github.com/containers/podman/v4/cmd/podman/registry"
+	"github.com/containers/podman/v4/cmd/podman/utils"
+	"github.com/containers/podman/v4/pkg/domain/entities"
+	"github.com/spf13/cobra"
+)
+
+var (
+	specCmd = &cobra.Command{
+		Use:               "spec [options] {CONTAINER|POD}",
+		Short:             "Generate Specgen JSON based on containers or pods",
+		Long:              "Generate Specgen JSON based on containers or pods",
+		RunE:              spec,
+		Args:              cobra.ExactArgs(1),
+		ValidArgsFunction: common.AutocompleteContainersAndPods,
+		Example:           `podman generate spec ctrID`,
+	}
+)
+
+var (
+	opts *entities.GenerateSpecOptions
+)
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Command: specCmd,
+		Parent:  GenerateCmd,
+	})
+	opts = &entities.GenerateSpecOptions{}
+	flags := specCmd.Flags()
+
+	filenameFlagName := "filename"
+	flags.StringVarP(&opts.FileName, filenameFlagName, "f", "", "Write output to the specified path")
+	_ = specCmd.RegisterFlagCompletionFunc(filenameFlagName, completion.AutocompleteNone)
+
+	compactFlagName := "compact"
+	flags.BoolVarP(&opts.Compact, compactFlagName, "c", false, "Print the json in a compact format for consumption")
+
+	nameFlagName := "name"
+	flags.BoolVarP(&opts.Name, nameFlagName, "n", true, "Specify a new name for the generated spec")
+
+	flags.SetNormalizeFunc(utils.AliasFlags)
+}
+
+func spec(cmd *cobra.Command, args []string) error {
+	opts.ID = args[0]
+	report, err := registry.ContainerEngine().GenerateSpec(registry.GetContext(), opts)
+	if err != nil {
+		return err
+	}
+
+	// if we are looking to print the output, do not mess it up by printing the path
+	// if we are using -v the user probably expects to pipe the output somewhere else
+	if len(opts.FileName) > 0 {
+		err = ioutil.WriteFile(opts.FileName, report.Data, 0644)
+		if err != nil {
+			return err
+		}
+		fmt.Println(opts.FileName)
+	} else {
+		fmt.Println(string(report.Data))
+	}
+	return nil
+}
diff --git a/cmd/podman/generate/systemd.go b/cmd/podman/generate/systemd.go
index 1ece64a30..3473c9011 100644
--- a/cmd/podman/generate/systemd.go
+++ b/cmd/podman/generate/systemd.go
@@ -1,4 +1,4 @@
-package pods
+package generate
 
 import (
 	"encoding/json"
@@ -13,6 +13,7 @@ import (
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/utils"
 	"github.com/containers/podman/v4/pkg/domain/entities"
+	envLib "github.com/containers/podman/v4/pkg/env"
 	systemDefine "github.com/containers/podman/v4/pkg/systemd/define"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -28,9 +29,11 @@ const (
 	wantsFlagName             = "wants"
 	afterFlagName             = "after"
 	requiresFlagName          = "requires"
+	envFlagName               = "env"
 )
 
 var (
+	envInput           []string
 	files              bool
 	format             string
 	systemdRestart     string
@@ -57,7 +60,7 @@ var (
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
 		Command: systemdCmd,
-		Parent:  generateCmd,
+		Parent:  GenerateCmd,
 	})
 	flags := systemdCmd.Flags()
 	flags.BoolVarP(&systemdOptions.Name, "name", "n", false, "Use container/pod names instead of IDs")
@@ -109,6 +112,9 @@ func init() {
 	flags.StringArrayVar(&systemdOptions.Requires, requiresFlagName, nil, "Similar to wants, but declares stronger requirement dependencies")
 	_ = systemdCmd.RegisterFlagCompletionFunc(requiresFlagName, completion.AutocompleteNone)
 
+	flags.StringArrayVarP(&envInput, envFlagName, "e", nil, "Set environment variables to the systemd unit files")
+	_ = systemdCmd.RegisterFlagCompletionFunc(envFlagName, completion.AutocompleteNone)
+
 	flags.SetNormalizeFunc(utils.TimeoutAliasFlags)
 }
 
@@ -141,6 +147,13 @@ func systemd(cmd *cobra.Command, args []string) error {
 	if cmd.Flags().Changed(stopTimeoutCompatFlagName) {
 		setStopTimeout++
 	}
+	if cmd.Flags().Changed(envFlagName) {
+		cliEnv, err := envLib.ParseSlice(envInput)
+		if err != nil {
+			return fmt.Errorf("parsing environment variables: %w", err)
+		}
+		systemdOptions.AdditionalEnvVariables = envLib.Slice(cliEnv)
+	}
 	switch setStopTimeout {
 	case 1:
 		systemdOptions.StopTimeout = &stopTimeout
@@ -156,7 +169,7 @@ func systemd(cmd *cobra.Command, args []string) error {
 	if files {
 		cwd, err := os.Getwd()
 		if err != nil {
-			return fmt.Errorf("error getting current working directory: %w", err)
+			return fmt.Errorf("getting current working directory: %w", err)
 		}
 		for name, content := range reports.Units {
 			path := filepath.Join(cwd, fmt.Sprintf("%s.service", name))
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go
index 9f1b86eb4..2b24c1cff 100644
--- a/cmd/podman/images/build.go
+++ b/cmd/podman/images/build.go
@@ -18,6 +18,7 @@ import (
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/image/v5/docker/reference"
 	encconfig "github.com/containers/ocicrypt/config"
 	enchelpers "github.com/containers/ocicrypt/helpers"
 	"github.com/containers/podman/v4/cmd/podman/common"
@@ -184,7 +185,6 @@ func buildFlags(cmd *cobra.Command) {
 	flags.SetNormalizeFunc(buildahCLI.AliasFlags)
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("disable-content-trust")
-		_ = flags.MarkHidden("cache-from")
 		_ = flags.MarkHidden("sign-by")
 		_ = flags.MarkHidden("signature-policy")
 		_ = flags.MarkHidden("tls-verify")
@@ -222,7 +222,7 @@ func build(cmd *cobra.Command, args []string) error {
 		// The context directory could be a URL.  Try to handle that.
 		tempDir, subDir, err := buildahDefine.TempDirForURL("", "buildah", args[0])
 		if err != nil {
-			return fmt.Errorf("error prepping temporary context directory: %w", err)
+			return fmt.Errorf("prepping temporary context directory: %w", err)
 		}
 		if tempDir != "" {
 			// We had to download it to a temporary directory.
@@ -237,7 +237,7 @@ func build(cmd *cobra.Command, args []string) error {
 			// Nope, it was local.  Use it as is.
 			absDir, err := filepath.Abs(args[0])
 			if err != nil {
-				return fmt.Errorf("error determining path to directory %q: %w", args[0], err)
+				return fmt.Errorf("determining path to directory %q: %w", args[0], err)
 			}
 			contextDir = absDir
 		}
@@ -253,7 +253,7 @@ func build(cmd *cobra.Command, args []string) error {
 			}
 			absFile, err := filepath.Abs(containerFiles[i])
 			if err != nil {
-				return fmt.Errorf("error determining path to file %q: %w", containerFiles[i], err)
+				return fmt.Errorf("determining path to file %q: %w", containerFiles[i], err)
 			}
 			contextDir = filepath.Dir(absFile)
 			containerFiles[i] = absFile
@@ -519,6 +519,27 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 			}
 		}
 	}
+	var cacheTo reference.Named
+	var cacheFrom reference.Named
+	if c.Flag("cache-to").Changed {
+		cacheTo, err = parse.RepoNameToNamedReference(flags.CacheTo)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse value provided `%s` to --cache-to: %w", flags.CacheTo, err)
+		}
+	}
+	if c.Flag("cache-from").Changed {
+		cacheFrom, err = parse.RepoNameToNamedReference(flags.CacheFrom)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse value provided `%s` to --cache-from: %w", flags.CacheTo, err)
+		}
+	}
+	var cacheTTL time.Duration
+	if c.Flag("cache-ttl").Changed {
+		cacheTTL, err = time.ParseDuration(flags.CacheTTL)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse value provided %q as --cache-ttl: %w", flags.CacheTTL, err)
+		}
+	}
 
 	opts := buildahDefine.BuildOptions{
 		AddCapabilities:         flags.CapAdd,
@@ -529,6 +550,9 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		Args:                    args,
 		BlobDirectory:           flags.BlobCache,
 		BuildOutput:             flags.BuildOutput,
+		CacheFrom:               cacheFrom,
+		CacheTo:                 cacheTo,
+		CacheTTL:                cacheTTL,
 		CommonBuildOpts:         commonOpts,
 		Compression:             compression,
 		ConfigureNetwork:        networkPolicy,
diff --git a/cmd/podman/images/list.go b/cmd/podman/images/list.go
index 94d8412e5..1c464d91c 100644
--- a/cmd/podman/images/list.go
+++ b/cmd/podman/images/list.go
@@ -225,7 +225,7 @@ func sortImages(imageS []*entities.ImageSummary) ([]imageReporter, error) {
 				h.ImageSummary = *e
 				h.Repository, h.Tag, err = tokenRepoTag(tag)
 				if err != nil {
-					return nil, fmt.Errorf("error parsing repository tag: %q: %w", tag, err)
+					return nil, fmt.Errorf("parsing repository tag: %q: %w", tag, err)
 				}
 				if h.Tag == "<none>" {
 					untagged = append(untagged, h)
diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go
index 8211ceba5..fe9d1e9b6 100644
--- a/cmd/podman/images/pull.go
+++ b/cmd/podman/images/pull.go
@@ -155,6 +155,11 @@ func imagePull(cmd *cobra.Command, args []string) error {
 		pullOptions.Username = creds.Username
 		pullOptions.Password = creds.Password
 	}
+
+	if !pullOptions.Quiet {
+		pullOptions.Writer = os.Stderr
+	}
+
 	// Let's do all the remaining Yoga in the API to prevent us from
 	// scattering logic across (too) many parts of the code.
 	var errs utils.OutputErrors
diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go
index 1b3419014..fa60860db 100644
--- a/cmd/podman/images/push.go
+++ b/cmd/podman/images/push.go
@@ -17,8 +17,9 @@ import (
 // CLI-only fields into the API types.
 type pushOptionsWrapper struct {
 	entities.ImagePushOptions
-	TLSVerifyCLI   bool // CLI only
-	CredentialsCLI string
+	TLSVerifyCLI          bool // CLI only
+	CredentialsCLI        string
+	SignPassphraseFileCLI string
 }
 
 var (
@@ -106,6 +107,14 @@ func pushFlags(cmd *cobra.Command) {
 	flags.StringVar(&pushOptions.SignBy, signByFlagName, "", "Add a signature at the destination using the specified key")
 	_ = cmd.RegisterFlagCompletionFunc(signByFlagName, completion.AutocompleteNone)
 
+	signBySigstorePrivateKeyFlagName := "sign-by-sigstore-private-key"
+	flags.StringVar(&pushOptions.SignBySigstorePrivateKeyFile, signBySigstorePrivateKeyFlagName, "", "Sign the image using a sigstore private key at `PATH`")
+	_ = cmd.RegisterFlagCompletionFunc(signBySigstorePrivateKeyFlagName, completion.AutocompleteDefault)
+
+	signPassphraseFileFlagName := "sign-passphrase-file"
+	flags.StringVar(&pushOptions.SignPassphraseFileCLI, signPassphraseFileFlagName, "", "Read a passphrase for signing an image from `PATH`")
+	_ = cmd.RegisterFlagCompletionFunc(signPassphraseFileFlagName, completion.AutocompleteDefault)
+
 	flags.BoolVar(&pushOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 
 	compressionFormat := "compression-format"
@@ -117,7 +126,9 @@ func pushFlags(cmd *cobra.Command) {
 		_ = flags.MarkHidden("compress")
 		_ = flags.MarkHidden("digestfile")
 		_ = flags.MarkHidden("quiet")
-		_ = flags.MarkHidden("sign-by")
+		_ = flags.MarkHidden(signByFlagName)
+		_ = flags.MarkHidden(signBySigstorePrivateKeyFlagName)
+		_ = flags.MarkHidden(signPassphraseFileFlagName)
 	}
 	if !registry.IsRemote() {
 		flags.StringVar(&pushOptions.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
@@ -153,6 +164,14 @@ func imagePush(cmd *cobra.Command, args []string) error {
 		pushOptions.Password = creds.Password
 	}
 
+	if !pushOptions.Quiet {
+		pushOptions.Writer = os.Stderr
+	}
+
+	if err := common.PrepareSigningPassphrase(&pushOptions.ImagePushOptions, pushOptions.SignPassphraseFileCLI); err != nil {
+		return err
+	}
+
 	// Let's do all the remaining Yoga in the API to prevent us from scattering
 	// logic across (too) many parts of the code.
 	return registry.ImageEngine().Push(registry.GetContext(), source, destination, pushOptions.ImagePushOptions)
diff --git a/cmd/podman/images/rm.go b/cmd/podman/images/rm.go
index d3fd17440..4e4b001ad 100644
--- a/cmd/podman/images/rm.go
+++ b/cmd/podman/images/rm.go
@@ -61,6 +61,7 @@ func imageRemoveFlagSet(flags *pflag.FlagSet) {
 	flags.BoolVarP(&imageOpts.All, "all", "a", false, "Remove all images")
 	flags.BoolVarP(&imageOpts.Ignore, "ignore", "i", false, "Ignore errors if a specified image does not exist")
 	flags.BoolVarP(&imageOpts.Force, "force", "f", false, "Force Removal of the image")
+	flags.BoolVar(&imageOpts.NoPrune, "no-prune", false, "Do not remove dangling images")
 }
 
 func rm(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go
index 43366e1b3..ecff0f841 100644
--- a/cmd/podman/images/save.go
+++ b/cmd/podman/images/save.go
@@ -103,8 +103,8 @@ func save(cmd *cobra.Command, args []string) (finalErr error) {
 		tags      []string
 		succeeded = false
 	)
-	if cmd.Flag("compress").Changed && (saveOpts.Format != define.OCIManifestDir && saveOpts.Format != define.V2s2ManifestDir) {
-		return errors.New("--compress can only be set when --format is either 'oci-dir' or 'docker-dir'")
+	if cmd.Flag("compress").Changed && saveOpts.Format != define.V2s2ManifestDir {
+		return errors.New("--compress can only be set when --format is 'docker-dir'")
 	}
 	if len(saveOpts.Output) == 0 {
 		saveOpts.Quiet = true
diff --git a/cmd/podman/images/scp.go b/cmd/podman/images/scp.go
index a7aa43e61..18899d251 100644
--- a/cmd/podman/images/scp.go
+++ b/cmd/podman/images/scp.go
@@ -4,6 +4,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/cmd/podman/common"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/spf13/cobra"
@@ -48,6 +49,11 @@ func scp(cmd *cobra.Command, args []string) (finalErr error) {
 	var (
 		err error
 	)
+
+	containerConfig := registry.PodmanConfig()
+
+	sshType := containerConfig.SSHMode
+
 	for i, val := range os.Args {
 		if val == "image" {
 			break
@@ -67,7 +73,8 @@ func scp(cmd *cobra.Command, args []string) (finalErr error) {
 		dst = args[1]
 	}
 
-	err = registry.ImageEngine().Scp(registry.Context(), src, dst, parentFlags, quiet)
+	sshEngine := ssh.DefineMode(sshType)
+	err = registry.ImageEngine().Scp(registry.Context(), src, dst, parentFlags, quiet, sshEngine)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/podman/images/trust_set.go b/cmd/podman/images/trust_set.go
index 832e9f724..e7339f0b1 100644
--- a/cmd/podman/images/trust_set.go
+++ b/cmd/podman/images/trust_set.go
@@ -53,7 +53,7 @@ File(s) must exist before using this command`)
 }
 
 func setTrust(cmd *cobra.Command, args []string) error {
-	validTrustTypes := []string{"accept", "insecureAcceptAnything", "reject", "signedBy"}
+	validTrustTypes := []string{"accept", "insecureAcceptAnything", "reject", "signedBy", "sigstoreSigned"}
 
 	valid, err := isValidImageURI(args[0])
 	if err != nil || !valid {
@@ -61,7 +61,7 @@ func setTrust(cmd *cobra.Command, args []string) error {
 	}
 
 	if !util.StringInSlice(setOptions.Type, validTrustTypes) {
-		return fmt.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy')", setOptions.Type)
+		return fmt.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy', 'sigstoreSigned')", setOptions.Type)
 	}
 	return registry.ImageEngine().SetTrust(registry.Context(), args, setOptions)
 }
diff --git a/cmd/podman/images/utils_linux.go b/cmd/podman/images/utils_linux.go
index 5923716ec..935a45667 100644
--- a/cmd/podman/images/utils_linux.go
+++ b/cmd/podman/images/utils_linux.go
@@ -26,7 +26,7 @@ func setupPipe() (string, func() <-chan error, error) {
 		if e := os.RemoveAll(pipeDir); e != nil {
 			logrus.Errorf("Removing named pipe: %q", e)
 		}
-		return "", nil, fmt.Errorf("error creating named pipe: %w", err)
+		return "", nil, fmt.Errorf("creating named pipe: %w", err)
 	}
 	go func() {
 		fpipe, err := os.Open(pipePath)
diff --git a/cmd/podman/inspect/inspect.go b/cmd/podman/inspect/inspect.go
index edddf026e..22b2c9055 100644
--- a/cmd/podman/inspect/inspect.go
+++ b/cmd/podman/inspect/inspect.go
@@ -8,16 +8,13 @@ import (
 	"os"
 	"regexp"
 	"strings"
-	"text/template"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/report"
 	"github.com/containers/podman/v4/cmd/podman/common"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/validate"
-	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/domain/entities"
-	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -55,18 +52,10 @@ type inspector struct {
 	containerEngine entities.ContainerEngine
 	imageEngine     entities.ImageEngine
 	options         entities.InspectOptions
-	podOptions      entities.PodInspectOptions
 }
 
 // newInspector creates a new inspector based on the specified options.
 func newInspector(options entities.InspectOptions) (*inspector, error) {
-	switch options.Type {
-	case common.ImageType, common.ContainerType, common.AllType, common.PodType, common.NetworkType, common.VolumeType:
-		// Valid types.
-	default:
-		return nil, fmt.Errorf("invalid type %q: must be %q, %q, %q, %q, %q, or %q", options.Type,
-			common.ImageType, common.ContainerType, common.PodType, common.NetworkType, common.VolumeType, common.AllType)
-	}
 	if options.Type == common.ImageType {
 		if options.Latest {
 			return nil, fmt.Errorf("latest is not supported for type %q", common.ImageType)
@@ -78,15 +67,10 @@ func newInspector(options entities.InspectOptions) (*inspector, error) {
 	if options.Type == common.PodType && options.Size {
 		return nil, fmt.Errorf("size is not supported for type %q", common.PodType)
 	}
-	podOpts := entities.PodInspectOptions{
-		Latest: options.Latest,
-		Format: options.Format,
-	}
 	return &inspector{
 		containerEngine: registry.ContainerEngine(),
 		imageEngine:     registry.ImageEngine(),
 		options:         options,
-		podOptions:      podOpts,
 	}, nil
 }
 
@@ -140,34 +124,16 @@ func (i *inspector) inspect(namesOrIDs []string) error {
 		for i := range ctrData {
 			data = append(data, ctrData[i])
 		}
-	case common.PodType:
-		for _, pod := range namesOrIDs {
-			i.podOptions.NameOrID = pod
-			podData, err := i.containerEngine.PodInspect(ctx, i.podOptions)
-			if err != nil {
-				if !strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) {
-					errs = []error{err}
-				} else {
-					return err
-				}
-			} else {
-				errs = nil
-				data = append(data, podData)
-			}
+	case common.PodType, common.PodLegacyType:
+		podData, allErrs, err := i.containerEngine.PodInspect(ctx, namesOrIDs, i.options)
+		if err != nil {
+			return err
 		}
-		if i.podOptions.Latest { // latest means there are no names in the namesOrID array
-			podData, err := i.containerEngine.PodInspect(ctx, i.podOptions)
-			if err != nil {
-				if !strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) {
-					errs = []error{err}
-				} else {
-					return err
-				}
-			} else {
-				errs = nil
-				data = append(data, podData)
-			}
+		errs = allErrs
+		for i := range podData {
+			data = append(data, podData[i])
 		}
+
 	case common.NetworkType:
 		networkData, allErrs, err := registry.ContainerEngine().NetworkInspect(ctx, namesOrIDs, i.options)
 		if err != nil {
@@ -198,16 +164,28 @@ func (i *inspector) inspect(namesOrIDs []string) error {
 	var err error
 	switch {
 	case report.IsJSON(i.options.Format) || i.options.Format == "":
-		err = printJSON(data)
+		if i.options.Type == common.PodLegacyType && len(data) == 1 {
+			// We need backwards compat with the old podman pod inspect behavior.
+			// https://github.com/containers/podman/pull/15675
+			// TODO (5.0): consider removing this to better match other commands.
+			err = printJSON(data[0])
+		} else {
+			err = printJSON(data)
+		}
 	default:
 		// Landing here implies user has given a custom --format
-		row := inspectNormalize(i.options.Format)
-		row = report.NormalizeFormat(row)
-		row = report.EnforceRange(row)
-		err = printTmpl(tmpType, row, data)
+		var rpt *report.Formatter
+		format := inspectNormalize(i.options.Format, i.options.Type)
+		rpt, err = report.New(os.Stdout, "inspect").Parse(report.OriginUser, format)
+		if err != nil {
+			return err
+		}
+		defer rpt.Flush()
+
+		err = rpt.Execute(data)
 	}
 	if err != nil {
-		logrus.Errorf("Printing inspect output: %v", err)
+		errs = append(errs, fmt.Errorf("printing inspect output: %w", err))
 	}
 
 	if len(errs) > 0 {
@@ -221,7 +199,7 @@ func (i *inspector) inspect(namesOrIDs []string) error {
 	return nil
 }
 
-func printJSON(data []interface{}) error {
+func printJSON(data interface{}) error {
 	enc := json.NewEncoder(os.Stdout)
 	// by default, json marshallers will force utf=8 from
 	// a string. this breaks healthchecks that use <,>, &&.
@@ -230,22 +208,6 @@ func printJSON(data []interface{}) error {
 	return enc.Encode(data)
 }
 
-func printTmpl(typ, row string, data []interface{}) error {
-	// We cannot use c/common/reports here, too many levels of interface{}
-	t, err := template.New(typ + " inspect").Funcs(template.FuncMap(report.DefaultFuncs)).Parse(row)
-	if err != nil {
-		return err
-	}
-
-	w, err := report.NewWriterDefault(os.Stdout)
-	if err != nil {
-		return err
-	}
-	err = t.Execute(w, data)
-	w.Flush()
-	return err
-}
-
 func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]interface{}, []error, error) {
 	var data []interface{}
 	allErrs := []error{}
@@ -282,14 +244,13 @@ func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]inte
 			data = append(data, networkData[0])
 			continue
 		}
-		i.podOptions.NameOrID = name
-		podData, err := i.containerEngine.PodInspect(ctx, i.podOptions)
+
+		podData, errs, err := i.containerEngine.PodInspect(ctx, []string{name}, i.options)
 		if err != nil {
-			if !strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) {
-				return nil, nil, err
-			}
-		} else {
-			data = append(data, podData)
+			return nil, nil, err
+		}
+		if len(errs) == 0 {
+			data = append(data, podData[0])
 			continue
 		}
 		if len(errs) > 0 {
@@ -300,7 +261,7 @@ func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]inte
 	return data, allErrs, nil
 }
 
-func inspectNormalize(row string) string {
+func inspectNormalize(row string, inspectType string) string {
 	m := regexp.MustCompile(`{{\s*\.Id\s*}}`)
 	row = m.ReplaceAllString(row, "{{.ID}}")
 
@@ -309,5 +270,18 @@ func inspectNormalize(row string) string {
 		".Dst", ".Destination",
 		".ImageID", ".Image",
 	)
+
+	// If inspect type is `image` we need to replace
+	// certain additional fields like `.Config.HealthCheck`
+	// but don't want to replace them for other inspect types.
+	if inspectType == common.ImageType {
+		r = strings.NewReplacer(
+			".Src", ".Source",
+			".Dst", ".Destination",
+			".ImageID", ".Image",
+			".Config.Healthcheck", ".HealthCheck",
+		)
+	}
+
 	return r.Replace(row)
 }
diff --git a/cmd/podman/kube/down.go b/cmd/podman/kube/down.go
new file mode 100644
index 000000000..792c80499
--- /dev/null
+++ b/cmd/podman/kube/down.go
@@ -0,0 +1,40 @@
+package kube
+
+import (
+	"github.com/containers/podman/v4/cmd/podman/common"
+	"github.com/containers/podman/v4/cmd/podman/registry"
+	"github.com/spf13/cobra"
+)
+
+var (
+	downDescription = `Reads in a structured file of Kubernetes YAML.
+
+  Removes pods that have been based on the Kubernetes kind described in the YAML.`
+
+	downCmd = &cobra.Command{
+		Use:               "down KUBEFILE|-",
+		Short:             "Remove pods based on Kubernetes YAML.",
+		Long:              downDescription,
+		RunE:              down,
+		Args:              cobra.ExactArgs(1),
+		ValidArgsFunction: common.AutocompleteDefaultOneArg,
+		Example: `podman kube down nginx.yml
+   cat nginx.yml | podman kube down -
+   podman kube down https://example.com/nginx.yml`,
+	}
+)
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Command: downCmd,
+		Parent:  kubeCmd,
+	})
+}
+
+func down(cmd *cobra.Command, args []string) error {
+	reader, err := readerFromArg(args[0])
+	if err != nil {
+		return err
+	}
+	return teardown(reader)
+}
diff --git a/cmd/podman/kube/generate.go b/cmd/podman/kube/generate.go
new file mode 100644
index 000000000..ee2ea51ae
--- /dev/null
+++ b/cmd/podman/kube/generate.go
@@ -0,0 +1,100 @@
+package kube
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+
+	"github.com/containers/common/pkg/completion"
+	"github.com/containers/podman/v4/cmd/podman/common"
+	"github.com/containers/podman/v4/cmd/podman/generate"
+	"github.com/containers/podman/v4/cmd/podman/registry"
+	"github.com/containers/podman/v4/cmd/podman/utils"
+	"github.com/containers/podman/v4/pkg/domain/entities"
+	"github.com/spf13/cobra"
+)
+
+var (
+	generateOptions     = entities.GenerateKubeOptions{}
+	generateFile        = ""
+	generateDescription = `Command generates Kubernetes Pod, Service or PersistenVolumeClaim YAML (v1 specification) from Podman containers, pods or volumes.
+
+  Whether the input is for a container or pod, Podman will always generate the specification as a pod.`
+
+	kubeGenerateCmd = &cobra.Command{
+		Use:               "generate [options] {CONTAINER...|POD...|VOLUME...}",
+		Short:             "Generate Kubernetes YAML from containers, pods or volumes.",
+		Long:              generateDescription,
+		RunE:              generateKube,
+		Args:              cobra.MinimumNArgs(1),
+		ValidArgsFunction: common.AutocompleteForGenerate,
+		Example: `podman kube generate ctrID
+  podman kube generate podID
+  podman kube generate --service podID
+  podman kube generate volumeName
+  podman kube generate ctrID podID volumeName --service`,
+	}
+
+	generateKubeCmd = &cobra.Command{
+		Use:               "kube [options] {CONTAINER...|POD...|VOLUME...}",
+		Short:             kubeGenerateCmd.Short,
+		Long:              kubeGenerateCmd.Long,
+		RunE:              kubeGenerateCmd.RunE,
+		Args:              kubeGenerateCmd.Args,
+		ValidArgsFunction: kubeGenerateCmd.ValidArgsFunction,
+		Example:           kubeGenerateCmd.Example,
+	}
+)
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Command: generateKubeCmd,
+		Parent:  generate.GenerateCmd,
+	})
+	generateFlags(generateKubeCmd)
+
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Command: kubeGenerateCmd,
+		Parent:  kubeCmd,
+	})
+	generateFlags(kubeGenerateCmd)
+}
+
+func generateFlags(cmd *cobra.Command) {
+	flags := cmd.Flags()
+	flags.BoolVarP(&generateOptions.Service, "service", "s", false, "Generate YAML for a Kubernetes service object")
+
+	filenameFlagName := "filename"
+	flags.StringVarP(&generateFile, filenameFlagName, "f", "", "Write output to the specified path")
+	_ = cmd.RegisterFlagCompletionFunc(filenameFlagName, completion.AutocompleteDefault)
+
+	flags.SetNormalizeFunc(utils.AliasFlags)
+}
+
+func generateKube(cmd *cobra.Command, args []string) error {
+	report, err := registry.ContainerEngine().GenerateKube(registry.GetContext(), args, generateOptions)
+	if err != nil {
+		return err
+	}
+	content, err := ioutil.ReadAll(report.Reader)
+	if err != nil {
+		return err
+	}
+	if r, ok := report.Reader.(io.ReadCloser); ok {
+		defer r.Close()
+	}
+
+	if cmd.Flags().Changed("filename") {
+		if _, err := os.Stat(generateFile); err == nil {
+			return fmt.Errorf("cannot write to %q; file exists", generateFile)
+		}
+		if err := ioutil.WriteFile(generateFile, content, 0644); err != nil {
+			return fmt.Errorf("cannot write to %q: %w", generateFile, err)
+		}
+		return nil
+	}
+
+	fmt.Println(string(content))
+	return nil
+}
diff --git a/cmd/podman/kube/kube.go b/cmd/podman/kube/kube.go
index 68f55a157..2dab68c19 100644
--- a/cmd/podman/kube/kube.go
+++ b/cmd/podman/kube/kube.go
@@ -1,4 +1,4 @@
-package pods
+package kube
 
 import (
 	"github.com/containers/podman/v4/cmd/podman/registry"
@@ -14,7 +14,7 @@ var (
 		Long:  "Play structured data (e.g., Kubernetes YAML) based on containers, pods or volumes.",
 		RunE:  validate.SubCommandExists,
 	}
-
+	// Command: podman _play_
 	playKubeParentCmd = &cobra.Command{
 		Use:    "play",
 		Short:  "Play containers, pods or volumes from a structured file",
diff --git a/cmd/podman/kube/play.go b/cmd/podman/kube/play.go
index 685cb521c..c846ec32c 100644
--- a/cmd/podman/kube/play.go
+++ b/cmd/podman/kube/play.go
@@ -1,9 +1,13 @@
-package pods
+package kube
 
 import (
+	"bytes"
 	"errors"
 	"fmt"
+	"io"
+	"io/ioutil"
 	"net"
+	"net/http"
 	"os"
 	"strings"
 
@@ -11,6 +15,7 @@ import (
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/cmd/podman/common"
+	"github.com/containers/podman/v4/cmd/podman/parse"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/utils"
 	"github.com/containers/podman/v4/libpod/define"
@@ -37,20 +42,21 @@ var (
 	// https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
 	defaultSeccompRoot = "/var/lib/kubelet/seccomp"
 	playOptions        = playKubeOptionsWrapper{}
-	playDescription    = `Command reads in a structured file of Kubernetes YAML.
+	playDescription    = `Reads in a structured file of Kubernetes YAML.
 
-  It creates pods or volumes based on the Kubernetes kind described in the YAML. Supported kinds are Pods, Deployments and PersistentVolumeClaims.`
+  Creates pods or volumes based on the Kubernetes kind described in the YAML. Supported kinds are Pods, Deployments and PersistentVolumeClaims.`
 
 	playCmd = &cobra.Command{
 		Use:               "play [options] KUBEFILE|-",
 		Short:             "Play a pod or volume based on Kubernetes YAML.",
 		Long:              playDescription,
-		RunE:              Play,
+		RunE:              play,
 		Args:              cobra.ExactArgs(1),
 		ValidArgsFunction: common.AutocompleteDefaultOneArg,
 		Example: `podman kube play nginx.yml
   cat nginx.yml | podman kube play -
-  podman kube play --creds user:password --seccomp-profile-root /custom/path apache.yml`,
+  podman kube play --creds user:password --seccomp-profile-root /custom/path apache.yml
+  podman kube play https://example.com/nginx.yml`,
 	}
 )
 
@@ -65,7 +71,8 @@ var (
 		ValidArgsFunction: common.AutocompleteDefaultOneArg,
 		Example: `podman play kube nginx.yml
   cat nginx.yml | podman play kube -
-  podman play kube --creds user:password --seccomp-profile-root /custom/path apache.yml`,
+  podman play kube --creds user:password --seccomp-profile-root /custom/path apache.yml
+  podman play kube https://example.com/nginx.yml`,
 	}
 )
 
@@ -139,6 +146,7 @@ func playFlags(cmd *cobra.Command) {
 
 	downFlagName := "down"
 	flags.BoolVar(&playOptions.Down, downFlagName, false, "Stop pods defined in the YAML file")
+	_ = flags.MarkHidden("down")
 
 	replaceFlagName := "replace"
 	flags.BoolVar(&playOptions.Replace, replaceFlagName, false, "Delete and recreate pods defined in the YAML file")
@@ -164,7 +172,7 @@ func playFlags(cmd *cobra.Command) {
 		_ = cmd.RegisterFlagCompletionFunc(contextDirFlagName, completion.AutocompleteDefault)
 
 		// NOTE: The service-container flag is marked as hidden as it
-		// is purely designed for running kube-play in systemd units.
+		// is purely designed for running kube-play or play-kube in systemd units.
 		// It is not something users should need to know or care about.
 		//
 		// Having a flag rather than an env variable is cleaner.
@@ -178,7 +186,10 @@ func playFlags(cmd *cobra.Command) {
 	}
 }
 
-func Play(cmd *cobra.Command, args []string) error {
+func play(cmd *cobra.Command, args []string) error {
+	if playOptions.ServiceContainer && !playOptions.StartCLI { // Sanity check to be future proof
+		return fmt.Errorf("--service-container does not work with --start=stop")
+	}
 	// TLS verification in c/image is controlled via a `types.OptionalBool`
 	// which allows for distinguishing among set-true, set-false, unspecified
 	// which is important to implement a sane way of dealing with defaults of
@@ -223,10 +234,6 @@ func Play(cmd *cobra.Command, args []string) error {
 		}
 		playOptions.Annotations[splitN[0]] = annotation
 	}
-	yamlfile := args[0]
-	if yamlfile == "-" {
-		yamlfile = "/dev/stdin"
-	}
 
 	for _, mac := range playOptions.macs {
 		m, err := net.ParseMAC(mac)
@@ -235,36 +242,77 @@ func Play(cmd *cobra.Command, args []string) error {
 		}
 		playOptions.StaticMACs = append(playOptions.StaticMACs, m)
 	}
+
+	reader, err := readerFromArg(args[0])
+	if err != nil {
+		return err
+	}
+
 	if playOptions.Down {
-		return teardown(yamlfile)
+		return teardown(reader)
 	}
+
 	if playOptions.Replace {
-		if err := teardown(yamlfile); err != nil && !errorhandling.Contains(err, define.ErrNoSuchPod) {
+		if err := teardown(reader); err != nil && !errorhandling.Contains(err, define.ErrNoSuchPod) {
+			return err
+		}
+		if _, err := reader.Seek(0, 0); err != nil {
 			return err
 		}
 	}
-	return kubeplay(yamlfile)
+
+	return kubeplay(reader)
 }
 
 func playKube(cmd *cobra.Command, args []string) error {
-	return Play(cmd, args)
+	return play(cmd, args)
 }
 
-func teardown(yamlfile string) error {
+func readerFromArg(fileName string) (*bytes.Reader, error) {
+	errURL := parse.ValidURL(fileName)
+	if fileName == "-" { // Read from stdin
+		data, err := io.ReadAll(os.Stdin)
+		if err != nil {
+			return nil, err
+		}
+		return bytes.NewReader(data), nil
+	}
+	if errURL == nil {
+		response, err := http.Get(fileName)
+		if err != nil {
+			return nil, err
+		}
+		defer response.Body.Close()
+
+		data, err := ioutil.ReadAll(response.Body)
+		if err != nil {
+			return nil, err
+		}
+		return bytes.NewReader(data), nil
+	}
+	f, err := os.Open(fileName)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	data, err := io.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+	return bytes.NewReader(data), nil
+}
+
+func teardown(body io.Reader) error {
 	var (
 		podStopErrors utils.OutputErrors
 		podRmErrors   utils.OutputErrors
 	)
 	options := new(entities.PlayKubeDownOptions)
-	f, err := os.Open(yamlfile)
+	reports, err := registry.ContainerEngine().PlayKubeDown(registry.GetContext(), body, *options)
 	if err != nil {
 		return err
 	}
-	defer f.Close()
-	reports, err := registry.ContainerEngine().PlayKubeDown(registry.GetContext(), f, *options)
-	if err != nil {
-		return fmt.Errorf("%v: %w", yamlfile, err)
-	}
 
 	// Output stopped pods
 	fmt.Println("Pods stopped:")
@@ -290,19 +338,15 @@ func teardown(yamlfile string) error {
 			podRmErrors = append(podRmErrors, removed.Err)
 		}
 	}
+
 	return podRmErrors.PrintErrors()
 }
 
-func kubeplay(yamlfile string) error {
-	f, err := os.Open(yamlfile)
+func kubeplay(body io.Reader) error {
+	report, err := registry.ContainerEngine().PlayKube(registry.GetContext(), body, playOptions.PlayKubeOptions)
 	if err != nil {
 		return err
 	}
-	defer f.Close()
-	report, err := registry.ContainerEngine().PlayKube(registry.GetContext(), f, playOptions.PlayKubeOptions)
-	if err != nil {
-		return fmt.Errorf("%s: %w", yamlfile, err)
-	}
 	// Print volumes report
 	for i, volume := range report.Volumes {
 		if i == 0 {
diff --git a/cmd/podman/machine/info.go b/cmd/podman/machine/info.go
index 418060675..9c7454379 100644
--- a/cmd/podman/machine/info.go
+++ b/cmd/podman/machine/info.go
@@ -5,7 +5,6 @@ package machine
 
 import (
 	"fmt"
-	"html/template"
 	"os"
 	"runtime"
 
@@ -57,7 +56,7 @@ func info(cmd *cobra.Command, args []string) error {
 	info := entities.MachineInfo{}
 	version, err := define.GetVersion()
 	if err != nil {
-		return fmt.Errorf("error getting version info %w", err)
+		return fmt.Errorf("getting version info %w", err)
 	}
 	info.Version = version
 
@@ -75,13 +74,16 @@ func info(cmd *cobra.Command, args []string) error {
 		}
 		fmt.Println(string(b))
 	case cmd.Flags().Changed("format"):
-		tmpl := template.New(cmd.Name()).Funcs(template.FuncMap(report.DefaultFuncs))
-		inFormat = report.NormalizeFormat(inFormat)
-		tmpl, err := tmpl.Parse(inFormat)
+		rpt := report.New(os.Stdout, cmd.Name())
+		defer rpt.Flush()
+
+		// Use OriginUnknown so it does not add an extra range since it
+		// will only be called for a single element and not a slice.
+		rpt, err = rpt.Parse(report.OriginUnknown, inFormat)
 		if err != nil {
 			return err
 		}
-		return tmpl.Execute(os.Stdout, info)
+		return rpt.Execute(info)
 	default:
 		b, err := yaml.Marshal(info)
 		if err != nil {
diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go
index def3334e8..0848147a8 100644
--- a/cmd/podman/machine/init.go
+++ b/cmd/podman/machine/init.go
@@ -42,7 +42,6 @@ func init() {
 	})
 	flags := initCmd.Flags()
 	cfg := registry.PodmanConfig()
-	initOpts.Username = cfg.Config.Machine.User
 
 	cpusFlagName := "cpus"
 	flags.Uint64Var(
@@ -89,6 +88,10 @@ func init() {
 	)
 	_ = flags.MarkHidden("reexec")
 
+	UsernameFlagName := "username"
+	flags.StringVar(&initOpts.Username, UsernameFlagName, cfg.Machine.User, "Username used in qcow image")
+	_ = initCmd.RegisterFlagCompletionFunc(UsernameFlagName, completion.AutocompleteDefault)
+
 	ImagePathFlagName := "image-path"
 	flags.StringVar(&initOpts.ImagePath, ImagePathFlagName, cfg.Machine.Image, "Path to qcow image")
 	_ = initCmd.RegisterFlagCompletionFunc(ImagePathFlagName, completion.AutocompleteDefault)
diff --git a/cmd/podman/machine/inspect.go b/cmd/podman/machine/inspect.go
index d69c382f2..410bb3889 100644
--- a/cmd/podman/machine/inspect.go
+++ b/cmd/podman/machine/inspect.go
@@ -11,7 +11,6 @@ import (
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/utils"
 	"github.com/containers/podman/v4/pkg/machine"
-	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -66,28 +65,23 @@ func inspect(cmd *cobra.Command, args []string) error {
 		}
 		vms = append(vms, *ii)
 	}
+
 	switch {
 	case cmd.Flag("format").Changed:
-		row := report.NormalizeFormat(inspectFlag.format)
-		row = report.EnforceRange(row)
+		rpt := report.New(os.Stdout, cmd.Name())
+		defer rpt.Flush()
 
-		tmpl, err := report.NewTemplate("Machine inspect").Parse(row)
+		rpt, err := rpt.Parse(report.OriginUser, inspectFlag.format)
 		if err != nil {
 			return err
 		}
 
-		w, err := report.NewWriterDefault(os.Stdout)
-		if err != nil {
-			return err
-		}
-
-		if err := tmpl.Execute(w, vms); err != nil {
-			logrus.Error(err)
+		if err := rpt.Execute(vms); err != nil {
+			errs = append(errs, err)
 		}
-		w.Flush()
 	default:
 		if err := printJSON(vms); err != nil {
-			logrus.Error(err)
+			errs = append(errs, err)
 		}
 	}
 	return errs.PrintErrors()
diff --git a/cmd/podman/machine/list.go b/cmd/podman/machine/list.go
index dd4a86697..ddc9ce246 100644
--- a/cmd/podman/machine/list.go
+++ b/cmd/podman/machine/list.go
@@ -53,7 +53,7 @@ func init() {
 
 	flags := lsCmd.Flags()
 	formatFlagName := "format"
-	flags.StringVar(&listFlag.format, formatFlagName, "{{.Name}}\t{{.VMType}}\t{{.Created}}\t{{.LastUp}}\t{{.CPUs}}\t{{.Memory}}\t{{.DiskSize}}\n", "Format volume output using JSON or a Go template")
+	flags.StringVar(&listFlag.format, formatFlagName, "{{range .}}{{.Name}}\t{{.VMType}}\t{{.Created}}\t{{.LastUp}}\t{{.CPUs}}\t{{.Memory}}\t{{.DiskSize}}\n{{end -}}", "Format volume output using JSON or a Go template")
 	_ = lsCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.ListReporter{}))
 	flags.BoolVar(&listFlag.noHeading, "noheading", false, "Do not print headers")
 	flags.BoolVarP(&listFlag.quiet, "quiet", "q", false, "Show only machine names")
@@ -66,10 +66,6 @@ func list(cmd *cobra.Command, args []string) error {
 		err          error
 	)
 
-	if listFlag.quiet {
-		listFlag.format = "{{.Name}}\n"
-	}
-
 	provider := GetSystemDefaultProvider()
 	listResponse, err = provider.List(opts)
 	if err != nil {
@@ -115,37 +111,29 @@ func outputTemplate(cmd *cobra.Command, responses []*entities.ListReporter) erro
 		"Memory":   "MEMORY",
 		"DiskSize": "DISK SIZE",
 	})
-	printHeader := !listFlag.noHeading
-	if listFlag.quiet {
-		printHeader = false
-	}
-	var row string
+
+	rpt := report.New(os.Stdout, cmd.Name())
+	defer rpt.Flush()
+
+	var err error
 	switch {
-	case cmd.Flags().Changed("format"):
-		row = cmd.Flag("format").Value.String()
-		printHeader = report.HasTable(row)
-		row = report.NormalizeFormat(row)
+	case cmd.Flag("format").Changed:
+		rpt, err = rpt.Parse(report.OriginUser, listFlag.format)
+	case listFlag.quiet:
+		rpt, err = rpt.Parse(report.OriginUser, "{{.Name}}\n")
 	default:
-		row = cmd.Flag("format").Value.String()
+		rpt, err = rpt.Parse(report.OriginPodman, listFlag.format)
 	}
-	format := report.EnforceRange(row)
-
-	tmpl, err := report.NewTemplate("list").Parse(format)
 	if err != nil {
 		return err
 	}
 
-	w, err := report.NewWriterDefault(os.Stdout)
-	if err != nil {
-		return err
-	}
-	defer w.Flush()
-	if printHeader {
-		if err := tmpl.Execute(w, headers); err != nil {
+	if rpt.RenderHeaders && !listFlag.noHeading {
+		if err := rpt.Execute(headers); err != nil {
 			return fmt.Errorf("failed to write report column headers: %w", err)
 		}
 	}
-	return tmpl.Execute(w, responses)
+	return rpt.Execute(responses)
 }
 
 func strTime(t time.Time) string {
diff --git a/cmd/podman/machine/platform.go b/cmd/podman/machine/platform.go
index 5ba649a48..3a7e56ac7 100644
--- a/cmd/podman/machine/platform.go
+++ b/cmd/podman/machine/platform.go
@@ -9,5 +9,5 @@ import (
 )
 
 func GetSystemDefaultProvider() machine.Provider {
-	return qemu.GetQemuProvider()
+	return qemu.GetVirtualizationProvider()
 }
diff --git a/cmd/podman/manifest/add.go b/cmd/podman/manifest/add.go
index 35583ffcb..09a1a9a36 100644
--- a/cmd/podman/manifest/add.go
+++ b/cmd/podman/manifest/add.go
@@ -2,6 +2,7 @@ package manifest
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/containers/common/pkg/auth"
@@ -20,6 +21,7 @@ type manifestAddOptsWrapper struct {
 	entities.ManifestAddOptions
 
 	TLSVerifyCLI   bool // CLI only
+	Insecure       bool // CLI only
 	CredentialsCLI string
 }
 
@@ -77,6 +79,8 @@ func init() {
 	flags.StringVar(&manifestAddOpts.OSVersion, osVersionFlagName, "", "override the OS `version` of the specified image")
 	_ = addCmd.RegisterFlagCompletionFunc(osVersionFlagName, completion.AutocompleteNone)
 
+	flags.BoolVar(&manifestAddOpts.Insecure, "insecure", false, "neither require HTTPS nor verify certificates when accessing the registry")
+	_ = flags.MarkHidden("insecure")
 	flags.BoolVar(&manifestAddOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
 
 	variantFlagName := "variant"
@@ -89,7 +93,7 @@ func init() {
 }
 
 func add(cmd *cobra.Command, args []string) error {
-	if err := auth.CheckAuthFile(manifestPushOpts.Authfile); err != nil {
+	if err := auth.CheckAuthFile(manifestAddOpts.Authfile); err != nil {
 		return err
 	}
 
@@ -109,6 +113,12 @@ func add(cmd *cobra.Command, args []string) error {
 	if cmd.Flags().Changed("tls-verify") {
 		manifestAddOpts.SkipTLSVerify = types.NewOptionalBool(!manifestAddOpts.TLSVerifyCLI)
 	}
+	if cmd.Flags().Changed("insecure") {
+		if manifestAddOpts.SkipTLSVerify != types.OptionalBoolUndefined {
+			return errors.New("--insecure may not be used with --tls-verify")
+		}
+		manifestAddOpts.SkipTLSVerify = types.NewOptionalBool(manifestAddOpts.Insecure)
+	}
 
 	listID, err := registry.ImageEngine().ManifestAdd(context.Background(), args[0], args[1:], manifestAddOpts.ManifestAddOptions)
 	if err != nil {
diff --git a/cmd/podman/manifest/create.go b/cmd/podman/manifest/create.go
index 435b4a57c..2ea40d832 100644
--- a/cmd/podman/manifest/create.go
+++ b/cmd/podman/manifest/create.go
@@ -1,16 +1,26 @@
 package manifest
 
 import (
+	"errors"
 	"fmt"
 
+	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/cmd/podman/common"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/spf13/cobra"
 )
 
+// manifestCreateOptsWrapper wraps entities.ManifestCreateOptions and prevents leaking
+// CLI-only fields into the API types.
+type manifestCreateOptsWrapper struct {
+	entities.ManifestCreateOptions
+
+	TLSVerifyCLI, Insecure bool // CLI only
+}
+
 var (
-	manifestCreateOpts = entities.ManifestCreateOptions{}
+	manifestCreateOpts = manifestCreateOptsWrapper{}
 	createCmd          = &cobra.Command{
 		Use:               "create [options] LIST [IMAGE...]",
 		Short:             "Create manifest list or image index",
@@ -32,10 +42,28 @@ func init() {
 	})
 	flags := createCmd.Flags()
 	flags.BoolVar(&manifestCreateOpts.All, "all", false, "add all of the lists' images if the images to add are lists")
+	flags.BoolVarP(&manifestCreateOpts.Amend, "amend", "a", false, "modify an existing list if one with the desired name already exists")
+	flags.BoolVar(&manifestCreateOpts.Insecure, "insecure", false, "neither require HTTPS nor verify certificates when accessing the registry")
+	_ = flags.MarkHidden("insecure")
+	flags.BoolVar(&manifestCreateOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
 }
 
 func create(cmd *cobra.Command, args []string) error {
-	imageID, err := registry.ImageEngine().ManifestCreate(registry.Context(), args[0], args[1:], manifestCreateOpts)
+	// TLS verification in c/image is controlled via a `types.OptionalBool`
+	// which allows for distinguishing among set-true, set-false, unspecified
+	// which is important to implement a sane way of dealing with defaults of
+	// boolean CLI flags.
+	if cmd.Flags().Changed("tls-verify") {
+		manifestCreateOpts.SkipTLSVerify = types.NewOptionalBool(!manifestCreateOpts.TLSVerifyCLI)
+	}
+	if cmd.Flags().Changed("insecure") {
+		if manifestCreateOpts.SkipTLSVerify != types.OptionalBoolUndefined {
+			return errors.New("--insecure may not be used with --tls-verify")
+		}
+		manifestCreateOpts.SkipTLSVerify = types.NewOptionalBool(manifestCreateOpts.Insecure)
+	}
+
+	imageID, err := registry.ImageEngine().ManifestCreate(registry.Context(), args[0], args[1:], manifestCreateOpts.ManifestCreateOptions)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go
index 9023d5d27..c8893ff2e 100644
--- a/cmd/podman/manifest/push.go
+++ b/cmd/podman/manifest/push.go
@@ -1,8 +1,10 @@
 package manifest
 
 import (
+	"errors"
 	"fmt"
 	"io/ioutil"
+	"os"
 
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
@@ -20,8 +22,9 @@ import (
 type manifestPushOptsWrapper struct {
 	entities.ImagePushOptions
 
-	TLSVerifyCLI   bool // CLI only
-	CredentialsCLI string
+	TLSVerifyCLI, Insecure bool // CLI only
+	CredentialsCLI         string
+	SignPassphraseFileCLI  string
 }
 
 var (
@@ -72,7 +75,17 @@ func init() {
 	flags.StringVar(&manifestPushOpts.SignBy, signByFlagName, "", "sign the image using a GPG key with the specified `FINGERPRINT`")
 	_ = pushCmd.RegisterFlagCompletionFunc(signByFlagName, completion.AutocompleteNone)
 
+	signBySigstorePrivateKeyFlagName := "sign-by-sigstore-private-key"
+	flags.StringVar(&manifestPushOpts.SignBySigstorePrivateKeyFile, signBySigstorePrivateKeyFlagName, "", "Sign the image using a sigstore private key at `PATH`")
+	_ = pushCmd.RegisterFlagCompletionFunc(signBySigstorePrivateKeyFlagName, completion.AutocompleteDefault)
+
+	signPassphraseFileFlagName := "sign-passphrase-file"
+	flags.StringVar(&manifestPushOpts.SignPassphraseFileCLI, signPassphraseFileFlagName, "", "Read a passphrase for signing an image from `PATH`")
+	_ = pushCmd.RegisterFlagCompletionFunc(signPassphraseFileFlagName, completion.AutocompleteDefault)
+
 	flags.BoolVar(&manifestPushOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
+	flags.BoolVar(&manifestPushOpts.Insecure, "insecure", false, "neither require HTTPS nor verify certificates when accessing the registry")
+	_ = flags.MarkHidden("insecure")
 	flags.BoolVarP(&manifestPushOpts.Quiet, "quiet", "q", false, "don't output progress information when pushing lists")
 	flags.SetNormalizeFunc(utils.AliasFlags)
 
@@ -82,6 +95,9 @@ func init() {
 
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("cert-dir")
+		_ = flags.MarkHidden(signByFlagName)
+		_ = flags.MarkHidden(signBySigstorePrivateKeyFlagName)
+		_ = flags.MarkHidden(signPassphraseFileFlagName)
 	}
 }
 
@@ -107,6 +123,14 @@ func push(cmd *cobra.Command, args []string) error {
 		manifestPushOpts.Password = creds.Password
 	}
 
+	if !manifestPushOpts.Quiet {
+		manifestPushOpts.Writer = os.Stderr
+	}
+
+	if err := common.PrepareSigningPassphrase(&manifestPushOpts.ImagePushOptions, manifestPushOpts.SignPassphraseFileCLI); err != nil {
+		return err
+	}
+
 	// TLS verification in c/image is controlled via a `types.OptionalBool`
 	// which allows for distinguishing among set-true, set-false, unspecified
 	// which is important to implement a sane way of dealing with defaults of
@@ -114,6 +138,12 @@ func push(cmd *cobra.Command, args []string) error {
 	if cmd.Flags().Changed("tls-verify") {
 		manifestPushOpts.SkipTLSVerify = types.NewOptionalBool(!manifestPushOpts.TLSVerifyCLI)
 	}
+	if cmd.Flags().Changed("insecure") {
+		if manifestPushOpts.SkipTLSVerify != types.OptionalBoolUndefined {
+			return errors.New("--insecure may not be used with --tls-verify")
+		}
+		manifestPushOpts.SkipTLSVerify = types.NewOptionalBool(manifestPushOpts.Insecure)
+	}
 	digest, err := registry.ImageEngine().ManifestPush(registry.Context(), args[0], args[1], manifestPushOpts.ImagePushOptions)
 	if err != nil {
 		return err
diff --git a/cmd/podman/networks/list.go b/cmd/podman/networks/list.go
index 5d4be2a81..951583cfb 100644
--- a/cmd/podman/networks/list.go
+++ b/cmd/podman/networks/list.go
@@ -122,36 +122,27 @@ func templateOut(cmd *cobra.Command, responses []types.Network) error {
 		"ID":     "network id",
 	})
 
-	renderHeaders := report.HasTable(networkListOptions.Format)
-	var row string
+	rpt := report.New(os.Stdout, cmd.Name())
+	defer rpt.Flush()
+
+	var err error
 	switch {
-	case cmd.Flags().Changed("format"):
-		row = report.NormalizeFormat(networkListOptions.Format)
+	case cmd.Flag("format").Changed:
+		rpt, err = rpt.Parse(report.OriginUser, networkListOptions.Format)
 	default:
-		// 'podman network ls' equivalent to 'podman network ls --format="table {{.ID}} {{.Name}} {{.Version}} {{.Plugins}}" '
-		row = "{{.ID}}\t{{.Name}}\t{{.Driver}}\n"
-		renderHeaders = true
+		rpt, err = rpt.Parse(report.OriginPodman, "{{range .}}{{.ID}}\t{{.Name}}\t{{.Driver}}\n{{end -}}")
 	}
-	format := report.EnforceRange(row)
-
-	tmpl, err := report.NewTemplate("list").Parse(format)
-	if err != nil {
-		return err
-	}
-
-	w, err := report.NewWriterDefault(os.Stdout)
 	if err != nil {
 		return err
 	}
-	defer w.Flush()
 
 	noHeading, _ := cmd.Flags().GetBool("noheading")
-	if !noHeading && renderHeaders {
-		if err := tmpl.Execute(w, headers); err != nil {
-			return err
+	if rpt.RenderHeaders && !noHeading {
+		if err := rpt.Execute(headers); err != nil {
+			return fmt.Errorf("failed to write report column headers: %w", err)
 		}
 	}
-	return tmpl.Execute(w, nlprs)
+	return rpt.Execute(nlprs)
 }
 
 // ListPrintReports returns the network list report
diff --git a/cmd/podman/parse/net.go b/cmd/podman/parse/net.go
index 9228c7127..a5c7a0d95 100644
--- a/cmd/podman/parse/net.go
+++ b/cmd/podman/parse/net.go
@@ -151,15 +151,6 @@ func parseEnvOrLabelFile(envOrLabel map[string]string, filename, configType stri
 	return scanner.Err()
 }
 
-// ValidateFileName returns an error if filename contains ":"
-// as it is currently not supported
-func ValidateFileName(filename string) error {
-	if strings.Contains(filename, ":") {
-		return fmt.Errorf("invalid filename (should not contain ':') %q", filename)
-	}
-	return nil
-}
-
 // ValidURL checks a string urlStr is a url or not
 func ValidURL(urlStr string) error {
 	url, err := url.ParseRequestURI(urlStr)
diff --git a/cmd/podman/parse/parse.go b/cmd/podman/parse/parse.go
new file mode 100644
index 000000000..47db066d3
--- /dev/null
+++ b/cmd/podman/parse/parse.go
@@ -0,0 +1,18 @@
+//go:build !windows
+// +build !windows
+
+package parse
+
+import (
+	"fmt"
+	"strings"
+)
+
+// ValidateFileName returns an error if filename contains ":"
+// as it is currently not supported
+func ValidateFileName(filename string) error {
+	if strings.Contains(filename, ":") {
+		return fmt.Errorf("invalid filename (should not contain ':') %q", filename)
+	}
+	return nil
+}
diff --git a/cmd/podman/parse/parse_windows.go b/cmd/podman/parse/parse_windows.go
new file mode 100644
index 000000000..794f4216d
--- /dev/null
+++ b/cmd/podman/parse/parse_windows.go
@@ -0,0 +1,5 @@
+package parse
+
+func ValidateFileName(filename string) error {
+	return nil
+}
diff --git a/cmd/podman/pods/clone.go b/cmd/podman/pods/clone.go
index 9558c6aed..bf7d10c44 100644
--- a/cmd/podman/pods/clone.go
+++ b/cmd/podman/pods/clone.go
@@ -44,7 +44,7 @@ func cloneFlags(cmd *cobra.Command) {
 	_ = podCloneCommand.RegisterFlagCompletionFunc(nameFlagName, completion.AutocompleteNone)
 
 	common.DefineCreateDefaults(&podClone.InfraOptions)
-	common.DefineCreateFlags(cmd, &podClone.InfraOptions, true, false)
+	common.DefineCreateFlags(cmd, &podClone.InfraOptions, entities.InfraMode)
 
 	podClone.InfraOptions.MemorySwappiness = -1 // this is not implemented for pods yet, need to set -1 default manually
 
diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go
index 4f1f66ad6..d30f4782a 100644
--- a/cmd/podman/pods/create.go
+++ b/cmd/podman/pods/create.go
@@ -65,7 +65,7 @@ func init() {
 	flags := createCommand.Flags()
 	flags.SetInterspersed(false)
 	common.DefineCreateDefaults(&infraOptions)
-	common.DefineCreateFlags(createCommand, &infraOptions, true, false)
+	common.DefineCreateFlags(createCommand, &infraOptions, entities.InfraMode)
 	common.DefineNetFlags(createCommand)
 
 	flags.BoolVar(&createOptions.Infra, "infra", true, "Create an infra container associated with the pod to share namespaces with")
diff --git a/cmd/podman/pods/inspect.go b/cmd/podman/pods/inspect.go
index 082e8d9a1..22e781cdf 100644
--- a/cmd/podman/pods/inspect.go
+++ b/cmd/podman/pods/inspect.go
@@ -1,13 +1,8 @@
 package pods
 
 import (
-	"context"
-	"errors"
-	"os"
-	"text/template"
-
-	"github.com/containers/common/pkg/report"
 	"github.com/containers/podman/v4/cmd/podman/common"
+	"github.com/containers/podman/v4/cmd/podman/inspect"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/validate"
 	"github.com/containers/podman/v4/pkg/domain/entities"
@@ -15,10 +10,6 @@ import (
 )
 
 var (
-	inspectOptions = entities.PodInspectOptions{}
-)
-
-var (
 	inspectDescription = `Display the configuration for a pod by name or id
 
 	By default, this will render all results in a JSON array.`
@@ -27,10 +18,12 @@ var (
 		Use:               "inspect [options] POD [POD...]",
 		Short:             "Displays a pod configuration",
 		Long:              inspectDescription,
-		RunE:              inspect,
+		RunE:              inspectExec,
 		ValidArgsFunction: common.AutocompletePods,
 		Example:           `podman pod inspect podID`,
 	}
+
+	inspectOpts = &entities.InspectOptions{}
 )
 
 func init() {
@@ -41,40 +34,15 @@ func init() {
 	flags := inspectCmd.Flags()
 
 	formatFlagName := "format"
-	flags.StringVarP(&inspectOptions.Format, formatFlagName, "f", "json", "Format the output to a Go template or json")
+	flags.StringVarP(&inspectOpts.Format, formatFlagName, "f", "json", "Format the output to a Go template or json")
 	_ = inspectCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.PodInspectReport{}))
 
-	validate.AddLatestFlag(inspectCmd, &inspectOptions.Latest)
+	validate.AddLatestFlag(inspectCmd, &inspectOpts.Latest)
 }
 
-func inspect(cmd *cobra.Command, args []string) error {
-	if len(args) < 1 && !inspectOptions.Latest {
-		return errors.New("you must provide the name or id of a running pod")
-	}
-	if len(args) > 0 && inspectOptions.Latest {
-		return errors.New("--latest and containers cannot be used together")
-	}
-
-	if !inspectOptions.Latest {
-		inspectOptions.NameOrID = args[0]
-	}
-	responses, err := registry.ContainerEngine().PodInspect(context.Background(), inspectOptions)
-	if err != nil {
-		return err
-	}
-
-	if report.IsJSON(inspectOptions.Format) {
-		enc := json.NewEncoder(os.Stdout)
-		enc.SetIndent("", "     ")
-		return enc.Encode(responses)
-	}
-
-	// Cannot use report.New() as it enforces {{range .}} for OriginUser templates
-	tmpl := template.New(cmd.Name()).Funcs(template.FuncMap(report.DefaultFuncs))
-	format := report.NormalizeFormat(inspectOptions.Format)
-	tmpl, err = tmpl.Parse(format)
-	if err != nil {
-		return err
-	}
-	return tmpl.Execute(os.Stdout, *responses)
+func inspectExec(cmd *cobra.Command, args []string) error {
+	// We need backwards compat with the old podman pod inspect behavior.
+	// https://github.com/containers/podman/pull/15675
+	inspectOpts.Type = common.PodLegacyType
+	return inspect.Inspect(args, *inspectOpts)
 }
diff --git a/cmd/podman/pods/logs.go b/cmd/podman/pods/logs.go
index 0102d4b71..7093a7fa8 100644
--- a/cmd/podman/pods/logs.go
+++ b/cmd/podman/pods/logs.go
@@ -101,7 +101,7 @@ func logs(_ *cobra.Command, args []string) error {
 		// parse time, error out if something is wrong
 		since, err := util.ParseInputTime(logsPodOptions.SinceRaw, true)
 		if err != nil {
-			return fmt.Errorf("error parsing --since %q: %w", logsPodOptions.SinceRaw, err)
+			return fmt.Errorf("parsing --since %q: %w", logsPodOptions.SinceRaw, err)
 		}
 		logsPodOptions.Since = since
 	}
@@ -109,7 +109,7 @@ func logs(_ *cobra.Command, args []string) error {
 		// parse time, error out if something is wrong
 		until, err := util.ParseInputTime(logsPodOptions.UntilRaw, false)
 		if err != nil {
-			return fmt.Errorf("error parsing --until %q: %w", logsPodOptions.UntilRaw, err)
+			return fmt.Errorf("parsing --until %q: %w", logsPodOptions.UntilRaw, err)
 		}
 		logsPodOptions.Until = until
 	}
diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go
index cae618b44..a118fdc4d 100644
--- a/cmd/podman/registry/config.go
+++ b/cmd/podman/registry/config.go
@@ -61,7 +61,7 @@ func newPodmanConfig() {
 	switch runtime.GOOS {
 	case "darwin", "windows":
 		mode = entities.TunnelMode
-	case "linux":
+	case "linux", "freebsd":
 		// Some linux clients might only be compiled without ABI
 		// support (e.g., podman-remote).
 		if abiSupport && !IsRemote() {
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index 48f8470be..2e00777a4 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/cmd/podman/common"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/validate"
@@ -70,7 +71,11 @@ var (
 		DisableFlagsInUseLine: true,
 	}
 
-	logLevel       = "warn"
+	defaultLogLevel = "warn"
+	logLevel        = defaultLogLevel
+	dockerConfig    = ""
+	debug           bool
+
 	useSyslog      bool
 	requireCleanup = true
 )
@@ -81,6 +86,7 @@ func init() {
 		loggingHook,
 		syslogHook,
 		earlyInitHook,
+		configHook,
 	)
 
 	rootFlags(rootCmd, registry.PodmanConfig())
@@ -307,8 +313,21 @@ func persistentPostRunE(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+func configHook() {
+	if dockerConfig != "" {
+		logrus.Warn("The --config flag is ignored by Podman. Exists for Docker compatibility")
+	}
+}
+
 func loggingHook() {
 	var found bool
+	if debug {
+		if logLevel != defaultLogLevel {
+			fmt.Fprintf(os.Stderr, "Setting --log-level and --debug is not allowed\n")
+			os.Exit(1)
+		}
+		logLevel = "debug"
+	}
 	for _, l := range common.LogLevels {
 		if l == strings.ToLower(logLevel) {
 			found = true
@@ -338,6 +357,10 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 
 	lFlags := cmd.Flags()
 
+	sshFlagName := "ssh"
+	lFlags.StringVar(&opts.SSHMode, sshFlagName, string(ssh.GolangMode), "define the ssh mode")
+	_ = cmd.RegisterFlagCompletionFunc(sshFlagName, common.AutocompleteSSH)
+
 	connectionFlagName := "connection"
 	lFlags.StringVarP(&opts.Engine.ActiveService, connectionFlagName, "c", srv, "Connection to use for remote Podman service")
 	_ = cmd.RegisterFlagCompletionFunc(connectionFlagName, common.AutocompleteSystemConnections)
@@ -348,6 +371,8 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 	lFlags.StringVarP(&opts.URI, "host", "H", uri, "Used for Docker compatibility")
 	_ = lFlags.MarkHidden("host")
 
+	lFlags.StringVar(&dockerConfig, "config", "", "Ignored for Docker compatibility")
+	_ = lFlags.MarkHidden("config")
 	// Context option added just for compatibility with DockerCLI.
 	lFlags.String("context", "default", "Name of the context to use to connect to the daemon (This flag is a NOOP and provided solely for scripting compatibility.)")
 	_ = lFlags.MarkHidden("context")
@@ -460,6 +485,9 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 	pFlags.StringVar(&logLevel, logLevelFlagName, logLevel, fmt.Sprintf("Log messages above specified level (%s)", strings.Join(common.LogLevels, ", ")))
 	_ = rootCmd.RegisterFlagCompletionFunc(logLevelFlagName, common.AutocompleteLogLevel)
 
+	lFlags.BoolVarP(&debug, "debug", "D", false, "Docker compatibility, force setting of log-level")
+	_ = lFlags.MarkHidden("debug")
+
 	// Only create these flags for ABI connections
 	if !registry.IsRemote() {
 		runtimeflagFlagName := "runtime-flag"
diff --git a/cmd/podman/secrets/create.go b/cmd/podman/secrets/create.go
index 8ecfecf69..01775f563 100644
--- a/cmd/podman/secrets/create.go
+++ b/cmd/podman/secrets/create.go
@@ -46,7 +46,7 @@ func init() {
 
 	cfg := registry.PodmanConfig()
 
-	flags.StringVar(&createOpts.Driver, driverFlagName, cfg.Secrets.Driver, "Specify secret driver")
+	flags.StringVarP(&createOpts.Driver, driverFlagName, "d", cfg.Secrets.Driver, "Specify secret driver")
 	flags.StringToStringVar(&createOpts.DriverOpts, optsFlagName, cfg.Secrets.Opts, "Specify driver specific options")
 	_ = createCmd.RegisterFlagCompletionFunc(driverFlagName, completion.AutocompleteNone)
 	_ = createCmd.RegisterFlagCompletionFunc(optsFlagName, completion.AutocompleteNone)
diff --git a/cmd/podman/secrets/inspect.go b/cmd/podman/secrets/inspect.go
index 1fcc676b4..f4c395b0f 100644
--- a/cmd/podman/secrets/inspect.go
+++ b/cmd/podman/secrets/inspect.go
@@ -34,7 +34,7 @@ func init() {
 	})
 	flags := inspectCmd.Flags()
 	formatFlagName := "format"
-	flags.StringVar(&format, formatFlagName, "", "Format volume output using Go template")
+	flags.StringVarP(&format, formatFlagName, "f", "", "Format volume output using Go template")
 	_ = inspectCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.SecretInfoReport{}))
 }
 
@@ -47,20 +47,15 @@ func inspect(cmd *cobra.Command, args []string) error {
 	}
 
 	if cmd.Flags().Changed("format") {
-		row := report.NormalizeFormat(format)
-		formatted := report.EnforceRange(row)
+		rpt := report.New(os.Stdout, cmd.Name())
+		defer rpt.Flush()
 
-		tmpl, err := report.NewTemplate("inspect").Parse(formatted)
+		rpt, err := rpt.Parse(report.OriginUser, format)
 		if err != nil {
 			return err
 		}
 
-		w, err := report.NewWriterDefault(os.Stdout)
-		if err != nil {
-			return err
-		}
-		defer w.Flush()
-		if err := tmpl.Execute(w, inspected); err != nil {
+		if err := rpt.Execute(inspected); err != nil {
 			return err
 		}
 	} else {
diff --git a/cmd/podman/secrets/list.go b/cmd/podman/secrets/list.go
index 8b1956eab..1833cc544 100644
--- a/cmd/podman/secrets/list.go
+++ b/cmd/podman/secrets/list.go
@@ -34,6 +34,7 @@ type listFlagType struct {
 	format    string
 	noHeading bool
 	filter    []string
+	quiet     bool
 }
 
 func init() {
@@ -43,13 +44,20 @@ func init() {
 	})
 
 	flags := lsCmd.Flags()
+
 	formatFlagName := "format"
-	flags.StringVar(&listFlag.format, formatFlagName, "{{.ID}}\t{{.Name}}\t{{.Driver}}\t{{.CreatedAt}}\t{{.UpdatedAt}}\t\n", "Format volume output using Go template")
+	flags.StringVar(&listFlag.format, formatFlagName, "{{range .}}{{.ID}}\t{{.Name}}\t{{.Driver}}\t{{.CreatedAt}}\t{{.UpdatedAt}}\n{{end -}}", "Format volume output using Go template")
 	_ = lsCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.SecretInfoReport{}))
+
 	filterFlagName := "filter"
 	flags.StringSliceVarP(&listFlag.filter, filterFlagName, "f", []string{}, "Filter secret output")
 	_ = lsCmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompleteSecretFilters)
-	flags.BoolVar(&listFlag.noHeading, "noheading", false, "Do not print headers")
+
+	noHeadingFlagName := "noheading"
+	flags.BoolVar(&listFlag.noHeading, noHeadingFlagName, false, "Do not print headers")
+
+	quietFlagName := "quiet"
+	flags.BoolVarP(&listFlag.quiet, quietFlagName, "q", false, "Print secret IDs only")
 }
 
 func ls(cmd *cobra.Command, args []string) error {
@@ -76,40 +84,46 @@ func ls(cmd *cobra.Command, args []string) error {
 			Driver:    response.Spec.Driver.Name,
 		})
 	}
+
+	if listFlag.quiet && !cmd.Flags().Changed("format") {
+		return quietOut(listed)
+	}
+
 	return outputTemplate(cmd, listed)
 }
 
+func quietOut(responses []*entities.SecretListReport) error {
+	for _, response := range responses {
+		fmt.Println(response.ID)
+	}
+	return nil
+}
+
 func outputTemplate(cmd *cobra.Command, responses []*entities.SecretListReport) error {
 	headers := report.Headers(entities.SecretListReport{}, map[string]string{
 		"CreatedAt": "CREATED",
 		"UpdatedAt": "UPDATED",
 	})
 
-	row := cmd.Flag("format").Value.String()
-	if cmd.Flags().Changed("format") {
-		row = report.NormalizeFormat(row)
-	}
-	format := report.EnforceRange(row)
+	rpt := report.New(os.Stdout, cmd.Name())
+	defer rpt.Flush()
 
-	tmpl, err := report.NewTemplate("list").Parse(format)
-	if err != nil {
-		return err
+	var err error
+	switch {
+	case cmd.Flag("format").Changed:
+		rpt, err = rpt.Parse(report.OriginUser, listFlag.format)
+	default:
+		rpt, err = rpt.Parse(report.OriginPodman, listFlag.format)
 	}
-
-	w, err := report.NewWriterDefault(os.Stdout)
 	if err != nil {
 		return err
 	}
-	defer w.Flush()
-
-	if cmd.Flags().Changed("format") && !report.HasTable(listFlag.format) {
-		listFlag.noHeading = true
-	}
 
-	if !listFlag.noHeading {
-		if err := tmpl.Execute(w, headers); err != nil {
+	noHeading, _ := cmd.Flags().GetBool("noheading")
+	if rpt.RenderHeaders && !noHeading {
+		if err := rpt.Execute(headers); err != nil {
 			return fmt.Errorf("failed to write report column headers: %w", err)
 		}
 	}
-	return tmpl.Execute(w, responses)
+	return rpt.Execute(responses)
 }
diff --git a/cmd/podman/syslog_linux.go b/cmd/podman/syslog_common.go
index ac7bbfe0f..e035e6365 100644
--- a/cmd/podman/syslog_linux.go
+++ b/cmd/podman/syslog_common.go
@@ -1,3 +1,6 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
 package main
 
 import (
diff --git a/cmd/podman/syslog_unsupported.go b/cmd/podman/syslog_unsupported.go
index 42a7851ab..365e5b2b4 100644
--- a/cmd/podman/syslog_unsupported.go
+++ b/cmd/podman/syslog_unsupported.go
@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
 
 package main
 
diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go
index 191603718..f3b61b254 100644
--- a/cmd/podman/system/connection/add.go
+++ b/cmd/podman/system/connection/add.go
@@ -1,23 +1,19 @@
 package connection
 
 import (
-	"encoding/json"
 	"errors"
 	"fmt"
-	"net"
 	"net/url"
 	"os"
 	"regexp"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/system"
-	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/pkg/domain/utils"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"golang.org/x/crypto/ssh"
 )
 
 var (
@@ -74,6 +70,15 @@ func init() {
 
 func add(cmd *cobra.Command, args []string) error {
 	// Default to ssh schema if none given
+
+	entities := &ssh.ConnectionCreateOptions{
+		Port:     cOpts.Port,
+		Path:     args[1],
+		Identity: cOpts.Identity,
+		Name:     args[0],
+		Socket:   cOpts.UDSPath,
+		Default:  cOpts.Default,
+	}
 	dest := args[1]
 	if match, err := regexp.Match("^[A-Za-z][A-Za-z0-9+.-]*://", []byte(dest)); err != nil {
 		return fmt.Errorf("invalid destination: %w", err)
@@ -89,30 +94,20 @@ func add(cmd *cobra.Command, args []string) error {
 		uri.Path = cmd.Flag("socket-path").Value.String()
 	}
 
-	switch uri.Scheme {
-	case "ssh":
-		if uri.User.Username() == "" {
-			if uri.User, err = utils.GetUserInfo(uri); err != nil {
-				return err
-			}
-		}
+	var sshMode ssh.EngineMode
+	containerConfig := registry.PodmanConfig()
 
-		if cmd.Flags().Changed("port") {
-			uri.Host = net.JoinHostPort(uri.Hostname(), cmd.Flag("port").Value.String())
-		}
+	flag := containerConfig.SSHMode
 
-		if uri.Port() == "" {
-			uri.Host = net.JoinHostPort(uri.Hostname(), cmd.Flag("port").DefValue)
-		}
-		iden := ""
-		if cmd.Flags().Changed("identity") {
-			iden = cOpts.Identity
-		}
-		if uri.Path == "" || uri.Path == "/" {
-			if uri.Path, err = getUDS(uri, iden); err != nil {
-				return err
-			}
-		}
+	sshMode = ssh.DefineMode(flag)
+
+	if sshMode == ssh.InvalidMode {
+		return fmt.Errorf("invalid ssh mode")
+	}
+
+	switch uri.Scheme {
+	case "ssh":
+		return ssh.Create(entities, sshMode)
 	case "unix":
 		if cmd.Flags().Changed("identity") {
 			return errors.New("--identity option not supported for unix scheme")
@@ -176,41 +171,3 @@ func add(cmd *cobra.Command, args []string) error {
 	}
 	return cfg.Write()
 }
-
-func getUDS(uri *url.URL, iden string) (string, error) {
-	cfg, err := utils.ValidateAndConfigure(uri, iden)
-	if err != nil {
-		return "", fmt.Errorf("failed to validate: %w", err)
-	}
-	dial, err := ssh.Dial("tcp", uri.Host, cfg)
-	if err != nil {
-		return "", fmt.Errorf("failed to connect: %w", err)
-	}
-	defer dial.Close()
-
-	session, err := dial.NewSession()
-	if err != nil {
-		return "", fmt.Errorf("failed to create new ssh session on %q: %w", uri.Host, err)
-	}
-	defer session.Close()
-
-	// Override podman binary for testing etc
-	podman := "podman"
-	if v, found := os.LookupEnv("PODMAN_BINARY"); found {
-		podman = v
-	}
-	infoJSON, err := utils.ExecRemoteCommand(dial, podman+" info --format=json")
-	if err != nil {
-		return "", err
-	}
-
-	var info define.Info
-	if err := json.Unmarshal(infoJSON, &info); err != nil {
-		return "", fmt.Errorf("failed to parse 'podman info' results: %w", err)
-	}
-
-	if info.Host.RemoteSocket == nil || len(info.Host.RemoteSocket.Path) == 0 {
-		return "", fmt.Errorf("remote podman %q failed to report its UDS socket", uri.Host)
-	}
-	return info.Host.RemoteSocket.Path, nil
-}
diff --git a/cmd/podman/system/dial_stdio.go b/cmd/podman/system/dial_stdio.go
index 42ce65746..db079856c 100644
--- a/cmd/podman/system/dial_stdio.go
+++ b/cmd/podman/system/dial_stdio.go
@@ -97,7 +97,7 @@ func copier(to halfWriteCloser, from halfReadCloser, debugDescription string) er
 		}
 	}()
 	if _, err := io.Copy(to, from); err != nil {
-		return fmt.Errorf("error while Copy (%s): %w", debugDescription, err)
+		return fmt.Errorf("while Copy (%s): %w", debugDescription, err)
 	}
 	return nil
 }
diff --git a/cmd/podman/system/events.go b/cmd/podman/system/events.go
index b04668f86..290f5b0fa 100644
--- a/cmd/podman/system/events.go
+++ b/cmd/podman/system/events.go
@@ -85,7 +85,9 @@ func eventsCmd(cmd *cobra.Command, _ []string) error {
 		doJSON = report.IsJSON(eventFormat)
 		if !doJSON {
 			var err error
-			rpt, err = report.New(os.Stdout, cmd.Name()).Parse(report.OriginUser, eventFormat)
+			// Use OriginUnknown so it does not add an extra range since it
+			// will only be called for each single element and not a slice.
+			rpt, err = report.New(os.Stdout, cmd.Name()).Parse(report.OriginUnknown, eventFormat)
 			if err != nil {
 				return err
 			}
@@ -97,25 +99,33 @@ func eventsCmd(cmd *cobra.Command, _ []string) error {
 		errChannel <- err
 	}()
 
-	for event := range eventChannel {
-		switch {
-		case event == nil:
-			// no-op
-		case doJSON:
-			jsonStr, err := event.ToJSONString()
-			if err != nil {
-				return err
+	for {
+		select {
+		case event, ok := <-eventChannel:
+			if !ok {
+				// channel was closed we can exit
+				return nil
+			}
+			switch {
+			case doJSON:
+				jsonStr, err := event.ToJSONString()
+				if err != nil {
+					return err
+				}
+				fmt.Println(jsonStr)
+			case cmd.Flags().Changed("format"):
+				if err := rpt.Execute(event); err != nil {
+					return err
+				}
+			default:
+				fmt.Println(event.ToHumanReadable(!noTrunc))
 			}
-			fmt.Println(jsonStr)
-		case cmd.Flags().Changed("format"):
-			if err := rpt.Execute(event); err != nil {
+		case err := <-errChannel:
+			// only exit in case of an error,
+			// otherwise keep reading events until the event channel is closed
+			if err != nil {
 				return err
 			}
-			os.Stdout.WriteString("\n")
-		default:
-			fmt.Println(event.ToHumanReadable(!noTrunc))
 		}
 	}
-
-	return <-errChannel
 }
diff --git a/cmd/podman/system/info.go b/cmd/podman/system/info.go
index f8fd946cd..9613d5e56 100644
--- a/cmd/podman/system/info.go
+++ b/cmd/podman/system/info.go
@@ -3,7 +3,6 @@ package system
 import (
 	"fmt"
 	"os"
-	"text/template"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/report"
@@ -63,6 +62,7 @@ func infoFlags(cmd *cobra.Command) {
 	flags := cmd.Flags()
 
 	flags.BoolVarP(&debug, "debug", "D", false, "Display additional debug information")
+	_ = flags.MarkHidden("debug") // It's a NOP since Podman version 2.0
 
 	formatFlagName := "format"
 	flags.StringVarP(&inFormat, formatFlagName, "f", "", "Change the output format to JSON or a Go template")
@@ -85,14 +85,16 @@ func info(cmd *cobra.Command, args []string) error {
 		}
 		fmt.Println(string(b))
 	case cmd.Flags().Changed("format"):
-		// Cannot use report.New() as it enforces {{range .}} for OriginUser templates
-		tmpl := template.New(cmd.Name()).Funcs(template.FuncMap(report.DefaultFuncs))
-		inFormat = report.NormalizeFormat(inFormat)
-		tmpl, err := tmpl.Parse(inFormat)
+		rpt := report.New(os.Stdout, cmd.Name())
+		defer rpt.Flush()
+
+		// Use OriginUnknown so it does not add an extra range since it
+		// will only be called for a single element and not a slice.
+		rpt, err = rpt.Parse(report.OriginUnknown, inFormat)
 		if err != nil {
 			return err
 		}
-		return tmpl.Execute(os.Stdout, info)
+		return rpt.Execute(info)
 	default:
 		b, err := yaml.Marshal(info)
 		if err != nil {
diff --git a/cmd/podman/system/reset.go b/cmd/podman/system/reset.go
index 20f15a34f..02c4a7b46 100644
--- a/cmd/podman/system/reset.go
+++ b/cmd/podman/system/reset.go
@@ -62,7 +62,8 @@ func reset(cmd *cobra.Command, args []string) {
         - all images
         - all networks
         - all build cache
-        - all machines`)
+        - all machines
+        - all volumes`)
 
 		if len(listCtn) > 0 {
 			fmt.Println(`WARNING! The following external containers will be purged:`)
diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go
index 8d0240a8d..68ac8902b 100644
--- a/cmd/podman/system/service_abi.go
+++ b/cmd/podman/system/service_abi.go
@@ -105,7 +105,9 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
 	}
 
 	if err := utils.MaybeMoveToSubCgroup(); err != nil {
-		return err
+		// it is a best effort operation, so just print the
+		// error for debugging purposes.
+		logrus.Debugf("Could not move to subcgroup: %v", err)
 	}
 
 	servicereaper.Start()
diff --git a/cmd/podman/system/version.go b/cmd/podman/system/version.go
index 7202b2c08..33ab0f757 100644
--- a/cmd/podman/system/version.go
+++ b/cmd/podman/system/version.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"os"
 	"strings"
-	"text/template"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/report"
@@ -12,6 +11,7 @@ import (
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/validate"
 	"github.com/containers/podman/v4/pkg/domain/entities"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -53,22 +53,25 @@ func version(cmd *cobra.Command, args []string) error {
 	}
 
 	if cmd.Flag("format").Changed {
-		// Cannot use report.New() as it enforces {{range .}} for OriginUser templates
-		tmpl := template.New(cmd.Name()).Funcs(template.FuncMap(report.DefaultFuncs))
+		rpt := report.New(os.Stdout, cmd.Name())
+		defer rpt.Flush()
 
-		versionFormat = report.NormalizeFormat(versionFormat)
-		tmpl, err := tmpl.Parse(versionFormat)
+		// Use OriginUnknown so it does not add an extra range since it
+		// will only be called for a single element and not a slice.
+		rpt, err = rpt.Parse(report.OriginUnknown, versionFormat)
 		if err != nil {
 			return err
 		}
-		if err := tmpl.Execute(os.Stdout, versions); err != nil {
+		if err := rpt.Execute(versions); err != nil {
+			// only log at debug since we fall back to the client only template
+			logrus.Debugf("Failed to execute template: %v", err)
 			// On Failure, assume user is using older version of podman version --format and check client
 			versionFormat = strings.ReplaceAll(versionFormat, ".Server.", ".")
-			tmpl, err := tmpl.Parse(versionFormat)
+			rpt, err := rpt.Parse(report.OriginUnknown, versionFormat)
 			if err != nil {
 				return err
 			}
-			if err := tmpl.Execute(os.Stdout, versions.Client); err != nil {
+			if err := rpt.Execute(versions.Client); err != nil {
 				return err
 			}
 		}
diff --git a/cmd/podman/volumes/list.go b/cmd/podman/volumes/list.go
index 06118513d..70041834b 100644
--- a/cmd/podman/volumes/list.go
+++ b/cmd/podman/volumes/list.go
@@ -55,7 +55,7 @@ func init() {
 	_ = lsCommand.RegisterFlagCompletionFunc(filterFlagName, common.AutocompleteVolumeFilters)
 
 	formatFlagName := "format"
-	flags.StringVar(&cliOpts.Format, formatFlagName, "{{.Driver}}\t{{.Name}}\n", "Format volume output using Go template")
+	flags.StringVar(&cliOpts.Format, formatFlagName, "{{range .}}{{.Driver}}\t{{.Name}}\n{{end -}}", "Format volume output using Go template")
 	_ = lsCommand.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.VolumeListReport{}))
 
 	flags.Bool("noheading", false, "Do not print headers")
@@ -95,34 +95,28 @@ func outputTemplate(cmd *cobra.Command, responses []*entities.VolumeListReport)
 		"Name": "VOLUME NAME",
 	})
 
-	var row string
+	rpt := report.New(os.Stdout, cmd.Name())
+	defer rpt.Flush()
+
+	var err error
 	switch {
+	case cmd.Flag("format").Changed:
+		rpt, err = rpt.Parse(report.OriginUser, cliOpts.Format)
 	case cliOpts.Quiet:
-		row = "{{.Name}}\n"
-	case cmd.Flags().Changed("format"):
-		row = report.NormalizeFormat(cliOpts.Format)
+		rpt, err = rpt.Parse(report.OriginUser, "{{.Name}}\n")
 	default:
-		row = cmd.Flag("format").Value.String()
+		rpt, err = rpt.Parse(report.OriginPodman, cliOpts.Format)
 	}
-	format := report.EnforceRange(row)
-
-	tmpl, err := report.NewTemplate("list").Parse(format)
-	if err != nil {
-		return err
-	}
-
-	w, err := report.NewWriterDefault(os.Stdout)
 	if err != nil {
 		return err
 	}
-	defer w.Flush()
 
-	if !(noHeading || cliOpts.Quiet || cmd.Flag("format").Changed) {
-		if err := tmpl.Execute(w, headers); err != nil {
+	if (rpt.RenderHeaders) && !noHeading {
+		if err := rpt.Execute(headers); err != nil {
 			return fmt.Errorf("failed to write report column headers: %w", err)
 		}
 	}
-	return tmpl.Execute(w, responses)
+	return rpt.Execute(responses)
 }
 
 func outputJSON(vols []*entities.VolumeListReport) error {
diff --git a/cmd/rootlessport/main.go b/cmd/rootlessport/main.go
index 5410cd14a..d8d6ffcee 100644
--- a/cmd/rootlessport/main.go
+++ b/cmd/rootlessport/main.go
@@ -225,7 +225,7 @@ outer:
 
 	// https://github.com/containers/podman/issues/11248
 	// Copy /dev/null to stdout and stderr to prevent SIGPIPE errors
-	if f, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755); err == nil {
+	if f, err := os.OpenFile(os.DevNull, os.O_WRONLY, 0755); err == nil {
 		unix.Dup2(int(f.Fd()), 1) //nolint:errcheck
 		unix.Dup2(int(f.Fd()), 2) //nolint:errcheck
 		f.Close()
diff --git a/commands-demo.md b/commands-demo.md
index dac279192..f3a1216a1 100644
--- a/commands-demo.md
+++ b/commands-demo.md
@@ -1,4 +1,4 @@
-![PODMAN logo](logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # libpod - library for running OCI-based containers in Pods
 
diff --git a/commands.md b/commands.md
index 97b4c69a9..3970d0657 100644
--- a/commands.md
+++ b/commands.md
@@ -1,4 +1,4 @@
-![PODMAN logo](logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # libpod - library for running OCI-based containers in Pods
 
diff --git a/contrib/cirrus/CIModes.md b/contrib/cirrus/CIModes.md
index c782ca64b..0b5a189a6 100644
--- a/contrib/cirrus/CIModes.md
+++ b/contrib/cirrus/CIModes.md
@@ -85,6 +85,16 @@ of this document, it's not possible to override the behavior of `$CIRRUS_PR`.
 + meta
 + success
 
+### Intended `[CI:COPR]` PR Tasks:
++ ext_svc_check
++ automation
++ *build*
++ validate
++ swagger
++ consistency
++ meta
++ success
+
 ### Intend `[CI:BUILD]` PR Tasks:
 + ext_svc_check
 + automation
diff --git a/contrib/cirrus/cirrus_yaml_test.py b/contrib/cirrus/cirrus_yaml_test.py
index 3968b8b1b..a7fff8d3f 100755
--- a/contrib/cirrus/cirrus_yaml_test.py
+++ b/contrib/cirrus/cirrus_yaml_test.py
@@ -26,7 +26,7 @@ class TestCaseBase(unittest.TestCase):
 class TestDependsOn(TestCaseBase):
 
     ALL_TASK_NAMES = None
-    SUCCESS_DEPS_EXCLUDE = set(['success', 'artifacts', 'podman_machine',
+    SUCCESS_DEPS_EXCLUDE = set(['success', 'artifacts',
         'test_image_build', 'release', 'release_test'])
 
     def setUp(self):
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index e7ea05867..b03a3da3e 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -158,9 +158,9 @@ setup_rootless() {
     msg "************************************************************"
     cd $GOSRC || exit 1
     # Guarantee independence from specific values
-    rootless_uid=$[RANDOM+1000]
+    rootless_uid=$((1500 + RANDOM % 5000))
     ROOTLESS_UID=$rootless_uid
-    rootless_gid=$[RANDOM+1000]
+    rootless_gid=$((1500 + RANDOM % 5000))
     msg "creating $rootless_uid:$rootless_gid $ROOTLESS_USER user"
     groupadd -g $rootless_gid $ROOTLESS_USER
     useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER
diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
index 35ecfd4ff..6b2d123f2 100755
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -398,9 +398,7 @@ dotest() {
 }
 
 _run_machine() {
-    # TODO: This is a manually-triggered task, if that ever changes need to
-    # add something like:
-    # _bail_if_test_can_be_skipped docs test/e2e test/system test/python
+    # N/B: Can't use _bail_if_test_can_be_skipped here b/c content isn't under test/
     make localmachine |& logformatter
 }
 
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index c3b7811bc..f84f78ee9 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -277,7 +277,7 @@ case "$TEST_FLAVOR" in
         ;&  # continue with next item
     compose)
         make install.tools
-        rpm -ivh $PACKAGE_DOWNLOAD_DIR/podman-docker*
+        dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-docker*
         ;&  # continue with next item
     int) ;&
     sys) ;&
@@ -307,7 +307,7 @@ case "$TEST_FLAVOR" in
         install_test_configs
         ;;
     machine)
-        rpm -ivh $PACKAGE_DOWNLOAD_DIR/podman-gvproxy*
+        dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-gvproxy*
         remove_packaged_podman_files
         make install.tools
         make install PREFIX=/usr ETCDIR=/etc
diff --git a/contrib/cirrus/win-installer-install.ps1 b/contrib/cirrus/win-installer-install.ps1
new file mode 100644
index 000000000..f3fc4508d
--- /dev/null
+++ b/contrib/cirrus/win-installer-install.ps1
@@ -0,0 +1,6 @@
+# Update service is required for dotnet 3.5 (dep of wix)
+Set-Service -Name wuauserv -StartupType "Manual"
+choco install -y wixtoolset mingw golang archiver
+if ($LASTEXITCODE -ne 0) {
+    Exit 1
+}
diff --git a/contrib/cirrus/win-installer-main.ps1 b/contrib/cirrus/win-installer-main.ps1
new file mode 100644
index 000000000..64a94ee63
--- /dev/null
+++ b/contrib/cirrus/win-installer-main.ps1
@@ -0,0 +1,60 @@
+ # Powershell doesn't exit after
+ function CheckExit {
+    if ($LASTEXITCODE -ne 0) {
+        Exit $LASTEXITCODE
+    }
+}
+function DownloadFile {
+    param(
+        [Parameter(Mandatory)]
+        [string]$url,
+        [Parameter(Mandatory)]
+        [string]$file,
+        [Int]$retries=5,
+        [Int]$delay=8
+    )
+    $ProgressPreference = 'SilentlyContinue';
+    Write-Host "Downloading $url to $file"
+    For($i = 0;;) {
+        Try {
+            Invoke-WebRequest -UseBasicParsing -ErrorAction Stop -Uri $url -OutFile $file
+            Break
+        } Catch {
+            if (++$i -gt $retries) {
+                throw $_.Exception
+            }
+            Write-Host "Download failed - retrying:" $_.Exception.Response.StatusCode
+            Start-Sleep -Seconds $delay
+        }
+    }
+}
+# Drop global envs which have unix paths, defaults are fine
+Remove-Item Env:\GOPATH
+Remove-Item Env:\GOSRC
+Remove-Item Env:\GOCACHE
+
+Set-Location contrib\win-installer
+
+# Download and extract alt_build win release zip
+$url = "${ENV:ART_URL}/Windows Cross/repo/repo.tbz"
+# Arc requires extension to be "tbz2"
+DownloadFile "$url" "repo.tbz2"
+arc unarchive repo.tbz2 .; CheckExit
+
+# Build Installer
+.\build.ps1 $Env:WIN_INST_VER dev repo; CheckExit
+
+# Run the installer silently and WSL install option disabled (prevent reboots, wsl requirements)
+# We need AllowOldWin=1 for server 2019 (cirrus image), can be dropped after server 2022
+$ret = Start-Process -Wait -PassThru ".\podman-${ENV:WIN_INST_VER}-dev-setup.exe" -ArgumentList "/install /quiet WSLCheckbox=0 AllowOldWin=1 /log inst.log"
+if ($ret.ExitCode -ne 0) {
+    Write-Host "Install failed, dumping log"
+    Get-Content inst.log
+    Exit $ret.ExitCode
+}
+if (! ((Test-Path -Path "C:\Program Files\RedHat\Podman\podman.exe") -and `
+       (Test-Path -Path "C:\Program Files\RedHat\Podman\win-sshproxy.exe"))) {
+    Write-Host "Expected podman.exe and win-sshproxy.exe, one or both not present after install"
+    Exit 1
+}
+Write-Host "Installer verification successful!"
diff --git a/contrib/hello/README.md b/contrib/hello/README.md
index 528466f7b..0fb430721 100644
--- a/contrib/hello/README.md
+++ b/contrib/hello/README.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # Podman Hello World image
 
diff --git a/contrib/pkginstaller/Makefile b/contrib/pkginstaller/Makefile
index 19c9b51aa..b7636fe14 100644
--- a/contrib/pkginstaller/Makefile
+++ b/contrib/pkginstaller/Makefile
@@ -1,7 +1,6 @@
 SHELL := bash
 
 ARCH ?= aarch64
-PODMAN_VERSION ?= 4.1.0
 GVPROXY_VERSION ?= 0.4.0
 QEMU_VERSION ?= 7.0.0-2
 GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin
@@ -9,18 +8,22 @@ QEMU_RELEASE_URL ?= https://github.com/containers/podman-machine-qemu/releases/d
 PACKAGE_DIR ?= out/packaging
 TMP_DOWNLOAD ?= tmp-download
 PACKAGE_ROOT ?= root
+PKG_NAME := podman-installer-macos-$(ARCH).pkg
 
 default: pkginstaller
 
-get_gvproxy:
+podman_version:
+	make -C ../../ test/version/version
+
+$(TMP_DOWNLOAD)/gvproxy:
 	mkdir -p $(TMP_DOWNLOAD)
 	cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL)
 
-get_qemu:
+$(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz:
 	mkdir -p $(TMP_DOWNLOAD)
 	cd $(TMP_DOWNLOAD) && curl -sLO $(QEMU_RELEASE_URL)
 
-packagedir: package_root Distribution welcome.html
+packagedir: podman_version package_root Distribution welcome.html
 	mkdir -p $(PACKAGE_DIR)
 	cp -r Resources $(PACKAGE_DIR)/
 	cp welcome.html $(PACKAGE_DIR)/Resources/
@@ -29,22 +32,32 @@ packagedir: package_root Distribution welcome.html
 	cp -r $(PACKAGE_ROOT) $(PACKAGE_DIR)/
 	cp package.sh $(PACKAGE_DIR)/
 	cd $(PACKAGE_DIR) && pkgbuild --analyze --root ./root component.plist
-	echo -n $(PODMAN_VERSION) > $(PACKAGE_DIR)/VERSION
+	../../test/version/version > $(PACKAGE_DIR)/VERSION
 	echo -n $(ARCH) > $(PACKAGE_DIR)/ARCH
 	cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt
+	cp hvf.entitlements $(PACKAGE_DIR)/
 
-package_root: get_gvproxy get_qemu
+package_root: clean-pkgroot $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz $(TMP_DOWNLOAD)/gvproxy
 	mkdir -p $(PACKAGE_ROOT)/podman/bin $(PACKAGE_ROOT)/podman/qemu
 	tar -C $(PACKAGE_ROOT)/podman/qemu -xf $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz
 	cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/
 	chmod a+x $(PACKAGE_ROOT)/podman/bin/*
 
-%: %.in
-	@sed -e 's/__VERSION__/'$(PODMAN_VERSION)'/g' $< >$@
+%: %.in podman_version
+	@sed -e 's/__VERSION__/'$(shell ../../test/version/version)'/g' $< >$@
 
 pkginstaller: packagedir
 	cd $(PACKAGE_DIR) && ./package.sh ..
 
-.PHONY: clean
+_notarize: pkginstaller
+	xcrun notarytool submit --apple-id $(NOTARIZE_USERNAME) --password $(NOTARIZE_PASSWORD) --team-id=$(NOTARIZE_TEAM) -f json --wait out/$(PKG_NAME)
+
+notarize: _notarize
+	xcrun stapler staple out/$(PKG_NAME)
+
+.PHONY: clean clean-pkgroot
 clean:
-	rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html
+	rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html ../../test/version/version
+
+clean-pkgroot:
+	rm -rf $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html
diff --git a/contrib/pkginstaller/README.md b/contrib/pkginstaller/README.md
index 37c59ce04..7aaf64808 100644
--- a/contrib/pkginstaller/README.md
+++ b/contrib/pkginstaller/README.md
@@ -5,10 +5,13 @@ $ make ARCH=<amd64 | aarch64> NO_CODESIGN=1 pkginstaller
 
 # or to create signed pkg
 $ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> pkginstaller
+
+# or to prepare a signed and notarized pkg for release
+$ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> NOTARIZE_USERNAME=<appleID> NOTARIZE_PASSWORD=<appleID-password> NOTARIZE_TEAM=<team-id> notarize
 ```
 
 The generated pkg will be written to `out/podman-macos-installer-*.pkg`.
-Currently the pkg installs `podman`, `qemu`, `gvproxy` and `podman-mac-helper` to `/Applications/podman`
+Currently the pkg installs `podman`, `qemu`, `gvproxy` and `podman-mac-helper` to `/opt/podman`
 
 The `qemu` build it uses is from [containers/podman-machine-qemu](https://github.com/containers/podman-machine-qemu)
 
diff --git a/contrib/pkginstaller/hvf.entitlements b/contrib/pkginstaller/hvf.entitlements
new file mode 100644
index 000000000..154f3308e
--- /dev/null
+++ b/contrib/pkginstaller/hvf.entitlements
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.hypervisor</key>
+    <true/>
+</dict>
+</plist>
diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh
index b7b33954d..f6f7cef16 100755
--- a/contrib/pkginstaller/package.sh
+++ b/contrib/pkginstaller/package.sh
@@ -10,11 +10,19 @@ NO_CODESIGN=${NO_CODESIGN:-0}
 HELPER_BINARIES_DIR="/opt/podman/qemu/bin"
 
 binDir="${BASEDIR}/root/podman/bin"
+qemuBinDir="${BASEDIR}/root/podman/qemu/bin"
+
+version=$(cat "${BASEDIR}/VERSION")
+arch=$(cat "${BASEDIR}/ARCH")
 
 function build_podman() {
   pushd "$1"
-    make podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}"
-    make podman-mac-helper
+    local goArch="${arch}"
+    if [ "${goArch}" = aarch64 ]; then
+        goArch=arm64
+    fi
+    make GOARCH="${goArch}" podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}"
+    make GOARCH="${goArch}" podman-mac-helper
     cp bin/darwin/podman "contrib/pkginstaller/out/packaging/${binDir}/podman"
     cp bin/darwin/podman-mac-helper "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper"
   popd
@@ -29,16 +37,40 @@ function sign() {
   if [ -f "${entitlements}" ]; then
       opts="--entitlements ${entitlements}"
   fi
-  codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --force --timestamp "${opts}" "$1"
+  codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force ${opts} "$1"
 }
 
-version=$(cat "${BASEDIR}/VERSION")
-arch=$(cat "${BASEDIR}/ARCH")
+function signQemu() {
+  if [ "${NO_CODESIGN}" -eq "1" ]; then
+    return
+  fi
+
+  local qemuArch="${arch}"
+  if [ "${qemuArch}" = amd64 ]; then
+      qemuArch=x86_64
+  fi
+
+  # sign the files inside /opt/podman/qemu/lib
+  libs=$(find "${BASEDIR}"/root/podman/qemu/lib -depth -name "*.dylib" -or -type f -perm +111)
+  echo "${libs}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force % || true
+
+  # sign the files inside /opt/podman/qemu/bin except qemu-system-*
+  bins=$(find "${BASEDIR}"/root/podman/qemu/bin -depth -type f -perm +111 ! -name "qemu-system-${qemuArch}")
+  echo "${bins}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force  % || true
+
+  # sign the qemu-system-* binary
+  # need to remove any extended attributes, otherwise codesign complains:
+  # qemu-system-aarch64: resource fork, Finder information, or similar detritus not allowed
+  xattr -cr "${qemuBinDir}/qemu-system-${qemuArch}"
+  codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force \
+    --entitlements "${BASEDIR}/hvf.entitlements" "${qemuBinDir}/qemu-system-${qemuArch}"
+}
 
 build_podman "../../../../"
 sign "${binDir}/podman"
 sign "${binDir}/gvproxy"
 sign "${binDir}/podman-mac-helper"
+signQemu
 
 pkgbuild --identifier com.redhat.podman --version "${version}" \
   --scripts "${BASEDIR}/scripts" \
diff --git a/contrib/podmanimage/README.md b/contrib/podmanimage/README.md
index 0f4f715ad..ab406a56a 100644
--- a/contrib/podmanimage/README.md
+++ b/contrib/podmanimage/README.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # podmanimage
 
diff --git a/contrib/snapcraft/snap/snapcraft.yaml b/contrib/snapcraft/snap/snapcraft.yaml
index 57589b00e..a7f7d09b6 100644
--- a/contrib/snapcraft/snap/snapcraft.yaml
+++ b/contrib/snapcraft/snap/snapcraft.yaml
@@ -17,7 +17,7 @@ parts:
     source: https://github.com/containers/podman/archive/v0.11.1.1.tar.gz
     go-importpath: github.com/containers/podman
     build-packages:
-     # https://github.com/containers/podman/blob/main/install.md#build-and-run-dependencies
+     # https://podman.io/getting-started/installation#build-and-run-dependencies
      - btrfs-tools
      - git
      - golang-go
diff --git a/contrib/systemd/system/podman-docker.conf b/contrib/systemd/system/podman-docker.conf
index e12f19bce..9d5f43101 100644
--- a/contrib/systemd/system/podman-docker.conf
+++ b/contrib/systemd/system/podman-docker.conf
@@ -1 +1 @@
-L+  /run/docker.sock   -    -    -     -   /run/podman/podman.sock
+L+  %t/docker.sock   -    -    -     -   %t/podman/podman.sock
diff --git a/contrib/systemd/system/podman-kube@.service.in b/contrib/systemd/system/podman-kube@.service.in
index 824f71eb0..dac5da7cd 100644
--- a/contrib/systemd/system/podman-kube@.service.in
+++ b/contrib/systemd/system/podman-kube@.service.in
@@ -7,7 +7,6 @@ RequiresMountsFor=%t/containers
 
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
-Restart=never
 TimeoutStopSec=70
 ExecStart=@@PODMAN@@ play kube --replace --service-container=true %I
 ExecStop=@@PODMAN@@ play kube --down %I
diff --git a/contrib/win-installer/README.md b/contrib/win-installer/README.md
new file mode 100644
index 000000000..9cd1d29a5
--- /dev/null
+++ b/contrib/win-installer/README.md
@@ -0,0 +1,28 @@
+# Windows Installer Build
+
+## Requirements
+
+1. Win 10+
+2. Golang
+3. MingW
+4. Dotnet SDK (if AzureSignTool)
+5. AzureSignTool (optional)
+6. WiX Toolset
+
+## Usage
+
+```
+.\build.ps1 <version> [prod|dev] [release_dir]
+```
+
+## One off build (-dev output (default), unsigned (default))
+
+```
+.\build.ps1 4.2.0
+```
+
+## Build with a pre-downloaded win release zip in my-download dir
+
+```
+.\build.ps1 4.2.0 dev my-download
+```
diff --git a/contrib/win-installer/build-burn.bat b/contrib/win-installer/build-burn.bat
new file mode 100644
index 000000000..637a4e744
--- /dev/null
+++ b/contrib/win-installer/build-burn.bat
@@ -0,0 +1,7 @@
+@if "%1" == "" (
+    @echo "usage: build-burn.bat <version>"
+    @exit /b 1
+)
+
+candle -ext WixUIExtension -ext WixUtilExtension -ext WixBalExtension -arch x64 -dManSource="docs" -dVERSION="%1" burn.wxs || exit /b 1
+light -ext WixUIExtension -ext WixUtilExtension -ext WixBalExtension .\burn.wixobj -out podman-setup.exe || exit /b 1
diff --git a/contrib/win-installer/build-hooks.bat b/contrib/win-installer/build-hooks.bat
new file mode 100644
index 000000000..d663f87b8
--- /dev/null
+++ b/contrib/win-installer/build-hooks.bat
@@ -0,0 +1,4 @@
+cd ../..
+go build -buildmode=c-shared  -o contrib/win-installer/artifacts/podman-msihooks.dll ./cmd/podman-msihooks || exit /b 1
+go build -ldflags -H=windowsgui -o contrib/win-installer/artifacts/podman-wslkerninst.exe ./cmd/podman-wslkerninst || exit /b 1
+cd contrib/win-installer
diff --git a/contrib/win-installer/build-msi.bat b/contrib/win-installer/build-msi.bat
new file mode 100644
index 000000000..28a77734d
--- /dev/null
+++ b/contrib/win-installer/build-msi.bat
@@ -0,0 +1,8 @@
+@if "%1" == "" (
+    @echo "usage: build-msi.bat <version>"
+    @exit /b 1
+)
+
+heat dir docs -var var.ManSource -cg ManFiles -dr INSTALLDIR -gg -g1 -srd -out pages.wxs || exit /b 1
+candle -ext WixUIExtension -ext WixUtilExtension -ext .\artifacts\PanelSwWixExtension.dll -arch x64 -dManSource="docs" -dVERSION="%1" podman.wxs pages.wxs podman-ui.wxs welcome-install-dlg.wxs || exit /b 1
+light -ext WixUIExtension -ext WixUtilExtension -ext .\artifacts\PanelSwWixExtension.dll .\podman.wixobj .\pages.wixobj .\podman-ui.wixobj .\welcome-install-dlg.wixobj -out podman.msi || exit /b 1
diff --git a/contrib/win-installer/build.ps1 b/contrib/win-installer/build.ps1
new file mode 100644
index 000000000..ba1b97548
--- /dev/null
+++ b/contrib/win-installer/build.ps1
@@ -0,0 +1,156 @@
+function ExitOnError() {
+    if ($LASTEXITCODE -ne 0) {
+        Exit 1
+    }
+}
+
+function FetchPanel() {
+    Remove-Item -Recurse -Force -Path fetch -ErrorAction SilentlyContinue | Out-Null
+    New-Item -Force -ItemType Directory fetch | Out-Null
+    Push-Location fetch
+
+    $ProgressPreference = 'SilentlyContinue'
+    Invoke-WebRequest -UseBasicParsing -OutFile nuget.exe -ErrorAction Stop `
+        -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
+
+    .\nuget.exe install PanelSwWixExtension
+    $code = $LASTEXITCODE
+    Pop-Location
+    if ($code -gt 0) {
+        Exit 1
+    }
+    $loc = Get-ChildItem -Recurse -Path fetch -Name PanelSwWixExtension.dll
+    if (!$loc) {
+        Write-Host "Could not locate PanelSwWixExtension.dll"
+        Exit 1
+    }
+
+    Copy-Item -Path fetch/$loc -Destination artifacts/PanelSwWixExtension.dll -ErrorAction Stop
+}
+
+function SignItem() {
+    param(
+        [Parameter(Mandatory)]
+        [string[]]$fileNames
+    )
+
+    foreach ($val in $ENV:APP_ID, $ENV:TENANT_ID, $ENV:CLIENT_SECRET, $ENV:CERT_NAME) {
+        if (!$val) {
+            Write-Host "Skipping signing (no config)"
+            Return
+        }
+    }
+
+    CheckCommand AzureSignTool.exe "AzureSignTool"
+
+    AzureSignTool.exe sign -du "https://github.com/containers/podman" `
+        -kvu "https://$ENV:VAULT_ID.vault.azure.net" `
+        -kvi $ENV:APP_ID `
+        -kvt $ENV:TENANT_ID `
+        -kvs $ENV:CLIENT_SECRET `
+        -kvc $ENV:CERT_NAME `
+        -tr http://timestamp.digicert.com $fileNames
+
+    ExitOnError
+}
+
+function CheckCommand() {
+    param(
+        [Parameter(Mandatory)]
+        [string] $cmd,
+        [Parameter(Mandatory)]
+        [string] $description
+    )
+
+    if (! (Get-Command $cmd -errorAction SilentlyContinue)) {
+        Write-Host "Required dep `"$description`" is not installed"
+        Exit 1
+    }
+}
+
+function CheckRequirements() {
+    CheckCommand "gcc" "MingW CC"
+    CheckCommand "candle" "WiX Toolset"
+    CheckCommand "go" "Golang"
+}
+
+
+if ($args.Count -lt 1 -or $args[0].Length -lt 1) {
+    Write-Host "Usage: " $MyInvocation.MyCommand.Name "<version> [dev|prod] [release_dir]"
+    Write-Host
+    Write-Host 'Uses Env Vars: '
+    Write-Host '   $ENV:FETCH_BASE_URL - GitHub Repo Address to locate release on'
+    Write-Host 'Env Settings for signing (optional)'
+    Write-Host '   $ENV:VAULT_ID'
+    Write-Host '   $ENV:APP_ID'
+    Write-Host '   $ENV:TENANT_ID'
+    Write-Host '   $ENV:CLIENT_SECRET'
+    Write-Host '   $ENV:CERT_NAME'
+    Write-Host
+    Write-Host "Example: Download and build from the official Github release (dev output): "
+    Write-Host " .\build.ps1 4.2.0"
+    Write-Host
+    Write-Host "Example: Build a dev build from a pre-download release "
+    Write-Host " .\build.ps1 4.2.0 dev fetchdir"
+    Write-Host
+
+    Exit 1
+}
+
+# Pre-set to standard locations in-case build env does not refresh paths
+$Env:Path="$Env:Path;C:\Program Files (x86)\WiX Toolset v3.11\bin;C:\ProgramData\chocolatey\lib\mingw\tools\install\mingw64\bin;;C:\Program Files\Go\bin"
+
+CheckRequirements
+
+$version = $args[0]
+
+if ($version[0] -eq "v") {
+    $version = $version.Substring(1)
+}
+
+$suffix = "-dev"
+if ($args.Count -gt 1 -and $args[1] -eq "prod") {
+    $suffix = ""
+}
+
+$releaseDir = ""
+if ($args.Count -gt 2) {
+    $releaseDir = $args[2]
+}
+
+.\process-release.ps1 $version $releaseDir
+if ($LASTEXITCODE -eq 2) {
+    Write-Host "Skip signaled, relaying skip"
+    Exit 2
+}
+if ($ENV:INSTVER -eq "") {
+    Write-Host "process-release did not define an install version!"
+    Exit 1
+}
+
+FetchPanel
+
+.\build-hooks.bat; ExitOnError
+SignItem @("artifacts/win-sshproxy.exe",
+          "artifacts/podman.exe",
+          "artifacts/podman-msihooks.dll",
+          "artifacts/podman-wslkerninst.exe")
+
+.\build-msi.bat $ENV:INSTVER; ExitOnError
+SignItem @("podman.msi")
+
+.\build-burn.bat $ENV:INSTVER; ExitOnError
+insignia -ib podman-setup.exe -o engine.exe; ExitOnError
+SignItem @("engine.exe")
+
+$file = "podman-$version$suffix-setup.exe"
+insignia -ab engine.exe podman-setup.exe -o $file; ExitOnError
+SignItem @("$file")
+
+if (Test-Path -Path shasums) {
+    $hash = (Get-FileHash -Algorithm SHA256 $file).Hash.ToLower()
+    Write-Output "$hash  $file" | Out-File -Append -FilePath shasums
+}
+
+Write-Host "Complete"
+Get-ChildItem "podman-$version$suffix-setup.exe"
diff --git a/contrib/win-installer/burn.wxs b/contrib/win-installer/burn.wxs
new file mode 100644
index 000000000..f4534e5fd
--- /dev/null
+++ b/contrib/win-installer/burn.wxs
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:bal="http://schemas.microsoft.com/wix/BalExtension" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
+  <?ifndef var.VERSION?>
+     <?error VERSION must be defined via command line argument?>
+  <?endif?>
+  <Bundle Name="Podman" Version="$(var.VERSION)" Manufacturer="Red Hat"
+          UpgradeCode="f3e1f40a-a791-49b7-9bc6-050975293353" IconSourceFile="resources\podman-logo.ico"
+          Compressed="yes">
+    <BootstrapperApplicationRef Id="WixStandardBootstrapperApplication.HyperlinkSidebarLicense">
+      <bal:WixStandardBootstrapperApplication LicenseUrl=""
+                                              ThemeFile="podman-theme.xml"
+                                              LocalizationFile="podman-theme.wxl"
+                                              LogoFile="resources\podman-banner2.png"
+                                              LogoSideFile="resources\podman-sidebar.png"
+                                              SuppressOptionsUI="yes"
+                                              ShowVersion="yes"/>
+    </BootstrapperApplicationRef>
+    <Variable Name='InstallFolder' Type='string' Value='[ProgramFiles64Folder]RedHat\Podman'/>
+    <Variable Name="VERSION" Value="$(var.VERSION)"/>
+    <Variable Name="WSLCheckbox" Type="numeric" Value="1" bal:Overridable="yes"/>
+    <Variable Name="AllowOldWin" Type="numeric" Value="0" bal:Overridable="yes"/>
+    <Variable Name="LaunchTarget" Value="explorer.exe"/>
+    <Variable Name="LaunchArguments" Value="&quot;[InstallFolder]\podman-for-windows.html&quot;"/>
+
+    <util:RegistrySearch Id="PreviousVersionSearch" Variable="PreviousVersion"  Result="value" Root="HKLM"  Key="SOFTWARE\[WixBundleManufacturer]\Updates\[WixBundleName]" Value="PackageVersion"/>
+    <util:RegistrySearch Id="PreviousInstallFolderSearch" Root="HKLM" Key="SOFTWARE\[WixBundleManufacturer]\[WixBundleName]" Value="InstallDir" Variable="PreviousInstallFolder"/>
+    <util:RegistrySearch Id="CurrentBuild" Variable="CBNumber" Result="value" Root="HKLM" Key="SOFTWARE\Microsoft\Windows NT\CurrentVersion" Value="CurrentBuildNumber"/>
+    <bal:Condition Message="Windows 10 (19041) or later is required to run this application.">
+      <![CDATA[VersionNT >= v10.0 AND (CBNumber >= 19041 OR AllowOldWin = 1)]]>
+    </bal:Condition>
+    <bal:Condition Message="You have an installed development, pre-release version, or alternative build identifying as the same version of this installer. You must uninstall the existing version of Podman first, before proceeding.">
+       <![CDATA[WixBundleAction <> 5 OR WixBundleInstalled OR WixBundleForcedRestartPackage OR PreviousVersion <> VERSION]]>
+    </bal:Condition>
+    <Chain>
+      <MsiPackage Id="Setup" SourceFile="podman.msi" Vital="yes">
+        <MsiProperty Name="INSTALLDIR" Value="[InstallFolder]" />
+        <MsiProperty Name="WITH_WSL" Value="[WSLCheckbox]"/>
+      </MsiPackage>
+      <ExePackage DisplayName="WSL Kernel Install" InstallCondition="WSLCheckbox = 1" SourceFile="artifacts\podman-wslkerninst.exe"/>
+    </Chain>
+    <OptionalUpdateRegistration/>
+  </Bundle>
+</Wix>
diff --git a/contrib/win-installer/check.ps1 b/contrib/win-installer/check.ps1
new file mode 100644
index 000000000..6e3aa9c2e
--- /dev/null
+++ b/contrib/win-installer/check.ps1
@@ -0,0 +1,63 @@
+function SkipExists {
+    param(
+        [Parameter(Mandatory)]
+        [string]$url,
+        [Parameter(Mandatory)]
+        [string]$desc
+    )
+    try {
+        Invoke-WebRequest -Method HEAD -UseBasicParsing -ErrorAction Stop -Uri $url
+        Write-Host "$desc already uploaded, skipping..."
+        Exit 2
+    } Catch {
+        if ($_.Exception.Response.StatusCode -eq 404) {
+            Write-Host "$desc does not exist,  continuing..."
+            Return
+        }
+
+        throw $_.Exception
+    }
+}
+
+function SkipNotExists {
+    param(
+        [Parameter(Mandatory)]
+        [string]$url,
+        [Parameter(Mandatory)]
+        [string]$desc
+    )
+    $ret = ""
+    try {
+        Invoke-WebRequest -Method HEAD -UseBasicParsing -ErrorAction Stop -Uri $url
+        Write-Host "$desc exists, continuing..."
+    } Catch {
+        if ($_.Exception.Response.StatusCode -eq 404) {
+            Write-Host "$desc does not exist, skipping ..."
+            Exit 2
+        }
+
+        throw $_.Exception
+    }
+}
+
+if ($args.Count -lt 1 -or $args[0].Length -lt 2) {
+    Write-Host "Usage: " $MyInvocation.MyCommand.Name "<version>"
+    Exit 1
+}
+
+$release = $args[0]
+$version = $release
+if ($release[0] -eq "v") {
+    $version = $release.Substring(1)
+} else {
+    $release = "v$release"
+}
+
+$base_url = "$ENV:FETCH_BASE_URL"
+if ($base_url.Length -le 0) {
+    $base_url = "https://github.com/containers/podman"
+}
+
+$ENV:UPLOAD_ASSET_NAME = "podman-$version-setup.exe"
+SkipExists "$base_url/releases/download/$release/podman-$version-setup.exe" "Installer"
+SkipNotExists "$base_url/releases/download/$release/podman-remote-release-windows_amd64.zip" "Windows client zip"
diff --git a/contrib/win-installer/podman-theme.wxl b/contrib/win-installer/podman-theme.wxl
new file mode 100644
index 000000000..7fea09054
--- /dev/null
+++ b/contrib/win-installer/podman-theme.wxl
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. -->
+
+
+<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">
+  <String Id="Caption">[WixBundleName] [VERSION] Setup</String>
+  <String Id="Title">[WixBundleName] [VERSION]</String>
+  <String Id="InstallHeader">Welcome to [WixBundleName] Setup</String>
+  <String Id="InstallMessage">Welcome to the [WixBundleName] [VERSION] setup wizard. This will install [WixBundleName] on your computer.
+
+Additionally, you have the option to also install WSL (required by podman) if it is not already enabled. This operation requires a reboot during the installation process. Alternatively, you can deselect the WSL checkbox, and install WSL manually using the wsl --install command.
+
+Finally, click install to continue, or Close to abort the installation.</String>
+  <String Id="InstallVersion">Version [WixBundleVersion]</String>
+  <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>
+  <String Id="ExecuteUpgradeRelatedBundleMessage">Previous version</String>
+  <String Id="HelpHeader">Setup Help</String>
+  <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or
+   creates a complete local copy of the bundle in directory. Install is the default.
+
+/passive | /quiet -  displays minimal UI with no prompts or displays no UI and
+   no prompts. By default UI and all prompts are displayed.
+
+/norestart   - suppress any attempts to restart. By default UI will prompt before restart.
+/log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>
+  <String Id="HelpCloseButton">&amp;Close</String>
+  <String Id="InstallLicenseLinkText">[WixBundleName] &lt;a href="#"&gt;license terms&lt;/a&gt;.</String>
+  <String Id="InstallAcceptCheckbox">I &amp;agree to the license terms and conditions</String>
+  <String Id="InstallOptionsButton">&amp;Options</String>
+  <String Id="InstallInstallButton">&amp;Install</String>
+  <String Id="InstallCloseButton">&amp;Close</String>
+  <String Id="OptionsHeader">Setup Options</String>
+  <String Id="OptionsLocationLabel">Install location:</String>
+  <String Id="OptionsBrowseButton">&amp;Browse</String>
+  <String Id="OptionsOkButton">&amp;OK</String>
+  <String Id="OptionsCancelButton">&amp;Cancel</String>
+  <String Id="ProgressHeader">Setup Progress</String>
+  <String Id="ProgressLabel">Processing:</String>
+  <String Id="OverallProgressPackageText">Initializing...</String>
+  <String Id="ProgressCancelButton">&amp;Cancel</String>
+  <String Id="ModifyHeader">Modify Setup</String>
+  <String Id="ModifyRepairButton">&amp;Repair</String>
+  <String Id="ModifyUninstallButton">&amp;Uninstall</String>
+  <String Id="ModifyCloseButton">&amp;Close</String>
+  <String Id="SuccessRepairHeader">Repair Successfully Completed</String>
+  <String Id="SuccessUninstallHeader">Uninstall Successfully Completed</String>
+  <String Id="SuccessInstallHeader">Installation Successfully Completed</String>
+  <String Id="SuccessHeader">Setup Successful</String>
+  <String Id="SuccessLaunchButton">&amp;Open Guide &amp;&amp; Close</String>
+  <String Id="SuccessRestartText">You must restart your computer before you can use the software.</String>
+  <String Id="SuccessRestartButton">&amp;Restart</String>
+  <String Id="SuccessCloseButton">&amp;Close</String>
+  <String Id="FailureHeader">Setup Failed</String>
+  <String Id="FailureInstallHeader">Setup Failed</String>
+  <String Id="FailureUninstallHeader">Uninstall Failed</String>
+  <String Id="FailureRepairHeader">Repair Failed</String>
+  <String Id="FailureHyperlinkLogText">One or more issues caused the setup to fail. Please fix the issues and then retry setup. For more information see the &lt;a href="#"&gt;log file&lt;/a&gt;.</String>
+  <String Id="FailureRestartText">You must restart your computer to complete the rollback of the software.</String>
+  <String Id="FailureRestartButton">&amp;Restart</String>
+  <String Id="FailureCloseButton">&amp;Close</String>
+  <String Id="FilesInUseHeader">Files In Use</String>
+  <String Id="FilesInUseLabel">The following applications are using files that need to be updated:</String>
+  <String Id="FilesInUseCloseRadioButton">Close the &amp;applications and attempt to restart them.</String>
+  <String Id="FilesInUseDontCloseRadioButton">&amp;Do not close applications. A reboot will be required.</String>
+  <String Id="FilesInUseOkButton">&amp;OK</String>
+  <String Id="FilesInUseCancelButton">&amp;Cancel</String>
+  <String Id="ErrorFailNoActionReboot">No action was taken as a system reboot is required.</String>
+</WixLocalization>
diff --git a/contrib/win-installer/podman-theme.xml b/contrib/win-installer/podman-theme.xml
new file mode 100644
index 000000000..8d7be5d72
--- /dev/null
+++ b/contrib/win-installer/podman-theme.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. -->
+
+
+<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">
+  <Window Width="600" Height="450" HexStyle="100a0000" FontId="0">#(loc.Title) Setup</Window>
+  <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
+  <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>
+  <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>
+  <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
+  <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>
+  <Font Id="5" Height="-28" Weight="500" Foreground="666666">Segoe UI</Font>
+  <Font Id="6" Height="-12" Weight="600" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
+  <!-- Divider -->
+  <Font Id="7" Height="-24" Weight="500" Foreground="000000" Background="E0E0E0">Segoe UI</Font>
+  <Text X="11" Y="-45" Width="-11" Height="2" FontId="7" Visible="yes"></Text>
+  <Page Name="Help">
+    <Image X="11" Y="11" Width="206" Height="64" ImageFile="logo.png"/>
+    <Text X="11" Y="80" Width="-11" Height="32" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</Text>
+    <Text X="11" Y="121" Width="-11" Height="-35" FontId="3" DisablePrefix="yes">#(loc.HelpText)</Text>
+    <Button Name="HelpCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.HelpCloseButton)</Button>
+  </Page>
+  <Page Name="Install">
+    <Image X="11" Y="11" Width="165" Height="364" ImageFile="logoside.png"/>
+    <Text X="185" Y="11" Width="-11" Height="40" FontId="5" DisablePrefix="yes">#(loc.InstallHeader)</Text>
+    <Text X="185" Y="82" Width="-11" Height="160" FontId="3" DisablePrefix="yes">#(loc.InstallMessage)</Text><!-- HexStyle="0x800000" -->
+
+    <Hypertext Name="EulaHyperlink" X="185" Y="-111" Width="-11" Height="17" TabStop="yes" FontId="3" HideWhenDisabled="yes">#(loc.InstallLicenseLinkText)</Hypertext>
+    <Text Name="InstallVersion" X="185" Y="-61" Width="-11" Height="17" FontId="3" DisablePrefix="yes" HideWhenDisabled="yes">#(loc.InstallVersion)</Text>
+    <Checkbox Name="WSLCheckbox" X="185" Y="250" Width="-11" Height="17" TabStop="yes" FontId="6" HideWhenDisabled="yes">Install WSL if not present</Checkbox>
+    <Button Name="OptionsButton" X="-171" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.InstallOptionsButton)</Button>
+    <Button Name="InstallButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.InstallInstallButton)</Button>
+    <Button Name="WelcomeCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.InstallCloseButton)</Button>
+  </Page>
+  <Page Name="Options">
+    <Image X="11" Y="11" Width="206" Height="64" ImageFile="logo.png"/>
+    <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.OptionsHeader)</Text>
+    <Text X="11" Y="121" Width="-11" Height="17" FontId="3">#(loc.OptionsLocationLabel)</Text>
+    <Editbox Name="FolderEditbox" X="11" Y="143" Width="-91" Height="21" TabStop="yes" FontId="3" FileSystemAutoComplete="yes" />
+    <Button Name="BrowseButton" X="-11" Y="142" Width="75" Height="23" TabStop="yes" FontId="3">#(loc.OptionsBrowseButton)</Button>
+
+    <Button Name="OptionsOkButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.OptionsOkButton)</Button>
+    <Button Name="OptionsCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.OptionsCancelButton)</Button>
+  </Page>
+  <Page Name="FilesInUse">
+    <Image X="11" Y="11" Width="206" Height="64" ImageFile="logo.png"/>
+    <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.FilesInUseHeader)</Text>
+    <Text X="11" Y="121" Width="-11" Height="34" FontId="3" DisablePrefix="yes">#(loc.FilesInUseLabel)</Text>
+    <Text Name="FilesInUseText" X="11" Y="150" Width="-11" Height="-86" FontId="3" DisablePrefix="yes" HexStyle="0x0000000C"></Text>
+
+    <Button Name="FilesInUseCloseRadioButton" X="11" Y="-70" Width="-11" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes" HexStyle="0x000009">#(loc.FilesInUseCloseRadioButton)</Button>
+    <Button Name="FilesInUseDontCloseRadioButton" X="11" Y="-50" Width="-11" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes" HexStyle="0x000009">#(loc.FilesInUseDontCloseRadioButton)</Button>
+
+    <Button Name="FilesInUseOkButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.FilesInUseOkButton)</Button>
+    <Button Name="FilesInUseCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.FilesInUseCancelButton)</Button>
+  </Page>
+  <Page Name="Progress">
+    <Image X="11" Y="11" Width="206" Height="64" ImageFile="logo.png"/>
+    <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.ProgressHeader)</Text>
+    <Text X="11" Y="141" Width="70" Height="17" FontId="3" DisablePrefix="yes">#(loc.ProgressLabel)</Text>
+    <Text Name="OverallProgressPackageText" X="85" Y="141" Width="-11" Height="17" FontId="3" DisablePrefix="yes">#(loc.OverallProgressPackageText)</Text>
+    <Progressbar Name="OverallCalculatedProgressbar" X="11" Y="163" Width="-11" Height="20" />
+    <Button Name="ProgressCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ProgressCancelButton)</Button>
+  </Page>
+  <Page Name="Modify">
+    <Text X="185" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
+    <Image X="11" Y="11" Width="165" Height="364" ImageFile="logoside.png"/>
+    <Text X="185" Y="50" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.ModifyHeader)</Text>
+    <Button Name="RepairButton" X="-171" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.ModifyRepairButton)</Button>
+    <Button Name="UninstallButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ModifyUninstallButton)</Button>
+    <Button Name="ModifyCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ModifyCloseButton)</Button>
+  </Page>
+  <Page Name="Success">
+    <Text X="185" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
+    <Image X="11" Y="11" Width="165" Height="364" ImageFile="logoside.png"/>
+    <Text Name="SuccessHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessHeader)</Text>
+    <Text Name="SuccessInstallHeader" X="185" Y="50" Width="-11" Height="100" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessInstallHeader)</Text>
+    <Text Name="SuccessRepairHeader" X="185" Y="50" Width="-11" Height="100" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessRepairHeader)</Text>
+    <Text Name="SuccessUninstallHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessUninstallHeader)</Text>
+    <Button Name="LaunchButton" X="-91" Y="-11" Width="125" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.SuccessLaunchButton)</Button>
+    <Text Name="SuccessRestartText" X="185" Y="-51" Width="400" Height="34" FontId="3" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessRestartText)</Text>
+    <Button Name="SuccessRestartButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.SuccessRestartButton)</Button>
+    <Button Name="SuccessCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.SuccessCloseButton)</Button>
+  </Page>
+  <Page Name="Failure">
+    <Image X="11" Y="11" Width="165" Height="364" ImageFile="logoside.png"/>
+    <Text Name="FailureHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureHeader)</Text>
+    <Text Name="FailureInstallHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureInstallHeader)</Text>
+    <Text Name="FailureUninstallHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureUninstallHeader)</Text>
+    <Text Name="FailureRepairHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureRepairHeader)</Text>
+    <Hypertext Name="FailureLogFileLink" X="185" Y="121" Width="-11" Height="68" FontId="3" TabStop="yes" HideWhenDisabled="yes">#(loc.FailureHyperlinkLogText)</Hypertext>
+    <Hypertext Name="FailureMessageText" X="185" Y="-115" Width="-11" Height="80" FontId="3" TabStop="yes" HideWhenDisabled="yes" />
+    <Text Name="FailureRestartText" X="185" Y="-57" Width="-11" Height="80" FontId="3" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureRestartText)</Text>
+    <Button Name="FailureRestartButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.FailureRestartButton)</Button>
+    <Button Name="FailureCloseButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.FailureCloseButton)</Button>
+  </Page>
+</Theme>
diff --git a/contrib/win-installer/podman-ui.wxs b/contrib/win-installer/podman-ui.wxs
new file mode 100644
index 000000000..127045950
--- /dev/null
+++ b/contrib/win-installer/podman-ui.wxs
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License.  -->
+
+<!--
+First-time install dialog sequence:
+ - WixUI_WelcomeEulaDlg
+
+Maintenance dialog sequence:
+ WixUI_MaintenanceWelcomeDlg
+ - WixUI_MaintenanceTypeDlg
+ - WixUI_VerifyReadyDlg
+
+Patch dialog sequence:
+ - WixUI_WelcomeDlg
+ - WixUI_VerifyReadyDlg
+-->
+
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+    <Fragment>
+        <UI Id="PodmanUI">
+            <TextStyle Id="WixUI_Font_Normal" FaceName="Tahoma" Size="8" />
+            <TextStyle Id="WixUI_Font_Bigger" FaceName="Tahoma" Size="12" />
+            <TextStyle Id="WixUI_Font_Title" FaceName="Tahoma" Size="9" Bold="yes" />
+
+            <Property Id="DefaultUIFont" Value="WixUI_Font_Normal" />
+            <Property Id="WixUI_Mode" Value="Minimal" />
+
+            <DialogRef Id="ErrorDlg" />
+            <DialogRef Id="FatalError" />
+            <DialogRef Id="FilesInUse" />
+            <DialogRef Id="MsiRMFilesInUse" />
+            <DialogRef Id="PrepareDlg" />
+            <DialogRef Id="ProgressDlg" />
+            <DialogRef Id="ResumeDlg" />
+            <DialogRef Id="UserExit" />
+            <DialogRef Id="WelcomeDlg" />
+            <DialogRef Id="WelcomeInstallDlg" />
+
+            <Publish Dialog="ExitDialog" Control="Finish" Event="EndDialog" Value="Return" Order="999">1</Publish>
+
+            <Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="MaintenanceTypeDlg">1</Publish>
+
+            <Publish Dialog="MaintenanceWelcomeDlg" Control="Next" Event="NewDialog" Value="MaintenanceTypeDlg">1</Publish>
+
+            <Publish Dialog="MaintenanceTypeDlg" Control="RepairButton" Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
+            <Publish Dialog="MaintenanceTypeDlg" Control="RemoveButton" Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
+            <Publish Dialog="MaintenanceTypeDlg" Control="Back" Event="NewDialog" Value="MaintenanceWelcomeDlg">1</Publish>
+
+            <Publish Dialog="WelcomeDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg">Installed AND PATCH</Publish>
+            <Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="WelcomeDlg" Order="2">Installed AND PATCH</Publish>
+
+            <InstallUISequence>
+                <Show Dialog="WelcomeDlg" Before="WelcomeInstallDlg">Installed AND PATCH</Show>
+                <Show Dialog="WelcomeInstallDlg" Before="ProgressDlg">(NOT Installed) AND NOT AFTERREBOOT</Show>
+            </InstallUISequence>
+
+            <Property Id="ARPNOMODIFY" Value="1" />
+        </UI>
+
+        <UIRef Id="WixUI_Common" />
+    </Fragment>
+</Wix>
diff --git a/contrib/win-installer/podman.wxs b/contrib/win-installer/podman.wxs
new file mode 100644
index 000000000..b61bb2802
--- /dev/null
+++ b/contrib/win-installer/podman.wxs
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
+     xmlns:PanelSW="http://schemas.panel-sw.co.il/wix/WixExtension">
+
+  <?ifndef var.VERSION?>
+  <?error VERSION must be defined via command line argument?>
+  <?endif?>
+
+  <Product Name="Podman $(var.VERSION)" Id="*" UpgradeCode="696BAB5D-CA1F-4B05-B123-320F245B8D6D" Version="$(var.VERSION)" Language="1033" Manufacturer="Red Hat Inc.">
+
+    <Package Id="*" Platform="x64" Keywords="Installer" Description="Red Hat's Podman $(var.VERSION) Installer" Comments="Apache 2.0 License" Manufacturer="Red Hat Inc." InstallScope="perMachine" InstallerVersion="200" Compressed="yes"/>
+
+    <Media Id="1" Cabinet="Podman.cab" EmbedCab="yes"/>
+    <MajorUpgrade AllowDowngrades="yes"/>
+    <Property Id="DiskPrompt" Value="Red Hat's Podman $(var.VERSION) Installation"/>
+    <SetProperty Id="WSL_INSTALL" Before="AppSearch" Value="1" Sequence="first">NOT (WITH_WSL = 0)</SetProperty>
+    <Directory Id="TARGETDIR" Name="SourceDir">
+      <Directory Id="ProgramFiles64Folder" Name="PFiles">
+        <Directory Id="RedHatPFiles" Name="RedHat">
+          <Directory Id="INSTALLDIR" Name="Podman">
+            <Component Id="INSTALLDIR_Component" Guid="14B310C4-9B5D-4DA5-ADF9-B9D008E4CD82" Win64="yes">
+              <CreateFolder/>
+            </Component>
+            <Component Id="MainExecutable" Guid="73752F94-6589-4C7B-ABED-39D655A19714" Win64="yes">
+              <File Id="MainExecutableFile" Name="podman.exe" Source="artifacts/podman.exe" KeyPath="yes"/>
+            </Component>
+            <Component Id="WinSshProxyExecutable" Guid="0DA730AB-2F97-40E8-A8FC-356E88EAA4D2" Win64="yes">
+              <File Id="WinSshProxyExecutableFile" Name="win-sshproxy.exe" Source="artifacts/win-sshproxy.exe" KeyPath="yes"/>
+            </Component>
+            <Component Id="GuideHTMLComponent" Guid="8B23C76B-F7D4-4030-8C46-1B5729E616B5" Win64="yes">
+              <File Id="GuideHTMLFile"  Name="welcome-podman.html" Source="docs/podman-for-windows.html" KeyPath="yes"/>
+            </Component>
+          </Directory>
+        </Directory>
+      </Directory>
+      <Directory Id="EnvEntries">
+        <Component Id="EnvEntriesComponent" Guid="b662ec43-0e0e-4018-8bf3-061904bb8f5b" Win64="yes">
+          <CreateFolder />
+          <Environment Id='UpdatePath' Name='PATH' Action='set' Permanent='no' System='yes' Part='last' Value='[INSTALLDIR]' />
+        </Component>
+      </Directory>
+    </Directory>
+
+    <CustomAction Id="OpenGuide" BinaryKey="WixCA" DllEntry="WixShellExec" Impersonate="yes" />
+    <CustomAction Id="CheckWSL" BinaryKey="PodmanHooks" Execute="immediate" DllEntry="CheckWSL" />
+    <CustomActionRef Id="WixBroadcastEnvironmentChange" />
+    <ComponentGroup Id="WSLFeature" Directory="INSTALLDIR">
+      <Component>
+        <Condition>(NOT Installed) AND WSL_INSTALL = 1 AND HAS_WSLFEATURE = 0</Condition>
+        <File Source="$(sys.SOURCEFILEPATH)"/>
+        <PanelSW:Dism EnableFeature="VirtualMachinePlatform" ErrorHandling="prompt"/>
+        <PanelSW:Dism EnableFeature="Microsoft-Windows-Subsystem-Linux" ErrorHandling="prompt"/>
+      </Component>
+    </ComponentGroup>
+    <Feature Id="Complete" Level="1">
+      <ComponentRef Id="INSTALLDIR_Component"/>
+      <ComponentRef Id="EnvEntriesComponent"/>
+      <ComponentRef Id="MainExecutable"/>
+      <ComponentRef Id="WinSshProxyExecutable"/>
+      <ComponentRef Id="GuideHTMLComponent"/>
+      <ComponentGroupRef Id="ManFiles"/>
+      <ComponentGroupRef Id="WSLFeature"/>
+    </Feature>
+
+    <Icon Id="podman.ico" SourceFile="resources/podman-logo.ico"/>
+    <Property Id="ARPPRODUCTICON" Value="podman.ico"/>
+    <Property Id="WixShellExecTarget" Value="[#GuideHTMLFile]" />
+    <Property Id="WIXUI_EXITDIALOGOPTIONALCHECKBOXTEXT" Value="Show Getting Started Guide" />
+    <Property Id="WIXUI_EXITDIALOGOPTIONALCHECKBOX" Value="1" />
+    <WixVariable Id="WixUIBannerBmp" Value="resources\podman-banner.png" />
+    <WixVariable Id="WixUIDialogBmp" Value="resources\podman-dialog.png" />
+    <UIRef Id="PodmanUI"/>
+    <UI>
+      <Publish Dialog="ExitDialog" Control="Finish" Event="DoAction"
+               Value="OpenGuide">WIXUI_EXITDIALOGOPTIONALCHECKBOX = 1 and NOT Installed</Publish>
+    </UI>
+
+    <InstallExecuteSequence>
+      <Custom Action="CheckWSL" After="SetWSL_INSTALL">WSL_INSTALL = 1</Custom>
+      <ForceReboot Before="StopServices">(NOT Installed) AND WSL_INSTALL = 1 AND HAS_WSLFEATURE = 0 AND NOT AFTERREBOOT</ForceReboot>
+    </InstallExecuteSequence>
+    <Binary Id="PodmanHooks" SourceFile="artifacts/podman-msihooks.dll" />
+  </Product>
+</Wix>
diff --git a/contrib/win-installer/process-release.ps1 b/contrib/win-installer/process-release.ps1
new file mode 100644
index 000000000..ba7b47f4b
--- /dev/null
+++ b/contrib/win-installer/process-release.ps1
@@ -0,0 +1,158 @@
+function Copy-Artifact {
+    param(
+        [Parameter(Mandatory)]
+        [string]$fileName
+    )
+    $file = Get-ChildItem -Recurse -Path . -Name $fileName
+    if (!$file) {
+        throw "Could not find $filename"
+    }
+    Write-Host "file:" $file
+    Copy-Item -Path $file -Destination "..\artifacts\$filename" -ErrorAction Stop
+}
+
+function DownloadOrSkip {
+    param(
+        [Parameter(Mandatory)]
+        [string]$url,
+        [Parameter(Mandatory)]
+        [string]$file
+    )
+    $ProgressPreference = 'SilentlyContinue';
+    try {
+        Invoke-WebRequest -UseBasicParsing -ErrorAction Stop -Uri $url -OutFile $file
+    } Catch {
+        if ($_.Exception.Response.StatusCode -eq 404) {
+            Write-Host "URL not available, signaling skip:"
+            Write-Host "URL: $url"
+            Exit 2
+        }
+
+        throw $_.Exception
+    }
+}
+
+function DownloadOptional {
+    param(
+        [Parameter(Mandatory)]
+        [string]$url,
+        [Parameter(Mandatory)]
+        [string]$file
+    )
+    $ProgressPreference = 'SilentlyContinue';
+    try {
+        Invoke-WebRequest -UseBasicParsing -ErrorAction Stop -Uri $url -OutFile $file
+    } Catch {
+    }
+
+    Return
+}
+
+
+if ($args.Count -lt 1) {
+    Write-Host "Usage: " $MyInvocation.MyCommand.Name "<version> [release_dir]"
+    Exit 1
+}
+
+$releaseDir = ""
+if ($args.Count -gt 1 -and $args[1].Length -gt 0) {
+    $path = $args[1]
+    $releaseDir = (Resolve-Path -Path "$path" -ErrorAction Stop).Path
+}
+
+
+$base_url = "$ENV:FETCH_BASE_URL"
+if ($base_url.Length -le 0) {
+    $base_url = "https://github.com/containers/podman"
+}
+
+$version = $args[0]
+if ($version -notmatch '^v?([0-9]+\.[0-9]+\.[0-9]+)(-.*)?$') {
+    Write-Host "Invalid version"
+    Exit 1
+}
+
+# WiX burn requires a QWORD version only, numeric only
+$Env:INSTVER=$Matches[1]
+
+if ($version[0] -ne 'v') {
+    $version = 'v' + $version
+}
+
+$restore = 0
+$exitCode = 0
+
+try {
+    Write-Host "Cleaning up old artifacts"
+    Remove-Item -Force -Recurse -Path .\docs -ErrorAction SilentlyContinue | Out-Null
+    Remove-Item -Force -Recurse -Path .\artifacts -ErrorAction SilentlyContinue | Out-Null
+    Remove-Item -Force -Recurse -Path .\fetch -ErrorAction SilentlyContinue | Out-Null
+
+    New-Item fetch -ItemType Directory | Out-Null
+    New-Item artifacts -ItemType Directory | Out-Null
+
+    Write-Host "Fetching zip release"
+
+    Push-Location fetch -ErrorAction Stop
+    $restore = 1
+    $ProgressPreference = 'SilentlyContinue';
+
+    if ($releaseDir.Length -gt 0) {
+        Copy-Item -Path "$releaseDir/podman-remote-release-windows_amd64.zip" "release.zip"
+    } else {
+        DownloadOrSkip "$base_url/releases/download/$version/podman-remote-release-windows_amd64.zip"  "release.zip"
+        DownloadOptional "$base_url/releases/download/$version/shasums" ..\shasums
+    }
+    Expand-Archive -Path release.zip
+    $loc = Get-ChildItem -Recurse -Path . -Name win-sshproxy.exe
+    if (!$loc) {
+        if ($releaseDir.Length -gt 0) {
+            throw "Release dir only supports zip which includes win-sshproxy.exe"
+        }
+        Write-Host "Old release, zip does not include win-sshproxy.exe, fetching via msi"
+        DownloadOrSkip "$base_url/releases/download/$version/podman-$version.msi" "podman.msi"
+        dark -x expand ./podman.msi
+        if (!$?) {
+            throw "Dark command failed"
+        }
+        $loc = Get-ChildItem -Recurse -Path expand -Name 4A2AD125-34E7-4BD8-BE28-B2A9A5EDBEB5
+        if (!$loc) {
+            throw "Could not obtain win-sshproxy.exe"
+        }
+        Copy-Item -Path "expand\$loc" -Destination "win-sshproxy.exe" -ErrorAction Stop
+        Remove-Item -Recurse -Force -Path expand
+    }
+
+    Write-Host "Copying artifacts"
+    Foreach ($fileName in "win-sshproxy.exe", "podman.exe") {
+        Copy-Artifact($fileName)
+    }
+
+    $docsloc = Get-ChildItem -Path . -Name docs -Recurse
+    $loc = Get-ChildItem -Recurse -Path . -Name podman-for-windows.html
+    if (!$loc) {
+        Write-Host "Old release did not include welcome page, using podman-machine instead"
+        $loc = Get-ChildItem -Recurse -Path . -Name podman-machine.html
+        Copy-Item -Path $loc -Destination "$docsloc\podman-for-windows.html"
+    }
+
+    Write-Host "Copying docs"
+    Copy-Item -Recurse -Path $docsloc -Destination ..\docs -ErrorAction Stop
+    Write-Host "Done!"
+
+    if (!$loc) {
+        throw "Could not find docs"
+    }
+}
+catch {
+    Write-Host $_
+
+    $exitCode = 1
+}
+finally {
+    if ($restore) {
+        Pop-Location
+    }
+}
+
+exit $exitCode
diff --git a/contrib/win-installer/resources/podman-banner.png b/contrib/win-installer/resources/podman-banner.png
new file mode 100644
index 000000000..e5070db98
--- /dev/null
+++ b/contrib/win-installer/resources/podman-banner.png
diff --git a/contrib/win-installer/resources/podman-banner2.png b/contrib/win-installer/resources/podman-banner2.png
new file mode 100644
index 000000000..88ee1bfad
--- /dev/null
+++ b/contrib/win-installer/resources/podman-banner2.png
diff --git a/contrib/win-installer/resources/podman-dialog.png b/contrib/win-installer/resources/podman-dialog.png
new file mode 100644
index 000000000..cf0c49d98
--- /dev/null
+++ b/contrib/win-installer/resources/podman-dialog.png
diff --git a/contrib/win-installer/resources/podman-logo.ico b/contrib/win-installer/resources/podman-logo.ico
new file mode 100644
index 000000000..cb1dab6a7
--- /dev/null
+++ b/contrib/win-installer/resources/podman-logo.ico
diff --git a/contrib/win-installer/resources/podman-logo.png b/contrib/win-installer/resources/podman-logo.png
new file mode 100644
index 000000000..5df6453a8
--- /dev/null
+++ b/contrib/win-installer/resources/podman-logo.png
diff --git a/contrib/win-installer/resources/podman-sidebar.png b/contrib/win-installer/resources/podman-sidebar.png
new file mode 100644
index 000000000..cc0249706
--- /dev/null
+++ b/contrib/win-installer/resources/podman-sidebar.png
diff --git a/contrib/win-installer/welcome-install-dlg.wxs b/contrib/win-installer/welcome-install-dlg.wxs
new file mode 100644
index 000000000..cc0f1c643
--- /dev/null
+++ b/contrib/win-installer/welcome-install-dlg.wxs
@@ -0,0 +1,31 @@
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+    <Fragment>
+        <UI>
+            <Dialog Id="WelcomeInstallDlg" Width="370" Height="270" Title="!(loc.WelcomeDlg_Title)">
+                <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="!(loc.WelcomeDlgBitmap)" />
+                <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="60" Transparent="yes" NoPrefix="yes" Text="!(loc.WelcomeDlgTitle)" />
+                <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="370" Height="0" />
+                <Control Id="Description" Type="Text" X="135" Y="80" Width="220" Height="60" Transparent="yes" NoPrefix="yes" Text="!(loc.WelcomeDlgDescription)" />
+                <Control Id="WSLInstallCheckbox" Type="CheckBox" X="135" Y="135" Width="226" Height="18" CheckBoxValue="1" Property="WSL_INSTALL" Default="no" Text="Install WSL Feature (if needed)" />
+
+                <Control Id="Back" Type="PushButton" X="156" Y="243" Width="56" Height="17" Disabled="yes" Text="!(loc.WixUIBack)"/>
+                <Control Id="Install" Type="PushButton" ElevationShield="yes" X="212" Y="243" Width="80" Height="17" Default="yes" Text="!(loc.WelcomeEulaDlgInstall)">
+                    <Publish Event="SpawnWaitDialog" Value="WaitForCostingDlg">!(wix.WixUICostingPopupOptOut) OR CostingComplete = 1</Publish>
+                    <Publish Event="EndDialog" Value="Return"><![CDATA[OutOfDiskSpace <> 1]]></Publish>
+                    <Publish Event="SpawnDialog" Value="OutOfRbDiskDlg">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND (PROMPTROLLBACKCOST="P" OR NOT PROMPTROLLBACKCOST)</Publish>
+                    <Publish Event="EndDialog" Value="Return">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+                    <Publish Event="EnableRollback" Value="False">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+                    <Publish Event="SpawnDialog" Value="OutOfDiskDlg">(OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 1) OR (OutOfDiskSpace = 1 AND PROMPTROLLBACKCOST="F")</Publish>
+                </Control>
+                <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="!(loc.WixUICancel)">
+                    <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+                </Control>
+
+            </Dialog>
+        </UI>
+
+        <InstallUISequence>
+            <Show Dialog="WelcomeInstallDlg" Before="ProgressDlg" Overridable="yes">NOT Installed</Show>
+        </InstallUISequence>
+    </Fragment>
+</Wix>
diff --git a/docs/Makefile b/docs/Makefile
index fb67e266c..4e982e27f 100644
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -7,13 +7,15 @@ SPHINXOPTS    ?=
 SPHINXBUILD   ?= sphinx-build
 SOURCEDIR     = source
 BUILDDIR      = build
+RM            ?= rm
 
 # Put it first so that "make" without argument is like "make help".
 help:
 	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 
 clean:
-	rm -fr build/
+	$(RM) -fr build
+	cd source/markdown && $(RM) -f $$(<.gitignore)
 
 .PHONY: help Makefile
 
diff --git a/docs/README.md b/docs/README.md
index 0f2af16d6..abe7d7758 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -13,7 +13,6 @@ link on that page.
 | ------------------------------------ | --------------------------- |
 | Markdown source for man pages        | docs/source/markdown/       |
 | man pages aliases as .so files       | docs/source/markdown/links/ |
-| restructured text for readthedocs.io | docs/rst/                   |
 | target for output                    | docs/build                  |
 | man pages                            | docs/build/man              |
 | remote linux man pages               | docs/build/remote/linux     |
@@ -60,16 +59,24 @@ incorrect, or the file isn't accessible for some other reason.
 
 ## Local Testing
 
-Assuming that you have the [dependencies](https://podman.io/getting-started/installation#build-and-run-dependencies)
+To build standard man pages, run `make docs`. Results will be in `docs/build/man`.
+
+To build HTMLized man pages: Assuming that you have the
+[dependencies](https://podman.io/getting-started/installation#build-and-run-dependencies)
 installed, then also install (showing Fedora in the example):
 
 ```
-# dnf install python3-sphinx python3-recommonmark
-# pip install sphinx-markdown-tables
+$ sudo dnf install python3-sphinx python3-recommonmark
+$ pip install sphinx-markdown-tables myst_parser
 ```
+(The above dependencies are current as of 2022-09-15. If you experience problems,
+please see [requirements.txt](requirements.txt) in this directory, it will almost
+certainly be more up-to-date than this README.)
+
 After that completes, cd to the `docs` directory in your Podman sandbox and then do `make html`.
 
 You can then preview the html files in `docs/build/html` with:
 ```
 python -m http.server 8000 --directory build/html
 ```
+...and point your web browser at `http://localhost:8000/`
diff --git a/docs/source/conf.py b/docs/source/conf.py
index 505bcbec7..345e289e1 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -15,6 +15,19 @@
 # sys.path.insert(0, os.path.abspath('.'))
 
 import re
+import os
+import subprocess
+
+# We have to run the preprocessor to create the actual markdown files from .in files.
+# Do it here so the it can work on readthedocs as well.
+path = os.path.join(os.path.abspath(os.path.dirname(
+    __file__)), "../../hack/markdown-preprocess")
+p = subprocess.Popen(path,
+                     stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+out, err = p.communicate()
+if p.returncode != 0:
+    raise Exception("failed to run markdown-preprocess", out, err)
+
 
 # -- Project information -----------------------------------------------------
 
@@ -73,12 +86,12 @@ def convert_markdown_title(app, docname, source):
     if docpath.endswith(".md"):
         # Convert pandoc title line into eval_rst block for myst_parser
         #
-        # Remove the ending "(1)" to avoid it from being displayed
+        # Remove the ending " 1" (section) to avoid it from being displayed
         # in the web tab. Often such a text indicates that
         # a web page got an update. For instance GitHub issues
         # shows the number of new comments that have been written
         # after the user's last visit.
-        source[0] = re.sub(r"^% (.*)(\(\d\))", r"```{title} \g<1>\n```", source[0])
+        source[0] = re.sub(r"^% (.*)\s(\d)", r"```{title} \g<1>\n```", source[0])
 
 def setup(app):
     app.connect("source-read", convert_markdown_title)
diff --git a/docs/source/markdown/.gitignore b/docs/source/markdown/.gitignore
new file mode 100644
index 000000000..af4c5360b
--- /dev/null
+++ b/docs/source/markdown/.gitignore
@@ -0,0 +1,34 @@
+podman-auto-update.1.md
+podman-build.1.md
+podman-container-clone.1.md
+podman-container-runlabel.1.md
+podman-create.1.md
+podman-exec.1.md
+podman-image-sign.1.md
+podman-kill.1.md
+podman-kube-play.1.md
+podman-login.1.md
+podman-logout.1.md
+podman-logs.1.md
+podman-manifest-add.1.md
+podman-manifest-create.1.md
+podman-manifest-push.1.md
+podman-pause.1.md
+podman-pod-clone.1.md
+podman-pod-create.1.md
+podman-pod-kill.1.md
+podman-pod-logs.1.md
+podman-pod-rm.1.md
+podman-pod-start.1.md
+podman-pod-stats.1.md
+podman-pod-stop.1.md
+podman-pull.1.md
+podman-push.1.md
+podman-rm.1.md
+podman-run.1.md
+podman-search.1.md
+podman-start.1.md
+podman-stats.1.md
+podman-stop.1.md
+podman-unpause.1.md
+podman-update.1.md
diff --git a/docs/source/markdown/links/podman-container-update.1 b/docs/source/markdown/links/podman-container-update.1
new file mode 100644
index 000000000..e903b5c06
--- /dev/null
+++ b/docs/source/markdown/links/podman-container-update.1
@@ -0,0 +1 @@
+.so man1/podman-update.1
diff --git a/docs/source/markdown/links/podman-generate-kube.1 b/docs/source/markdown/links/podman-generate-kube.1
new file mode 100644
index 000000000..f726a4222
--- /dev/null
+++ b/docs/source/markdown/links/podman-generate-kube.1
@@ -0,0 +1 @@
+.so man1/podman-kube-generate.1
diff --git a/docs/source/markdown/options/README.md b/docs/source/markdown/options/README.md
new file mode 100644
index 000000000..d8b608fb7
--- /dev/null
+++ b/docs/source/markdown/options/README.md
@@ -0,0 +1,47 @@
+Common Man Page Options
+=======================
+
+This subdirectory contains option (flag) names and descriptions
+common to multiple podman man pages. Each file is one option. The
+filename does not necessarily need to be identical to the option
+name: for instance, `hostname.container.md` and `hostname.pod.md`
+exist because the **--hostname** option is sufficiently different
+between `podman-{create,run}` and `podman-pod-{create,run}` to
+warrant living separately.
+
+How
+===
+
+The files here are included in `podman-*.md.in` files using the `@@option`
+mechanism:
+
+```
+@@option foo           ! will include options/foo.md
+```
+
+The tool that does this is `hack/markdown-preprocess`. It is a python
+script because it needs to run on `readthedocs.io`. From a given `.md.in`
+file, this script will create a `.md` file that can then be read by
+`go-md2man`, `sphinx`, anything that groks markdown. This runs as
+part of `make docs`.
+
+Special Substitutions
+=====================
+
+Some options are almost identical except for 'pod' vs 'container'
+differences. For those, use `<<text for pods|text for containers>>`.
+Order is immaterial: the important thing is the presence of the
+string "`pod`" in one half but not the other. The correct string
+will be chosen based on the filename: if the file contains `-pod`,
+such as `podman-pod-create`, the string with `pod` (case-insensitive)
+in it will be chosen.
+
+The string `<<subcommand>>` will be replaced with the podman subcommand
+as determined from the filename, e.g., `create` for `podman-create.1.md.in`.
+This allows the shared use of examples in the option file:
+```
+    Example: podman <<subcommand>> --foo --bar
+```
+As a special case, `podman-pod-X` becomes just `X` (the "pod" is removed).
+This makes the `pod-id-file` man page more useful. To get the full
+subcommand including 'pod', use `<<fullsubcommand>>`.
diff --git a/docs/source/markdown/options/add-host.md b/docs/source/markdown/options/add-host.md
new file mode 100644
index 000000000..a6021cd3b
--- /dev/null
+++ b/docs/source/markdown/options/add-host.md
@@ -0,0 +1,6 @@
+#### **--add-host**=*host:ip*
+
+Add a custom host-to-IP mapping (host:ip)
+
+Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
+option can be set multiple times. Conflicts with the **--no-hosts** option.
diff --git a/docs/source/markdown/options/annotation.container.md b/docs/source/markdown/options/annotation.container.md
new file mode 100644
index 000000000..0d155e5e4
--- /dev/null
+++ b/docs/source/markdown/options/annotation.container.md
@@ -0,0 +1,3 @@
+#### **--annotation**=*key=value*
+
+Add an annotation to the container<<| or pod>>. This option can be set multiple times.
diff --git a/docs/source/markdown/options/arch.md b/docs/source/markdown/options/arch.md
new file mode 100644
index 000000000..76fb349a0
--- /dev/null
+++ b/docs/source/markdown/options/arch.md
@@ -0,0 +1,3 @@
+#### **--arch**=*ARCH*
+Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`.
+Unless overridden, subsequent lookups of the same image in the local storage will match this architecture, regardless of the host.
diff --git a/docs/source/markdown/options/authfile.md b/docs/source/markdown/options/authfile.md
new file mode 100644
index 000000000..d6198aa24
--- /dev/null
+++ b/docs/source/markdown/options/authfile.md
@@ -0,0 +1,6 @@
+#### **--authfile**=*path*
+
+Path of the authentication file. Default is `${XDG_RUNTIME_DIR}/containers/auth.json`, which is set using **[podman login](podman-login.1.md)**.
+If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using **docker login**.
+
+Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**.
diff --git a/docs/source/markdown/options/blkio-weight-device.md b/docs/source/markdown/options/blkio-weight-device.md
new file mode 100644
index 000000000..55c5fd4fd
--- /dev/null
+++ b/docs/source/markdown/options/blkio-weight-device.md
@@ -0,0 +1,3 @@
+#### **--blkio-weight-device**=*device:weight*
+
+Block IO relative device weight.
diff --git a/docs/source/markdown/options/blkio-weight.md b/docs/source/markdown/options/blkio-weight.md
new file mode 100644
index 000000000..04a1071c0
--- /dev/null
+++ b/docs/source/markdown/options/blkio-weight.md
@@ -0,0 +1,5 @@
+#### **--blkio-weight**=*weight*
+
+Block IO relative weight. The _weight_ is a value between **10** and **1000**.
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cap-add.md b/docs/source/markdown/options/cap-add.md
new file mode 100644
index 000000000..4476afebb
--- /dev/null
+++ b/docs/source/markdown/options/cap-add.md
@@ -0,0 +1,3 @@
+#### **--cap-add**=*capability*
+
+Add Linux capabilities.
diff --git a/docs/source/markdown/options/cap-drop.md b/docs/source/markdown/options/cap-drop.md
new file mode 100644
index 000000000..8d7371ea2
--- /dev/null
+++ b/docs/source/markdown/options/cap-drop.md
@@ -0,0 +1,3 @@
+#### **--cap-drop**=*capability*
+
+Drop Linux capabilities.
diff --git a/docs/source/markdown/options/cert-dir.md b/docs/source/markdown/options/cert-dir.md
new file mode 100644
index 000000000..4d05075cf
--- /dev/null
+++ b/docs/source/markdown/options/cert-dir.md
@@ -0,0 +1,5 @@
+#### **--cert-dir**=*path*
+
+Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
+Please refer to **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** for details.
+(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
diff --git a/docs/source/markdown/options/cgroup-conf.md b/docs/source/markdown/options/cgroup-conf.md
new file mode 100644
index 000000000..91d724ab6
--- /dev/null
+++ b/docs/source/markdown/options/cgroup-conf.md
@@ -0,0 +1,3 @@
+#### **--cgroup-conf**=*KEY=VALUE*
+
+When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB.
diff --git a/docs/source/markdown/options/cgroup-parent.md b/docs/source/markdown/options/cgroup-parent.md
new file mode 100644
index 000000000..f376e4860
--- /dev/null
+++ b/docs/source/markdown/options/cgroup-parent.md
@@ -0,0 +1,5 @@
+#### **--cgroup-parent**=*path*
+
+Path to cgroups under which the cgroup for the <<container|pod>> will be created. If the
+path is not absolute, the path is considered to be relative to the cgroups path
+of the init process. Cgroups will be created if they do not already exist.
diff --git a/docs/source/markdown/options/cgroupns.md b/docs/source/markdown/options/cgroupns.md
new file mode 100644
index 000000000..6117b3fe1
--- /dev/null
+++ b/docs/source/markdown/options/cgroupns.md
@@ -0,0 +1,10 @@
+#### **--cgroupns**=*mode*
+
+Set the cgroup namespace mode for the container.
+
+- **host**: use the host's cgroup namespace inside the container.
+- **container:**_id_: join the namespace of the specified container.
+- **private**: create a new cgroup namespace.
+- **ns:**_path_: join the namespace at the specified path.
+
+If the host uses cgroups v1, the default is set to **host**. On cgroups v2, the default is **private**.
diff --git a/docs/source/markdown/options/cgroups.md b/docs/source/markdown/options/cgroups.md
new file mode 100644
index 000000000..0dbbb15f3
--- /dev/null
+++ b/docs/source/markdown/options/cgroups.md
@@ -0,0 +1,10 @@
+#### **--cgroups**=*how*
+
+Determines whether the container will create CGroups.
+
+Default is **enabled**.
+
+The **enabled** option will create a new cgroup under the cgroup-parent.
+The **disabled** option will force the container to not create CGroups, and thus conflicts with CGroup options (**--cgroupns** and **--cgroup-parent**).
+The **no-conmon** option disables a new CGroup only for the **conmon** process.
+The **split** option splits the current CGroup in two sub-cgroups: one for conmon and one for the container payload. It is not possible to set **--cgroup-parent** with **split**.
diff --git a/docs/source/markdown/options/chrootdirs.md b/docs/source/markdown/options/chrootdirs.md
new file mode 100644
index 000000000..624a10624
--- /dev/null
+++ b/docs/source/markdown/options/chrootdirs.md
@@ -0,0 +1,5 @@
+#### **--chrootdirs**=*path*
+
+Path to a directory inside the container that should be treated as a `chroot` directory.
+Any Podman managed file (e.g., /etc/resolv.conf, /etc/hosts, etc/hostname) that is mounted into the root directory will be mounted into that location as well.
+Multiple directories should be separated with a comma.
diff --git a/docs/source/markdown/options/cidfile.read.md b/docs/source/markdown/options/cidfile.read.md
new file mode 100644
index 000000000..414700fca
--- /dev/null
+++ b/docs/source/markdown/options/cidfile.read.md
@@ -0,0 +1,4 @@
+#### **--cidfile**=*file*
+
+Read container ID from the specified *file* and <<subcommand>> the container.
+Can be specified multiple times.
diff --git a/docs/source/markdown/options/cidfile.write.md b/docs/source/markdown/options/cidfile.write.md
new file mode 100644
index 000000000..b5e7435b2
--- /dev/null
+++ b/docs/source/markdown/options/cidfile.write.md
@@ -0,0 +1,3 @@
+#### **--cidfile**=*file*
+
+Write the container ID to *file*.
diff --git a/docs/source/markdown/options/color.md b/docs/source/markdown/options/color.md
new file mode 100644
index 000000000..343c79c88
--- /dev/null
+++ b/docs/source/markdown/options/color.md
@@ -0,0 +1,3 @@
+#### **--color**
+
+Output the containers with different colors in the log.
diff --git a/docs/source/markdown/options/conmon-pidfile.md b/docs/source/markdown/options/conmon-pidfile.md
new file mode 100644
index 000000000..e0e337cc8
--- /dev/null
+++ b/docs/source/markdown/options/conmon-pidfile.md
@@ -0,0 +1,4 @@
+#### **--conmon-pidfile**=*file*
+
+Write the pid of the **conmon** process to a file. As **conmon** runs in a separate process than Podman, this is necessary when using systemd to restart Podman containers.
+(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
diff --git a/docs/source/markdown/options/cpu-period.md b/docs/source/markdown/options/cpu-period.md
new file mode 100644
index 000000000..5c5eb56e7
--- /dev/null
+++ b/docs/source/markdown/options/cpu-period.md
@@ -0,0 +1,12 @@
+#### **--cpu-period**=*limit*
+
+Set the CPU period for the Completely Fair Scheduler (CFS), which is a
+duration in microseconds. Once the container's CPU quota is used up, it will
+not be scheduled to run until the current period ends. Defaults to 100000
+microseconds.
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpu-quota.md b/docs/source/markdown/options/cpu-quota.md
new file mode 100644
index 000000000..81d5db3d2
--- /dev/null
+++ b/docs/source/markdown/options/cpu-quota.md
@@ -0,0 +1,14 @@
+#### **--cpu-quota**=*limit*
+
+Limit the CPU Completely Fair Scheduler (CFS) quota.
+
+Limit the container's CPU usage. By default, containers run with the full
+CPU resource. The limit is a number in microseconds. If a number is provided,
+the container will be allowed to use that much CPU time until the CPU period
+ends (controllable via **--cpu-period**).
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpu-rt-period.md b/docs/source/markdown/options/cpu-rt-period.md
new file mode 100644
index 000000000..36e88632e
--- /dev/null
+++ b/docs/source/markdown/options/cpu-rt-period.md
@@ -0,0 +1,7 @@
+#### **--cpu-rt-period**=*microseconds*
+
+Limit the CPU real-time period in microseconds.
+
+Limit the container's Real Time CPU usage. This option tells the kernel to restrict the container's Real Time CPU usage to the period specified.
+
+This option is only supported on cgroups V1 rootful systems.
diff --git a/docs/source/markdown/options/cpu-rt-runtime.md b/docs/source/markdown/options/cpu-rt-runtime.md
new file mode 100644
index 000000000..64f0ec38b
--- /dev/null
+++ b/docs/source/markdown/options/cpu-rt-runtime.md
@@ -0,0 +1,10 @@
+#### **--cpu-rt-runtime**=*microseconds*
+
+Limit the CPU real-time runtime in microseconds.
+
+Limit the containers Real Time CPU usage. This option tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
+Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
+
+The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
+
+This option is only supported on cgroups V1 rootful systems.
diff --git a/docs/source/markdown/options/cpu-shares.md b/docs/source/markdown/options/cpu-shares.md
new file mode 100644
index 000000000..c0e2c3035
--- /dev/null
+++ b/docs/source/markdown/options/cpu-shares.md
@@ -0,0 +1,41 @@
+#### **--cpu-shares**, **-c**=*shares*
+
+CPU shares (relative weight).
+
+By default, all containers get the same proportion of CPU cycles. This
+proportion can be modified by changing the container's CPU share weighting
+relative to the combined weight of all the running containers.
+Default weight is **1024**.
+
+The proportion will only apply when CPU-intensive processes are running.
+When tasks in one container are idle, other containers can use the
+left-over CPU time. The actual amount of CPU time will vary depending on
+the number of containers running on the system.
+
+For example, consider three containers, one has a cpu-share of 1024 and
+two others have a cpu-share setting of 512. When processes in all three
+containers attempt to use 100% of CPU, the first container would receive
+50% of the total CPU time. If a fourth container is added with a cpu-share
+of 1024, the first container only gets 33% of the CPU. The remaining containers
+receive 16.5%, 16.5% and 33% of the CPU.
+
+On a multi-core system, the shares of CPU time are distributed over all CPU
+cores. Even if a container is limited to less than 100% of CPU time, it can
+use 100% of each individual CPU core.
+
+For example, consider a system with more than three cores.
+If the container _C0_ is started with **--cpu-shares=512** running one process,
+and another container _C1_ with **--cpu-shares=1024** running two processes,
+this can result in the following division of CPU shares:
+
+| PID  |  container  | CPU     | CPU share    |
+| ---- | ----------- | ------- | ------------ |
+| 100  |  C0         | 0       | 100% of CPU0 |
+| 101  |  C1         | 1       | 100% of CPU1 |
+| 102  |  C1         | 2       | 100% of CPU2 |
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpus.container.md b/docs/source/markdown/options/cpus.container.md
new file mode 100644
index 000000000..63f243e11
--- /dev/null
+++ b/docs/source/markdown/options/cpus.container.md
@@ -0,0 +1,11 @@
+#### **--cpus**=*number*
+
+Number of CPUs. The default is *0.0* which means no limit. This is shorthand
+for **--cpu-period** and **--cpu-quota**, so you may only set either
+**--cpus** or **--cpu-period** and **--cpu-quota**.
+
+On some systems, changing the CPU limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpuset-cpus.md b/docs/source/markdown/options/cpuset-cpus.md
new file mode 100644
index 000000000..8a2a82e9f
--- /dev/null
+++ b/docs/source/markdown/options/cpuset-cpus.md
@@ -0,0 +1,11 @@
+#### **--cpuset-cpus**=*number*
+
+CPUs in which to allow execution. Can be specified as a comma-separated list
+(e.g. **0,1**), as a range (e.g. **0-3**), or any combination thereof
+(e.g. **0-3,7,11-15**).
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/cpuset-mems.md b/docs/source/markdown/options/cpuset-mems.md
new file mode 100644
index 000000000..b86d0ef6b
--- /dev/null
+++ b/docs/source/markdown/options/cpuset-mems.md
@@ -0,0 +1,14 @@
+#### **--cpuset-mems**=*nodes*
+
+Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on
+NUMA systems.
+
+If there are four memory nodes on the system (0-3), use **--cpuset-mems=0,1**
+then processes in the container will only use memory from the first
+two memory nodes.
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/creds.md b/docs/source/markdown/options/creds.md
new file mode 100644
index 000000000..23399dda4
--- /dev/null
+++ b/docs/source/markdown/options/creds.md
@@ -0,0 +1,5 @@
+#### **--creds**=*[username[:password]]*
+
+The [username[:password]] to use to authenticate with the registry if required.
+If one or both values are not supplied, a command line prompt will appear and the
+value can be entered.  The password is entered without echo.
diff --git a/docs/source/markdown/options/destroy.md b/docs/source/markdown/options/destroy.md
new file mode 100644
index 000000000..885c96201
--- /dev/null
+++ b/docs/source/markdown/options/destroy.md
@@ -0,0 +1,3 @@
+#### **--destroy**
+
+Remove the original <<container|pod>> that we are cloning once used to mimic the configuration.
diff --git a/docs/source/markdown/options/device-cgroup-rule.md b/docs/source/markdown/options/device-cgroup-rule.md
new file mode 100644
index 000000000..0ba3d4668
--- /dev/null
+++ b/docs/source/markdown/options/device-cgroup-rule.md
@@ -0,0 +1,6 @@
+#### **--device-cgroup-rule**=*"type major:minor mode"*
+
+Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
+       - type: a (all), c (char), or b (block);
+       - major and minor: either a number, or * for all;
+       - mode: a composition of r (read), w (write), and m (mknod(2)).
diff --git a/docs/source/markdown/options/device-read-bps.md b/docs/source/markdown/options/device-read-bps.md
new file mode 100644
index 000000000..f6617ab77
--- /dev/null
+++ b/docs/source/markdown/options/device-read-bps.md
@@ -0,0 +1,9 @@
+#### **--device-read-bps**=*path:rate*
+
+Limit read rate (in bytes per second) from a device (e.g. **--device-read-bps=/dev/sda:1mb**).
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/device-read-iops.md b/docs/source/markdown/options/device-read-iops.md
new file mode 100644
index 000000000..944c66441
--- /dev/null
+++ b/docs/source/markdown/options/device-read-iops.md
@@ -0,0 +1,9 @@
+#### **--device-read-iops**=*path:rate*
+
+Limit read rate (in IO operations per second) from a device (e.g. **--device-read-iops=/dev/sda:1000**).
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/device-write-bps.md b/docs/source/markdown/options/device-write-bps.md
new file mode 100644
index 000000000..ebcda0181
--- /dev/null
+++ b/docs/source/markdown/options/device-write-bps.md
@@ -0,0 +1,9 @@
+#### **--device-write-bps**=*path:rate*
+
+Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/dev/sda:1mb**).
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/device-write-iops.md b/docs/source/markdown/options/device-write-iops.md
new file mode 100644
index 000000000..6de273d18
--- /dev/null
+++ b/docs/source/markdown/options/device-write-iops.md
@@ -0,0 +1,9 @@
+#### **--device-write-iops**=*path:rate*
+
+Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**).
+
+On some systems, changing the resource limits may not be allowed for non-root
+users. For more details, see
+https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-resource-limits-fails-with-a-permissions-error
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/device.md b/docs/source/markdown/options/device.md
new file mode 100644
index 000000000..619c70a9b
--- /dev/null
+++ b/docs/source/markdown/options/device.md
@@ -0,0 +1,14 @@
+#### **--device**=*host-device[:container-device][:permissions]*
+
+Add a host device to the <<container|pod>>. Optional *permissions* parameter
+can be used to specify device permissions by combining
+**r** for read, **w** for write, and **m** for **mknod**(2).
+
+Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
+
+Note: if *host-device* is a symbolic link then it will be resolved first.
+The <<container|pod>> will only store the major and minor numbers of the host device.
+
+Podman may load kernel modules required for using the specified
+device. The devices that Podman will load modules for when necessary are:
+/dev/fuse.
diff --git a/docs/source/markdown/options/digestfile.md b/docs/source/markdown/options/digestfile.md
new file mode 100644
index 000000000..de013e287
--- /dev/null
+++ b/docs/source/markdown/options/digestfile.md
@@ -0,0 +1,4 @@
+#### **--digestfile**=*Digestfile*
+
+After copying the image, write the digest of the resulting image to the file.
+(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
diff --git a/docs/source/markdown/options/disable-content-trust.md b/docs/source/markdown/options/disable-content-trust.md
new file mode 100644
index 000000000..a2d1d8ad7
--- /dev/null
+++ b/docs/source/markdown/options/disable-content-trust.md
@@ -0,0 +1,5 @@
+#### **--disable-content-trust**
+
+This is a Docker-specific option to disable image verification to a container
+registry and is not supported by Podman. This option is a NOOP and provided
+solely for scripting compatibility.
diff --git a/docs/source/markdown/options/dns-opt.container.md b/docs/source/markdown/options/dns-opt.container.md
new file mode 100644
index 000000000..ea26fd013
--- /dev/null
+++ b/docs/source/markdown/options/dns-opt.container.md
@@ -0,0 +1,3 @@
+#### **--dns-opt**=*option*
+
+Set custom DNS options. Invalid if using **--dns-opt** with **--network** that is set to **none** or **container:**_id_.
diff --git a/docs/source/markdown/options/dns-search.container.md b/docs/source/markdown/options/dns-search.container.md
new file mode 100644
index 000000000..5a803ba39
--- /dev/null
+++ b/docs/source/markdown/options/dns-search.container.md
@@ -0,0 +1,4 @@
+#### **--dns-search**=*domain*
+
+Set custom DNS search domains. Invalid if using **--dns-search** with **--network** that is set to **none** or **container:**_id_.
+Use **--dns-search=.** if you don't wish to set the search domain.
diff --git a/docs/source/markdown/options/dns.md b/docs/source/markdown/options/dns.md
new file mode 100644
index 000000000..39380ace2
--- /dev/null
+++ b/docs/source/markdown/options/dns.md
@@ -0,0 +1,11 @@
+#### **--dns**=*ipaddr*
+
+Set custom DNS servers.
+
+This option can be used to override the DNS
+configuration passed to the container. Typically this is necessary when the
+host DNS configuration is invalid for the container (e.g., **127.0.0.1**). When this
+is the case the **--dns** flag is necessary for every run.
+
+The special value **none** can be specified to disable creation of _/etc/resolv.conf_ in the container by Podman.
+The _/etc/resolv.conf_ file in the image will be used without changes.
diff --git a/docs/source/markdown/options/entrypoint.md b/docs/source/markdown/options/entrypoint.md
new file mode 100644
index 000000000..0da5e42af
--- /dev/null
+++ b/docs/source/markdown/options/entrypoint.md
@@ -0,0 +1,17 @@
+#### **--entrypoint**=*"command"* | *'["command", "arg1", ...]'*
+
+Overwrite the default ENTRYPOINT of the image.
+
+This option allows you to overwrite the default entrypoint of the image.
+
+The ENTRYPOINT of an image is similar to a COMMAND
+because it specifies what executable to run when the container starts, but it is
+(purposely) more difficult to override. The ENTRYPOINT gives a container its
+default nature or behavior, so that when you set an ENTRYPOINT you can run the
+container as if it were that binary, complete with default options, and you can
+pass in more options via the COMMAND. But, sometimes an operator may want to run
+something else inside the container, so you can override the default ENTRYPOINT
+at runtime by using a **--entrypoint** and a string to specify the new
+ENTRYPOINT.
+
+You need to specify multi option commands in the form of a json string.
diff --git a/docs/source/markdown/options/env-host.md b/docs/source/markdown/options/env-host.md
new file mode 100644
index 000000000..665fca016
--- /dev/null
+++ b/docs/source/markdown/options/env-host.md
@@ -0,0 +1,3 @@
+#### **--env-host**
+
+Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
diff --git a/docs/source/markdown/options/env-merge.md b/docs/source/markdown/options/env-merge.md
new file mode 100644
index 000000000..aa1aa003d
--- /dev/null
+++ b/docs/source/markdown/options/env-merge.md
@@ -0,0 +1,5 @@
+#### **--env-merge**=*env*
+
+Preprocess default environment variables for the containers. For example
+if image contains environment variable `hello=world` user can preprocess
+it using `--env-merge hello=${hello}-some` so new value will be `hello=world-some`.
diff --git a/docs/source/markdown/options/expose.md b/docs/source/markdown/options/expose.md
new file mode 100644
index 000000000..04b5aad66
--- /dev/null
+++ b/docs/source/markdown/options/expose.md
@@ -0,0 +1,4 @@
+#### **--expose**=*port*
+
+Expose a port, or a range of ports (e.g. **--expose=3300-3310**) to set up port redirection
+on the host system.
diff --git a/docs/source/markdown/options/follow.md b/docs/source/markdown/options/follow.md
new file mode 100644
index 000000000..75b65cf49
--- /dev/null
+++ b/docs/source/markdown/options/follow.md
@@ -0,0 +1,7 @@
+#### **--follow**, **-f**
+
+Follow log output.  Default is false.
+
+Note: If you are following a <<container|pod>> which is removed by `podman <<container|pod>> rm`
+or removed on exit (`podman run --rm ...`), then there is a chance that the log
+file will be removed before `podman<< pod|>> logs` reads the final content.
diff --git a/docs/source/markdown/options/gidmap.container.md b/docs/source/markdown/options/gidmap.container.md
new file mode 100644
index 000000000..a3c9df33d
--- /dev/null
+++ b/docs/source/markdown/options/gidmap.container.md
@@ -0,0 +1,8 @@
+#### **--gidmap**=*container_gid:host_gid:amount*
+
+Run the container in a new user namespace using the supplied GID mapping. This
+option conflicts with the **--userns** and **--subgidname** options. This
+option provides a way to map host GIDs to container GIDs in the same way as
+__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
+
+Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
diff --git a/docs/source/markdown/options/gidmap.pod.md b/docs/source/markdown/options/gidmap.pod.md
new file mode 100644
index 000000000..0d58cc527
--- /dev/null
+++ b/docs/source/markdown/options/gidmap.pod.md
@@ -0,0 +1,4 @@
+#### **--gidmap**=*pod_gid:host_gid:amount*
+
+GID map for the user namespace. Using this flag will run all containers in the pod with user namespace enabled.
+It conflicts with the **--userns** and **--subgidname** flags.
diff --git a/docs/source/markdown/options/group-add.md b/docs/source/markdown/options/group-add.md
new file mode 100644
index 000000000..ac9ade3a7
--- /dev/null
+++ b/docs/source/markdown/options/group-add.md
@@ -0,0 +1,11 @@
+#### **--group-add**=*group* | *keep-groups*
+
+Assign additional groups to the primary user running within the container process.
+
+- `keep-groups` is a special flag that tells Podman to keep the supplementary group access.
+
+Allows container to use the user's supplementary group access. If file systems or
+devices are only accessible by the rootless user's group, this flag tells the OCI
+runtime to pass the group access into the container. Currently only available
+with the `crun` OCI runtime. Note: `keep-groups` is exclusive, you cannot add any other groups
+with this flag. (Not available for remote commands, including Mac and Windows (excluding WSL2) machines)
diff --git a/docs/source/markdown/options/health-cmd.md b/docs/source/markdown/options/health-cmd.md
new file mode 100644
index 000000000..df0474393
--- /dev/null
+++ b/docs/source/markdown/options/health-cmd.md
@@ -0,0 +1,8 @@
+#### **--health-cmd**=*"command"* | *'["command", "arg1", ...]'*
+
+Set or alter a healthcheck command for a container. The command is a command to be executed inside your
+container that determines your container health. The command is required for other healthcheck options
+to be applied. A value of **none** disables existing healthchecks.
+
+Multiple options can be passed in the form of a JSON array; otherwise, the command will be interpreted
+as an argument to **/bin/sh -c**.
diff --git a/docs/source/markdown/options/health-interval.md b/docs/source/markdown/options/health-interval.md
new file mode 100644
index 000000000..581e35f65
--- /dev/null
+++ b/docs/source/markdown/options/health-interval.md
@@ -0,0 +1,3 @@
+#### **--health-interval**=*interval*
+
+Set an interval for the healthchecks. An _interval_ of **disable** results in no automatic timer setup. The default is **30s**.
diff --git a/docs/source/markdown/options/health-on-failure.md b/docs/source/markdown/options/health-on-failure.md
new file mode 100644
index 000000000..c25a1c574
--- /dev/null
+++ b/docs/source/markdown/options/health-on-failure.md
@@ -0,0 +1,8 @@
+#### **--health-on-failure**=*action*
+
+Action to take once the container transitions to an unhealthy state.  The default is **none**.
+
+- **none**: Take no action.
+- **kill**: Kill the container.
+- **restart**: Restart the container.  Do not combine the `restart` action with the `--restart` flag.  When running inside of a systemd unit, consider using the `kill` or `stop` action instead to make use of systemd's restart policy.
+- **stop**: Stop the container.
diff --git a/docs/source/markdown/options/health-retries.md b/docs/source/markdown/options/health-retries.md
new file mode 100644
index 000000000..e96dd3033
--- /dev/null
+++ b/docs/source/markdown/options/health-retries.md
@@ -0,0 +1,3 @@
+#### **--health-retries**=*retries*
+
+The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is **3**.
diff --git a/docs/source/markdown/options/health-start-period.md b/docs/source/markdown/options/health-start-period.md
new file mode 100644
index 000000000..e88e270c6
--- /dev/null
+++ b/docs/source/markdown/options/health-start-period.md
@@ -0,0 +1,4 @@
+#### **--health-start-period**=*period*
+
+The initialization time needed for a container to bootstrap. The value can be expressed in time format like
+**2m3s**. The default value is **0s**.
diff --git a/docs/source/markdown/options/health-timeout.md b/docs/source/markdown/options/health-timeout.md
new file mode 100644
index 000000000..5102ea81b
--- /dev/null
+++ b/docs/source/markdown/options/health-timeout.md
@@ -0,0 +1,4 @@
+#### **--health-timeout**=*timeout*
+
+The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the
+value can be expressed in a time format such as **1m22s**. The default value is **30s**.
diff --git a/docs/source/markdown/options/hostname.container.md b/docs/source/markdown/options/hostname.container.md
new file mode 100644
index 000000000..6c525ac5b
--- /dev/null
+++ b/docs/source/markdown/options/hostname.container.md
@@ -0,0 +1,5 @@
+#### **--hostname**, **-h**=*name*
+
+Container host name
+
+Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used.
diff --git a/docs/source/markdown/options/hostname.pod.md b/docs/source/markdown/options/hostname.pod.md
new file mode 100644
index 000000000..418e1e8a7
--- /dev/null
+++ b/docs/source/markdown/options/hostname.pod.md
@@ -0,0 +1,3 @@
+#### **--hostname**=*name*
+
+Set a hostname to the pod.
diff --git a/docs/source/markdown/options/hostuser.md b/docs/source/markdown/options/hostuser.md
new file mode 100644
index 000000000..d1d12c88f
--- /dev/null
+++ b/docs/source/markdown/options/hostuser.md
@@ -0,0 +1,4 @@
+#### **--hostuser**=*name*
+
+Add a user account to /etc/passwd from the host to the container. The Username
+or UID must exist on the host system.
diff --git a/docs/source/markdown/options/http-proxy.md b/docs/source/markdown/options/http-proxy.md
new file mode 100644
index 000000000..f83dcde4a
--- /dev/null
+++ b/docs/source/markdown/options/http-proxy.md
@@ -0,0 +1,15 @@
+#### **--http-proxy**
+
+By default proxy environment variables are passed into the container if set
+for the Podman process. This can be disabled by setting the value to **false**.
+The environment variables passed in include **http_proxy**,
+**https_proxy**, **ftp_proxy**, **no_proxy**, and also the upper case versions of
+those. This option is only needed when the host system must use a proxy but
+the container should not use any proxy. Proxy environment variables specified
+for the container in any other way will override the values that would have
+been passed through from the host. (Other ways to specify the proxy for the
+container include passing the values with the **--env** flag, or hard coding the
+proxy environment at container build time.)
+(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+
+Defaults to **true**.
diff --git a/docs/source/markdown/options/ignore.md b/docs/source/markdown/options/ignore.md
new file mode 100644
index 000000000..231d75957
--- /dev/null
+++ b/docs/source/markdown/options/ignore.md
@@ -0,0 +1,5 @@
+#### **--ignore**, **-i**
+
+Ignore errors when specified <<containers|pods>> are not in the container store.  A user
+might have decided to manually remove a <<container|pod>> which would lead to a failure
+during the ExecStop directive of a systemd service referencing that <<container|pod>>.
diff --git a/docs/source/markdown/options/image-volume.md b/docs/source/markdown/options/image-volume.md
new file mode 100644
index 000000000..2a549ef3c
--- /dev/null
+++ b/docs/source/markdown/options/image-volume.md
@@ -0,0 +1,8 @@
+#### **--image-volume**=**bind** | *tmpfs* | *ignore*
+
+Tells Podman how to handle the builtin image volumes. Default is **bind**.
+
+- **bind**: An anonymous named volume will be created and mounted into the container.
+- **tmpfs**: The volume is mounted onto the container as a tmpfs, which allows the users to create
+content that disappears when the container is stopped.
+- **ignore**: All volumes are just ignored and no action is taken.
diff --git a/docs/source/markdown/options/infra-command.md b/docs/source/markdown/options/infra-command.md
new file mode 100644
index 000000000..24edcddfe
--- /dev/null
+++ b/docs/source/markdown/options/infra-command.md
@@ -0,0 +1,3 @@
+#### **--infra-command**=*command*
+
+The command that will be run to start the infra container. Default: "/pause".
diff --git a/docs/source/markdown/options/infra-conmon-pidfile.md b/docs/source/markdown/options/infra-conmon-pidfile.md
new file mode 100644
index 000000000..f1c518682
--- /dev/null
+++ b/docs/source/markdown/options/infra-conmon-pidfile.md
@@ -0,0 +1,3 @@
+#### **--infra-conmon-pidfile**=*file*
+
+Write the pid of the infra container's **conmon** process to a file. As **conmon** runs in a separate process than Podman, this is necessary when using systemd to manage Podman containers and pods.
diff --git a/docs/source/markdown/options/infra-name.md b/docs/source/markdown/options/infra-name.md
new file mode 100644
index 000000000..d8cd3989d
--- /dev/null
+++ b/docs/source/markdown/options/infra-name.md
@@ -0,0 +1,3 @@
+#### **--infra-name**=*name*
+
+The name that will be used for the pod's infra container.
diff --git a/docs/source/markdown/options/init-path.md b/docs/source/markdown/options/init-path.md
new file mode 100644
index 000000000..c2be27874
--- /dev/null
+++ b/docs/source/markdown/options/init-path.md
@@ -0,0 +1,3 @@
+#### **--init-path**=*path*
+
+Path to the container-init binary.
diff --git a/docs/source/markdown/options/init.md b/docs/source/markdown/options/init.md
new file mode 100644
index 000000000..caf300efe
--- /dev/null
+++ b/docs/source/markdown/options/init.md
@@ -0,0 +1,5 @@
+#### **--init**
+
+Run an init inside the container that forwards signals and reaps processes.
+The container-init binary is mounted at `/run/podman-init`.
+Mounting over `/run` will hence break container execution.
diff --git a/docs/source/markdown/options/interactive.md b/docs/source/markdown/options/interactive.md
new file mode 100644
index 000000000..a28088368
--- /dev/null
+++ b/docs/source/markdown/options/interactive.md
@@ -0,0 +1,3 @@
+#### **--interactive**, **-i**
+
+When set to **true**, keep stdin open even if not attached. The default is **false**.
diff --git a/docs/source/markdown/options/ip.md b/docs/source/markdown/options/ip.md
new file mode 100644
index 000000000..8f251ee2e
--- /dev/null
+++ b/docs/source/markdown/options/ip.md
@@ -0,0 +1,8 @@
+#### **--ip**=*ipv4*
+
+Specify a static IPv4 address for the <<container|pod>>, for example **10.88.64.128**.
+This option can only be used if the <<container|pod>> is joined to only a single network - i.e., **--network=network-name** is used at most once -
+and if the <<container|pod>> is not joining another container's network namespace via **--network=container:_id_**.
+The address must be within the network's IP address pool (default **10.88.0.0/16**).
+
+To specify multiple static IP addresses per <<container|pod>>, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option.
diff --git a/docs/source/markdown/options/ip6.md b/docs/source/markdown/options/ip6.md
new file mode 100644
index 000000000..feaae7c44
--- /dev/null
+++ b/docs/source/markdown/options/ip6.md
@@ -0,0 +1,8 @@
+#### **--ip6**=*ipv6*
+
+Specify a static IPv6 address for the <<container|pod>>, for example **fd46:db93:aa76:ac37::10**.
+This option can only be used if the <<container|pod>> is joined to only a single network - i.e., **--network=network-name** is used at most once -
+and if the <<container|pod>> is not joining another container's network namespace via **--network=container:_id_**.
+The address must be within the network's IPv6 address pool.
+
+To specify multiple static IPv6 addresses per <<container|pod>>, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
diff --git a/docs/source/markdown/options/ipc.md b/docs/source/markdown/options/ipc.md
new file mode 100644
index 000000000..699b64eec
--- /dev/null
+++ b/docs/source/markdown/options/ipc.md
@@ -0,0 +1,12 @@
+#### **--ipc**=*ipc*
+
+Set the IPC namespace mode for a container. The default is to create
+a private IPC namespace.
+
+- "": Use Podman's default, defined in containers.conf.
+- **container:**_id_: reuses another container's shared memory, semaphores, and message queues
+- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
+- **none**:  private IPC namespace, with /dev/shm not mounted.
+- **ns:**_path_: path to an IPC namespace to join.
+- **private**: private IPC namespace.
+= **shareable**: private IPC namespace with a possibility to share it with other containers.
diff --git a/docs/source/markdown/options/label-file.md b/docs/source/markdown/options/label-file.md
new file mode 100644
index 000000000..fe4bc9176
--- /dev/null
+++ b/docs/source/markdown/options/label-file.md
@@ -0,0 +1,3 @@
+#### **--label-file**=*file*
+
+Read in a line-delimited file of labels.
diff --git a/docs/source/markdown/options/label.md b/docs/source/markdown/options/label.md
new file mode 100644
index 000000000..629aa82e6
--- /dev/null
+++ b/docs/source/markdown/options/label.md
@@ -0,0 +1,3 @@
+#### **--label**, **-l**=*key=value*
+
+Add metadata to a <<container|pod>>.
diff --git a/docs/source/markdown/options/link-local-ip.md b/docs/source/markdown/options/link-local-ip.md
new file mode 100644
index 000000000..5bedff01e
--- /dev/null
+++ b/docs/source/markdown/options/link-local-ip.md
@@ -0,0 +1,3 @@
+#### **--link-local-ip**=*ip*
+
+Not implemented.
diff --git a/docs/source/markdown/options/log-driver.md b/docs/source/markdown/options/log-driver.md
new file mode 100644
index 000000000..195e1f284
--- /dev/null
+++ b/docs/source/markdown/options/log-driver.md
@@ -0,0 +1,12 @@
+#### **--log-driver**=*driver*
+
+Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility. (Default **journald**).
+
+The podman info command below will display the default log-driver for the system.
+```
+$ podman info --format '{{ .Host.LogDriver }}'
+journald
+```
+The **passthrough** driver passes down the standard streams (stdin, stdout, stderr) to the
+container.  It is not allowed with the remote Podman client, including Mac and Windows (excluding WSL2) machines, and on a tty, since it is
+vulnerable to attacks via TIOCSTI.
diff --git a/docs/source/markdown/options/mac-address.md b/docs/source/markdown/options/mac-address.md
new file mode 100644
index 000000000..0939ceaad
--- /dev/null
+++ b/docs/source/markdown/options/mac-address.md
@@ -0,0 +1,11 @@
+#### **--mac-address**=*address*
+
+<<Container|Pod>> network interface MAC address (e.g. 92:d0:c6:0a:29:33)
+This option can only be used if the <<container|pod>> is joined to only a single network - i.e., **--network=_network-name_** is used at most once -
+and if the <<container|pod>> is not joining another container's network namespace via **--network=container:_id_**.
+
+Remember that the MAC address in an Ethernet network must be unique.
+The IPv6 link-local address will be based on the device's MAC address
+according to RFC4862.
+
+To specify multiple static MAC addresses per <<container|pod>>, set multiple networks using the **--network** option with a static MAC address specified for each using the `mac` mode for that option.
diff --git a/docs/source/markdown/options/memory-reservation.md b/docs/source/markdown/options/memory-reservation.md
new file mode 100644
index 000000000..410f1dd7c
--- /dev/null
+++ b/docs/source/markdown/options/memory-reservation.md
@@ -0,0 +1,11 @@
+#### **--memory-reservation**=*number[unit]*
+
+Memory soft limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
+
+After setting memory reservation, when the system detects memory contention
+or low memory, containers are forced to restrict their consumption to their
+reservation. So you should always set the value below **--memory**, otherwise the
+hard limit will take precedence. By default, memory reservation will be the same
+as memory limit.
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/memory-swap.md b/docs/source/markdown/options/memory-swap.md
new file mode 100644
index 000000000..08ee8b1a0
--- /dev/null
+++ b/docs/source/markdown/options/memory-swap.md
@@ -0,0 +1,13 @@
+#### **--memory-swap**=*number[unit]*
+
+A limit value equal to memory plus swap.
+A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
+
+Must be used with the **-m** (**--memory**) flag.
+The argument value should always be larger than that of
+ **-m** (**--memory**) By default, it is set to double
+the value of **--memory**.
+
+Set _number_ to **-1** to enable unlimited swap.
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/memory-swappiness.md b/docs/source/markdown/options/memory-swappiness.md
new file mode 100644
index 000000000..1e6a51188
--- /dev/null
+++ b/docs/source/markdown/options/memory-swappiness.md
@@ -0,0 +1,5 @@
+#### **--memory-swappiness**=*number*
+
+Tune a container's memory swappiness behavior. Accepts an integer between *0* and *100*.
+
+This flag is only supported on cgroups V1 rootful systems.
diff --git a/docs/source/markdown/options/memory.md b/docs/source/markdown/options/memory.md
new file mode 100644
index 000000000..1be9159c3
--- /dev/null
+++ b/docs/source/markdown/options/memory.md
@@ -0,0 +1,11 @@
+#### **--memory**, **-m**=*number[unit]*
+
+Memory limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
+
+Allows the memory available to a container to be constrained. If the host
+supports swap memory, then the **-m** memory setting can be larger than physical
+RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
+not limited. The actual limit may be rounded up to a multiple of the operating
+system's page size (the value would be very large, that's millions of trillions).
+
+This option is not supported on cgroups V1 rootless systems.
diff --git a/docs/source/markdown/options/mount.md b/docs/source/markdown/options/mount.md
new file mode 100644
index 000000000..e81af539d
--- /dev/null
+++ b/docs/source/markdown/options/mount.md
@@ -0,0 +1,77 @@
+#### **--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]*
+
+Attach a filesystem mount to the container
+
+Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and **devpts**. <sup>[[1]](#Footnote1)</sup>
+
+       e.g.
+
+       type=bind,source=/path/on/host,destination=/path/in/container
+
+       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared
+
+       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared,U=true
+
+       type=volume,source=vol1,destination=/path/in/container,ro=true
+
+       type=tmpfs,tmpfs-size=512M,destination=/path/in/container
+
+       type=image,source=fedora,destination=/fedora-image,rw=true
+
+       type=devpts,destination=/dev/pts
+
+       Common Options:
+
+	      · src, source: mount source spec for bind and volume. Mandatory for bind.
+
+	      · dst, destination, target: mount destination spec.
+
+       Options specific to volume:
+
+	      · ro, readonly: true or false (default).
+
+	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
+
+	      · idmap: true or false (default).  If specified, create an idmapped mount to the target user namespace in the container.
+
+       Options specific to image:
+
+	      · rw, readwrite: true or false (default).
+
+       Options specific to bind:
+
+	      · ro, readonly: true or false (default).
+
+	      · bind-propagation: shared, slave, private, unbindable, rshared, rslave, runbindable, or rprivate(default). See also mount(2).
+
+	      . bind-nonrecursive: do not set up a recursive bind mount. By default it is recursive.
+
+	      . relabel: shared, private.
+
+	      · idmap: true or false (default).  If specified, create an idmapped mount to the target user namespace in the container.
+
+	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
+
+       Options specific to tmpfs:
+
+	      · ro, readonly: true or false (default).
+
+	      · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
+
+	      · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
+
+	      · tmpcopyup: Enable copyup from the image directory at the same location to the tmpfs. Used by default.
+
+	      · notmpcopyup: Disable copying files from the image to the tmpfs.
+
+	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
+
+       Options specific to devpts:
+
+	      · uid: UID of the file owner (default 0).
+
+	      · gid: GID of the file owner (default 0).
+
+	      · mode: permission mask for the file (default 600).
+
+	      · max: maximum number of PTYs (default 1048576).
diff --git a/docs/source/markdown/options/name.container.md b/docs/source/markdown/options/name.container.md
new file mode 100644
index 000000000..0c3df6ef1
--- /dev/null
+++ b/docs/source/markdown/options/name.container.md
@@ -0,0 +1,14 @@
+#### **--name**=*name*
+
+Assign a name to the container.
+
+The operator can identify a container in three ways:
+
+- UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778�);
+- UUID short identifier (“f78375b1c487�);
+- Name (“jonah�).
+
+Podman generates a UUID for each container, and if a name is not assigned
+to the container with **--name** then it will generate a random
+string name. The name is useful any place you need to identify a container.
+This works for both background and foreground containers.
diff --git a/docs/source/markdown/options/names.md b/docs/source/markdown/options/names.md
new file mode 100644
index 000000000..54fda40ee
--- /dev/null
+++ b/docs/source/markdown/options/names.md
@@ -0,0 +1,3 @@
+#### **--names**, **-n**
+
+Output the container names instead of the container IDs in the log.
diff --git a/docs/source/markdown/options/network-alias.md b/docs/source/markdown/options/network-alias.md
new file mode 100644
index 000000000..f48a1bb95
--- /dev/null
+++ b/docs/source/markdown/options/network-alias.md
@@ -0,0 +1,8 @@
+#### **--network-alias**=*alias*
+
+Add a network-scoped alias for the <<container|pod>>, setting the alias for all networks that the container joins. To set a
+name only for a specific network, use the alias option as described under the **--network** option.
+If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} <name>`),
+these aliases can be used for name resolution on the given network. This option can be specified multiple times.
+NOTE: When using CNI a <<container|pod>> will only have access to aliases on the first network that it joins. This limitation does
+not exist with netavark/aardvark-dns.
diff --git a/docs/source/markdown/options/no-healthcheck.md b/docs/source/markdown/options/no-healthcheck.md
new file mode 100644
index 000000000..a722ac5b5
--- /dev/null
+++ b/docs/source/markdown/options/no-healthcheck.md
@@ -0,0 +1,3 @@
+#### **--no-healthcheck**
+
+Disable any defined healthchecks for container.
diff --git a/docs/source/markdown/options/no-hosts.md b/docs/source/markdown/options/no-hosts.md
new file mode 100644
index 000000000..5b1e95b86
--- /dev/null
+++ b/docs/source/markdown/options/no-hosts.md
@@ -0,0 +1,5 @@
+#### **--no-hosts**
+
+Do not create _/etc/hosts_ for the <<container|pod>>.
+By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
+**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
diff --git a/docs/source/markdown/options/no-reset.md b/docs/source/markdown/options/no-reset.md
new file mode 100644
index 000000000..ce5b95057
--- /dev/null
+++ b/docs/source/markdown/options/no-reset.md
@@ -0,0 +1,3 @@
+#### **--no-reset**
+
+Do not clear the terminal/screen in between reporting intervals
diff --git a/docs/source/markdown/options/no-stream.md b/docs/source/markdown/options/no-stream.md
new file mode 100644
index 000000000..a9d548ba0
--- /dev/null
+++ b/docs/source/markdown/options/no-stream.md
@@ -0,0 +1,3 @@
+#### **--no-stream**
+
+Disable streaming <<|pod >>stats and only pull the first result, default setting is false
diff --git a/docs/source/markdown/options/oom-kill-disable.md b/docs/source/markdown/options/oom-kill-disable.md
new file mode 100644
index 000000000..24ed9a889
--- /dev/null
+++ b/docs/source/markdown/options/oom-kill-disable.md
@@ -0,0 +1,5 @@
+#### **--oom-kill-disable**
+
+Whether to disable OOM Killer for the container or not.
+
+This flag is not supported on cgroups V2 systems.
diff --git a/docs/source/markdown/options/oom-score-adj.md b/docs/source/markdown/options/oom-score-adj.md
new file mode 100644
index 000000000..123e8e243
--- /dev/null
+++ b/docs/source/markdown/options/oom-score-adj.md
@@ -0,0 +1,3 @@
+#### **--oom-score-adj**=*num*
+
+Tune the host's OOM preferences for containers (accepts values from **-1000** to **1000**).
diff --git a/docs/source/markdown/options/os.pull.md b/docs/source/markdown/options/os.pull.md
new file mode 100644
index 000000000..547a9fff8
--- /dev/null
+++ b/docs/source/markdown/options/os.pull.md
@@ -0,0 +1,4 @@
+#### **--os**=*OS*
+
+Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
+Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host.
diff --git a/docs/source/markdown/options/passwd-entry.md b/docs/source/markdown/options/passwd-entry.md
new file mode 100644
index 000000000..33c179d12
--- /dev/null
+++ b/docs/source/markdown/options/passwd-entry.md
@@ -0,0 +1,5 @@
+#### **--passwd-entry**=*ENTRY*
+
+Customize the entry that is written to the `/etc/passwd` file within the container when `--passwd` is used.
+
+The variables $USERNAME, $UID, $GID, $NAME, $HOME are automatically replaced with their value at runtime.
diff --git a/docs/source/markdown/options/personality.md b/docs/source/markdown/options/personality.md
new file mode 100644
index 000000000..663f14782
--- /dev/null
+++ b/docs/source/markdown/options/personality.md
@@ -0,0 +1,3 @@
+#### **--personality**=*persona*
+
+Personality sets the execution domain via Linux personality(2).
diff --git a/docs/source/markdown/options/pid.md b/docs/source/markdown/options/pid.md
new file mode 100644
index 000000000..d0cbef1d5
--- /dev/null
+++ b/docs/source/markdown/options/pid.md
@@ -0,0 +1,9 @@
+#### **--pid**=*mode*
+
+Set the PID namespace mode for the container.
+The default is to create a private PID namespace for the container.
+
+- **container:**_id_: join another container's PID namespace;
+- **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure;
+- **ns:**_path_: join the specified PID namespace;
+- **private**: create a new namespace for the container (default).
diff --git a/docs/source/markdown/options/pid.pod.md b/docs/source/markdown/options/pid.pod.md
new file mode 100644
index 000000000..4086736b6
--- /dev/null
+++ b/docs/source/markdown/options/pid.pod.md
@@ -0,0 +1,7 @@
+#### **--pid**=*pid*
+
+Set the PID mode for the pod. The default is to create a private PID namespace for the pod. Requires the PID namespace to be shared via --share.
+
+    host: use the host’s PID namespace for the pod
+    ns: join the specified PID namespace
+    private: create a new namespace for the pod (default)
diff --git a/docs/source/markdown/options/pidfile.md b/docs/source/markdown/options/pidfile.md
new file mode 100644
index 000000000..a494b522e
--- /dev/null
+++ b/docs/source/markdown/options/pidfile.md
@@ -0,0 +1,9 @@
+#### **--pidfile**=*path*
+
+When the pidfile location is specified, the container process' PID will be written to the pidfile. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+If the pidfile option is not specified, the container process' PID will be written to /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.
+
+After the container is started, the location for the pidfile can be discovered with the following `podman inspect` command:
+
+    $ podman inspect --format '{{ .PidFile }}' $CID
+    /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile
diff --git a/docs/source/markdown/options/pids-limit.md b/docs/source/markdown/options/pids-limit.md
new file mode 100644
index 000000000..efcaef2e2
--- /dev/null
+++ b/docs/source/markdown/options/pids-limit.md
@@ -0,0 +1,3 @@
+#### **--pids-limit**=*limit*
+
+Tune the container's pids limit. Set to **-1** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
diff --git a/docs/source/markdown/options/platform.md b/docs/source/markdown/options/platform.md
new file mode 100644
index 000000000..b66efdfb2
--- /dev/null
+++ b/docs/source/markdown/options/platform.md
@@ -0,0 +1,5 @@
+#### **--platform**=*OS/ARCH*
+
+Specify the platform for selecting the image.  (Conflicts with --arch and --os)
+The `--platform` option can be used to override the current architecture and operating system.
+Unless overridden, subsequent lookups of the same image in the local storage will match this platform, regardless of the host.
diff --git a/docs/source/markdown/options/pod-id-file.container.md b/docs/source/markdown/options/pod-id-file.container.md
new file mode 100644
index 000000000..1c102dc6b
--- /dev/null
+++ b/docs/source/markdown/options/pod-id-file.container.md
@@ -0,0 +1,4 @@
+#### **--pod-id-file**=*file*
+
+Run container in an existing pod and read the pod's ID from the specified *file*.
+If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
diff --git a/docs/source/markdown/options/pod-id-file.pod.md b/docs/source/markdown/options/pod-id-file.pod.md
new file mode 100644
index 000000000..69e2ac6e9
--- /dev/null
+++ b/docs/source/markdown/options/pod-id-file.pod.md
@@ -0,0 +1,3 @@
+#### **--pod-id-file**=*file*
+
+Read pod ID from the specified *file* and <<subcommand>> the pod. Can be specified multiple times.
diff --git a/docs/source/markdown/options/preserve-fds.md b/docs/source/markdown/options/preserve-fds.md
new file mode 100644
index 000000000..61e33bdf4
--- /dev/null
+++ b/docs/source/markdown/options/preserve-fds.md
@@ -0,0 +1,5 @@
+#### **--preserve-fds**=*N*
+
+Pass down to the process N additional file descriptors (in addition to 0, 1, 2).
+The total FDs will be 3+N.
+(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
diff --git a/docs/source/markdown/options/privileged.md b/docs/source/markdown/options/privileged.md
new file mode 100644
index 000000000..8d9746d6b
--- /dev/null
+++ b/docs/source/markdown/options/privileged.md
@@ -0,0 +1,14 @@
+#### **--privileged**
+
+Give extended privileges to this container. The default is **false**.
+
+By default, Podman containers are unprivileged (**=false**) and cannot, for
+example, modify parts of the operating system. This is because by default a
+container is only allowed limited access to devices. A "privileged" container
+is given the same access to devices as the user launching the container.
+
+A privileged container turns off the security features that isolate the
+container from the host. Dropped Capabilities, limited devices, read-only mount
+points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
+
+Rootless containers cannot have more privileges than the account that launched them.
diff --git a/docs/source/markdown/options/publish-all.md b/docs/source/markdown/options/publish-all.md
new file mode 100644
index 000000000..6651599a0
--- /dev/null
+++ b/docs/source/markdown/options/publish-all.md
@@ -0,0 +1,12 @@
+#### **--publish-all**, **-P**
+
+Publish all exposed ports to random ports on the host interfaces. The default is **false**.
+
+When set to **true**, publish all exposed ports to the host interfaces. The
+default is **false**. If the operator uses **-P** (or **-p**) then Podman will make the
+exposed port accessible on the host and the ports will be available to any
+client that can reach the host.
+
+When using this option, Podman will bind any exposed port to a random port on the host
+within an ephemeral port range defined by */proc/sys/net/ipv4/ip_local_port_range*.
+To find the mapping between the host ports and the exposed ports, use **podman port**.
diff --git a/docs/source/markdown/options/publish.md b/docs/source/markdown/options/publish.md
new file mode 100644
index 000000000..a0394b692
--- /dev/null
+++ b/docs/source/markdown/options/publish.md
@@ -0,0 +1,19 @@
+#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]*
+
+Publish a container's port, or range of ports,<<| within this pod>> to the host.
+
+Both *hostPort* and *containerPort* can be specified as a range of ports.
+When specifying ranges for both, the number of container ports in the
+range must match the number of host ports in the range.
+
+If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host.
+
+By default, Podman will publish TCP ports. To publish a UDP port instead, give
+`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice,
+with `tcp`, and `udp` as protocols respectively. Rootful containers can also
+publish ports using the `sctp` protocol.
+
+Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`).
+If it is not, the container port will be randomly assigned a port on the host.
+
+Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`.
diff --git a/docs/source/markdown/options/pull.md b/docs/source/markdown/options/pull.md
new file mode 100644
index 000000000..ae0911507
--- /dev/null
+++ b/docs/source/markdown/options/pull.md
@@ -0,0 +1,8 @@
+#### **--pull**=*policy*
+
+Pull image policy. The default is **missing**.
+
+- **always**: Always pull the image and throw an error if the pull fails.
+- **missing**: Pull the image only if it could not be found in the local containers storage.  Throw an error if no image could be found and the pull fails.
+- **never**: Never pull the image but use the one from the local containers storage.  Throw an error if no image could be found.
+- **newer**: Pull if the image on the registry is newer than the one in the local containers storage.  An image is considered to be newer when the digests are different.  Comparing the time stamps is prone to errors.  Pull errors are suppressed if a local image was found.
diff --git a/docs/source/markdown/options/read-only-tmpfs.md b/docs/source/markdown/options/read-only-tmpfs.md
new file mode 100644
index 000000000..7e14f7fef
--- /dev/null
+++ b/docs/source/markdown/options/read-only-tmpfs.md
@@ -0,0 +1,3 @@
+#### **--read-only-tmpfs**
+
+If container is running in **--read-only** mode, then mount a read-write tmpfs on _/run_, _/tmp_, and _/var/tmp_. The default is **true**.
diff --git a/docs/source/markdown/options/read-only.md b/docs/source/markdown/options/read-only.md
new file mode 100644
index 000000000..ae5244a22
--- /dev/null
+++ b/docs/source/markdown/options/read-only.md
@@ -0,0 +1,7 @@
+#### **--read-only**
+
+Mount the container's root filesystem as read-only.
+
+By default a container will have its root filesystem writable allowing processes
+to write files anywhere. By specifying the **--read-only** flag, the container will have
+its root filesystem mounted as read-only prohibiting any writes.
diff --git a/docs/source/markdown/options/replace.md b/docs/source/markdown/options/replace.md
new file mode 100644
index 000000000..6cd849fb4
--- /dev/null
+++ b/docs/source/markdown/options/replace.md
@@ -0,0 +1,3 @@
+#### **--replace**
+
+If another <<container|pod>> with the same name already exists, replace and remove it. The default is **false**.
diff --git a/docs/source/markdown/options/requires.md b/docs/source/markdown/options/requires.md
new file mode 100644
index 000000000..fa2e9a8f3
--- /dev/null
+++ b/docs/source/markdown/options/requires.md
@@ -0,0 +1,5 @@
+#### **--requires**=*container*
+
+Specify one or more requirements.
+A requirement is a dependency container that will be started before this container.
+Containers can be specified by name or ID, with multiple containers being separated by commas.
diff --git a/docs/source/markdown/options/restart.md b/docs/source/markdown/options/restart.md
new file mode 100644
index 000000000..825ae613f
--- /dev/null
+++ b/docs/source/markdown/options/restart.md
@@ -0,0 +1,15 @@
+#### **--restart**=*policy*
+
+Restart policy to follow when containers exit.
+Restart policy will not take effect if a container is stopped via the **podman kill** or **podman stop** commands.
+
+Valid _policy_ values are:
+
+- `no`                       : Do not restart containers on exit
+- `on-failure[:max_retries]` : Restart containers when they exit with a non-zero exit code, retrying indefinitely or until the optional *max_retries* count is hit
+- `always`                   : Restart containers when they exit, regardless of status, retrying indefinitely
+- `unless-stopped`           : Identical to **always**
+
+Please note that restart will not restart containers after a system reboot.
+If this functionality is required in your environment, you can invoke Podman from a **systemd.unit**(5) file, or create an init script for whichever init system is in use.
+To generate systemd unit files, please see **podman generate systemd**.
diff --git a/docs/source/markdown/options/rootfs.md b/docs/source/markdown/options/rootfs.md
new file mode 100644
index 000000000..a03c4eef1
--- /dev/null
+++ b/docs/source/markdown/options/rootfs.md
@@ -0,0 +1,19 @@
+#### **--rootfs**
+
+If specified, the first argument refers to an exploded container on the file system.
+
+This is useful to run a container without requiring any image management, the rootfs
+of the container is assumed to be managed externally.
+
+  `Overlay Rootfs Mounts`
+
+   The `:O` flag tells Podman to mount the directory from the rootfs path as
+storage using the `overlay file system`. The container processes
+can modify content within the mount point which is stored in the
+container storage in a separate directory. In overlay terms, the source
+directory will be the lower, and the container storage directory will be the
+upper. Modifications to the mount point are destroyed when the container
+finishes executing, similar to a tmpfs mount point being unmounted.
+
+Note: On **SELinux** systems, the rootfs needs the correct label, which is by default
+**unconfined_u:object_r:container_file_t:s0**.
diff --git a/docs/source/markdown/options/sdnotify.md b/docs/source/markdown/options/sdnotify.md
new file mode 100644
index 000000000..d090cbf7c
--- /dev/null
+++ b/docs/source/markdown/options/sdnotify.md
@@ -0,0 +1,10 @@
+#### **--sdnotify**=**container** | *conmon* | *ignore*
+
+Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify.
+
+Default is **container**, which means allow the OCI runtime to proxy the socket into the
+container to receive ready notification. Podman will set the MAINPID to conmon's pid.
+The **conmon** option sets MAINPID to conmon's pid, and sends READY when the container
+has started. The socket is never passed to the runtime or the container.
+The **ignore** option removes NOTIFY_SOCKET from the environment for itself and child processes,
+for the case where some other process above Podman uses NOTIFY_SOCKET and Podman should not use it.
diff --git a/docs/source/markdown/options/seccomp-policy.md b/docs/source/markdown/options/seccomp-policy.md
new file mode 100644
index 000000000..3b2eb7553
--- /dev/null
+++ b/docs/source/markdown/options/seccomp-policy.md
@@ -0,0 +1,5 @@
+#### **--seccomp-policy**=*policy*
+
+Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.containers.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below.
+
+Note that this feature is experimental and may change in the future.
diff --git a/docs/source/markdown/options/secret.md b/docs/source/markdown/options/secret.md
new file mode 100644
index 000000000..ff2c0ab83
--- /dev/null
+++ b/docs/source/markdown/options/secret.md
@@ -0,0 +1,22 @@
+#### **--secret**=*secret[,opt=opt ...]*
+
+Give the container access to a secret. Can be specified multiple times.
+
+A secret is a blob of sensitive data which a container needs at runtime but
+should not be stored in the image or in source control, such as usernames and passwords,
+TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
+
+When secrets are specified as type `mount`, the secrets are copied and mounted into the container when a container is created.
+When secrets are specified as type `env`, the secret will be set as an environment variable within the container.
+Secrets are written in the container at the time of container creation, and modifying the secret using `podman secret` commands
+after the container is created will not affect the secret inside the container.
+
+Secrets and its storage are managed using the `podman secret` command.
+
+Secret Options
+
+- `type=mount|env`    : How the secret will be exposed to the container. Default mount.
+- `target=target`     : Target of secret. Defaults to secret name.
+- `uid=0`             : UID of secret. Defaults to 0. Mount secret type only.
+- `gid=0`             : GID of secret. Defaults to 0. Mount secret type only.
+- `mode=0`            : Mode of secret. Defaults to 0444. Mount secret type only.
diff --git a/docs/source/markdown/options/shm-size.md b/docs/source/markdown/options/shm-size.md
new file mode 100644
index 000000000..18cafcb86
--- /dev/null
+++ b/docs/source/markdown/options/shm-size.md
@@ -0,0 +1,6 @@
+#### **--shm-size**=*number[unit]*
+
+Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
+If you omit the unit, the system uses bytes. If you omit the size entirely, the default is **64m**.
+When _size_ is **0**, there is no limit on the amount of memory used for IPC by the <<container|pod>>.
+This option conflicts with **--ipc=host**.
diff --git a/docs/source/markdown/options/signal.md b/docs/source/markdown/options/signal.md
new file mode 100644
index 000000000..6e6c03657
--- /dev/null
+++ b/docs/source/markdown/options/signal.md
@@ -0,0 +1,4 @@
+#### **--signal**, **-s**=**signal**
+
+Signal to send to the container<<|s in the pod>>. For more information on Linux signals, refer to *signal(7)*.
+The default is **SIGKILL**.
diff --git a/docs/source/markdown/options/since.md b/docs/source/markdown/options/since.md
new file mode 100644
index 000000000..9f20722df
--- /dev/null
+++ b/docs/source/markdown/options/since.md
@@ -0,0 +1,6 @@
+#### **--since**=*TIMESTAMP*
+
+Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration
+strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
+time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
+and 2006-01-02.
diff --git a/docs/source/markdown/options/stop-signal.md b/docs/source/markdown/options/stop-signal.md
new file mode 100644
index 000000000..e70d715b8
--- /dev/null
+++ b/docs/source/markdown/options/stop-signal.md
@@ -0,0 +1,3 @@
+#### **--stop-signal**=*signal*
+
+Signal to stop a container. Default is **SIGTERM**.
diff --git a/docs/source/markdown/options/stop-timeout.md b/docs/source/markdown/options/stop-timeout.md
new file mode 100644
index 000000000..2845e70ae
--- /dev/null
+++ b/docs/source/markdown/options/stop-timeout.md
@@ -0,0 +1,4 @@
+#### **--stop-timeout**=*seconds*
+
+Timeout to stop a container. Default is **10**.
+Remote connections use local containers.conf for defaults
diff --git a/docs/source/markdown/options/subgidname.md b/docs/source/markdown/options/subgidname.md
new file mode 100644
index 000000000..1ca0496d0
--- /dev/null
+++ b/docs/source/markdown/options/subgidname.md
@@ -0,0 +1,5 @@
+#### **--subgidname**=*name*
+
+Run the container in a new user namespace using the map with _name_ in the _/etc/subgid_ file.
+If running rootless, the user needs to have the right to use the mapping. See **subgid**(5).
+This flag conflicts with **--userns** and **--gidmap**.
diff --git a/docs/source/markdown/options/subuidname.md b/docs/source/markdown/options/subuidname.md
new file mode 100644
index 000000000..bd7b61575
--- /dev/null
+++ b/docs/source/markdown/options/subuidname.md
@@ -0,0 +1,5 @@
+#### **--subuidname**=*name*
+
+Run the container in a new user namespace using the map with _name_ in the _/etc/subuid_ file.
+If running rootless, the user needs to have the right to use the mapping. See **subuid**(5).
+This flag conflicts with **--userns** and **--uidmap**.
diff --git a/docs/source/markdown/options/sysctl.md b/docs/source/markdown/options/sysctl.md
new file mode 100644
index 000000000..6fc1bbebe
--- /dev/null
+++ b/docs/source/markdown/options/sysctl.md
@@ -0,0 +1,21 @@
+#### **--sysctl**=*name=value*
+
+Configure namespaced kernel parameters <<at runtime|for all containers in the pod>>.
+
+For the IPC namespace, the following sysctls are allowed:
+
+- kernel.msgmax
+- kernel.msgmnb
+- kernel.msgmni
+- kernel.sem
+- kernel.shmall
+- kernel.shmmax
+- kernel.shmmni
+- kernel.shm_rmid_forced
+- Sysctls beginning with fs.mqueue.\*
+
+Note: <<if you use the **--ipc=host** option|if the ipc namespace is not shared within the pod>>, the above sysctls are not allowed.
+
+For the network namespace, only sysctls beginning with net.\* are allowed.
+
+Note: <<if you use the **--network=host** option|if the network namespace is not shared within the pod>>, the above sysctls are not allowed.
diff --git a/docs/source/markdown/options/systemd.md b/docs/source/markdown/options/systemd.md
new file mode 100644
index 000000000..a341edbc2
--- /dev/null
+++ b/docs/source/markdown/options/systemd.md
@@ -0,0 +1,29 @@
+#### **--systemd**=*true* | *false* | *always*
+
+Run container in systemd mode. The default is **true**.
+
+The value *always* enforces the systemd mode is enforced without
+looking at the executable name. Otherwise, if set to true and the
+command you are running inside the container is **systemd**, **/usr/sbin/init**,
+**/sbin/init** or **/usr/local/sbin/init**.
+
+Running the container in systemd mode causes the following changes:
+
+* Podman mounts tmpfs file systems on the following directories
+  * _/run_
+  * _/run/lock_
+  * _/tmp_
+  * _/sys/fs/cgroup/systemd_
+  * _/var/lib/journal_
+* Podman sets the default stop signal to **SIGRTMIN+3**.
+* Podman sets **container_uuid** environment variable in the container to the
+first 32 characters of the container id.
+
+This allows systemd to run in a confined container without any modifications.
+
+Note that on **SELinux** systems, systemd attempts to write to the cgroup
+file system. Containers writing to the cgroup file system are denied by default.
+The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
+```
+setsebool -P container_manage_cgroup true
+```
diff --git a/docs/source/markdown/options/tail.md b/docs/source/markdown/options/tail.md
new file mode 100644
index 000000000..463b6fc3f
--- /dev/null
+++ b/docs/source/markdown/options/tail.md
@@ -0,0 +1,4 @@
+#### **--tail**=*LINES*
+
+Output the specified number of LINES at the end of the logs.  LINES must be an integer.  Defaults to -1,
+which prints all lines
diff --git a/docs/source/markdown/options/timeout.md b/docs/source/markdown/options/timeout.md
new file mode 100644
index 000000000..731feb973
--- /dev/null
+++ b/docs/source/markdown/options/timeout.md
@@ -0,0 +1,5 @@
+#### **--timeout**=*seconds*
+
+Maximum time a container is allowed to run before conmon sends it the kill
+signal.  By default containers will run until they exit or are stopped by
+`podman stop`.
diff --git a/docs/source/markdown/options/timestamps.md b/docs/source/markdown/options/timestamps.md
new file mode 100644
index 000000000..a449216aa
--- /dev/null
+++ b/docs/source/markdown/options/timestamps.md
@@ -0,0 +1,3 @@
+#### **--timestamps**, **-t**
+
+Show timestamps in the log outputs.  The default is false
diff --git a/docs/source/markdown/options/tls-verify.md b/docs/source/markdown/options/tls-verify.md
new file mode 100644
index 000000000..e3d6f491f
--- /dev/null
+++ b/docs/source/markdown/options/tls-verify.md
@@ -0,0 +1,5 @@
+#### **--tls-verify**
+
+Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
+then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
+TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
diff --git a/docs/source/markdown/options/tmpfs.md b/docs/source/markdown/options/tmpfs.md
new file mode 100644
index 000000000..0d6652dcd
--- /dev/null
+++ b/docs/source/markdown/options/tmpfs.md
@@ -0,0 +1,14 @@
+#### **--tmpfs**=*fs*
+
+Create a tmpfs mount.
+
+Mount a temporary filesystem (**tmpfs**) mount into a container, for example:
+
+```
+$ podman <<subcommand>> -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
+```
+
+This command mounts a **tmpfs** at _/tmp_ within the container. The supported mount
+options are the same as the Linux default mount flags. If you do not specify
+any options, the system uses the following options:
+**rw,noexec,nosuid,nodev**.
diff --git a/docs/source/markdown/options/tty.md b/docs/source/markdown/options/tty.md
new file mode 100644
index 000000000..04bd8af2c
--- /dev/null
+++ b/docs/source/markdown/options/tty.md
@@ -0,0 +1,9 @@
+#### **--tty**, **-t**
+
+Allocate a pseudo-TTY. The default is **false**.
+
+When set to **true**, Podman will allocate a pseudo-tty and attach to the standard
+input of the container. This can be used, for example, to run a throwaway
+interactive shell.
+
+**NOTE**: The --tty flag prevents redirection of standard output.  It combines STDOUT and STDERR, it can insert control characters, and it can hang pipes. This option should only be used when run interactively in a terminal. When feeding input to Podman, use -i only, not -it.
diff --git a/docs/source/markdown/options/tz.md b/docs/source/markdown/options/tz.md
new file mode 100644
index 000000000..0442e8a76
--- /dev/null
+++ b/docs/source/markdown/options/tz.md
@@ -0,0 +1,4 @@
+#### **--tz**=*timezone*
+
+Set timezone in container. This flag takes area-based timezones, GMT time, as well as `local`, which sets the timezone in the container to match the host machine. See `/usr/share/zoneinfo/` for valid timezones.
+Remote connections use local containers.conf for defaults
diff --git a/docs/source/markdown/options/uidmap.container.md b/docs/source/markdown/options/uidmap.container.md
new file mode 100644
index 000000000..9e21494dd
--- /dev/null
+++ b/docs/source/markdown/options/uidmap.container.md
@@ -0,0 +1,79 @@
+#### **--uidmap**=*container_uid:from_uid:amount*
+
+Run the container in a new user namespace using the supplied UID mapping. This
+option conflicts with the **--userns** and **--subuidname** options. This
+option provides a way to map host UIDs to container UIDs. It can be passed
+several times to map different ranges.
+
+The _from_uid_ value is based upon the user running the command, either rootful or rootless users.
+* rootful user:  *container_uid*:*host_uid*:*amount*
+* rootless user: *container_uid*:*intermediate_uid*:*amount*
+
+When **podman <<subcommand>>** is called by a privileged user, the option **--uidmap**
+works as a direct mapping between host UIDs and container UIDs.
+
+host UID -> container UID
+
+The _amount_ specifies the number of consecutive UIDs that will be mapped.
+If for example _amount_ is **4** the mapping would look like:
+
+|   host UID     |    container UID    |
+| -              | -                   |
+| _from_uid_     | _container_uid_     |
+| _from_uid_ + 1 | _container_uid_ + 1 |
+| _from_uid_ + 2 | _container_uid_ + 2 |
+| _from_uid_ + 3 | _container_uid_ + 3 |
+
+When **podman <<subcommand>>** is called by an unprivileged user (i.e. running rootless),
+the value _from_uid_ is interpreted as an "intermediate UID". In the rootless
+case, host UIDs are not mapped directly to container UIDs. Instead the mapping
+happens over two mapping steps:
+
+host UID -> intermediate UID -> container UID
+
+The **--uidmap** option only influences the second mapping step.
+
+The first mapping step is derived by Podman from the contents of the file
+_/etc/subuid_ and the UID of the user calling Podman.
+
+First mapping step:
+
+| host UID                                         | intermediate UID |
+| -                                                |                - |
+| UID for the user starting Podman                 |                0 |
+| 1st subordinate UID for the user starting Podman |                1 |
+| 2nd subordinate UID for the user starting Podman |                2 |
+| 3rd subordinate UID for the user starting Podman |                3 |
+| nth subordinate UID for the user starting Podman |                n |
+
+To be able to use intermediate UIDs greater than zero, the user needs to have
+subordinate UIDs configured in _/etc/subuid_. See **subuid**(5).
+
+The second mapping step is configured with **--uidmap**.
+
+If for example _amount_ is **5** the second mapping step would look like:
+
+|   intermediate UID   |    container UID    |
+| -                    | -                   |
+| _from_uid_           | _container_uid_     |
+| _from_uid_ + 1       | _container_uid_ + 1 |
+| _from_uid_ + 2       | _container_uid_ + 2 |
+| _from_uid_ + 3       | _container_uid_ + 3 |
+| _from_uid_ + 4       | _container_uid_ + 4 |
+
+When running as rootless, Podman will use all the ranges configured in the _/etc/subuid_ file.
+
+The current user ID is mapped to UID=0 in the rootless user namespace.
+Every additional range is added sequentially afterward:
+
+|   host                |rootless user namespace | length              |
+| -                     | -                      | -                   |
+| $UID                  | 0                      | 1                   |
+| 1                     | $FIRST_RANGE_ID        | $FIRST_RANGE_LENGTH |
+| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID       | $SECOND_RANGE_LENGTH|
+
+Even if a user does not have any subordinate UIDs in  _/etc/subuid_,
+**--uidmap** could still be used to map the normal UID of the user to a
+container UID by running `podman <<subcommand>> --uidmap $container_uid:0:1 --user $container_uid ...`.
+
+Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod.
diff --git a/docs/source/markdown/options/uidmap.pod.md b/docs/source/markdown/options/uidmap.pod.md
new file mode 100644
index 000000000..ad1f1658f
--- /dev/null
+++ b/docs/source/markdown/options/uidmap.pod.md
@@ -0,0 +1,6 @@
+#### **--uidmap**=*container_uid:from_uid:amount*
+
+Run all containers in the pod in a new user namespace using the supplied mapping. This
+option conflicts with the **--userns** and **--subuidname** options. This
+option provides a way to map host UIDs to container UIDs. It can be passed
+several times to map different ranges.
diff --git a/docs/source/markdown/options/ulimit.md b/docs/source/markdown/options/ulimit.md
new file mode 100644
index 000000000..c23163acc
--- /dev/null
+++ b/docs/source/markdown/options/ulimit.md
@@ -0,0 +1,3 @@
+#### **--ulimit**=*option*
+
+Ulimit options. You can use **host** to copy the current configuration from the host.
diff --git a/docs/source/markdown/options/umask.md b/docs/source/markdown/options/umask.md
new file mode 100644
index 000000000..55668b6da
--- /dev/null
+++ b/docs/source/markdown/options/umask.md
@@ -0,0 +1,4 @@
+#### **--umask**=*umask*
+
+Set the umask inside the container. Defaults to `0022`.
+Remote connections use local containers.conf for defaults
diff --git a/docs/source/markdown/options/unsetenv-all.md b/docs/source/markdown/options/unsetenv-all.md
new file mode 100644
index 000000000..3aad2e805
--- /dev/null
+++ b/docs/source/markdown/options/unsetenv-all.md
@@ -0,0 +1,5 @@
+#### **--unsetenv-all**
+
+Unset all default environment variables for the container. Default environment
+variables include variables provided natively by Podman, environment variables
+configured by the image, and environment variables from containers.conf.
diff --git a/docs/source/markdown/options/unsetenv.md b/docs/source/markdown/options/unsetenv.md
new file mode 100644
index 000000000..3f4d31d48
--- /dev/null
+++ b/docs/source/markdown/options/unsetenv.md
@@ -0,0 +1,5 @@
+#### **--unsetenv**=*env*
+
+Unset default environment variables for the container. Default environment
+variables include variables provided natively by Podman, environment variables
+configured by the image, and environment variables from containers.conf.
diff --git a/docs/source/markdown/options/until.md b/docs/source/markdown/options/until.md
new file mode 100644
index 000000000..d656d976b
--- /dev/null
+++ b/docs/source/markdown/options/until.md
@@ -0,0 +1,6 @@
+#### **--until**=*TIMESTAMP*
+
+Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
+strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
+time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
+and 2006-01-02.
diff --git a/docs/source/markdown/options/user.md b/docs/source/markdown/options/user.md
new file mode 100644
index 000000000..6cf12d347
--- /dev/null
+++ b/docs/source/markdown/options/user.md
@@ -0,0 +1,7 @@
+#### **--user**, **-u**=*user[:group]*
+
+Sets the username or UID used and, optionally, the groupname or GID for the specified command. Both *user* and *group* may be symbolic or numeric.
+
+Without this argument, the command will run as the user specified in the container image. Unless overridden by a `USER` command in the Containerfile or by a value passed to this option, this user generally defaults to root.
+
+When a user namespace is not in use, the UID and GID used within the container and on the host will match. When user namespaces are in use, however, the UID and GID in the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in the container will by default correspond to the UID and GID of the user invoking Podman.
diff --git a/docs/source/markdown/options/userns.container.md b/docs/source/markdown/options/userns.container.md
new file mode 100644
index 000000000..8f96892df
--- /dev/null
+++ b/docs/source/markdown/options/userns.container.md
@@ -0,0 +1,47 @@
+#### **--userns**=*mode*
+
+Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options.
+
+This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
+
+Rootless user --userns=Key mappings:
+
+Key       | Host User |  Container User
+----------|---------------|---------------------
+""        |$UID           |0 (Default User account mapped to root user in container.)
+keep-id   |$UID           |$UID (Map user account to same UID within container.)
+auto      |$UID           | nil (Host User UID is not mapped into container.)
+nomap     |$UID           | nil (Host User UID is not mapped into container.)
+
+Valid _mode_ values are:
+
+**auto**[:_OPTIONS,..._]: automatically create a unique user namespace.
+
+The `--userns=auto` flag, requires that the user name `containers` and a range of subordinate user ids that the Podman container is allowed to use be specified in the /etc/subuid and /etc/subgid files.
+
+Example: `containers:2147483647:2147483648`.
+
+Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option.
+
+The rootless option `--userns=keep-id` uses all the subuids and subgids of the user. Using `--userns=auto` when starting new containers will not work as long as any containers exist that were started with `--userns=keep-id`.
+
+  Valid `auto` options:
+
+  - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace.
+  - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
+  - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace.
+
+**container:**_id_: join the user namespace of the specified container.
+
+**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+
+**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is not allowed for containers created by the root user.
+
+  Valid `keep-id` options:
+
+  - *uid*=UID: override the UID inside the container that will be used to map the current rootless user to.
+  - *gid*=GID: override the GID inside the container that will be used to map the current rootless user to.
+
+**nomap**: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is not allowed for containers created by the root user.
+
+**ns:**_namespace_: run the <<container|pod>> in the given existing user namespace.
diff --git a/docs/source/markdown/options/userns.pod.md b/docs/source/markdown/options/userns.pod.md
new file mode 100644
index 000000000..389f47bd5
--- /dev/null
+++ b/docs/source/markdown/options/userns.pod.md
@@ -0,0 +1,28 @@
+#### **--userns**=*mode*
+
+Set the user namespace mode for all the containers in a pod. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled.
+
+Rootless user --userns=Key mappings:
+
+Key       | Host User |  Container User
+----------|---------------|---------------------
+""        |$UID           |0 (Default User account mapped to root user in container.)
+keep-id   |$UID           |$UID (Map user account to same UID within container.)
+auto      |$UID           | nil (Host User UID is not mapped into container.)
+nomap     |$UID           | nil (Host User UID is not mapped into container.)
+
+Valid _mode_ values are:
+
+  - *auto[:*_OPTIONS,..._*]*: automatically create a namespace. It is possible to specify these options to `auto`:
+
+  - *gidmapping=*_CONTAINER_GID:HOST_GID:SIZE_ to force a GID mapping to be present in the user namespace.
+
+  - *size=*_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
+
+  - *uidmapping=*_CONTAINER_UID:HOST_UID:SIZE_ to force a UID mapping to be present in the user namespace.
+
+  - *host*: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
+
+  - *keep-id*: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is not allowed for containers created by the root user.
+
+  - *nomap*: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is not allowed for containers created by the root user.
diff --git a/docs/source/markdown/options/uts.container.md b/docs/source/markdown/options/uts.container.md
new file mode 100644
index 000000000..74a5f33d1
--- /dev/null
+++ b/docs/source/markdown/options/uts.container.md
@@ -0,0 +1,8 @@
+#### **--uts**=*mode*
+
+Set the UTS namespace mode for the container. The following values are supported:
+
+- **host**: use the host's UTS namespace inside the container.
+- **private**: create a new namespace for the container (default).
+- **ns:[path]**: run the container in the given existing UTS namespace.
+- **container:[container]**: join the UTS namespace of the specified container.
diff --git a/docs/source/markdown/options/uts.pod.md b/docs/source/markdown/options/uts.pod.md
new file mode 100644
index 000000000..6144e3f70
--- /dev/null
+++ b/docs/source/markdown/options/uts.pod.md
@@ -0,0 +1,7 @@
+#### **--uts**=*mode*
+
+Set the UTS namespace mode for the pod. The following values are supported:
+
+- **host**: use the host's UTS namespace inside the pod.
+- **private**: create a new namespace for the pod (default).
+- **ns:[path]**: run the pod in the given existing UTS namespace.
diff --git a/docs/source/markdown/options/volume.md b/docs/source/markdown/options/volume.md
new file mode 100644
index 000000000..9c4a7f981
--- /dev/null
+++ b/docs/source/markdown/options/volume.md
@@ -0,0 +1,176 @@
+#### **--volume**, **-v**=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*
+
+Create a bind mount. If `-v /HOST-DIR:/CONTAINER-DIR` is specified, Podman
+bind mounts `/HOST-DIR` from the host into `/CONTAINER-DIR` in the Podman
+container. Similarly, `-v SOURCE-VOLUME:/CONTAINER-DIR` will mount the named
+volume from the host into the container. If no such named volume exists, Podman will
+create one. (Note when using the remote client, including Mac and Windows (excluding WSL2) machines, the volumes will be mounted from the remote server, not necessarily the client machine.)
+
+The _OPTIONS_ is a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup>
+
+* **rw**|**ro**
+* **z**|**Z**
+* [**O**]
+* [**U**]
+* [**no**]**copy**
+* [**no**]**dev**
+* [**no**]**exec**
+* [**no**]**suid**
+* [**r**]**bind**
+* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable**
+
+The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
+will be mounted into the container at this directory.
+
+Volumes may specify a source as well, as either a directory on the host
+or the name of a named volume. If no source is given, the volume will be created as an
+anonymously named volume with a randomly generated name, and will be removed when
+the <<container|pod>> is removed via the `--rm` flag or the `podman rm --volumes` command.
+
+If a volume source is specified, it must be a path on the host or the name of a
+named volume. Host paths are allowed to be absolute or relative; relative paths
+are resolved relative to the directory Podman is run in. If the source does not
+exist, Podman will return an error. Users must pre-create the source files or
+directories.
+
+Any source that does not begin with a `.` or `/` will be treated as the name of
+a named volume. If a volume with that name does not exist, it will be created.
+Volumes created with names are not anonymous, and they are not removed by the `--rm`
+option and the `podman rm --volumes` command.
+
+Specify multiple **-v** options to mount one or more volumes into a
+<<container|pod>>.
+
+  `Write Protected Volume Mounts`
+
+Add **:ro** or **:rw** option to mount a volume in read-only or
+read-write mode, respectively. By default, the volumes are mounted read-write.
+See examples.
+
+  `Chowning Volume Mounts`
+
+By default, Podman does not change the owner and group of source volume
+directories mounted into containers. If a <<container|pod>> is created in a new user
+namespace, the UID and GID in the container may correspond to another UID and
+GID on the host.
+
+The `:U` suffix tells Podman to use the correct host UID and GID based on the
+UID and GID within the <<container|pod>>, to change recursively the owner and group of
+the source volume.
+
+**Warning** use with caution since this will modify the host filesystem.
+
+  `Labeling Volume Mounts`
+
+Labeling systems like SELinux require that proper labels are placed on volume
+content mounted into a <<container|pod>>. Without a label, the security system might
+prevent the processes running inside the <<container|pod>> from using the content. By
+default, Podman does not change the labels set by the OS.
+
+To change a label in the <<container|pod>> context, add either of two suffixes
+**:z** or **:Z** to the volume mount. These suffixes tell Podman to relabel file
+objects on the shared volumes. The **z** option tells Podman that two <<containers|pods>>
+share the volume content. As a result, Podman labels the content with a shared
+content label. Shared volume labels allow all containers to read/write content.
+The **Z** option tells Podman to label the content with a private unshared label.
+Only the current <<container|pod>> can use a private volume.
+
+Note: Do not relabel system files and directories. Relabeling system content
+might cause other confined services on your machine to fail.  For these types
+of containers we recommend disabling SELinux separation.  The option
+**--security-opt label=disable** disables SELinux separation for the <<container|pod>>.
+For example if a user wanted to volume mount their entire home directory into a
+<<container|pod>>, they need to disable SELinux separation.
+
+	   $ podman <<fullsubcommand>> --security-opt label=disable -v $HOME:/home/user fedora touch /home/user/file
+
+  `Overlay Volume Mounts`
+
+   The `:O` flag tells Podman to mount the directory from the host as a
+temporary storage using the `overlay file system`. The <<container|pod>> processes
+can modify content within the mountpoint which is stored in the
+container storage in a separate directory. In overlay terms, the source
+directory will be the lower, and the container storage directory will be the
+upper. Modifications to the mount point are destroyed when the <<container|pod>>
+finishes executing, similar to a tmpfs mount point being unmounted.
+
+For advanced users, the **overlay** option also supports custom non-volatile
+**upperdir** and **workdir** for the overlay mount. Custom **upperdir** and
+**workdir** can be fully managed by the users themselves, and Podman will not
+remove it on lifecycle completion.
+Example **:O,upperdir=/some/upper,workdir=/some/work**
+
+  Subsequent executions of the container will see the original source directory
+content, any changes from previous <<container|pod>> executions no longer exist.
+
+  One use case of the overlay mount is sharing the package cache from the
+host into the container to allow speeding up builds.
+
+  Note:
+
+     - The `O` flag conflicts with other options listed above.
+Content mounted into the container is labeled with the private label.
+       On SELinux systems, labels in the source directory must be readable
+by the <<|pod infra>> container label. Usually containers can read/execute `container_share_t`
+and can read/write `container_file_t`. If unable to change the labels on a
+source volume, SELinux container separation must be disabled for the <<|pod or infra>> container
+to work.
+     - The source directory mounted into the <<container|pod>> with an overlay mount
+should not be modified, it can cause unexpected failures. It is recommended
+to not modify the directory until the container finishes running.
+
+  `Mounts propagation`
+
+By default bind mounted volumes are `private`. That means any mounts done
+inside the <<container|pod>> will not be visible on host and vice versa. One can change
+this behavior by specifying a volume mount propagation property. Making a
+volume shared mounts done under that volume inside the <<container|pod>> will be
+visible on host and vice versa. Making a volume **slave** enables only one
+way mount propagation and that is mounts done on host under that volume
+will be visible inside container but not the other way around. <sup>[[1]](#Footnote1)</sup>
+
+To control mount propagation property of a volume one can use the [**r**]**shared**,
+[**r**]**slave**, [**r**]**private** or the [**r**]**unbindable** propagation flag.
+Propagation property can be specified only for bind mounted volumes and not for
+internal volumes or named volumes. For mount propagation to work the source mount
+point (the mount point where source dir is mounted on) has to have the right propagation
+properties. For shared volumes, the source mount point has to be shared. And for
+slave volumes, the source mount point has to be either shared or slave.
+<sup>[[1]](#Footnote1)</sup>
+
+To recursively mount a volume and all of its submounts into a
+<<container|pod>>, use the **rbind** option. By default the bind option is
+used, and submounts of the source directory will not be mounted into the
+<<container|pod>>.
+
+Mounting the volume with the **nosuid** options means that SUID applications on
+the volume will not be able to change their privilege. By default volumes
+are mounted with **nosuid**.
+
+Mounting the volume with the **noexec** option means that no executables on the
+volume will be able to be executed within the <<container|pod>>.
+
+Mounting the volume with the **nodev** option means that no devices on the volume
+will be able to be used by processes within the <<container|pod>>. By default volumes
+are mounted with **nodev**.
+
+If the _HOST-DIR_ is a mount point, then **dev**, **suid**, and **exec** options are
+ignored by the kernel.
+
+Use **df HOST-DIR** to figure out the source mount, then use
+**findmnt -o TARGET,PROPAGATION _source-mount-dir_** to figure out propagation
+properties of source mount. If **findmnt**(1) utility is not available, then one
+can look at the mount entry for the source mount point in _/proc/self/mountinfo_. Look
+at the "optional fields" and see if any propagation properties are specified.
+In there, **shared:N** means the mount is shared, **master:N** means mount
+is slave, and if nothing is there, the mount is private. <sup>[[1]](#Footnote1)</sup>
+
+To change propagation properties of a mount point, use **mount**(8) command. For
+example, if one wants to bind mount source directory _/foo_, one can do
+**mount --bind /foo /foo** and **mount --make-private --make-shared /foo**. This
+will convert /foo into a shared mount point. Alternatively, one can directly
+change propagation properties of source mount. Say _/_ is source mount for
+_/foo_, then use **mount --make-shared /** to convert _/_ into a shared mount.
+
+Note: if the user only has access rights via a group, accessing the volume
+from inside a rootless <<container|pod>> will fail.
diff --git a/docs/source/markdown/options/volumes-from.md b/docs/source/markdown/options/volumes-from.md
new file mode 100644
index 000000000..ebef116e7
--- /dev/null
+++ b/docs/source/markdown/options/volumes-from.md
@@ -0,0 +1,32 @@
+#### **--volumes-from**=*CONTAINER[:OPTIONS]*
+
+Mount volumes from the specified container(s). Used to share volumes between
+containers<<| and pods>>. The *options* is a comma-separated list with the following available elements:
+
+* **rw**|**ro**
+* **z**
+
+Mounts already mounted volumes from a source container onto another
+<<container|pod>>. _CONTAINER_ may be a name or ID.
+To share a volume, use the --volumes-from option when running
+the target container. Volumes can be shared even if the source container
+is not running.
+
+By default, Podman mounts the volumes in the same mode (read-write or
+read-only) as it is mounted in the source container.
+This can be changed by adding a `ro` or `rw` _option_.
+
+Labeling systems like SELinux require that proper labels are placed on volume
+content mounted into a <<container|pod>>. Without a label, the security system might
+prevent the processes running inside the container from using the content. By
+default, Podman does not change the labels set by the OS.
+
+To change a label in the <<container|pod>> context, add `z` to the volume mount.
+This suffix tells Podman to relabel file objects on the shared volumes. The `z`
+option tells Podman that two entities share the volume content. As a result,
+Podman labels the content with a shared content label. Shared volume labels allow
+all containers to read/write content.
+
+If the location of the volume from the source container overlaps with
+data residing on a target <<container|pod>>, then the volume hides
+that data on the target.
diff --git a/docs/source/markdown/options/workdir.md b/docs/source/markdown/options/workdir.md
new file mode 100644
index 000000000..12f3ddd44
--- /dev/null
+++ b/docs/source/markdown/options/workdir.md
@@ -0,0 +1,7 @@
+#### **--workdir**, **-w**=*dir*
+
+Working directory inside the container.
+
+The default working directory for running binaries within a container is the root directory (**/**).
+The image developer can set a different default with the WORKDIR instruction. The operator
+can override the working directory by using the **-w** option.
diff --git a/docs/source/markdown/podman-attach.1.md b/docs/source/markdown/podman-attach.1.md
index 985cfa0e8..c073fccf8 100644
--- a/docs/source/markdown/podman-attach.1.md
+++ b/docs/source/markdown/podman-attach.1.md
@@ -1,4 +1,4 @@
-% podman-attach(1)
+% podman-attach 1
 
 ## NAME
 podman\-attach - Attach to a running container
diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md.in
index 992c87432..cd9a08a78 100644
--- a/docs/source/markdown/podman-auto-update.1.md
+++ b/docs/source/markdown/podman-auto-update.1.md.in
@@ -1,4 +1,4 @@
-% podman-auto-update(1)
+% podman-auto-update 1
 
 ## NAME
 podman\-auto-update - Auto update containers according to their auto-update policy
@@ -29,17 +29,25 @@ This data is then being used in the auto-update sequence to instruct systemd (vi
 Note that **podman auto-update** relies on systemd. The systemd units are expected to be generated with **[podman-generate-systemd --new](podman-generate-systemd.1.md#--new)**, or similar units that create new containers in order to run the updated images.
 Systemd units that start and stop a container cannot run a new image.
 
+### Auto Updates and Kubernetes YAML
+
+Podman supports auto updates for Kubernetes workloads.  As mentioned above, `podman auto-update` requires the containers to be running systemd.  Podman ships with a systemd template that can be instantiated with a Kubernetes YAML file, see podman-generate-systemd(1).
+
+To enable auto updates for containers running in a Kubernetes workload, set the following Podman-specific annotations in the YAML:
+ * `io.containers.autoupdate: "registry|local"` to apply the auto-update policy to all containers
+ * `io.containers.autoupdate/$container: "registry|local"` to apply the auto-update policy to `$container` only
+ * `io.containers.sdnotify: "conmon|container"` to apply the sdnotify policy to all containers
+ * `io.containers.sdnotify/$container: "conmon|container"` to apply the sdnotify policy to `$container` only
+
+By default, the autoupdate policy is set to "disabled", the sdnotify policy is set to "conmon".
+
 ### Systemd Unit and Timer
 
 Podman ships with a `podman-auto-update.service` systemd unit. This unit is triggered daily at midnight by the `podman-auto-update.timer` systemd timer.  The timer can be altered for custom time-based updates if desired.  The unit can further be invoked by other systemd units (e.g., via the dependency tree) or manually via **systemctl start podman-auto-update.service**.
 
 ## OPTIONS
-#### **--authfile**=*path*
-
-Path of the authentication file. Default is `${XDG_RUNTIME_DIR}/containers/auth.json`, which is set using **[podman login](podman-login.1.md)**.
-If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using **docker login**.
 
-Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**.
+@@option authfile
 
 #### **--dry-run**
 
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md.in
index ba7081ff5..e201806e5 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md.in
@@ -1,4 +1,4 @@
-% podman-build(1)
+% podman-build 1
 
 ## NAME
 podman\-build - Build a container image using a Containerfile
@@ -47,12 +47,7 @@ command to see these containers. External containers can be removed with the
 
 ## OPTIONS
 
-#### **--add-host**=*host*
-
-Add a custom host-to-IP mapping (host:ip)
-
-Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option
-can be set multiple times. Conflicts with the --no-hosts option.
+@@option add-host
 
 #### **--all-platforms**
 
@@ -70,19 +65,11 @@ discarded when writing images in Docker formats.
 
 Set the architecture of the image to be built, and that of the base image to be
 pulled, if the build uses one, to the provided value instead of using the
-architecture of the build host. (Examples: arm, arm64, 386, amd64, ppc64le,
-s390x)
-
-#### **--authfile**=*path*
-
-Path of the authentication file. Default is
-${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
-If the authorization state is not found there, $HOME/.docker/config.json is
-checked, which is set using `docker login`.
+architecture of the build host. Unless overridden, subsequent lookups of the
+same image in the local storage will match this architecture, regardless of the
+host. (Examples: arm, arm64, 386, amd64, ppc64le, s390x)
 
-Note: You can also override the default path of the authentication file by
-setting the REGISTRY\_AUTH\_FILE environment variable.
-`export REGISTRY_AUTH_FILE=path`
+@@option authfile
 
 #### **--build-arg**=*arg=value*
 
@@ -120,8 +107,43 @@ The value of [name] is matched with the following priority order:
 
 #### **--cache-from**
 
-Images to utilize as potential cache sources. Podman does not currently support
-caching so this is a NOOP. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+Repository to utilize as a potential cache source. When specified, Buildah will try to look for
+cache images in the specified repository and will attempt to pull cache images instead of actually
+executing the build steps locally. Buildah will only attempt to pull previously cached images if they
+are considered as valid cache hits.
+
+Use the `--cache-to` option to populate a remote repository with cache content.
+
+Example
+
+```bash
+# populate a cache and also consult it
+buildah build -t test --layers --cache-to registry/myrepo/cache --cache-from registry/myrepo/cache .
+```
+
+Note: `--cache-from` option is ignored unless `--layers` is specified.
+
+#### **--cache-to**
+
+Set this flag to specify a remote repository that will be used to store cache images. Buildah will attempt to
+push newly built cache image to the remote repository.
+
+Note: Use the `--cache-from` option in order to use cache content in a remote repository.
+
+Example
+
+```bash
+# populate a cache and also consult it
+buildah build -t test --layers --cache-to registry/myrepo/cache --cache-from registry/myrepo/cache .
+```
+
+Note: `--cache-to` option is ignored unless `--layers` is specified.
+
+#### **--cache-ttl**
+
+Limit the use of cached images to only consider images with created timestamps less than *duration* ago.
+For example if `--cache-ttl=1h` is specified, Buildah will only consider intermediate cache images which are created
+under the duration of one hour, and intermediate cache images outside this duration will be ignored.
 
 #### **--cap-add**=*CAP\_xxx*
 
@@ -134,8 +156,8 @@ more.
 
 When executing RUN instructions, run the command specified in the instruction
 with the specified capability removed from its capability set.
-The CAP\_AUDIT\_WRITE, CAP\_CHOWN, CAP\_DAC\_OVERRIDE, CAP\_FOWNER,
-CAP\_FSETID, CAP\_KILL, CAP\_MKNOD, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP,
+The CAP\_CHOWN, CAP\_DAC\_OVERRIDE, CAP\_FOWNER,
+CAP\_FSETID, CAP\_KILL, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP,
 CAP\_SETGID, CAP\_SETPCAP, CAP\_SETUID, and CAP\_SYS\_CHROOT capabilities are
 granted by default; this option can be used to remove them.
 
@@ -143,16 +165,9 @@ If a capability is specified to both the **--cap-add** and **--cap-drop**
 options, it will be dropped, regardless of the order in which the options were
 given.
 
-#### **--cert-dir**=*path*
+@@option cert-dir
 
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--cgroup-parent**=*path*
-
-Path to cgroups under which the cgroup for the container will be created. If the
-path is not absolute, the path is considered to be relative to the cgroups path
-of the init process. Cgroups will be created if they do not already exist.
+@@option cgroup-parent
 
 #### **--cgroupns**=*how*
 
@@ -171,86 +186,17 @@ Thus, compressing the data before sending it is irrelevant to Podman. (This opti
 
 Set additional flags to pass to the C Preprocessor cpp(1). Containerfiles ending with a ".in" suffix will be preprocessed via cpp(1). This option can be used to pass additional flags to cpp.Note: You can also set default CPPFLAGS by setting the BUILDAH_CPPFLAGS environment variable (e.g., export BUILDAH_CPPFLAGS="-DDEBUG").
 
-#### **--cpu-period**=*limit*
-
-Set the CPU period for the Completely Fair Scheduler (CFS), which is a
-duration in microseconds. Once the container's CPU quota is used up, it will
-not be scheduled to run until the current period ends. Defaults to 100000
-microseconds.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpu-quota**=*limit*
-
-Limit the CPU Completely Fair Scheduler (CFS) quota.
-
-Limit the container's CPU usage. By default, containers run with the full
-CPU resource. The limit is a number in microseconds. If you provide a number,
-the container will be allowed to use that much CPU time until the CPU period
-ends (controllable via **--cpu-period**).
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpu-shares**, **-c**=*shares*
+@@option cpu-period
 
-CPU shares (relative weight)
+@@option cpu-quota
 
-By default, all containers get the same proportion of CPU cycles. This
-proportion can be modified by changing the container's CPU share weighting
-relative to the weighting of all other running containers.
+@@option cpu-shares
 
-To modify the proportion from the default of 1024, use the **--cpu-shares**
-option to set the weighting to 2 or higher.
+@@option cpuset-cpus
 
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
+@@option cpuset-mems
 
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If you add a fourth container with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores. If you start one
-container **{C0}** with **-c=512** running one process, and another container
-**{C1}** with **-c=1024** running two processes, this can result in the
-following
-division of CPU shares:
-
-    PID    container	CPU	CPU share
-    100    {C0}		0	100% of CPU0
-    101    {C1}		1	100% of CPU1
-    102    {C1}		2	100% of CPU2
-
-#### **--cpuset-cpus**=*num*
-
-  CPUs in which to allow execution (0-3, 0,1)
-
-#### **--cpuset-mems**=*nodes*
-
-Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on
-NUMA systems.
-
-If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
-then processes in your container will only use memory from the first
-two memory nodes.
-
-#### **--creds**=*creds*
-
-The [username[:password]] to use to authenticate with the registry if required.
-If one or both values are not supplied, a command line prompt will appear and
-the value can be entered.  The password is entered without echo.
+@@option creds
 
 #### **--decryption-key**=*key[:passphrase]*
 
@@ -259,16 +205,7 @@ keys and/or certificates. Decryption will be tried with all keys. If the key is
 protected by a passphrase, it is required to be passed in the argument and
 omitted otherwise.
 
-#### **--device**=*host-device[:container-device][:permissions]*
-
-Add a host device to the container. Optional *permissions* parameter
-can be used to specify device permissions, it is combination of
-**r** for read, **w** for write, and **m** for **mknod**(2).
-
-Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
-
-Note: if *host-device* is a symbolic link then it will be resolved first.
-The container will only store the major and minor numbers of the host device.
+@@option device
 
 Note: if the user only has access rights via a group, accessing the device
 from inside a rootless container will fail. The **[crun(1)](https://github.com/containers/crun/tree/main/crun.1.md)** runtime offers a
@@ -284,24 +221,14 @@ registries, and images being written to local storage would only need to be
 decompressed again to be stored.  Compression can be forced in all cases by
 specifying **--disable-compression=false**.
 
-#### **--disable-content-trust**
-
-This is a Docker specific option to disable image verification to a container
-registry and is not supported by Podman.  This option is a NOOP and provided
-solely for scripting compatibility. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option disable-content-trust
 
-#### **--dns**=*dns*
+@@option dns
 
-Set custom DNS servers to be used during the build.
+This option cannot be combined with **--network** that is set to **none**.
 
-This option can be used to override the DNS configuration passed to the
-container. Typically this is necessary when the host DNS configuration is
-invalid for the container (e.g., 127.0.0.1). When this is the case the `--dns`
-option is necessary for every run.
-
-The special value **none** can be specified to disable creation of
-/etc/resolv.conf in the container by Podman. The /etc/resolv.conf file in the
-image will be used without changes.
+Note: this option takes effect only during *RUN* instructions in the build.
+It does not affect _/etc/resolv.conf_ in the final image.
 
 #### **--dns-option**=*option*
 
@@ -351,6 +278,12 @@ environment variable.  `export BUILDAH_FORMAT=docker`
 Overrides the first `FROM` instruction within the Containerfile.  If there are multiple
 FROM instructions in a Containerfile, only the first is changed.
 
+With the remote podman client, not all container transports will work as
+expected. For example, oci-archive:/x.tar will reference /x.tar on the remote
+machine instead of on the client. If you need to support remote podman clients,
+it is best to restrict yourself to containers-storage: and docker://
+transports.
+
 #### **--help**, **-h**
 
 Print usage statement
@@ -443,28 +376,9 @@ This option is not supported on the remote client, including Mac and Windows
 Name of the manifest list to which the image will be added. Creates the manifest list
 if it does not exist. This option is useful for building multi architecture images.
 
-#### **--memory**, **-m**=*LIMIT*
-
-Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes),
-m (mebibytes), or g (gibibytes))
-
-Allows you to constrain the memory available to a container. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of
-trillions).
+@@option memory
 
-#### **--memory-swap**=*LIMIT*
-
-A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) option. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value.  By default, the swap `LIMIT` will be set to double
-the value of --memory.
-
-The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
+@@option memory-swap
 
 #### **--network**=*mode*, **--net**
 
@@ -485,11 +399,8 @@ considered insecure.
 Do not use existing cached images for the container build. Build from the start
 with a new set of cached layers.
 
-#### **--no-hosts**
+@@option no-hosts
 
-Do not create _/etc/hosts_ for the container.
-By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
-**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
 This option conflicts with **--add-host**.
 
 #### **--omit-history**
@@ -505,7 +416,8 @@ do not include `History` information in their images.
 
 Set the OS of the image to be built, and that of the base image to be pulled,
 if the build uses one, instead of using the current operating system of the
-build host.
+build host. Unless overridden, subsequent lookups of the same image in the
+local storage will match this OS, regardless of the host.
 
 #### **--os-feature**=*feature*
 
@@ -557,9 +469,12 @@ process.
 
 Set the *os/arch* of the built image (and its base image, if your build uses one)
 to the provided value instead of using the current operating system and
-architecture of the host (for example `linux/arm`). If `--platform` is set,
-then the values of the `--arch`, `--os`, and `--variant` options will be
-overridden.
+architecture of the host (for example `linux/arm`).  Unless overridden,
+subsequent lookups of the same image in the local storage will match this
+platform, regardless of the host.
+
+If `--platform` is set, then the values of the `--arch`, `--os`, and
+`--variant` options will be overridden.
 
 The `--platform` option can be specified more than once, or given a
 comma-separated list of values as its argument.  When more than one platform is
@@ -591,6 +506,16 @@ Suppress output messages which indicate which instruction is being processed,
 and of progress when pulling images from a registry, and when writing the
 output image.
 
+#### **--retry**=*attempts*
+
+Number of times to retry in case of failure when performing pull of
+images from registry. Default is **3**.
+
+#### **--retry-delay**=*duration*
+
+Duration of delay between retry attempts in case of failure when performing
+pull of images from registry. Default is **2s**.
+
 #### **--rm**
 
 Remove intermediate containers after a successful build (default true).
@@ -633,13 +558,7 @@ container
 - `seccomp=profile.json` :  White listed syscalls seccomp Json file to be used
 as a seccomp filter
 
-#### **--shm-size**=*size*
-
-Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater
-than `0`.
-Unit is optional and can be `b` (bytes), `k` (kibibytes), `m`(mebibytes), or
-`g` (gibibytes). If you omit the unit, the system uses bytes. If you omit the
-size entirely, the system uses `64m`.
+@@option shm-size
 
 #### **--sign-by**=*fingerprint*
 
@@ -694,10 +613,9 @@ specified and therefore not changed, allowing the image's sha256 hash to remain
 same. All files committed to the layers of the image will be created with the
 timestamp.
 
-#### **--tls-verify**
+If the only instruction in a Containerfile is `FROM`, this flag has no effect.
 
-Require HTTPS and verify certificates when talking to container registries
-(defaults to true). (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option tls-verify
 
 #### **--ulimit**=*type=soft-limit[:hard-limit]*
 
@@ -1028,9 +946,11 @@ use it as the context. The Containerfile at the root of the repository will be
 used and it only works if the GitHub repository is a dedicated repository.
 
 ```
-$ podman build git://github.com/scollier/purpletest
+$ podman build https://github.com/scollier/purpletest
 ```
 
+  Note: Github does not support using `git://` for performing `clone` operation due to recent changes in their security guidance (https://github.blog/2021-09-01-improving-git-protocol-security-github/). Use an `https://` URL if the source repository is hosted on Github.
+
 #### Building an image using a URL to an archive
 
   Podman will fetch the archive file, decompress it, and use its contents as the
diff --git a/docs/source/markdown/podman-commit.1.md b/docs/source/markdown/podman-commit.1.md
index b7b52e3a7..82243c557 100644
--- a/docs/source/markdown/podman-commit.1.md
+++ b/docs/source/markdown/podman-commit.1.md
@@ -1,4 +1,4 @@
-% podman-commit(1)
+% podman-commit 1
 
 ## NAME
 podman\-commit - Create new image based on the changed container
diff --git a/docs/source/markdown/podman-completion.1.md b/docs/source/markdown/podman-completion.1.md
index 538bb9e60..14e196587 100644
--- a/docs/source/markdown/podman-completion.1.md
+++ b/docs/source/markdown/podman-completion.1.md
@@ -1,4 +1,4 @@
-% podman-completion(1)
+% podman-completion 1
 
 ## NAME
 podman\-completion - Generate shell completion scripts
diff --git a/docs/source/markdown/podman-container-checkpoint.1.md b/docs/source/markdown/podman-container-checkpoint.1.md
index a11897081..b68dffc8a 100644
--- a/docs/source/markdown/podman-container-checkpoint.1.md
+++ b/docs/source/markdown/podman-container-checkpoint.1.md
@@ -1,4 +1,4 @@
-% podman-container-checkpoint(1)
+% podman-container-checkpoint 1
 
 ## NAME
 podman\-container\-checkpoint - Checkpoints one or more running containers
diff --git a/docs/source/markdown/podman-container-cleanup.1.md b/docs/source/markdown/podman-container-cleanup.1.md
index 0ad09efd3..744f7b41b 100644
--- a/docs/source/markdown/podman-container-cleanup.1.md
+++ b/docs/source/markdown/podman-container-cleanup.1.md
@@ -1,4 +1,4 @@
-% podman-container-cleanup(1)
+% podman-container-cleanup 1
 
 ## NAME
 podman\-container\-cleanup - Clean up the container's network and mountpoints
diff --git a/docs/source/markdown/podman-container-clone.1.md b/docs/source/markdown/podman-container-clone.1.md
deleted file mode 100644
index 9baedfd36..000000000
--- a/docs/source/markdown/podman-container-clone.1.md
+++ /dev/null
@@ -1,234 +0,0 @@
-% podman-container-clone(1)
-
-## NAME
-podman\-container\-clone - Creates a copy of an existing container
-
-## SYNOPSIS
-**podman container clone** [*options*] *container* *name* *image*
-
-## DESCRIPTION
-**podman container clone** creates a copy of a container, recreating the original with an identical configuration. This command takes three arguments: the first being the container id or name to clone, the second argument in this command can change the name of the clone from the default of $ORIGINAL_NAME-clone, and the third is a new image to use in the cloned container.
-
-## OPTIONS
-
-#### **--blkio-weight**=*weight*
-
-Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-
-#### **--blkio-weight-device**=*weight*
-
-Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-
-#### **--cpu-period**=*limit*
-
-Set the CPU period for the Completely Fair Scheduler (CFS), which is a
-duration in microseconds. Once the container's CPU quota is used up, it will
-not be scheduled to run until the current period ends. Defaults to 100000
-microseconds.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-If none is specified, the original container's cpu period is used
-
-#### **--cpu-quota**=*limit*
-
-Limit the CPU Completely Fair Scheduler (CFS) quota.
-
-Limit the container's CPU usage. By default, containers run with the full
-CPU resource. The limit is a number in microseconds. If a number is provided,
-the container will be allowed to use that much CPU time until the CPU period
-ends (controllable via **--cpu-period**).
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-If none is specified, the original container's CPU quota are used.
-
-#### **--cpu-rt-period**=*microseconds*
-
-Limit the CPU real-time period in microseconds
-
-Limit the container's Real Time CPU usage. This option tells the kernel to restrict the container's Real Time CPU usage to the period specified.
-
-This option is not supported on cgroups V2 systems.
-
-If none is specified, the original container's CPU runtime period is used.
-
-
-#### **--cpu-rt-runtime**=*microseconds*
-
-Limit the CPU real-time runtime in microseconds.
-
-Limit the containers Real Time CPU usage. This option tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
-Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
-
-The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-
-This option is not supported on cgroups V2 systems.
-
-#### **--cpu-shares**, **-c**=*shares*
-
-CPU shares (relative weight)
-
-By default, all containers get the same proportion of CPU cycles. This proportion
-can be modified by changing the container's CPU share weighting relative
-to the weighting of all other running containers.
-
-To modify the proportion from the default of 1024, use the **--cpu-shares**
-option to set the weighting to 2 or higher.
-
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
-
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If a fourth container is added with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores.
-If the container _C0_ is started with **--cpu-shares=512** running one process,
-and another container _C1_ with **--cpu-shares=1024** running two processes,
-this can result in the following division of CPU shares:
-
-| PID  |  container  | CPU     | CPU share    |
-| ---- | ----------- | ------- | ------------ |
-| 100  |  C0         | 0       | 100% of CPU0 |
-| 101  |  C1         | 1       | 100% of CPU1 |
-| 102  |  C1         | 2       | 100% of CPU2 |
-
-If none are specified, the original container's CPU shares are used.
-
-#### **--cpus**
-
-Set a number of CPUs for the container that overrides the original containers CPU limits. If none are specified, the original container's Nano CPUs are used.
-
-This is shorthand
-for **--cpu-period** and **--cpu-quota**, so only **--cpus** or either both the **--cpu-period** and **--cpu-quota** options can be set.
-
-#### **--cpuset-cpus**
-
-CPUs in which to allow execution (0-3, 0,1). If none are specified, the original container's CPUset is used.
-
-#### **--cpuset-mems**=*nodes*
-
-Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-
-If there are four memory nodes on the system (0-3), use `--cpuset-mems=0,1`
-then processes in the container will only use memory from the first
-two memory nodes.
-
-If none are specified, the original container's CPU memory nodes are used.
-
-#### **--destroy**
-
-Remove the original container that we are cloning once used to mimic the configuration.
-
-#### **--device-read-bps**=*path*
-
-Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb).
-
-#### **--device-write-bps**=*path*
-
-Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
-
-#### **--force**, **-f**
-
-Force removal of the original container that we are cloning. Can only be used in conjunction with **--destroy**.
-
-#### **--memory**, **-m**=*limit*
-
-Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-
-Allows the memory available to a container to be constrained. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of trillions).
-
-If no memory limits are specified, the original container's will be used.
-
-#### **--memory-reservation**=*limit*
-
-Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-
-After setting memory reservation, when the system detects memory contention
-or low memory, containers are forced to restrict their consumption to their
-reservation. So you should always set the value below **--memory**, otherwise the
-hard limit will take precedence. By default, memory reservation will be the same
-as memory limit from the container being cloned.
-
-#### **--memory-swap**=*limit*
-
-A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value. By default, the swap `LIMIT` will be set to double
-the value of --memory if specified. Otherwise, the container being cloned will be used to derive the swap value.
-
-The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-
-#### **--memory-swappiness**=*number*
-
-Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--name**
-
-Set a custom name for the cloned container. The default if not specified is of the syntax: **<ORIGINAL_NAME>-clone**
-
-#### **--pod**=*name*
-
-Clone the container in an existing pod.  It is helpful to move a container to an
-existing pod.  The container will join the pod shared namespaces, losing its configuration
-that conflicts with the shared namespaces.
-
-#### **--run**
-
-When set to true, this flag runs the newly created container after the
-clone process has completed, this specifies a detached running mode.
-
-## EXAMPLES
-```
-# podman container clone d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
-6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
-```
-
-```
-# podman container clone --name=clone d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
-6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
-```
-
-```
-# podman container clone --destroy --cpus=5 d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
-6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
-```
-
-```
-# podman container clone 2d4d4fca7219b4437e0d74fcdc272c4f031426a6eacd207372691207079551de new_name fedora
-Resolved "fedora" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
-Trying to pull registry.fedoraproject.org/fedora:latest...
-Getting image source signatures
-Copying blob c6183d119aa8 done
-Copying config e417cd49a8 done
-Writing manifest to image destination
-Storing signatures
-5a9b7851013d326aa4ac4565726765901b3ecc01fcbc0f237bc7fd95588a24f9
-```
-## SEE ALSO
-**[podman-create(1)](podman-create.1.md)**, **[cgroups(7)](https://man7.org/linux/man-pages/man7/cgroups.7.html)**
-
-## HISTORY
-January 2022, Originally written by Charlie Doern <cdoern@redhat.com>
diff --git a/docs/source/markdown/podman-container-clone.1.md.in b/docs/source/markdown/podman-container-clone.1.md.in
new file mode 100644
index 000000000..d4add19fd
--- /dev/null
+++ b/docs/source/markdown/podman-container-clone.1.md.in
@@ -0,0 +1,125 @@
+% podman-container-clone 1
+
+## NAME
+podman\-container\-clone - Creates a copy of an existing container
+
+## SYNOPSIS
+**podman container clone** [*options*] *container* *name* *image*
+
+## DESCRIPTION
+**podman container clone** creates a copy of a container, recreating the original with an identical configuration. This command takes three arguments: the first being the container id or name to clone, the second argument in this command can change the name of the clone from the default of $ORIGINAL_NAME-clone, and the third is a new image to use in the cloned container.
+
+## OPTIONS
+
+@@option blkio-weight
+
+@@option blkio-weight-device
+
+@@option cpu-period
+
+If none is specified, the original container's cpu period is used
+
+@@option cpu-quota
+
+If none is specified, the original container's CPU quota are used.
+
+@@option cpu-rt-period
+
+If none is specified, the original container's CPU runtime period is used.
+
+@@option cpu-rt-runtime
+
+@@option cpu-shares
+
+If none are specified, the original container's CPU shares are used.
+
+#### **--cpus**
+
+Set a number of CPUs for the container that overrides the original containers CPU limits. If none are specified, the original container's Nano CPUs are used.
+
+This is shorthand
+for **--cpu-period** and **--cpu-quota**, so only **--cpus** or either both the **--cpu-period** and **--cpu-quota** options can be set.
+
+This option is not supported on cgroups V1 rootless systems.
+
+@@option cpuset-cpus
+
+If none are specified, the original container's CPUset is used.
+
+@@option cpuset-mems
+
+If none are specified, the original container's CPU memory nodes are used.
+
+@@option destroy
+
+@@option device-read-bps
+
+@@option device-write-bps
+
+#### **--force**, **-f**
+
+Force removal of the original container that we are cloning. Can only be used in conjunction with **--destroy**.
+
+@@option memory
+
+If no memory limits are specified, the original container's will be used.
+
+@@option memory-reservation
+
+If unspecified, memory reservation will be the same as memory limit from the
+container being cloned.
+
+@@option memory-swap
+
+If unspecified, the container being cloned will be used to derive
+the swap value.
+
+@@option memory-swappiness
+
+#### **--name**
+
+Set a custom name for the cloned container. The default if not specified is of the syntax: **<ORIGINAL_NAME>-clone**
+
+#### **--pod**=*name*
+
+Clone the container in an existing pod.  It is helpful to move a container to an
+existing pod.  The container will join the pod shared namespaces, losing its configuration
+that conflicts with the shared namespaces.
+
+#### **--run**
+
+When set to true, this flag runs the newly created container after the
+clone process has completed, this specifies a detached running mode.
+
+## EXAMPLES
+```
+# podman container clone d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
+6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
+```
+
+```
+# podman container clone --name=clone d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
+6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
+```
+
+```
+# podman container clone --destroy --cpus=5 d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
+6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
+```
+
+```
+# podman container clone 2d4d4fca7219b4437e0d74fcdc272c4f031426a6eacd207372691207079551de new_name fedora
+Resolved "fedora" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
+Trying to pull registry.fedoraproject.org/fedora:latest...
+Getting image source signatures
+Copying blob c6183d119aa8 done
+Copying config e417cd49a8 done
+Writing manifest to image destination
+Storing signatures
+5a9b7851013d326aa4ac4565726765901b3ecc01fcbc0f237bc7fd95588a24f9
+```
+## SEE ALSO
+**[podman-create(1)](podman-create.1.md)**, **[cgroups(7)](https://man7.org/linux/man-pages/man7/cgroups.7.html)**
+
+## HISTORY
+January 2022, Originally written by Charlie Doern <cdoern@redhat.com>
diff --git a/docs/source/markdown/podman-container-diff.1.md b/docs/source/markdown/podman-container-diff.1.md
index f09bc4896..261c6f878 100644
--- a/docs/source/markdown/podman-container-diff.1.md
+++ b/docs/source/markdown/podman-container-diff.1.md
@@ -1,4 +1,4 @@
-% podman-container-diff(1)
+% podman-container-diff 1
 
 ## NAME
 podman\-container\-diff - Inspect changes on a container's filesystem
diff --git a/docs/source/markdown/podman-container-exists.1.md b/docs/source/markdown/podman-container-exists.1.md
index cc5defe6b..49b74f1ee 100644
--- a/docs/source/markdown/podman-container-exists.1.md
+++ b/docs/source/markdown/podman-container-exists.1.md
@@ -1,4 +1,4 @@
-% podman-container-exists(1)
+% podman-container-exists 1
 
 ## NAME
 podman\-container\-exists - Check if a container exists in local storage
diff --git a/docs/source/markdown/podman-container-inspect.1.md b/docs/source/markdown/podman-container-inspect.1.md
index 4e45bcc40..7157a3ec0 100644
--- a/docs/source/markdown/podman-container-inspect.1.md
+++ b/docs/source/markdown/podman-container-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-container-inspect(1)
+% podman-container-inspect 1
 
 ## NAME
 podman\-container\-inspect - Display a container's configuration
@@ -18,6 +18,50 @@ all results in a JSON array. If a format is specified, the given template will b
 Format the output using the given Go template.
 The keys of the returned JSON can be used as the values for the --format flag (see examples below).
 
+Valid placeholders for the Go template are listed below:
+
+| **Placeholder**      | **Description**                                    |
+| -----------------    | ------------------                                 |
+| .AppArmorProfile     | AppArmor profile (string)                          |
+| .Args                | Command-line arguments (array of strings)          |
+| .BoundingCaps        | Bounding capability set (array of strings)         |
+| .Config ...          | Structure with config info                         |
+| .ConmonPidFile       | Path to file containing conmon pid (string)        |
+| .Created             | Container creation time (string, ISO3601)          |
+| .Dependencies        | Dependencies (array of strings)                    |
+| .Driver              | Storage driver (string)                            |
+| .EffectiveCaps       | Effective capability set (array of strings)        |
+| .ExecIDs             | Exec IDs (array of strings)                        |
+| .GraphDriver ...     | Further details of graph driver (struct)           |
+| .HostConfig ...      | Host config details (struct)                       |
+| .HostnamePath        | Path to file containing hostname (string)          |
+| .HostsPath           | Path to container /etc/hosts file (string)         |
+| .ID                  | Container ID (full 64-char hash)                   |
+| .Image               | Container image ID (64-char hash)                  |
+| .ImageName           | Container image name (string)                      |
+| .IsInfra             | Is this an infra container? (string: true/false)   |
+| .IsService           | Is this a service container? (string: true/false)  |
+| .MountLabel          | SELinux label of mount (string)                    |
+| .Mounts              | Mounts (array of strings)                          |
+| .Name                | Container name (string)                            |
+| .Namespace           | Container namespace (string)                       |
+| .NetworkSettings ... | Network settings (struct)                          |
+| .OCIConfigPath       | Path to OCI config file (string)                   |
+| .OCIRuntime          | OCI runtime name (string)                          |
+| .Path                | Path to container command (string)                 |
+| .PidFile             | Path to file containing container PID (string)     |
+| .Pod                 | Parent pod (string)                                |
+| .ProcessLabel        | SELinux label of process (string)                  |
+| .ResolvConfPath      | Path to container's resolv.conf file (string)      |
+| .RestartCount        | Number of times container has been restarted (int) |
+| .Rootfs              | Container rootfs (string)                          |
+| .SizeRootFs          | Size of rootfs, in bytes [1]                       |
+| .SizeRw              | Size of upper (R/W) container layer, in bytes [1]  |
+| .State ...           | Container state info (struct)                      |
+| .StaticDir           | Path to container metadata dir (string)            |
+
+[1] This format specifier requires the **--size** option
+
 #### **--latest**, **-l**
 
 Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
diff --git a/docs/source/markdown/podman-container-prune.1.md b/docs/source/markdown/podman-container-prune.1.md
index b20936c15..66519b96d 100644
--- a/docs/source/markdown/podman-container-prune.1.md
+++ b/docs/source/markdown/podman-container-prune.1.md
@@ -1,4 +1,4 @@
-% podman-container-prune(1)
+% podman-container-prune 1
 
 ## NAME
 podman\-container\-prune - Remove all stopped containers from local storage
diff --git a/docs/source/markdown/podman-container-restore.1.md b/docs/source/markdown/podman-container-restore.1.md
index a70cc30d1..a5347fa48 100644
--- a/docs/source/markdown/podman-container-restore.1.md
+++ b/docs/source/markdown/podman-container-restore.1.md
@@ -1,4 +1,4 @@
-% podman-container-restore(1)
+% podman-container-restore 1
 
 ## NAME
 podman\-container\-restore - Restores one or more containers from a checkpoint
diff --git a/docs/source/markdown/podman-container-runlabel.1.md b/docs/source/markdown/podman-container-runlabel.1.md.in
index 40e5392ce..bdbd306f2 100644
--- a/docs/source/markdown/podman-container-runlabel.1.md
+++ b/docs/source/markdown/podman-container-runlabel.1.md.in
@@ -1,4 +1,4 @@
-% podman-container-runlabel(1)
+% podman-container-runlabel 1
 
 ## NAME
 podman-container-runlabel - Executes a command as described by a container-image label
@@ -29,20 +29,12 @@ As specified by the `--name` option.  The format is identical to the one of the
 Will be replaced with the current working directory.
 
 ## OPTIONS
-#### **--authfile**=*path*
 
-Path of the containers-auth.json(5) file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.  If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
+@@option authfile
 
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path`
+@@option cert-dir
 
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--creds**=*[username[:password]]*
-
-The [username[:password]] to use to authenticate with the registry if required.  If one or both values are not supplied, a command line prompt will appear and the value can be entered.  The password is entered without echo.
+@@option creds
 
 #### **--display**
 
@@ -63,9 +55,7 @@ Suppress output information when pulling images
 
 If a container exists of the default or given name, as needed it will be stopped, deleted and a new container will be created from this image.
 
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in containers-registries.conf(5).
+@@option tls-verify
 
 ## EXAMPLES
 
diff --git a/docs/source/markdown/podman-container.1.md b/docs/source/markdown/podman-container.1.md
index a66e2789d..1662000ed 100644
--- a/docs/source/markdown/podman-container.1.md
+++ b/docs/source/markdown/podman-container.1.md
@@ -1,4 +1,4 @@
-% podman-container(1)
+% podman-container 1
 
 ## NAME
 podman\-container - Manage containers
@@ -46,6 +46,7 @@ The container command allows you to manage containers
 | top        | [podman-top(1)](podman-top.1.md)                    | Display the running processes of a container.                                |
 | unmount    | [podman-unmount(1)](podman-unmount.1.md)            | Unmount a working container's root filesystem.(Alias unmount)                |
 | unpause    | [podman-unpause(1)](podman-unpause.1.md)            | Unpause one or more containers.                                              |
+| update     | [podman-update(1)](podman-update.1.md)              | Updates the cgroup configuration of a given container.                      |
 | wait       | [podman-wait(1)](podman-wait.1.md)                  | Wait on one or more containers to stop and print their exit codes.           |
 
 ## SEE ALSO
diff --git a/docs/source/markdown/podman-cp.1.md b/docs/source/markdown/podman-cp.1.md
index bb86e3f13..49a3a8cd8 100644
--- a/docs/source/markdown/podman-cp.1.md
+++ b/docs/source/markdown/podman-cp.1.md
@@ -1,4 +1,4 @@
-% podman-cp(1)
+% podman-cp 1
 
 ## NAME
 podman\-cp - Copy files/folders between a container and the local filesystem
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
deleted file mode 100644
index b3e707e45..000000000
--- a/docs/source/markdown/podman-create.1.md
+++ /dev/null
@@ -1,1660 +0,0 @@
-% podman-create(1)
-
-## NAME
-podman\-create - Create a new container
-
-## SYNOPSIS
-**podman create** [*options*] *image* [*command* [*arg* ...]]
-
-**podman container create** [*options*] *image* [*command* [*arg* ...]]
-
-## DESCRIPTION
-
-Creates a writable container layer over the specified image and prepares it for
-running the specified command. The container ID is then printed to STDOUT. This
-is similar to **podman run -d** except the container is never started. You can
-then use the **podman start** *container* command to start the container at
-any point.
-
-The initial status of the container created with **podman create** is 'created'.
-
-Default settings for flags are defined in `containers.conf`. Most settings for
-remote connections use the server's containers.conf, except when documented in
-man pages.
-
-## IMAGE
-
-  The image is specified using transport:path format. If no transport is specified, the `docker` (container registry)
-transport will be used by default. For remote Podman, including Mac and Windows (excluding WSL2) machines, `docker` is the only allowed transport.
-
-  **dir:**_path_
-  An existing local directory _path_ storing the manifest, layer tarballs and signatures as individual files. This
-is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
-
-    $ podman save --format docker-dir fedora -o /tmp/fedora
-    $ podman create dir:/tmp/fedora echo hello
-
-  **docker://**_docker-reference_ (Default)
-  An image reference stored in  a remote container image registry. Example: "quay.io/podman/stable:latest".
-The reference can include a path to a specific registry; if it does not, the
-registries listed in registries.conf will be queried to find a matching image.
-By default, credentials from `podman login` (stored at
-$XDG_RUNTIME_DIR/containers/auth.json by default) will be used to authenticate;
-otherwise it falls back to using credentials in $HOME/.docker/config.json.
-
-    $ podman create registry.fedoraproject.org/fedora:latest echo hello
-
-  **docker-archive:**_path_[**:**_docker-reference_]
-An image stored in the `docker save` formatted file. _docker-reference_ is only used when creating such a
-file, and it must not contain a digest.
-
-    $ podman save --format docker-archive fedora -o /tmp/fedora
-    $ podman create docker-archive:/tmp/fedora echo hello
-
-  **docker-daemon:**_docker-reference_
-  An image in _docker-reference_ format stored in the docker daemon internal storage. The _docker-reference_ can also be an image ID (docker-daemon:algo:digest).
-
-    $ sudo docker pull fedora
-    $ sudo podman create docker-daemon:docker.io/library/fedora echo hello
-
-  **oci-archive:**_path_**:**_tag_
-  An image in a directory compliant with the "Open Container Image Layout Specification" at the specified _path_
-and specified with a _tag_.
-
-    $ podman save --format oci-archive fedora -o /tmp/fedora
-    $ podman create oci-archive:/tmp/fedora echo hello
-
-## OPTIONS
-
-#### **--add-host**=*host*
-
-Add a custom host-to-IP mapping (host:ip)
-
-Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
-option can be set multiple times.
-
-#### **--annotation**=*key=value*
-
-Add an annotation to the container. The format is key=value.
-The **--annotation** option can be set multiple times.
-
-#### **--arch**=*ARCH*
-Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`.
-
-#### **--attach**, **-a**=*location*
-
-Attach to STDIN, STDOUT or STDERR.
-
-In foreground mode (the default when **-d**
-is not specified), **podman run** can start the process in the container
-and attach the console to the process's standard input, output, and standard
-error. It can even pretend to be a TTY (this is what most command line
-executables expect) and pass along signals. The **-a** option can be set for
-each of stdin, stdout, and stderr.
-
-#### **--authfile**=*path*
-
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
-
-#### **--blkio-weight**=*weight*
-
-Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-
-#### **--blkio-weight-device**=*weight*
-
-Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-
-#### **--cap-add**=*capability*
-
-Add Linux capabilities
-
-#### **--cap-drop**=*capability*
-
-Drop Linux capabilities
-
-#### **--cgroup-conf**=*KEY=VALUE*
-
-When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB.
-
-#### **--cgroup-parent**=*path*
-
-Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-
-#### **--cgroupns**=*mode*
-
-Set the cgroup namespace mode for the container.
-    **`host`**: use the host's cgroup namespace inside the container.
-    **`container:<NAME|ID>`**: join the namespace of the specified container.
-    **`ns:<PATH>`**: join the namespace at the specified path.
-    **`private`**: create a new cgroup namespace.
-
-If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the default is **private**.
-
-#### **--cgroups**=*mode*
-
-Determines whether the container will create CGroups.
-Valid values are *enabled*, *disabled*, *no-conmon*, *split*, with the default being *enabled*.
-
-The *enabled* option will create a new cgroup under the cgroup-parent.
-The *disabled* option will force the container to not create CGroups, and thus conflicts with CGroup options (**--cgroupns** and **--cgroup-parent**).
-The *no-conmon* option disables a new CGroup only for the conmon process.
-The *split* option splits the current cgroup in two sub-cgroups: one for conmon and one for the container payload. It is not possible to set *--cgroup-parent* with *split*.
-
-#### **--chrootdirs**=*path*
-
-Path to a directory inside the container that should be treated as a `chroot` directory.
-Any Podman managed file (e.g., /etc/resolv.conf, /etc/hosts, etc/hostname) that is mounted into the root directory will be mounted into that location as well.
-Multiple directories should be separated with a comma.
-
-#### **--cidfile**=*id*
-
-Write the container ID to the file
-
-#### **--conmon-pidfile**=*path*
-
-Write the pid of the `conmon` process to a file. `conmon` runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers.
-(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--cpu-period**=*limit*
-
-Set the CPU period for the Completely Fair Scheduler (CFS), which is a
-duration in microseconds. Once the container's CPU quota is used up, it will
-not be scheduled to run until the current period ends. Defaults to 100000
-microseconds.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpu-quota**=*limit*
-
-Limit the CPU Completely Fair Scheduler (CFS) quota.
-
-Limit the container's CPU usage. By default, containers run with the full
-CPU resource. The limit is a number in microseconds. If you provide a number,
-the container will be allowed to use that much CPU time until the CPU period
-ends (controllable via **--cpu-period**).
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpu-rt-period**=*microseconds*
-
-Limit the CPU real-time period in microseconds
-
-Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--cpu-rt-runtime**=*microseconds*
-
-Limit the CPU real-time runtime in microseconds
-
-Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
-Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
-
-The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--cpu-shares**, **-c**=*shares*
-
-CPU shares (relative weight)
-
-By default, all containers get the same proportion of CPU cycles. This proportion
-can be modified by changing the container's CPU share weighting relative
-to the weighting of all other running containers.
-
-To modify the proportion from the default of 1024, use the **--cpu-shares**
-flag to set the weighting to 2 or higher.
-
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
-
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If you add a fourth container with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores.
-If the container _C0_ is started with **--cpu-shares=512** running one process,
-and another container _C1_ with **--cpu-shares=1024** running two processes,
-this can result in the following division of CPU shares:
-
-| PID  |  container  | CPU     | CPU share    |
-| ---- | ----------- | ------- | ------------ |
-| 100  |  C0         | 0       | 100% of CPU0 |
-| 101  |  C1         | 1       | 100% of CPU1 |
-| 102  |  C1         | 2       | 100% of CPU2 |
-
-#### **--cpus**=*number*
-
-Number of CPUs. The default is *0.0* which means no limit. This is shorthand
-for **--cpu-period** and **--cpu-quota**, so you may only set either
-**--cpus** or **--cpu-period** and **--cpu-quota**.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpuset-cpus**=*cpus*
-
-CPUs in which to allow execution (0-3, 0,1)
-
-#### **--cpuset-mems**=*nodes*
-
-Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-
-If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
-then processes in your container will only use memory from the first
-two memory nodes.
-
-#### **--device**=*host-device[:container-device][:permissions]*
-
-Add a host device to the container. Optional *permissions* parameter
-can be used to specify device permissions, it is combination of
-**r** for read, **w** for write, and **m** for **mknod**(2).
-
-Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
-
-Note: if *host-device* is a symbolic link then it will be resolved first.
-The container will only store the major and minor numbers of the host device.
-
-Note: if the user only has access rights via a group, accessing the device
-from inside a rootless container will fail. Use the `--group-add keep-groups`
-flag to pass the user's supplementary group access into the container.
-
-Podman may load kernel modules required for using the specified
-device. The devices that podman will load modules when necessary are:
-/dev/fuse.
-
-#### **--device-cgroup-rule**=*"type major:minor mode"*
-
-Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
-       - type: a (all), c (char), or b (block);
-       - major and minor: either a number, or * for all;
-       - mode: a composition of r (read), w (write), and m (mknod(2)).
-
-#### **--device-read-bps**=*path*
-
-Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
-
-#### **--device-read-iops**=*path*
-
-Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
-
-#### **--device-write-bps**=*path*
-
-Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
-
-#### **--device-write-iops**=*path*
-
-Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
-
-#### **--disable-content-trust**
-
-This is a Docker specific option to disable image verification to a Docker
-registry and is not supported by Podman. This flag is a NOOP and provided
-solely for scripting compatibility.
-
-#### **--dns**=*dns*
-
-Set custom DNS servers. Invalid if using **--dns** and **--network** that is set to 'none' or `container:<name|id>`.
-
-This option can be used to override the DNS
-configuration passed to the container. Typically this is necessary when the
-host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
-is the case the **--dns** flag is necessary for every run.
-
-The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman.
-The **/etc/resolv.conf** file in the image will be used without changes.
-
-#### **--dns-opt**=*option*
-
-Set custom DNS options. Invalid if using **--dns-opt** and **--network** that is set to 'none' or `container:<name|id>`.
-
-#### **--dns-search**=*domain*
-
-Set custom DNS search domains. Invalid if using **--dns-search** and **--network** that is set to 'none' or `container:<name|id>`. (Use --dns-search=. if you don't wish to set the search domain)
-
-#### **--entrypoint**=*"command"* | *'["command", "arg1", ...]'*
-
-Overwrite the default ENTRYPOINT of the image
-
-This option allows you to overwrite the default entrypoint of the image.
-The ENTRYPOINT of an image is similar to a COMMAND
-because it specifies what executable to run when the container starts, but it is
-(purposely) more difficult to override. The ENTRYPOINT gives a container its
-default nature or behavior, so that when you set an ENTRYPOINT you can run the
-container as if it were that binary, complete with default options, and you can
-pass in more options via the COMMAND. But, sometimes an operator may want to run
-something else inside the container, so you can override the default ENTRYPOINT
-at runtime by using a **--entrypoint** and a string to specify the new
-ENTRYPOINT.
-
-You need to specify multi option commands in the form of a json string.
-
-#### **--env**, **-e**=*env*
-
-Set environment variables
-
-This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in __*__ is specified without a value, Podman will search the host environment for variables starting with the prefix and will add those variables to the container.
-
-See [**Environment**](#environment) note below for precedence and examples.
-
-#### **--env-file**=*file*
-
-Read in a line delimited file of environment variables. See **Environment** note below for precedence.
-
-#### **--env-host**
-
-Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--expose**=*port*
-
-Expose a port, or a range of ports (e.g. --expose=3300-3310) to set up port redirection
-on the host system.
-
-#### **--gidmap**=*container_gid:host_gid:amount*
-
-Run the container in a new user namespace using the supplied GID mapping. This
-option conflicts with the **--userns** and **--subgidname** options. This
-option provides a way to map host GIDs to container GIDs in the same way as
-__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
-
-Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
-
-#### **--group-add**=*group* | *keep-groups*
-
-Assign additional groups to the primary user running within the container process.
-
-- `keep-groups` is a special flag that tells Podman to keep the supplementary group access.
-
-Allows container to use the user's supplementary group access. If file systems or
-devices are only accessible by the rootless user's group, this flag tells the OCI
-runtime to pass the group access into the container. Currently only available
-with the `crun` OCI runtime. Note: `keep-groups` is exclusive, you cannot add any other groups
-with this flag. (Not available for remote commands, including Mac and Windows (excluding WSL2) machines)
-
-#### **--health-cmd**=*"command"* | *'["command", "arg1", ...]'*
-
-Set or alter a healthcheck command for a container. The command is a command to be executed inside your
-container that determines your container health. The command is required for other healthcheck options
-to be applied. A value of `none` disables existing healthchecks.
-
-Multiple options can be passed in the form of a JSON array; otherwise, the command will be interpreted
-as an argument to `/bin/sh -c`.
-
-#### **--health-interval**=*interval*
-
-Set an interval for the healthchecks (a value of `disable` results in no automatic timer setup) (default "30s")
-
-#### **--health-retries**=*retries*
-
-The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is `3`.
-
-#### **--health-start-period**=*period*
-
-The initialization time needed for a container to bootstrap. The value can be expressed in time format like
-`2m3s`. The default value is `0s`
-
-#### **--health-timeout**=*timeout*
-
-The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the
-value can be expressed in a time format such as `1m22s`. The default value is `30s`.
-
-#### **--help**
-
-Print usage statement
-
-#### **--hostname**, **-h**=*name*
-
-Container host name
-
-Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used.
-
-#### **--hostuser**=*name*
-
-Add a user account to /etc/passwd from the host to the container. The Username
-or UID must exist on the host system.
-
-#### **--http-proxy**
-
-By default proxy environment variables are passed into the container if set
-for the Podman process. This can be disabled by setting the `--http-proxy`
-option to `false`. The environment variables passed in include `http_proxy`,
-`https_proxy`, `ftp_proxy`, `no_proxy`, and also the upper case versions of
-those. This option is only needed when the host system must use a proxy but
-the container should not use any proxy. Proxy environment variables specified
-for the container in any other way will override the values that would have
-been passed through from the host. (Other ways to specify the proxy for the
-container include passing the values with the `--env` flag, or hard coding the
-proxy environment at container build time.)  (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-For example, to disable passing these environment variables from host to
-container:
-
-`--http-proxy=false`
-
-Defaults to `true`
-
-#### **--image-volume**=**bind** | *tmpfs* | *ignore*
-
-Tells Podman how to handle the builtin image volumes. Default is **bind**.
-
-- **bind**: An anonymous named volume will be created and mounted into the container.
-- **tmpfs**: The volume is mounted onto the container as a tmpfs, which allows the users to create
-content that disappears when the container is stopped.
-- **ignore**: All volumes are just ignored and no action is taken.
-
-#### **--init**
-
-Run an init inside the container that forwards signals and reaps processes.
-The container-init binary is mounted at `/run/podman-init`.
-Mounting over `/run` will hence break container execution.
-
-#### **--init-ctr**=*type*
-
-(Pods only).
-When using pods, create an init style container, which is run after the infra container is started
-but before regular pod containers are started.  Init containers are useful for running
-setup operations for the pod's applications.
-
-Valid values for `init-ctr` type are *always* or *once*.  The *always* value
-means the container will run with each and every `pod start`, whereas the *once*
-value means the container will only run once when the pod is started and then the container is removed.
-
-Init containers are only run on pod `start`.  Restarting a pod will not execute any init
-containers should they be present.  Furthermore, init containers can only be created in a
-pod when that pod is not running.
-
-#### **--init-path**=*path*
-
-Path to the container-init binary.
-
-#### **--interactive**, **-i**
-
-Keep STDIN open even if not attached. The default is *false*.
-
-#### **--ip**=*ipv4*
-
-Specify a static IPv4 address for the container, for example **10.88.64.128**.
-This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
-and if the container is not joining another container's network namespace via **--network=container:_id_**.
-The address must be within the network's IP address pool (default **10.88.0.0/16**).
-
-To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option.
-
-#### **--ip6**=*ipv6*
-
-Specify a static IPv6 address for the container, for example **fd46:db93:aa76:ac37::10**.
-This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
-and if the container is not joining another container's network namespace via **--network=container:_id_**.
-The address must be within the network's IPv6 address pool.
-
-To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
-
-
-#### **--ipc**=*ipc*
-
-Set the IPC namespace mode for a container. The default is to create
-a private IPC namespace.
-
-- "": Use Podman's default, defined in containers.conf.
-- **container:**_id_: reuses another container's shared memory, semaphores, and message queues
-- **host**: use the host's shared memory, semaphores, and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
-- **none**:  private IPC namespace, with /dev/shm not mounted.
-- **ns:**_path_: path to an IPC namespace to join.
-- **private**: private IPC namespace.
-= **shareable**: private IPC namespace with a possibility to share it with other containers.
-
-#### **--label**, **-l**=*label*
-
-Add metadata to a container (e.g., --label com.example.key=value)
-
-#### **--label-file**=*file*
-
-Read in a line delimited file of labels
-
-#### **--link-local-ip**=*ip*
-
-Not implemented
-
-#### **--log-driver**=*driver*
-
-Logging driver for the container. Currently available options are *k8s-file*, *journald*, *none* and *passthrough*, with *json-file* aliased to *k8s-file* for scripting compatibility.
-
-The podman info command below will display the default log-driver for the system.
-```
-$ podman info --format '{{ .Host.LogDriver }}'
-journald
-```
-The *passthrough* driver passes down the standard streams (stdin, stdout, stderr) to the
-container.  It is not allowed with the remote Podman client, including Mac and Windows (excluding WSL2) machines, and on a tty, since it is
-vulnerable to attacks via TIOCSTI.
-
-#### **--log-opt**=*name=value*
-
-Set custom logging configuration. The following *name*s are supported:
-
-- **path**: specify a path to the log file
-(e.g. **--log-opt path=/var/log/container/mycontainer.json**);
-
-- **max-size**: specify a max size of the log file
-(e.g. **--log-opt max-size=10mb**);
-
-- **tag**: specify a custom log tag for the container
-(e.g. **--log-opt tag="{{.ImageName}}"**.
-
-It supports the same keys as **podman inspect --format**.
-
-This option is currently supported only by the **journald** log driver.
-
-#### **--mac-address**=*address*
-
-Container network interface MAC address (e.g. 92:d0:c6:0a:29:33)
-This option can only be used if the container is joined to only a single network - i.e., **--network=_network-name_** is used at most once -
-and if the container is not joining another container's network namespace via **--network=container:_id_**.
-
-Remember that the MAC address in an Ethernet network must be unique.
-The IPv6 link-local address will be based on the device's MAC address
-according to RFC4862.
-
-To specify multiple static MAC addresses per container, set multiple networks using the **--network** option with a static MAC address specified for each using the `mac` mode for that option.
-
-#### **--memory**, **-m**=*limit*
-
-Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-
-Allows you to constrain the memory available to a container. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of trillions).
-
-#### **--memory-reservation**=*limit*
-
-Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-
-After setting memory reservation, when the system detects memory contention
-or low memory, containers are forced to restrict their consumption to their
-reservation. So you should always set the value below **--memory**, otherwise the
-hard limit will take precedence. By default, memory reservation will be the same
-as memory limit.
-
-#### **--memory-swap**=*limit*
-
-A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value. By default, the swap `LIMIT` will be set to double
-the value of --memory.
-
-The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-
-#### **--memory-swappiness**=*number*
-
-Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]*
-
-Attach a filesystem mount to the container
-
-Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and **devpts**. <sup>[[1]](#Footnote1)</sup>
-
-       e.g.
-
-       type=bind,source=/path/on/host,destination=/path/in/container
-
-       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared
-
-       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared,U=true
-
-       type=volume,source=vol1,destination=/path/in/container,ro=true
-
-       type=tmpfs,tmpfs-size=512M,destination=/path/in/container
-
-       type=image,source=fedora,destination=/fedora-image,rw=true
-
-       type=devpts,destination=/dev/pts
-
-       Common Options:
-
-	      · src, source: mount source spec for bind and volume. Mandatory for bind.
-
-	      · dst, destination, target: mount destination spec.
-
-       Options specific to volume:
-
-	      · ro, readonly: true or false (default).
-
-	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
-
-	      · idmap: true or false (default).  If specified, create an idmapped mount to the target user namespace in the container.
-
-       Options specific to image:
-
-	      · rw, readwrite: true or false (default).
-
-       Options specific to bind:
-
-	      · ro, readonly: true or false (default).
-
-	      · bind-propagation: shared, slave, private, unbindable, rshared, rslave, runbindable, or rprivate(default). See also mount(2).
-
-	      . bind-nonrecursive: do not set up a recursive bind mount. By default it is recursive.
-
-	      . relabel: shared, private.
-
-	      · idmap: true or false (default).  If specified, create an idmapped mount to the target user namespace in the container.
-
-	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
-
-       Options specific to tmpfs:
-
-	      · ro, readonly: true or false (default).
-
-	      · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
-
-	      · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
-
-	      · tmpcopyup: Enable copyup from the image directory at the same location to the tmpfs. Used by default.
-
-	      · notmpcopyup: Disable copying files from the image to the tmpfs.
-
-	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
-
-       Options specific to devpts:
-
-	      · uid: UID of the file owner (default 0).
-
-	      · gid: GID of the file owner (default 0).
-
-	      · mode: permission mask for the file (default 600).
-
-	      · max: maximum number of PTYs (default 1048576).
-
-#### **--name**=*name*
-
-Assign a name to the container
-
-The operator can identify a container in three ways:
-UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778�)
-UUID short identifier (“f78375b1c487�)
-Name (“jonah�)
-
-podman generates a UUID for each container, and if a name is not assigned
-to the container with **--name** then it will generate a random
-string name. The name is useful any place you need to identify a container.
-This works for both background and foreground containers.
-
-#### **--network**=*mode*, **--net**
-
-Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace.
-
-Valid _mode_ values are:
-
-- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
-  - **alias=name**: Add network-scoped alias for the container.
-  - **ip=IPv4**: Specify a static ipv4 address for this container.
-  - **ip=IPv6**: Specify a static ipv6 address for this container.
-  - **mac=MAC**: Specify a static mac address for this container.
-  - **interface_name**: Specify a name for the created network interface inside the container.
-
-  For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
-- \<network name or ID\>[:OPTIONS,...]: Connect to a user-defined network; this is the network name or ID from a network created by **[podman network create](podman-network-create.1.md)**. Using the network name implies the bridge network mode. It is possible to specify the same options described under the bridge mode above. You can use the **--network** option multiple times to specify additional networks.
-- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
-- **container:**_id_: Reuse another container's network stack.
-- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-- **ns:**_path_: Path to a network namespace to join.
-- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
-- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
-  - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
-  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
-  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
-  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
-  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
-  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
-  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
-  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
-  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
-  Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
-  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
-
-#### **--network-alias**=*alias*
-
-Add a network-scoped alias for the container, setting the alias for all networks that the container joins. To set a
-name only for a specific network, use the alias option as described under the **--network** option.
-If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} <name>`),
-these aliases can be used for name resolution on the given network. This option can be specified multiple times.
-NOTE: When using CNI a container will only have access to aliases on the first network that it joins. This limitation does
-not exist with netavark/aardvark-dns.
-
-#### **--no-healthcheck**
-
-Disable any defined healthchecks for container.
-
-#### **--no-hosts**
-
-Do not create _/etc/hosts_ for the container.
-By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
-**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
-This option conflicts with **--add-host**.
-
-#### **--oom-kill-disable**
-
-Whether to disable OOM Killer for the container or not.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--oom-score-adj**=*num*
-
-Tune the host's OOM preferences for containers (accepts -1000 to 1000)
-
-#### **--os**=*OS*
-Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
-
-#### **--passwd-entry**=*ENTRY*
-
-Customize the entry that is written to the `/etc/passwd` file within the container when `--passwd` is used.
-
-The variables $USERNAME, $UID, $GID, $NAME, $HOME are automatically replaced with their value at runtime.
-
-#### **--personality**=*persona*
-
-Personality sets the execution domain via Linux personality(2).
-
-#### **--pid**=*pid*
-
-Set the PID mode for the container
-Default is to create a private PID namespace for the container
-- `container:<name|id>`: join another container's PID namespace
-- `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
-- `ns`: join the specified PID namespace
-- `private`: create a new namespace for the container (default)
-
-#### **--pidfile**=*path*
-
-When the pidfile location is specified, the container process' PID will be written to the pidfile. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-If the pidfile option is not specified, the container process' PID will be written to /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.
-
-After the container is started, the location for the pidfile can be discovered with the following `podman inspect` command:
-
-    $ podman inspect --format '{{ .PidFile }}' $CID
-    /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile
-
-#### **--pids-limit**=*limit*
-
-Tune the container's pids limit. Set `-1` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
-
-#### **--platform**=*OS/ARCH*
-
-Specify the platform for selecting the image.   (Conflicts with --arch and --os)
-The `--platform` option can be used to override the current architecture and operating system.
-
-#### **--pod**=*name*
-
-Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`.
-To make a pod with more granular options, use the `podman pod create` command before creating a container.
-
-#### **--pod-id-file**=*path*
-
-Run container in an existing pod and read the pod's ID from the specified file. If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
-
-#### **--privileged**
-
-Give extended privileges to this container. The default is *false*.
-
-By default, Podman containers are
-“unprivileged� (=false) and cannot, for example, modify parts of the operating system.
-This is because by default a container is not allowed to access any devices.
-A “privileged� container is given access to all devices.
-
-When the operator executes a privileged container, Podman enables access
-to all devices on the host, turns off graphdriver mount options, as well as
-turning off most of the security measures protecting the host from the
-container.
-
-Rootless containers cannot have more privileges than the account that launched them.
-
-#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]*
-
-Publish a container's port, or range of ports, to the host.
-
-Both *hostPort* and *containerPort* can be specified as a range of ports.
-When specifying ranges for both, the number of container ports in the
-range must match the number of host ports in the range.
-
-If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host.
-
-By default, Podman will publish TCP ports. To publish a UDP port instead, give
-`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice,
-with `tcp`, and `udp` as protocols respectively. Rootful containers can also
-publish ports using the `sctp` protocol.
-
-Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`).
-If it is not, the container port will be randomly assigned a port on the host.
-
-Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`.
-
-**Note:** If a container will be run within a pod, it is not necessary to publish the port for
-the containers in the pod. The port must only be published by the pod itself. Pod network
-stacks act like the network stack on the host - you have a variety of containers in the pod,
-and programs in the container, all sharing a single interface and IP address, and
-associated ports. If one container binds to a port, no other container can use that port
-within the pod while it is in use. Containers in the pod can also communicate over localhost
-by having one container bind to localhost in the pod, and another connect to that port.
-
-#### **--publish-all**, **-P**
-
-Publish all exposed ports to random ports on the host interfaces. The default is *false*.
-
-When set to true publish all exposed ports to the host interfaces. The
-default is false. If the operator uses -P (or -p) then Podman will make the
-exposed port accessible on the host and the ports will be available to any
-client that can reach the host. When using -P, Podman will bind any exposed
-port to a random port on the host within an *ephemeral port range* defined by
-`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
-ports and the exposed ports, use `podman port`.
-
-#### **--pull**=*policy*
-
-Pull image policy. The default is **missing**.
-
-- **always**: Always pull the image and throw an error if the pull fails.
-- **missing**: Pull the image only if it could not be found in the local containers storage.  Throw an error if no image could be found and the pull fails.
-- **never**: Never pull the image but use the one from the local containers storage.  Throw an error if no image could be found.
-- **newer**: Pull if the image on the registry is newer than the one in the local containers storage.  An image is considered to be newer when the digests are different.  Comparing the time stamps is prone to errors.  Pull errors are suppressed if a local image was found.
-
-#### **--quiet**, **-q**
-
-Suppress output information when pulling images
-
-#### **--read-only**
-
-Mount the container's root filesystem as read-only.
-
-By default a container will have its root filesystem writable allowing processes
-to write files anywhere. By specifying the `--read-only` flag the container will have
-its root filesystem mounted as read-only prohibiting any writes.
-
-#### **--read-only-tmpfs**
-
-If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is *true*
-
-#### **--replace**
-
-If another container with the same name already exists, replace and remove it. The default is **false**.
-
-#### **--requires**=*container*
-
-Specify one or more requirements.
-A requirement is a dependency container that will be started before this container.
-Containers can be specified by name or ID, with multiple containers being separated by commas.
-
-#### **--restart**=*policy*
-
-Restart policy to follow when containers exit.
-Restart policy will not take effect if a container is stopped via the `podman kill` or `podman stop` commands.
-
-Valid values are:
-
-- `no`                       : Do not restart containers on exit
-- `on-failure[:max_retries]` : Restart containers when they exit with a non-0 exit code, retrying indefinitely or until the optional max_retries count is hit
-- `always`                   : Restart containers when they exit, regardless of status, retrying indefinitely
-- `unless-stopped`           : Identical to **always**
-
-Please note that restart will not restart containers after a system reboot.
-If this functionality is required in your environment, you can invoke Podman from a systemd unit file, or create an init script for whichever init system is in use.
-To generate systemd unit files, please see *podman generate systemd*
-
-#### **--rm**
-
-Automatically remove the container when it exits. The default is *false*.
-
-#### **--rootfs**
-
-If specified, the first argument refers to an exploded container on the file system.
-
-This is useful to run a container without requiring any image management, the rootfs
-of the container is assumed to be managed externally.
-
-  `Overlay Rootfs Mounts`
-
-   The `:O` flag tells Podman to mount the directory from the rootfs path as
-storage using the `overlay file system`. The container processes
-can modify content within the mount point which is stored in the
-container storage in a separate directory. In overlay terms, the source
-directory will be the lower, and the container storage directory will be the
-upper. Modifications to the mount point are destroyed when the container
-finishes executing, similar to a tmpfs mount point being unmounted.
-
-#### **--sdnotify**=**container** | *conmon* | *ignore*
-
-Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify.
-
-Default is **container**, which means allow the OCI runtime to proxy the socket into the
-container to receive ready notification. Podman will set the MAINPID to conmon's pid.
-The **conmon** option sets MAINPID to conmon's pid, and sends READY when the container
-has started. The socket is never passed to the runtime or the container.
-The **ignore** option removes NOTIFY_SOCKET from the environment for itself and child processes,
-for the case where some other process above Podman uses NOTIFY_SOCKET and Podman should not use it.
-
-#### **--seccomp-policy**=*policy*
-
-Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.containers.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below.
-
-Note that this feature is experimental and may change in the future.
-
-#### **--secret**=*secret[,opt=opt ...]*
-
-Give the container access to a secret. Can be specified multiple times.
-
-A secret is a blob of sensitive data which a container needs at runtime but
-should not be stored in the image or in source control, such as usernames and passwords,
-TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
-
-When secrets are specified as type `mount`, the secrets are copied and mounted into the container when a container is created.
-When secrets are specified as type `env`, the secret will be set as an environment variable within the container.
-Secrets are written in the container at the time of container creation, and modifying the secret using `podman secret` commands
-after the container is created will not affect the secret inside the container.
-
-Secrets and its storage are managed using the `podman secret` command.
-
-Secret Options
-
-- `type=mount|env`    : How the secret will be exposed to the container. Default mount.
-- `target=target`     : Target of secret. Defaults to secret name.
-- `uid=0`             : UID of secret. Defaults to 0. Mount secret type only.
-- `gid=0`             : GID of secret. Defaults to 0. Mount secret type only.
-- `mode=0`            : Mode of secret. Defaults to 0444. Mount secret type only.
-
-#### **--security-opt**=*option*
-
-Security Options
-
-- `apparmor=unconfined` : Turn off apparmor confinement for the container
-- `apparmor=your-profile` : Set the apparmor confinement profile for the container
-
-- `label=user:USER`     : Set the label user for the container processes
-- `label=role:ROLE`     : Set the label role for the container processes
-- `label=type:TYPE`     : Set the label process type for the container processes
-- `label=level:LEVEL`   : Set the label level for the container processes
-- `label=filetype:TYPE` : Set the label file type for the container files
-- `label=disable`       : Turn off label separation for the container
-
-Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
-
-- `mask=/path/1:/path/2` : The paths to mask separated by a colon. A masked path
-  cannot be accessed inside the container.
-
-- `no-new-privileges` : Disable container processes from gaining additional privileges
-
-- `seccomp=unconfined` : Turn off seccomp confinement for the container.
-- `seccomp=profile.json` : JSON file to be used as a seccomp filter. Note that the `io.podman.annotations.seccomp` annotation is set with the specified value as shown in `podman inspect`.
-
-- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
-  possible mount options are specified in the **proc(5)** man page.
-
-
-- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
-  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**  The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
-
-Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
-
-#### **--shm-size**=*size*
-
-Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`.
-When size is `0`, there is no limit on the amount of memory used for IPC by the container.
-
-#### **--stop-signal**=*SIGTERM*
-
-Signal to stop a container. Default is SIGTERM.
-
-#### **--stop-timeout**=*seconds*
-
-Timeout (in seconds) to stop a container. Default is 10.
-Remote connections use local containers.conf for defaults
-
-#### **--subgidname**=*name*
-
-Name for GID map from the `/etc/subgid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--gidmap`.
-
-#### **--subuidname**=*name*
-
-Name for UID map from the `/etc/subuid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--uidmap`.
-
-#### **--sysctl**=*SYSCTL*
-
-Configure namespaced kernel parameters at runtime
-
-IPC Namespace - current sysctls allowed:
-
-kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
-Sysctls beginning with fs.mqueue.*
-
-Note: if you use the --ipc=host option these sysctls will not be allowed.
-
-Network Namespace - current sysctls allowed:
-    Sysctls beginning with net.*
-
-Note: if you use the --network=host option these sysctls will not be allowed.
-
-#### **--systemd**=*true* | *false* | *always*
-
-Run container in systemd mode. The default is *true*.
-
-The value *always* enforces the systemd mode is enforced without
-looking at the executable name. Otherwise, if set to true and the
-command you are running inside the container is **systemd**, **/usr/sbin/init**,
-**/sbin/init** or **/usr/local/sbin/init**.
-
-Running the container in systemd mode causes the following changes:
-
-* Podman mounts tmpfs file systems on the following directories
-  * _/run_
-  * _/run/lock_
-  * _/tmp_
-  * _/sys/fs/cgroup/systemd_
-  * _/var/lib/journal_
-* Podman sets the default stop signal to **SIGRTMIN+3**.
-* Podman sets **container_uuid** environment variable in the container to the
-first 32 characters of the container id.
-
-This allows systemd to run in a confined container without any modifications.
-
-Note: On `SELinux` systems, systemd attempts to write to the cgroup
-file system. Containers writing to the cgroup file system are denied by default.
-The `container_manage_cgroup` boolean must be enabled for this to be allowed on an SELinux separated system.
-
-`setsebool -P container_manage_cgroup true`
-
-#### **--timeout**=*seconds*
-
-Maximum time a container is allowed to run before conmon sends it the kill
-signal.  By default containers will run until they exit or are stopped by
-`podman stop`.
-
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
-
-#### **--tmpfs**=*fs*
-
-Create a tmpfs mount
-
-Mount a temporary filesystem (`tmpfs`) mount into a container, for example:
-
-$ podman create -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
-
-This command mounts a `tmpfs` at `/tmp` within the container. The supported mount
-options are the same as the Linux default `mount` flags. If you do not specify
-any options, the systems uses the following options:
-`rw,noexec,nosuid,nodev`.
-
-#### **--tty**, **-t**
-
-Allocate a pseudo-TTY. The default is *false*.
-
-When set to true Podman will allocate a pseudo-tty and attach to the standard
-input of the container. This can be used, for example, to run a throwaway
-interactive shell. The default is false.
-
-Note: The **-t** option is incompatible with a redirection of the Podman client
-standard input.
-
-#### **--tz**=*timezone*
-
-Set timezone in container. This flag takes area-based timezones, GMT time, as well as `local`, which sets the timezone in the container to match the host machine. See `/usr/share/zoneinfo/` for valid timezones.
-Remote connections use local containers.conf for defaults
-
-#### **--uidmap**=*container_uid:from_uid:amount*
-
-Run the container in a new user namespace using the supplied UID mapping. This
-option conflicts with the **--userns** and **--subuidname** options. This
-option provides a way to map host UIDs to container UIDs. It can be passed
-several times to map different ranges.
-
-The _from_uid_ value is based upon the user running the command, either rootful or rootless users.
-* rootful user:  *container_uid*:*host_uid*:*amount*
-* rootless user: *container_uid*:*intermediate_uid*:*amount*
-
-When **podman create** is called by a privileged user, the option **--uidmap**
-works as a direct mapping between host UIDs and container UIDs.
-
-host UID -> container UID
-
-The _amount_ specifies the number of consecutive UIDs that will be mapped.
-If for example _amount_ is **4** the mapping would look like:
-
-|   host UID     |    container UID    |
-| -              | -                   |
-| _from_uid_     | _container_uid_     |
-| _from_uid_ + 1 | _container_uid_ + 1 |
-| _from_uid_ + 2 | _container_uid_ + 2 |
-| _from_uid_ + 3 | _container_uid_ + 3 |
-
-When **podman create** is called by an unprivileged user (i.e. running rootless),
-the value _from_uid_ is interpreted as an "intermediate UID". In the rootless
-case, host UIDs are not mapped directly to container UIDs. Instead the mapping
-happens over two mapping steps:
-
-host UID -> intermediate UID -> container UID
-
-The **--uidmap** option only influences the second mapping step.
-
-The first mapping step is derived by Podman from the contents of the file
-_/etc/subuid_ and the UID of the user calling Podman.
-
-First mapping step:
-
-| host UID                                         | intermediate UID |
-| -                                                |                - |
-| UID for the user starting Podman                 |                0 |
-| 1st subordinate UID for the user starting Podman |                1 |
-| 2nd subordinate UID for the user starting Podman |                2 |
-| 3rd subordinate UID for the user starting Podman |                3 |
-| nth subordinate UID for the user starting Podman |                n |
-
-To be able to use intermediate UIDs greater than zero, the user needs to have
-subordinate UIDs configured in _/etc/subuid_. See **subuid**(5).
-
-The second mapping step is configured with **--uidmap**.
-
-If for example _amount_ is **5** the second mapping step would look like:
-
-|   intermediate UID   |    container UID    |
-| -                    | -                   |
-| _from_uid_           | _container_uid_     |
-| _from_uid_ + 1       | _container_uid_ + 1 |
-| _from_uid_ + 2       | _container_uid_ + 2 |
-| _from_uid_ + 3       | _container_uid_ + 3 |
-| _from_uid_ + 4       | _container_uid_ + 4 |
-
-The current user ID is mapped to UID=0 in the rootless user namespace.
-Every additional range is added sequentially afterward:
-
-|   host                |rootless user namespace | length              |
-| -                     | -                      | -                   |
-| $UID                  | 0                      | 1                   |
-| 1                     | $FIRST_RANGE_ID        | $FIRST_RANGE_LENGTH |
-| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID       | $SECOND_RANGE_LENGTH|
-
-Even if a user does not have any subordinate UIDs in  _/etc/subuid_,
-**--uidmap** could still be used to map the normal UID of the user to a
-container UID by running `podman create --uidmap $container_uid:0:1 --user $container_uid ...`.
-
-Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod.
-
-#### **--ulimit**=*option*
-
-Ulimit options
-
-You can pass `host` to copy the current configuration from the host.
-
-#### **--umask**=*umask*
-
-Set the umask inside the container. Defaults to `0022`.
-Remote connections use local containers.conf for defaults
-
-#### **--unsetenv**=*env*
-
-Unset default environment variables for the container. Default environment
-variables include variables provided natively by Podman, environment variables
-configured by the image, and environment variables from containers.conf.
-
-#### **--unsetenv-all**
-
-Unset all default environment variables for the container. Default environment
-variables include variables provided natively by Podman, environment variables
-configured by the image, and environment variables from containers.conf.
-
-#### **--user**, **-u**=*user*
-
-Sets the username or UID used and optionally the groupname or GID for the specified command.
-
-The following examples are all valid:
---user [user | user:group | uid | uid:gid | user:gid | uid:group ]
-
-Without this argument the command will be run as root in the container.
-
-#### **--userns**=*mode*
-
-Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options.
-
-Rootless user --userns=Key mappings:
-
-Key       | Host User |  Container User
-----------|---------------|---------------------
-""        |$UID           |0 (Default User account mapped to root user in container.)
-keep-id   |$UID           |$UID (Map user account to same UID within container.)
-auto      |$UID           | nil (Host User UID is not mapped into container.)
-nomap     |$UID           | nil (Host User UID is not mapped into container.)
-
-Valid _mode_ values are:
-
-**auto**[:_OPTIONS,..._]: automatically create a unique user namespace.
-
-The `--userns=auto` flag, requires that the user name `containers` and a range of subordinate user ids that the Podman container is allowed to use be specified in the /etc/subuid and /etc/subgid files.
-
-Example: `containers:2147483647:2147483648`.
-
-Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode
-
-  Valid `auto` options:
-
-  - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace.
-  - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
-  - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace.
-
-**container:**_id_: join the user namespace of the specified container.
-
-**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
-
-**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is not allowed for containers created by the root user.
-
-**nomap**: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is not allowed for containers created by the root user.
-
-**ns:**_namespace_: run the container in the given existing user namespace.
-
-**private**: create a new namespace for the container.
-
-This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
-
-#### **--uts**=*mode*
-
-Set the UTS namespace mode for the container. The following values are supported:
-
-- **host**: use the host's UTS namespace inside the container.
-- **private**: create a new namespace for the container (default).
-- **ns:[path]**: run the container in the given existing UTS namespace.
-- **container:[container]**: join the UTS namespace of the specified container.
-
-#### **--variant**=*VARIANT*
-Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7.
-
-#### **--volume**, **-v**=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*
-
-Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman
-bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman
-container. Similarly, `-v SOURCE-VOLUME:/CONTAINER-DIR` will mount the volume
-in the host to the container. If no such named volume exists, Podman will
-create one. The `OPTIONS` are a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup>  (Note when using the remote client, including Mac and Windows (excluding WSL2) machines, the volumes will be mounted from the remote server, not necessarily the client machine.)
-
-The _options_ is a comma-separated list and can be:
-
-* **rw**|**ro**
-* **z**|**Z**
-* [**O**]
-* [**U**]
-* [**no**]**copy**
-* [**no**]**dev**
-* [**no**]**exec**
-* [**no**]**suid**
-* [**r**]**bind**
-* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable**
-
-The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
-will be mounted into the container at this directory.
-
-Volumes may specify a source as well, as either a directory on the host
-or the name of a named volume. If no source is given, the volume will be created as an
-anonymously named volume with a randomly generated name, and will be removed when
-the container is removed via the `--rm` flag or `podman rm --volumes`.
-
-If a volume source is specified, it must be a path on the host or the name of a
-named volume. Host paths are allowed to be absolute or relative; relative paths
-are resolved relative to the directory Podman is run in. If the source does not
-exist, Podman will return an error. Users must pre-create the source files or
-directories.
-
-Any source that does not begin with a `.` or `/` will be treated as the name of
-a named volume. If a volume with that name does not exist, it will be created.
-Volumes created with names are not anonymous, and they are not removed by the `--rm`
-option and the `podman rm --volumes` command.
-
-You can specify multiple  **-v** options to mount one or more volumes into a
-container.
-
-  `Write Protected Volume Mounts`
-
-You can add `:ro` or `:rw` suffix to a volume to mount it read-only or
-read-write mode, respectively. By default, the volumes are mounted read-write.
-See examples.
-
-  `Chowning Volume Mounts`
-
-By default, Podman does not change the owner and group of source volume
-directories mounted into containers. If a container is created in a new user
-namespace, the UID and GID in the container may correspond to another UID and
-GID on the host.
-
-The `:U` suffix tells Podman to use the correct host UID and GID based on the
-UID and GID within the container, to change recursively the owner and group of
-the source volume.
-
-**Warning** use with caution since this will modify the host filesystem.
-
-  `Labeling Volume Mounts`
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a container. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the container context, you can add either of two suffixes
-`:z` or `:Z` to the volume mount. These suffixes tell Podman to relabel file
-objects on the shared volumes. The `z` option tells Podman that two containers
-share the volume content. As a result, Podman labels the content with a shared
-content label. Shared volume labels allow all containers to read/write content.
-The `Z` option tells Podman to label the content with a private unshared label.
-Only the current container can use a private volume.
-
-Note: Do not relabel system files and directories. Relabeling system content
-might cause other confined services on your machine to fail.  For these types
-of containers we recommend disabling SELinux separation.  The option
-`--security-opt label=disable` disables SELinux separation for containers used in the build.
-For example if a user wanted to volume mount their entire home directory into a
-container, they need to disable SELinux separation.
-
-	   $ podman create --security-opt label=disable -v $HOME:/home/user fedora touch /home/user/file
-
-  `Overlay Volume Mounts`
-
-   The `:O` flag tells Podman to mount the directory from the host as a
-temporary storage using the `overlay file system`. The container processes
-can modify content within the mountpoint which is stored in the
-container storage in a separate directory. In overlay terms, the source
-directory will be the lower, and the container storage directory will be the
-upper. Modifications to the mount point are destroyed when the container
-finishes executing, similar to a tmpfs mount point being unmounted.
-
-  Subsequent executions of the container will see the original source directory
-content, any changes from previous container executions no longer exist.
-
-  One use case of the overlay mount is sharing the package cache from the
-host into the container to allow speeding up builds.
-
-  Note:
-
-     - The `O` flag conflicts with other options listed above.
-Content mounted into the container is labeled with the private label.
-       On SELinux systems, labels in the source directory must be readable
-by the container label. Usually containers can read/execute `container_share_t`
-and can read/write `container_file_t`. If you cannot change the labels on a
-source volume, SELinux container separation must be disabled for the container
-to work.
-     - The source directory mounted into the container with an overlay mount
-should not be modified, it can cause unexpected failures. It is recommended
-that you do not modify the directory until the container finishes running.
-
-  `Mounts propagation`
-
-By default bind mounted volumes are `private`. That means any mounts done
-inside container will not be visible on host and vice versa. One can change
-this behavior by specifying a volume mount propagation property. Making a
-volume `shared` mounts done under that volume inside container will be
-visible on host and vice versa. Making a volume `slave` enables only one
-way mount propagation and that is mounts done on host under that volume
-will be visible inside container but not the other way around. <sup>[[1]](#Footnote1)</sup>
-
-To control mount propagation property of a volume one can use the [**r**]**shared**,
-[**r**]**slave**, [**r**]**private** or the [**r**]**unbindable** propagation flag.
-For mount propagation to work the source mount point (the mount point where source dir
-is mounted on) has to have the right propagation properties. For shared volumes, the
-source mount point has to be shared. And for slave volumes, the source mount point
-has to be either shared or slave. <sup>[[1]](#Footnote1)</sup>
-
-If you want to recursively mount a volume and all of its submounts into a
-container, then you can use the `rbind` option. By default the bind option is
-used, and submounts of the source directory will not be mounted into the
-container.
-
-Mounting the volume with the `nosuid` options means that SUID applications on
-the volume will not be able to change their privilege. By default volumes
-are mounted with `nosuid`.
-
-Mounting the volume with the noexec option means that no executables on the
-volume will be able to be executed within the container.
-
-Mounting the volume with the nodev option means that no devices on the volume
-will be able to be used by processes within the container. By default volumes
-are mounted with `nodev`.
-
-If the `<source-dir>` is a mount point, then "dev", "suid", and "exec" options are
-ignored by the kernel.
-
-Use `df <source-dir>` to figure out the source mount and then use
-`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
-properties of source mount. If `findmnt` utility is not available, then one
-can look at mount entry for source mount point in `/proc/self/mountinfo`. Look
-at `optional fields` and see if any propagation properties are specified.
-`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
-nothing is there that means mount is `private`. <sup>[[1]](#Footnote1)</sup>
-
-To change propagation properties of a mount point use `mount` command. For
-example, if one wants to bind mount source directory `/foo` one can do
-`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
-will convert /foo into a `shared` mount point. Alternatively one can directly
-change propagation properties of source mount. Say `/` is source mount for
-`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.
-
-Note: if the user only has access rights via a group, accessing the volume
-from inside a rootless container will fail. Use the `--group-add keep-groups`
-flag to pass the user's supplementary group access into the container.
-
-#### **--volumes-from**=*CONTAINER[:OPTIONS]]*
-
-Mount volumes from the specified container(s). Used to share volumes between
-containers. The *options* is a comma-separated list with the following available elements:
-
-* **rw**|**ro**
-* **z**
-
-Mounts already mounted volumes from a source container onto another
-container. You must supply the source's container-id or container-name.
-To share a volume, use the --volumes-from option when running
-the target container. You can share volumes even if the source container
-is not running.
-
-By default, Podman mounts the volumes in the same mode (read-write or
-read-only) as it is mounted in the source container.
-You can change this by adding a `ro` or `rw` _option_.
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a container. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the container context, you can add `z` to the volume mount.
-This suffix tells Podman to relabel file objects on the shared volumes. The `z`
-option tells Podman that two containers share the volume content. As a result,
-Podman labels the content with a shared content label. Shared volume labels allow
-all containers to read/write content.
-
-If the location of the volume from the source container overlaps with
-data residing on a target container, then the volume hides
-that data on the target.
-
-#### **--workdir**, **-w**=*dir*
-
-Working directory inside the container
-
-The default working directory for running binaries within a container is the root directory (/).
-The image developer can set a different default with the WORKDIR instruction. The operator
-can override the working directory by using the **-w** option.
-
-## EXAMPLES
-
-### Create a container using a local image
-
-```
-$ podman create alpine ls
-```
-
-### Create a container using a local image and annotate it
-
-```
-$ podman create --annotation HELLO=WORLD alpine ls
-```
-
-### Create a container using a local image, allocating a pseudo-TTY, keeping stdin open and name it myctr
-
-```
-  podman create -t -i --name myctr alpine ls
-```
-
-### Set UID/GID mapping in a new user namespace
-
-Running a container in a new user namespace requires a mapping of
-the uids and gids from the host.
-
-```
-$ podman create --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello
-```
-
-### Setting automatic user namespace separated containers
-
-```
-# podman create --userns=auto:size=65536 ubi8-init
-```
-
-### Configure timezone in a container
-
-```
-$ podman create --tz=local alpine date
-$ podman create --tz=Asia/Shanghai alpine date
-$ podman create --tz=US/Eastern alpine date
-```
-
-### Adding dependency containers
-
-Podman will make sure the first container, container1, is running before the second container (container2) is started.
-
-```
-$ podman create --name container1 -t -i fedora bash
-$ podman create --name container2 --requires container1 -t -i fedora bash
-$ podman start --attach container2
-```
-
-Multiple containers can be required.
-
-```
-$ podman create --name container1 -t -i fedora bash
-$ podman create --name container2 -t -i fedora bash
-$ podman create --name container3 --requires container1,container2 -t -i fedora bash
-$ podman start --attach container3
-```
-
-### Configure keep supplemental groups for access to volume
-
-```
-$ podman create -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
-```
-
-### Configure execution domain for containers using personality flag
-
-```
-$ podman create --name container1 --personality=LINUX32 fedora bash
-```
-
-### Create a container with external rootfs mounted as an overlay
-
-```
-$ podman create --name container1 --rootfs /path/to/rootfs:O bash
-```
-
-### Create a container connected to two networks (called net1 and net2) with a static ip
-
-```
-$ podman create --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 alpine ip addr
-```
-
-### Rootless Containers
-
-Podman runs as a non-root user on most systems. This feature requires that a new enough version of shadow-utils
-be installed. The shadow-utils package must include the newuidmap and newgidmap executables.
-
-In order for users to run rootless, there must be an entry for their username in /etc/subuid and /etc/subgid which lists the UIDs for their user namespace.
-
-Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
-The fuse-overlayfs package provides a userspace overlay storage driver, otherwise users need to use
-the vfs storage driver, which is diskspace expensive and does not perform well. slirp4netns is
-required for VPN, without it containers need to be run with the --network=host flag.
-
-## ENVIRONMENT
-
-Environment variables within containers can be set using multiple different options:  This section describes the precedence.
-
-Precedence order (later entries override earlier entries):
-
-- **--env-host** : Host environment of the process executing Podman is added.
-- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details.
-- Container image : Any environment variables specified in the container image.
-- **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry.
-- **--env** : Any environment variables specified will override previous settings.
-
-Create containers and set the environment ending with a __*__.
-The trailing __*__ glob functionality is only active when no value is specified:
-
-```
-$ export ENV1=a
-$ podman create --name ctr1 --env 'ENV*' alpine env
-$ podman start --attach ctr1 | grep ENV
-ENV1=a
-$ podman create --name ctr2 --env 'ENV*=b' alpine env
-$ podman start --attach ctr2 | grep ENV
-ENV*=b
-```
-
-## CONMON
-
-When Podman starts a container it actually executes the conmon program, which
-then executes the OCI Runtime.  Conmon is the container monitor.  It is a small
-program whose job is to watch the primary process of the container, and if the
-container dies, save the exit code.  It also holds open the tty of the
-container, so that it can be attached to later. This is what allows Podman to
-run in detached mode (backgrounded), so Podman can exit but conmon continues to
-run.  Each container has their own instance of conmon. Conmon waits for the
-container to exit, gathers and saves the exit code, and then launches a Podman
-process to complete the container cleanup, by shutting down the network and
-storage.   For more information on conmon, please reference the conmon(8) man
-page.
-
-## FILES
-
-**/etc/subuid**
-**/etc/subgid**
-
-NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
-
-## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[systemd.unit(5)](https://www.freedesktop.org/software/systemd/man/systemd.unit.html)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
-
-## HISTORY
-October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman `<dwalsh@redhat.com>`
-
-November 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
-
-September 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
-
-August 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
-
-## FOOTNOTES
-<a name="Footnote1">1</a>: The Podman project is committed to inclusivity, a core value of open source. The `master` and `slave` mount propagation terminology used here is problematic and divisive, and should be changed. However, these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, Podman will follow suit immediately.
diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in
new file mode 100644
index 000000000..72f167a7e
--- /dev/null
+++ b/docs/source/markdown/podman-create.1.md.in
@@ -0,0 +1,615 @@
+% podman-create 1
+
+## NAME
+podman\-create - Create a new container
+
+## SYNOPSIS
+**podman create** [*options*] *image* [*command* [*arg* ...]]
+
+**podman container create** [*options*] *image* [*command* [*arg* ...]]
+
+## DESCRIPTION
+
+Creates a writable container layer over the specified image and prepares it for
+running the specified command. The container ID is then printed to STDOUT. This
+is similar to **podman run -d** except the container is never started. You can
+then use the **podman start** *container* command to start the container at
+any point.
+
+The initial status of the container created with **podman create** is 'created'.
+
+Default settings for flags are defined in `containers.conf`. Most settings for
+remote connections use the server's containers.conf, except when documented in
+man pages.
+
+## IMAGE
+
+  The image is specified using transport:path format. If no transport is specified, the `docker` (container registry)
+transport will be used by default. For remote Podman, including Mac and Windows (excluding WSL2) machines, `docker` is the only allowed transport.
+
+  **dir:**_path_
+  An existing local directory _path_ storing the manifest, layer tarballs and signatures as individual files. This
+is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
+
+    $ podman save --format docker-dir fedora -o /tmp/fedora
+    $ podman create dir:/tmp/fedora echo hello
+
+  **docker://**_docker-reference_ (Default)
+  An image reference stored in  a remote container image registry. Example: "quay.io/podman/stable:latest".
+The reference can include a path to a specific registry; if it does not, the
+registries listed in registries.conf will be queried to find a matching image.
+By default, credentials from `podman login` (stored at
+$XDG_RUNTIME_DIR/containers/auth.json by default) will be used to authenticate;
+otherwise it falls back to using credentials in $HOME/.docker/config.json.
+
+    $ podman create registry.fedoraproject.org/fedora:latest echo hello
+
+  **docker-archive:**_path_[**:**_docker-reference_]
+An image stored in the `docker save` formatted file. _docker-reference_ is only used when creating such a
+file, and it must not contain a digest.
+
+    $ podman save --format docker-archive fedora -o /tmp/fedora
+    $ podman create docker-archive:/tmp/fedora echo hello
+
+  **docker-daemon:**_docker-reference_
+  An image in _docker-reference_ format stored in the docker daemon internal storage. The _docker-reference_ can also be an image ID (docker-daemon:algo:digest).
+
+    $ sudo docker pull fedora
+    $ sudo podman create docker-daemon:docker.io/library/fedora echo hello
+
+  **oci-archive:**_path_**:**_tag_
+  An image in a directory compliant with the "Open Container Image Layout Specification" at the specified _path_
+and specified with a _tag_.
+
+    $ podman save --format oci-archive fedora -o /tmp/fedora
+    $ podman create oci-archive:/tmp/fedora echo hello
+
+## OPTIONS
+
+@@option add-host
+
+@@option annotation.container
+
+@@option arch
+
+#### **--attach**, **-a**=*location*
+
+Attach to STDIN, STDOUT or STDERR.
+
+In foreground mode (the default when **-d**
+is not specified), **podman run** can start the process in the container
+and attach the console to the process's standard input, output, and standard
+error. It can even pretend to be a TTY (this is what most command line
+executables expect) and pass along signals. The **-a** option can be set for
+each of stdin, stdout, and stderr.
+
+@@option authfile
+
+@@option blkio-weight
+
+@@option blkio-weight-device
+
+@@option cap-add
+
+@@option cap-drop
+
+@@option cgroup-conf
+
+@@option cgroup-parent
+
+@@option cgroupns
+
+@@option cgroups
+
+@@option chrootdirs
+
+@@option cidfile.write
+
+@@option conmon-pidfile
+
+@@option cpu-period
+
+@@option cpu-quota
+
+@@option cpu-rt-period
+
+@@option cpu-rt-runtime
+
+@@option cpu-shares
+
+@@option cpus.container
+
+@@option cpuset-cpus
+
+@@option cpuset-mems
+
+@@option device
+
+Note: if the user only has access rights via a group, accessing the device
+from inside a rootless container will fail. Use the `--group-add keep-groups`
+flag to pass the user's supplementary group access into the container.
+
+@@option device-cgroup-rule
+
+@@option device-read-bps
+
+@@option device-read-iops
+
+@@option device-write-bps
+
+@@option device-write-iops
+
+@@option disable-content-trust
+
+@@option dns
+
+This option cannot be combined with **--network** that is set to **none** or **container:**_id_.
+
+@@option dns-opt.container
+
+@@option dns-search.container
+
+@@option entrypoint
+
+#### **--env**, **-e**=*env*
+
+Set environment variables
+
+This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in __*__ is specified without a value, Podman will search the host environment for variables starting with the prefix and will add those variables to the container.
+
+See [**Environment**](#environment) note below for precedence and examples.
+
+#### **--env-file**=*file*
+
+Read in a line delimited file of environment variables. See **Environment** note below for precedence.
+
+@@option env-host
+
+@@option env-merge
+
+@@option expose
+
+@@option gidmap.container
+
+@@option group-add
+
+@@option health-cmd
+
+@@option health-interval
+
+@@option health-on-failure
+
+@@option health-retries
+
+@@option health-start-period
+
+@@option health-timeout
+
+#### **--help**
+
+Print usage statement
+
+@@option hostname.container
+
+@@option hostuser
+
+@@option http-proxy
+
+@@option image-volume
+
+@@option init
+
+#### **--init-ctr**=*type*
+
+(Pods only).
+When using pods, create an init style container, which is run after the infra container is started
+but before regular pod containers are started.  Init containers are useful for running
+setup operations for the pod's applications.
+
+Valid values for `init-ctr` type are *always* or *once*.  The *always* value
+means the container will run with each and every `pod start`, whereas the *once*
+value means the container will only run once when the pod is started and then the container is removed.
+
+Init containers are only run on pod `start`.  Restarting a pod will not execute any init
+containers should they be present.  Furthermore, init containers can only be created in a
+pod when that pod is not running.
+
+@@option init-path
+
+@@option interactive
+
+@@option ip
+
+@@option ip6
+
+@@option ipc
+
+@@option label
+
+@@option label-file
+
+@@option link-local-ip
+
+@@option log-driver
+
+#### **--log-opt**=*name=value*
+
+Set custom logging configuration. The following *name*s are supported:
+
+- **path**: specify a path to the log file
+(e.g. **--log-opt path=/var/log/container/mycontainer.json**);
+
+- **max-size**: specify a max size of the log file
+(e.g. **--log-opt max-size=10mb**);
+
+- **tag**: specify a custom log tag for the container
+(e.g. **--log-opt tag="{{.ImageName}}"**.
+
+It supports the same keys as **podman inspect --format**.
+
+This option is currently supported only by the **journald** log driver.
+
+@@option mac-address
+
+@@option memory
+
+@@option memory-reservation
+
+@@option memory-swap
+
+@@option memory-swappiness
+
+@@option mount
+
+@@option name.container
+
+#### **--network**=*mode*, **--net**
+
+Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace.
+
+Valid _mode_ values are:
+
+- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
+  - **alias=name**: Add network-scoped alias for the container.
+  - **ip=IPv4**: Specify a static ipv4 address for this container.
+  - **ip=IPv6**: Specify a static ipv6 address for this container.
+  - **mac=MAC**: Specify a static mac address for this container.
+  - **interface_name**: Specify a name for the created network interface inside the container.
+
+  For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
+- \<network name or ID\>[:OPTIONS,...]: Connect to a user-defined network; this is the network name or ID from a network created by **[podman network create](podman-network-create.1.md)**. Using the network name implies the bridge network mode. It is possible to specify the same options described under the bridge mode above. You can use the **--network** option multiple times to specify additional networks.
+- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
+- **container:**_id_: Reuse another container's network stack.
+- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
+- **ns:**_path_: Path to a network namespace to join.
+- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
+- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
+  - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false.
+  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
+  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
+  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
+  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
+  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
+  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
+  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
+  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
+  Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
+
+@@option network-alias
+
+@@option no-healthcheck
+
+@@option no-hosts
+
+This option conflicts with **--add-host**.
+
+@@option oom-kill-disable
+
+@@option oom-score-adj
+
+@@option os.pull
+
+@@option passwd-entry
+
+@@option personality
+
+@@option pid
+
+@@option pidfile
+
+@@option pids-limit
+
+@@option platform
+
+#### **--pod**=*name*
+
+Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`.
+To make a pod with more granular options, use the `podman pod create` command before creating a container.
+
+@@option pod-id-file.container
+
+@@option privileged
+
+@@option publish
+
+**Note:** If a container will be run within a pod, it is not necessary to publish the port for
+the containers in the pod. The port must only be published by the pod itself. Pod network
+stacks act like the network stack on the host - you have a variety of containers in the pod,
+and programs in the container, all sharing a single interface and IP address, and
+associated ports. If one container binds to a port, no other container can use that port
+within the pod while it is in use. Containers in the pod can also communicate over localhost
+by having one container bind to localhost in the pod, and another connect to that port.
+
+@@option publish-all
+
+@@option pull
+
+#### **--quiet**, **-q**
+
+Suppress output information when pulling images
+
+@@option read-only
+
+@@option read-only-tmpfs
+
+@@option replace
+
+@@option requires
+
+@@option restart
+
+#### **--rm**
+
+Automatically remove the container when it exits. The default is *false*.
+
+@@option rootfs
+
+@@option sdnotify
+
+@@option seccomp-policy
+
+@@option secret
+
+#### **--security-opt**=*option*
+
+Security Options
+
+- `apparmor=unconfined` : Turn off apparmor confinement for the container
+- `apparmor=your-profile` : Set the apparmor confinement profile for the container
+
+- `label=user:USER`     : Set the label user for the container processes
+- `label=role:ROLE`     : Set the label role for the container processes
+- `label=type:TYPE`     : Set the label process type for the container processes
+- `label=level:LEVEL`   : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable`       : Turn off label separation for the container
+
+Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
+
+- `mask=/path/1:/path/2` : The paths to mask separated by a colon. A masked path
+  cannot be accessed inside the container.
+
+- `no-new-privileges` : Disable container processes from gaining additional privileges
+
+- `seccomp=unconfined` : Turn off seccomp confinement for the container.
+- `seccomp=profile.json` : JSON file to be used as a seccomp filter. Note that the `io.podman.annotations.seccomp` annotation is set with the specified value as shown in `podman inspect`.
+
+- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
+  possible mount options are specified in the **proc(5)** man page.
+
+
+- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
+  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**  The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
+
+Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
+
+@@option shm-size
+
+@@option stop-signal
+
+@@option stop-timeout
+
+@@option subgidname
+
+@@option subuidname
+
+@@option sysctl
+
+@@option systemd
+
+@@option timeout
+
+@@option tls-verify
+
+@@option tmpfs
+
+@@option tty
+
+@@option tz
+
+@@option uidmap.container
+
+@@option ulimit
+
+@@option umask
+
+@@option unsetenv
+
+@@option unsetenv-all
+
+@@option user
+
+@@option userns.container
+
+@@option uts.container
+
+#### **--variant**=*VARIANT*
+Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7.
+
+@@option volume
+
+Use the **--group-add keep-groups** option to pass the user's supplementary group access into the container.
+
+@@option volumes-from
+
+@@option workdir
+
+## EXAMPLES
+
+### Create a container using a local image
+
+```
+$ podman create alpine ls
+```
+
+### Create a container using a local image and annotate it
+
+```
+$ podman create --annotation HELLO=WORLD alpine ls
+```
+
+### Create a container using a local image, allocating a pseudo-TTY, keeping stdin open and name it myctr
+
+```
+  podman create -t -i --name myctr alpine ls
+```
+
+### Set UID/GID mapping in a new user namespace
+
+Running a container in a new user namespace requires a mapping of
+the uids and gids from the host.
+
+```
+$ podman create --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello
+```
+
+### Setting automatic user namespace separated containers
+
+```
+# podman create --userns=auto:size=65536 ubi8-init
+```
+
+### Configure timezone in a container
+
+```
+$ podman create --tz=local alpine date
+$ podman create --tz=Asia/Shanghai alpine date
+$ podman create --tz=US/Eastern alpine date
+```
+
+### Adding dependency containers
+
+Podman will make sure the first container, container1, is running before the second container (container2) is started.
+
+```
+$ podman create --name container1 -t -i fedora bash
+$ podman create --name container2 --requires container1 -t -i fedora bash
+$ podman start --attach container2
+```
+
+Multiple containers can be required.
+
+```
+$ podman create --name container1 -t -i fedora bash
+$ podman create --name container2 -t -i fedora bash
+$ podman create --name container3 --requires container1,container2 -t -i fedora bash
+$ podman start --attach container3
+```
+
+### Configure keep supplemental groups for access to volume
+
+```
+$ podman create -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
+```
+
+### Configure execution domain for containers using personality flag
+
+```
+$ podman create --name container1 --personality=LINUX32 fedora bash
+```
+
+### Create a container with external rootfs mounted as an overlay
+
+```
+$ podman create --name container1 --rootfs /path/to/rootfs:O bash
+```
+
+### Create a container connected to two networks (called net1 and net2) with a static ip
+
+```
+$ podman create --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 alpine ip addr
+```
+
+### Rootless Containers
+
+Podman runs as a non-root user on most systems. This feature requires that a new enough version of shadow-utils
+be installed. The shadow-utils package must include the newuidmap and newgidmap executables.
+
+In order for users to run rootless, there must be an entry for their username in /etc/subuid and /etc/subgid which lists the UIDs for their user namespace.
+
+Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
+The fuse-overlayfs package provides a userspace overlay storage driver, otherwise users need to use
+the vfs storage driver, which is diskspace expensive and does not perform well. slirp4netns is
+required for VPN, without it containers need to be run with the --network=host flag.
+
+## ENVIRONMENT
+
+Environment variables within containers can be set using multiple different options:  This section describes the precedence.
+
+Precedence order (later entries override earlier entries):
+
+- **--env-host** : Host environment of the process executing Podman is added.
+- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details.
+- Container image : Any environment variables specified in the container image.
+- **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry.
+- **--env** : Any environment variables specified will override previous settings.
+
+Create containers and set the environment ending with a __*__.
+The trailing __*__ glob functionality is only active when no value is specified:
+
+```
+$ export ENV1=a
+$ podman create --name ctr1 --env 'ENV*' alpine env
+$ podman start --attach ctr1 | grep ENV
+ENV1=a
+$ podman create --name ctr2 --env 'ENV*=b' alpine env
+$ podman start --attach ctr2 | grep ENV
+ENV*=b
+```
+
+## CONMON
+
+When Podman starts a container it actually executes the conmon program, which
+then executes the OCI Runtime.  Conmon is the container monitor.  It is a small
+program whose job is to watch the primary process of the container, and if the
+container dies, save the exit code.  It also holds open the tty of the
+container, so that it can be attached to later. This is what allows Podman to
+run in detached mode (backgrounded), so Podman can exit but conmon continues to
+run.  Each container has their own instance of conmon. Conmon waits for the
+container to exit, gathers and saves the exit code, and then launches a Podman
+process to complete the container cleanup, by shutting down the network and
+storage.   For more information on conmon, please reference the conmon(8) man
+page.
+
+## FILES
+
+**/etc/subuid**
+**/etc/subgid**
+
+NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
+
+## SEE ALSO
+**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[systemd.unit(5)](https://www.freedesktop.org/software/systemd/man/systemd.unit.html)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
+
+## HISTORY
+October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman `<dwalsh@redhat.com>`
+
+November 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
+
+September 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
+
+August 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
+
+## FOOTNOTES
+<a name="Footnote1">1</a>: The Podman project is committed to inclusivity, a core value of open source. The `master` and `slave` mount propagation terminology used here is problematic and divisive, and should be changed. However, these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, Podman will follow suit immediately.
diff --git a/docs/source/markdown/podman-diff.1.md b/docs/source/markdown/podman-diff.1.md
index 66675de93..0a086c20e 100644
--- a/docs/source/markdown/podman-diff.1.md
+++ b/docs/source/markdown/podman-diff.1.md
@@ -1,4 +1,4 @@
-% podman-diff(1)
+% podman-diff 1
 
 ## NAME
 podman\-diff - Inspect changes on a container or image's filesystem
diff --git a/docs/source/markdown/podman-events.1.md b/docs/source/markdown/podman-events.1.md
index 526a7fa10..d0c95fe06 100644
--- a/docs/source/markdown/podman-events.1.md
+++ b/docs/source/markdown/podman-events.1.md
@@ -1,4 +1,4 @@
-% podman-events(1)
+% podman-events 1
 
 ## NAME
 podman\-events - Monitor Podman events
diff --git a/docs/source/markdown/podman-exec.1.md b/docs/source/markdown/podman-exec.1.md.in
index da61f3456..8198c319e 100644
--- a/docs/source/markdown/podman-exec.1.md
+++ b/docs/source/markdown/podman-exec.1.md.in
@@ -1,4 +1,4 @@
-% podman-exec(1)
+% podman-exec 1
 
 ## NAME
 podman\-exec - Execute a command in a running container
@@ -31,52 +31,22 @@ This option allows arbitrary environment variables that are available for the pr
 
 Read in a line delimited file of environment variables.
 
-#### **--interactive**, **-i**
-
-When set to true, keep stdin open even if not attached. The default is *false*.
+@@option interactive
 
 #### **--latest**, **-l**
 
 Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
 to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--preserve-fds**=*N*
-
-Pass down to the process N additional file descriptors (in addition to 0, 1, 2).  The total FDs will be 3+N.
-
-#### **--privileged**
-
-Give extended privileges to this container. The default is *false*.
-
-By default, Podman containers are
-"unprivileged" and cannot, for example, modify parts of the operating system.
-This is because by default a container is only allowed limited access to devices.
-A "privileged" container is given the same access to devices as the user launching the container.
-
-A privileged container turns off the security features that isolate the
-container from the host. Dropped Capabilities, limited devices, read/only mount
-points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
-
-Rootless containers cannot have more privileges than the account that launched them.
-
-
-#### **--tty**, **-t**
-
-Allocate a pseudo-TTY.
-
-#### **--user**, **-u**
+@@option preserve-fds
 
-Sets the username or UID used and optionally the groupname or GID for the specified command.
-The following examples are all valid:
---user [user | user:group | uid | uid:gid | user:gid | uid:group ]
+@@option privileged
 
-#### **--workdir**, **-w**=*path*
+@@option tty
 
-Working directory inside the container
+@@option user
 
-The default working directory for running binaries within a container is the root directory (/).
-The image developer can set a different default with the WORKDIR instruction, which can be overridden
-when creating the container.
+@@option workdir
 
 ## Exit Status
 
diff --git a/docs/source/markdown/podman-export.1.md b/docs/source/markdown/podman-export.1.md
index 53d7e425e..d024d0256 100644
--- a/docs/source/markdown/podman-export.1.md
+++ b/docs/source/markdown/podman-export.1.md
@@ -1,4 +1,4 @@
-% podman-export(1)
+% podman-export 1
 
 ## NAME
 podman\-export - Export a container's filesystem contents as a tar archive
diff --git a/docs/source/markdown/podman-generate-spec.1.md b/docs/source/markdown/podman-generate-spec.1.md
new file mode 100644
index 000000000..73924df6c
--- /dev/null
+++ b/docs/source/markdown/podman-generate-spec.1.md
@@ -0,0 +1,26 @@
+% podman-generate-spec 1
+
+## NAME
+podman\-generate\-spec - Generate Specgen JSON based on containers or pods
+
+## SYNOPSIS
+**podman generate spec** [*options*] *container | *pod*
+
+## DESCRIPTION
+**podman generate spec** will generate Specgen JSON from Podman Containers and Pods. This JSON can either be printed to a file, directly to the command line, or both.
+
+This JSON can then be used as input for the Podman API, specifically for Podman container and pod creation. Specgen is Podman's internal structure for formulating new container-related entities.
+
+## OPTIONS
+
+#### **--compact**, **-c**
+
+Print the output in a compact, one line format. This is useful when piping the data to the Podman API
+
+#### **--filename**, **-f**=**filename**
+
+Output to the given file.
+
+#### **--name**, **-n**
+
+Rename the pod or container, so that it does not conflict with the existing entity. This is helpful when the JSON is to be used before the source pod or container is deleted.
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index fc2ce171e..b733cff8d 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -1,4 +1,4 @@
-% podman-generate-systemd(1)
+% podman-generate-systemd 1
 
 ## NAME
 podman\-generate\-systemd - Generate systemd unit file(s) for a container or pod
@@ -26,7 +26,7 @@ therefore the overridden default value._
 A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template.  The template's argument is the path to the YAML file.  Given a `workload.yaml` file in the home directory, it can be executed as follows:
 
 ```
-$ escaped=$(systemd-escape ~/sysadmin.yaml)
+$ escaped=$(systemd-escape ~/workload.yaml)
 $ systemctl --user start podman-kube@$escaped.service
 $ systemctl --user is-active podman-kube@$escaped.service
 active
@@ -44,6 +44,12 @@ User-defined dependencies will be appended to the generated unit file, but any e
 
 Set the systemd unit name prefix for containers. The default is *container*.
 
+#### **--env**, **-e**=*env*
+
+Set environment variables to the systemd unit files.
+
+If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in __*__ is specified without a value, Podman will search the host environment for variables starting with the prefix and will add those variables to the systemd unit files.
+
 #### **--files**, **-f**
 
 Generate files instead of printing to stdout.  The generated files are named {container,pod}-{ID,name}.service and will be placed in the current working directory.
@@ -79,7 +85,9 @@ Set the systemd unit requires (`Requires=`) option. Similar to wants, but declar
 #### **--restart-policy**=*policy*
 
 Set the systemd restart policy.  The restart-policy must be one of: "no", "on-success", "on-failure", "on-abnormal",
-"on-watchdog", "on-abort", or "always".  The default policy is *on-failure*.
+"on-watchdog", "on-abort", or "always".  The default policy is *on-failure* unless the container was created with a custom restart policy.
+
+Note that generating a unit without `--new` on a container with a custom restart policy can lead to issues on shutdown; systemd will attempt to stop the unit while Podman tries to restart it.  It is recommended to to create the container without `--restart` and use the `--restart-policy` option instead when generating the unit file.
 
 #### **--restart-sec**=*time*
 
diff --git a/docs/source/markdown/podman-generate.1.md b/docs/source/markdown/podman-generate.1.md
index 415a53875..dab9a866b 100644
--- a/docs/source/markdown/podman-generate.1.md
+++ b/docs/source/markdown/podman-generate.1.md
@@ -1,4 +1,4 @@
-% podman-generate(1)
+% podman-generate 1
 
 ## NAME
 podman\-generate - Generate structured data based on containers, pods or volumes
@@ -13,7 +13,8 @@ The generate command will create structured output (like YAML) based on a contai
 
 | Command | Man Page                                                   | Description                                                                         |
 |---------|------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| kube    | [podman-generate-kube(1)](podman-generate-kube.1.md)       | Generate Kubernetes YAML based on containers, pods or volumes.                               |
+| kube    | [podman-kube-generate(1)](podman-kube-generate.1.md)       | Generate Kubernetes YAML based on containers, pods or volumes.                      |
+| spec    | [podman-generate-spec(1)](podman-generate-spec.1.md)       | Generate Specgen JSON based on containers or pods.                                  |
 | systemd | [podman-generate-systemd(1)](podman-generate-systemd.1.md) | Generate systemd unit file(s) for a container or pod.                               |
 
 
diff --git a/docs/source/markdown/podman-healthcheck-run.1.md b/docs/source/markdown/podman-healthcheck-run.1.md
index dbaf87a0b..b2ef3110b 100644
--- a/docs/source/markdown/podman-healthcheck-run.1.md
+++ b/docs/source/markdown/podman-healthcheck-run.1.md
@@ -1,4 +1,4 @@
-% podman-healthcheck-run(1)
+% podman-healthcheck-run 1
 
 ## NAME
 podman\-healthcheck\-run - Run a container healthcheck
diff --git a/docs/source/markdown/podman-healthcheck.1.md b/docs/source/markdown/podman-healthcheck.1.md
index eae71eba9..4caf65501 100644
--- a/docs/source/markdown/podman-healthcheck.1.md
+++ b/docs/source/markdown/podman-healthcheck.1.md
@@ -1,4 +1,4 @@
-% podman-healthcheck(1)
+% podman-healthcheck 1
 
 ## NAME
 podman\-healthcheck - Manage healthchecks for containers
diff --git a/docs/source/markdown/podman-history.1.md b/docs/source/markdown/podman-history.1.md
index d114e0523..fb186127a 100644
--- a/docs/source/markdown/podman-history.1.md
+++ b/docs/source/markdown/podman-history.1.md
@@ -1,4 +1,4 @@
-% podman-history(1)
+% podman-history 1
 
 ## NAME
 podman\-history - Show the history of an image
diff --git a/docs/source/markdown/podman-image-diff.1.md b/docs/source/markdown/podman-image-diff.1.md
index c5c62c751..0e6747ee0 100644
--- a/docs/source/markdown/podman-image-diff.1.md
+++ b/docs/source/markdown/podman-image-diff.1.md
@@ -1,4 +1,4 @@
-% podman-image-diff(1)
+% podman-image-diff 1
 
 ## NAME
 podman-image-diff - Inspect changes on an image's filesystem
diff --git a/docs/source/markdown/podman-image-exists.1.md b/docs/source/markdown/podman-image-exists.1.md
index b585d16f1..7c08205bf 100644
--- a/docs/source/markdown/podman-image-exists.1.md
+++ b/docs/source/markdown/podman-image-exists.1.md
@@ -1,4 +1,4 @@
-% podman-image-exists(1)
+% podman-image-exists 1
 
 ## NAME
 podman-image-exists - Check if an image exists in local storage
diff --git a/docs/source/markdown/podman-image-inspect.1.md b/docs/source/markdown/podman-image-inspect.1.md
index eb8d75786..7297b136f 100644
--- a/docs/source/markdown/podman-image-inspect.1.md
+++ b/docs/source/markdown/podman-image-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-image-inspect(1)
+% podman-image-inspect 1
 
 ## NAME
 podman\-image\-inspect - Display an image's configuration
diff --git a/docs/source/markdown/podman-image-mount.1.md b/docs/source/markdown/podman-image-mount.1.md
index 453266f8c..3808a4c9a 100644
--- a/docs/source/markdown/podman-image-mount.1.md
+++ b/docs/source/markdown/podman-image-mount.1.md
@@ -1,4 +1,4 @@
-% podman-image-mount(1)
+% podman-image-mount 1
 
 ## NAME
 podman\-image\-mount - Mount an image's root filesystem
diff --git a/docs/source/markdown/podman-image-prune.1.md b/docs/source/markdown/podman-image-prune.1.md
index db17f97fb..2a9d215a3 100644
--- a/docs/source/markdown/podman-image-prune.1.md
+++ b/docs/source/markdown/podman-image-prune.1.md
@@ -1,4 +1,4 @@
-% podman-image-prune(1)
+% podman-image-prune 1
 
 ## NAME
 podman-image-prune - Remove all unused images from the local store
diff --git a/docs/source/markdown/podman-image-scp.1.md b/docs/source/markdown/podman-image-scp.1.md
index b6b610a7d..b6a55bef2 100644
--- a/docs/source/markdown/podman-image-scp.1.md
+++ b/docs/source/markdown/podman-image-scp.1.md
@@ -1,4 +1,4 @@
-% podman-image-scp(1)
+% podman-image-scp 1
 
 ## NAME
 podman-image-scp - Securely copy an image from one host to another
diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md.in
index 035e10743..580f7e6dc 100644
--- a/docs/source/markdown/podman-image-sign.1.md
+++ b/docs/source/markdown/podman-image-sign.1.md.in
@@ -1,4 +1,4 @@
-% podman-image-sign(1)
+% podman-image-sign 1
 
 ## NAME
 podman-image-sign - Create a signature for an image
@@ -19,17 +19,9 @@ By default, the signature will be written into `/var/lib/containers/sigstore` fo
 
 Sign all the manifests of the multi-architecture image (default false).
 
-#### **--authfile**=*path*
+@@option authfile
 
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
-
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option cert-dir
 
 #### **--directory**, **-d**=*dir*
 
diff --git a/docs/source/markdown/podman-image-tree.1.md b/docs/source/markdown/podman-image-tree.1.md
index 78f1b1004..28eaf0609 100644
--- a/docs/source/markdown/podman-image-tree.1.md
+++ b/docs/source/markdown/podman-image-tree.1.md
@@ -1,4 +1,4 @@
-% podman-image-tree(1)
+% podman-image-tree 1
 
 ## NAME
 podman\-image\-tree - Prints layer hierarchy of an image in a tree format
diff --git a/docs/source/markdown/podman-image-trust.1.md b/docs/source/markdown/podman-image-trust.1.md
index 4e80bdcf5..9dce3d890 100644
--- a/docs/source/markdown/podman-image-trust.1.md
+++ b/docs/source/markdown/podman-image-trust.1.md
@@ -1,4 +1,4 @@
-% podman-image-trust(1)
+% podman-image-trust 1
 
 ## NAME
 podman\-image\-trust - Manage container registry image trust policy
@@ -32,7 +32,8 @@ Trust **type** provides a way to:
 
 Allowlist ("accept") or
 Denylist ("reject") registries or
-Require signature (“signedBy�).
+Require a simple signing signature (“signedBy�),
+Require a sigstore signature ("sigstoreSigned").
 
 Trust may be updated using the command **podman image trust set** for an existing trust scope.
 
@@ -45,12 +46,14 @@ Trust may be updated using the command **podman image trust set** for an existin
 #### **--pubkeysfile**, **-f**=*KEY1*
   A path to an exported public key on the local system. Key paths
   will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to
-  require an image be signed by multiple keys.  The **--pubkeysfile** option is required for the **signedBy** type.
+  require an image be signed by multiple keys.  The **--pubkeysfile** option is required for the **signedBy** and **sigstoreSigned** types.
 
 #### **--type**, **-t**=*value*
   The trust type for this policy entry.
   Accepted values:
-    **signedBy** (default): Require signatures with corresponding list of
+    **signedBy** (default): Require simple signing signatures with corresponding list of
+                        public keys
+    **sigstoreSigned**: Require sigstore signatures with corresponding list of
                         public keys
     **accept**: do not require any signatures for this
             registry scope
diff --git a/docs/source/markdown/podman-image-unmount.1.md b/docs/source/markdown/podman-image-unmount.1.md
index 394811bd4..bffb5ff1d 100644
--- a/docs/source/markdown/podman-image-unmount.1.md
+++ b/docs/source/markdown/podman-image-unmount.1.md
@@ -1,4 +1,4 @@
-% podman-image-unmount(1)
+% podman-image-unmount 1
 
 ## NAME
 podman\-image\-unmount - Unmount an image's root filesystem
diff --git a/docs/source/markdown/podman-image.1.md b/docs/source/markdown/podman-image.1.md
index 356369007..a74890cf2 100644
--- a/docs/source/markdown/podman-image.1.md
+++ b/docs/source/markdown/podman-image.1.md
@@ -1,4 +1,4 @@
-% podman-image(1)
+% podman-image 1
 
 ## NAME
 podman\-image - Manage images
diff --git a/docs/source/markdown/podman-images.1.md b/docs/source/markdown/podman-images.1.md
index 923b22f1b..63e447960 100644
--- a/docs/source/markdown/podman-images.1.md
+++ b/docs/source/markdown/podman-images.1.md
@@ -1,14 +1,14 @@
-% podman-images(1)
+% podman-images 1
 
 ## NAME
 podman\-images - List images in local storage
 
 ## SYNOPSIS
-**podman images** [*options*]
+**podman images** [*options*] [image]
 
-**podman image list** [*options*]
+**podman image list** [*options*] [image]
 
-**podman image ls** [*options*]
+**podman image ls** [*options*] [image]
 
 ## DESCRIPTION
 Displays locally stored images, their names, and their IDs.
@@ -107,15 +107,22 @@ Sort by *created*, *id*, *repository*, *size* or *tag* (default: **created**)
 ## EXAMPLE
 
 ```
-# podman images
-REPOSITORY                                   TAG      IMAGE ID       CREATED       SIZE
-docker.io/kubernetes/pause                   latest   e3d42bcaf643   3 years ago   251 kB
-<none>                                       <none>   ebb91b73692b   4 weeks ago   27.2 MB
-docker.io/library/ubuntu                     latest   4526339ae51c   6 weeks ago   126 MB
+$ podman images
+REPOSITORY                         TAG         IMAGE ID      CREATED       SIZE
+quay.io/podman/stable              latest      e0b7dabc3352  22 hours ago  331 MB
+docker.io/library/alpine           latest      9c6f07244728  5 days ago    5.83 MB
+registry.fedoraproject.org/fedora  latest      2ecb6df95994  3 weeks ago   169 MB
+quay.io/libpod/testimage           20220615    f26aa69bb3f3  2 months ago  8.4 MB
+```
+
+```
+$ podman images stable
+REPOSITORY             TAG         IMAGE ID      CREATED       SIZE
+quay.io/podman/stable  latest      e0b7dabc3352  22 hours ago  331 MB
 ```
 
 ```
-# podman images --quiet
+# podman image ls --quiet
 e3d42bcaf643
 ebb91b73692b
 4526339ae51c
@@ -129,7 +136,7 @@ docker.io/library/ubuntu                     latest   4526339ae51c   6 weeks ago
 ```
 
 ```
-# podman images --no-trunc
+# podman image list --no-trunc
 REPOSITORY                                   TAG      IMAGE ID                                                                  CREATED       SIZE
 docker.io/kubernetes/pause                   latest   sha256:e3d42bcaf643097dd1bb0385658ae8cbe100a80f773555c44690d22c25d16b27   3 years ago   251 kB
 <none>                                       <none>   sha256:ebb91b73692bd27890685846412ae338d13552165eacf7fcd5f139bfa9c2d6d9   4 weeks ago   27.2 MB
diff --git a/docs/source/markdown/podman-import.1.md b/docs/source/markdown/podman-import.1.md
index 8d482b961..60b34013c 100644
--- a/docs/source/markdown/podman-import.1.md
+++ b/docs/source/markdown/podman-import.1.md
@@ -1,4 +1,4 @@
-% podman-import(1)
+% podman-import 1
 
 ## NAME
 podman\-import - Import a tarball and save it as a filesystem image
diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md
index 347d8d27b..f892c2d7d 100644
--- a/docs/source/markdown/podman-info.1.md
+++ b/docs/source/markdown/podman-info.1.md
@@ -1,4 +1,4 @@
-% podman-info(1)
+% podman-info 1
 
 ## NAME
 podman\-info - Displays Podman related system information
@@ -15,14 +15,20 @@ Displays information pertinent to the host, current storage stats, configured co
 
 ## OPTIONS
 
-#### **--debug**, **-D**
-
-Show additional information
-
 #### **--format**, **-f**=*format*
 
 Change output format to "json" or a Go template.
 
+| **Placeholder**     | **Info pertaining to ...**              |
+| ------------------- | --------------------------------------- |
+| .Host ...           | ...the host on which podman is running  |
+| .Plugins ...        | ...external plugins                     |
+| .Registries ...     | ...configured registries                |
+| .Store ...          | ...the storage driver and paths         |
+| .Version ...        | ...podman version                       |
+
+Each of the above branch out into further subfields, more than can
+reasonably be enumerated in this document.
 
 ## EXAMPLES
 
diff --git a/docs/source/markdown/podman-init.1.md b/docs/source/markdown/podman-init.1.md
index 9525f610c..019e3d4a7 100644
--- a/docs/source/markdown/podman-init.1.md
+++ b/docs/source/markdown/podman-init.1.md
@@ -1,4 +1,4 @@
-% podman-init(1)
+% podman-init 1
 
 ## NAME
 podman\-init - Initialize one or more containers
diff --git a/docs/source/markdown/podman-inspect.1.md b/docs/source/markdown/podman-inspect.1.md
index a67604ab5..ddd7ec972 100644
--- a/docs/source/markdown/podman-inspect.1.md
+++ b/docs/source/markdown/podman-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-inspect(1)
+% podman-inspect 1
 
 ## NAME
 podman\-inspect - Display a container, image, volume, network, or pod's configuration
diff --git a/docs/source/markdown/podman-kill.1.md b/docs/source/markdown/podman-kill.1.md.in
index a4f80ac81..852784caf 100644
--- a/docs/source/markdown/podman-kill.1.md
+++ b/docs/source/markdown/podman-kill.1.md.in
@@ -1,4 +1,4 @@
-% podman-kill(1)
+% podman-kill 1
 
 ## NAME
 podman\-kill - Kill the main process in one or more containers
@@ -16,19 +16,14 @@ The main process inside each container specified will be sent SIGKILL, or any si
 
 Signal all running and paused containers.
 
-#### **--cidfile**
-
-Read container ID from the specified file and remove the container.  Can be specified multiple times.
+@@option cidfile.read
 
 #### **--latest**, **-l**
 
 Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
 to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--signal**, **-s**
-
-Signal to send to the container. For more information on Linux signals, refer to *man signal(7)*.
-
+@@option signal
 
 ## EXAMPLE
 
diff --git a/docs/source/markdown/podman-kube-down.1.md b/docs/source/markdown/podman-kube-down.1.md
new file mode 100644
index 000000000..898188d2b
--- /dev/null
+++ b/docs/source/markdown/podman-kube-down.1.md
@@ -0,0 +1,64 @@
+% podman-kube-down 1
+
+## NAME
+podman-kube-down - Remove containers and pods based on Kubernetes YAML
+
+## SYNOPSIS
+**podman kube down** *file.yml|-|https://website.io/file.yml*
+
+## DESCRIPTION
+**podman kube down** reads a specified Kubernetes YAML file, tearing down pods that were created by the `podman kube play` command via the same Kubernetes YAML
+file. Any volumes that were created by the previous `podman kube play` command remain intact. If the YAML file is specified as `-`, `podman kube down` reads the
+YAML from stdin. The input can also be a URL that points to a YAML file such as https://podman.io/demo.yml. `podman kube down` will then teardown the pods and
+containers created by `podman kube play` via the same Kubernetes YAML from the URL. However, `podman kube down` will not work with a URL if the YAML file the URL
+points to has been changed or altered since the creation of the pods and containers using `podman kube play`.
+
+## EXAMPLES
+
+Example YAML file `demo.yml`:
+```
+apiVersion: v1
+kind: Pod
+metadata:
+...
+spec:
+  containers:
+  - command:
+    - top
+    - name: container
+      value: podman
+    image: foobar
+...
+```
+
+Remove the pod and containers as described in the `demo.yml` file
+```
+$ podman kube down demo.yml
+Pods stopped:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+Pods removed:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+```
+
+Remove the pod and containers as described in the `demo.yml` file YAML sent to stdin
+```
+$ cat demo.yml | podman kube play -
+Pods stopped:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+Pods removed:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+```
+
+Remove the pods and containers as described in the `demo.yml` file YAML read from a URL
+```
+$ podman kube down https://podman.io/demo.yml
+Pods stopped:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+Pods removed:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+```
+`podman kube down` will not work with a URL if the YAML file the URL points to has been changed
+or altered since it was used to create the pods and containers.
+
+## SEE ALSO
+**[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **[podman-kube-generate(1)](podman-kube-generate.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**
diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-kube-generate.1.md
index bd7bc711c..f46f86de6 100644
--- a/docs/source/markdown/podman-generate-kube.1.md
+++ b/docs/source/markdown/podman-kube-generate.1.md
@@ -1,12 +1,12 @@
-% podman-generate-kube(1)
+-% podman-kube-generate(1)
 ## NAME
-podman-generate-kube - Generate Kubernetes YAML based on containers, pods or volumes
+podman-kube-generate - Generate Kubernetes YAML based on containers, pods or volumes
 
 ## SYNOPSIS
-**podman generate kube** [*options*] *container...* | *pod...* | *volume...*
+**podman kube generate** [*options*] *container...* | *pod...* | *volume...*
 
 ## DESCRIPTION
-**podman generate kube** will generate Kubernetes YAML (v1 specification) from Podman containers, pods or volumes. Regardless of whether
+**podman kube generate** will generate Kubernetes YAML (v1 specification) from Podman containers, pods or volumes. Regardless of whether
 the input is for containers or pods, Podman will always generate the specification as a Pod. The input may be in the form
 of one or more containers, pods or volumes names or IDs.
 
@@ -32,7 +32,7 @@ Note that the generated Kubernetes YAML file can be used to re-run the deploymen
 
 #### **--filename**, **-f**=*filename*
 
-Output to the given file, instead of STDOUT. If the file already exists, `generate kube` will refuse to replace it and return an error.
+Output to the given file, instead of STDOUT. If the file already exists, `kube generate` will refuse to replace it and return an error.
 
 #### **--service**, **-s**
 
@@ -43,7 +43,7 @@ random port is assigned by Podman in the specification.
 
 Create Kubernetes Pod YAML for a container called `some-mariadb`.
 ```
-$ sudo podman generate kube some-mariadb
+$ sudo podman kube generate some-mariadb
 # Save the output of this file and use kubectl create -f to import
 # it into Kubernetes.
 #
@@ -91,7 +91,7 @@ status: {}
 
 Create Kubernetes Pod YAML for a container with the directory `/home/user/my-data` on the host bind-mounted in the container to `/volume`.
 ```
-$ podman generate kube my-container-with-bind-mounted-data
+$ podman kube generate my-container-with-bind-mounted-data
 # Save the output of this file and use kubectl create -f to import
 # it into Kubernetes.
 #
@@ -130,7 +130,7 @@ status: {}
 
 Create Kubernetes Pod YAML for a container with the named volume `priceless-data` mounted in the container at `/volume`.
 ```
-$ podman generate kube my-container-using-priceless-data
+$ podman kube generate my-container-using-priceless-data
 # Save the output of this file and use kubectl create -f to import
 # it into Kubernetes.
 #
@@ -168,7 +168,7 @@ status: {}
 
 Create Kubernetes Pod YAML for a pod called `demoweb` and include a service.
 ```
-$ sudo podman generate kube -s demoweb
+$ sudo podman kube generate -s demoweb
 # Save the output of this file and use kubectl create -f to import
 # it into Kubernetes.
 #
@@ -213,7 +213,7 @@ status:
 ```
 
 ## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**
+**[podman(1)](podman.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **[podman-kube-down(1)](podman-kube-down.1.md)**
 
 ## HISTORY
 December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/source/markdown/podman-kube-play.1.md b/docs/source/markdown/podman-kube-play.1.md.in
index 25248ce99..3bbe8113a 100644
--- a/docs/source/markdown/podman-kube-play.1.md
+++ b/docs/source/markdown/podman-kube-play.1.md.in
@@ -1,16 +1,17 @@
-% podman-kube-play(1)
+% podman-kube-play 1
 
 ## NAME
-podman-kube-play - Create containers, pods or volumes based on Kubernetes YAML
+podman-kube-play - Create containers, pods and volumes based on Kubernetes YAML
 
 ## SYNOPSIS
-**podman kube play** [*options*] *file.yml|-*
+**podman kube play** [*options*] *file.yml|-|https://website.io/file.yml*
 
 ## DESCRIPTION
 **podman kube play** will read in a structured file of Kubernetes YAML.  It will then recreate the containers, pods or volumes described in the YAML.  Containers within a pod are then started and the ID of the new Pod or the name of the new Volume is output. If the yaml file is specified as "-" then `podman kube play` will read the YAML file from stdin.
 Using the `--down` command line option, it is also capable of tearing down the pods created by a previous run of `podman kube play`.
 Using the `--replace` command line option, it will tear down the pods(if any) created by a previous run of `podman kube play` and recreate the pods with the Kubernetes YAML file.
-Ideally the input file would be one created by Podman (see podman-generate-kube(1)).  This would guarantee a smooth import and expected results.
+Ideally the input file would be one created by Podman (see podman-kube-generate(1)).  This would guarantee a smooth import and expected results.
+The input can also be a URL that points to a YAML file such as https://podman.io/demo.yml. `podman kube play` will read the YAML from the URL and create pods and containers from it.
 
 Currently, the supported Kubernetes kinds are:
 - Pod
@@ -20,7 +21,7 @@ Currently, the supported Kubernetes kinds are:
 
 `Kubernetes Pods or Deployments`
 
-Only two volume types are supported by kube play, the *hostPath* and *persistentVolumeClaim* volume types. For the *hostPath* volume type, only the  *default (empty)*, *DirectoryOrCreate*, *Directory*, *FileOrCreate*, *File*, *Socket*, *CharDevice* and *BlockDevice* subtypes are supported. Podman interprets the value of *hostPath* *path* as a file path when it contains at least one forward slash, otherwise Podman treats the value as the name of a named volume. When using a *persistentVolumeClaim*, the value for *claimName* is the name for the Podman named volume.
+Only three volume types are supported by kube play, the *hostPath*, *emptyDir*, and *persistentVolumeClaim* volume types. For the *hostPath* volume type, only the  *default (empty)*, *DirectoryOrCreate*, *Directory*, *FileOrCreate*, *File*, *Socket*, *CharDevice* and *BlockDevice* subtypes are supported. Podman interprets the value of *hostPath* *path* as a file path when it contains at least one forward slash, otherwise Podman treats the value as the name of a named volume. When using a *persistentVolumeClaim*, the value for *claimName* is the name for the Podman named volume. When using an *emptyDir* volume, podman creates an anonymous volume that is attached the containers running inside the pod and is deleted once the pod is removed.
 
 Note: When playing a kube YAML with init containers, the init container will be created with init type value `once`. To change the default type, use the `io.podman.annotations.init.container.type` annotation to set the type to `always`.
 
@@ -30,6 +31,9 @@ Note: If the `:latest` tag is used, Podman will attempt to pull the image from a
 
 Note: The command `podman play kube` is an alias of `podman kube play`, and will perform the same function.
 
+Note: The command `podman kube down` can be used to stop and remove pods or containers based on the same Kubernetes YAML used
+by `podman kube play` to create them.
+
 `Kubernetes PersistentVolumeClaims`
 
 A Kubernetes PersistentVolumeClaim represents a Podman named volume. Only the PersistentVolumeClaim name is required by Podman to create a volume. Kubernetes annotations can be used to make use of the available options for Podman volumes.
@@ -107,27 +111,15 @@ and as a result environment variable `FOO` will be set to `bar` for container `c
 
 ## OPTIONS
 
-#### **--annotation**=*key=value*
-
-Add an annotation to the container or pod. The format is key=value.
-The **--annotation** option can be set multiple times.
-
-#### **--authfile**=*path*
+@@option annotation.container
 
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
-If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
+@@option authfile
 
 #### **--build**
 
 Build images even if they are found in the local storage. Use `--build=false` to completely disable builds. (This option is not available with the remote Podman client)
 
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option cert-dir
 
 #### **--configmap**=*path*
 
@@ -139,16 +131,7 @@ Note: The *--configmap* option can be used multiple times or a comma-separated l
 
 Use *path* as the build context directory for each image. Requires --build option be true. (This option is not available with the remote Podman client)
 
-#### **--creds**
-
-The [username[:password]] to use to authenticate with the registry if required.
-If one or both values are not supplied, a command line prompt will appear and the
-value can be entered.  The password is entered without echo.
-
-#### **--down**
-
-Tears down the pods that were created by a previous run of `kube play`.  The pods are stopped and then
-removed.  Any volumes created are left intact.
+@@option creds
 
 #### **--help**, **-h**
 
@@ -204,7 +187,7 @@ Valid _mode_ values are:
 - **ns:**_path_: Path to a network namespace to join.
 - **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
 - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
-  - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+  - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false.
   - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
   - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
   - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
@@ -216,11 +199,8 @@ Valid _mode_ values are:
   Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
   - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
 
-#### **--no-hosts**
+@@option no-hosts
 
-Do not create /etc/hosts for the pod.
-By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **--add-host**.
-**--no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified.
 This option conflicts with host added in the Kubernetes YAML.
 
 #### **--quiet**, **-q**
@@ -239,51 +219,9 @@ Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (This
 
 Start the pod after creating it, set to false to only create it.
 
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
-then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
-TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
-
-#### **--userns**=*mode*
-
-Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options.
-
-Rootless user --userns=Key mappings:
-
-Key       | Host User |  Container User
-----------|---------------|---------------------
-""        |$UID           |0 (Default User account mapped to root user in container.)
-keep-id   |$UID           |$UID (Map user account to same UID within container.)
-auto      |$UID           | nil (Host User UID is not mapped into container.)
-nomap     |$UID           | nil (Host User UID is not mapped into container.)
-
-Valid _mode_ values are:
-
-**auto**[:_OPTIONS,..._]: automatically create a unique user namespace.
-
-The `--userns=auto` flag, requires that the user name `containers` and a range of subordinate user ids that the Podman container is allowed to use be specified in the /etc/subuid and /etc/subgid files.
-
-Example: `containers:2147483647:2147483648`.
-
-Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode
-
-  Valid `auto` options:
-
-  - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace.
-  - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
-  - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace.
-
-**container:**_id_: join the user namespace of the specified container.
-
-**host**: create a new namespace for the container.
-
-**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is not allowed for containers created by the root user.
-
-**nomap**: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is not allowed for containers created by the root user.
-
-**ns:**_namespace_: run the pod in the given existing user namespace.
+@@option tls-verify
 
+@@option userns.container
 ## EXAMPLES
 
 Recreate the pod and containers as described in a file called `demo.yml`
@@ -321,11 +259,23 @@ Create a pod connected to two networks (called net1 and net2) with a static ip
 $ podman kube play demo.yml --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10
 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
 ```
-
 Please take into account that networks must be created first using podman-network-create(1).
 
-## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-network-create(1)](podman-network-create.1.md)**, **[podman-generate-kube(1)](podman-generate-kube.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**
+Create and teardown from a URL pointing to a YAML file
+```
+$ podman kube play https://podman.io/demo.yml
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
 
-## HISTORY
-December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
+$ podman kube play --down https://podman.io/demo.yml
+Pods stopped:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+Pods removed:
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+```
+`podman kube play --down` will not work with a URL if the YAML file the URL points to
+has been changed or altered.
+
+
+
+## SEE ALSO
+**[podman(1)](podman.1.md)**, **[podman-kube(1)](podman-kube.1.md)**, **[podman-kube-down(1)](podman-kube-down.1.md)**, **[podman-network-create(1)](podman-network-create.1.md)**, **[podman-kube-generate(1)](podman-kube-generate.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**
diff --git a/docs/source/markdown/podman-kube.1.md b/docs/source/markdown/podman-kube.1.md
index f815ffae2..f70a61f47 100644
--- a/docs/source/markdown/podman-kube.1.md
+++ b/docs/source/markdown/podman-kube.1.md
@@ -1,4 +1,4 @@
-% podman-kube(1)
+% podman-kube 1
 
 ## NAME
 podman\-kube - Play containers, pods or volumes based on a structured input file
@@ -12,9 +12,14 @@ file input.  Containers will be automatically started.
 
 ## COMMANDS
 
-| Command  | Man Page                                            | Description                                                                  |
-| -------  | --------------------------------------------------- | ---------------------------------------------------------------------------- |
-| play     | [podman-kube-play(1)](podman-kube-play.1.md)        | Create containers, pods or volumes based on Kubernetes YAML.                         |
+| Command  | Man Page                                             | Description                                                                   |
+| -------  | ---------------------------------------------------- | ----------------------------------------------------------------------------- |
+| down     | [podman-kube-down(1)](podman-kube-down.1.md)         | Remove containers and pods based on Kubernetes YAML.                          |
+| generate | [podman-kube-generate(1)](podman-kube-generate.1.md) | Generate Kubernetes YAML based on containers, pods or volumes.                |
+| play     | [podman-kube-play(1)](podman-kube-play.1.md)         | Create containers, pods and volumes based on Kubernetes YAML.                 |
 
 ## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-generate(1)](podman-generate.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**
+**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-container(1)](podman-container.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **[podman-kube-down(1)](podman-kube-down.1.md)**, **[podman-kube-generate(1)](podman-kube-generate.1.md)**
+
+## HISTORY
+December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/source/markdown/podman-load.1.md b/docs/source/markdown/podman-load.1.md
index ad32df854..8d0efb1a4 100644
--- a/docs/source/markdown/podman-load.1.md
+++ b/docs/source/markdown/podman-load.1.md
@@ -1,4 +1,4 @@
-% podman-load(1)
+% podman-load 1
 
 ## NAME
 podman\-load - Load image(s) from a tar archive into container storage
diff --git a/docs/source/markdown/podman-login.1.md b/docs/source/markdown/podman-login.1.md.in
index c84b0cc99..63798ed99 100644
--- a/docs/source/markdown/podman-login.1.md
+++ b/docs/source/markdown/podman-login.1.md.in
@@ -1,4 +1,4 @@
-% podman-login(1)
+% podman-login 1
 
 ## NAME
 podman\-login - Login to a container registry
@@ -28,17 +28,9 @@ For more details about format and configurations of the auth.json file, please r
 
 ## OPTIONS
 
-#### **--authfile**=*path*
+@@option authfile
 
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json.
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
-
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option cert-dir
 
 #### **--get-login**
 
@@ -56,11 +48,7 @@ Password for registry
 
 Take the password from stdin
 
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
-then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
-TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
+@@option tls-verify
 
 #### **--username**, **-u**=*username*
 
diff --git a/docs/source/markdown/podman-logout.1.md b/docs/source/markdown/podman-logout.1.md.in
index 96ac98f35..0f4180416 100644
--- a/docs/source/markdown/podman-logout.1.md
+++ b/docs/source/markdown/podman-logout.1.md.in
@@ -1,4 +1,4 @@
-% podman-logout(1)
+% podman-logout 1
 
 ## NAME
 podman\-logout - Logout of a container registry
@@ -25,12 +25,7 @@ All the cached credentials can be removed by setting the **all** flag.
 
 Remove the cached credentials for all registries in the auth file
 
-#### **--authfile**=*path*
-
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json.
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
+@@option authfile
 
 #### **--help**, **-h**
 
diff --git a/docs/source/markdown/podman-logs.1.md b/docs/source/markdown/podman-logs.1.md.in
index 6ce6c3812..63144bec3 100644
--- a/docs/source/markdown/podman-logs.1.md
+++ b/docs/source/markdown/podman-logs.1.md.in
@@ -1,4 +1,4 @@
-% podman-logs(1)
+% podman-logs 1
 
 ## NAME
 podman\-logs - Display the logs of one or more containers
@@ -15,49 +15,24 @@ any logs at the time you execute podman logs).
 
 ## OPTIONS
 
-#### **--color**
+@@option color
 
-Output the containers with different colors in the log.
-
-#### **--follow**, **-f**
-
-Follow log output.  Default is false.
-
-Note: If you are following a container which is removed `podman container rm`
-or removed on exit `podman run --rm ...`, then there is a chance that the log
-file will be removed before `podman logs` reads the final content.
+@@option follow
 
 #### **--latest**, **-l**
 
 Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
 to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--names**, **-n**
-
-Output the container name in the log
-
-#### **--since**=*TIMESTAMP*
-
-Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration
-strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
-time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
-and 2006-01-02.
-
-#### **--tail**=*LINES*
-
-Output the specified number of LINES at the end of the logs.  LINES must be an integer.  Defaults to -1,
-which prints all lines
+@@option names
 
-#### **--timestamps**, **-t**
+@@option since
 
-Show timestamps in the log outputs.  The default is false
+@@option tail
 
-#### **--until**=*TIMESTAMP*
+@@option timestamps
 
-Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
-strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
-time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
-and 2006-01-02.
+@@option until
 
 ## EXAMPLE
 
diff --git a/docs/source/markdown/podman-machine-info.1.md b/docs/source/markdown/podman-machine-info.1.md
index 926d3d8b3..cdb8c7295 100644
--- a/docs/source/markdown/podman-machine-info.1.md
+++ b/docs/source/markdown/podman-machine-info.1.md
@@ -1,4 +1,4 @@
-% podman-machine-info(1)
+% podman-machine-info 1
 
 ## NAME
 podman\-machine\-info - Display machine host info
diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md
index 07273a111..7a23faf59 100644
--- a/docs/source/markdown/podman-machine-init.1.md
+++ b/docs/source/markdown/podman-machine-init.1.md
@@ -1,4 +1,4 @@
-% podman-machine-init(1)
+% podman-machine-init 1
 
 ## NAME
 podman\-machine\-init - Initialize a new virtual machine
@@ -76,6 +76,12 @@ Set the timezone for the machine and containers.  Valid values are `local` or
 a `timezone` such as `America/Chicago`.  A value of `local`, which is the default,
 means to use the timezone of the machine host.
 
+#### **--username**
+
+Username to use for executing commands in remote VM. Default value is `core`
+for FCOS and `user` for Fedora (default on Windows hosts). Should match the one
+used inside the resulting VM image.
+
 #### **--volume**, **-v**=*source:target[:options]*
 
 Mounts a volume from source to target.
diff --git a/docs/source/markdown/podman-machine-inspect.1.md b/docs/source/markdown/podman-machine-inspect.1.md
index 29cd775c2..79611f65d 100644
--- a/docs/source/markdown/podman-machine-inspect.1.md
+++ b/docs/source/markdown/podman-machine-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-machine-inspect(1)
+% podman-machine-inspect 1
 
 ## NAME
 podman\-machine\-inspect - Inspect one or more virtual machines
diff --git a/docs/source/markdown/podman-machine-list.1.md b/docs/source/markdown/podman-machine-list.1.md
index a25aae090..351e8cf1b 100644
--- a/docs/source/markdown/podman-machine-list.1.md
+++ b/docs/source/markdown/podman-machine-list.1.md
@@ -1,4 +1,4 @@
-% podman-machine-ls(1)
+% podman-machine-ls 1
 
 ## NAME
 podman\-machine\-list - List virtual machines
diff --git a/docs/source/markdown/podman-machine-rm.1.md b/docs/source/markdown/podman-machine-rm.1.md
index d90b615ce..43c9d5813 100644
--- a/docs/source/markdown/podman-machine-rm.1.md
+++ b/docs/source/markdown/podman-machine-rm.1.md
@@ -1,4 +1,4 @@
-% podman-machine-rm(1)
+% podman-machine-rm 1
 
 ## NAME
 podman\-machine\-rm - Remove a virtual machine
diff --git a/docs/source/markdown/podman-machine-set.1.md b/docs/source/markdown/podman-machine-set.1.md
index 52338cedb..a5ca5033e 100644
--- a/docs/source/markdown/podman-machine-set.1.md
+++ b/docs/source/markdown/podman-machine-set.1.md
@@ -1,4 +1,4 @@
-% podman-machine-set(1)
+% podman-machine-set 1
 
 ## NAME
 podman\-machine\-set - Sets a virtual machine setting
diff --git a/docs/source/markdown/podman-machine-ssh.1.md b/docs/source/markdown/podman-machine-ssh.1.md
index 5432f0e9f..2d827df3d 100644
--- a/docs/source/markdown/podman-machine-ssh.1.md
+++ b/docs/source/markdown/podman-machine-ssh.1.md
@@ -1,4 +1,4 @@
-% podman-machine-ssh(1)
+% podman-machine-ssh 1
 
 ## NAME
 podman\-machine\-ssh - SSH into a virtual machine
diff --git a/docs/source/markdown/podman-machine-start.1.md b/docs/source/markdown/podman-machine-start.1.md
index b92494dda..aa356a374 100644
--- a/docs/source/markdown/podman-machine-start.1.md
+++ b/docs/source/markdown/podman-machine-start.1.md
@@ -1,4 +1,4 @@
-% podman-machine-start(1)
+% podman-machine-start 1
 
 ## NAME
 podman\-machine\-start - Start a virtual machine
diff --git a/docs/source/markdown/podman-machine-stop.1.md b/docs/source/markdown/podman-machine-stop.1.md
index 29f3e81f4..6ec4ba989 100644
--- a/docs/source/markdown/podman-machine-stop.1.md
+++ b/docs/source/markdown/podman-machine-stop.1.md
@@ -1,4 +1,4 @@
-% podman-machine-stop(1)
+% podman-machine-stop 1
 
 ## NAME
 podman\-machine\-stop - Stop a virtual machine
diff --git a/docs/source/markdown/podman-machine.1.md b/docs/source/markdown/podman-machine.1.md
index 6197b8d4e..a3d04c776 100644
--- a/docs/source/markdown/podman-machine.1.md
+++ b/docs/source/markdown/podman-machine.1.md
@@ -1,4 +1,4 @@
-% podman-machine(1)
+% podman-machine 1
 
 ## NAME
 podman\-machine - Manage Podman's virtual machine
diff --git a/docs/source/markdown/podman-manifest-add.1.md b/docs/source/markdown/podman-manifest-add.1.md.in
index 5aa7f8341..6a9df69b4 100644
--- a/docs/source/markdown/podman-manifest-add.1.md
+++ b/docs/source/markdown/podman-manifest-add.1.md.in
@@ -1,4 +1,4 @@
-% podman-manifest-add(1)
+% podman-manifest-add 1
 
 ## NAME
 podman\-manifest\-add - Add an image to a manifest list or image index
@@ -33,24 +33,11 @@ the image.  If *imageName* refers to a manifest list or image index, the
 architecture information will be retrieved from it.  Otherwise, it will be
 retrieved from the image's configuration information.
 
-#### **--authfile**=*path*
+@@option authfile
 
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
-If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
+@@option cert-dir
 
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
-
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--creds**=*creds*
-
-The [username[:password]] to use to authenticate with the registry if required.
-If one or both values are not supplied, a command line prompt will appear and the
-value can be entered.  The password is entered without echo.
+@@option creds
 
 #### **--features**
 
@@ -69,9 +56,7 @@ configuration information.
 Specify the OS version which the list or index records as a requirement for the
 image.  This option is rarely used.
 
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when talking to container registries (defaults to true).
+@@option tls-verify
 
 #### **--variant**
 
diff --git a/docs/source/markdown/podman-manifest-annotate.1.md b/docs/source/markdown/podman-manifest-annotate.1.md
index 36c35c7c8..a6f82aa9a 100644
--- a/docs/source/markdown/podman-manifest-annotate.1.md
+++ b/docs/source/markdown/podman-manifest-annotate.1.md
@@ -1,4 +1,4 @@
-% podman-manifest-annotate(1)
+% podman-manifest-annotate 1
 
 ## NAME
 podman\-manifest\-annotate - Add or update information about an entry in a manifest list or image index
diff --git a/docs/source/markdown/podman-manifest-create.1.md b/docs/source/markdown/podman-manifest-create.1.md.in
index 77a4b9db6..6ebf8a055 100644
--- a/docs/source/markdown/podman-manifest-create.1.md
+++ b/docs/source/markdown/podman-manifest-create.1.md.in
@@ -1,4 +1,4 @@
-% podman-manifest-create(1)
+% podman-manifest-create 1
 
 ## NAME
 podman\-manifest\-create - Create a manifest list or image index
@@ -22,11 +22,21 @@ If any of the images which should be added to the new list or index are
 themselves lists or indexes, add all of their contents.  By default, only one
 image from such a list will be added to the newly-created list or index.
 
+#### **--amend**, **-a**
+
+If a manifest list named *listnameorindexname* already exists, modify the
+preexisting list instead of exiting with an error.  The contents of
+*listnameorindexname* are not modified if no *imagename*s are given.
+
+@@option tls-verify
+
 ## EXAMPLES
 
 ```
 podman manifest create mylist:v1.11
 9cfd24048d5fc80903f088f1531a21bff01172abe66effa8941a4c2308dc745f
+podman manifest create --amend mylist:v1.11
+9cfd24048d5fc80903f088f1531a21bff01172abe66effa8941a4c2308dc745f
 ```
 
 ```
diff --git a/docs/source/markdown/podman-manifest-exists.1.md b/docs/source/markdown/podman-manifest-exists.1.md
index dd344046d..b87559f8b 100644
--- a/docs/source/markdown/podman-manifest-exists.1.md
+++ b/docs/source/markdown/podman-manifest-exists.1.md
@@ -1,4 +1,4 @@
-% podman-manifest-exists(1)
+% podman-manifest-exists 1
 
 ## NAME
 podman\-manifest\-exists - Check if the given manifest list exists in local storage
diff --git a/docs/source/markdown/podman-manifest-inspect.1.md b/docs/source/markdown/podman-manifest-inspect.1.md
index b2c6b1935..4b7fc3a40 100644
--- a/docs/source/markdown/podman-manifest-inspect.1.md
+++ b/docs/source/markdown/podman-manifest-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-manifest-inspect(1)
+% podman-manifest-inspect 1
 
 ## NAME
 podman\-manifest\-inspect - Display a manifest list or image index
diff --git a/docs/source/markdown/podman-manifest-push.1.md b/docs/source/markdown/podman-manifest-push.1.md.in
index 649315270..fe0a534c9 100644
--- a/docs/source/markdown/podman-manifest-push.1.md
+++ b/docs/source/markdown/podman-manifest-push.1.md.in
@@ -1,4 +1,4 @@
-% podman-manifest-push(1)
+% podman-manifest-push 1
 
 ## NAME
 podman\-manifest\-push - Push a manifest list or image index to a registry
@@ -19,32 +19,17 @@ The list image's ID and the digest of the image's manifest.
 Push the images mentioned in the manifest list or image index, in addition to
 the list or index itself. (Default true)
 
-#### **--authfile**=*path*
+@@option authfile
 
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
-If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
-
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option cert-dir
 
 #### **--compression-format**=**gzip** | *zstd* | *zstd:chunked*
 
 Specifies the compression format to use.  Supported values are: `gzip`, `zstd` and `zstd:chunked`.  The default is `gzip` unless overridden in the containers.conf file.
 
-#### **--creds**=*creds*
-
-The [username[:password]] to use to authenticate with the registry if required.
-If one or both values are not supplied, a command line prompt will appear and the
-value can be entered.  The password is entered without echo.
+@@option creds
 
-#### **--digestfile**=*Digestfile*
-
-After copying the image, write the digest of the resulting image to the file.
+@@option digestfile
 
 #### **--format**, **-f**=*format*
 
@@ -64,11 +49,17 @@ Delete the manifest list or image index from local storage if pushing succeeds.
 
 #### **--sign-by**=*fingerprint*
 
-Sign the pushed images using the GPG key that matches the specified fingerprint.
+Sign the pushed images with a “simple signing� signature using the specified key. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+
+#### **--sign-by-sigstore-private-key**=*path*
+
+Sign the pushed images with a sigstore signature using a private key at the specified path. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+
+#### **--sign-passphrase-file**=*path*
 
-#### **--tls-verify**
+If signing the image (using either **--sign-by** or **--sign-by-sigstore-private-key**), read the passphrase to use from the specified path.
 
-Require HTTPS and verify certificates when talking to container registries. (defaults to true)
+@@option tls-verify
 
 ## DESTINATION
 
diff --git a/docs/source/markdown/podman-manifest-remove.1.md b/docs/source/markdown/podman-manifest-remove.1.md
index 256d5a5b5..32fc5892e 100644
--- a/docs/source/markdown/podman-manifest-remove.1.md
+++ b/docs/source/markdown/podman-manifest-remove.1.md
@@ -1,4 +1,4 @@
-% podman-manifest-remove(1)
+% podman-manifest-remove 1
 
 ## NAME
 podman\-manifest\-remove - Remove an image from a manifest list or image index
diff --git a/docs/source/markdown/podman-manifest.1.md b/docs/source/markdown/podman-manifest.1.md
index cc716b2a0..74c59b657 100644
--- a/docs/source/markdown/podman-manifest.1.md
+++ b/docs/source/markdown/podman-manifest.1.md
@@ -1,4 +1,4 @@
-% podman-manifest(1)
+% podman-manifest 1
 
 ## NAME
 podman\-manifest - Create and manipulate manifest lists and image indexes
diff --git a/docs/source/markdown/podman-mount.1.md b/docs/source/markdown/podman-mount.1.md
index 82c7fe804..8229b1390 100644
--- a/docs/source/markdown/podman-mount.1.md
+++ b/docs/source/markdown/podman-mount.1.md
@@ -1,4 +1,4 @@
-% podman-mount(1)
+% podman-mount 1
 
 ## NAME
 podman\-mount - Mount a working container's root filesystem
diff --git a/docs/source/markdown/podman-network-connect.1.md b/docs/source/markdown/podman-network-connect.1.md
index d1718b812..dc238fced 100644
--- a/docs/source/markdown/podman-network-connect.1.md
+++ b/docs/source/markdown/podman-network-connect.1.md
@@ -1,4 +1,4 @@
-% podman-network-connect(1)
+% podman-network-connect 1
 
 ## NAME
 podman\-network\-connect - Connect a container to a network
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md
index 3836ea05c..6fd31dd4d 100644
--- a/docs/source/markdown/podman-network-create.1.md
+++ b/docs/source/markdown/podman-network-create.1.md
@@ -1,4 +1,4 @@
-% podman-network-create(1)
+% podman-network-create 1
 
 ## NAME
 podman\-network-create - Create a Podman network
diff --git a/docs/source/markdown/podman-network-disconnect.1.md b/docs/source/markdown/podman-network-disconnect.1.md
index f3ca059a1..9685cf400 100644
--- a/docs/source/markdown/podman-network-disconnect.1.md
+++ b/docs/source/markdown/podman-network-disconnect.1.md
@@ -1,4 +1,4 @@
-% podman-network-disconnect(1)
+% podman-network-disconnect 1
 
 ## NAME
 podman\-network\-disconnect - Disconnect a container from a network
diff --git a/docs/source/markdown/podman-network-exists.1.md b/docs/source/markdown/podman-network-exists.1.md
index 44c145cd9..f014b14ef 100644
--- a/docs/source/markdown/podman-network-exists.1.md
+++ b/docs/source/markdown/podman-network-exists.1.md
@@ -1,4 +1,4 @@
-% podman-network-exists(1)
+% podman-network-exists 1
 
 ## NAME
 podman\-network\-exists - Check if the given network exists
diff --git a/docs/source/markdown/podman-network-inspect.1.md b/docs/source/markdown/podman-network-inspect.1.md
index 2ba4a63cb..f812542db 100644
--- a/docs/source/markdown/podman-network-inspect.1.md
+++ b/docs/source/markdown/podman-network-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-network-inspect(1)
+% podman-network-inspect 1
 
 ## NAME
 podman\-network\-inspect - Displays the network configuration for one or more networks
diff --git a/docs/source/markdown/podman-network-ls.1.md b/docs/source/markdown/podman-network-ls.1.md
index c7ea24b9b..83d1365ec 100644
--- a/docs/source/markdown/podman-network-ls.1.md
+++ b/docs/source/markdown/podman-network-ls.1.md
@@ -1,4 +1,4 @@
-% podman-network-ls(1)
+% podman-network-ls 1
 
 ## NAME
 podman\-network\-ls - Display a summary of networks
diff --git a/docs/source/markdown/podman-network-prune.1.md b/docs/source/markdown/podman-network-prune.1.md
index b0a81646d..806f5c8a1 100644
--- a/docs/source/markdown/podman-network-prune.1.md
+++ b/docs/source/markdown/podman-network-prune.1.md
@@ -1,4 +1,4 @@
-% podman-network-prune(1)
+% podman-network-prune 1
 
 ## NAME
 podman\-network\-prune - Remove all unused networks
diff --git a/docs/source/markdown/podman-network-reload.1.md b/docs/source/markdown/podman-network-reload.1.md
index 31d10829e..4ecce17f8 100644
--- a/docs/source/markdown/podman-network-reload.1.md
+++ b/docs/source/markdown/podman-network-reload.1.md
@@ -1,4 +1,4 @@
-% podman-network-reload(1)
+% podman-network-reload 1
 
 ## NAME
 podman\-network\-reload - Reload network configuration for containers
diff --git a/docs/source/markdown/podman-network-rm.1.md b/docs/source/markdown/podman-network-rm.1.md
index 880f1d0c7..714fea8fb 100644
--- a/docs/source/markdown/podman-network-rm.1.md
+++ b/docs/source/markdown/podman-network-rm.1.md
@@ -1,4 +1,4 @@
-% podman-network-rm(1)
+% podman-network-rm 1
 
 ## NAME
 podman\-network\-rm - Remove one or more networks
diff --git a/docs/source/markdown/podman-network.1.md b/docs/source/markdown/podman-network.1.md
index f58bd5d5c..6ab7013e1 100644
--- a/docs/source/markdown/podman-network.1.md
+++ b/docs/source/markdown/podman-network.1.md
@@ -1,4 +1,4 @@
-% podman-network(1)
+% podman-network 1
 
 ## NAME
 podman\-network - Manage Podman networks
diff --git a/docs/source/markdown/podman-pause.1.md b/docs/source/markdown/podman-pause.1.md.in
index f374d96f3..a228f7107 100644
--- a/docs/source/markdown/podman-pause.1.md
+++ b/docs/source/markdown/podman-pause.1.md.in
@@ -1,4 +1,4 @@
-% podman-pause(1)
+% podman-pause 1
 
 ## NAME
 podman\-pause - Pause one or more containers
@@ -17,9 +17,7 @@ Pauses all the processes in one or more containers.  You may use container IDs o
 
 Pause all running containers.
 
-#### **--cidfile**
-
-Read container ID from the specified file and pause the container.  Can be specified multiple times.
+@@option cidfile.read
 
 #### **--filter**, **-f**=*filter*
 
diff --git a/docs/source/markdown/podman-pod-clone.1.md b/docs/source/markdown/podman-pod-clone.1.md
deleted file mode 100644
index 5473407b0..000000000
--- a/docs/source/markdown/podman-pod-clone.1.md
+++ /dev/null
@@ -1,512 +0,0 @@
-% podman-pod-clone(1)
-
-## NAME
-podman\-pod\-clone - Creates a copy of an existing pod
-
-## SYNOPSIS
-**podman pod clone** [*options*] *pod* *name*
-
-## DESCRIPTION
-**podman pod clone** creates a copy of a pod, recreating the identical config for the pod and for all of its containers. Users can modify the pods new name and select pod details within the infra container
-
-## OPTIONS
-
-#### **--blkio-weight**=*weight*
-
-Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-
-#### **--blkio-weight-device**=*weight*
-
-Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-
-#### **--cgroup-parent**=*path*
-
-Path to cgroups under which the cgroup for the pod will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-
-#### **--cpu-shares**, **-c**=*shares*
-
-CPU shares (relative weight)
-
-By default, all containers get the same proportion of CPU cycles. This proportion
-can be modified by changing the container's CPU share weighting relative
-to the weighting of all other running containers.
-
-To modify the proportion from the default of 1024, use the **--cpu-shares**
-flag to set the weighting to 2 or higher.
-
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
-
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If you add a fourth container with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores. If you start one
-container **{C0}** with **-c=512** running one process, and another container
-**{C1}** with **-c=1024** running two processes, this can result in the following
-division of CPU shares:
-
-PID    container	CPU	CPU share
-100    {C0}		0	100% of CPU0
-101    {C1}		1	100% of CPU1
-102    {C1}		2	100% of CPU2
-
-#### **--cpus**
-
-Set a number of CPUs for the pod that overrides the original pods CPU limits. If none are specified, the original pod's Nano CPUs are used.
-
-#### **--cpuset-cpus**
-
-CPUs in which to allow execution (0-3, 0,1). If none are specified, the original pod's CPUset is used.
-
-
-#### **--cpuset-mems**=*nodes*
-
-Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-
-If there are four memory nodes on the system (0-3), use `--cpuset-mems=0,1`
-then processes in the container will only use memory from the first
-two memory nodes.
-
-#### **--destroy**
-
-Remove the original pod that we are cloning once used to mimic the configuration.
-
-#### **--device**=*host-device[:container-device][:permissions]*
-
-Add a host device to the pod. Optional *permissions* parameter
-can be used to specify device permissions. It is a combination of
-**r** for read, **w** for write, and **m** for **mknod**(2).
-
-Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
-
-Note: if _host_device_ is a symbolic link then it will be resolved first.
-The pod will only store the major and minor numbers of the host device.
-
-Note: the pod implements devices by storing the initial configuration passed by the user and recreating the device on each container added to the pod.
-
-Podman may load kernel modules required for using the specified
-device. The devices that Podman will load modules for when necessary are:
-/dev/fuse.
-
-#### **--device-read-bps**=*path*
-
-Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb).
-
-#### **--device-write-bps**=*path*
-
-Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
-
-#### **--gidmap**=*pod_gid:host_gid:amount*
-
-GID map for the user namespace. Using this flag will run all containers in the pod with user namespace enabled. It conflicts with the `--userns` and `--subgidname` flags.
-
-#### **--help**, **-h**
-
-Print usage statement.
-
-#### **--hostname**=*name*
-
-Set a hostname to the pod.
-
-#### **--infra-command**=*command*
-
-The command that will be run to start the infra container. Default: "/pause".
-
-#### **--infra-conmon-pidfile**=*file*
-
-Write the pid of the infra container's **conmon** process to a file. As **conmon** runs in a separate process than Podman, this is necessary when using systemd to manage Podman containers and pods.
-
-#### **--infra-name**=*name*
-
-The name that will be used for the pod's infra container.
-
-#### **--label**, **-l**=*label*
-
-Add metadata to a pod (e.g., --label com.example.key=value).
-
-#### **--label-file**=*label*
-
-Read in a line delimited file of labels.
-
-#### **--memory**, **-m**=*limit*
-
-Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-
-Constrains the memory available to a container. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of trillions).
-
-#### **--memory-swap**=*limit*
-
-A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value. By default, the swap `LIMIT` will be set to double
-the value of --memory.
-
-The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-
-#### **--name**, **-n**
-
-Set a custom name for the cloned pod. The default if not specified is of the syntax: **<ORIGINAL_NAME>-clone**
-
-#### **--pid**=*pid*
-
-Set the PID mode for the pod. The default is to create a private PID namespace for the pod. Requires the PID namespace to be shared via --share.
-
-    host: use the host’s PID namespace for the pod
-    ns: join the specified PID namespace
-    private: create a new namespace for the pod (default)
-
-#### **--security-opt**=*option*
-
-Security Options
-
-- `apparmor=unconfined` : Turn off apparmor confinement for the pod
-- `apparmor=your-profile` : Set the apparmor confinement profile for the pod
-
-- `label=user:USER`     : Set the label user for the pod processes
-- `label=role:ROLE`     : Set the label role for the pod processes
-- `label=type:TYPE`     : Set the label process type for the pod processes
-- `label=level:LEVEL`   : Set the label level for the pod processes
-- `label=filetype:TYPE` : Set the label file type for the pod files
-- `label=disable`       : Turn off label separation for the pod
-
-Note: Labeling can be disabled for all pods/containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
-
-- `mask=/path/1:/path/2` : The paths to mask separated by a colon. A masked path
-  cannot be accessed inside the containers within the pod.
-
-- `no-new-privileges` : Disable container processes from gaining additional privileges.
-
-- `seccomp=unconfined` : Turn off seccomp confinement for the pod
-- `seccomp=profile.json` :  Whitelisted syscalls seccomp Json file to be used as a seccomp filter
-
-- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
-  possible mount options are specified in the **proc(5)** man page.
-
-- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
-  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**  The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
-
-Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
-
-#### **--shm-size**=*size*
-
-Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-If the unit is omitted, the system uses bytes. If the size is omitted, the system uses `64m`.
-When size is `0`, there is no limit on the amount of memory used for IPC by the pod. This option conflicts with **--ipc=host** when running containers.
-
-#### **--start**
-
-When set to true, this flag starts the newly created pod after the
-clone process has completed. All containers within the pod are started.
-
-#### **--subgidname**=*name*
-
-Name for GID map from the `/etc/subgid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--gidmap`.
-
-#### **--subuidname**=*name*
-
-Name for UID map from the `/etc/subuid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--uidmap`.
-
-#### **--sysctl**=*name=value*
-
-Configure namespace kernel parameters for all containers in the new pod.
-
-For the IPC namespace, the following sysctls are allowed:
-
-- kernel.msgmax
-- kernel.msgmnb
-- kernel.msgmni
-- kernel.sem
-- kernel.shmall
-- kernel.shmmax
-- kernel.shmmni
-- kernel.shm_rmid_forced
-- Sysctls beginning with fs.mqueue.\*
-
-Note: if the ipc namespace is not shared within the pod, these sysctls are not allowed.
-
-For the network namespace, only sysctls beginning with net.\* are allowed.
-
-Note: if the network namespace is not shared within the pod, these sysctls are not allowed.
-
-#### **--uidmap**=*container_uid:from_uid:amount*
-
-Run all containers in the pod in a new user namespace using the supplied mapping. This
-option conflicts with the **--userns** and **--subuidname** options. This
-option provides a way to map host UIDs to container UIDs. It can be passed
-several times to map different ranges.
-
-#### **--userns**=*mode*
-
-Set the user namespace mode for all the containers in a pod. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled.
-
-Rootless user --userns=Key mappings:
-
-Key       | Host User |  Container User
-----------|---------------|---------------------
-""        |$UID           |0 (Default User account mapped to root user in container.)
-keep-id   |$UID           |$UID (Map user account to same UID within container.)
-auto      |$UID           | nil (Host User UID is not mapped into container.)
-nomap     |$UID           | nil (Host User UID is not mapped into container.)
-
-Valid _mode_ values are:
-
-  - *auto[:*_OPTIONS,..._*]*: automatically create a namespace. It is possible to specify these options to `auto`:
-
-  - *gidmapping=*_CONTAINER_GID:HOST_GID:SIZE_ to force a GID mapping to be present in the user namespace.
-
-  - *size=*_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
-
-  - *uidmapping=*_CONTAINER_UID:HOST_UID:SIZE_ to force a UID mapping to be present in the user namespace.
-
-  - *host*: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
-
-  - *keep-id*: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user.
-
-  - *nomap*: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is ignored for containers created by the root user.
-
-#### **--uts**=*mode*
-
-Set the UTS namespace mode for the pod. The following values are supported:
-
-- **host**: use the host's UTS namespace inside the pod.
-- **private**: create a new namespace for the pod (default).
-- **ns:[path]**: run the pod in the given existing UTS namespace.
-
-
-#### **--volume**, **-v**=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*
-
-Create a bind mount. If ` -v /HOST-DIR:/CONTAINER-DIR` is specified, Podman
-bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman
-container. Similarly, `-v SOURCE-VOLUME:/CONTAINER-DIR` will mount the volume
-in the host to the container. If no such named volume exists, Podman will
-create one. The `OPTIONS` are a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup>  (Note when using the remote client, including Mac and Windows (excluding WSL2) machines, the volumes will be mounted from the remote server, not necessarily the client machine.)
-
-The _options_ is a comma-separated list and can be:
-
-* **rw**|**ro**
-* **z**|**Z**
-* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable**
-* [**r**]**bind**
-* [**no**]**exec**
-* [**no**]**dev**
-* [**no**]**suid**
-* [**O**]
-* [**U**]
-
-The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
-will be mounted into the container at this directory.
-
-Volumes may specify a source as well, as either a directory on the host
-or the name of a named volume. If no source is given, the volume will be created as an
-anonymously named volume with a randomly generated name, and will be removed when
-the pod is removed via the `--rm` flag or `podman rm --volumes` commands.
-
-If a volume source is specified, it must be a path on the host or the name of a
-named volume. Host paths are allowed to be absolute or relative; relative paths
-are resolved relative to the directory Podman is run in. If the source does not
-exist, Podman will return an error. Users must pre-create the source files or
-directories.
-
-Any source that does not begin with a `.` or `/` will be treated as the name of
-a named volume. If a volume with that name does not exist, it will be created.
-Volumes created with names are not anonymous, and they are not removed by the `--rm`
-option and the `podman rm --volumes` command.
-
-Specify multiple  **-v** options to mount one or more volumes into a
-pod.
-
-  `Write Protected Volume Mounts`
-
-Add `:ro` or `:rw` suffix to a volume to mount it read-only or
-read-write mode, respectively. By default, the volumes are mounted read-write.
-See examples.
-
-  `Chowning Volume Mounts`
-
-By default, Podman does not change the owner and group of source volume
-directories mounted into containers. If a pod is created in a new user
-namespace, the UID and GID in the container may correspond to another UID and
-GID on the host.
-
-The `:U` suffix tells Podman to use the correct host UID and GID based on the
-UID and GID within the pod, to change recursively the owner and group of
-the source volume.
-
-**Warning** use with caution since this will modify the host filesystem.
-
-  `Labeling Volume Mounts`
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a pod. Without a label, the security system might
-prevent the processes running inside the pod from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the pod context, add either of two suffixes
-`:z` or `:Z` to the volume mount. These suffixes tell Podman to relabel file
-objects on the shared volumes. The `z` option tells Podman that two pods
-share the volume content. As a result, Podman labels the content with a shared
-content label. Shared volume labels allow all containers to read/write content.
-The `Z` option tells Podman to label the content with a private unshared label.
-Only the current pod can use a private volume.
-
-  `Overlay Volume Mounts`
-
-   The `:O` flag tells Podman to mount the directory from the host as a
-temporary storage using the `overlay file system`. The pod processes
-can modify content within the mountpoint which is stored in the
-container storage in a separate directory. In overlay terms, the source
-directory will be the lower, and the container storage directory will be the
-upper. Modifications to the mount point are destroyed when the pod
-finishes executing, similar to a tmpfs mount point being unmounted.
-
-  Subsequent executions of the container will see the original source directory
-content, any changes from previous pod executions no longer exist.
-
-  One use case of the overlay mount is sharing the package cache from the
-host into the container to allow speeding up builds.
-
-  Note:
-
-     - The `O` flag conflicts with other options listed above.
-Content mounted into the container is labeled with the private label.
-       On SELinux systems, labels in the source directory must be readable
-by the infra container label. Usually containers can read/execute `container_share_t`
-and can read/write `container_file_t`. If unable to change the labels on a
-source volume, SELinux container separation must be disabled for the infra container/pod
-to work.
-     - The source directory mounted into the pod with an overlay mount
-should not be modified, it can cause unexpected failures. It is recommended
-to not modify the directory until the container finishes running.
-
-  `Mounts propagation`
-
-By default bind mounted volumes are `private`. That means any mounts done
-inside pod will not be visible on host and vice versa. One can change
-this behavior by specifying a volume mount propagation property. Making a
-volume `shared` mounts done under that volume inside pod will be
-visible on host and vice versa. Making a volume `slave` enables only one
-way mount propagation and that is mounts done on host under that volume
-will be visible inside container but not the other way around. <sup>[[1]](#Footnote1)</sup>
-
-To control mount propagation property of a volume one can use the [**r**]**shared**,
-[**r**]**slave**, [**r**]**private** or the [**r**]**unbindable** propagation flag.
-Propagation property can be specified only for bind mounted volumes and not for
-internal volumes or named volumes. For mount propagation to work the source mount
-point (the mount point where source dir is mounted on) has to have the right propagation
-properties. For shared volumes, the source mount point has to be shared. And for
-slave volumes, the source mount point has to be either shared or slave.
-<sup>[[1]](#Footnote1)</sup>
-
-To recursively mount a volume and all of its submounts into a
-pod, use the `rbind` option. By default the bind option is
-used, and submounts of the source directory will not be mounted into the
-pod.
-
-Mounting the volume with the `nosuid` options means that SUID applications on
-the volume will not be able to change their privilege. By default volumes
-are mounted with `nosuid`.
-
-Mounting the volume with the noexec option means that no executables on the
-volume will be able to executed within the pod.
-
-Mounting the volume with the nodev option means that no devices on the volume
-will be able to be used by processes within the pod. By default volumes
-are mounted with `nodev`.
-
-If the `<source-dir>` is a mount point, then "dev", "suid", and "exec" options are
-ignored by the kernel.
-
-Use `df <source-dir>` to figure out the source mount and then use
-`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
-properties of source mount. If `findmnt` utility is not available, then one
-can look at the mount entry for the source mount point in `/proc/self/mountinfo`. Look
-at `optional fields` and see if any propagation properties are specified.
-`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
-nothing is there that means mount is `private`. <sup>[[1]](#Footnote1)</sup>
-
-To change propagation properties of a mount point use `mount` command. For
-example, if one wants to bind mount source directory `/foo` one can do
-`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
-will convert /foo into a `shared` mount point. Alternatively one can directly
-change propagation properties of source mount. Say `/` is source mount for
-`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.
-
-Note: if the user only has access rights via a group, accessing the volume
-from inside a rootless pod will fail.
-
-#### **--volumes-from**=*container[:options]]*
-
-Mount volumes from the specified container(s). Used to share volumes between
-containers and pods. The *options* is a comma-separated list with the following available elements:
-
-* **rw**|**ro**
-* **z**
-
-Mounts already mounted volumes from a source container into another
-pod. Must supply the source's container-id or container-name.
-To share a volume, use the --volumes-from option when running
-the target container. Volumes can be shared even if the source container
-is not running.
-
-By default, Podman mounts the volumes in the same mode (read-write or
-read-only) as it is mounted in the source container.
-This can be changed by adding a `ro` or `rw` _option_.
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a pod. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the pod context, add `z` to the volume mount.
-This suffix tells Podman to relabel file objects on the shared volumes. The `z`
-option tells Podman that two entities share the volume content. As a result,
-Podman labels the content with a shared content label. Shared volume labels allow
-all containers to read/write content.
-
-If the location of the volume from the source container overlaps with
-data residing on a target pod, then the volume hides
-that data on the target.
-
-
-## EXAMPLES
-```
-# podman pod clone pod-name
-6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
-```
-
-```
-# podman pod clone --name=cloned-pod
-d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
-6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
-```
-
-```
-# podman pod clone --destroy --cpus=5 d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
-6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
-```
-
-```
-# podman pod clone 2d4d4fca7219b4437e0d74fcdc272c4f031426a6eacd207372691207079551de new_name
-5a9b7851013d326aa4ac4565726765901b3ecc01fcbc0f237bc7fd95588a24f9
-```
-## SEE ALSO
-**[podman-pod-create(1)](podman-pod-create.1.md)**
-
-## HISTORY
-May 2022, Originally written by Charlie Doern <cdoern@redhat.com>
diff --git a/docs/source/markdown/podman-pod-clone.1.md.in b/docs/source/markdown/podman-pod-clone.1.md.in
new file mode 100644
index 000000000..90b829371
--- /dev/null
+++ b/docs/source/markdown/podman-pod-clone.1.md.in
@@ -0,0 +1,153 @@
+% podman-pod-clone 1
+
+## NAME
+podman\-pod\-clone - Creates a copy of an existing pod
+
+## SYNOPSIS
+**podman pod clone** [*options*] *pod* *name*
+
+## DESCRIPTION
+**podman pod clone** creates a copy of a pod, recreating the identical config for the pod and for all of its containers. Users can modify the pods new name and select pod details within the infra container
+
+## OPTIONS
+
+@@option blkio-weight
+
+@@option blkio-weight-device
+
+@@option cgroup-parent
+
+@@option cpu-shares
+
+#### **--cpus**
+
+Set a number of CPUs for the pod that overrides the original pods CPU limits. If none are specified, the original pod's Nano CPUs are used.
+
+@@option cpuset-cpus
+
+If none are specified, the original pod's CPUset is used.
+
+@@option cpuset-mems
+
+@@option destroy
+
+@@option device
+
+Note: the pod implements devices by storing the initial configuration passed by the user and recreating the device on each container added to the pod.
+
+@@option device-read-bps
+
+@@option device-write-bps
+
+@@option gidmap.pod
+
+#### **--help**, **-h**
+
+Print usage statement.
+
+@@option hostname.pod
+
+@@option infra-command
+
+@@option infra-conmon-pidfile
+
+@@option infra-name
+
+@@option label
+
+@@option label-file
+
+@@option memory
+
+@@option memory-swap
+
+#### **--name**, **-n**
+
+Set a custom name for the cloned pod. The default if not specified is of the syntax: **<ORIGINAL_NAME>-clone**
+
+@@option pid.pod
+
+#### **--security-opt**=*option*
+
+Security Options
+
+- `apparmor=unconfined` : Turn off apparmor confinement for the pod
+- `apparmor=your-profile` : Set the apparmor confinement profile for the pod
+
+- `label=user:USER`     : Set the label user for the pod processes
+- `label=role:ROLE`     : Set the label role for the pod processes
+- `label=type:TYPE`     : Set the label process type for the pod processes
+- `label=level:LEVEL`   : Set the label level for the pod processes
+- `label=filetype:TYPE` : Set the label file type for the pod files
+- `label=disable`       : Turn off label separation for the pod
+
+Note: Labeling can be disabled for all pods/containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
+
+- `mask=/path/1:/path/2` : The paths to mask separated by a colon. A masked path
+  cannot be accessed inside the containers within the pod.
+
+- `no-new-privileges` : Disable container processes from gaining additional privileges.
+
+- `seccomp=unconfined` : Turn off seccomp confinement for the pod
+- `seccomp=profile.json` :  Whitelisted syscalls seccomp Json file to be used as a seccomp filter
+
+- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
+  possible mount options are specified in the **proc(5)** man page.
+
+- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
+  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**  The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
+
+Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
+
+@@option shm-size
+
+#### **--start**
+
+When set to true, this flag starts the newly created pod after the
+clone process has completed. All containers within the pod are started.
+
+@@option subgidname
+
+@@option subuidname
+
+@@option sysctl
+
+@@option uidmap.pod
+
+@@option userns.pod
+
+@@option uts.pod
+
+@@option volume
+
+@@option volumes-from
+
+## EXAMPLES
+```
+# podman pod clone pod-name
+6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
+```
+
+```
+# podman pod clone --name=cloned-pod
+d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
+6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
+```
+
+```
+# podman pod clone --destroy --cpus=5 d0cf1f782e2ed67e8c0050ff92df865a039186237a4df24d7acba5b1fa8cc6e7
+6b2c73ff8a1982828c9ae2092954bcd59836a131960f7e05221af9df5939c584
+```
+
+```
+# podman pod clone 2d4d4fca7219b4437e0d74fcdc272c4f031426a6eacd207372691207079551de new_name
+5a9b7851013d326aa4ac4565726765901b3ecc01fcbc0f237bc7fd95588a24f9
+```
+## SEE ALSO
+**[podman-pod-create(1)](podman-pod-create.1.md)**
+
+## HISTORY
+May 2022, Originally written by Charlie Doern <cdoern@redhat.com>
+
+## FOOTNOTES
+<a name="Footnote1">1</a>: The Podman project is committed to inclusivity, a core value of open source. The `master` and `slave` mount propagation terminology used here is problematic and divisive, and should be changed. However, these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, Podman will follow suit immediately.
diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
deleted file mode 100644
index 7b63ac51d..000000000
--- a/docs/source/markdown/podman-pod-create.1.md
+++ /dev/null
@@ -1,683 +0,0 @@
-% podman-pod-create(1)
-
-## NAME
-podman\-pod\-create - Create a new pod
-
-## SYNOPSIS
-**podman pod create** [*options*] [*name*]
-
-## DESCRIPTION
-
-Creates an empty pod, or unit of multiple containers, and prepares it to have
-containers added to it. The pod can be created with a specific name. If a name
-is not given a random name is generated. The pod id is printed to STDOUT. You
-can then use **podman create --pod `<pod_id|pod_name>` ...** to add containers
-to the pod, and **podman pod start `<pod_id|pod_name>`** to start the pod.
-
-The operator can identify a pod in three ways:
-UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778�)
-UUID short identifier (“f78375b1c487�)
-Name (“jonah�)
-
-podman generates a UUID for each pod, and if a name is not assigned
-to the container with **--name** then a random string name will be generated
-for it. The name is useful any place you need to identify a pod.
-
-Note: resource limit related flags work by setting the limits explicitly in the pod's cgroup
-which by default, is the cgroup parent for all containers joining the pod. Containers are still delegated the ability to set their own resource limits when joining a pod meaning that if you run **podman pod create --cpus=5** you can also run **podman container create --pod=`<pod_id|pod_name>` --cpus=4** and the container will only see the smaller limit. containers do NOT get the pod level cgroup resources if they specify their own cgroup when joining a pod such as **--cgroupns=host**
-
-## OPTIONS
-
-#### **--add-host**=*host:ip*
-
-Add a custom host-to-IP mapping (host:ip)
-
-Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
-option can be set multiple times.
-The /etc/hosts file is shared between all containers in the pod.
-
-#### **--blkio-weight**=*weight*
-
-Block IO weight (relative weight) accepts a weight value between 10 and 1000.
-
-#### **--blkio-weight-device**=*weight*
-
-Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`).
-
-#### **--cgroup-parent**=*path*
-
-Path to cgroups under which the cgroup for the pod will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-
-#### **--cpu-shares**, **-c**=*shares*
-
-CPU shares (relative weight)
-
-By default, all containers get the same proportion of CPU cycles. This proportion
-can be modified by changing the container's CPU share weighting relative
-to the weighting of all other running containers.
-
-To modify the proportion from the default of 1024, use the **--cpu-shares**
-flag to set the weighting to 2 or higher.
-
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
-
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If you add a fourth container with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores. If you start one
-container **{C0}** with **-c=512** running one process, and another container
-**{C1}** with **-c=1024** running two processes, this can result in the following
-division of CPU shares:
-
-PID    container	CPU	CPU share
-100    {C0}		0	100% of CPU0
-101    {C1}		1	100% of CPU1
-102    {C1}		2	100% of CPU2
-
-#### **--cpus**=*amount*
-
-Set the total number of CPUs delegated to the pod. Default is 0.000 which indicates that there is no limit on computation power.
-
-#### **--cpuset-cpus**=*amount*
-
-Limit the CPUs to support execution. First CPU is numbered 0. Unlike --cpus this is of type string and parsed as a list of numbers
-
-Format is 0-3,0,1
-
-Examples of the List Format:
-
-0-4,9           # bits 0, 1, 2, 3, 4, and 9 set
-0-2,7,12-14     # bits 0, 1, 2, 7, 12, 13, and 14 set
-
-#### **--cpuset-mems**=*nodes*
-
-Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
-
-If there are four memory nodes on the system (0-3), use `--cpuset-mems=0,1`
-then processes in the container will only use memory from the first
-two memory nodes.
-
-#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_]
-
-Add a host device to the pod. Optional *permissions* parameter
-can be used to specify device permissions. It is a combination of
-**r** for read, **w** for write, and **m** for **mknod**(2).
-
-Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
-
-Note: if *host-device* is a symbolic link then it will be resolved first.
-The pod will only store the major and minor numbers of the host device.
-
-Note: the pod implements devices by storing the initial configuration passed by the user and recreating the device on each container added to the pod.
-
-Podman may load kernel modules required for using the specified
-device. The devices that Podman will load modules for when necessary are:
-/dev/fuse.
-
-#### **--device-read-bps**=*path*
-
-Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
-
-#### **--device-write-bps**=*path*
-
-Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
-
-#### **--dns**=*ipaddr*
-
-Set custom DNS servers in the /etc/resolv.conf file that will be shared between all containers in the pod. A special option, "none" is allowed which disables creation of /etc/resolv.conf for the pod.
-
-#### **--dns-opt**=*option*
-
-Set custom DNS options in the /etc/resolv.conf file that will be shared between all containers in the pod.
-
-#### **--dns-search**=*domain*
-
-Set custom DNS search domains in the /etc/resolv.conf file that will be shared between all containers in the pod.
-
-#### **--exit-policy**=**continue** | *stop*
-
-Set the exit policy of the pod when the last container exits.  Supported policies are:
-
-| Exit Policy        | Description                                                                 |
-| ------------------ | --------------------------------------------------------------------------- |
-| *continue*         | The pod continues running when the last container exits. Used by default.   |
-| *stop*             | The pod is stopped when the last container exits. Used in `kube play`.      |
-
-#### **--gidmap**=*container_gid:host_gid:amount*
-
-GID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `--userns` and `--subgidname` flags.
-
-#### **--help**, **-h**
-
-Print usage statement.
-
-#### **--hostname**=*name*
-
-Set a hostname to the pod
-
-#### **--infra**
-
-Create an infra container and associate it with the pod. An infra container is a lightweight container used to coordinate the shared kernel namespace of a pod. Default: true.
-
-#### **--infra-command**=*command*
-
-The command that will be run to start the infra container. Default: "/pause".
-
-#### **--infra-conmon-pidfile**=*file*
-
-Write the pid of the infra container's **conmon** process to a file. As **conmon** runs in a separate process than Podman, this is necessary when using systemd to manage Podman containers and pods.
-
-#### **--infra-image**=*image*
-
-The custom image that will be used for the infra container.  Unless specified, Podman builds a custom local image which does not require pulling down an image.
-
-#### **--infra-name**=*name*
-
-The name that will be used for the pod's infra container.
-
-#### **--ip**=*ip*
-
-Specify a static IP address for the pod, for example **10.88.64.128**.
-This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once -
-and if the pod is not joining another container's network namespace via **--network=container:_id_**.
-The address must be within the network's IP address pool (default **10.88.0.0/16**).
-
-To specify multiple static IP addresses per pod, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option.
-
-#### **--ip6**=*ipv6*
-
-Specify a static IPv6 address for the pod, for example **fd46:db93:aa76:ac37::10**.
-This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once -
-and if the pod is not joining another container's network namespace via **--network=container:_id_**.
-The address must be within the network's IPv6 address pool.
-
-To specify multiple static IPv6 addresses per pod, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
-
-#### **--label**, **-l**=*label*
-
-Add metadata to a pod (e.g., --label com.example.key=value).
-
-#### **--label-file**=*label*
-
-Read in a line delimited file of labels.
-
-#### **--mac-address**=*address*
-
-Pod network interface MAC address (e.g. 92:d0:c6:0a:29:33)
-This option can only be used if the pod is joined to only a single network - i.e., **--network=_network-name_** is used at most once -
-and if the pod is not joining another container's network namespace via **--network=container:_id_**.
-
-Remember that the MAC address in an Ethernet network must be unique.
-The IPv6 link-local address will be based on the device's MAC address
-according to RFC4862.
-
-To specify multiple static MAC addresses per pod, set multiple networks using the **--network** option with a static MAC address specified for each using the `mac` mode for that option.
-
-#### **--memory**, **-m**=*limit*
-
-Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-
-Constrains the memory available to a container. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of trillions).
-
-#### **--memory-swap**=*limit*
-
-A limit value equal to memory plus swap. Must be used with the  **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value. By default, the swap `LIMIT` will be set to double
-the value of --memory.
-
-The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
-`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
-unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-
-#### **--name**, **-n**=*name*
-
-Assign a name to the pod.
-
-#### **--network**=*mode*, **--net**
-
-Set the network mode for the pod. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_.
-
-Valid _mode_ values are:
-
-- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
-  - **alias=name**: Add network-scoped alias for the container.
-  - **ip=IPv4**: Specify a static ipv4 address for this container.
-  - **ip=IPv6**: Specify a static ipv6 address for this container.
-  - **mac=MAC**: Specify a static mac address for this container.
-  - **interface_name**: Specify a name for the created network interface inside the container.
-
-  For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
-- \<network name or ID\>[:OPTIONS,...]: Connect to a user-defined network; this is the network name or ID from a network created by **[podman network create](podman-network-create.1.md)**. Using the network name implies the bridge network mode. It is possible to specify the same options described under the bridge mode above. You can use the **--network** option multiple times to specify additional networks.
-- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
-- **container:**_id_: Reuse another container's network stack.
-- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-- **ns:**_path_: Path to a network namespace to join.
-- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
-- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
-  - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
-  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
-  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
-  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
-  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
-  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
-  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
-  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
-  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
-  Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
-  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
-
-#### **--network-alias**=*alias*
-
-Add a network-scoped alias for the pod, setting the alias for all networks that the container joins. To set a
-name only for a specific network, use the alias option as described under the **--network** option.
-If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} <name>`),
-these aliases can be used for name resolution on the given network. This option can be specified multiple times.
-NOTE: When using CNI a pod will only have access to aliases on the first network that it joins. This limitation does
-not exist with netavark/aardvark-dns.
-
-#### **--no-hosts**
-
-Do not create _/etc/hosts_ for the pod.
-By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
-**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
-This option conflicts with **--add-host**.
-
-#### **--pid**=*pid*
-
-Set the PID mode for the pod. The default is to create a private PID namespace for the pod. Requires the PID namespace to be shared via --share.
-
-    host: use the host’s PID namespace for the pod
-    ns: join the specified PID namespace
-    private: create a new namespace for the pod (default)
-
-#### **--pod-id-file**=*path*
-
-Write the pod ID to the file.
-
-#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]*
-
-Publish a container's port, or range of ports, within this pod to the host.
-
-Both *hostPort* and *containerPort* can be specified as a range of ports.
-When specifying ranges for both, the number of container ports in the
-range must match the number of host ports in the range.
-
-If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host.
-
-By default, Podman will publish TCP ports. To publish a UDP port instead, give
-`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice,
-with `tcp`, and `udp` as protocols respectively. Rootful containers can also
-publish ports using the `sctp` protocol.
-
-Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`).
-If it is not, the container port will be randomly assigned a port on the host.
-
-Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`.
-
-**Note:** You must not publish ports of containers in the pod individually,
-but only by the pod itself.
-
-**Note:** This cannot be modified once the pod is created.
-
-#### **--replace**
-
-If another pod with the same name already exists, replace and remove it.  The default is **false**.
-
-#### **--security-opt**=*option*
-
-Security Options
-
-- `apparmor=unconfined` : Turn off apparmor confinement for the pod
-- `apparmor=your-profile` : Set the apparmor confinement profile for the pod
-
-- `label=user:USER`     : Set the label user for the pod processes
-- `label=role:ROLE`     : Set the label role for the pod processes
-- `label=type:TYPE`     : Set the label process type for the pod processes
-- `label=level:LEVEL`   : Set the label level for the pod processes
-- `label=filetype:TYPE` : Set the label file type for the pod files
-- `label=disable`       : Turn off label separation for the pod
-
-Note: Labeling can be disabled for all pods/containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
-
-- `mask=/path/1:/path/2` : The paths to mask separated by a colon. A masked path
-  cannot be accessed inside the containers within the pod.
-
-- `no-new-privileges` : Disable container processes from gaining additional privileges
-
-- `seccomp=unconfined` : Turn off seccomp confinement for the pod
-- `seccomp=profile.json` :  Whitelisted syscalls seccomp Json file to be used as a seccomp filter
-
-- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
-  possible mount options are specified in the **proc(5)** man page.
-
-- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
-  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**  The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
-
-Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
-
-#### **--share**=*namespace*
-
-A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared and the infra container will not be created unless expiclity specified via **--infra=true**. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts)
-
-#### **--share-parent**
-
-This boolean determines whether or not all containers entering the pod will use the pod as their cgroup parent. The default value of this flag is true. If you are looking to share the cgroup namespace rather than a cgroup parent in a pod, use **--share**
-
-Note: This options conflict with **--share=cgroup** since that would set the pod as the cgroup parent but enter the container into the same cgroupNS as the infra container.
-
-#### **--shm-size**=*size*
-
-Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
-If the unit is omitted, the system uses bytes. If the size is omitted, the system uses `64m`.
-When size is `0`, there is no limit on the amount of memory used for IPC by the pod. This option conflicts with **--ipc=host** when running containers.
-
-#### **--subgidname**=*name*
-
-Name for GID map from the `/etc/subgid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--gidmap`.
-
-#### **--subuidname**=*name*
-
-Name for UID map from the `/etc/subuid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--uidmap`.
-
-
-#### **--sysctl**=*name=value*
-
-Configure namespace kernel parameters for all containers in the pod.
-
-For the IPC namespace, the following sysctls are allowed:
-
-- kernel.msgmax
-- kernel.msgmnb
-- kernel.msgmni
-- kernel.sem
-- kernel.shmall
-- kernel.shmmax
-- kernel.shmmni
-- kernel.shm_rmid_forced
-- Sysctls beginning with fs.mqueue.\*
-
-Note: if the ipc namespace is not shared within the pod, these sysctls are not allowed.
-
-For the network namespace, only sysctls beginning with net.\* are allowed.
-
-Note: if the network namespace is not shared within the pod, these sysctls are not allowed.
-
-#### **--uidmap**=*container_uid:from_uid:amount*
-
-Run the container in a new user namespace using the supplied mapping. This
-option conflicts with the **--userns** and **--subuidname** options. This
-option provides a way to map host UIDs to container UIDs. It can be passed
-several times to map different ranges.
-
-#### **--userns**=*mode*
-
-Set the user namespace mode for all the containers in a pod. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled.
-
-Rootless user --userns=Key mappings:
-
-Key       | Host User |  Container User
-----------|---------------|---------------------
-""        |$UID           |0 (Default User account mapped to root user in container.)
-keep-id   |$UID           |$UID (Map user account to same UID within container.)
-auto      |$UID           | nil (Host User UID is not mapped into container.)
-nomap     |$UID           | nil (Host User UID is not mapped into container.)
-
-Valid _mode_ values are:
-
-  - *auto[:*_OPTIONS,..._*]*: automatically create a namespace. It is possible to specify these options to `auto`:
-
-  - *gidmapping=*_CONTAINER_GID:HOST_GID:SIZE_ to force a GID mapping to be present in the user namespace.
-
-  - *size=*_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
-
-  - *uidmapping=*_CONTAINER_UID:HOST_UID:SIZE_ to force a UID mapping to be present in the user namespace.
-
-  - *host*: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
-
-  - *keep-id*: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is not allowed for containers created by the root user.
-
-  - *nomap*: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is not allowed for containers created by the root user.
-
-#### **--uts**=*mode*
-
-Set the UTS namespace mode for the pod. The following values are supported:
-
-- **host**: use the host's UTS namespace inside the pod.
-- **private**: create a new namespace for the pod (default).
-- **ns:[path]**: run the pod in the given existing UTS namespace.
-
-#### **--volume**, **-v**=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*
-
-Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman
-bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman
-container. Similarly, `-v SOURCE-VOLUME:/CONTAINER-DIR` will mount the volume
-in the host to the container. If no such named volume exists, Podman will
-create one. The `OPTIONS` are a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup>  (Note when using the remote client, including Mac and Windows (excluding WSL2) machines, the volumes will be mounted from the remote server, not necessarily the client machine.)
-
-The _options_ is a comma-separated list and can be:
-
-* **rw**|**ro**
-* **z**|**Z**
-* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable**
-* [**r**]**bind**
-* [**no**]**exec**
-* [**no**]**dev**
-* [**no**]**suid**
-* [**O**]
-* [**U**]
-
-The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
-will be mounted into the container at this directory.
-
-Volumes may specify a source as well, as either a directory on the host
-or the name of a named volume. If no source is given, the volume will be created as an
-anonymously named volume with a randomly generated name, and will be removed when
-the pod is removed via the `--rm` flag or `podman rm --volumes` commands.
-
-If a volume source is specified, it must be a path on the host or the name of a
-named volume. Host paths are allowed to be absolute or relative; relative paths
-are resolved relative to the directory Podman is run in. If the source does not
-exist, Podman will return an error. Users must pre-create the source files or
-directories.
-
-Any source that does not begin with a `.` or `/` will be treated as the name of
-a named volume. If a volume with that name does not exist, it will be created.
-Volumes created with names are not anonymous, and they are not removed by the `--rm`
-option and the `podman rm --volumes` command.
-
-You can specify multiple  **-v** options to mount one or more volumes into a
-pod.
-
-  `Write Protected Volume Mounts`
-
-You can add `:ro` or `:rw` suffix to a volume to mount it read-only or
-read-write mode, respectively. By default, the volumes are mounted read-write.
-See examples.
-
-  `Chowning Volume Mounts`
-
-By default, Podman does not change the owner and group of source volume
-directories mounted into containers. If a pod is created in a new user
-namespace, the UID and GID in the container may correspond to another UID and
-GID on the host.
-
-The `:U` suffix tells Podman to use the correct host UID and GID based on the
-UID and GID within the pod, to change recursively the owner and group of
-the source volume.
-
-**Warning** use with caution since this will modify the host filesystem.
-
-  `Labeling Volume Mounts`
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a pod. Without a label, the security system might
-prevent the processes running inside the pod from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the pod context, you can add either of two suffixes
-`:z` or `:Z` to the volume mount. These suffixes tell Podman to relabel file
-objects on the shared volumes. The `z` option tells Podman that two pods
-share the volume content. As a result, Podman labels the content with a shared
-content label. Shared volume labels allow all containers to read/write content.
-The `Z` option tells Podman to label the content with a private unshared label.
-Only the current pod can use a private volume.
-
-  `Overlay Volume Mounts`
-
-   The `:O` flag tells Podman to mount the directory from the host as a
-temporary storage using the `overlay file system`. The pod processes
-can modify content within the mountpoint which is stored in the
-container storage in a separate directory. In overlay terms, the source
-directory will be the lower, and the container storage directory will be the
-upper. Modifications to the mount point are destroyed when the pod
-finishes executing, similar to a tmpfs mount point being unmounted.
-
-  Subsequent executions of the container will see the original source directory
-content, any changes from previous pod executions no longer exist.
-
-  One use case of the overlay mount is sharing the package cache from the
-host into the container to allow speeding up builds.
-
-  Note:
-
-     - The `O` flag conflicts with other options listed above.
-Content mounted into the container is labeled with the private label.
-       On SELinux systems, labels in the source directory must be readable
-by the infra container label. Usually containers can read/execute `container_share_t`
-and can read/write `container_file_t`. If you cannot change the labels on a
-source volume, SELinux container separation must be disabled for the infra container/pod
-to work.
-     - The source directory mounted into the pod with an overlay mount
-should not be modified, it can cause unexpected failures. It is recommended
-that you do not modify the directory until the container finishes running.
-
-  `Mounts propagation`
-
-By default bind mounted volumes are `private`. That means any mounts done
-inside pod will not be visible on host and vice versa. One can change
-this behavior by specifying a volume mount propagation property. Making a
-volume `shared` mounts done under that volume inside pod will be
-visible on host and vice versa. Making a volume `slave` enables only one
-way mount propagation and that is mounts done on host under that volume
-will be visible inside container but not the other way around. <sup>[[1]](#Footnote1)</sup>
-
-To control mount propagation property of a volume one can use the [**r**]**shared**,
-[**r**]**slave**, [**r**]**private** or the [**r**]**unbindable** propagation flag.
-For mount propagation to work the source mount point (the mount point where source dir
-is mounted on) has to have the right propagation properties. For shared volumes, the
-source mount point has to be shared. And for slave volumes, the source mount point
-has to be either shared or slave. <sup>[[1]](#Footnote1)</sup>
-
-If you want to recursively mount a volume and all of its submounts into a
-pod, then you can use the `rbind` option. By default the bind option is
-used, and submounts of the source directory will not be mounted into the
-pod.
-
-Mounting the volume with the `nosuid` options means that SUID applications on
-the volume will not be able to change their privilege. By default volumes
-are mounted with `nosuid`.
-
-Mounting the volume with the noexec option means that no executables on the
-volume will be able to executed within the pod.
-
-Mounting the volume with the nodev option means that no devices on the volume
-will be able to be used by processes within the pod. By default volumes
-are mounted with `nodev`.
-
-If the `<source-dir>` is a mount point, then "dev", "suid", and "exec" options are
-ignored by the kernel.
-
-Use `df <source-dir>` to figure out the source mount and then use
-`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation
-properties of source mount. If `findmnt` utility is not available, then one
-can look at the mount entry for the source mount point in `/proc/self/mountinfo`. Look
-at `optional fields` and see if any propagation properties are specified.
-`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if
-nothing is there that means mount is `private`. <sup>[[1]](#Footnote1)</sup>
-
-To change propagation properties of a mount point use `mount` command. For
-example, if one wants to bind mount source directory `/foo` one can do
-`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This
-will convert /foo into a `shared` mount point. Alternatively one can directly
-change propagation properties of source mount. Say `/` is source mount for
-`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount.
-
-Note: if the user only has access rights via a group, accessing the volume
-from inside a rootless pod will fail.
-
-#### **--volumes-from**=*container[:options]]*
-
-Mount volumes from the specified container(s). Used to share volumes between
-containers and pods. The *options* is a comma-separated list with the following available elements:
-
-* **rw**|**ro**
-* **z**
-
-Mounts already mounted volumes from a source container into another
-pod. You must supply the source's container-id or container-name.
-To share a volume, use the --volumes-from option when running
-the target container. You can share volumes even if the source container
-is not running.
-
-By default, Podman mounts the volumes in the same mode (read-write or
-read-only) as it is mounted in the source container.
-You can change this by adding a `ro` or `rw` _option_.
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a pod. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the pod context, you can add `z` to the volume mount.
-This suffix tells Podman to relabel file objects on the shared volumes. The `z`
-option tells Podman that two entities share the volume content. As a result,
-Podman labels the content with a shared content label. Shared volume labels allow
-all containers to read/write content.
-
-If the location of the volume from the source container overlaps with
-data residing on a target pod, then the volume hides
-that data on the target.
-
-
-## EXAMPLES
-
-```
-$ podman pod create --name test
-
-$ podman pod create mypod
-
-$ podman pod create --infra=false
-
-$ podman pod create --infra-command /top toppod
-
-$ podman pod create --publish 8443:443
-
-$ podman pod create --network slirp4netns:outbound_addr=127.0.0.1,allow_host_loopback=true
-
-$ podman pod create --network slirp4netns:cidr=192.168.0.0/24
-
-$ podman pod create --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10
-```
-
-## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **containers.conf(1)**, **[cgroups(7)](https://man7.org/linux/man-pages/man7/cgroups.7.html)**
-
-
-## HISTORY
-July 2018, Originally compiled by Peter Hunt <pehunt@redhat.com>
diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in
new file mode 100644
index 000000000..7700f5e62
--- /dev/null
+++ b/docs/source/markdown/podman-pod-create.1.md.in
@@ -0,0 +1,262 @@
+% podman-pod-create 1
+
+## NAME
+podman\-pod\-create - Create a new pod
+
+## SYNOPSIS
+**podman pod create** [*options*] [*name*]
+
+## DESCRIPTION
+
+Creates an empty pod, or unit of multiple containers, and prepares it to have
+containers added to it. The pod can be created with a specific name. If a name
+is not given a random name is generated. The pod id is printed to STDOUT. You
+can then use **podman create --pod `<pod_id|pod_name>` ...** to add containers
+to the pod, and **podman pod start `<pod_id|pod_name>`** to start the pod.
+
+The operator can identify a pod in three ways:
+UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778�)
+UUID short identifier (“f78375b1c487�)
+Name (“jonah�)
+
+podman generates a UUID for each pod, and if a name is not assigned
+to the container with **--name** then a random string name will be generated
+for it. The name is useful any place you need to identify a pod.
+
+Note: resource limit related flags work by setting the limits explicitly in the pod's cgroup
+which by default, is the cgroup parent for all containers joining the pod. Containers are still delegated the ability to set their own resource limits when joining a pod meaning that if you run **podman pod create --cpus=5** you can also run **podman container create --pod=`<pod_id|pod_name>` --cpus=4** and the container will only see the smaller limit. containers do NOT get the pod level cgroup resources if they specify their own cgroup when joining a pod such as **--cgroupns=host**
+
+## OPTIONS
+
+@@option add-host
+
+The /etc/hosts file is shared between all containers in the pod.
+
+@@option blkio-weight
+
+@@option blkio-weight-device
+
+@@option cgroup-parent
+
+@@option cpu-shares
+
+#### **--cpus**=*amount*
+
+Set the total number of CPUs delegated to the pod. Default is 0.000 which indicates that there is no limit on computation power.
+
+@@option cpuset-cpus
+
+@@option cpuset-mems
+
+@@option device
+
+Note: the pod implements devices by storing the initial configuration passed by the user and recreating the device on each container added to the pod.
+
+@@option device-read-bps
+
+@@option device-write-bps
+
+#### **--dns**=*ipaddr*
+
+Set custom DNS servers in the /etc/resolv.conf file that will be shared between all containers in the pod. A special option, "none" is allowed which disables creation of /etc/resolv.conf for the pod.
+
+#### **--dns-opt**=*option*
+
+Set custom DNS options in the /etc/resolv.conf file that will be shared between all containers in the pod.
+
+#### **--dns-search**=*domain*
+
+Set custom DNS search domains in the /etc/resolv.conf file that will be shared between all containers in the pod.
+
+#### **--exit-policy**=**continue** | *stop*
+
+Set the exit policy of the pod when the last container exits.  Supported policies are:
+
+| Exit Policy        | Description                                                                                                                |
+| ------------------ | -------------------------------------------------------------------------------------------------------------------------- |
+| *continue*         | The pod continues running, by keeping its infra container alive, when the last container exits. Used by default.           |
+| *stop*             | The pod (including its infra container) is stopped when the last container exits. Used in `kube play`.                     |
+
+@@option gidmap.pod
+
+#### **--help**, **-h**
+
+Print usage statement.
+
+@@option hostname.pod
+
+#### **--infra**
+
+Create an infra container and associate it with the pod. An infra container is a lightweight container used to coordinate the shared kernel namespace of a pod. Default: true.
+
+@@option infra-command
+
+@@option infra-conmon-pidfile
+
+#### **--infra-image**=*image*
+
+The custom image that will be used for the infra container.  Unless specified, Podman builds a custom local image which does not require pulling down an image.
+
+@@option infra-name
+
+@@option ip
+
+@@option ip6
+
+@@option label
+
+@@option label-file
+
+@@option mac-address
+
+@@option memory
+
+@@option memory-swap
+
+#### **--name**, **-n**=*name*
+
+Assign a name to the pod.
+
+#### **--network**=*mode*, **--net**
+
+Set the network mode for the pod. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_.
+
+Valid _mode_ values are:
+
+- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
+  - **alias=name**: Add network-scoped alias for the container.
+  - **ip=IPv4**: Specify a static ipv4 address for this container.
+  - **ip=IPv6**: Specify a static ipv6 address for this container.
+  - **mac=MAC**: Specify a static mac address for this container.
+  - **interface_name**: Specify a name for the created network interface inside the container.
+
+  For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
+- \<network name or ID\>[:OPTIONS,...]: Connect to a user-defined network; this is the network name or ID from a network created by **[podman network create](podman-network-create.1.md)**. Using the network name implies the bridge network mode. It is possible to specify the same options described under the bridge mode above. You can use the **--network** option multiple times to specify additional networks.
+- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
+- **container:**_id_: Reuse another container's network stack.
+- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
+- **ns:**_path_: Path to a network namespace to join.
+- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
+- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
+  - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false.
+  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
+  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
+  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
+  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
+  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
+  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
+  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
+  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
+  Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
+
+@@option network-alias
+
+@@option no-hosts
+
+This option conflicts with **--add-host**.
+
+@@option pid.pod
+
+#### **--pod-id-file**=*path*
+
+Write the pod ID to the file.
+
+@@option publish
+
+**Note:** You must not publish ports of containers in the pod individually,
+but only by the pod itself.
+
+**Note:** This cannot be modified once the pod is created.
+
+@@option replace
+
+#### **--security-opt**=*option*
+
+Security Options
+
+- `apparmor=unconfined` : Turn off apparmor confinement for the pod
+- `apparmor=your-profile` : Set the apparmor confinement profile for the pod
+
+- `label=user:USER`     : Set the label user for the pod processes
+- `label=role:ROLE`     : Set the label role for the pod processes
+- `label=type:TYPE`     : Set the label process type for the pod processes
+- `label=level:LEVEL`   : Set the label level for the pod processes
+- `label=filetype:TYPE` : Set the label file type for the pod files
+- `label=disable`       : Turn off label separation for the pod
+
+Note: Labeling can be disabled for all pods/containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
+
+- `mask=/path/1:/path/2` : The paths to mask separated by a colon. A masked path
+  cannot be accessed inside the containers within the pod.
+
+- `no-new-privileges` : Disable container processes from gaining additional privileges
+
+- `seccomp=unconfined` : Turn off seccomp confinement for the pod
+- `seccomp=profile.json` :  Whitelisted syscalls seccomp Json file to be used as a seccomp filter
+
+- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
+  possible mount options are specified in the **proc(5)** man page.
+
+- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
+  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**  The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
+
+Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
+
+#### **--share**=*namespace*
+
+A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared and the infra container will not be created unless expiclity specified via **--infra=true**. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts)
+
+#### **--share-parent**
+
+This boolean determines whether or not all containers entering the pod will use the pod as their cgroup parent. The default value of this flag is true. If you are looking to share the cgroup namespace rather than a cgroup parent in a pod, use **--share**
+
+Note: This options conflict with **--share=cgroup** since that would set the pod as the cgroup parent but enter the container into the same cgroupNS as the infra container.
+
+@@option shm-size
+
+@@option subgidname
+
+@@option subuidname
+
+@@option sysctl
+
+@@option uidmap.pod
+
+@@option userns.pod
+
+@@option uts.pod
+
+@@option volume
+
+@@option volumes-from
+
+## EXAMPLES
+
+```
+$ podman pod create --name test
+
+$ podman pod create mypod
+
+$ podman pod create --infra=false
+
+$ podman pod create --infra-command /top toppod
+
+$ podman pod create --publish 8443:443
+
+$ podman pod create --network slirp4netns:outbound_addr=127.0.0.1,allow_host_loopback=true
+
+$ podman pod create --network slirp4netns:cidr=192.168.0.0/24
+
+$ podman pod create --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10
+```
+
+## SEE ALSO
+**[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-kube-play(1)](podman-kube-play.1.md)**, **containers.conf(1)**, **[cgroups(7)](https://man7.org/linux/man-pages/man7/cgroups.7.html)**
+
+
+## HISTORY
+July 2018, Originally compiled by Peter Hunt <pehunt@redhat.com>
+
+## FOOTNOTES
+<a name="Footnote1">1</a>: The Podman project is committed to inclusivity, a core value of open source. The `master` and `slave` mount propagation terminology used here is problematic and divisive, and should be changed. However, these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, Podman will follow suit immediately.
diff --git a/docs/source/markdown/podman-pod-exists.1.md b/docs/source/markdown/podman-pod-exists.1.md
index 201dfbefd..eea4633d7 100644
--- a/docs/source/markdown/podman-pod-exists.1.md
+++ b/docs/source/markdown/podman-pod-exists.1.md
@@ -1,4 +1,4 @@
-% podman-pod-exists(1)
+% podman-pod-exists 1
 
 ## NAME
 podman-pod-exists - Check if a pod exists in local storage
diff --git a/docs/source/markdown/podman-pod-inspect.1.md b/docs/source/markdown/podman-pod-inspect.1.md
index d0a165b05..609cc47da 100644
--- a/docs/source/markdown/podman-pod-inspect.1.md
+++ b/docs/source/markdown/podman-pod-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-pod-inspect(1)
+% podman-pod-inspect 1
 
 ## NAME
 podman\-pod\-inspect - Displays information describing a pod
@@ -18,22 +18,42 @@ Change the default output format.  This can be of a supported type like 'json'
 or a Go template.
 Valid placeholders for the Go template are listed below:
 
-| **Placeholder**   | **Description**                                                               |
-| ----------------- | ----------------------------------------------------------------------------- |
-| .ID               | Pod   ID                                                                      |
-| .Name             | Pod   name                                                                    |
-| .State            | Pod   state                                                                   |
-| .Hostname         | Pod   hostname                                                                |
-| .Labels           | Pod   labels                                                                  |
-| .Created          | Time when the pod was created                                                 |
-| .CreateCgroup     | Whether cgroup was created                                                    |
-| .CgroupParent     | Pod   cgroup parent                                                           |
-| .CgroupPath       | Pod   cgroup path                                                             |
-| .CreateInfra      | Whether infrastructure created                                                |
-| .InfraContainerID | Pod   infrastructure ID                                                       |
-| .SharedNamespaces | Pod   shared namespaces                                                       |
-| .NumContainers    | Number of containers in the pod                                               |
-| .Containers       | Pod   containers                                                              |
+| **Placeholder**      | **Description**                             |
+|----------------------|---------------------------------------------|
+| .BlkioDeviceReadBps  | Block I/O Device Read, in bytes/sec         |
+| .BlkioDeviceWriteBps | Block I/O Device Read, in bytes/sec         |
+| .BlkioWeight         | Block I/O Weight                            |
+| .BlkioWeightDevice   | Block I/O Device Weight                     |
+| .CgroupParent        | Pod cgroup parent                           |
+| .CgroupPath          | Pod cgroup path                             |
+| .Containers          | Pod containers                              |
+| .CPUPeriod           | CPU period                                  |
+| .CPUQuota            | CPU quota                                   |
+| .CPUSetCPUs          | CPU Set CPUs                                |
+| .CPUSetMems          | CPU Set Mems                                |
+| .CPUShares           | CPU Shares                                  |
+| .CreateCgroup        | Whether cgroup was created                  |
+| .CreateCommand       | Create command                              |
+| .Created             | Time when the pod was created               |
+| .CreateInfra         | Whether infrastructure created              |
+| .Devices             | Devices                                     |
+| .ExitPolicy          | Exit policy                                 |
+| .Hostname            | Pod hostname                                |
+| .ID                  | Pod ID                                      |
+| .InfraConfig ...     | Infra config (contains further fields)      |
+| .InfraContainerID    | Pod infrastructure ID                       |
+| .InspectPodData ...  | Nested structure, for experts only          |
+| .Labels              | Pod labels                                  |
+| .MemoryLimit         | Memory limit, bytes                         |
+| .MemorySwap          | Memory swap limit, in bytes                 |
+| .Mounts              | Mounts                                      |
+| .Name                | Pod name                                    |
+| .Namespace           | Namespace                                   |
+| .NumContainers       | Number of containers in the pod             |
+| .SecurityOpts        | Security options                            |
+| .SharedNamespaces    | Pod shared namespaces                       |
+| .State               | Pod state                                   |
+| .VolumesFrom         | Volumes from                                |
 
 #### **--latest**, **-l**
 
diff --git a/docs/source/markdown/podman-pod-kill.1.md b/docs/source/markdown/podman-pod-kill.1.md.in
index 96ced68a7..64425bb4d 100644
--- a/docs/source/markdown/podman-pod-kill.1.md
+++ b/docs/source/markdown/podman-pod-kill.1.md.in
@@ -1,4 +1,4 @@
-% podman-pod-kill(1)
+% podman-pod-kill 1
 
 ## NAME
 podman\-pod\-kill - Kill the main process of each container in one or more pods
@@ -19,10 +19,7 @@ Sends signal to all containers associated with a pod.
 Instead of providing the pod name or ID, use the last created pod. If you use methods other than Podman
 to run pods such as CRI-O, the last started pod could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--signal**, **-s**
-
-Signal to send to the containers in the pod. For more information on Linux signals, refer to *man signal(7)*.
-
+@@option signal
 
 ## EXAMPLE
 
diff --git a/docs/source/markdown/podman-pod-logs.1.md b/docs/source/markdown/podman-pod-logs.1.md.in
index 7fc1d4b90..cc224eee3 100644
--- a/docs/source/markdown/podman-pod-logs.1.md
+++ b/docs/source/markdown/podman-pod-logs.1.md.in
@@ -1,4 +1,4 @@
-% podman-pod-logs(1)
+% podman-pod-logs 1
 
 ## NAME
 podman\-pod\-logs - Displays logs for pod with one or more containers
@@ -13,51 +13,27 @@ Note: Long running command of `podman pod log` with a `-f` or `--follow` needs t
 
 ## OPTIONS
 
-#### **--color**
-
-Output the containers with different colors in the log.
+@@option color
 
 #### **--container**, **-c**
 
 By default `podman pod logs` retrieves logs for all the containers available within the pod differentiate by field `container`. However there are use-cases where user would want to limit the log stream only to a particular container of a pod for such cases `-c` can be used like `podman pod logs -c ctrNameorID podname`.
 
-#### **--follow**, **-f**
-
-Follow log output.  Default is false.
-
-Note: If you are following a pod which is removed `podman pod rm`, then there is a
-chance that the log file will be removed before `podman pod logs` reads the final content.
+@@option follow
 
 #### **--latest**, **-l**
 
 Instead of providing the pod name or id, get logs of the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--names**, **-n**
-
-Output the container names instead of the container IDs in the log.
-
-#### **--since**=*TIMESTAMP*
-
-Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration
-strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
-time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
-and 2006-01-02.
-
-#### **--tail**=*LINES*
-
-Output the specified number of LINES at the end of the logs.  LINES must be an integer.  Defaults to -1,
-which prints all lines
+@@option names
 
-#### **--timestamps**, **-t**
+@@option since
 
-Show timestamps in the log outputs.  The default is false
+@@option tail
 
-#### **--until**=*TIMESTAMP*
+@@option timestamps
 
-Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration
-strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted
-time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00,
-and 2006-01-02.
+@@option until
 
 ## EXAMPLE
 
diff --git a/docs/source/markdown/podman-pod-pause.1.md b/docs/source/markdown/podman-pod-pause.1.md
index 2d2fac00d..6519ae2e7 100644
--- a/docs/source/markdown/podman-pod-pause.1.md
+++ b/docs/source/markdown/podman-pod-pause.1.md
@@ -1,4 +1,4 @@
-% podman-pod-pause(1)
+% podman-pod-pause 1
 
 ## NAME
 podman\-pod\-pause - Pause one or more pods
diff --git a/docs/source/markdown/podman-pod-prune.1.md b/docs/source/markdown/podman-pod-prune.1.md
index 6cc9babf1..5dfb14517 100644
--- a/docs/source/markdown/podman-pod-prune.1.md
+++ b/docs/source/markdown/podman-pod-prune.1.md
@@ -1,4 +1,4 @@
-% podman-pod-prune(1)
+% podman-pod-prune 1
 
 ## NAME
 podman-pod-prune - Remove all stopped pods and their containers
diff --git a/docs/source/markdown/podman-pod-ps.1.md b/docs/source/markdown/podman-pod-ps.1.md
index 34f49173a..ae249ecf0 100644
--- a/docs/source/markdown/podman-pod-ps.1.md
+++ b/docs/source/markdown/podman-pod-ps.1.md
@@ -1,4 +1,4 @@
-% podman-pod-ps(1)
+% podman-pod-ps 1
 
 ## NAME
 podman\-pod\-ps - Prints out information about pods
diff --git a/docs/source/markdown/podman-pod-restart.1.md b/docs/source/markdown/podman-pod-restart.1.md
index 677eca3a3..1e309be9f 100644
--- a/docs/source/markdown/podman-pod-restart.1.md
+++ b/docs/source/markdown/podman-pod-restart.1.md
@@ -1,4 +1,4 @@
-% podman-pod-restart(1)
+% podman-pod-restart 1
 
 ## NAME
 podman\-pod\-restart - Restart one or more pods
@@ -24,17 +24,27 @@ Instead of providing the pod name or ID, restart the last created pod. (This opt
 
 ## EXAMPLE
 
+Restart pod with a given name
 ```
 podman pod restart mywebserverpod
 cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907
+```
 
+Restart multiple pods with given IDs
+```
 podman pod restart 490eb 3557fb
 490eb241aaf704d4dd2629904410fe4aa31965d9310a735f8755267f4ded1de5
 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
+```
 
+Restart the last created pod
+```
 podman pod restart --latest
 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
+```
 
+Restart all pods
+```
 podman pod restart --all
 19456b4cd557eaf9629825113a552681a6013f8c8cad258e36ab825ef536e818
 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
@@ -42,7 +52,6 @@ podman pod restart --all
 70c358daecf71ef9be8f62404f926080ca0133277ef7ce4f6aa2d5af6bb2d3e9
 cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907
 ```
-
 ## SEE ALSO
 **[podman(1)](podman.1.md)**, **[podman-pod(1)](podman-pod.1.md)**, **[podman-restart(1)](podman-restart.1.md)**
 
diff --git a/docs/source/markdown/podman-pod-rm.1.md b/docs/source/markdown/podman-pod-rm.1.md.in
index befab6791..5d708b65c 100644
--- a/docs/source/markdown/podman-pod-rm.1.md
+++ b/docs/source/markdown/podman-pod-rm.1.md.in
@@ -1,4 +1,4 @@
-% podman-pod-rm(1)
+% podman-pod-rm 1
 
 ## NAME
 podman\-pod\-rm - Remove one or more stopped pods and containers
@@ -19,19 +19,13 @@ Remove all pods.  Can be used in conjunction with \-f as well.
 
 Stop running containers and delete all stopped containers before removal of pod.
 
-#### **--ignore**, **-i**
-
-Ignore errors when specified pods are not in the container store.  A user might
-have decided to manually remove a pod which would lead to a failure during the
-ExecStop directive of a systemd service referencing that pod.
+@@option ignore
 
 #### **--latest**, **-l**
 
 Instead of providing the pod name or ID, remove the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--pod-id-file**
-
-Read pod ID from the specified file and remove the pod.  Can be specified multiple times.
+@@option pod-id-file.pod
 
 #### **--time**, **-t**=*seconds*
 
diff --git a/docs/source/markdown/podman-pod-start.1.md b/docs/source/markdown/podman-pod-start.1.md.in
index 45fc50c51..aec67b009 100644
--- a/docs/source/markdown/podman-pod-start.1.md
+++ b/docs/source/markdown/podman-pod-start.1.md.in
@@ -1,4 +1,4 @@
-% podman-pod-start(1)
+% podman-pod-start 1
 
 ## NAME
 podman\-pod\-start - Start one or more pods
@@ -20,9 +20,7 @@ Starts all pods
 
 Instead of providing the pod name or ID, start the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--pod-id-file**
-
-Read pod ID from the specified file and start the pod.  Can be specified multiple times.
+@@option pod-id-file.pod
 
 ## EXAMPLE
 
diff --git a/docs/source/markdown/podman-pod-stats.1.md b/docs/source/markdown/podman-pod-stats.1.md.in
index 389540fdf..4ecb30bdb 100644
--- a/docs/source/markdown/podman-pod-stats.1.md
+++ b/docs/source/markdown/podman-pod-stats.1.md.in
@@ -1,4 +1,4 @@
-% podman-pod-stats(1)
+% podman-pod-stats 1
 
 ## NAME
 podman\-pod\-stats - Display a live stream of resource usage stats for containers in one or more pods
@@ -23,16 +23,16 @@ Valid placeholders for the Go template are listed below:
 
 | **Placeholder** | **Description**    |
 | --------------- | ------------------ |
-| .Pod            | Pod ID             |
+| .BlockIO        | Block IO           |
 | .CID            | Container ID       |
-| .Name           | Container Name     |
 | .CPU            | CPU percentage     |
+| .Mem            | Memory percentage  |
 | .MemUsage       | Memory usage       |
 | .MemUsageBytes  | Memory usage (IEC) |
-| .Mem            | Memory percentage  |
+| .Name           | Container Name     |
 | .NetIO          | Network IO         |
-| .BlockIO        | Block IO           |
 | .PIDS           | Number of PIDs     |
+| .Pod            | Pod ID             |
 
 When using a GO template, you may precede the format with `table` to print headers.
 
@@ -40,13 +40,9 @@ When using a GO template, you may precede the format with `table` to print heade
 
 Instead of providing the pod name or ID, use the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--no-reset**
-
-Do not clear the terminal/screen in between reporting intervals
-
-#### **--no-stream**
+@@option no-reset
 
-Disable streaming pod stats and only pull the first result, default setting is false
+@@option no-stream
 
 ## EXAMPLE
 
diff --git a/docs/source/markdown/podman-pod-stop.1.md b/docs/source/markdown/podman-pod-stop.1.md.in
index bded0ba7d..575a5fa30 100644
--- a/docs/source/markdown/podman-pod-stop.1.md
+++ b/docs/source/markdown/podman-pod-stop.1.md.in
@@ -1,4 +1,4 @@
-% podman-pod-stop(1)
+% podman-pod-stop 1
 
 ## NAME
 podman\-pod\-stop - Stop one or more pods
@@ -15,19 +15,13 @@ Stop containers in one or more pods.  You may use pod IDs or names as input.
 
 Stops all pods
 
-#### **--ignore**, **-i**
-
-Ignore errors when specified pods are not in the container store.  A user might
-have decided to manually remove a pod which would lead to a failure during the
-ExecStop directive of a systemd service referencing that pod.
+@@option ignore
 
 #### **--latest**, **-l**
 
 Instead of providing the pod name or ID, stop the last created pod. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--pod-id-file**
-
-Read pod ID from the specified file and stop the pod.  Can be specified multiple times.
+@@option pod-id-file.pod
 
 #### **--time**, **-t**=*seconds*
 
@@ -35,20 +29,20 @@ Seconds to wait before forcibly stopping the containers in the pod.
 
 ## EXAMPLE
 
-Stop a pod called *mywebserverpod*
+Stop pod with a given name
 ```
 $ podman pod stop mywebserverpod
 cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907
 ```
 
-Stop two pods by their short IDs.
+Stop multiple pods with given IDs.
 ```
 $ podman pod stop 490eb 3557fb
 490eb241aaf704d4dd2629904410fe4aa31965d9310a735f8755267f4ded1de5
 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
 ```
 
-Stop the most recent pod
+Stop the last created pod
 ```
 $ podman pod stop --latest
 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
@@ -71,7 +65,7 @@ $ podman pod stop --pod-id-file file1 --pod-id-file file2
 cc8f0bea67b1a1a11aec1ecd38102a1be4b145577f21fc843c7c83b77fc28907
 ```
 
-Stop all pods with a timeout of 1 second.
+Stop all pods with a timeout of 1 second
 ```
 $ podman pod stop -a -t 1
 3557fbea6ad61569de0506fe037479bd9896603c31d3069a6677f23833916fab
diff --git a/docs/source/markdown/podman-pod-top.1.md b/docs/source/markdown/podman-pod-top.1.md
index 3f4c24117..6a2077656 100644
--- a/docs/source/markdown/podman-pod-top.1.md
+++ b/docs/source/markdown/podman-pod-top.1.md
@@ -1,4 +1,4 @@
-% podman-pod-top(1)
+% podman-pod-top 1
 
 ## NAME
 podman\-pod\-top - Display the running processes of containers in a pod
diff --git a/docs/source/markdown/podman-pod-unpause.1.md b/docs/source/markdown/podman-pod-unpause.1.md
index d6645d69c..f4b50275e 100644
--- a/docs/source/markdown/podman-pod-unpause.1.md
+++ b/docs/source/markdown/podman-pod-unpause.1.md
@@ -1,4 +1,4 @@
-% podman-pod-unpause(1)
+% podman-pod-unpause 1
 
 ## NAME
 podman\-pod\-unpause - Unpause one or more pods
diff --git a/docs/source/markdown/podman-pod.1.md b/docs/source/markdown/podman-pod.1.md
index c38235e89..680324316 100644
--- a/docs/source/markdown/podman-pod.1.md
+++ b/docs/source/markdown/podman-pod.1.md
@@ -1,4 +1,4 @@
-% podman-pod(1)
+% podman-pod 1
 
 ## NAME
 podman\-pod - Management tool for groups of containers, called pods
diff --git a/docs/source/markdown/podman-port.1.md b/docs/source/markdown/podman-port.1.md
index ebfeeccd7..c1c67a28d 100644
--- a/docs/source/markdown/podman-port.1.md
+++ b/docs/source/markdown/podman-port.1.md
@@ -1,4 +1,4 @@
-% podman-port(1)
+% podman-port 1
 
 ## NAME
 podman\-port - List port mappings for a container
diff --git a/docs/source/markdown/podman-ps.1.md b/docs/source/markdown/podman-ps.1.md
index 6e2a8616c..3b5a2a508 100644
--- a/docs/source/markdown/podman-ps.1.md
+++ b/docs/source/markdown/podman-ps.1.md
@@ -1,4 +1,4 @@
-% podman-ps(1)
+% podman-ps 1
 
 ## NAME
 podman\-ps - Prints out information about containers
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md.in
index 99e227226..46adec97b 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md.in
@@ -1,4 +1,4 @@
-% podman-pull(1)
+% podman-pull 1
 
 ## NAME
 podman\-pull - Pull an image from a registry
@@ -49,57 +49,29 @@ All tagged images in the repository will be pulled.
 
 *IMPORTANT: When using the all-tags flag, Podman will not iterate over the search registries in the **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)** but will always use docker.io for unqualified image names.*
 
-#### **--arch**=*ARCH*
-Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`.
+@@option arch
 
-#### **--authfile**=*path*
+@@option authfile
 
-Path of the authentication file. If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using `docker login`.
+@@option cert-dir
 
-Default is `${XDG\_RUNTIME\_DIR}/containers/auth.json`, which is set using `podman login`.
+@@option creds
 
-*IMPORTANT: The default path of the authentication file can be overwritten by setting the `REGISTRY\_AUTH\_FILE` environment variable. `export REGISTRY_AUTH_FILE=path`*
-
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--creds**=*[username[:password]]*
-
-The [username[:password]] to use to authenticate with the registry if required.
-If one or both values are not supplied, a command line prompt will appear and the
-value can be entered.  The password is entered without echo.
-
-#### **--disable-content-trust**
-
-This is a Docker specific option to disable image verification to a Docker
-registry and is not supported by Podman.  This flag is a NOOP and provided
-solely for scripting compatibility.
+@@option disable-content-trust
 
 #### **--help**, **-h**
 
 Print the usage statement.
 
-#### **--os**=*OS*
-
-Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
-
-#### **--platform**=*OS/ARCH*
+@@option os.pull
 
-Specify the platform for selecting the image. The `--platform` option can be used to override the current architecture and operating system.
-
-*IMPORTANT: Conflicts with --arch and --os*
+@@option platform
 
 #### **--quiet**, **-q**
 
 Suppress output information when pulling images
 
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
-then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
-TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
+@@option tls-verify
 
 #### **--variant**=*VARIANT*
 
diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md.in
index 115d077dd..c679950f7 100644
--- a/docs/source/markdown/podman-push.1.md
+++ b/docs/source/markdown/podman-push.1.md.in
@@ -1,4 +1,4 @@
-% podman-push(1)
+% podman-push 1
 
 ## NAME
 podman\-push - Push an image, manifest list or image index from local storage to elsewhere
@@ -47,18 +47,9 @@ $ podman push myimage oci-archive:/tmp/myimage
 
 ## OPTIONS
 
-#### **--authfile**=*path*
+@@option authfile
 
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
-If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
-
-#### **--cert-dir**=*path*
-
-Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
-Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option cert-dir
 
 #### **--compress**
 
@@ -69,21 +60,11 @@ Note: This flag can only be set when using the **dir** transport
 
 Specifies the compression format to use.  Supported values are: `gzip`, `zstd` and `zstd:chunked`.  The default is `gzip` unless overridden in the containers.conf file.
 
-#### **--creds**=*[username[:password]]*
-
-The [username[:password]] to use to authenticate with the registry if required.
-If one or both values are not supplied, a command line prompt will appear and the
-value can be entered.  The password is entered without echo.
-
-#### **--digestfile**=*Digestfile*
+@@option creds
 
-After copying the image, write the digest of the resulting image to the file.  (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+@@option digestfile
 
-#### **--disable-content-trust**
-
-This is a Docker specific option to disable image verification to a Docker
-registry and is not supported by Podman.  This flag is a NOOP and provided
-solely for scripting compatibility.
+@@option disable-content-trust
 
 #### **--format**, **-f**=*format*
 
@@ -99,13 +80,17 @@ Discard any pre-existing signatures in the image.
 
 #### **--sign-by**=*key*
 
-Add a signature at the destination using the specified key. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+Add a “simple signing� signature at the destination using the specified key. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+
+#### **--sign-by-sigstore-private-key**=*path*
+
+Add a sigstore signature at the destination using a private key at the specified path. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+
+#### **--sign-passphrase-file**=*path*
 
-#### **--tls-verify**
+If signing the image (using either **--sign-by** or **--sign-by-sigstore-private-key**), read the passphrase to use from the specified path.
 
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
-then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
-TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
+@@option tls-verify
 
 ## EXAMPLE
 
diff --git a/docs/source/markdown/podman-remote.1.md b/docs/source/markdown/podman-remote.1.md
index e87129e38..6369eea56 100644
--- a/docs/source/markdown/podman-remote.1.md
+++ b/docs/source/markdown/podman-remote.1.md
@@ -1,4 +1,4 @@
-% podman-remote(1)
+% podman-remote 1
 
 ## NAME
 podman-remote - A remote CLI for Podman: A Simple management tool for pods, containers and images.
diff --git a/docs/source/markdown/podman-rename.1.md b/docs/source/markdown/podman-rename.1.md
index 4017db505..a91ac2666 100644
--- a/docs/source/markdown/podman-rename.1.md
+++ b/docs/source/markdown/podman-rename.1.md
@@ -1,4 +1,4 @@
-% podman-rename(1)
+% podman-rename 1
 
 ## NAME
 podman\-rename - Rename an existing container
@@ -19,18 +19,18 @@ At present, only containers are supported; pods and volumes cannot be renamed.
 
 ## EXAMPLES
 
+Rename container with a given name
 ```
-# Rename a container by name
 $ podman rename oldContainer aNewName
 ```
 
+Rename container with a given ID
 ```
-# Rename a container by ID
 $ podman rename 717716c00a6b testcontainer
 ```
 
+Create an alias for container with a given ID
 ```
-# Use the container rename alias
 $ podman container rename 6e7514b47180 databaseCtr
 ```
 
diff --git a/docs/source/markdown/podman-restart.1.md b/docs/source/markdown/podman-restart.1.md
index 323087069..513b9a1bf 100644
--- a/docs/source/markdown/podman-restart.1.md
+++ b/docs/source/markdown/podman-restart.1.md
@@ -1,4 +1,4 @@
-% podman-restart(1)
+% podman-restart 1
 
 ## NAME
 podman\-restart - Restart one or more containers
@@ -14,14 +14,46 @@ Containers will be stopped if they are running and then restarted. Stopped
 containers will not be stopped and will only be started.
 
 ## OPTIONS
+
 #### **--all**, **-a**
+
 Restart all containers regardless of their current state.
 
+#### **--cidfile**
+
+Read container ID from the specified file and restart the container.  Can be specified multiple times.
+
+#### **--filter**, **-f**=*filter*
+
+Filter what containers restart.
+Multiple filters can be given with multiple uses of the --filter flag.
+Filters with the same key work inclusive with the only exception being
+`label` which is exclusive. Filters with different keys always work exclusive.
+
+Valid filters are listed below:
+
+| **Filter**      | **Description**                                                                  |
+| --------------- | -------------------------------------------------------------------------------- |
+| id              | [ID] Container's ID (accepts regex)                                              |
+| name            | [Name] Container's name (accepts regex)                                          |
+| label           | [Key] or [Key=Value] Label assigned to a container                               |
+| exited          | [Int] Container's exit code                                                      |
+| status          | [Status] Container's status: 'created', 'exited', 'paused', 'running', 'unknown' |
+| ancestor        | [ImageName] Image or descendant used to create container                         |
+| before          | [ID] or [Name] Containers created before this container                          |
+| since           | [ID] or [Name] Containers created since this container                           |
+| volume          | [VolumeName] or [MountpointDestination] Volume mounted in container              |
+| health          | [Status] healthy or unhealthy                                                    |
+| pod             | [Pod] name or full or partial ID of pod                                          |
+| network         | [Network] name or full ID of network                                             |
+
 #### **--latest**, **-l**
+
 Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
 to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
 #### **--running**
+
 Restart all containers that are already in the *running* state.
 
 #### **--time**, **-t**=*seconds*
@@ -59,6 +91,12 @@ Restart all containers
 $ podman restart --all
 ```
 
+Restart container using ID specified in a given files.
+```
+$ podman restart --cidfile /home/user/cidfile-1
+$ podman restart --cidfile /home/user/cidfile-1 --cidfile ./cidfile-2
+```
+
 ## SEE ALSO
 **[podman(1)](podman.1.md)**
 
diff --git a/docs/source/markdown/podman-rm.1.md b/docs/source/markdown/podman-rm.1.md.in
index 1fac3aa34..6f4366ce9 100644
--- a/docs/source/markdown/podman-rm.1.md
+++ b/docs/source/markdown/podman-rm.1.md.in
@@ -1,4 +1,4 @@
-% podman-rm(1)
+% podman-rm 1
 
 ## NAME
 podman\-rm - Remove one or more containers
@@ -18,14 +18,36 @@ Running or unusable containers will not be removed without the **-f** option.
 
 Remove all containers.  Can be used in conjunction with **-f** as well.
 
-#### **--cidfile**
-
-Read container ID from the specified file and remove the container.  Can be specified multiple times.
+@@option cidfile.read
 
 #### **--depend**
 
 Remove selected container and recursively remove all containers that depend on it.
 
+#### **--filter**=*filter*
+
+Filter what containers remove.
+Multiple filters can be given with multiple uses of the --filter flag.
+Filters with the same key work inclusive with the only exception being
+`label` which is exclusive. Filters with different keys always work exclusive.
+
+Valid filters are listed below:
+
+| **Filter**      | **Description**                                                                  |
+| --------------- | -------------------------------------------------------------------------------- |
+| id              | [ID] Container's ID (accepts regex)                                              |
+| name            | [Name] Container's name (accepts regex)                                          |
+| label           | [Key] or [Key=Value] Label assigned to a container                               |
+| exited          | [Int] Container's exit code                                                      |
+| status          | [Status] Container's status: 'created', 'exited', 'paused', 'running', 'unknown' |
+| ancestor        | [ImageName] Image or descendant used to create container                         |
+| before          | [ID] or [Name] Containers created before this container                          |
+| since           | [ID] or [Name] Containers created since this container                           |
+| volume          | [VolumeName] or [MountpointDestination] Volume mounted in container              |
+| health          | [Status] healthy or unhealthy                                                    |
+| pod             | [Pod] name or full or partial ID of pod                                          |
+| network         | [Network] name or full ID of network                                             |
+
 #### **--force**, **-f**
 
 Force the removal of running and paused containers. Forcing a container removal also
@@ -34,11 +56,7 @@ Containers could have been created by a different container engine.
 In addition, forcing can be used to remove unusable containers, e.g. containers
 whose OCI runtime has become unavailable.
 
-#### **--ignore**, **-i**
-
-Ignore errors when specified containers are not in the container store.  A user
-might have decided to manually remove a container which would lead to a failure
-during the ExecStop directive of a systemd service referencing that container.
+@@option ignore
 
 #### **--latest**, **-l**
 
@@ -55,37 +73,37 @@ Remove anonymous volumes associated with the container. This does not include na
 created with **podman volume create**, or the **--volume** option of **podman run** and **podman create**.
 
 ## EXAMPLE
-Remove a container by its name *mywebserver*
+Remove container with a given name
 ```
 $ podman rm mywebserver
 ```
 
-Remove a *mywebserver* container and all of the containers that depend on it
+Remove container with a given name and all of the containers that depend on it
 ```
 $ podman rm --depend mywebserver
 ```
 
-Remove several containers by name and container id.
+Remove multiple containers with given names or IDs
 ```
 $ podman rm mywebserver myflaskserver 860a4b23
 ```
 
-Remove several containers reading their IDs from files.
+Remove multiple containers with IDs read from files
 ```
 $ podman rm --cidfile ./cidfile-1 --cidfile /home/user/cidfile-2
 ```
 
-Forcibly remove a container by container ID.
+Forcibly remove container with a given ID
 ```
 $ podman rm -f 860a4b23
 ```
 
-Remove all containers regardless of its run state.
+Remove all containers regardless of the run state
 ```
 $ podman rm -f -a
 ```
 
-Forcibly remove the latest container created.
+Forcibly remove the last created container
 ```
 $ podman rm -f --latest
 ```
diff --git a/docs/source/markdown/podman-rmi.1.md b/docs/source/markdown/podman-rmi.1.md
index 8d0e5e500..08e6742c9 100644
--- a/docs/source/markdown/podman-rmi.1.md
+++ b/docs/source/markdown/podman-rmi.1.md
@@ -1,4 +1,4 @@
-% podman-rmi(1)
+% podman-rmi 1
 
 ## NAME
 podman\-rmi - Removes one or more locally stored images
@@ -28,6 +28,9 @@ This option will cause podman to remove all containers that are using the image
 
 If a specified image does not exist in the local storage, ignore it and do not throw an error.
 
+#### **--no-prune**
+
+This options will not remove dangling parents of specified image
 
 Remove an image by its short ID
 ```
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
deleted file mode 100644
index 8c889f0a5..000000000
--- a/docs/source/markdown/podman-run.1.md
+++ /dev/null
@@ -1,2032 +0,0 @@
-% podman-run(1)
-
-## NAME
-podman\-run - Run a command in a new container
-
-## SYNOPSIS
-**podman run** [*options*] *image* [*command* [*arg* ...]]
-
-**podman container run** [*options*] *image* [*command* [*arg* ...]]
-
-## DESCRIPTION
-
-Run a process in a new container. **podman run** starts a process with its own
-file system, its own networking, and its own isolated process tree. The _image_
-which starts the process may define defaults related to the process that will be
-run in the container, the networking to expose, and more, but **podman run**
-gives final control to the operator or administrator who starts the container
-from the image. For that reason **podman run** has more options than any other
-Podman command.
-
-If the _image_ is not already loaded then **podman run** will pull the _image_, and
-all image dependencies, from the repository in the same way running **podman
-pull** _image_ , before it starts the container from that image.
-
-Several files will be automatically created within the container. These include
-_/etc/hosts_, _/etc/hostname_, and _/etc/resolv.conf_ to manage networking.
-These will be based on the host's version of the files, though they can be
-customized with options (for example, **--dns** will override the host's DNS
-servers in the created _resolv.conf_). Additionally, a container environment
-file is created in each container to indicate to programs they are running in a
-container. This file is located at _/run/.containerenv_. When using the
---privileged flag the .containerenv contains name/value pairs indicating the
-container engine version, whether the engine is running in rootless mode, the
-container name and id, as well as the image name and id that the container is based on.
-
-When running from a user defined network namespace, the _/etc/netns/NSNAME/resolv.conf_
-will be used if it exists, otherwise _/etc/resolv.conf_ will be used.
-
-Default settings are defined in `containers.conf`. Most settings for remote
-connections use the servers containers.conf, except when documented in man
-pages.
-
-## IMAGE
-
-  The image is specified using transport:path format. If no transport is specified, the `docker` (container registry)
-transport will be used by default. For remote Podman, including Mac and Windows (excluding WSL2) machines, `docker` is the only allowed transport.
-
-  **dir:**_path_
-  An existing local directory _path_ storing the manifest, layer tarballs and signatures as individual files. This
-is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
-
-    $ podman save --format docker-dir fedora -o /tmp/fedora
-    $ podman run dir:/tmp/fedora echo hello
-
-  **docker://**_docker-reference_ (Default)
-  An image reference stored in a remote container image registry. Example: "quay.io/podman/stable:latest".
-The reference can include a path to a specific registry; if it does not, the
-registries listed in registries.conf will be queried to find a matching image.
-By default, credentials from `podman login` (stored at
-$XDG_RUNTIME_DIR/containers/auth.json by default) will be used to authenticate;
-otherwise it falls back to using credentials in $HOME/.docker/config.json.
-
-    $ podman run registry.fedoraproject.org/fedora:latest echo hello
-
-  **docker-archive:**_path_[**:**_docker-reference_]
-An image stored in the `docker save` formatted file. _docker-reference_ is only used when creating such a
-file, and it must not contain a digest.
-
-    $ podman save --format docker-archive fedora -o /tmp/fedora
-    $ podman run docker-archive:/tmp/fedora echo hello
-
-  **docker-daemon:**_docker-reference_
-  An image in _docker-reference_ format stored in the docker daemon internal storage. The _docker-reference_ can also be an image ID (docker-daemon:algo:digest).
-
-    $ sudo docker pull fedora
-    $ sudo podman run docker-daemon:docker.io/library/fedora echo hello
-
-  **oci-archive:**_path_**:**_tag_
-  An image in a directory compliant with the "Open Container Image Layout Specification" at the specified _path_
-and specified with a _tag_.
-
-    $ podman save --format oci-archive fedora -o /tmp/fedora
-    $ podman run oci-archive:/tmp/fedora echo hello
-
-## OPTIONS
-#### **--add-host**=*host:ip*
-
-Add a custom host-to-IP mapping (host:ip)
-
-Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
-option can be set multiple times.
-
-#### **--annotation**=*key=value*
-
-Add an annotation to the container.
-This option can be set multiple times.
-
-#### **--arch**=*ARCH*
-Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`.
-
-#### **--attach**, **-a**=*stdin* | *stdout* | *stderr*
-
-Attach to STDIN, STDOUT or STDERR.
-
-In foreground mode (the default when **-d**
-is not specified), **podman run** can start the process in the container
-and attach the console to the process's standard input, output, and
-error. It can even pretend to be a TTY (this is what most commandline
-executables expect) and pass along signals. The **-a** option can be set for
-each of **stdin**, **stdout**, and **stderr**.
-
-#### **--authfile**=*[path]*
-
-Path to the authentication file. Default is *${XDG_RUNTIME_DIR}/containers/auth.json*.
-
-Note: You can also override the default path of the authentication file by setting the **REGISTRY_AUTH_FILE**
-environment variable.
-
-#### **--blkio-weight**=*weight*
-
-Block IO relative weight. The _weight_ is a value between **10** and **1000**.
-
-#### **--blkio-weight-device**=*device:weight*
-
-Block IO relative device weight.
-
-#### **--cap-add**=*capability*
-
-Add Linux capabilities.
-
-#### **--cap-drop**=*capability*
-
-Drop Linux capabilities.
-
-#### **--cgroup-conf**=*KEY=VALUE*
-
-When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB.
-
-#### **--cgroup-parent**=*path*
-
-Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
-
-#### **--cgroupns**=*mode*
-
-Set the cgroup namespace mode for the container.
-
-- **host**: use the host's cgroup namespace inside the container.
-- **container:**_id_: join the namespace of the specified container.
-- **private**: create a new cgroup namespace.
-- **ns:**_path_: join the namespace at the specified path.
-
-If the host uses cgroups v1, the default is set to **host**. On cgroups v2, the default is **private**.
-
-#### **--cgroups**=*how*
-
-Determines whether the container will create CGroups.
-
-Default is **enabled**.
-
-The **enabled** option will create a new cgroup under the cgroup-parent.
-The **disabled** option will force the container to not create CGroups, and thus conflicts with CGroup options (**--cgroupns** and **--cgroup-parent**).
-The **no-conmon** option disables a new CGroup only for the **conmon** process.
-The **split** option splits the current CGroup in two sub-cgroups: one for conmon and one for the container payload. It is not possible to set **--cgroup-parent** with **split**.
-
-#### **--chrootdirs**=*path*
-
-Path to a directory inside the container that should be treated as a `chroot` directory.
-Any Podman managed file (e.g., /etc/resolv.conf, /etc/hosts, etc/hostname) that is mounted into the root directory will be mounted into that location as well.
-Multiple directories should be separated with a comma.
-
-#### **--cidfile**=*file*
-
-Write the container ID to *file*.
-
-#### **--conmon-pidfile**=*file*
-
-Write the pid of the **conmon** process to a file. As **conmon** runs in a separate process than Podman, this is necessary when using systemd to restart Podman containers.
-(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--cpu-period**=*limit*
-
-Set the CPU period for the Completely Fair Scheduler (CFS), which is a
-duration in microseconds. Once the container's CPU quota is used up, it will
-not be scheduled to run until the current period ends. Defaults to 100000
-microseconds.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpu-quota**=*limit*
-
-Limit the CPU Completely Fair Scheduler (CFS) quota.
-
-Limit the container's CPU usage. By default, containers run with the full
-CPU resource. The limit is a number in microseconds. If you provide a number,
-the container will be allowed to use that much CPU time until the CPU period
-ends (controllable via **--cpu-period**).
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpu-rt-period**=*microseconds*
-
-Limit the CPU real-time period in microseconds.
-
-Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--cpu-rt-runtime**=*microseconds*
-
-Limit the CPU real-time runtime in microseconds.
-
-Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex:
-Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks.
-
-The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--cpu-shares**, **-c**=*shares*
-
-CPU shares (relative weight).
-
-By default, all containers get the same proportion of CPU cycles. This proportion
-can be modified by changing the container's CPU share weighting relative
-to the combined weight of all the running containers. Default weight is **1024**.
-
-The proportion will only apply when CPU-intensive processes are running.
-When tasks in one container are idle, other containers can use the
-left-over CPU time. The actual amount of CPU time will vary depending on
-the number of containers running on the system.
-
-For example, consider three containers, one has a cpu-share of 1024 and
-two others have a cpu-share setting of 512. When processes in all three
-containers attempt to use 100% of CPU, the first container would receive
-50% of the total CPU time. If you add a fourth container with a cpu-share
-of 1024, the first container only gets 33% of the CPU. The remaining containers
-receive 16.5%, 16.5% and 33% of the CPU.
-
-On a multi-core system, the shares of CPU time are distributed over all CPU
-cores. Even if a container is limited to less than 100% of CPU time, it can
-use 100% of each individual CPU core.
-
-For example, consider a system with more than three cores.
-If the container _C0_ is started with **--cpu-shares=512** running one process,
-and another container _C1_ with **--cpu-shares=1024** running two processes,
-this can result in the following division of CPU shares:
-
-| PID  |  container  | CPU     | CPU share    |
-| ---- | ----------- | ------- | ------------ |
-| 100  |  C0         | 0       | 100% of CPU0 |
-| 101  |  C1         | 1       | 100% of CPU1 |
-| 102  |  C1         | 2       | 100% of CPU2 |
-
-#### **--cpus**=*number*
-
-Number of CPUs. The default is *0.0* which means no limit. This is shorthand
-for **--cpu-period** and **--cpu-quota**, so you may only set either
-**--cpus** or **--cpu-period** and **--cpu-quota**.
-
-On some systems, changing the CPU limits may not be allowed for non-root
-users. For more details, see
-https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-
-#### **--cpuset-cpus**=*number*
-
-CPUs in which to allow execution. Can be specified as a comma-separated list
-(e.g. **0,1**), as a range (e.g. **0-3**), or any combination thereof
-(e.g. **0-3,7,11-15**).
-
-#### **--cpuset-mems**=*nodes*
-
-Memory nodes (MEMs) in which to allow execution. Only effective on NUMA systems.
-
-For example, if you have four memory nodes (0-3) on your system, use **--cpuset-mems=0,1**
-to only use memory from the first two memory nodes.
-
-#### **--detach**, **-d**
-
-Detached mode: run the container in the background and print the new container ID. The default is *false*.
-
-At any time you can run **podman ps** in
-the other shell to view a list of the running containers. You can reattach to a
-detached container with **podman attach**.
-
-When attached in the tty mode, you can detach from the container (and leave it
-running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`.
-Specify the key sequence using the **--detach-keys** option, or configure
-it in the **containers.conf** file: see **containers.conf(5)** for more information.
-
-#### **--detach-keys**=*sequence*
-
-Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will set the sequence to the default value of *ctrl-p,ctrl-q*.
-
-This option can also be set in **containers.conf**(5) file.
-
-#### **--device**=*host-device[:container-device][:permissions]*
-
-Add a host device to the container. Optional *permissions* parameter
-can be used to specify device permissions by combining
-**r** for read, **w** for write, and **m** for **mknod**(2).
-
-Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
-
-Note: if _host_device_ is a symbolic link then it will be resolved first.
-The container will only store the major and minor numbers of the host device.
-
-Note: if the user only has access rights via a group, accessing the device
-from inside a rootless container will fail. Use the `--group-add keep-groups`
-flag to pass the user's supplementary group access into the container.
-
-Podman may load kernel modules required for using the specified
-device. The devices that Podman will load modules when necessary are:
-/dev/fuse.
-
-#### **--device-cgroup-rule**=*rule*
-
-Add a rule to the cgroup allowed devices list
-
-#### **--device-read-bps**=*path:rate*
-
-Limit read rate (in bytes per second) from a device (e.g. **--device-read-bps=/dev/sda:1mb**).
-
-#### **--device-read-iops**=*path:rate*
-
-Limit read rate (in IO operations per second) from a device (e.g. **--device-read-iops=/dev/sda:1000**).
-
-#### **--device-write-bps**=*path:rate*
-
-Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/dev/sda:1mb**).
-
-#### **--device-write-iops**=*path:rate*
-
-Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**).
-
-#### **--disable-content-trust**
-
-This is a Docker specific option to disable image verification to a Docker
-registry and is not supported by Podman. This flag is a NOOP and provided
-solely for scripting compatibility.
-
-#### **--dns**=*ipaddr*
-
-Set custom DNS servers. Invalid if using **--dns** with **--network** that is set to **none** or **container:**_id_.
-
-This option can be used to override the DNS
-configuration passed to the container. Typically this is necessary when the
-host DNS configuration is invalid for the container (e.g., **127.0.0.1**). When this
-is the case the **--dns** flag is necessary for every run.
-
-The special value **none** can be specified to disable creation of _/etc/resolv.conf_ in the container by Podman.
-The _/etc/resolv.conf_ file in the image will be used without changes.
-
-#### **--dns-opt**=*option*
-
-Set custom DNS options. Invalid if using **--dns-opt** with **--network** that is set to **none** or **container:**_id_.
-
-#### **--dns-search**=*domain*
-
-Set custom DNS search domains. Invalid if using **--dns-search** and **--network** that is set to **none** or **container:**_id_.
-Use **--dns-search=.** if you don't wish to set the search domain.
-
-#### **--entrypoint**=*"command"* | *'["command", "arg1", ...]'*
-
-Overwrite the default ENTRYPOINT of the image.
-
-This option allows you to overwrite the default entrypoint of the image.
-
-The ENTRYPOINT of an image is similar to a COMMAND
-because it specifies what executable to run when the container starts, but it is
-(purposely) more difficult to override. The ENTRYPOINT gives a container its
-default nature or behavior, so that when you set an ENTRYPOINT you can run the
-container as if it were that binary, complete with default options, and you can
-pass in more options via the COMMAND. But, sometimes an operator may want to run
-something else inside the container, so you can override the default ENTRYPOINT
-at runtime by using a **--entrypoint** and a string to specify the new
-ENTRYPOINT.
-
-You need to specify multi option commands in the form of a json string.
-
-#### **--env**, **-e**=*env*
-
-Set environment variables.
-
-This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in __*__ is specified without a value, Podman will search the host environment for variables starting with the prefix and will add those variables to the container.
-
-See [**Environment**](#environment) note below for precedence and examples.
-
-#### **--env-file**=*file*
-
-Read in a line delimited file of environment variables. See **Environment** note below for precedence.
-
-#### **--env-host**
-
-Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--expose**=*port*
-
-Expose a port, or a range of ports (e.g. **--expose=3300-3310**) to set up port redirection
-on the host system.
-
-#### **--gidmap**=*container_gid:host_gid:amount*
-
-Run the container in a new user namespace using the supplied GID mapping. This
-option conflicts with the **--userns** and **--subgidname** options. This
-option provides a way to map host GIDs to container GIDs in the same way as
-__--uidmap__ maps host UIDs to container UIDs. For details see __--uidmap__.
-
-Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** flag as a gidmap cannot be set on the container level when in a pod.
-
-#### **--group-add**=*group* | *keep-groups*
-
-Assign additional groups to the primary user running within the container process.
-
-- `keep-groups` is a special flag that tells Podman to keep the supplementary group access.
-
-Allows container to use the user's supplementary group access. If file systems or
-devices are only accessible by the rootless user's group, this flag tells the OCI
-runtime to pass the group access into the container. Currently only available
-with the `crun` OCI runtime. Note: `keep-groups` is exclusive, you cannot add any other groups
-with this flag. (Not available for remote commands, including Mac and Windows (excluding WSL2) machines)
-
-#### **--health-cmd**=*"command"* | *'["command", "arg1", ...]'*
-
-Set or alter a healthcheck command for a container. The command is a command to be executed inside your
-container that determines your container health. The command is required for other healthcheck options
-to be applied. A value of **none** disables existing healthchecks.
-
-Multiple options can be passed in the form of a JSON array; otherwise, the command will be interpreted
-as an argument to **/bin/sh -c**.
-
-#### **--health-interval**=*interval*
-
-Set an interval for the healthchecks. An _interval_ of **disable** results in no automatic timer setup. The default is **30s**.
-
-#### **--health-retries**=*retries*
-
-The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is **3**.
-
-#### **--health-start-period**=*period*
-
-The initialization time needed for a container to bootstrap. The value can be expressed in time format like
-**2m3s**. The default value is **0s**.
-
-#### **--health-timeout**=*timeout*
-
-The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the
-value can be expressed in a time format such as **1m22s**. The default value is **30s**.
-
-#### **--help**
-
-Print usage statement
-
-#### **--hostname**, **-h**=*name*
-
-Container host name
-
-Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used.
-
-#### **--hostuser**=*name*
-
-Add a user account to /etc/passwd from the host to the container. The Username
-or UID must exist on the host system.
-
-#### **--http-proxy**
-
-By default proxy environment variables are passed into the container if set
-for the Podman process. This can be disabled by setting the value to **false**.
-The environment variables passed in include **http_proxy**,
-**https_proxy**, **ftp_proxy**, **no_proxy**, and also the upper case versions of
-those. This option is only needed when the host system must use a proxy but
-the container should not use any proxy. Proxy environment variables specified
-for the container in any other way will override the values that would have
-been passed through from the host. (Other ways to specify the proxy for the
-container include passing the values with the **--env** flag, or hard coding the
-proxy environment at container build time.) (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-Defaults to **true**.
-
-#### **--image-volume**=**bind** | *tmpfs* | *ignore*
-
-Tells Podman how to handle the builtin image volumes. Default is **bind**.
-
-- **bind**: An anonymous named volume will be created and mounted into the container.
-- **tmpfs**: The volume is mounted onto the container as a tmpfs, which allows the users to create
-content that disappears when the container is stopped.
-- **ignore**: All volumes are just ignored and no action is taken.
-
-#### **--init**
-
-Run an init inside the container that forwards signals and reaps processes.
-The container-init binary is mounted at `/run/podman-init`.
-Mounting over `/run` will hence break container execution.
-
-#### **--init-path**=*path*
-
-Path to the container-init binary.
-
-#### **--interactive**, **-i**
-
-When set to **true**, keep stdin open even if not attached. The default is **false**.
-
-#### **--ip**=*ipv4*
-
-Specify a static IPv4 address for the container, for example **10.88.64.128**.
-This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
-and if the container is not joining another container's network namespace via **--network=container:_id_**.
-The address must be within the network's IP address pool (default **10.88.0.0/16**).
-
-To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option.
-
-#### **--ip6**=*ipv6*
-
-Specify a static IPv6 address for the container, for example **fd46:db93:aa76:ac37::10**.
-This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
-and if the container is not joining another container's network namespace via **--network=container:_id_**.
-The address must be within the network's IPv6 address pool.
-
-To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
-
-#### **--ipc**=*mode*
-
-Set the IPC namespace mode for a container. The default is to create
-a private IPC namespace.
-
-- "": Use Podman's default, defined in containers.conf.
-- **container:**_id_: reuses another container shared memory, semaphores and message queues
-- **host**: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
-- **none**:  private IPC namespace, with /dev/shm not mounted.
-- **ns:**_path_: path to an IPC namespace to join.
-- **private**: private IPC namespace.
-= **shareable**: private IPC namespace with a possibility to share it with  other containers.
-
-#### **--label**, **-l**=*key=value*
-
-Add metadata to a container.
-
-#### **--label-file**=*file*
-
-Read in a line-delimited file of labels.
-
-#### **--link-local-ip**=*ip*
-
-Not implemented.
-
-#### **--log-driver**=*driver*
-
-Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility. (Default **journald**)
-
-The podman info command below will display the default log-driver for the system.
-```
-$ podman info --format '{{ .Host.LogDriver }}'
-journald
-```
-The **passthrough** driver passes down the standard streams (stdin, stdout, stderr) to the
-container.  It is not allowed with the remote Podman client, including Mac and Windows (excluding WSL2) machines, and on a tty, since it is
-vulnerable to attacks via TIOCSTI.
-
-
-#### **--log-opt**=*name=value*
-
-Logging driver specific options.
-
-Set custom logging configuration. The following *name*s are supported:
-
-**path**: specify a path to the log file
-    (e.g. **--log-opt path=/var/log/container/mycontainer.json**);
-
-**max-size**: specify a max size of the log file
-    (e.g. **--log-opt max-size=10mb**);
-
-**tag**: specify a custom log tag for the container
-   (e.g. **--log-opt tag="{{.ImageName}}"**.
-
-This option is currently supported only by the **journald** log driver.
-
-#### **--mac-address**=*address*
-
-Container network interface MAC address (e.g. 92:d0:c6:0a:29:33)
-This option can only be used if the container is joined to only a single network - i.e., **--network=_network-name_** is used at most once -
-and if the container is not joining another container's network namespace via **--network=container:_id_**.
-
-Remember that the MAC address in an Ethernet network must be unique.
-The IPv6 link-local address will be based on the device's MAC address
-according to RFC4862.
-
-To specify multiple static MAC addresses per container, set multiple networks using the **--network** option with a static MAC address specified for each using the `mac` mode for that option.
-
-#### **--memory**, **-m**=*number[unit]*
-
-Memory limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
-
-Allows you to constrain the memory available to a container. If the host
-supports swap memory, then the **-m** memory setting can be larger than physical
-RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
-not limited. The actual limit may be rounded up to a multiple of the operating
-system's page size (the value would be very large, that's millions of trillions).
-
-#### **--memory-reservation**=*number[unit]*
-
-Memory soft limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
-
-After setting memory reservation, when the system detects memory contention
-or low memory, containers are forced to restrict their consumption to their
-reservation. So you should always set the value below **--memory**, otherwise the
-hard limit will take precedence. By default, memory reservation will be the same
-as memory limit.
-
-#### **--memory-swap**=*number[unit]*
-
-A limit value equal to memory plus swap.
-A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
-
-Must be used with the **-m** (**--memory**) flag.
-The argument value should always be larger than that of
- **-m** (**--memory**) By default, it is set to double
-the value of **--memory**.
-
-Set _number_ to **-1** to enable unlimited swap.
-
-#### **--memory-swappiness**=*number*
-
-Tune a container's memory swappiness behavior. Accepts an integer between *0* and *100*.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]*
-
-Attach a filesystem mount to the container
-
-Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and **devpts**. <sup>[[1]](#Footnote1)</sup>
-
-       e.g.
-
-       type=bind,source=/path/on/host,destination=/path/in/container
-
-       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared
-
-       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared,U=true
-
-       type=volume,source=vol1,destination=/path/in/container,ro=true
-
-       type=tmpfs,tmpfs-size=512M,destination=/path/in/container
-
-       type=image,source=fedora,destination=/fedora-image,rw=true
-
-       type=devpts,destination=/dev/pts
-
-       Common Options:
-
-	      · src, source: mount source spec for bind and volume. Mandatory for bind.
-
-	      · dst, destination, target: mount destination spec.
-
-       Options specific to volume:
-
-	      · ro, readonly: true or false (default).
-
-	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
-
-	      · idmap: true or false (default).  If specified, create an idmapped mount to the target user namespace in the container.
-
-       Options specific to image:
-
-	      · rw, readwrite: true or false (default).
-
-       Options specific to bind:
-
-	      · ro, readonly: true or false (default).
-
-	      · bind-propagation: shared, slave, private, unbindable, rshared, rslave, runbindable, or rprivate(default). See also mount(2).
-
-	      . bind-nonrecursive: do not set up a recursive bind mount. By default it is recursive.
-
-	      . relabel: shared, private.
-
-	      · idmap: true or false (default).  If specified, create an idmapped mount to the target user namespace in the container.
-
-	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
-
-       Options specific to tmpfs:
-
-	      · ro, readonly: true or false (default).
-
-	      · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
-
-	      · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
-
-	      · tmpcopyup: Enable copyup from the image directory at the same location to the tmpfs. Used by default.
-
-	      · notmpcopyup: Disable copying files from the image to the tmpfs.
-
-	      . U, chown: true or false (default). Change recursively the owner and group of the source volume based on the UID and GID of the container.
-
-       Options specific to devpts:
-
-	      · uid: UID of the file owner (default 0).
-
-	      · gid: GID of the file owner (default 0).
-
-	      · mode: permission mask for the file (default 600).
-
-	      · max: maximum number of PTYs (default 1048576).
-
-#### **--name**=*name*
-
-Assign a name to the container.
-
-The operator can identify a container in three ways:
-
-- UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778�);
-- UUID short identifier (“f78375b1c487�);
-- Name (“jonah�).
-
-Podman generates a UUID for each container, and if a name is not assigned
-to the container with **--name** then it will generate a random
-string name. The name is useful any place you need to identify a container.
-This works for both background and foreground containers.
-
-#### **--network**=*mode*, **--net**
-
-Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace.
-
-Valid _mode_ values are:
-
-- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
-  - **alias=name**: Add network-scoped alias for the container.
-  - **ip=IPv4**: Specify a static ipv4 address for this container.
-  - **ip=IPv6**: Specify a static ipv6 address for this container.
-  - **mac=MAC**: Specify a static mac address for this container.
-  - **interface_name**: Specify a name for the created network interface inside the container.
-
-  For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
-- \<network name or ID\>[:OPTIONS,...]: Connect to a user-defined network; this is the network name or ID from a network created by **[podman network create](podman-network-create.1.md)**. Using the network name implies the bridge network mode. It is possible to specify the same options described under the bridge mode above. You can use the **--network** option multiple times to specify additional networks.
-- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
-- **container:**_id_: Reuse another container's network stack.
-- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-- **ns:**_path_: Path to a network namespace to join.
-- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
-- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
-  - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
-  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
-  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
-  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
-  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
-  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
-  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
-  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
-  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
-  Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
-  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
-
-#### **--network-alias**=*alias*
-
-Add a network-scoped alias for the container, setting the alias for all networks that the container joins. To set a
-name only for a specific network, use the alias option as described under the **--network** option.
-If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} <name>`),
-these aliases can be used for name resolution on the given network. This option can be specified multiple times.
-NOTE: When using CNI a container will only have access to aliases on the first network that it joins. This limitation does
-not exist with netavark/aardvark-dns.
-
-#### **--no-healthcheck**
-
-Disable any defined healthchecks for container.
-
-#### **--no-hosts**
-
-Do not create _/etc/hosts_ for the container.
-By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
-**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
-This option conflicts with **--add-host**.
-
-#### **--oom-kill-disable**
-
-Whether to disable OOM Killer for the container or not.
-
-This flag is not supported on cgroups V2 systems.
-
-#### **--oom-score-adj**=*num*
-
-Tune the host's OOM preferences for containers (accepts values from **-1000** to **1000**).
-
-#### **--os**=*OS*
-Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
-
-#### **--passwd**
-
-Allow Podman to add entries to /etc/passwd and /etc/group when used in conjunction with the --user option.
-This is used to override the Podman provided user setup in favor of entrypoint configurations such as libnss-extrausers.
-
-#### **--passwd-entry**=*ENTRY*
-
-Customize the entry that is written to the `/etc/passwd` file within the container when `--passwd` is used.
-
-The variables $USERNAME, $UID, $GID, $NAME, $HOME are automatically replaced with their value at runtime.
-
-#### **--personality**=*persona*
-
-Personality sets the execution domain via Linux personality(2).
-
-#### **--pid**=*mode*
-
-Set the PID namespace mode for the container.
-The default is to create a private PID namespace for the container.
-
-- **container:**_id_: join another container's PID namespace;
-- **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure;
-- **private**: create a new namespace for the container (default)
-- **ns:**_path_: join the specified PID namespace.
-
-#### **--pidfile**=*path*
-
-When the pidfile location is specified, the container process' PID will be written to the pidfile. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-If the pidfile option is not specified, the container process' PID will be written to /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.
-
-After the container is started, the location for the pidfile can be discovered with the following `podman inspect` command:
-
-    $ podman inspect --format '{{ .PidFile }}' $CID
-    /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile
-
-#### **--pids-limit**=*limit*
-
-Tune the container's pids limit. Set to **-1** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
-
-#### **--platform**=*OS/ARCH*
-
-Specify the platform for selecting the image.  (Conflicts with --arch and --os)
-The `--platform` option can be used to override the current architecture and operating system.
-
-#### **--pod**=*name*
-
-Run container in an existing pod. If you want Podman to make the pod for you, prefix the pod name with **new:**.
-To make a pod with more granular options, use the **podman pod create** command before creating a container.
-If a container is run with a pod, and the pod has an infra-container, the infra-container will be started before the container is.
-
-#### **--pod-id-file**=*path*
-
-Run container in an existing pod and read the pod's ID from the specified file.
-If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is.
-
-#### **--preserve-fds**=*N*
-
-Pass down to the process N additional file descriptors (in addition to 0, 1, 2).
-The total FDs will be 3+N. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
-
-#### **--privileged**
-
-Give extended privileges to this container. The default is **false**.
-
-By default, Podman containers are unprivileged (**=false**) and cannot, for
-example, modify parts of the operating system. This is because by default a
-container is only allowed limited access to devices. A "privileged" container
-is given the same access to devices as the user launching the container.
-
-A privileged container turns off the security features that isolate the
-container from the host. Dropped Capabilities, limited devices, read-only mount
-points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
-
-Rootless containers cannot have more privileges than the account that launched them.
-
-#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]*
-
-Publish a container's port, or range of ports, to the host.
-
-Both *hostPort* and *containerPort* can be specified as a range of ports.
-When specifying ranges for both, the number of container ports in the
-range must match the number of host ports in the range.
-
-If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host.
-
-By default, Podman will publish TCP ports. To publish a UDP port instead, give
-`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice,
-with `tcp`, and `udp` as protocols respectively. Rootful containers can also
-publish ports using the `sctp` protocol.
-
-Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`).
-If it is not, the container port will be randomly assigned a port on the host.
-
-Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`.
-
-**Note:** If a container will be run within a pod, it is not necessary to publish the port for
-the containers in the pod. The port must only be published by the pod itself. Pod network
-stacks act like the network stack on the host - you have a variety of containers in the pod,
-and programs in the container, all sharing a single interface and IP address, and
-associated ports. If one container binds to a port, no other container can use that port
-within the pod while it is in use. Containers in the pod can also communicate over localhost
-by having one container bind to localhost in the pod, and another connect to that port.
-
-#### **--publish-all**, **-P**
-
-Publish all exposed ports to random ports on the host interfaces. The default is **false**.
-
-When set to **true**, publish all exposed ports to the host interfaces. The
-default is **false**. If the operator uses **-P** (or **-p**) then Podman will make the
-exposed port accessible on the host and the ports will be available to any
-client that can reach the host.
-
-When using this option, Podman will bind any exposed port to a random port on the host
-within an ephemeral port range defined by */proc/sys/net/ipv4/ip_local_port_range*.
-To find the mapping between the host ports and the exposed ports, use **podman port**.
-
-#### **--pull**=*policy*
-
-Pull image policy. The default is **missing**.
-
-- **always**: Always pull the image and throw an error if the pull fails.
-- **missing**: Pull the image only if it could not be found in the local containers storage.  Throw an error if no image could be found and the pull fails.
-- **never**: Never pull the image but use the one from the local containers storage.  Throw an error if no image could be found.
-- **newer**: Pull if the image on the registry is newer than the one in the local containers storage.  An image is considered to be newer when the digests are different.  Comparing the time stamps is prone to errors.  Pull errors are suppressed if a local image was found.
-
-#### **--quiet**, **-q**
-
-Suppress output information when pulling images
-
-#### **--read-only**
-
-Mount the container's root filesystem as read-only.
-
-By default a container will have its root filesystem writable allowing processes
-to write files anywhere. By specifying the **--read-only** flag, the container will have
-its root filesystem mounted as read-only prohibiting any writes.
-
-#### **--read-only-tmpfs**
-
-If container is running in **--read-only** mode, then mount a read-write tmpfs on _/run_, _/tmp_, and _/var/tmp_. The default is **true**.
-
-#### **--replace**
-
-If another container with the same name already exists, replace and remove it. The default is **false**.
-
-#### **--requires**=*container*
-
-Specify one or more requirements.
-A requirement is a dependency container that will be started before this container.
-Containers can be specified by name or ID, with multiple containers being separated by commas.
-
-#### **--restart**=*policy*
-
-Restart policy to follow when containers exit.
-Restart policy will not take effect if a container is stopped via the **podman kill** or **podman stop** commands.
-
-Valid _policy_ values are:
-
-- `no`                       : Do not restart containers on exit
-- `on-failure[:max_retries]` : Restart containers when they exit with a non-zero exit code, retrying indefinitely or until the optional *max_retries* count is hit
-- `always`                   : Restart containers when they exit, regardless of status, retrying indefinitely
-- `unless-stopped`           : Identical to **always**
-
-Please note that restart will not restart containers after a system reboot.
-If this functionality is required in your environment, you can invoke Podman from a **systemd.unit**(5) file, or create an init script for whichever init system is in use.
-To generate systemd unit files, please see **podman generate systemd**.
-
-#### **--rm**
-
-Automatically remove the container when it exits. The default is **false**.
-
-#### **--rmi**
-
-After exit of the container, remove the image unless another
-container is using it. The default is *false*.
-
-#### **--rootfs**
-
-If specified, the first argument refers to an exploded container on the file system.
-
-This is useful to run a container without requiring any image management, the rootfs
-of the container is assumed to be managed externally.
-
-  `Overlay Rootfs Mounts`
-
-   The `:O` flag tells Podman to mount the directory from the rootfs path as
-storage using the `overlay file system`. The container processes
-can modify content within the mount point which is stored in the
-container storage in a separate directory. In overlay terms, the source
-directory will be the lower, and the container storage directory will be the
-upper. Modifications to the mount point are destroyed when the container
-finishes executing, similar to a tmpfs mount point being unmounted.
-
-Note: On **SELinux** systems, the rootfs needs the correct label, which is by default
-**unconfined_u:object_r:container_file_t**.
-
-#### **--sdnotify**=**container** | *conmon* | *ignore*
-
-Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify.
-
-Default is **container**, which means allow the OCI runtime to proxy the socket into the
-container to receive ready notification. Podman will set the MAINPID to conmon's pid.
-The **conmon** option sets MAINPID to conmon's pid, and sends READY when the container
-has started. The socket is never passed to the runtime or the container.
-The **ignore** option removes NOTIFY_SOCKET from the environment for itself and child processes,
-for the case where some other process above Podman uses NOTIFY_SOCKET and Podman should not use it.
-
-#### **--seccomp-policy**=*policy*
-
-Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.containers.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below.
-
-Note that this feature is experimental and may change in the future.
-
-#### **--secret**=*secret[,opt=opt ...]*
-
-Give the container access to a secret. Can be specified multiple times.
-
-A secret is a blob of sensitive data which a container needs at runtime but
-should not be stored in the image or in source control, such as usernames and passwords,
-TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size).
-
-When secrets are specified as type `mount`, the secrets are copied and mounted into the container when a container is created.
-When secrets are specified as type `env`, the secret will be set as an environment variable within the container.
-Secrets are written in the container at the time of container creation, and modifying the secret using `podman secret` commands
-after the container is created will not affect the secret inside the container.
-
-Secrets and its storage are managed using the `podman secret` command.
-
-Secret Options
-
-- `type=mount|env`    : How the secret will be exposed to the container. Default mount.
-- `target=target`     : Target of secret. Defaults to secret name.
-- `uid=0`             : UID of secret. Defaults to 0. Mount secret type only.
-- `gid=0`             : GID of secret. Defaults to 0. Mount secret type only.
-- `mode=0`            : Mode of secret. Defaults to 0444. Mount secret type only.
-
-#### **--security-opt**=*option*
-
-Security Options
-
-- **apparmor=unconfined** : Turn off apparmor confinement for the container
-- **apparmor**=_your-profile_ : Set the apparmor confinement profile for the container
-
-- **label=user:**_USER_: Set the label user for the container processes
-- **label=role:**_ROLE_: Set the label role for the container processes
-- **label=type:**_TYPE_: Set the label process type for the container processes
-- **label=level:**_LEVEL_: Set the label level for the container processes
-- **label=filetype:**TYPE_: Set the label file type for the container files
-- **label=disable**: Turn off label separation for the container
-
-Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
-
-- **mask**=_/path/1:/path/2_: The paths to mask separated by a colon. A masked path
-  cannot be accessed inside the container.
-
-- **no-new-privileges**: Disable container processes from gaining additional privileges
-
-- **seccomp=unconfined**: Turn off seccomp confinement for the container.
-- **seccomp=profile.json**: JSON file to be used as a seccomp filter. Note that the `io.podman.annotations.seccomp` annotation is set with the specified value as shown in `podman inspect`.
-
-- **proc-opts**=_OPTIONS_ : Comma-separated list of options to use for the /proc mount. More details
-  for the possible mount options are specified in the **proc(5)** man page.
-
-- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
-  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**.  The default paths that are read-only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**, **/sys/fs/cgroup**.
-
-Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file.
-
-#### **--shm-size**=*number[unit]*
-
-Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes).
-If you omit the unit, the system uses bytes. If you omit the size entirely, the default is **64m**.
-When _size_ is **0**, there is no limit on the amount of memory used for IPC by the container.
-
-#### **--sig-proxy**
-
-Sets whether the signals sent to the **podman run** command are proxied to the container process. SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is **true**.
-
-#### **--stop-signal**=*signal*
-
-Signal to stop a container. Default is **SIGTERM**.
-
-#### **--stop-timeout**=*seconds*
-
-Timeout to stop a container. Default is **10**.
-Remote connections use local containers.conf for defaults
-
-#### **--subgidname**=*name*
-
-Run the container in a new user namespace using the map with _name_ in the _/etc/subgid_ file.
-If calling **podman run** as an unprivileged user, the user needs to have the right to use the mapping. See **subgid**(5).
-This flag conflicts with **--userns** and **--gidmap**.
-
-#### **--subuidname**=*name*
-
-Run the container in a new user namespace using the map with _name_ in the _/etc/subuid_ file.
-If calling **podman run** as an unprivileged user, the user needs to have the right to use the mapping. See **subuid**(5).
-This flag conflicts with **--userns** and **--uidmap**.
-
-#### **--sysctl**=*name=value*
-
-Configure namespaced kernel parameters at runtime.
-
-For the IPC namespace, the following sysctls are allowed:
-
-- kernel.msgmax
-- kernel.msgmnb
-- kernel.msgmni
-- kernel.sem
-- kernel.shmall
-- kernel.shmmax
-- kernel.shmmni
-- kernel.shm_rmid_forced
-- Sysctls beginning with fs.mqueue.\*
-
-Note: if you use the **--ipc=host** option, the above sysctls will not be allowed.
-
-For the network namespace, the following sysctls are allowed:
-
-- Sysctls beginning with net.\*
-
-Note: if you use the **--network=host** option, these sysctls will not be allowed.
-
-#### **--systemd**=*true* | *false* | *always*
-
-Run container in systemd mode. The default is **true**.
-
-The value *always* enforces the systemd mode is enforced without
-looking at the executable name. Otherwise, if set to true and the
-command you are running inside the container is **systemd**, **/usr/sbin/init**,
-**/sbin/init** or **/usr/local/sbin/init**.
-
-Running the container in systemd mode causes the following changes:
-
-* Podman mounts tmpfs file systems on the following directories
-  * _/run_
-  * _/run/lock_
-  * _/tmp_
-  * _/sys/fs/cgroup/systemd_
-  * _/var/lib/journal_
-* Podman sets the default stop signal to **SIGRTMIN+3**.
-* Podman sets **container_uuid** environment variable in the container to the
-first 32 characters of the container id.
-
-This allows systemd to run in a confined container without any modifications.
-
-Note that on **SELinux** systems, systemd attempts to write to the cgroup
-file system. Containers writing to the cgroup file system are denied by default.
-The **container_manage_cgroup** boolean must be enabled for this to be allowed on an SELinux separated system.
-```
-setsebool -P container_manage_cgroup true
-```
-
-#### **--timeout**=*seconds*
-
-Maximum time a container is allowed to run before conmon sends it the kill
-signal.  By default containers will run until they exit or are stopped by
-`podman stop`.
-
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
-
-#### **--tmpfs**=*fs*
-
-Create a tmpfs mount.
-
-Mount a temporary filesystem (**tmpfs**) mount into a container, for example:
-
-```
-$ podman run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image
-```
-
-This command mounts a **tmpfs** at _/tmp_ within the container. The supported mount
-options are the same as the Linux default mount flags. If you do not specify
-any options, the system uses the following options:
-**rw,noexec,nosuid,nodev**.
-
-#### **--tty**, **-t**
-
-Allocate a pseudo-TTY. The default is **false**.
-
-When set to **true**, Podman will allocate a pseudo-tty and attach to the standard
-input of the container. This can be used, for example, to run a throwaway
-interactive shell. The default is **false**.
-
-**NOTE**: The --tty flag prevents redirection of standard output.  It combines STDOUT and STDERR, it can insert control characters, and it can hang pipes. This option should only be used when run interactively in a terminal. When feeding input to Podman, use -i only, not -it.
-
-```
-echo "asdf" | podman run --rm -i someimage /bin/cat
-```
-
-#### **--tz**=*timezone*
-
-Set timezone in container. This flag takes area-based timezones, GMT time, as well as `local`, which sets the timezone in the container to match the host machine. See `/usr/share/zoneinfo/` for valid timezones.
-Remote connections use local containers.conf for defaults
-
-#### **--uidmap**=*container_uid:from_uid:amount*
-
-Run the container in a new user namespace using the supplied UID mapping. This
-option conflicts with the **--userns** and **--subuidname** options. This
-option provides a way to map host UIDs to container UIDs. It can be passed
-several times to map different ranges.
-
-The _from_uid_ value is based upon the user running the command, either rootful or rootless users.
-* rootful user:  *container_uid*:*host_uid*:*amount*
-* rootless user: *container_uid*:*intermediate_uid*:*amount*
-
-When **podman run** is called by a privileged user, the option **--uidmap**
-works as a direct mapping between host UIDs and container UIDs.
-
-host UID -> container UID
-
-The _amount_ specifies the number of consecutive UIDs that will be mapped.
-If for example _amount_ is **4** the mapping would look like:
-
-|   host UID     |    container UID    |
-| -              | -                   |
-| _from_uid_     | _container_uid_     |
-| _from_uid_ + 1 | _container_uid_ + 1 |
-| _from_uid_ + 2 | _container_uid_ + 2 |
-| _from_uid_ + 3 | _container_uid_ + 3 |
-
-When **podman run** is called by an unprivileged user (i.e. running rootless),
-the value _from_uid_ is interpreted as an "intermediate UID". In the rootless
-case, host UIDs are not mapped directly to container UIDs. Instead the mapping
-happens over two mapping steps:
-
-host UID -> intermediate UID -> container UID
-
-The **--uidmap** option only influences the second mapping step.
-
-The first mapping step is derived by Podman from the contents of the file
-_/etc/subuid_ and the UID of the user calling Podman.
-
-First mapping step:
-
-| host UID                                         | intermediate UID |
-| -                                                |                - |
-| UID for the user starting Podman                 |                0 |
-| 1st subordinate UID for the user starting Podman |                1 |
-| 2nd subordinate UID for the user starting Podman |                2 |
-| 3rd subordinate UID for the user starting Podman |                3 |
-| nth subordinate UID for the user starting Podman |                n |
-
-To be able to use intermediate UIDs greater than zero, the user needs to have
-subordinate UIDs configured in _/etc/subuid_. See **subuid**(5).
-
-The second mapping step is configured with **--uidmap**.
-
-If for example _amount_ is **5** the second mapping step would look like:
-
-|   intermediate UID   |    container UID    |
-| -                    | -                   |
-| _from_uid_           | _container_uid_     |
-| _from_uid_ + 1       | _container_uid_ + 1 |
-| _from_uid_ + 2       | _container_uid_ + 2 |
-| _from_uid_ + 3       | _container_uid_ + 3 |
-| _from_uid_ + 4       | _container_uid_ + 4 |
-
-When running as rootless, Podman will use all the ranges configured in the _/etc/subuid_ file.
-
-The current user ID is mapped to UID=0 in the rootless user namespace.
-Every additional range is added sequentially afterward:
-
-|   host                |rootless user namespace | length              |
-| -                     | -                      | -                   |
-| $UID                  | 0                      | 1                   |
-| 1                     | $FIRST_RANGE_ID        | $FIRST_RANGE_LENGTH |
-| 1+$FIRST_RANGE_LENGTH | $SECOND_RANGE_ID       | $SECOND_RANGE_LENGTH|
-
-Even if a user does not have any subordinate UIDs in  _/etc/subuid_,
-**--uidmap** could still be used to map the normal UID of the user to a
-container UID by running `podman run --uidmap $container_uid:0:1 --user $container_uid ...`.
-
-Note: the **--uidmap** flag cannot be called in conjunction with the **--pod** flag as a uidmap cannot be set on the container level when in a pod.
-
-#### **--ulimit**=*option*
-
-Ulimit options. You can use **host** to copy the current configuration from the host.
-
-#### **--umask**=*umask*
-
-Set the umask inside the container. Defaults to `0022`.
-Remote connections use local containers.conf for defaults
-
-#### **--unsetenv**=*env*
-
-Unset default environment variables for the container. Default environment
-variables include variables provided natively by Podman, environment variables
-configured by the image, and environment variables from containers.conf.
-
-#### **--unsetenv-all**
-
-Unset all default environment variables for the container. Default environment
-variables include variables provided natively by Podman, environment variables
-configured by the image, and environment variables from containers.conf.
-
-#### **--user**, **-u**=*user[:group]*
-
-Sets the username or UID used and, optionally, the groupname or GID for the specified command. Both *user* and *group* may be symbolic or numeric.
-
-Without this argument, the command will run as the user specified in the container image. Unless overridden by a `USER` command in the Containerfile or by a value passed to this option, this user generally defaults to root.
-
-When a user namespace is not in use, the UID and GID used within the container and on the host will match. When user namespaces are in use, however, the UID and GID in the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in the container will by default correspond to the UID and GID of the user invoking Podman.
-
-#### **--userns**=*mode*
-
-Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with the **--uidmap** and **--gidmap** options.
-
-Rootless user --userns=Key mappings:
-
-Key       | Host User |  Container User
-----------|---------------|---------------------
-""        |$UID           |0 (Default User account mapped to root user in container.)
-keep-id   |$UID           |$UID (Map user account to same UID within container.)
-auto      |$UID           | nil (Host User UID is not mapped into container.)
-nomap     |$UID           | nil (Host User UID is not mapped into container.)
-
-Valid _mode_ values are:
-
-**auto**[:_OPTIONS,..._]: automatically create a unique user namespace.
-
-The `--userns=auto` flag, requires that the user name `containers` and a range of subordinate user ids that the Podman container is allowed to use be specified in the /etc/subuid and /etc/subgid files.
-
-Example: `containers:2147483647:2147483648`.
-
-Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option.
-
-The rootless option `--userns=keep-id` uses all the subuids and subgids of the user. Using `--userns=auto` when starting new containers will not work as long as any containers exist that were started with `--userns=keep-id`.
-
-  Valid `auto` options:
-
-  - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace.
-  - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace.
-  - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace.
-
-**container:**_id_: join the user namespace of the specified container.
-
-**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default).
-
-**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is not allowed for containers created by the root user.
-
-**nomap**: creates a user namespace where the current rootless user's UID:GID are not mapped into the container. This option is not allowed for containers created by the root user.
-
-**ns:**_namespace_: run the container in the given existing user namespace.
-
-**private**: create a new namespace for the container.
-This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**.
-
-#### **--uts**=*mode*
-
-Set the UTS namespace mode for the container. The following values are supported:
-
-- **host**: use the host's UTS namespace inside the container.
-- **private**: create a new namespace for the container (default).
-- **ns:[path]**: run the container in the given existing UTS namespace.
-- **container:[container]**: join the UTS namespace of the specified container.
-
-#### **--variant**=*VARIANT*
-Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7.
-
-#### **--volume**, **-v**=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*
-
-Create a bind mount. If you specify _/HOST-DIR_:_/CONTAINER-DIR_, Podman
-bind mounts _host-dir_ in the host to _CONTAINER-DIR_ in the Podman
-container. Similarly, _SOURCE-VOLUME_:_/CONTAINER-DIR_ will mount the volume
-in the host to the container. If no such named volume exists, Podman will
-create one. (Note when using the remote client, including Mac and Windows (excluding WSL2) machines, the volumes will be mounted from the remote server, not necessarily the client machine.)
-
-The _options_ is a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup>
-
-* **rw**|**ro**
-* **z**|**Z**
-* [**O**]
-* [**U**]
-* [**no**]**copy**
-* [**no**]**dev**
-* [**no**]**exec**
-* [**no**]**suid**
-* [**r**]**bind**
-* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable**
-
-The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume
-will be mounted into the container at this directory.
-
-Volumes may specify a source as well, as either a directory on the host
-or the name of a named volume. If no source is given, the volume will be created as an
-anonymously named volume with a randomly generated name, and will be removed when
-the container is removed via the `--rm` flag or `podman rm --volumes`.
-
-If a volume source is specified, it must be a path on the host or the name of a
-named volume. Host paths are allowed to be absolute or relative; relative paths
-are resolved relative to the directory Podman is run in. If the source does not
-exist, Podman will return an error. Users must pre-create the source files or
-directories.
-
-Any source that does not begin with a `.` or `/` will be treated as the name of
-a named volume. If a volume with that name does not exist, it will be created.
-Volumes created with names are not anonymous, and they are not removed by the `--rm`
-option and the `podman rm --volumes` command.
-
-You can specify multiple **-v** options to mount one or more volumes into a
-container.
-
-  `Write Protected Volume Mounts`
-
-You can add **:ro** or **:rw** option to mount a volume in read-only or
-read-write mode, respectively. By default, the volumes are mounted read-write.
-
-  `Chowning Volume Mounts`
-
-By default, Podman does not change the owner and group of source volume
-directories mounted into containers. If a container is created in a new user
-namespace, the UID and GID in the container may correspond to another UID and
-GID on the host.
-
-The `:U` suffix tells Podman to use the correct host UID and GID based on the
-UID and GID within the container, to change recursively the owner and group of
-the source volume.
-
-**Warning** use with caution since this will modify the host filesystem.
-
-  `Labeling Volume Mounts`
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a container. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the container context, you can add either of two suffixes
-**:z** or **:Z** to the volume mount. These suffixes tell Podman to relabel file
-objects on the shared volumes. The **z** option tells Podman that two containers
-share the volume content. As a result, Podman labels the content with a shared
-content label. Shared volume labels allow all containers to read/write content.
-The **Z** option tells Podman to label the content with a private unshared label.
-
-Note: Do not relabel system files and directories. Relabeling system content
-might cause other confined services on your machine to fail.  For these types
-of containers we recommend disabling SELinux separation.  The option
-`--security-opt label=disable` disables SELinux separation for the container.
-For example if a user wanted to volume mount their entire home directory into a
-container, they need to disable SELinux separation.
-
-	   $ podman run --security-opt label=disable -v $HOME:/home/user fedora touch /home/user/file
-
-  `Overlay Volume Mounts`
-
-   The `:O` flag tells Podman to mount the directory from the host as a
-temporary storage using the `overlay file system`. The container processes
-can modify content within the mountpoint which is stored in the
-container storage in a separate directory. In overlay terms, the source
-directory will be the lower, and the container storage directory will be the
-upper. Modifications to the mount point are destroyed when the container
-finishes executing, similar to a tmpfs mount point being unmounted.
-
-  For advanced users overlay option also supports custom non-volatile `upperdir` and `workdir`
-for the overlay mount. Custom `upperdir` and `workdir` can be fully managed by the users themselves
-and `podman` will not remove it on lifecycle completion. Example `:O,upperdir=/some/upper,workdir=/some/work`
-
-  Subsequent executions of the container will see the original source directory
-content, any changes from previous container executions no longer exist.
-
-  One use case of the overlay mount is sharing the package cache from the
-host into the container to allow speeding up builds.
-
-  Note:
-
-     - The `O` flag conflicts with other options listed above.
-Content mounted into the container is labeled with the private label.
-       On SELinux systems, labels in the source directory must be readable
-by the container label. Usually containers can read/execute `container_share_t`
-and can read/write `container_file_t`. If you cannot change the labels on a
-source volume, SELinux container separation must be disabled for the container
-to work.
-     - The source directory mounted into the container with an overlay mount
-should not be modified, it can cause unexpected failures. It is recommended
-that you do not modify the directory until the container finishes running.
-
-Only the current container can use a private volume.
-
-  `Mounts propagation`
-
-By default bind mounted volumes are `private`. That means any mounts done
-inside container will not be visible on host and vice versa. One can change
-this behavior by specifying a volume mount propagation property. Making a
-volume shared mounts done under that volume inside container will be
-visible on host and vice versa. Making a volume **slave** enables only one
-way mount propagation and that is mounts done on host under that volume
-will be visible inside container but not the other way around. <sup>[[1]](#Footnote1)</sup>
-
-To control mount propagation property of a volume one can use the [**r**]**shared**,
-[**r**]**slave**, [**r**]**private** or the [**r**]**unbindable** propagation flag.
-For mount propagation to work the source mount point (the mount point where source dir
-is mounted on) has to have the right propagation properties. For shared volumes, the
-source mount point has to be shared. And for slave volumes, the source mount point
-has to be either shared or slave. <sup>[[1]](#Footnote1)</sup>
-
-If you want to recursively mount a volume and all of its submounts into a
-container, then you can use the **rbind** option. By default the bind option is
-used, and submounts of the source directory will not be mounted into the
-container.
-
-Mounting the volume with the **nosuid** options means that SUID applications on
-the volume will not be able to change their privilege. By default volumes
-are mounted with **nosuid**.
-
-Mounting the volume with the **noexec** option means that no executables on the
-volume will be able to be executed within the container.
-
-Mounting the volume with the **nodev** option means that no devices on the volume
-will be able to be used by processes within the container. By default volumes
-are mounted with **nodev**.
-
-If the _host-dir_ is a mount point, then **dev**, **suid**, and **exec** options are
-ignored by the kernel.
-
-Use **df $hostdir** to figure out the source mount, and then use
-**findmnt -o TARGET,PROPAGATION _source-mount-dir_** to figure out propagation
-properties of source mount. If **findmnt**(1) utility is not available, then one
-can look at mount entry for source mount point in _/proc/self/mountinfo_. Look
-at the "optional fields" and see if any propagation properties are specified.
-In there, **shared:N** means the mount is shared, **master:N** means mount
-is slave, and if nothing is there, the mount is private. <sup>[[1]](#Footnote1)</sup>
-
-To change propagation properties of a mount point, use **mount**(8) command. For
-example, if one wants to bind mount source directory _/foo_, one can do
-**mount --bind /foo /foo** and **mount --make-private --make-shared /foo**. This
-will convert /foo into a shared mount point. Alternatively, one can directly
-change propagation properties of source mount. Say, if _/_ is source mount for
-_/foo_, then use **mount --make-shared /** to convert _/_ into a shared mount.
-
-Note: if the user only has access rights via a group, accessing the volume
-from inside a rootless container will fail. Use the `--group-add keep-groups`
-flag to pass the user's supplementary group access into the container.
-
-#### **--volumes-from**=*CONTAINER[:OPTIONS]*
-
-Mount volumes from the specified container(s). Used to share volumes between
-containers. The *options* is a comma-separated list with the following available elements:
-
-* **rw**|**ro**
-* **z**
-
-Mounts already mounted volumes from a source container onto another
-container. You must supply the source's container-id or container-name.
-To share a volume, use the --volumes-from option when running
-the target container. You can share volumes even if the source container
-is not running.
-
-By default, Podman mounts the volumes in the same mode (read-write or
-read-only) as it is mounted in the source container.
-You can change this by adding a `ro` or `rw` _option_.
-
-Labeling systems like SELinux require that proper labels are placed on volume
-content mounted into a container. Without a label, the security system might
-prevent the processes running inside the container from using the content. By
-default, Podman does not change the labels set by the OS.
-
-To change a label in the container context, you can add `z` to the volume mount.
-This suffix tells Podman to relabel file objects on the shared volumes. The `z`
-option tells Podman that two containers share the volume content. As a result,
-Podman labels the content with a shared content label. Shared volume labels allow
-all containers to read/write content.
-
-If the location of the volume from the source container overlaps with
-data residing on a target container, then the volume hides
-that data on the target.
-
-#### **--workdir**, **-w**=*dir*
-
-Working directory inside the container.
-
-The default working directory for running binaries within a container is the root directory (**/**).
-The image developer can set a different default with the WORKDIR instruction. The operator
-can override the working directory by using the **-w** option.
-
-## Exit Status
-
-The exit code from **podman run** gives information about why the container
-failed to run or why it exited. When **podman run** exits with a non-zero code,
-the exit codes follow the **chroot**(1) standard, see below:
-
-  **125** The error is with Podman itself
-
-    $ podman run --foo busybox; echo $?
-    Error: unknown flag: --foo
-    125
-
-  **126** The _contained command_ cannot be invoked
-
-    $ podman run busybox /etc; echo $?
-    Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error
-    126
-
-  **127** The _contained command_ cannot be found
-
-    $ podman run busybox foo; echo $?
-    Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error
-    127
-
-  **Exit code** _contained command_ exit code
-
-    $ podman run busybox /bin/sh -c 'exit 3'; echo $?
-    3
-
-## EXAMPLES
-
-### Running container in read-only mode
-
-During container image development, containers often need to write to the image
-content. Installing packages into _/usr_, for example. In production,
-applications seldom need to write to the image.  Container applications write
-to volumes if they need to write to file systems at all. Applications can be
-made more secure by running them in read-only mode using the **--read-only** switch.
-This protects the container's image from modification. Read-only containers may
-still need to write temporary data. The best way to handle this is to mount
-tmpfs directories on _/run_ and _/tmp_.
-
-```
-$ podman run --read-only -i -t fedora /bin/bash
-
-$ podman run --read-only --read-only-tmpfs=false --tmpfs /run -i -t fedora /bin/bash
-```
-
-### Exposing log messages from the container to the host's log
-
-If you want messages that are logged in your container to show up in the host's
-syslog/journal then you should bind mount the _/dev/log_ directory as follows.
-
-```
-$ podman run -v /dev/log:/dev/log -i -t fedora /bin/bash
-```
-
-From inside the container you can test this by sending a message to the log.
-
-```
-(bash)# logger "Hello from my container"
-```
-
-Then exit and check the journal.
-
-```
-(bash)# exit
-
-$ journalctl -b | grep Hello
-```
-
-This should list the message sent to logger.
-
-### Attaching to one or more from STDIN, STDOUT, STDERR
-
-If you do not specify **-a**, Podman will attach everything (stdin, stdout, stderr).
-You can specify to which of the three standard streams (stdin, stdout, stderr)
-you'd like to connect instead, as in:
-
-```
-$ podman run -a stdin -a stdout -i -t fedora /bin/bash
-```
-
-### Sharing IPC between containers
-
-Using **shm_server.c** available here: https://www.cs.cf.ac.uk/Dave/C/node27.html
-
-Testing **--ipc=host** mode:
-
-Host shows a shared memory segment with 7 pids attached, happens to be from httpd:
-
-```
-$ sudo ipcs -m
-
------- Shared Memory Segments --------
-key        shmid      owner      perms      bytes      nattch     status
-0x01128e25 0          root       600        1000       7
-```
-
-Now run a regular container, and it correctly does NOT see the shared memory segment from the host:
-
-```
-$ podman run -it shm ipcs -m
-
------- Shared Memory Segments --------
-key        shmid      owner      perms      bytes      nattch     status
-```
-
-Run a container with the new **--ipc=host** option, and it now sees the shared memory segment from the host httpd:
-
-```
-$ podman run -it --ipc=host shm ipcs -m
-
------- Shared Memory Segments --------
-key        shmid      owner      perms      bytes      nattch     status
-0x01128e25 0          root       600        1000       7
-```
-Testing **--ipc=container:**_id_ mode:
-
-Start a container with a program to create a shared memory segment:
-```
-$ podman run -it shm bash
-$ sudo shm/shm_server &
-$ sudo ipcs -m
-
------- Shared Memory Segments --------
-key        shmid      owner      perms      bytes      nattch     status
-0x0000162e 0          root       666        27         1
-```
-Create a 2nd container correctly shows no shared memory segment from 1st container:
-```
-$ podman run shm ipcs -m
-
------- Shared Memory Segments --------
-key        shmid      owner      perms      bytes      nattch     status
-```
-
-Create a 3rd container using the **--ipc=container:**_id_ option, now it shows the shared memory segment from the first:
-
-```
-$ podman run -it --ipc=container:ed735b2264ac shm ipcs -m
-$ sudo ipcs -m
-
------- Shared Memory Segments --------
-key        shmid      owner      perms      bytes      nattch     status
-0x0000162e 0          root       666        27         1
-```
-
-### Mapping Ports for External Usage
-
-The exposed port of an application can be mapped to a host port using the **-p**
-flag. For example, an httpd port 80 can be mapped to the host port 8080 using the
-following:
-
-```
-$ podman run -p 8080:80 -d -i -t fedora/httpd
-```
-
-### Mounting External Volumes
-
-To mount a host directory as a container volume, specify the absolute path to
-the directory and the absolute path for the container directory separated by a
-colon. If the source is a named volume maintained by Podman, it is recommended to
-use its name rather than the path to the volume. Otherwise the volume will be
-considered as an orphan and wiped if you execute **podman volume prune**:
-
-```
-$ podman run -v /var/db:/data1 -i -t fedora bash
-
-$ podman run -v data:/data2 -i -t fedora bash
-
-$ podman run -v /var/cache/dnf:/var/cache/dnf:O -ti fedora dnf -y update
-
-$ podman run -d -e MYSQL_ROOT_PASSWORD=root --user mysql --userns=keep-id -v ~/data:/var/lib/mysql:z,U mariadb
-```
-
-Using **--mount** flags to mount a host directory as a container folder, specify
-the absolute path to the directory or the volume name, and the absolute path
-within the container directory:
-
-````
-$ podman run --mount type=bind,src=/var/db,target=/data1 busybox sh
-
-$ podman run --mount type=bind,src=volume-name,target=/data1 busybox sh
-````
-
-When using SELinux, be aware that the host has no knowledge of container SELinux
-policy. Therefore, in the above example, if SELinux policy is enforced, the
-_/var/db_ directory is not writable to the container. A "Permission Denied"
-message will occur and an **avc:** message in the host's syslog.
-
-To work around this, at time of writing this man page, the following command
-needs to be run in order for the proper SELinux policy type label to be attached
-to the host directory:
-
-```
-$ chcon -Rt svirt_sandbox_file_t /var/db
-```
-
-Now, writing to the _/data1_ volume in the container will be allowed and the
-changes will also be reflected on the host in _/var/db_.
-
-### Using alternative security labeling
-
-You can override the default labeling scheme for each container by specifying
-the **--security-opt** flag. For example, you can specify the MCS/MLS level, a
-requirement for MLS systems. Specifying the level in the following command
-allows you to share the same content between containers.
-
-```
-podman run --security-opt label=level:s0:c100,c200 -i -t fedora bash
-```
-
-An MLS example might be:
-
-```
-$ podman run --security-opt label=level:TopSecret -i -t rhel7 bash
-```
-
-To disable the security labeling for this container versus running with the
-#### **--permissive** flag, use the following command:
-
-```
-$ podman run --security-opt label=disable -i -t fedora bash
-```
-
-If you want a tighter security policy on the processes within a container,
-you can specify an alternate type for the container. You could run a container
-that is only allowed to listen on Apache ports by executing the following
-command:
-
-```
-$ podman run --security-opt label=type:svirt_apache_t -i -t centos bash
-```
-
-Note you would have to write policy defining a **svirt_apache_t** type.
-
-To mask additional specific paths in the container, specify the paths
-separated by a colon using the **mask** option with the **--security-opt**
-flag.
-
-```
-$ podman run --security-opt mask=/foo/bar:/second/path fedora bash
-```
-
-To unmask all the paths that are masked by default, set the **unmask** option to
-**ALL**. Or to only unmask specific paths, specify the paths as shown above with
-the **mask** option.
-
-```
-$ podman run --security-opt unmask=ALL fedora bash
-```
-
-To unmask all the paths that start with /proc, set the **unmask** option to
-**/proc/***.
-
-```
-$ podman run --security-opt unmask=/proc/* fedora bash
-```
-
-```
-$ podman run --security-opt unmask=/foo/bar:/sys/firmware fedora bash
-```
-
-### Setting device weight
-
-If you want to set _/dev/sda_ device weight to **200**, you can specify the device
-weight by **--blkio-weight-device** flag. Use the following command:
-
-```
-$ podman run -it --blkio-weight-device "/dev/sda:200" ubuntu
-```
-
-### Using a podman container with input from a pipe
-
-```
-$ echo "asdf" | podman run --rm -i --entrypoint /bin/cat someimage
-asdf
-```
-
-### Setting automatic user namespace separated containers
-
-```
-# podman run --userns=auto:size=65536 ubi8-micro cat /proc/self/uid_map
-0 2147483647      65536
-# podman run --userns=auto:size=65536 ubi8-micro cat /proc/self/uid_map
-0 2147549183      65536
-```
-
-### Setting Namespaced Kernel Parameters (Sysctls)
-
-The **--sysctl** sets namespaced kernel parameters (sysctls) in the
-container. For example, to turn on IP forwarding in the containers
-network namespace, run this command:
-
-```
-$ podman run --sysctl net.ipv4.ip_forward=1 someimage
-```
-
-Note that not all sysctls are namespaced. Podman does not support changing sysctls
-inside of a container that also modify the host system. As the kernel
-evolves we expect to see more sysctls become namespaced.
-
-See the definition of the **--sysctl** option above for the current list of
-supported sysctls.
-
-### Set UID/GID mapping in a new user namespace
-
-Running a container in a new user namespace requires a mapping of
-the uids and gids from the host.
-
-```
-$ podman run --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello
-```
-
-### Configuring Storage Options from the command line
-
-Podman allows for the configuration of storage by changing the values
-in the _/etc/container/storage.conf_ or by using global options. This
-shows how to set up and use fuse-overlayfs for a one-time run of busybox
-using global options.
-
-```
-podman --log-level=debug --storage-driver overlay --storage-opt "overlay.mount_program=/usr/bin/fuse-overlayfs" run busybox /bin/sh
-```
-
-### Configure timezone in a container
-
-```
-$ podman run --tz=local alpine date
-$ podman run --tz=Asia/Shanghai alpine date
-$ podman run --tz=US/Eastern alpine date
-```
-
-### Adding dependency containers
-
-The first container, container1, is not started initially, but must be running before container2 will start.
-The `podman run` command will start the container automatically before starting container2.
-
-```
-$ podman create --name container1 -t -i fedora bash
-$ podman run --name container2 --requires container1 -t -i fedora bash
-```
-
-Multiple containers can be required.
-
-```
-$ podman create --name container1 -t -i fedora bash
-$ podman create --name container2 -t -i fedora bash
-$ podman run --name container3 --requires container1,container2 -t -i fedora bash
-```
-
-### Configure keep supplemental groups for access to volume
-
-```
-$ podman run -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
-```
-
-### Configure execution domain for containers using personality flag
-
-```
-$ podman run --name container1 --personality=LINUX32 fedora bash
-```
-
-### Run a container with external rootfs mounted as an overlay
-
-```
-$ podman run --name container1 --rootfs /path/to/rootfs:O bash
-```
-
-### Handling Timezones in java applications in a container.
-
-In order to use a timezone other than UTC when running a
-Java application within a container, the `TZ` environment variable must be
-set within the container. Java applications will ignore the value set with the
-`--tz` option.
-
-```
-# Example run
-podman run -ti --rm  -e TZ=EST mytzimage
-lrwxrwxrwx. 1 root root 29 Nov  3 08:51 /etc/localtime -> ../usr/share/zoneinfo/Etc/UTC
-Now with default timezone:
-Fri Nov 19 18:10:55 EST 2021
-Java default sees the following timezone:
-2021-11-19T18:10:55.651130-05:00
-Forcing UTC:
-Fri Nov 19 23:10:55 UTC 2021
-```
-
-### Run a container connected to two networks (called net1 and net2) with a static ip
-
-```
-$ podman run --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 alpine ip addr
-```
-
-### Rootless Containers
-
-Podman runs as a non-root user on most systems. This feature requires that a new enough version of **shadow-utils**
-be installed. The **shadow-utils** package must include the **newuidmap**(1) and **newgidmap**(1) executables.
-
-In order for users to run rootless, there must be an entry for their username in _/etc/subuid_ and _/etc/subgid_ which lists the UIDs for their user namespace.
-
-Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
-The **fuse-overlayfs** package provides a userspace overlay storage driver, otherwise users need to use
-the **vfs** storage driver, which is diskspace expensive and does not perform well. slirp4netns is
-required for VPN, without it containers need to be run with the **--network=host** flag.
-
-## ENVIRONMENT
-
-Environment variables within containers can be set using multiple different options,
-in the following order of precedence (later entries override earlier entries):
-
-- Container image: Any environment variables specified in the container image.
-- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details.
-- **--env-host**: Host environment of the process executing Podman is added.
-- **--env-file**: Any environment variables specified via env-files. If multiple files are specified, then they override each other in order of entry.
-- **--env**: Any environment variables specified will override previous settings.
-
-Run containers and set the environment ending with a __*__.
-The trailing __*__ glob functionality is only active when no value is specified:
-
-```
-$ export ENV1=a
-$ podman run --env 'ENV*' alpine env | grep ENV
-ENV1=a
-$ podman run --env 'ENV*=b' alpine env | grep ENV
-ENV*=b
-```
-
-## CONMON
-
-When Podman starts a container it actually executes the conmon program, which
-then executes the OCI Runtime.  Conmon is the container monitor.  It is a small
-program whose job is to watch the primary process of the container, and if the
-container dies, save the exit code.  It also holds open the tty of the
-container, so that it can be attached to later. This is what allows Podman to
-run in detached mode (backgrounded), so Podman can exit but conmon continues to
-run.  Each container has their own instance of conmon. Conmon waits for the
-container to exit, gathers and saves the exit code, and then launches a Podman
-process to complete the container cleanup, by shutting down the network and
-storage.   For more information on conmon, please reference the conmon(8) man
-page.
-
-## FILES
-
-**/etc/subuid**
-
-**/etc/subgid**
-
-NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
-
-## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[systemd.unit(5)](https://www.freedesktop.org/software/systemd/man/systemd.unit.html)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
-
-## HISTORY
-September 2018, updated by Kunal Kushwaha `<kushwaha_kunal_v7@lab.ntt.co.jp>`
-
-October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman `<dwalsh@redhat.com>`
-
-November 2015, updated by Sally O'Malley `<somalley@redhat.com>`
-
-June 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
-
-April 2014, Originally compiled by William Henry `<whenry@redhat.com>` based on docker.com source material and internal work.
-
-## FOOTNOTES
-<a name="Footnote1">1</a>: The Podman project is committed to inclusivity, a core value of open source. The `master` and `slave` mount propagation terminology used here is problematic and divisive, and should be changed. However, these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, Podman will follow suit immediately.
diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in
new file mode 100644
index 000000000..37d052646
--- /dev/null
+++ b/docs/source/markdown/podman-run.1.md.in
@@ -0,0 +1,965 @@
+% podman-run 1
+
+## NAME
+podman\-run - Run a command in a new container
+
+## SYNOPSIS
+**podman run** [*options*] *image* [*command* [*arg* ...]]
+
+**podman container run** [*options*] *image* [*command* [*arg* ...]]
+
+## DESCRIPTION
+
+Run a process in a new container. **podman run** starts a process with its own
+file system, its own networking, and its own isolated process tree. The _image_
+which starts the process may define defaults related to the process that will be
+run in the container, the networking to expose, and more, but **podman run**
+gives final control to the operator or administrator who starts the container
+from the image. For that reason **podman run** has more options than any other
+Podman command.
+
+If the _image_ is not already loaded then **podman run** will pull the _image_, and
+all image dependencies, from the repository in the same way running **podman
+pull** _image_ , before it starts the container from that image.
+
+Several files will be automatically created within the container. These include
+_/etc/hosts_, _/etc/hostname_, and _/etc/resolv.conf_ to manage networking.
+These will be based on the host's version of the files, though they can be
+customized with options (for example, **--dns** will override the host's DNS
+servers in the created _resolv.conf_). Additionally, a container environment
+file is created in each container to indicate to programs they are running in a
+container. This file is located at _/run/.containerenv_. When using the
+--privileged flag the .containerenv contains name/value pairs indicating the
+container engine version, whether the engine is running in rootless mode, the
+container name and id, as well as the image name and id that the container is based on.
+
+When running from a user defined network namespace, the _/etc/netns/NSNAME/resolv.conf_
+will be used if it exists, otherwise _/etc/resolv.conf_ will be used.
+
+Default settings are defined in `containers.conf`. Most settings for remote
+connections use the servers containers.conf, except when documented in man
+pages.
+
+## IMAGE
+
+  The image is specified using transport:path format. If no transport is specified, the `docker` (container registry)
+transport will be used by default. For remote Podman, including Mac and Windows (excluding WSL2) machines, `docker` is the only allowed transport.
+
+  **dir:**_path_
+  An existing local directory _path_ storing the manifest, layer tarballs and signatures as individual files. This
+is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
+
+    $ podman save --format docker-dir fedora -o /tmp/fedora
+    $ podman run dir:/tmp/fedora echo hello
+
+  **docker://**_docker-reference_ (Default)
+  An image reference stored in a remote container image registry. Example: "quay.io/podman/stable:latest".
+The reference can include a path to a specific registry; if it does not, the
+registries listed in registries.conf will be queried to find a matching image.
+By default, credentials from `podman login` (stored at
+$XDG_RUNTIME_DIR/containers/auth.json by default) will be used to authenticate;
+otherwise it falls back to using credentials in $HOME/.docker/config.json.
+
+    $ podman run registry.fedoraproject.org/fedora:latest echo hello
+
+  **docker-archive:**_path_[**:**_docker-reference_]
+An image stored in the `docker save` formatted file. _docker-reference_ is only used when creating such a
+file, and it must not contain a digest.
+
+    $ podman save --format docker-archive fedora -o /tmp/fedora
+    $ podman run docker-archive:/tmp/fedora echo hello
+
+  **docker-daemon:**_docker-reference_
+  An image in _docker-reference_ format stored in the docker daemon internal storage. The _docker-reference_ can also be an image ID (docker-daemon:algo:digest).
+
+    $ sudo docker pull fedora
+    $ sudo podman run docker-daemon:docker.io/library/fedora echo hello
+
+  **oci-archive:**_path_**:**_tag_
+  An image in a directory compliant with the "Open Container Image Layout Specification" at the specified _path_
+and specified with a _tag_.
+
+    $ podman save --format oci-archive fedora -o /tmp/fedora
+    $ podman run oci-archive:/tmp/fedora echo hello
+
+## OPTIONS
+@@option add-host
+
+@@option annotation.container
+
+@@option arch
+
+#### **--attach**, **-a**=*stdin* | *stdout* | *stderr*
+
+Attach to STDIN, STDOUT or STDERR.
+
+In foreground mode (the default when **-d**
+is not specified), **podman run** can start the process in the container
+and attach the console to the process's standard input, output, and
+error. It can even pretend to be a TTY (this is what most commandline
+executables expect) and pass along signals. The **-a** option can be set for
+each of **stdin**, **stdout**, and **stderr**.
+
+@@option authfile
+
+@@option blkio-weight
+
+@@option blkio-weight-device
+
+@@option cap-add
+
+@@option cap-drop
+
+@@option cgroup-conf
+
+@@option cgroup-parent
+
+@@option cgroupns
+
+@@option cgroups
+
+@@option chrootdirs
+
+@@option cidfile.write
+
+@@option conmon-pidfile
+
+@@option cpu-period
+
+@@option cpu-quota
+
+@@option cpu-rt-period
+
+@@option cpu-rt-runtime
+
+@@option cpu-shares
+
+@@option cpus.container
+
+@@option cpuset-cpus
+
+@@option cpuset-mems
+
+#### **--detach**, **-d**
+
+Detached mode: run the container in the background and print the new container ID. The default is *false*.
+
+At any time you can run **podman ps** in
+the other shell to view a list of the running containers. You can reattach to a
+detached container with **podman attach**.
+
+When attached in the tty mode, you can detach from the container (and leave it
+running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`.
+Specify the key sequence using the **--detach-keys** option, or configure
+it in the **containers.conf** file: see **containers.conf(5)** for more information.
+
+#### **--detach-keys**=*sequence*
+
+Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will set the sequence to the default value of *ctrl-p,ctrl-q*.
+
+This option can also be set in **containers.conf**(5) file.
+
+@@option device
+
+Note: if the user only has access rights via a group, accessing the device
+from inside a rootless container will fail. Use the `--group-add keep-groups`
+flag to pass the user's supplementary group access into the container.
+
+@@option device-cgroup-rule
+
+@@option device-read-bps
+
+@@option device-read-iops
+
+@@option device-write-bps
+
+@@option device-write-iops
+
+@@option disable-content-trust
+
+@@option dns
+
+This option cannot be combined with **--network** that is set to **none** or **container:**_id_.
+
+@@option dns-opt.container
+
+@@option dns-search.container
+
+@@option entrypoint
+
+#### **--env**, **-e**=*env*
+
+Set environment variables.
+
+This option allows arbitrary environment variables that are available for the process to be launched inside of the container. If an environment variable is specified without a value, Podman will check the host environment for a value and set the variable only if it is set on the host. As a special case, if an environment variable ending in __*__ is specified without a value, Podman will search the host environment for variables starting with the prefix and will add those variables to the container.
+
+See [**Environment**](#environment) note below for precedence and examples.
+
+#### **--env-file**=*file*
+
+Read in a line delimited file of environment variables. See **Environment** note below for precedence.
+
+@@option env-host
+
+@@option env-merge
+
+@@option expose
+
+@@option gidmap.container
+
+@@option group-add
+
+@@option health-cmd
+
+@@option health-interval
+
+@@option health-on-failure
+
+@@option health-retries
+
+@@option health-start-period
+
+@@option health-timeout
+
+#### **--help**
+
+Print usage statement
+
+@@option hostname.container
+
+@@option hostuser
+
+@@option http-proxy
+
+@@option image-volume
+
+@@option init
+
+@@option init-path
+
+@@option interactive
+
+@@option ip
+
+@@option ip6
+
+@@option ipc
+
+@@option label
+
+@@option label-file
+
+@@option link-local-ip
+
+@@option log-driver
+
+#### **--log-opt**=*name=value*
+
+Logging driver specific options.
+
+Set custom logging configuration. The following *name*s are supported:
+
+**path**: specify a path to the log file
+    (e.g. **--log-opt path=/var/log/container/mycontainer.json**);
+
+**max-size**: specify a max size of the log file
+    (e.g. **--log-opt max-size=10mb**);
+
+**tag**: specify a custom log tag for the container
+   (e.g. **--log-opt tag="{{.ImageName}}"**.
+
+This option is currently supported only by the **journald** log driver.
+
+@@option mac-address
+
+@@option memory
+
+@@option memory-reservation
+
+@@option memory-swap
+
+@@option memory-swappiness
+
+@@option mount
+
+@@option name.container
+
+#### **--network**=*mode*, **--net**
+
+Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace.
+
+Valid _mode_ values are:
+
+- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
+  - **alias=name**: Add network-scoped alias for the container.
+  - **ip=IPv4**: Specify a static ipv4 address for this container.
+  - **ip=IPv6**: Specify a static ipv6 address for this container.
+  - **mac=MAC**: Specify a static mac address for this container.
+  - **interface_name**: Specify a name for the created network interface inside the container.
+
+  For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
+- \<network name or ID\>[:OPTIONS,...]: Connect to a user-defined network; this is the network name or ID from a network created by **[podman network create](podman-network-create.1.md)**. Using the network name implies the bridge network mode. It is possible to specify the same options described under the bridge mode above. You can use the **--network** option multiple times to specify additional networks.
+- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
+- **container:**_id_: Reuse another container's network stack.
+- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
+- **ns:**_path_: Path to a network namespace to join.
+- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
+- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
+  - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false.
+  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
+  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
+  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
+  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
+  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
+  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
+  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
+  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
+  Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
+
+@@option network-alias
+
+@@option no-healthcheck
+
+@@option no-hosts
+
+This option conflicts with **--add-host**.
+
+@@option oom-kill-disable
+
+@@option oom-score-adj
+
+@@option os.pull
+
+#### **--passwd**
+
+Allow Podman to add entries to /etc/passwd and /etc/group when used in conjunction with the --user option.
+This is used to override the Podman provided user setup in favor of entrypoint configurations such as libnss-extrausers.
+
+@@option passwd-entry
+
+@@option personality
+
+@@option pid
+
+@@option pidfile
+
+@@option pids-limit
+
+@@option platform
+
+#### **--pod**=*name*
+
+Run container in an existing pod. If you want Podman to make the pod for you, prefix the pod name with **new:**.
+To make a pod with more granular options, use the **podman pod create** command before creating a container.
+If a container is run with a pod, and the pod has an infra-container, the infra-container will be started before the container is.
+
+@@option pod-id-file.container
+
+@@option preserve-fds
+
+@@option privileged
+
+@@option publish
+
+**Note:** If a container will be run within a pod, it is not necessary to publish the port for
+the containers in the pod. The port must only be published by the pod itself. Pod network
+stacks act like the network stack on the host - you have a variety of containers in the pod,
+and programs in the container, all sharing a single interface and IP address, and
+associated ports. If one container binds to a port, no other container can use that port
+within the pod while it is in use. Containers in the pod can also communicate over localhost
+by having one container bind to localhost in the pod, and another connect to that port.
+
+@@option publish-all
+
+@@option pull
+
+#### **--quiet**, **-q**
+
+Suppress output information when pulling images
+
+@@option read-only
+
+@@option read-only-tmpfs
+
+@@option replace
+
+@@option requires
+
+@@option restart
+
+#### **--rm**
+
+Automatically remove the container when it exits. The default is **false**.
+
+#### **--rmi**
+
+After exit of the container, remove the image unless another
+container is using it. The default is *false*.
+
+@@option rootfs
+
+@@option sdnotify
+
+@@option seccomp-policy
+
+@@option secret
+
+#### **--security-opt**=*option*
+
+Security Options
+
+- **apparmor=unconfined** : Turn off apparmor confinement for the container
+- **apparmor**=_your-profile_ : Set the apparmor confinement profile for the container
+
+- **label=user:**_USER_: Set the label user for the container processes
+- **label=role:**_ROLE_: Set the label role for the container processes
+- **label=type:**_TYPE_: Set the label process type for the container processes
+- **label=level:**_LEVEL_: Set the label level for the container processes
+- **label=filetype:**TYPE_: Set the label file type for the container files
+- **label=disable**: Turn off label separation for the container
+
+Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
+
+- **mask**=_/path/1:/path/2_: The paths to mask separated by a colon. A masked path
+  cannot be accessed inside the container.
+
+- **no-new-privileges**: Disable container processes from gaining additional privileges
+
+- **seccomp=unconfined**: Turn off seccomp confinement for the container.
+- **seccomp=profile.json**: JSON file to be used as a seccomp filter. Note that the `io.podman.annotations.seccomp` annotation is set with the specified value as shown in `podman inspect`.
+
+- **proc-opts**=_OPTIONS_ : Comma-separated list of options to use for the /proc mount. More details
+  for the possible mount options are specified in the **proc(5)** man page.
+
+- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
+  The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**.  The default paths that are read-only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**, **/sys/fs/cgroup**.
+
+Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file.
+
+@@option shm-size
+
+#### **--sig-proxy**
+
+Sets whether the signals sent to the **podman run** command are proxied to the container process. SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is **true**.
+
+@@option stop-signal
+
+@@option stop-timeout
+
+@@option subgidname
+
+@@option subuidname
+
+@@option sysctl
+
+@@option systemd
+
+@@option timeout
+
+@@option tls-verify
+
+@@option tmpfs
+
+@@option tty
+
+```
+echo "asdf" | podman run --rm -i someimage /bin/cat
+```
+
+@@option tz
+
+@@option uidmap.container
+
+@@option ulimit
+
+@@option umask
+
+@@option unsetenv
+
+@@option unsetenv-all
+
+@@option user
+
+@@option userns.container
+
+@@option uts.container
+
+#### **--variant**=*VARIANT*
+Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7.
+
+@@option volume
+
+Use the **--group-add keep-groups** option to pass the user's supplementary group access into the container.
+
+@@option volumes-from
+
+@@option workdir
+
+## Exit Status
+
+The exit code from **podman run** gives information about why the container
+failed to run or why it exited. When **podman run** exits with a non-zero code,
+the exit codes follow the **chroot**(1) standard, see below:
+
+  **125** The error is with Podman itself
+
+    $ podman run --foo busybox; echo $?
+    Error: unknown flag: --foo
+    125
+
+  **126** The _contained command_ cannot be invoked
+
+    $ podman run busybox /etc; echo $?
+    Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error
+    126
+
+  **127** The _contained command_ cannot be found
+
+    $ podman run busybox foo; echo $?
+    Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error
+    127
+
+  **Exit code** _contained command_ exit code
+
+    $ podman run busybox /bin/sh -c 'exit 3'; echo $?
+    3
+
+## EXAMPLES
+
+### Running container in read-only mode
+
+During container image development, containers often need to write to the image
+content. Installing packages into _/usr_, for example. In production,
+applications seldom need to write to the image.  Container applications write
+to volumes if they need to write to file systems at all. Applications can be
+made more secure by running them in read-only mode using the **--read-only** switch.
+This protects the container's image from modification. Read-only containers may
+still need to write temporary data. The best way to handle this is to mount
+tmpfs directories on _/run_ and _/tmp_.
+
+```
+$ podman run --read-only -i -t fedora /bin/bash
+
+$ podman run --read-only --read-only-tmpfs=false --tmpfs /run -i -t fedora /bin/bash
+```
+
+### Exposing log messages from the container to the host's log
+
+If you want messages that are logged in your container to show up in the host's
+syslog/journal then you should bind mount the _/dev/log_ directory as follows.
+
+```
+$ podman run -v /dev/log:/dev/log -i -t fedora /bin/bash
+```
+
+From inside the container you can test this by sending a message to the log.
+
+```
+(bash)# logger "Hello from my container"
+```
+
+Then exit and check the journal.
+
+```
+(bash)# exit
+
+$ journalctl -b | grep Hello
+```
+
+This should list the message sent to logger.
+
+### Attaching to one or more from STDIN, STDOUT, STDERR
+
+If you do not specify **-a**, Podman will attach everything (stdin, stdout, stderr).
+You can specify to which of the three standard streams (stdin, stdout, stderr)
+you'd like to connect instead, as in:
+
+```
+$ podman run -a stdin -a stdout -i -t fedora /bin/bash
+```
+
+### Sharing IPC between containers
+
+Using **shm_server.c** available here: https://www.cs.cf.ac.uk/Dave/C/node27.html
+
+Testing **--ipc=host** mode:
+
+Host shows a shared memory segment with 7 pids attached, happens to be from httpd:
+
+```
+$ sudo ipcs -m
+
+------ Shared Memory Segments --------
+key        shmid      owner      perms      bytes      nattch     status
+0x01128e25 0          root       600        1000       7
+```
+
+Now run a regular container, and it correctly does NOT see the shared memory segment from the host:
+
+```
+$ podman run -it shm ipcs -m
+
+------ Shared Memory Segments --------
+key        shmid      owner      perms      bytes      nattch     status
+```
+
+Run a container with the new **--ipc=host** option, and it now sees the shared memory segment from the host httpd:
+
+```
+$ podman run -it --ipc=host shm ipcs -m
+
+------ Shared Memory Segments --------
+key        shmid      owner      perms      bytes      nattch     status
+0x01128e25 0          root       600        1000       7
+```
+Testing **--ipc=container:**_id_ mode:
+
+Start a container with a program to create a shared memory segment:
+```
+$ podman run -it shm bash
+$ sudo shm/shm_server &
+$ sudo ipcs -m
+
+------ Shared Memory Segments --------
+key        shmid      owner      perms      bytes      nattch     status
+0x0000162e 0          root       666        27         1
+```
+Create a 2nd container correctly shows no shared memory segment from 1st container:
+```
+$ podman run shm ipcs -m
+
+------ Shared Memory Segments --------
+key        shmid      owner      perms      bytes      nattch     status
+```
+
+Create a 3rd container using the **--ipc=container:**_id_ option, now it shows the shared memory segment from the first:
+
+```
+$ podman run -it --ipc=container:ed735b2264ac shm ipcs -m
+$ sudo ipcs -m
+
+------ Shared Memory Segments --------
+key        shmid      owner      perms      bytes      nattch     status
+0x0000162e 0          root       666        27         1
+```
+
+### Mapping Ports for External Usage
+
+The exposed port of an application can be mapped to a host port using the **-p**
+flag. For example, an httpd port 80 can be mapped to the host port 8080 using the
+following:
+
+```
+$ podman run -p 8080:80 -d -i -t fedora/httpd
+```
+
+### Mounting External Volumes
+
+To mount a host directory as a container volume, specify the absolute path to
+the directory and the absolute path for the container directory separated by a
+colon. If the source is a named volume maintained by Podman, it is recommended to
+use its name rather than the path to the volume. Otherwise the volume will be
+considered as an orphan and wiped if you execute **podman volume prune**:
+
+```
+$ podman run -v /var/db:/data1 -i -t fedora bash
+
+$ podman run -v data:/data2 -i -t fedora bash
+
+$ podman run -v /var/cache/dnf:/var/cache/dnf:O -ti fedora dnf -y update
+
+$ podman run -d -e MYSQL_ROOT_PASSWORD=root --user mysql --userns=keep-id -v ~/data:/var/lib/mysql:z,U mariadb
+```
+
+Using **--mount** flags to mount a host directory as a container folder, specify
+the absolute path to the directory or the volume name, and the absolute path
+within the container directory:
+
+````
+$ podman run --mount type=bind,src=/var/db,target=/data1 busybox sh
+
+$ podman run --mount type=bind,src=volume-name,target=/data1 busybox sh
+````
+
+When using SELinux, be aware that the host has no knowledge of container SELinux
+policy. Therefore, in the above example, if SELinux policy is enforced, the
+_/var/db_ directory is not writable to the container. A "Permission Denied"
+message will occur and an **avc:** message in the host's syslog.
+
+To work around this, at time of writing this man page, the following command
+needs to be run in order for the proper SELinux policy type label to be attached
+to the host directory:
+
+```
+$ chcon -Rt svirt_sandbox_file_t /var/db
+```
+
+Now, writing to the _/data1_ volume in the container will be allowed and the
+changes will also be reflected on the host in _/var/db_.
+
+### Using alternative security labeling
+
+You can override the default labeling scheme for each container by specifying
+the **--security-opt** flag. For example, you can specify the MCS/MLS level, a
+requirement for MLS systems. Specifying the level in the following command
+allows you to share the same content between containers.
+
+```
+podman run --security-opt label=level:s0:c100,c200 -i -t fedora bash
+```
+
+An MLS example might be:
+
+```
+$ podman run --security-opt label=level:TopSecret -i -t rhel7 bash
+```
+
+To disable the security labeling for this container versus running with the
+#### **--permissive** flag, use the following command:
+
+```
+$ podman run --security-opt label=disable -i -t fedora bash
+```
+
+If you want a tighter security policy on the processes within a container,
+you can specify an alternate type for the container. You could run a container
+that is only allowed to listen on Apache ports by executing the following
+command:
+
+```
+$ podman run --security-opt label=type:svirt_apache_t -i -t centos bash
+```
+
+Note you would have to write policy defining a **svirt_apache_t** type.
+
+To mask additional specific paths in the container, specify the paths
+separated by a colon using the **mask** option with the **--security-opt**
+flag.
+
+```
+$ podman run --security-opt mask=/foo/bar:/second/path fedora bash
+```
+
+To unmask all the paths that are masked by default, set the **unmask** option to
+**ALL**. Or to only unmask specific paths, specify the paths as shown above with
+the **mask** option.
+
+```
+$ podman run --security-opt unmask=ALL fedora bash
+```
+
+To unmask all the paths that start with /proc, set the **unmask** option to
+**/proc/***.
+
+```
+$ podman run --security-opt unmask=/proc/* fedora bash
+```
+
+```
+$ podman run --security-opt unmask=/foo/bar:/sys/firmware fedora bash
+```
+
+### Setting device weight
+
+If you want to set _/dev/sda_ device weight to **200**, you can specify the device
+weight by **--blkio-weight-device** flag. Use the following command:
+
+```
+$ podman run -it --blkio-weight-device "/dev/sda:200" ubuntu
+```
+
+### Using a podman container with input from a pipe
+
+```
+$ echo "asdf" | podman run --rm -i --entrypoint /bin/cat someimage
+asdf
+```
+
+### Setting automatic user namespace separated containers
+
+```
+# podman run --userns=auto:size=65536 ubi8-micro cat /proc/self/uid_map
+0 2147483647      65536
+# podman run --userns=auto:size=65536 ubi8-micro cat /proc/self/uid_map
+0 2147549183      65536
+```
+
+### Setting Namespaced Kernel Parameters (Sysctls)
+
+The **--sysctl** sets namespaced kernel parameters (sysctls) in the
+container. For example, to turn on IP forwarding in the containers
+network namespace, run this command:
+
+```
+$ podman run --sysctl net.ipv4.ip_forward=1 someimage
+```
+
+Note that not all sysctls are namespaced. Podman does not support changing sysctls
+inside of a container that also modify the host system. As the kernel
+evolves we expect to see more sysctls become namespaced.
+
+See the definition of the **--sysctl** option above for the current list of
+supported sysctls.
+
+### Set UID/GID mapping in a new user namespace
+
+Running a container in a new user namespace requires a mapping of
+the uids and gids from the host.
+
+```
+$ podman run --uidmap 0:30000:7000 --gidmap 0:30000:7000 fedora echo hello
+```
+
+### Configuring Storage Options from the command line
+
+Podman allows for the configuration of storage by changing the values
+in the _/etc/container/storage.conf_ or by using global options. This
+shows how to set up and use fuse-overlayfs for a one-time run of busybox
+using global options.
+
+```
+podman --log-level=debug --storage-driver overlay --storage-opt "overlay.mount_program=/usr/bin/fuse-overlayfs" run busybox /bin/sh
+```
+
+### Configure timezone in a container
+
+```
+$ podman run --tz=local alpine date
+$ podman run --tz=Asia/Shanghai alpine date
+$ podman run --tz=US/Eastern alpine date
+```
+
+### Adding dependency containers
+
+The first container, container1, is not started initially, but must be running before container2 will start.
+The `podman run` command will start the container automatically before starting container2.
+
+```
+$ podman create --name container1 -t -i fedora bash
+$ podman run --name container2 --requires container1 -t -i fedora bash
+```
+
+Multiple containers can be required.
+
+```
+$ podman create --name container1 -t -i fedora bash
+$ podman create --name container2 -t -i fedora bash
+$ podman run --name container3 --requires container1,container2 -t -i fedora bash
+```
+
+### Configure keep supplemental groups for access to volume
+
+```
+$ podman run -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
+```
+
+### Configure execution domain for containers using personality flag
+
+```
+$ podman run --name container1 --personality=LINUX32 fedora bash
+```
+
+### Run a container with external rootfs mounted as an overlay
+
+```
+$ podman run --name container1 --rootfs /path/to/rootfs:O bash
+```
+
+### Handling Timezones in java applications in a container.
+
+In order to use a timezone other than UTC when running a
+Java application within a container, the `TZ` environment variable must be
+set within the container. Java applications will ignore the value set with the
+`--tz` option.
+
+```
+# Example run
+podman run -ti --rm  -e TZ=EST mytzimage
+lrwxrwxrwx. 1 root root 29 Nov  3 08:51 /etc/localtime -> ../usr/share/zoneinfo/Etc/UTC
+Now with default timezone:
+Fri Nov 19 18:10:55 EST 2021
+Java default sees the following timezone:
+2021-11-19T18:10:55.651130-05:00
+Forcing UTC:
+Fri Nov 19 23:10:55 UTC 2021
+```
+
+### Run a container connected to two networks (called net1 and net2) with a static ip
+
+```
+$ podman run --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 alpine ip addr
+```
+
+### Rootless Containers
+
+Podman runs as a non-root user on most systems. This feature requires that a new enough version of **shadow-utils**
+be installed. The **shadow-utils** package must include the **newuidmap**(1) and **newgidmap**(1) executables.
+
+In order for users to run rootless, there must be an entry for their username in _/etc/subuid_ and _/etc/subgid_ which lists the UIDs for their user namespace.
+
+Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
+The **fuse-overlayfs** package provides a userspace overlay storage driver, otherwise users need to use
+the **vfs** storage driver, which is diskspace expensive and does not perform well. slirp4netns is
+required for VPN, without it containers need to be run with the **--network=host** flag.
+
+## ENVIRONMENT
+
+Environment variables within containers can be set using multiple different options,
+in the following order of precedence (later entries override earlier entries):
+
+- Container image: Any environment variables specified in the container image.
+- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details.
+- **--env-host**: Host environment of the process executing Podman is added.
+- **--env-file**: Any environment variables specified via env-files. If multiple files are specified, then they override each other in order of entry.
+- **--env**: Any environment variables specified will override previous settings.
+
+Run containers and set the environment ending with a __*__.
+The trailing __*__ glob functionality is only active when no value is specified:
+
+```
+$ export ENV1=a
+$ podman run --env 'ENV*' alpine env | grep ENV
+ENV1=a
+$ podman run --env 'ENV*=b' alpine env | grep ENV
+ENV*=b
+```
+
+## CONMON
+
+When Podman starts a container it actually executes the conmon program, which
+then executes the OCI Runtime.  Conmon is the container monitor.  It is a small
+program whose job is to watch the primary process of the container, and if the
+container dies, save the exit code.  It also holds open the tty of the
+container, so that it can be attached to later. This is what allows Podman to
+run in detached mode (backgrounded), so Podman can exit but conmon continues to
+run.  Each container has their own instance of conmon. Conmon waits for the
+container to exit, gathers and saves the exit code, and then launches a Podman
+process to complete the container cleanup, by shutting down the network and
+storage.   For more information on conmon, please reference the conmon(8) man
+page.
+
+## FILES
+
+**/etc/subuid**
+
+**/etc/subgid**
+
+NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
+
+## SEE ALSO
+**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[systemd.unit(5)](https://www.freedesktop.org/software/systemd/man/systemd.unit.html)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
+
+## HISTORY
+September 2018, updated by Kunal Kushwaha `<kushwaha_kunal_v7@lab.ntt.co.jp>`
+
+October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman `<dwalsh@redhat.com>`
+
+November 2015, updated by Sally O'Malley `<somalley@redhat.com>`
+
+June 2014, updated by Sven Dowideit `<SvenDowideit@home.org.au>`
+
+April 2014, Originally compiled by William Henry `<whenry@redhat.com>` based on docker.com source material and internal work.
+
+## FOOTNOTES
+<a name="Footnote1">1</a>: The Podman project is committed to inclusivity, a core value of open source. The `master` and `slave` mount propagation terminology used here is problematic and divisive, and should be changed. However, these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, Podman will follow suit immediately.
diff --git a/docs/source/markdown/podman-save.1.md b/docs/source/markdown/podman-save.1.md
index aa4900e25..088d9dc21 100644
--- a/docs/source/markdown/podman-save.1.md
+++ b/docs/source/markdown/podman-save.1.md
@@ -1,4 +1,4 @@
-% podman-save(1)
+% podman-save 1
 
 ## NAME
 podman\-save - Save image(s) to an archive
diff --git a/docs/source/markdown/podman-search.1.md b/docs/source/markdown/podman-search.1.md.in
index 5b49d7f8e..89df8c29f 100644
--- a/docs/source/markdown/podman-search.1.md
+++ b/docs/source/markdown/podman-search.1.md.in
@@ -1,4 +1,4 @@
-% podman-search(1)
+% podman-search 1
 
 ## NAME
 podman\-search - Search a registry for an image
@@ -30,12 +30,7 @@ Further note that searching without a search term will only work for registries
 
 ## OPTIONS
 
-#### **--authfile**=*path*
-
-Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json
-
-Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
-environment variable. `export REGISTRY_AUTH_FILE=path`
+@@option authfile
 
 #### **--compatible**
 
@@ -92,12 +87,7 @@ The result contains the Image name and its tag, one line for every tag associate
 
 Do not truncate the output (default *false*).
 
-#### **--tls-verify**
-
-Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
-then TLS verification will be used. If set to false, then TLS verification will not be used if needed. If not specified,
-default registries will be searched through (in /etc/containers/registries.conf), and TLS will be skipped if a default
-registry is listed in the insecure registries.
+@@option tls-verify
 
 ## EXAMPLES
 
diff --git a/docs/source/markdown/podman-secret-create.1.md b/docs/source/markdown/podman-secret-create.1.md
index e08afb388..1aafc6c11 100644
--- a/docs/source/markdown/podman-secret-create.1.md
+++ b/docs/source/markdown/podman-secret-create.1.md
@@ -1,4 +1,4 @@
-% podman-secret-create(1)
+% podman-secret-create 1
 
 ## NAME
 podman\-secret\-create - Create a new secret
@@ -20,7 +20,7 @@ Secrets will not be committed to an image with `podman commit`, and will not be
 
 ## OPTIONS
 
-#### **--driver**=*driver*
+#### **--driver**, **-d**=*driver*
 
 Specify the secret driver (default **file**, which is unencrypted).
 
diff --git a/docs/source/markdown/podman-secret-inspect.1.md b/docs/source/markdown/podman-secret-inspect.1.md
index df16ba6fa..77d9276bd 100644
--- a/docs/source/markdown/podman-secret-inspect.1.md
+++ b/docs/source/markdown/podman-secret-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-secret-inspect(1)
+% podman-secret-inspect 1
 
 ## NAME
 podman\-secret\-inspect - Display detailed information on one or more secrets
@@ -15,10 +15,21 @@ Secrets can be queried individually by providing their full name or a unique par
 
 ## OPTIONS
 
-#### **--format**=*format*
+#### **--format**, **-f**=*format*
 
 Format secret output using Go template.
 
+| **Placeholder**          | **Description**                                                   |
+| ------------------------ | ----------------------------------------------------------------- |
+| .CreatedAt               | When secret was created (relative timestamp, human-readable)      |
+| .ID                      | ID of secret                                                      |
+| .Spec                    | Details of secret                                                 |
+| .Spec.Driver             | Driver info                                                       |
+| .Spec.Driver.Name        | Driver name (string)                                              |
+| .Spec.Driver.Options ... | Driver options (map of driver-specific options)                   |
+| .Spec.Name               | Name of secret                                                    |
+| .UpdatedAt               | When secret was last updated (relative timestamp, human-readable) |
+
 #### **--help**
 
 Print usage statement.
diff --git a/docs/source/markdown/podman-secret-ls.1.md b/docs/source/markdown/podman-secret-ls.1.md
index 3b8535b5d..6f82f562b 100644
--- a/docs/source/markdown/podman-secret-ls.1.md
+++ b/docs/source/markdown/podman-secret-ls.1.md
@@ -1,4 +1,4 @@
-% podman-secret-ls(1)
+% podman-secret-ls 1
 
 ## NAME
 podman\-secret\-ls - List all available secrets
@@ -30,7 +30,11 @@ Format secret output using Go template.
 
 #### **--noheading**
 
-Omit the table headings from the listing of secrets.	.
+Omit the table headings from the listing of secrets.
+
+#### **--quiet**, **-q**
+
+Print secret IDs only.
 
 ## EXAMPLES
 
diff --git a/docs/source/markdown/podman-secret-rm.1.md b/docs/source/markdown/podman-secret-rm.1.md
index ceab3df60..820c8515c 100644
--- a/docs/source/markdown/podman-secret-rm.1.md
+++ b/docs/source/markdown/podman-secret-rm.1.md
@@ -1,4 +1,4 @@
-% podman-secret-rm(1)
+% podman-secret-rm 1
 
 ## NAME
 podman\-secret\-rm - Remove one or more secrets
diff --git a/docs/source/markdown/podman-secret.1.md b/docs/source/markdown/podman-secret.1.md
index 671a0c43b..f6c0a945f 100644
--- a/docs/source/markdown/podman-secret.1.md
+++ b/docs/source/markdown/podman-secret.1.md
@@ -1,4 +1,4 @@
-% podman-secret(1)
+% podman-secret 1
 
 ## NAME
 podman\-secret - Manage podman secrets
diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md.in
index 6b0433483..6fa41018b 100644
--- a/docs/source/markdown/podman-start.1.md
+++ b/docs/source/markdown/podman-start.1.md.in
@@ -1,4 +1,4 @@
-% podman-start(1)
+% podman-start 1
 
 ## NAME
 podman\-start - Start one or more containers
@@ -53,9 +53,7 @@ Valid filters are listed below:
 | pod             | [Pod] name or full or partial ID of pod                                          |
 | network         | [Network] name or full ID of network                                             |
 
-#### **--interactive**, **-i**
-
-Attach container's STDIN. The default is false.
+@@option interactive
 
 #### **--latest**, **-l**
 
diff --git a/docs/source/markdown/podman-stats.1.md b/docs/source/markdown/podman-stats.1.md.in
index d87da6a60..a14bd81e6 100644
--- a/docs/source/markdown/podman-stats.1.md
+++ b/docs/source/markdown/podman-stats.1.md.in
@@ -1,4 +1,4 @@
-% podman-stats(1)
+% podman-stats 1
 
 ## NAME
 podman\-stats - Display a live stream of one or more container's resource usage statistics
@@ -30,17 +30,37 @@ Pretty-print container statistics to JSON or using a Go template
 
 Valid placeholders for the Go template are listed below:
 
-| **Placeholder** | **Description**    |
-| --------------- | ------------------ |
-| .ID             | Container ID       |
-| .Name           | Container Name     |
-| .CPUPerc        | CPU percentage     |
-| .MemUsage       | Memory usage       |
-| .MemUsageBytes  | Memory usage (IEC) |
-| .MemPerc        | Memory percentage  |
-| .NetIO          | Network IO         |
-| .BlockIO        | Block IO           |
-| .PIDS           | Number of PIDs     |
+| **Placeholder**     | **Description**                                  |
+|---------------------|--------------------------------------------------|
+| .AvgCPU             | Average CPU, full precision float                |
+| .AVGCPU             | Average CPU, formatted as a percent              |
+| .BlockInput         | Block Input                                      |
+| .BlockIO            | Block IO                                         |
+| .BlockOutput        | Block Output                                     |
+| .ContainerID        | Container ID, full (untruncated) hash            |
+| .ContainerStats ... | Nested structure, for experts only               |
+| .CPU                | Percent CPU, full precision float                |
+| .CPUNano            | CPU Usage, total, in nanoseconds                 |
+| .CPUPerc            | CPU percentage                                   |
+| .CPUSystemNano      | CPU Usage, kernel, in nanoseconds                |
+| .Duration           | Same as CPUNano                                  |
+| .ID                 | Container ID, truncated                          |
+| .MemLimit           | Memory limit, in bytes                           |
+| .MemPerc            | Memory percentage                                |
+| .MemUsage           | Memory usage                                     |
+| .MemUsageBytes      | Memory usage (IEC)                               |
+| .Name               | Container Name                                   |
+| .NetInput           | Network Input                                    |
+| .NetIO              | Network IO                                       |
+| .NetOutput          | Network Output                                   |
+| .PerCPU             | CPU time consumed by all tasks [1]               |
+| .PIDs               | Number of PIDs                                   |
+| .PIDS               | Number of PIDs (yes, we know it's a dup)         |
+| .SystemNano         | Current system datetime, nanoseconds since epoch |
+| .Up                 | Duration (CPUNano), in human-readable form       |
+| .UpTime             | Same as UpTime                                   |
+
+[1] Cgroups V1 only
 
 When using a GO template, you may precede the format with `table` to print headers.
 
@@ -53,13 +73,13 @@ Time in seconds between stats reports, defaults to 5 seconds.
 Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
 to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
-#### **--no-reset**
+@@option no-reset
 
-Do not clear the terminal/screen in between reporting intervals
+@@option no-stream
 
-#### **--no-stream**
+#### **--no-trunc**
 
-Disable streaming stats and only pull the first result, default setting is false
+Do not truncate output
 
 ## EXAMPLE
 
@@ -77,6 +97,12 @@ a9f807ffaacd   frosty_hodgkin   --      3.092MB / 16.7GB    0.02%   -- / --   --
 ```
 
 ```
+$ podman stats --no-trunc 3667 --format 'table {{ .ID }} {{ .MemUsage }}'
+ID                                                                MEM USAGE / LIMIT
+3667c6aacb06aac2eaffce914c01736420023d56ef9b0f4cfe58b6d6a78b7503  49.15kB / 67.17GB
+```
+
+```
 # podman stats --no-stream --format=json a9f80
 [
     {
diff --git a/docs/source/markdown/podman-stop.1.md b/docs/source/markdown/podman-stop.1.md.in
index cfc49afa1..7b32ca4b0 100644
--- a/docs/source/markdown/podman-stop.1.md
+++ b/docs/source/markdown/podman-stop.1.md.in
@@ -1,4 +1,4 @@
-% podman-stop(1)
+% podman-stop 1
 
 ## NAME
 podman\-stop - Stop one or more running containers
@@ -21,9 +21,7 @@ container and also via command line when creating the container.
 
 Stop all running containers.  This does not include paused containers.
 
-#### **--cidfile**
-
-Read container ID from the specified file and remove the container.  Can be specified multiple times.
+@@option cidfile.read
 
 #### **--filter**, **-f**=*filter*
 
@@ -49,11 +47,7 @@ Valid filters are listed below:
 | pod             | [Pod] name or full or partial ID of pod                                          |
 | network         | [Network] name or full ID of network                                             |
 
-#### **--ignore**, **-i**
-
-Ignore errors when specified containers are not in the container store.  A user
-might have decided to manually remove a container which would lead to a failure
-during the ExecStop directive of a systemd service referencing that container.
+@@option ignore
 
 #### **--latest**, **-l**
 
diff --git a/docs/source/markdown/podman-system-connection-add.1.md b/docs/source/markdown/podman-system-connection-add.1.md
index d608ab7a7..f06cd2780 100644
--- a/docs/source/markdown/podman-system-connection-add.1.md
+++ b/docs/source/markdown/podman-system-connection-add.1.md
@@ -1,4 +1,4 @@
-% podman-system-connection-add(1)
+% podman-system-connection-add 1
 
 ## NAME
 podman\-system\-connection\-add - Record destination for the Podman service
diff --git a/docs/source/markdown/podman-system-connection-default.1.md b/docs/source/markdown/podman-system-connection-default.1.md
index 49f165e81..574625cef 100644
--- a/docs/source/markdown/podman-system-connection-default.1.md
+++ b/docs/source/markdown/podman-system-connection-default.1.md
@@ -1,4 +1,4 @@
-% podman-system-connection-default(1)
+% podman-system-connection-default 1
 
 ## NAME
 podman\-system\-connection\-default - Set named destination as default for the Podman service
diff --git a/docs/source/markdown/podman-system-connection-list.1.md b/docs/source/markdown/podman-system-connection-list.1.md
index 23784a319..325c78a5c 100644
--- a/docs/source/markdown/podman-system-connection-list.1.md
+++ b/docs/source/markdown/podman-system-connection-list.1.md
@@ -1,4 +1,4 @@
-% podman-system-connection-list(1)
+% podman-system-connection-list 1
 
 ## NAME
 podman\-system\-connection\-list - List the destination for the Podman service(s)
diff --git a/docs/source/markdown/podman-system-connection-remove.1.md b/docs/source/markdown/podman-system-connection-remove.1.md
index 348b49876..45fede021 100644
--- a/docs/source/markdown/podman-system-connection-remove.1.md
+++ b/docs/source/markdown/podman-system-connection-remove.1.md
@@ -1,4 +1,4 @@
-% podman-system-connection-remove(1)
+% podman-system-connection-remove 1
 
 ## NAME
 podman\-system\-connection\-remove - Delete named destination
diff --git a/docs/source/markdown/podman-system-connection-rename.1.md b/docs/source/markdown/podman-system-connection-rename.1.md
index 5b5930738..ed10c1cd6 100644
--- a/docs/source/markdown/podman-system-connection-rename.1.md
+++ b/docs/source/markdown/podman-system-connection-rename.1.md
@@ -1,4 +1,4 @@
-% podman-system-connection-rename(1)
+% podman-system-connection-rename 1
 
 ## NAME
 podman\-system\-connection\-rename - Rename the destination for Podman service
diff --git a/docs/source/markdown/podman-system-connection.1.md b/docs/source/markdown/podman-system-connection.1.md
index df9d8d248..007fb0d22 100644
--- a/docs/source/markdown/podman-system-connection.1.md
+++ b/docs/source/markdown/podman-system-connection.1.md
@@ -1,4 +1,4 @@
-% podman-system-connection(1)
+% podman-system-connection 1
 
 ## NAME
 podman\-system\-connection - Manage the destination(s) for Podman service(s)
diff --git a/docs/source/markdown/podman-system-df.1.md b/docs/source/markdown/podman-system-df.1.md
index eb2c79b96..ac37d5e4d 100644
--- a/docs/source/markdown/podman-system-df.1.md
+++ b/docs/source/markdown/podman-system-df.1.md
@@ -1,4 +1,4 @@
-% podman-system-df(1)
+% podman-system-df 1
 
 ## NAME
 podman\-system\-df - Show podman disk usage
diff --git a/docs/source/markdown/podman-system-migrate.1.md b/docs/source/markdown/podman-system-migrate.1.md
index dbdd24132..2e9cf02e3 100644
--- a/docs/source/markdown/podman-system-migrate.1.md
+++ b/docs/source/markdown/podman-system-migrate.1.md
@@ -1,4 +1,4 @@
-% podman-system-migrate(1)
+% podman-system-migrate 1
 
 ## NAME
 podman\-system\-migrate - Migrate existing containers to a new podman version
diff --git a/docs/source/markdown/podman-system-prune.1.md b/docs/source/markdown/podman-system-prune.1.md
index c4c17fbe5..cb6603791 100644
--- a/docs/source/markdown/podman-system-prune.1.md
+++ b/docs/source/markdown/podman-system-prune.1.md
@@ -1,4 +1,4 @@
-% podman-system-prune(1)
+% podman-system-prune 1
 
 ## NAME
 podman\-system\-prune - Remove all unused pods, containers, images, networks, and volume data
diff --git a/docs/source/markdown/podman-system-renumber.1.md b/docs/source/markdown/podman-system-renumber.1.md
index 61e26242b..845fc2c53 100644
--- a/docs/source/markdown/podman-system-renumber.1.md
+++ b/docs/source/markdown/podman-system-renumber.1.md
@@ -1,4 +1,4 @@
-% podman-system-renumber(1)
+% podman-system-renumber 1
 
 ## NAME
 podman\-system\-renumber - Migrate lock numbers to handle a change in maximum number of locks
diff --git a/docs/source/markdown/podman-system-reset.1.md b/docs/source/markdown/podman-system-reset.1.md
index 11ce11d07..8eee416c7 100644
--- a/docs/source/markdown/podman-system-reset.1.md
+++ b/docs/source/markdown/podman-system-reset.1.md
@@ -1,4 +1,4 @@
-% podman-system-reset(1)
+% podman-system-reset 1
 
 ## NAME
 podman\-system\-reset - Reset storage back to initial state
@@ -37,6 +37,7 @@ WARNING! This will remove:
         - all networks
         - all build cache
         - all machines
+        - all volumes
 Are you sure you want to continue? [y/N] y
 ```
 
diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md
index 99fde8ce4..2ec48aeb4 100644
--- a/docs/source/markdown/podman-system-service.1.md
+++ b/docs/source/markdown/podman-system-service.1.md
@@ -1,4 +1,4 @@
-% podman-service(1)
+% podman-service 1
 
 ## NAME
 podman\-system\-service - Run an API service
@@ -8,7 +8,7 @@ podman\-system\-service - Run an API service
 
 ## DESCRIPTION
 The **podman system service** command creates a listening service that will answer API calls for Podman.  You may
-optionally provide an endpoint for the API in URI form.  For example, *unix:///tmp/foobar.sock* or *tcp:localhost:8080*.
+optionally provide an endpoint for the API in URI form.  For example, *unix:///tmp/foobar.sock* or *tcp://localhost:8080*.
 If no endpoint is provided, defaults will be used.  The default endpoint for a rootful
 service is *unix:///run/podman/podman.sock* and rootless is *unix://$XDG_RUNTIME_DIR/podman/podman.sock* (for
 example *unix:///run/user/1000/podman/podman.sock*)
diff --git a/docs/source/markdown/podman-system.1.md b/docs/source/markdown/podman-system.1.md
index 7469eb79d..0a9ef4f49 100644
--- a/docs/source/markdown/podman-system.1.md
+++ b/docs/source/markdown/podman-system.1.md
@@ -1,4 +1,4 @@
-% podman-system(1)
+% podman-system 1
 
 ## NAME
 podman\-system - Manage podman
diff --git a/docs/source/markdown/podman-tag.1.md b/docs/source/markdown/podman-tag.1.md
index 23dd3b60b..38ccfaec8 100644
--- a/docs/source/markdown/podman-tag.1.md
+++ b/docs/source/markdown/podman-tag.1.md
@@ -1,4 +1,4 @@
-% podman-tag(1)
+% podman-tag 1
 
 ## NAME
 podman\-tag - Add an additional name to a local image
diff --git a/docs/source/markdown/podman-top.1.md b/docs/source/markdown/podman-top.1.md
index 6b9433b89..ceefe84e9 100644
--- a/docs/source/markdown/podman-top.1.md
+++ b/docs/source/markdown/podman-top.1.md
@@ -1,4 +1,4 @@
-% podman-top(1)
+% podman-top 1
 
 ## NAME
 podman\-top - Display the running processes of a container
diff --git a/docs/source/markdown/podman-unmount.1.md b/docs/source/markdown/podman-unmount.1.md
index 3f45e8114..5493f3c1e 100644
--- a/docs/source/markdown/podman-unmount.1.md
+++ b/docs/source/markdown/podman-unmount.1.md
@@ -1,4 +1,4 @@
-% podman-unmount(1)
+% podman-unmount 1
 
 ## NAME
 podman\-unmount - Unmount a working container's root filesystem
diff --git a/docs/source/markdown/podman-unpause.1.md b/docs/source/markdown/podman-unpause.1.md.in
index b94ace89e..85852708a 100644
--- a/docs/source/markdown/podman-unpause.1.md
+++ b/docs/source/markdown/podman-unpause.1.md.in
@@ -1,4 +1,4 @@
-% podman-unpause(1)
+% podman-unpause 1
 
 ## NAME
 podman\-unpause - Unpause one or more containers
@@ -17,9 +17,7 @@ Unpauses the processes in one or more containers.  You may use container IDs or
 
 Unpause all paused containers.
 
-#### **--cidfile**
-
-Read container ID from the specified file and unpause the container.  Can be specified multiple times.
+@@option cidfile.read
 
 #### **--filter**, **-f**=*filter*
 
diff --git a/docs/source/markdown/podman-unshare.1.md b/docs/source/markdown/podman-unshare.1.md
index db1bc5387..a88e514d3 100644
--- a/docs/source/markdown/podman-unshare.1.md
+++ b/docs/source/markdown/podman-unshare.1.md
@@ -1,4 +1,4 @@
-% podman-unshare(1)
+% podman-unshare 1
 
 ## NAME
 podman\-unshare - Run a command inside of a modified user namespace
diff --git a/docs/source/markdown/podman-untag.1.md b/docs/source/markdown/podman-untag.1.md
index 0dd882a92..f9ea2b644 100644
--- a/docs/source/markdown/podman-untag.1.md
+++ b/docs/source/markdown/podman-untag.1.md
@@ -1,4 +1,4 @@
-% podman-untag(1)
+% podman-untag 1
 
 ## NAME
 podman\-untag - Removes one or more names from a locally-stored image
diff --git a/docs/source/markdown/podman-update.1.md.in b/docs/source/markdown/podman-update.1.md.in
new file mode 100644
index 000000000..49f356d25
--- /dev/null
+++ b/docs/source/markdown/podman-update.1.md.in
@@ -0,0 +1,78 @@
+% podman-update 1
+
+## NAME
+podman\-update - Updates the cgroup configuration of a given container
+
+## SYNOPSIS
+**podman update** [*options*] *container*
+
+**podman container update** [*options*] *container*
+
+## DESCRIPTION
+
+Updates the cgroup configuration of an already existing container. The currently supported options are a subset of the
+podman create/run resource limits options. These new options are non-persistent and only last for the current execution of the container; the configuration will be honored on its next run.
+This means that this command can only be executed on an already running container and the changes made will be erased the next time the container is stopped and restarted, this is to ensure immutability.
+This command takes one argument, a container name or ID, alongside the resource flags to modify the cgroup.
+
+## OPTIONS
+
+@@option blkio-weight
+
+@@option blkio-weight-device
+
+@@option cpu-period
+
+@@option cpu-quota
+
+@@option cpu-rt-period
+
+@@option cpu-rt-runtime
+
+@@option cpu-shares
+
+@@option cpus.container
+
+@@option cpuset-cpus
+
+@@option cpuset-mems
+
+@@option device-read-bps
+
+@@option device-read-iops
+
+@@option device-write-bps
+
+@@option device-write-iops
+
+@@option memory
+
+@@option memory-reservation
+
+@@option memory-swap
+
+@@option memory-swappiness
+
+
+## EXAMPLEs
+
+update a container with a new cpu quota and period
+```
+podman update --cpus=5 myCtr
+```
+
+update a container with all available options for cgroups v2
+```
+podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --blkio-weight-device /dev/zero:123 --blkio-weight 123 --device-read-bps /dev/zero:10mb --device-write-bps /dev/zero:10mb --device-read-iops /dev/zero:1000 --device-write-iops /dev/zero:1000 ctrID
+```
+
+update a container with all available options for cgroups v1
+```
+podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --memory-swappiness 50 ctrID
+```
+
+## SEE ALSO
+**[podman(1)](podman.1.md)**, **[podman-create(1)](podman-create.1.md)**, **[podman-run(1)](podman-run.1.md)**
+
+## HISTORY
+August 2022, Originally written by Charlie Doern <cdoern@redhat.com>
diff --git a/docs/source/markdown/podman-version.1.md b/docs/source/markdown/podman-version.1.md
index 94fa0fb21..93d4d54d5 100644
--- a/docs/source/markdown/podman-version.1.md
+++ b/docs/source/markdown/podman-version.1.md
@@ -1,4 +1,4 @@
-% podman-version(1)
+% podman-version 1
 
 ## NAME
 podman\-version - Display the Podman version information
@@ -16,6 +16,14 @@ OS, and Architecture.
 
 Change output format to "json" or a Go template.
 
+| **Placeholder**     | **Description**          |
+| ------------------- | ------------------------ |
+| .Client ...         | Version of local podman  |
+| .Server ...         | Version of remote podman |
+
+Each of the above fields branch deeper into further subfields
+such as .Version, .APIVersion, .GoVersion, and more.
+
 ## Example
 
 A sample output of the `version` command:
diff --git a/docs/source/markdown/podman-volume-create.1.md b/docs/source/markdown/podman-volume-create.1.md
index 65b788851..934488111 100644
--- a/docs/source/markdown/podman-volume-create.1.md
+++ b/docs/source/markdown/podman-volume-create.1.md
@@ -1,4 +1,4 @@
-% podman-volume-create(1)
+% podman-volume-create 1
 
 ## NAME
 podman\-volume\-create - Create a new volume
diff --git a/docs/source/markdown/podman-volume-exists.1.md b/docs/source/markdown/podman-volume-exists.1.md
index 28d42e987..37aa2b61a 100644
--- a/docs/source/markdown/podman-volume-exists.1.md
+++ b/docs/source/markdown/podman-volume-exists.1.md
@@ -1,4 +1,4 @@
-% podman-volume-exists(1)
+% podman-volume-exists 1
 
 ## NAME
 podman\-volume\-exists - Check if the given volume exists
diff --git a/docs/source/markdown/podman-volume-export.1.md b/docs/source/markdown/podman-volume-export.1.md
index 57b707ae5..8b2959036 100644
--- a/docs/source/markdown/podman-volume-export.1.md
+++ b/docs/source/markdown/podman-volume-export.1.md
@@ -1,4 +1,4 @@
-% podman-volume-export(1)
+% podman-volume-export 1
 
 ## NAME
 podman\-volume\-export - Exports volume to external tar
diff --git a/docs/source/markdown/podman-volume-import.1.md b/docs/source/markdown/podman-volume-import.1.md
index 4ae9ae1e2..a69ac991b 100644
--- a/docs/source/markdown/podman-volume-import.1.md
+++ b/docs/source/markdown/podman-volume-import.1.md
@@ -1,4 +1,4 @@
-% podman-volume-import(1)
+% podman-volume-import 1
 
 ## NAME
 podman\-volume\-import - Import tarball contents into an existing podman volume
@@ -9,6 +9,7 @@ podman\-volume\-import - Import tarball contents into an existing podman volume
 ## DESCRIPTION
 
 **podman volume import** imports the contents of a tarball into the podman volume's mount point.
+The contents of the volume will be merged with the content of the tarball with the latter taking precedence.
 **podman volume import** can consume piped input when using `-` as source path.
 
 The given volume must already exist and will not be created by podman volume import.
diff --git a/docs/source/markdown/podman-volume-inspect.1.md b/docs/source/markdown/podman-volume-inspect.1.md
index 9be0f9c2d..45c39c23a 100644
--- a/docs/source/markdown/podman-volume-inspect.1.md
+++ b/docs/source/markdown/podman-volume-inspect.1.md
@@ -1,4 +1,4 @@
-% podman-volume-inspect(1)
+% podman-volume-inspect 1
 
 ## NAME
 podman\-volume\-inspect - Get detailed information on one or more volumes
diff --git a/docs/source/markdown/podman-volume-ls.1.md b/docs/source/markdown/podman-volume-ls.1.md
index 86896b0a2..69e999251 100644
--- a/docs/source/markdown/podman-volume-ls.1.md
+++ b/docs/source/markdown/podman-volume-ls.1.md
@@ -1,4 +1,4 @@
-% podman-volume-ls(1)
+% podman-volume-ls 1
 
 ## NAME
 podman\-volume\-ls - List all the available volumes
diff --git a/docs/source/markdown/podman-volume-mount.1.md b/docs/source/markdown/podman-volume-mount.1.md
index a5f35a34d..2066ec19f 100644
--- a/docs/source/markdown/podman-volume-mount.1.md
+++ b/docs/source/markdown/podman-volume-mount.1.md
@@ -1,4 +1,4 @@
-% podman-volume-mount(1)
+% podman-volume-mount 1
 
 ## NAME
 podman\-volume\-mount - Mount a volume filesystem
diff --git a/docs/source/markdown/podman-volume-prune.1.md b/docs/source/markdown/podman-volume-prune.1.md
index 0127cc12a..ab0479b84 100644
--- a/docs/source/markdown/podman-volume-prune.1.md
+++ b/docs/source/markdown/podman-volume-prune.1.md
@@ -1,4 +1,4 @@
-% podman-volume-prune(1)
+% podman-volume-prune 1
 
 ## NAME
 podman\-volume\-prune - Remove all unused volumes
diff --git a/docs/source/markdown/podman-volume-reload.1.md b/docs/source/markdown/podman-volume-reload.1.md
index 5b9e9b9ac..4e2d97b91 100644
--- a/docs/source/markdown/podman-volume-reload.1.md
+++ b/docs/source/markdown/podman-volume-reload.1.md
@@ -1,4 +1,4 @@
-% podman-volume-reload(1)
+% podman-volume-reload 1
 
 ## NAME
 podman\-volume\-reload - Reload all volumes from volumes plugins
diff --git a/docs/source/markdown/podman-volume-rm.1.md b/docs/source/markdown/podman-volume-rm.1.md
index 8274eaaf3..744b322b1 100644
--- a/docs/source/markdown/podman-volume-rm.1.md
+++ b/docs/source/markdown/podman-volume-rm.1.md
@@ -1,4 +1,4 @@
-% podman-volume-rm(1)
+% podman-volume-rm 1
 
 ## NAME
 podman\-volume\-rm - Remove one or more volumes
diff --git a/docs/source/markdown/podman-volume-unmount.1.md b/docs/source/markdown/podman-volume-unmount.1.md
index c489af6c9..3c4634835 100644
--- a/docs/source/markdown/podman-volume-unmount.1.md
+++ b/docs/source/markdown/podman-volume-unmount.1.md
@@ -1,4 +1,4 @@
-% podman-volume-unmount(1)
+% podman-volume-unmount 1
 
 ## NAME
 podman\-volume\-unmount - Unmount a volume
diff --git a/docs/source/markdown/podman-volume.1.md b/docs/source/markdown/podman-volume.1.md
index a437590b3..3971b485d 100644
--- a/docs/source/markdown/podman-volume.1.md
+++ b/docs/source/markdown/podman-volume.1.md
@@ -1,4 +1,4 @@
-% podman-volume(1)
+% podman-volume 1
 
 ## NAME
 podman\-volume - Simple management tool for volumes
diff --git a/docs/source/markdown/podman-wait.1.md b/docs/source/markdown/podman-wait.1.md
index e307e4528..a6aadf28c 100644
--- a/docs/source/markdown/podman-wait.1.md
+++ b/docs/source/markdown/podman-wait.1.md
@@ -1,4 +1,4 @@
-% podman-wait(1)
+% podman-wait 1
 
 ## NAME
 podman\-wait - Wait on one or more containers to stop and print their exit codes
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index 4c019ae97..7a8dd7043 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -1,4 +1,4 @@
-% podman(1)
+% podman 1
 
 ## NAME
 podman - Simple management tool for pods, containers and images
@@ -43,8 +43,8 @@ Remote connections use local containers.conf for default.
 #### **--events-backend**=*type*
 
 Backend to use for storing events. Allowed values are **file**, **journald**, and
-**none**. When *file* is specified, the events are stored under a subdirectory
-of the *tmpdir* location (see **--tmpdir** below).
+**none**. When *file* is specified, the events are stored under
+`<tmpdir>/events/events.log` (see **--tmpdir** below).
 
 #### **--help**, **-h**
 
@@ -133,6 +133,12 @@ for cgroup V2, the default runtime is `crun`, the manpage to consult is `crun(8)
 Note: Do not pass the leading `--` to the flag. To pass the runc flag `--log-format json`
 to podman build, the option given would be `--runtime-flag log-format=json`.
 
+
+#### **--ssh**=*value*
+
+This option allows the user to change the ssh mode, meaning that rather than using the default **golang** mode, one can instead use **--ssh=native**
+to use the installed ssh binary and config file declared in containers.conf.
+
 #### **--storage-driver**=*value*
 
 Storage driver.  The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for non-root users when *fuse-overlayfs* is not available.  The `STORAGE_DRIVER` environment variable overrides the default.  The --storage-driver specified driver overrides all.
@@ -152,7 +158,7 @@ On remote clients, including Mac and Windows (excluding WSL2) machines, logging
 
 #### **--tmpdir**
 
-Path to the tmp directory, for libpod runtime content.
+Path to the tmp directory, for libpod runtime content. Defaults to `$XDG\_RUNTIME\_DIR/libpod/tmp` as rootless and `run/libpod/tmp` as rootful.
 
 NOTE --tmpdir is not used for the temporary storage of downloaded images.  Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
 
@@ -349,6 +355,7 @@ the exit codes follow the `chroot` standard, see below:
 | [podman-unpause(1)](podman-unpause.1.md)         | Unpause one or more containers.                                             |
 | [podman-unshare(1)](podman-unshare.1.md)         | Run a command inside of a modified user namespace.                          |
 | [podman-untag(1)](podman-untag.1.md)             | Removes one or more names from a locally-stored image.                      |
+| [podman-update(1)](podman-update.1.md)           | Updates the cgroup configuration of a given container.                      |
 | [podman-version(1)](podman-version.1.md)         | Display the Podman version information.                                     |
 | [podman-volume(1)](podman-volume.1.md)           | Simple management tool for volumes.                                         |
 | [podman-wait(1)](podman-wait.1.md)               | Wait on one or more containers to stop and print their exit codes.          |
diff --git a/docs/tutorials/README.md b/docs/tutorials/README.md
index 2cdb86fa0..69f55673d 100644
--- a/docs/tutorials/README.md
+++ b/docs/tutorials/README.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # Podman Tutorials
 
diff --git a/docs/tutorials/basic_networking.md b/docs/tutorials/basic_networking.md
index 05c3a731e..7ffc8bcd3 100644
--- a/docs/tutorials/basic_networking.md
+++ b/docs/tutorials/basic_networking.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 
 # Basic Networking Guide for Podman
diff --git a/docs/tutorials/image_signing.md b/docs/tutorials/image_signing.md
index 0d1d63de2..f17aa0620 100644
--- a/docs/tutorials/image_signing.md
+++ b/docs/tutorials/image_signing.md
@@ -173,7 +173,7 @@ Then a pull is not possible any more:
 ```bash
 sudo podman pull --tls-verify=false localhost:5000/alpine
 Trying to pull localhost:5000/alpine...
-Error: error pulling image "localhost:5000/alpine": unable to pull localhost:5000/alpine: unable to pull image: Source image rejected: Invalid GPG signature: …
+Error: pulling image "localhost:5000/alpine": unable to pull localhost:5000/alpine: unable to pull image: Source image rejected: Invalid GPG signature: …
 ```
 
 So in general there are four main things to be taken into consideration when
diff --git a/docs/tutorials/podman-derivative-api.md b/docs/tutorials/podman-derivative-api.md
index e38c2b13d..9de355883 100644
--- a/docs/tutorials/podman-derivative-api.md
+++ b/docs/tutorials/podman-derivative-api.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # How to use libpod for custom/derivative projects
 
diff --git a/docs/tutorials/podman-for-windows.md b/docs/tutorials/podman-for-windows.md
index 11d8ecd20..da1e0c059 100644
--- a/docs/tutorials/podman-for-windows.md
+++ b/docs/tutorials/podman-for-windows.md
@@ -1,4 +1,4 @@
-![](../../logo/podman-logo-source.svg)
+![](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 Podman for Windows
 ==================
diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md
index a371189e9..30594f2f9 100644
--- a/docs/tutorials/podman_tutorial.md
+++ b/docs/tutorials/podman_tutorial.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # Basic Setup and Use of Podman
 Podman is a utility provided as part of the libpod library.  It can be used to create and maintain
@@ -13,7 +13,7 @@ root escalation is required.
 
 ## Installing Podman
 
-For installing or building Podman, please see the [installation instructions](https://github.com/containers/podman/blob/main/install.md).
+For installing or building Podman, please see the [installation instructions](https://podman.io/getting-started/installation).
 
 ## Familiarizing yourself with Podman
 
diff --git a/docs/tutorials/podman_tutorial_cn.md b/docs/tutorials/podman_tutorial_cn.md
index 36e83e16f..be635d3be 100644
--- a/docs/tutorials/podman_tutorial_cn.md
+++ b/docs/tutorials/podman_tutorial_cn.md
@@ -1,6 +1,6 @@
 > - 译文出自：[掘金翻译计划](https://juejin.cn/translate)
 
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 Podman是由libpod库�供一个实用的程�，�以被用于创建和管�容器。
 
@@ -14,7 +14,7 @@ Podman是由libpod库æ��供一个实用的程åº�，å�¯ä»¥è¢«ç”¨äºŽåˆ›å»ºå’Œç®¡ç�
 
 ## 安装Podman
 
-安装或者编译 Podman ，请�照[安装说明](https://github.com/containers/podman/blob/main/install.md)。
+安装或者编译 Podman ，请�照[安装说明](https://podman.io/getting-started/installation)。
 
 ## 熟悉podman
 
diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md
index d9cf68a20..67434ed3c 100644
--- a/docs/tutorials/rootless_tutorial.md
+++ b/docs/tutorials/rootless_tutorial.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # Basic Setup and Use of Podman in a Rootless environment.
 
diff --git a/go.mod b/go.mod
index 91f21b8e0..2ec624d9e 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/containers/podman/v4
 
-go 1.16
+go 1.17
 
 require (
 	github.com/BurntSushi/toml v1.2.0
@@ -8,26 +8,25 @@ require (
 	github.com/buger/goterm v1.0.4
 	github.com/checkpoint-restore/checkpointctl v0.0.0-20220321135231-33f4a66335f0
 	github.com/checkpoint-restore/go-criu/v5 v5.3.0
-	github.com/container-orchestrated-devices/container-device-interface v0.4.0
+	github.com/container-orchestrated-devices/container-device-interface v0.5.1
 	github.com/containernetworking/cni v1.1.2
 	github.com/containernetworking/plugins v1.1.1
-	github.com/containers/buildah v1.26.1-0.20220716095526-d31d27c357ab
-	github.com/containers/common v0.48.1-0.20220720145307-26032247af78
+	github.com/containers/buildah v1.27.1-0.20220907121344-97a52b13bb27
+	github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7
 	github.com/containers/conmon v2.0.20+incompatible
-	github.com/containers/image/v5 v5.21.2-0.20220721072459-bf19265865b7
+	github.com/containers/image/v5 v5.22.1-0.20220907162003-651744379993
 	github.com/containers/ocicrypt v1.1.5
-	github.com/containers/psgo v1.7.2
-	github.com/containers/storage v1.41.1-0.20220718173332-b10c469fda0a
+	github.com/containers/psgo v1.7.3
+	github.com/containers/storage v1.42.1-0.20220911223137-e11b246de159
 	github.com/coreos/go-systemd/v22 v22.3.2
 	github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/digitalocean/go-qemu v0.0.0-20210326154740-ac9e0b687001
 	github.com/docker/distribution v2.8.1+incompatible
-	github.com/docker/docker v20.10.17+incompatible
+	github.com/docker/docker v20.10.18+incompatible
 	github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11
 	github.com/docker/go-plugins-helpers v0.0.0-20211224144127-6eecb7beb651
-	github.com/docker/go-units v0.4.0
-	github.com/dtylman/scp v0.0.0-20181017070807-f3000a34aef4
+	github.com/docker/go-units v0.5.0
 	github.com/fsnotify/fsnotify v1.5.4
 	github.com/ghodss/yaml v1.0.0
 	github.com/godbus/dbus/v5 v5.1.0
@@ -39,17 +38,18 @@ require (
 	github.com/gorilla/schema v1.2.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/json-iterator/go v1.1.12
-	github.com/mattn/go-isatty v0.0.14
+	github.com/mattn/go-isatty v0.0.16
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
 	github.com/nxadm/tail v1.4.8
 	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/gomega v1.19.0
+	github.com/onsi/gomega v1.20.2
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198
-	github.com/opencontainers/runc v1.1.3
+	github.com/opencontainers/runc v1.1.4
 	github.com/opencontainers/runtime-spec v1.0.3-0.20211214071223-8958f93039ab
 	github.com/opencontainers/runtime-tools v0.9.1-0.20220714195903-17b3287fafb7
 	github.com/opencontainers/selinux v1.10.1
+	github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
 	github.com/rootless-containers/rootlesskit v1.0.1
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
@@ -58,12 +58,11 @@ require (
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
 	github.com/uber/jaeger-client-go v2.30.0+incompatible
 	github.com/ulikunitz/xz v0.5.10
-	github.com/vbauerster/mpb/v7 v7.4.2
+	github.com/vbauerster/mpb/v7 v7.5.3
 	github.com/vishvananda/netlink v1.1.1-0.20220115184804-dd687eb2f2d4
 	go.etcd.io/bbolt v1.3.6
-	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
-	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
-	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+	golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2
 	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
 	golang.org/x/text v0.3.7
 	google.golang.org/protobuf v1.28.1
@@ -71,6 +70,81 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 )
 
-require github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 // indirect
+require (
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/Microsoft/hcsshim v0.9.4 // indirect
+	github.com/VividCortex/ewma v1.2.0 // indirect
+	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/chzyer/readline v1.5.1 // indirect
+	github.com/containerd/cgroups v1.0.4 // indirect
+	github.com/containerd/containerd v1.6.8 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.12.0 // indirect
+	github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a // indirect
+	github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/digitalocean/go-libvirt v0.0.0-20201209184759-e2a69bcd5bd1 // indirect
+	github.com/disiqueira/gotree/v3 v3.0.2 // indirect
+	github.com/docker/docker-credential-helpers v0.6.4 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/fsouza/go-dockerclient v1.8.3 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/go-containerregistry v0.11.0 // indirect
+	github.com/google/go-intervals v0.0.2 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/honeycombio/libhoney-go v1.15.8 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jinzhu/copier v0.3.5 // indirect
+	github.com/klauspost/compress v1.15.9 // indirect
+	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/kr/fs v0.1.0 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20220723181115-27de4befb95e // indirect
+	github.com/manifoldco/promptui v0.9.0 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/mattn/go-shellwords v1.0.12 // indirect
+	github.com/miekg/pkcs11 v1.1.1 // indirect
+	github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible // indirect
+	github.com/moby/sys/mount v0.3.3 // indirect
+	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pkg/sftp v1.13.5 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/proglottis/gpgme v0.1.3 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rogpeppe/go-internal v1.8.0 // indirect
+	github.com/seccomp/libseccomp-golang v0.10.0 // indirect
+	github.com/sigstore/sigstore v1.4.0 // indirect
+	github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
+	github.com/sylabs/sif/v2 v2.7.2 // indirect
+	github.com/tchap/go-patricia v2.3.0+incompatible // indirect
+	github.com/theupdateframework/go-tuf v0.4.0 // indirect
+	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
+	github.com/vbatts/tar-split v0.11.2 // indirect
+	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
+	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
+	golang.org/x/tools v0.1.12 // indirect
+	google.golang.org/genproto v0.0.0-20220720214146-176da50484ac // indirect
+	google.golang.org/grpc v1.48.0 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
 
 replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc
diff --git a/go.sum b/go.sum
index 440e91140..a49ffce50 100644
--- a/go.sum
+++ b/go.sum
@@ -34,6 +34,8 @@ cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2Z
 cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U=
 cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
 cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
+cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU=
+cloud.google.com/go v0.103.0/go.mod h1:vwLx1nqLrzLX/fpwSMOXmFIqBOyHsvHbnAdbGSJ+mKk=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -65,6 +67,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
+cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc=
 contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774 h1:SCbEWT58NSt7d2mcFdvxC9uyrdcTfvBbPLThhkDmXzg=
@@ -84,10 +87,12 @@ github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKn
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
 github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
+github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
 github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
+github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
@@ -101,7 +106,6 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -109,11 +113,13 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
+github.com/DataDog/zstd v1.5.0/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
@@ -140,8 +146,9 @@ github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwT
 github.com/Microsoft/hcsshim v0.8.22/go.mod h1:91uVCVzvX2QD16sMCenoxxXo6L1wJnLMX2PSufFMtF0=
 github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
 github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
 github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
+github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
+github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
 github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@@ -149,6 +156,7 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
 github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
+github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
@@ -178,6 +186,7 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
+github.com/armon/go-metrics v0.4.0/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
@@ -188,18 +197,32 @@ github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.44.44/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.76/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v1.16.5/go.mod h1:Wh7MEsmEApyL5hrWzpDkba4gwAPc5/piwLVLFnCxp48=
+github.com/aws/aws-sdk-go-v2 v1.16.11/go.mod h1:WTACcleLz6VZTp7fak4EO5b9Q4foxbn+8PIz3PmyKlo=
 github.com/aws/aws-sdk-go-v2/config v1.15.11/go.mod h1:mD5tNFciV7YHNjPpFYqJ6KGpoSfY107oZULvTHIxtbI=
+github.com/aws/aws-sdk-go-v2/config v1.17.0/go.mod h1:4SKzBMiB8lV0fw2w7eDBo/LjQyHFITN4vUUuqpurFmI=
 github.com/aws/aws-sdk-go-v2/credentials v1.12.6/go.mod h1:mQgnRmBPF2S/M01W4T4Obp3ZaZB6o1s/R8cOUda9vtI=
+github.com/aws/aws-sdk-go-v2/credentials v1.12.13/go.mod h1:9fDEemXizwXrxPU1MTzv69LP/9D8HVl5qHAQO9A9ikY=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.6/go.mod h1:ClLMcuQA/wcHPmOIfNzNI4Y1Q0oDbmEkbYhMFOzHDh8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.12/go.mod h1:aZ4vZnyUuxedC7eD4JyEHpGnCz+O2sHQEx3VvAwklSE=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.12/go.mod h1:Afj/U8svX6sJ77Q+FPWMzabJ9QjbwP32YlopgKALUpg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.18/go.mod h1:348MLhzV1GSlZSMusdwQpXKbhD7X2gbI/TxwAPKkYZQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.6/go.mod h1:FwpAKI+FBPIELJIdmQzlLtRe8LQSOreMcM2wBsPMvvc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.12/go.mod h1:ckaCVTEdGAxO6KwTGzgskxR1xM+iJW4lxMyDFVda2Fc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.13/go.mod h1:hiM/y1XPp3DoEPhoVEYc/CZcS58dP6RKJRDFp99wdX0=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.19/go.mod h1:cVHo8KTuHjShb9V8/VjH3S/8+xPu16qx8fdGwmotJhE=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.6/go.mod h1:DxAPjquoEHf3rUHh1b9+47RAaXB8/7cB6jkzCt/GOEI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.12/go.mod h1:1TODGhheLWjpQWSuhYuAUWYTCKwEjx2iblIFKDHjeTc=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.3/go.mod h1:EKkrWWXwWYf8x3Nrm6Oix3zZP9NRBHqxw5buFGVBHA0=
+github.com/aws/aws-sdk-go-v2/service/kms v1.18.4/go.mod h1:WG8HUJKtDqXJM3+CNZeN+2wvdcJb5vprKo01fr1KQW4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.9/go.mod h1:UqRD9bBt15P0ofRyDZX6CfsIqPpzeHOhZKWzgSuAzpo=
+github.com/aws/aws-sdk-go-v2/service/sso v1.11.16/go.mod h1:mS5xqLZc/6kc06IpXn5vRxdLaED+jEuaSRv5BxtnsiY=
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.7/go.mod h1:lVxTdiiSHY3jb1aeg+BBFtDzZGSUCv6qaNOyEGCJ1AY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.16.13/go.mod h1:Ru3QVMLygVs/07UQ3YDur1AQZZp2tUNje8wfloFttC0=
 github.com/aws/smithy-go v1.11.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.12.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/beeker1121/goque v1.0.3-0.20191103205551-d618510128af/go.mod h1:84CWnaDz4g1tEVnFLnuBigmGK15oPohy0RfvSN8d4eg=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -232,6 +255,7 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8n
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
 github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
+github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
@@ -251,12 +275,15 @@ github.com/checkpoint-restore/checkpointctl v0.0.0-20220321135231-33f4a66335f0/g
 github.com/checkpoint-restore/go-criu/v5 v5.2.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0 h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
+github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
+github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
+github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI=
+github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
+github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
 github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
 github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
@@ -266,6 +293,7 @@ github.com/cilium/ebpf v0.9.0/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnx
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -281,8 +309,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h
 github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
-github.com/container-orchestrated-devices/container-device-interface v0.4.0 h1:b/mROkfDr1W8fJ25T66iVheHFnWixgyxTOSbO8i7jp4=
-github.com/container-orchestrated-devices/container-device-interface v0.4.0/go.mod h1:E1zcucIkq9P3eyNmY+68dBQsTcsXJh9cgRo2IVNScKQ=
+github.com/container-orchestrated-devices/container-device-interface v0.5.1 h1:nXIUTrlEgGcA/n2geY3J7yyaGGhkocSlMkKPS4Qp4c0=
+github.com/container-orchestrated-devices/container-device-interface v0.5.1/go.mod h1:ZToWfSyUH5l9Rk7/bjkUUkNLz4b1mE+CVUVafuikDPY=
 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
 github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
 github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
@@ -297,8 +325,9 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S
 github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
 github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
 github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
 github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
+github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA=
+github.com/containerd/cgroups v1.0.4/go.mod h1:nLNQtsF7Sl2HxNebu77i1R0oDlhiTG+kO4JTrUzo6IA=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
@@ -323,8 +352,9 @@ github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0
 github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
 github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
 github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
-github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
 github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
+github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=
+github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -361,7 +391,6 @@ github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oM
 github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
 github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
 github.com/containerd/stargz-snapshotter/estargz v0.9.0/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
-github.com/containerd/stargz-snapshotter/estargz v0.10.1/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
 github.com/containerd/stargz-snapshotter/estargz v0.11.4/go.mod h1:7vRJIcImfY8bpifnMjt+HTJoQxASq7T28MYbP15/Nf0=
 github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
 github.com/containerd/stargz-snapshotter/estargz v0.12.0/go.mod h1:AIQ59TewBFJ4GOPEQXujcrJ/EKxh5xXZegW1rkR1P/M=
@@ -392,17 +421,16 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
 github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
 github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNGz0C1d3wVYlHE=
 github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
-github.com/containers/buildah v1.26.1-0.20220716095526-d31d27c357ab h1:NeI0DOkTf3Tn4OpdjMhMubAfTPs2oCO5jUY5wnpv4qk=
-github.com/containers/buildah v1.26.1-0.20220716095526-d31d27c357ab/go.mod h1:iVtQtU6a+pbETBqIzg0oAWW3gTR1ItrAihJpLFFppmA=
-github.com/containers/common v0.48.1-0.20220715075726-2ac10faca05a/go.mod h1:1dA7JPGoSi83kjf5H4NIrGANyLOULyvFqV1bwvYFEek=
-github.com/containers/common v0.48.1-0.20220720145307-26032247af78 h1:Z25E8uA264l7dgk0h+1pfV5Y3ZhrFY/0eR6BUQ5BwkY=
-github.com/containers/common v0.48.1-0.20220720145307-26032247af78/go.mod h1:w9q2iCLu6pIB9qu0S9oZWM2Qo4lOWrIdDB+2SjLljqA=
+github.com/containers/buildah v1.27.1-0.20220907121344-97a52b13bb27 h1:LRgKJ/JUd6iTocPg/q7oMZ9ilnbew50JXClXgiEoR9Q=
+github.com/containers/buildah v1.27.1-0.20220907121344-97a52b13bb27/go.mod h1:0iWhIkE70dkoVuwpmZy5/DXpBdI3C23iYmBQccTDWMU=
+github.com/containers/common v0.49.1/go.mod h1:ueM5hT0itKqCQvVJDs+EtjornAQtrHYxQJzP2gxeGIg=
+github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7 h1:iSrqOya92AllZSA7y64Aamfcr4iOxgf4iatc9uFeL0U=
+github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7/go.mod h1:HaPvle8BvLTyjtY9B4HJoNCl60DpHwCDLA2FsZTWaak=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
-github.com/containers/image/v5 v5.21.2-0.20220712113758-29aec5f7bbbf/go.mod h1:0+N0ZM9mgMmoZZc6uNcgnEsbX85Ne7b29cIW5lqWwVU=
-github.com/containers/image/v5 v5.21.2-0.20220714132403-2bb3f3e44c5c/go.mod h1:ykVAVRj4DhQNMHZDVU+KCtXjWBKpqiUe669eF0WBEEc=
-github.com/containers/image/v5 v5.21.2-0.20220721072459-bf19265865b7 h1:ORdlKVGjzQY3x/5A9O9poemoguCj9BW3lSKofTdvTv4=
-github.com/containers/image/v5 v5.21.2-0.20220721072459-bf19265865b7/go.mod h1:Nl5bQr7zq+fXbYyGtv9ObVMkOkOD32xMyxMfnIueCKg=
+github.com/containers/image/v5 v5.22.0/go.mod h1:D8Ksv2RNB8qLJ7xe1P3rgJJOSQpahA6amv2Ax++/YO4=
+github.com/containers/image/v5 v5.22.1-0.20220907162003-651744379993 h1:Dsga+pCSq+2JwIaHaxilCWrLpzSQIbBdovTCHb8zPag=
+github.com/containers/image/v5 v5.22.1-0.20220907162003-651744379993/go.mod h1:/Ruurd87C6Ap45t1PWNOD8+SGwiZbk79XCgs1iUTvYA=
 github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU=
 github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
@@ -412,15 +440,13 @@ github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B
 github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g=
 github.com/containers/ocicrypt v1.1.5 h1:UO+gBnBXvMvC7HTXLh0bPgLslfW8HlY+oxYcoSHBcZQ=
 github.com/containers/ocicrypt v1.1.5/go.mod h1:WgjxPWdTJMqYMjf3M6cuIFFA1/MpyyhIM99YInA+Rvc=
-github.com/containers/psgo v1.7.2 h1:WbCvsY9w+nCv3j4der0mbD3PSRUv/W8l+G0YrZrdSDc=
-github.com/containers/psgo v1.7.2/go.mod h1:SLpqxsPOHtTqRygjutCPXmeU2PoEFzV3gzJplN4BMx0=
+github.com/containers/psgo v1.7.3 h1:KTNurTMXpZjDJHWmlieVO7k7jgKJ4CR/HpPeSaAKtgc=
+github.com/containers/psgo v1.7.3/go.mod h1:PfaNzzHmMb8M9/blPgyD4BB3ZEj/0ApZIxN6nNtA+t4=
 github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
-github.com/containers/storage v1.38.0/go.mod h1:lBzt28gAk5ADZuRtwdndRJyqX22vnRaXmlF+7ktfMYc=
-github.com/containers/storage v1.41.0/go.mod h1:Pb0l5Sm/89kolX3o2KolKQ5cCHk5vPNpJrhNaLcdS5s=
-github.com/containers/storage v1.41.1-0.20220712184034-d26be7b27860/go.mod h1:uu6HCcijN30xRxW1ZuZRngwFGOlH5NpBWYiNBnDQNRw=
-github.com/containers/storage v1.41.1-0.20220714115232-fc9b0ff5272a/go.mod h1:4DfR+cPpkXKhJnnyydD3z82DXrnTBT63y1k0QWtM2i4=
-github.com/containers/storage v1.41.1-0.20220718173332-b10c469fda0a h1:+2n/MLjSlLQwxcROpJLAOvN86SvOMB5IxOahq4iitok=
-github.com/containers/storage v1.41.1-0.20220718173332-b10c469fda0a/go.mod h1:jfYNR16uI3eCaWU2Bdn9sHgET7W8JB0OPiswQamG1Cs=
+github.com/containers/storage v1.42.0/go.mod h1:JiUJwOgOo1dr2DdOUc1MRe2GCAXABYoYmOdPF8yvH78=
+github.com/containers/storage v1.42.1-0.20220907083030-5aff7f62e8d0/go.mod h1:nj2fW3rgwkr6toBVFzv5OqUYs1kowX+AMiPjgv2UXN0=
+github.com/containers/storage v1.42.1-0.20220911223137-e11b246de159 h1:euFlaTBhuBLuUUQK4wGXjruNUh24ZbdQLREvLz15r9o=
+github.com/containers/storage v1.42.1-0.20220911223137-e11b246de159/go.mod h1:nj2fW3rgwkr6toBVFzv5OqUYs1kowX+AMiPjgv2UXN0=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -483,6 +509,7 @@ github.com/disiqueira/gotree/v3 v3.0.2/go.mod h1:ZuyjE4+mUQZlbpkI24AmruZKhg3VHEg
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v20.10.16+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
@@ -491,8 +518,9 @@ github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc
 github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.16+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
 github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfemfitN7pbsp26WSc=
+github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
@@ -502,24 +530,21 @@ github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11/go.mod h1:
 github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
 github.com/docker/go-plugins-helpers v0.0.0-20211224144127-6eecb7beb651 h1:YcvzLmdrP/b8kLAGJ8GT7bdncgCAiWxJZIlt84D+RJg=
 github.com/docker/go-plugins-helpers v0.0.0-20211224144127-6eecb7beb651/go.mod h1:LFyLie6XcDbyKGeVK6bHe+9aJTYCxWLBg5IrJZOaXKA=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 h1:moehPjPiGUaWdwgOl92xRyFHJyaqXDHcCyW9M6nmCK4=
-github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dtylman/scp v0.0.0-20181017070807-f3000a34aef4 h1:Tc//0LMiRsUsOIu4S+HFKleax9X1+3SRKo+36ldZX0c=
-github.com/dtylman/scp v0.0.0-20181017070807-f3000a34aef4/go.mod h1:jN1ZaUPSNA8jm10nmaRLky84qV/iCeiHmcEf3EbP+dc=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/eggsampler/acme/v3 v3.2.1/go.mod h1:/qh0rKC/Dh7Jj+p4So7DbWmFNzC4dpcpK53r226Fhuo=
+github.com/eggsampler/acme/v3 v3.3.0/go.mod h1:/qh0rKC/Dh7Jj+p4So7DbWmFNzC4dpcpK53r226Fhuo=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
@@ -556,8 +581,9 @@ github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGE
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
-github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz5Co8TFO8EupIdlcpwShBmY98dkT2xeHkvEI=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -571,8 +597,8 @@ github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/fsouza/go-dockerclient v1.7.7/go.mod h1:njNCXvoZj3sLPjf3yO0DPHf1mdLdCPDYPc14GskKA4Y=
-github.com/fsouza/go-dockerclient v1.8.1 h1:a27vHYqNSZz88nUAurI1o6W5PgEt63nAWilOI+j63RE=
-github.com/fsouza/go-dockerclient v1.8.1/go.mod h1:zmA2ogSxRnXmbZcy0Aq7yhRoCdP/bDns/qghCK9SWtM=
+github.com/fsouza/go-dockerclient v1.8.3 h1:ckb6sG98D607PNQo012YEhQ8hvuRHx7RISIJM5tjkQM=
+github.com/fsouza/go-dockerclient v1.8.3/go.mod h1:oenNB8JjNKY4o8I/sug4Qah9si/7OxH4MjL+u7oBxP8=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
 github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
 github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
@@ -583,6 +609,7 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.7.1/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
+github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U=
 github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -593,10 +620,12 @@ github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3I
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
@@ -627,7 +656,9 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis/v8 v8.11.4/go.mod h1:2Z2wHZXdQpCDXEGzqMockDpNyYvi2l4Pxt6RJr792+w=
+github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
 github.com/go-rod/rod v0.107.3/go.mod h1:4SqYRUrcc4dSr9iT36YRZ4hdUAPg3A0O8RhxAMh0eCQ=
+github.com/go-rod/rod v0.109.1/go.mod h1:GZDtmEs6RpF6kBRYpGCZXxXlKNneKVPiKOjaMbmVVjE=
 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
@@ -651,27 +682,45 @@ github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2
 github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobuffalo/attrs v0.1.0/go.mod h1:fmNpaWyHM0tRm8gCZWKx8yY9fvaNLo2PyzBNSrBZ5Hw=
+github.com/gobuffalo/attrs v1.0.1/go.mod h1:qGdnq2RukKtBl4ASJit0OFckc5XGSyTFk98SvRpMFrQ=
 github.com/gobuffalo/envy v1.8.1/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
 github.com/gobuffalo/envy v1.9.0/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
+github.com/gobuffalo/envy v1.10.1/go.mod h1:AWx4++KnNOW3JOeEvhSaq+mvgAvnMYOY1XSIin4Mago=
 github.com/gobuffalo/fizz v1.10.0/go.mod h1:J2XGPO0AfJ1zKw7+2BA+6FEGAkyEsdCOLvN93WCT2WI=
+github.com/gobuffalo/fizz v1.14.0/go.mod h1:0aF1kAZYCfKqbLM/lmZ3jXFyqqWE/kY/nIOKnNdAYXQ=
 github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
 github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
 github.com/gobuffalo/flect v0.2.1/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
+github.com/gobuffalo/flect v0.2.4/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8=
+github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8=
 github.com/gobuffalo/genny/v2 v2.0.5/go.mod h1:kRkJuAw9mdI37AiEYjV4Dl+TgkBDYf8HZVjLkqe5eBg=
+github.com/gobuffalo/genny/v2 v2.0.8/go.mod h1:R45scCyQfff2HysNJHNanjrpvPw4Qu+rM1MOMDBB5oU=
+github.com/gobuffalo/genny/v2 v2.0.9/go.mod h1:R45scCyQfff2HysNJHNanjrpvPw4Qu+rM1MOMDBB5oU=
 github.com/gobuffalo/github_flavored_markdown v1.1.0/go.mod h1:TSpTKWcRTI0+v7W3x8dkSKMLJSUpuVitlptCkpeY8ic=
+github.com/gobuffalo/github_flavored_markdown v1.1.1/go.mod h1:yU32Pen+eorS58oxh/bNZx76zUOCJwmvyV5FBrvzOKQ=
 github.com/gobuffalo/helpers v0.6.0/go.mod h1:pncVrer7x/KRvnL5aJABLAuT/RhKRR9klL6dkUOhyv8=
 github.com/gobuffalo/helpers v0.6.1/go.mod h1:wInbDi0vTJKZBviURTLRMFLE4+nF2uRuuL2fnlYo7w4=
+github.com/gobuffalo/helpers v0.6.4/go.mod h1:m2aOKsTl3KB0RUwwpxf3tykaaitujQ3irivqrlNAcJ0=
 github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM=
+github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
 github.com/gobuffalo/nulls v0.2.0/go.mod h1:w4q8RoSCEt87Q0K0sRIZWYeIxkxog5mh3eN3C/n+dUc=
+github.com/gobuffalo/nulls v0.4.1/go.mod h1:pp8e1hWTRJZFpMl4fj/CVbSMlaxjeGKkFq4RuBZi3w8=
 github.com/gobuffalo/packd v0.3.0/go.mod h1:zC7QkmNkYVGKPw4tHpBQ+ml7W/3tIebgeo1b36chA3Q=
 github.com/gobuffalo/packd v1.0.0/go.mod h1:6VTc4htmJRFB7u1m/4LeMTWjFoYrUiBkU9Fdec9hrhI=
+github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY=
 github.com/gobuffalo/packr/v2 v2.8.0/go.mod h1:PDk2k3vGevNE3SwVyVRgQCCXETC9SaONCNSXT1Q8M1g=
 github.com/gobuffalo/plush/v4 v4.0.0/go.mod h1:ErFS3UxKqEb8fpFJT7lYErfN/Nw6vHGiDMTjxpk5bQ0=
+github.com/gobuffalo/plush/v4 v4.1.9/go.mod h1:9OOII9uAM5pZnhWu1OkQnboXJjaWMQ7kcTl3zNcxvTM=
+github.com/gobuffalo/plush/v4 v4.1.11/go.mod h1:9OOII9uAM5pZnhWu1OkQnboXJjaWMQ7kcTl3zNcxvTM=
 github.com/gobuffalo/pop/v5 v5.3.1/go.mod h1:vcEDhh6cJ3WVENqJDFt/6z7zNb7lLnlN8vj3n5G9rYA=
+github.com/gobuffalo/pop/v6 v6.0.0/go.mod h1:5rd3OnViLhjteR8+0i/mT9Q4CzkTzCoR7tm/9mmAic4=
+github.com/gobuffalo/pop/v6 v6.0.4/go.mod h1:dFcrMNPOwk+sl1Oa0lOb/jGbmjv+JV+5CZjMWNYR3KI=
 github.com/gobuffalo/tags/v3 v3.0.2/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA=
 github.com/gobuffalo/tags/v3 v3.1.0/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA=
+github.com/gobuffalo/tags/v3 v3.1.2/go.mod h1:o3ldUfKv50jxWAC8eZHXMm8dnKW3YvyZUMr0xqUcZTI=
 github.com/gobuffalo/validate/v3 v3.0.0/go.mod h1:HFpjq+AIiA2RHoQnQVTFKF/ZpUPXwyw82LgyDPxQ9r0=
 github.com/gobuffalo/validate/v3 v3.1.0/go.mod h1:HFpjq+AIiA2RHoQnQVTFKF/ZpUPXwyw82LgyDPxQ9r0=
+github.com/gobuffalo/validate/v3 v3.3.1/go.mod h1:Ehu8ieNJQuUM4peDDr/0VapzdGA7RgTc3wbe51vHfS0=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
@@ -684,6 +733,9 @@ github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -693,8 +745,10 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -766,8 +820,9 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/go-containerregistry v0.10.0 h1:qd/fv2nQajGZJenaNcdaghlwSPjQ0NphN9hzArr2WWg=
 github.com/google/go-containerregistry v0.10.0/go.mod h1:C7uwbB1QUAtvnknyd3ethxJRd4gtEjU/9WLXzckfI1Y=
+github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
+github.com/google/go-containerregistry v0.11.0/go.mod h1:BBaYtsHPHA42uEgAvd/NejvAfPSlz281sJWqupjSxfk=
 github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM=
 github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -823,6 +878,7 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORR
 github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
 github.com/gordonklaus/ineffassign v0.0.0-20210225214923-2e10b2664254/go.mod h1:M9mZEtGIsR1oDaZagNPNG9iq9n2HrhZ17dsXk73V3Lw=
 github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75/go.mod h1:g2644b03hfBX9Ov0ZBDgXXens4rxSxmqFBbhvKv2yVA=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
 github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
@@ -875,6 +931,7 @@ github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39
 github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.1.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g=
@@ -885,9 +942,11 @@ github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
@@ -905,9 +964,11 @@ github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdv
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -922,12 +983,16 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M=
 github.com/hashicorp/vault/sdk v0.5.1/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
+github.com/hashicorp/vault/sdk v0.5.3/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
-github.com/honeycombio/beeline-go v1.1.1 h1:sU8r4ae34uEL3/CguSl8Mr+Asz9DL1nfH9Wwk85Pc7U=
+github.com/hashicorp/yamux v0.1.0/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/honeycombio/beeline-go v1.1.1/go.mod h1:kN0cfUGBMfA87DyCYbiiLoSzWsnw3bluZvNEWtatHxk=
-github.com/honeycombio/libhoney-go v1.15.2 h1:5NGcjOxZZma13dmzNcl3OtGbF1hECA0XHJNHEb2t2ck=
+github.com/honeycombio/beeline-go v1.9.0 h1:MM/20HBFE2AKno0N9bOgEicSHHiTkTklGdtjdtAEWbk=
+github.com/honeycombio/beeline-go v1.9.0/go.mod h1:/8gmL2gGFbAnIhfldNUj26AFi7+JTdjtTfIujJww6yI=
 github.com/honeycombio/libhoney-go v1.15.2/go.mod h1:JzhRPYgoBCd0rZvudrqmej4Ntx0w7AT3wAJpf5+t1WA=
+github.com/honeycombio/libhoney-go v1.15.8 h1:TECEltZ48K6J4NG1JVYqmi0vCJNnHYooFor83fgKesA=
+github.com/honeycombio/libhoney-go v1.15.8/go.mod h1:+tnL2etFnJmVx30yqmoUkVyQjp7uRJw0a2QGu48lSyY=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
@@ -956,8 +1021,16 @@ github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW
 github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
 github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
 github.com/jackc/pgconn v1.6.0/go.mod h1:yeseQo4xhQbgyJs2c87RAXOH2i624N0Fh1KSPJya7qo=
+github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o=
+github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
+github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
+github.com/jackc/pgconn v1.10.0/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
+github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
+github.com/jackc/pgconn v1.12.1/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono=
 github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
 github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
+github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c=
+github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
 github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
@@ -966,23 +1039,41 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW
 github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
 github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
 github.com/jackc/pgproto3/v2 v2.0.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.3.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
 github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
+github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
 github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
 github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
 github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
 github.com/jackc/pgtype v1.3.0/go.mod h1:b0JqxHvPmljG+HQ5IsvQ0yqeSi4nGcDTVjFoiLDb0Ik=
+github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM=
+github.com/jackc/pgtype v1.8.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
+github.com/jackc/pgtype v1.11.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
 github.com/jackc/pgx v3.6.2+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
 github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
 github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
 github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
 github.com/jackc/pgx/v4 v4.6.0/go.mod h1:vPh43ZzxijXUVJ+t/EmXBtFmbFVO72cuneCT9oAlxAg=
+github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
+github.com/jackc/pgx/v4 v4.13.0/go.mod h1:9P4X524sErlaxj0XSGZk7s+LD0eOyu1ZDUrrpznYDF0=
+github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ=
 github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.2.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jellydator/ttlcache/v2 v2.11.1/go.mod h1:RtE5Snf0/57e+2cLWFYWCCsLas2Hy3c5Z4n14XmSvTI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
+github.com/jhump/gopoet v0.0.0-20190322174617-17282ff210b3/go.mod h1:me9yfT6IJSlOL3FCfrg+L6yzUEZ+5jW6WHt4Sk+UPUI=
+github.com/jhump/gopoet v0.1.0/go.mod h1:me9yfT6IJSlOL3FCfrg+L6yzUEZ+5jW6WHt4Sk+UPUI=
+github.com/jhump/goprotoc v0.5.0/go.mod h1:VrbvcYrQOrTi3i0Vf+m+oqQWk9l72mjkJCYo7UvLHRQ=
 github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
 github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4=
+github.com/jhump/protoreflect v1.11.0/go.mod h1:U7aMIjN0NWq9swDP7xDdoMfRHb35uiuTd3Z9nFXJf5E=
+github.com/jhump/protoreflect v1.12.0/go.mod h1:JytZfP5d0r8pVNLZvai7U/MCuTWITgrI4tTg7puQFKI=
 github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
@@ -996,8 +1087,10 @@ github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLm
 github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo=
 github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
 github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
+github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
@@ -1037,17 +1130,18 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY
 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.14.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.15.8 h1:JahtItbkWjf2jzm/T+qgMxkP9EMHsqEUA6vCMGmXvhA=
 github.com/klauspost/compress v1.15.8/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
+github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
+github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -1066,12 +1160,15 @@ github.com/kunwardeep/paralleltest v1.0.3/go.mod h1:vLydzomDFpk7yu5UX02RmP0H8QfR
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/kyoh86/exportloopref v0.1.8/go.mod h1:1tUcJeiioIs7VWe5gcOObrux3lb66+sBqGZrRkMwPgg=
 github.com/labstack/echo/v4 v4.3.0/go.mod h1:PvmtTvhVqKDzDQy4d3bWzPjZLzom4iQbAZy2sgZ/qI8=
+github.com/labstack/echo/v4 v4.7.2/go.mod h1:xkCDAdFCIf8jsFQ5NnbK7oqaF/yU1A1X20Ltm0OvSks=
 github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
+github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
 github.com/ldez/gomoddirectives v0.2.2/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0=
 github.com/ldez/tagliatelle v0.2.0/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
-github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e h1:1aV3EJ4ZMsc63MFU4rB+ccSEhZvvVD71T9RA4Rqd3hI=
 github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e/go.mod h1:Bl3mfF2LHYepsU2XfzMceIglyByfPe1IFAXtO+p37Qk=
+github.com/letsencrypt/boulder v0.0.0-20220723181115-27de4befb95e h1:2ba+yBBeT8ZFyZjRLPDKvkqVrWX4CCYAuR6nuJGojD0=
+github.com/letsencrypt/boulder v0.0.0-20220723181115-27de4befb95e/go.mod h1:54WQpg5QI0mpRhxoj9bxysLqA5WJylVsLtXOrb3zAiU=
 github.com/letsencrypt/challtestsrv v1.2.1/go.mod h1:Ur4e4FvELUXLGhkMztHOsPIsvGxD/kzSJninOrkM+zc=
 github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -1080,7 +1177,10 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
 github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
@@ -1120,8 +1220,9 @@ github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2y
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
@@ -1135,6 +1236,7 @@ github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lL
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -1152,11 +1254,13 @@ github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZ
 github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
 github.com/mgechev/revive v1.1.2/go.mod h1:bnXsMr+ZTH09V5rssEI+jHAZ4z+ZdyhgO/zsy3EhK+0=
 github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
+github.com/microcosm-cc/bluemonday v1.0.16/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
 github.com/miekg/dns v1.1.45/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
@@ -1262,8 +1366,9 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
 github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU=
+github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
+github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk=
 github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -1277,8 +1382,11 @@ github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+t
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
-github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
+github.com/onsi/gomega v1.20.0/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
+github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
+github.com/onsi/gomega v1.20.2 h1:8uQq0zMgLEfa0vRrrBgaJF2gyW9Da9BmfGV+OyUzfkY=
+github.com/onsi/gomega v1.20.2/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -1306,7 +1414,6 @@ github.com/opencontainers/runtime-spec v1.0.3-0.20211214071223-8958f93039ab h1:Y
 github.com/opencontainers/runtime-spec v1.0.3-0.20211214071223-8958f93039ab/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/opencontainers/runtime-tools v0.0.0-20190417131837-cd1349b7c47e/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/opencontainers/runtime-tools v0.9.1-0.20220714195903-17b3287fafb7 h1:Rf+QsQGxrYCia8mVyOPnoQZ+vJkZGL+ESWBDUM5s9cQ=
 github.com/opencontainers/runtime-tools v0.9.1-0.20220714195903-17b3287fafb7/go.mod h1:/tgP02fPXGHkU3/qKK1Y0Db4yqNyGm03vLq/mzHzcS4=
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
@@ -1339,12 +1446,15 @@ github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7
 github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
+github.com/pkg/sftp v1.13.5 h1:a3RLUqkyjYRtBTZJZ1VRrKbN3zhuPLlUc3sphVz81go=
+github.com/pkg/sftp v1.13.5/go.mod h1:wHDZ0IZX6JcBYRK1TH9bcVq8G7TLpVHYIGJRFnmPfxg=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -1364,8 +1474,9 @@ github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
+github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -1381,8 +1492,9 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -1415,8 +1527,9 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.6.2 h1:aIihoIOHCiLZHxyoNQ+ABL4NKhFTgKLBdMLyEAh98m0=
 github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rootless-containers/rootlesskit v1.0.1 h1:jepqW1txFSowKSMAEkVhWH3Oa1TCY9S400MVYe/6Iro=
 github.com/rootless-containers/rootlesskit v1.0.1/go.mod h1:t2UAiYagxrJ+wmpFAUIZPcqsm4k2B7ve6g7lILKbloc=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
@@ -1455,11 +1568,13 @@ github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNX
 github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs=
 github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sigstore/sigstore v1.3.1-0.20220629021053-b95fc0d626c1 h1:5TPCWtlOsaCiuAaglfZX7obd+/kuE8lGUhsVQzmQSaI=
 github.com/sigstore/sigstore v1.3.1-0.20220629021053-b95fc0d626c1/go.mod h1:y83NePRM98MJpbGgBgi54UZduhG0aD7lYngAVCx+i/E=
+github.com/sigstore/sigstore v1.4.0 h1:5A3eUhbSQkhiqJNUPi/2UMKdTyb3NKfWcVjaTBkkaJk=
+github.com/sigstore/sigstore v1.4.0/go.mod h1:z3kt1jm2A39M+g7emkQ8jdErL/haCMEjkNxvqTf41/k=
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -1533,12 +1648,14 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/sylabs/sif/v2 v2.7.1 h1:XXt9AP39sQfsMCGOGQ/XP9H47yqZOvAonalkaCaNIYM=
 github.com/sylabs/sif/v2 v2.7.1/go.mod h1:bBse2nEFd3yHkmq6KmAOFEWQg5LdFYiQUdVcgamxlc8=
+github.com/sylabs/sif/v2 v2.7.2 h1:eCxtl2ub9fPfrO7g2JPagn6HKDhv+Kl92Jz6+ww2Y1Q=
+github.com/sylabs/sif/v2 v2.7.2/go.mod h1:LQOdYXC9a8i7BleTKRw9lohi0rTbXkJOeS9u0ebvgyM=
 github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
@@ -1546,6 +1663,7 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtse
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
+github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48=
 github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
 github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs=
 github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
@@ -1554,8 +1672,9 @@ github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg
 github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=
 github.com/tetafro/godot v1.4.11/go.mod h1:LR3CJpxDVGlYOWn3ZZg1PgNZdTUvzsZWu8xaEohUpn8=
 github.com/theupdateframework/go-tuf v0.3.0/go.mod h1:E5XP0wXitrFUHe4b8cUcAAdxBW4LbfnqF4WXXGLgWNo=
-github.com/theupdateframework/go-tuf v0.3.1 h1:NkjMlCuLcDpHNtsWXY4lTmbbQQ5nOM7JSBbOKEEiI1c=
 github.com/theupdateframework/go-tuf v0.3.1/go.mod h1:lhHZ3Vt2pdAh15h0Cc6gWdlI+Okn2ZznD3q/cNjd5jw=
+github.com/theupdateframework/go-tuf v0.4.0 h1:KTFzOsIdtmMe4KTEOEcDdD68uXYf2hDYq+Bh+hU7yWU=
+github.com/theupdateframework/go-tuf v0.4.0/go.mod h1:kfQTX2LhNeK/cp03OBiZHoua0Pp2l9w4ShRwFtc0oKg=
 github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
@@ -1598,8 +1717,10 @@ github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/V
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
-github.com/vbauerster/mpb/v7 v7.4.2 h1:n917F4d8EWdUKc9c81wFkksyG6P6Mg7IETfKCE1Xqng=
 github.com/vbauerster/mpb/v7 v7.4.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
+github.com/vbauerster/mpb/v7 v7.5.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
+github.com/vbauerster/mpb/v7 v7.5.3 h1:BkGfmb6nMrrBQDFECR/Q7RkKCw7ylMetCb4079CGs4w=
+github.com/vbauerster/mpb/v7 v7.5.3/go.mod h1:i+h4QY6lmLvBNK2ah1fSreiw3ajskRlBp9AhY/PnuOE=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
@@ -1612,12 +1733,16 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
+github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
 github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
+github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 github.com/weppos/publicsuffix-go v0.15.1-0.20210807195340-dc689ff0bb59/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
 github.com/weppos/publicsuffix-go v0.15.1-0.20220329081811-9a40b608a236/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
+github.com/weppos/publicsuffix-go v0.15.1-0.20220413065649-906f534b73a4/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
 github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
 github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1634,9 +1759,12 @@ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:
 github.com/yeya24/promlinter v0.1.0/go.mod h1:rs5vtZzeBHqqMwXqFScncpCF6u06lezhZepno9AB1Oc=
 github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18=
 github.com/ysmood/got v0.31.2/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY=
+github.com/ysmood/got v0.31.3/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY=
 github.com/ysmood/gotrace v0.6.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM=
 github.com/ysmood/gson v0.7.1/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
+github.com/ysmood/gson v0.7.2/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
 github.com/ysmood/leakless v0.7.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ=
+github.com/ysmood/leakless v0.8.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ=
 github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
 github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
 github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
@@ -1647,6 +1775,7 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
@@ -1672,8 +1801,9 @@ go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3M
 go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc=
 go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4=
 go.mozilla.org/mozlog v0.0.0-20170222151521-4bb13139d403/go.mod h1:jHoPAGnDrCy6kaI2tAze5Prf0Nr0w/oNkROt2lw3n3o=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=
 go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
+go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak=
+go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1682,16 +1812,13 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0=
 go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
-go.opentelemetry.io/contrib/propagators v0.19.0 h1:HrixVNZYFjUl/Db+Tr3DhqzLsVW9GeVf/Gye+C5dNUY=
 go.opentelemetry.io/contrib/propagators v0.19.0/go.mod h1:4QOdZClXISU5S43xZxk5tYaWcpb+lehqfKtE6PK6msE=
 go.opentelemetry.io/otel v0.19.0/go.mod h1:j9bF567N9EfomkSidSfmMwIwIBuP37AMAIzVW85OxSg=
 go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
-go.opentelemetry.io/otel v1.3.0 h1:APxLf0eiBwLl+SOXiJJCVYzA1OOJNyAoV8C5RNRyy7Y=
 go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
 go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
 go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
@@ -1708,13 +1835,13 @@ go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi
 go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
 go.opentelemetry.io/otel/trace v0.19.0/go.mod h1:4IXiNextNOpPnRlI4ryK69mn5iC84bjBWZQA5DXz/qg=
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
-go.opentelemetry.io/otel/trace v1.3.0 h1:doy8Hzb1RJ+I3yFhtDmwNc7tIyw1tNMOIsyPzp1NOGY=
 go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
@@ -1722,6 +1849,7 @@ go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
+go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
 go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
@@ -1750,18 +1878,22 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1800,6 +1932,7 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1864,6 +1997,7 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -1880,8 +2014,11 @@ golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220524220425-1d687d428aca/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ=
+golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1905,6 +2042,7 @@ golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j
 golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
 golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
+golang.org/x/oauth2 v0.0.0-20220718184931-c8730f7fcb92/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1918,8 +2056,9 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2045,9 +2184,11 @@ golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -2056,16 +2197,23 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2 h1:wM1k/lXfpc5HdkJJyW9GELpd8ERGdnh8sMGL6Gzq3Ho=
+golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -2092,8 +2240,9 @@ golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
 golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ=
+golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -2140,6 +2289,7 @@ golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@@ -2208,8 +2358,10 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
+golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
+golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2261,7 +2413,9 @@ google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69
 google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
 google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
 google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
+google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g=
 google.golang.org/api v0.86.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
+google.golang.org/api v0.92.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -2269,7 +2423,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww
 google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
 google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
@@ -2361,8 +2514,11 @@ google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP
 google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f h1:hJ/Y5SqPXbarffmAsApliUlcvMU+wScNGfyop4bZm8o=
+google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220720214146-176da50484ac h1:EOa+Yrhx1C0O+4pHeXeWrCwdI0tWI6IfUU56Vebs9wQ=
+google.golang.org/genproto v0.0.0-20220720214146-176da50484ac/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -2402,8 +2558,9 @@ google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ5
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
 google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
+google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
diff --git a/hack/bats b/hack/bats
index ca9835a1f..9bc2d2c15 100755
--- a/hack/bats
+++ b/hack/bats
@@ -106,7 +106,7 @@ export PODMAN_ROOTLESS_USER=$(id -un)
 
 # Root
 if [ -z "$ROOTLESS_ONLY" ]; then
-    echo "# bats ${bats_filter[@]} $TESTS"
+    echo "# bats ${bats_filter[*]} $TESTS"
     sudo    --preserve-env=PODMAN \
             --preserve-env=PODMAN_TEST_DEBUG \
             --preserve-env=OCI_RUNTIME \
@@ -119,7 +119,7 @@ fi
 # Rootless. (Only if we're not already root)
 if [[ -z "$ROOT_ONLY" && "$(id -u)" != 0 ]]; then
     echo "--------------------------------------------------"
-    echo "\$ bats ${bats_filter[@]} $TESTS"
+    echo "\$ bats ${bats_filter[*]} $TESTS"
     bats "${bats_opts[@]}" "${bats_filter[@]}" $TESTS
     rc=$((rc | $?))
 fi
diff --git a/hack/buildah-vendor-treadmill b/hack/buildah-vendor-treadmill
index d579a180a..b95290841 100755
--- a/hack/buildah-vendor-treadmill
+++ b/hack/buildah-vendor-treadmill
@@ -38,10 +38,6 @@ our $Treadmill_PR_Title = 'DO NOT MERGE: buildah vendor treadmill';
 # Github API; this is where we query to find out the active treadmill PR
 our $API_URL = 'https://api.github.com/graphql';
 
-# Temporary file used to preserve current treadmill patches. This file
-# should only exist very briefly while we perform branch operations.
-our $Patch_File = "0000-$ME.patch";
-
 # Use colors if available and if stdout is a tty
 our $C_Highlight = '';
 our $C_Warning = '';
@@ -66,14 +62,14 @@ eval '
 
 sub usage {
     print  <<"END_USAGE";
-Usage: $ME [OPTIONS] [--sync | --pick | --reset ]
+Usage: $ME [OPTIONS] [--sync | --pick [PR] | --reset ]
 
 $ME is (2022-04-20) **EXPERIMENTAL**
 
 $ME is intended to solve the problem of vendoring
 buildah into podman.
 
-Call me with one of two options:
+Call me with one of three options:
 
     --sync  The usual case. Mostly used by Ed. Called from a
             development branch, this just updates everything so
@@ -81,7 +77,8 @@ Call me with one of two options:
             latest-podman (main). With a few sanity checks.
 
     --pick  Used for really-truly vendoring in a new buildah; will
-            cherry-pick a commit on your buildah-vendor working branch
+            cherry-pick a commit on your buildah-vendor working branch.
+            Optional PR arg is the ID of the treadmill PR on github.
 
     --reset Used after vendoring buildah into main, when there
             really aren't any buildah patches to keep rolling.
@@ -103,6 +100,7 @@ END_USAGE
 our %action;
 our $debug   = 0;
 our $force_old_main = 0;        # in --pick, proceeds even if main is old
+our $force_retry = 0;           # in --sync, continue despite saved checkpoint
 our $force_testing = 0;         # in --sync, test even no podman/buildah changes
 our $verbose = 0;
 our $NOT     = '';              # print "blahing the blah$NOT\n" if $debug
@@ -114,6 +112,7 @@ sub handle_opts {
         'reset'      => sub { $action{reset}++ },
 
         'force-old-main'  => \$force_old_main,
+        'force-retry'     => \$force_retry,
         'force-testing'   => \$force_testing,
 
         'debug!'     => \$debug,
@@ -140,11 +139,6 @@ sub main {
     # and there's no clean way to make it use @_.
     handle_opts();                      # will set package globals
 
-    # Fetch command-line arguments.  Barf if too many.
-    # FIXME: if called with arg, that's the --sync branch?
-    # FIXME: if called with --pick + arg, that's the PR?
-    die "$ME: Too many arguments; try $ME --help\n"                 if @ARGV;
-
     my @action = keys(%action);
     die "$ME: Please invoke me with one of --sync or --pick\n"
         if ! @action;
@@ -158,13 +152,15 @@ sub main {
     # that repo is clean. None of our actions can be run on a dirty repo.
     assert_clean_repo();
 
-    $handler->();
+    $handler->(@ARGV);
 }
 
 ###############################################################################
 # BEGIN sync and its helpers
 
 sub do_sync {
+    die "$ME: --sync takes no arguments; try $ME --help\n" if @_;
+
     # Preserve current branch name, so we can come back after switching to main
     my $current_branch = git_current_branch();
 
@@ -188,11 +184,13 @@ sub do_sync {
     pull_main();
     git('checkout', '-q', $current_branch);
 
-    # Preserve local patches. --always will generate empty patches (e.g.,
-    # after a buildah vendor when everything is copacetic); --no-signature
-    # prevents a buildup of "-- 2.35" (git version) lines at the end.
-    git('format-patch', '--always', '--no-signature', "--output=$Patch_File", 'HEAD^');
-    progress("Treadmill patches saved to $Patch_File");
+    # Make a temporary copy of this branch
+    my $temp_branch = strftime("__buildah-treadmill-checkpoint/%Y%m%d-%H%M%S", localtime);
+    git('branch', $temp_branch, $current_branch);
+    progress("Current branch preserved as $temp_branch");
+
+    # Get the hash of the top (treadmill) commit, to cherry-pick later
+    my $treadmill_commit = git('rev-parse', 'HEAD');
 
     #
     # Danger Will Robinson! This is where it gets scary: a failure here
@@ -207,7 +205,11 @@ This is not something I can recover from. Your human judgment is needed.
 You will need to recover from this manually. Your best option is to
 look at the source code for this script.
 
-Your treadmill patches are here: $Patch_File
+Treadmill branch copy is preserved in $temp_branch
+
+To restore state to where you were before this sync:
+    \$ git checkout main
+    \$ git branch -f $current_branch $treadmill_commit
 END_FAIL_INSTRUCTIONS
 
         exit 1;
@@ -260,12 +262,34 @@ END_FAIL_INSTRUCTIONS
     git_commit_buildah($buildah_new);
 
     # And, finally, this has the highest possibility of failing
-    progress('Reapplying preserved patches');
-    git('am', '--empty=keep', $Patch_File);
+    local $SIG{__DIE__} = sub {
+        print STDERR $C_Warning, "@_", <<"END_FAIL_INSTRUCTIONS";
+
+This is not something I can recover from. Your human judgment is needed.
+
+Chances are, you might be able to run 'git status', look for
+merge conflicts, manually resolve those, 'git add', then
+'git cherry-pick --continue'. If that works, run this script
+again (you will probably need the --force-retry option).
 
-    # It worked! Clean up: remove our local die() handler and the patch file
+If that DOES NOT work, your only option is to look at the source code
+for this script. Sorry. There's only so much that can be done automatically.
+
+Treadmill branch copy is preserved in $temp_branch
+
+To restore state to where you were before this sync:
+    \$ git checkout main
+    \$ git branch -f $current_branch $treadmill_commit
+END_FAIL_INSTRUCTIONS
+
+        exit 1;
+    };
+    progress('Reapplying treadmill patches');
+    git('cherry-pick', '--allow-empty', $treadmill_commit);
+
+    # It worked! Clean up: remove our local die() handler and the saved branch
     undef $SIG{__DIE__};
-    unlink $Patch_File;
+    git('branch', '-D', $temp_branch);
 
     # if buildah is unchanged, and we did not pull main, exit cleanly
     my $change_message = '';
@@ -295,6 +319,13 @@ END_FAIL_INSTRUCTIONS
 
     progress("All OK. It's now up to you to 'git push --force'");
     progress(" --- Reminder: $change_message");
+
+    # Kind of kludgy. If user had to retry a prior failed attempt, and
+    # things are now successful, remind them to delete old checkpoints.
+    # ($force_retry is a 'git branch -D' command string at this point.)
+    if ($force_retry) {
+        progress(" --- Retry worked! You may now $force_retry");
+    }
 }
 
 ###############
@@ -429,8 +460,9 @@ sub do_pick {
     assert_buildah_vendor_commit('HEAD');
     progress("HEAD is a buildah vendor commit. Good.");
 
-    # Identify and pull the treadmill PR
-    my $treadmill_pr = treadmill_pr();
+    # Identify and pull the treadmill PR.
+    my $treadmill_pr = shift || treadmill_pr();
+
     my $treadmill_branch = "$ME/pr$treadmill_pr/tmp$$";
     progress("Fetching treadmill PR $treadmill_pr into $treadmill_branch");
     git('fetch', '-q', git_upstream(), "pull/$treadmill_pr/head:$treadmill_branch");
@@ -465,6 +497,26 @@ sub do_pick {
 #  treadmill_pr  #  Returns ID of open podman PR with the desired subject
 ##################
 sub treadmill_pr {
+    # Github API (or maybe just the search endpoint???) is restricted.
+    my $token = $ENV{GITHUB_TOKEN}
+        or do {
+            warn <<"END_NEED_PR";
+$ME: Cannot proceed without PR ID.
+
+If you have a github API token, please: export GITHUB_TOKEN=.......
+and re-run me.
+
+If you do not have a github API token, please go here:
+
+   https://github.com/containers/podman/pulls?q=is%3Apr+is%3Aopen+%22buildah+vendor+treadmill%22
+
+...then reinvoke me, adding that PR ID to the command line args.
+
+As of 2022-09-12 the treadmill PR is 13808, but that may change over time.
+END_NEED_PR
+            exit 1;
+        };
+
     my $query = <<'END_QUERY';
 {
   search(
@@ -481,16 +533,10 @@ END_QUERY
     $ua->agent("$ME " . $ua->agent);              # Identify ourself
 
     my %headers = (
+        'Authorization' => "bearer $token",
         'Accept'        => "application/vnd.github.antiope-preview+json",
         'Content-Type'  => "application/json",
     );
-
-    # Use github token if available, but don't require it. (All it does is
-    # bump up our throttling limit, which shouldn't be an issue) (unless
-    # someone invokes this script hundreds of times per minute).
-    if (my $token = $ENV{GITHUB_TOKEN}) {
-        $headers{Authorization} = "bearer $token";
-    }
     $ua->default_header($_ => $headers{$_}) for keys %headers;
 
     # Massage the query: escape quotes, put it all in one line, collapse spaces
@@ -503,7 +549,9 @@ END_QUERY
     print $postquery, "\n"            if $debug;
     my $res = $ua->post($API_URL, Content => $postquery);
     if ((my $code = $res->code) != 200) {
-        print $code, " ", $res->message, "\n";
+        warn "$ME: GraphQL request failed on $API_URL:\n";
+        print STDERR "  ", $code, " ", $res->message, "\n";
+        warn "Cannot continue.\n";
         exit 1;
     }
 
@@ -621,8 +669,8 @@ from the buildah vendor treadmill PR, #%s
 EOF
 
 # Strip the "DO NOT MERGE" header from the treadmill PR, print only
-# the "Changes as of YYYY-MM-DD" and subsequent lines
-sed -ne '/^Changes as of/,$ p' <$msgfile >>$tmpfile
+# the "Changes since YYYY-MM-DD" and subsequent lines
+sed -ne '/^Changes since /,$ p' <$msgfile >>$tmpfile
 mv $tmpfile $msgfile
 
 END_EDIT_SCRIPT
@@ -639,6 +687,8 @@ END_EDIT_SCRIPT
 # BEGIN reset and its helpers
 
 sub do_reset {
+    die "$ME: --sync takes no arguments; try $ME --help\n" if @_;
+
     my $current_branch = git_current_branch();
 
     # Make sure side branch == main (i.e., there are no commits on the branch)
@@ -681,20 +731,46 @@ sub progress {
 #  assert_clean_repo  #  Don't even think of running with local changes
 #######################
 sub assert_clean_repo {
-    # Our patch file should only exist for brief moments during a sync run.
-    # If it exists at any other time, something has gone very wrong.
-    if (-e $Patch_File) {
-        warn <<"END_WARN";
-$ME: File exists: $Patch_File
+    # During --sync we create a temporary copy of the treadmill branch,
+    # in case something goes wrong. The branch is deleted on success.
+    # If one exists, it means we may have lost work.
+    my @relics = grep {
+        m!^__buildah-treadmill-checkpoint/\d+-\d+$!
+    } git('branch', '--list', '--format=%(refname:lstrip=2)');
+    if (@relics) {
+        if ($force_retry) {
+            warn <<"END_WARN";
+$ME: WARNING: leftover checkpoint(s): @relics
+
+   ...continuing due to --force-retry.
+
+   If things work out, you can 'git branch -D @relics'
+END_WARN
+
+            # OK, ugly override of a binary flag, but it's OK because
+            # it helps with user-friendliness: offer a reminder upon
+            # successful completion of the script.
+            $force_retry = "git branch -D @relics";
+        }
+        else {
+            warn <<"END_WARN";
+$ME: FATAL: leftover checkpoint: @relics
 
    This means that something went very wrong during an earlier sync run.
    Your git branch may be in an inconsistent state. Your work to date
-   may be lost. This file may be your only hope of recovering it.
+   may be lost. This branch may be your only hope of recovering it.
 
    This is not something a script can resolve. You need to look at this
-   file, compare to your git HEAD, and manually reconcile any differences.
+   branch, compare to your git HEAD, and manually reconcile any differences.
+
+   If you really know what you're doing, i.e., if you've reconciled
+   merge conflicts and have a pretty secure branch structure, try
+   rerunning me with --force-retry. Or, if that checkpoint is a
+   remnant from a past run, and you're ultra-certain that you don't
+   need it, you can git branch -D @relics
 END_WARN
-        exit 1;
+            exit 1;
+        }
     }
 
     # OK so far. Now check for modified files.
@@ -727,7 +803,15 @@ sub git_current_branch() {
 #  git_forkpoint  #  Hash at which branch (default: cur) branched from main
 ###################
 sub git_forkpoint {
-    return git('merge-base', '--fork-point', 'main', @_);
+    # '--fork-point vendor-branch' fails silently on Paul's git tree,
+    # but plain merge-base works fine. My head hurts from trying to
+    # understand the docs, so I give up. Just try fork-point first,
+    # and if it fails, try without. #cargocult #gitishard
+    my $forkpoint = eval { git('merge-base', '--fork-point', 'main', @_) };
+    if ($@) {
+        $forkpoint = git('merge-base', 'main', @_);
+    }
+    return $forkpoint;
 }
 
 #####################
diff --git a/hack/check_root.sh b/hack/check_root.sh
index 1f53887ff..2489a4edd 100755
--- a/hack/check_root.sh
+++ b/hack/check_root.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
 if ! [ $(id -u) = 0 ]; then
-   echo "Please run as root! '$@' requires root privileges."
+   echo "Please run as root! '$*' requires root privileges."
    exit 1
 fi
diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh
index 6632a0178..bdd947bba 100755
--- a/hack/get_ci_vm.sh
+++ b/hack/get_ci_vm.sh
@@ -15,7 +15,7 @@ SCRIPT_FILEPATH=$(realpath "${BASH_SOURCE[0]}")
 SCRIPT_DIRPATH=$(dirname "$SCRIPT_FILEPATH")
 REPO_DIRPATH=$(realpath "$SCRIPT_DIRPATH/../")
 
-# Help detect if we were called by get_ci_vm container
+# Help detect what get_ci_vm container called this script
 GET_CI_VM="${GET_CI_VM:-0}"
 in_get_ci_vm() {
     if ((GET_CI_VM==0)); then
@@ -27,8 +27,10 @@ in_get_ci_vm() {
 # get_ci_vm APIv1 container entrypoint calls into this script
 # to obtain required repo. specific configuration options.
 if [[ "$1" == "--config" ]]; then
-    in_get_ci_vm "$1"
-    cat <<EOF
+    in_get_ci_vm "$1"  # handles GET_CI_VM==0 case
+    case "$GET_CI_VM" in
+        1)
+            cat <<EOF
 DESTDIR="/var/tmp/go/src/github.com/containers/podman"
 UPSTREAM_REPO="https://github.com/containers/podman.git"
 CI_ENVFILE="/etc/ci_environment"
@@ -40,8 +42,18 @@ GCLOUD_CPUS="2"
 GCLOUD_MEMORY="4Gb"
 GCLOUD_DISK="200"
 EOF
+            ;;
+        2)
+            # get_ci_vm APIv2 configuration details
+            echo "AWS_PROFILE=containers"
+            ;;
+        *)
+            echo "Error: Your get_ci_vm container image is too old."
+            ;;
+    esac
 elif [[ "$1" == "--setup" ]]; then
     in_get_ci_vm "$1"
+    unset GET_CI_VM
     # get_ci_vm container entrypoint calls us with this option on the
     # Cirrus-CI environment instance, to perform repo.-specific setup.
     cd $REPO_DIRPATH
@@ -54,8 +66,9 @@ elif [[ "$1" == "--setup" ]]; then
     echo "+ Running environment setup" > /dev/stderr
     ./contrib/cirrus/setup_environment.sh
 else
-    # Create and access VM for specified Cirrus-CI task
+    # Pass this repo and CLI args into container for VM creation/management
     mkdir -p $HOME/.config/gcloud/ssh
+    mkdir -p $HOME/.aws
     podman run -it --rm \
         --tz=local \
         -e NAME="$USER" \
@@ -65,5 +78,6 @@ else
         -v $REPO_DIRPATH:/src:O \
         -v $HOME/.config/gcloud:/root/.config/gcloud:z \
         -v $HOME/.config/gcloud/ssh:/root/.ssh:z \
+        -v $HOME/.aws:/root/.aws:z \
         quay.io/libpod/get_ci_vm:latest "$@"
 fi
diff --git a/hack/man-page-checker b/hack/man-page-checker
index 8ee0aaf6d..83e0b8b1d 100755
--- a/hack/man-page-checker
+++ b/hack/man-page-checker
@@ -87,7 +87,7 @@ function compare_usage() {
 
     # strip off command name from both
     from_man=$(sed -e "s/\*\*$cmd\*\*[[:space:]]*//" <<<"$from_man")
-    from_help=$(sed -e "s/^[[:space:]]*$cmd[[:space:]]*//" <<<"$from_help")
+    from_help=$(sed -e "s/^[[:space:]]*${cmd}[[:space:]]*//" <<<"$from_help")
 
     # man page lists 'foo [*options*]', help msg shows 'foo [flags]'.
     # Make sure if one has it, the other does too.
@@ -153,7 +153,7 @@ for md in *.1.md;do
         # special case: the command is "auto-update", with a hyphen
         md_nodash='podman auto-update'
     fi
-    if [ "$cmd" != "$md_nodash" -a "$cmd" != "podman-remote" ]; then
+    if [[ "$cmd" != "$md_nodash" ]] && [[ "$cmd" != "podman-remote" ]]; then
         echo
         printf "Inconsistent program name in SYNOPSIS in %s:\n" $md
         printf "  SYNOPSIS = %s (expected: '%s')\n" "$cmd" "$md_nodash"
diff --git a/hack/markdown-preprocess b/hack/markdown-preprocess
new file mode 100755
index 000000000..9cd1e9605
--- /dev/null
+++ b/hack/markdown-preprocess
@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+#
+# markdown-preprocess - filter *.md.in files, convert to .md
+#
+
+import glob
+import os
+import re
+import sys
+
+def main():
+    script_dir = os.path.abspath(os.path.dirname(__file__))
+    man_dir = os.path.join(script_dir,"../docs/source/markdown")
+
+    try:
+        os.chdir(man_dir)
+    except FileNotFoundError:
+        raise Exception("Please invoke me from the base repo dir")
+
+    # If called with args, process only those files
+    infiles = [ os.path.basename(x) for x in sys.argv[1:] ]
+    if len(infiles) == 0:
+        # Called without args: process all *.md.in files
+        infiles = glob.glob('*.md.in')
+    for infile in infiles:
+        process(infile)
+
+def process(infile):
+    # Some options are the same between containers and pods; determine
+    # which description to use from the name of the source man page.
+    pod_or_container = 'container'
+    if '-pod-' in infile or '-kube-' in infile:
+        pod_or_container = 'pod'
+
+    # foo.md.in -> foo.md -- but always write to a tmpfile
+    outfile = os.path.splitext(infile)[0]
+    outfile_tmp = outfile + '.tmp.' + str(os.getpid())
+
+#    print("got here: ",infile, " -> ", outfile)
+
+    with open(infile, 'r') as fh_in, open(outfile_tmp, 'w') as fh_out:
+        for line in fh_in:
+            # '@@option foo' -> include file options/foo.md
+            if line.startswith('@@option '):
+                _, optionname = line.strip().split(" ")
+                optionfile = os.path.join("options", optionname + '.md')
+
+                # Comment intended to help someone viewing the .md file.
+                # Leading newline is important because if two lines are
+                # consecutive without a break, sphinx (but not go-md2man)
+                # treats them as one line and will unwantedly render the
+                # comment in its output.
+                fh_out.write("\n[//]: # (BEGIN included file " + optionfile + ")\n")
+                with open(optionfile, 'r') as fh_optfile:
+                    for opt_line in fh_optfile:
+                        opt_line = replace_type(opt_line, pod_or_container)
+                        opt_line = opt_line.replace('<<subcommand>>', podman_subcommand(infile))
+                        opt_line = opt_line.replace('<<fullsubcommand>>', podman_subcommand(infile, 'full'))
+                        fh_out.write(opt_line)
+                fh_out.write("\n[//]: # (END   included file " + optionfile + ")\n")
+            else:
+                fh_out.write(line)
+
+    os.chmod(outfile_tmp, 0o444)
+    os.rename(outfile_tmp, outfile)
+
+# Given a file path of the form podman-foo-bar.1.md.in, return "foo bar"
+def podman_subcommand(string: str, full=None) -> str:
+    # Special case: 'podman-pod-start' becomes just 'start'
+    if not full:
+        if string.startswith("podman-pod-"):
+            string = string[len("podman-pod-"):]
+    if string.startswith("podman-"):
+        string = string[len("podman-"):]
+    if string.endswith(".1.md.in"):
+        string = string[:-len(".1.md.in")]
+    return string.replace("-", " ")
+
+# Replace instances of '<<pod|container>>' with the desired one (based on
+# 'type' which is 'pod' or 'container').
+def replace_type(line: str, type: str) -> str:
+    # Internal helper function: determines the desired half of the <a|b> string
+    def replwith(matchobj):
+        lhs, rhs = matchobj[0].split('|')
+        # Strip off '<<' and '>>'
+        lhs = lhs[2:]
+        rhs = rhs[:len(rhs)-2]
+
+        # Check both sides for 'pod' followed by (non-"m" or end-of-string).
+        # The non-m prevents us from triggering on 'podman', which could
+        # conceivably be present in both sides. And we check for 'pod',
+        # not 'container', because it's possible to have something like
+        # <<container in pod|container>>.
+        if re.match('.*pod([^m]|$)', lhs, re.IGNORECASE):
+            if re.match('.*pod([^m]|$)', rhs, re.IGNORECASE):
+                raise Exception("'%s' matches 'pod' in both left and right sides" % matchobj[0])
+            # Only left-hand side has "pod"
+            if type == 'pod':
+                return lhs
+            else:
+                return rhs
+        else:
+            if not re.match('.*pod([^m]|$)', rhs, re.IGNORECASE):
+                raise Exception("'%s' does not match 'pod' in either side" % matchobj[0])
+            if type == 'pod':
+                return rhs
+            else:
+                return lhs
+
+    return re.sub('<<[^\|>]*\|[^\|>]*>>', replwith, line)
+
+if __name__ == "__main__":
+    main()
diff --git a/hack/markdown-preprocess-review b/hack/markdown-preprocess-review
new file mode 100755
index 000000000..a3e237fb6
--- /dev/null
+++ b/hack/markdown-preprocess-review
@@ -0,0 +1,184 @@
+#!/usr/bin/perl
+
+(our $ME = $0) =~ s|^.*/||;
+
+use v5.20;
+
+our $DSM = 'docs/source/markdown';
+
+my ($oldname, $newname);
+my %oldname;
+my %changed;
+open my $git_diff, '-|', 'git', 'log', '-1', '-p'
+    or die "$ME: Cannot fork: $!\n";
+while (my $line = <$git_diff>) {
+    chomp $line;
+
+    if ($line =~ m!^\-\-\-\s+a/$DSM/(podman-\S+\.md(\.in)?)!) {
+        $oldname = $1;
+        $newname = undef;
+    }
+    elsif ($line =~ m!^\+\+\+\s+b/$DSM/(podman-\S+\.md(\.in)?)!) {
+        $newname = $1;
+        $oldname{$newname} = $oldname;
+    }
+    elsif ($newname) {
+        if ($line =~ s/^-####\s+//) {
+            $line =~ /^\*\*--(\S+?)\*\*/
+                or die "$ME: in $newname: weird '$line'";
+            $changed{$newname}{$1}{name} //= $1;
+        }
+        # Usually the same, but not for host.container and host.pod.md
+        elsif ($line =~ /^\+\@\@option\s+(\S+)/) {
+            my $optfile = $1;
+            if ($optfile =~ /^(.*)\.\S+$/) {
+                $changed{$newname}{$1}{name} = $optfile;
+            }
+        }
+    }
+}
+close $git_diff;
+
+# Pass 2: read each oldfile, parse changed options
+for my $f (sort keys %changed) {
+    my $oldfile = $oldname{$f};
+    open my $git_fh, '-|', 'git', 'show', "HEAD^:$DSM/$oldfile"
+        or die "$ME: Cannot fork: $!\n";
+    my $opt;
+    while (my $line = <$git_fh>) {
+        if ($line =~ /^####\s+\*\*--(\S+?)\*\*/) {
+            $opt = $1;
+            if ($changed{$f}{$opt}) {
+                $changed{$f}{$opt}{text} = $line;
+            }
+            else {
+                undef $opt;
+            }
+        }
+        elsif ($line =~ /^#/ || $line =~ /^\@\@option\s/) {
+            undef $opt;
+        }
+        elsif ($opt) {
+            $changed{$f}{$opt}{text} .= $line;
+        }
+    }
+    close $git_fh
+        or die "$ME: Error running git on $oldfile\n";
+}
+
+# Pass 3: write out files
+my $tempdir = "/tmp/$ME.diffs";
+system('rm', '-rf', $tempdir);
+mkdir $tempdir, 0755;
+
+for my $md_file (sort keys %changed) {
+    for my $opt (sort keys %{$changed{$md_file}}) {
+        my $d = "$tempdir/$changed{$md_file}{$opt}{name}";
+        mkdir $d, 0755;
+
+        my $outfile = "$d/$md_file";
+        open my $fh, '>', $outfile
+            or die "$ME: Cannot create $outfile: $!\n";
+        # strip all trailing newlines
+        (my $text = $changed{$md_file}{$opt}{text}) =~ s/\n+$/\n/s;
+        print { $fh } $text;
+        close $fh
+            or die "$ME: Error writing $outfile: $!\n";
+
+        my $new_text = "$DSM/options/$changed{$md_file}{$opt}{name}.md";
+        die "$ME: $md_file: File does not exist: $new_text\n" if ! -e $new_text;
+        system('cp', $new_text, "$d/zzz-chosen.md");
+    }
+}
+
+# Now run diffuse
+chdir $tempdir or die;
+my @all_opts = glob("*");
+for my $i (0..$#all_opts) {
+    my $opt = $all_opts[$i];
+    chdir "$tempdir/$opt"
+        or die "??? Internal error, cannot cd $tempdir/$opt: $!";
+
+    $| = 1; printf "--%s (%d/%d) ", $opt, $i+1, scalar(@all_opts);
+
+    my @all_files = glob("*");
+    if (all_files_identical(@all_files)) {
+        pop @all_files;
+        print "[identical between @all_files]\n";
+        next;
+    }
+
+    # Prompt
+    print "[Y/n/q] ";
+    my $ans = <STDIN>;
+    next if $ans =~ /^n/i;
+    exit 0 if $ans =~ /^q/i;
+
+    # Try to cull the files (remove identical ones)
+    my @files = glob("*");
+    my $winner = pop @files;
+
+    for my $f (@files) {
+        system('cmp', '-s', $f, $winner);
+        if ($? == 0) {
+            print "[ $f is the one we went with; removing from list ]\n";
+            unlink $f;
+            next;
+        }
+
+        system('wdiff', '-1', '-2', '-3', $f, $winner);
+        if ($? == 0) {
+            print "[ $f is whitespace-identical with what we went with ]\n";
+            unlink $f;
+            next;
+        }
+    }
+
+    # Recompute @files, in case some were deleted above
+    @files = glob("*"); pop @files;
+
+    for (my $i=0; $i < $#files; $i++) {
+        my $f1 = $files[$i];
+        next unless -e $f1;
+
+        for (my $j=$i+1; $j <= $#files; $j++) {
+            my $f2 = $files[$j];
+            next unless -e $f2;
+
+            system('wdiff', '-1', '-2', '-3', $f1, $f2);
+            if ($? == 0) {
+                print "[ $f2 : removing, it =~ $f1 ]\n";
+                unlink $f2;
+            }
+        }
+    }
+
+    # Recompute @files, in case some were deleted above
+    @files = glob("*");
+
+    # diffuse works great for 3-4 files, passable for 5, not at all for >5
+    if (@files <= 5) {
+        system("diffuse", "-w", @files) == 0
+            or die "Diffuse failed\n";
+    }
+    else {
+        # Too many files. Go by threes.
+        my $winner = pop @files;
+        for (my $i=0; $i < @files; $i += 3) {
+            system("diffuse", "-w", @files[$i..$i+2], $winner);
+        }
+    }
+}
+
+
+sub all_files_identical {
+    my %sha;
+    for my $f (@_) {
+        my $result = qx{sha256sum $f};
+        $result =~ /^([0-9a-f]+)\s/
+            or die "Internal error: unexpected result from sha256sum $f: $result";
+        $sha{$1}++;
+    }
+
+    return (keys(%sha) == 1);
+}
diff --git a/hack/markdown-preprocess.t b/hack/markdown-preprocess.t
new file mode 100755
index 000000000..152da087b
--- /dev/null
+++ b/hack/markdown-preprocess.t
@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+
+"""
+Tests for markdown-preprocess
+"""
+
+import unittest
+
+# https://stackoverflow.com/questions/66665217/how-to-import-a-python-script-without-a-py-extension
+from importlib.util import spec_from_loader, module_from_spec
+from importlib.machinery import SourceFileLoader
+
+spec = spec_from_loader("mp", SourceFileLoader("mp", "hack/markdown-preprocess"))
+mp = module_from_spec(spec)
+spec.loader.exec_module(mp)
+
+class TestPodReplacer(unittest.TestCase):
+    def test_basic(self):
+        """basic pod|container and vice-versa"""
+        s = '<<container|pod>>'
+        self.assertEqual(mp.replace_type(s, 'pod'), 'pod')
+        self.assertEqual(mp.replace_type(s, 'container'), 'container')
+        s = '<<container|pod>>'
+        self.assertEqual(mp.replace_type(s, 'pod'), 'pod')
+        self.assertEqual(mp.replace_type(s, 'container'), 'container')
+
+    def test_case_insensitive(self):
+        """test case-insensitive replacement of Pod, Container"""
+        s = '<<Pod|Container>>'
+        self.assertEqual(mp.replace_type(s, 'pod'), 'Pod')
+        self.assertEqual(mp.replace_type(s, 'container'), 'Container')
+        s = '<<Container|Pod>>'
+        self.assertEqual(mp.replace_type(s, 'pod'), 'Pod')
+        self.assertEqual(mp.replace_type(s, 'container'), 'Container')
+
+    def test_dont_care_about_podman(self):
+        """we ignore 'podman'"""
+        self.assertEqual(mp.replace_type('<<podman container|pod in podman>>', 'container'), 'podman container')
+
+    def test_not_at_beginning(self):
+        """oops - test for 'pod' other than at beginning of string"""
+        s = '<<container|container or pod>>'
+        self.assertEqual(mp.replace_type(s, 'container'), 'container')
+        self.assertEqual(mp.replace_type(s, 'pod'), 'container or pod')
+        s = '<<container or pod|container>>'
+        self.assertEqual(mp.replace_type(s, 'container'), 'container')
+        self.assertEqual(mp.replace_type(s, 'pod'), 'container or pod')
+
+    def test_blank(self):
+        """test that either side of '|' can be empty"""
+        s = 'abc container<<| or pod>> def'
+        self.assertEqual(mp.replace_type(s, 'container'), 'abc container def')
+        self.assertEqual(mp.replace_type(s, 'pod'), 'abc container or pod def')
+        s = 'abc container<< or pod|>> def'
+        self.assertEqual(mp.replace_type(s, 'container'), 'abc container def')
+        self.assertEqual(mp.replace_type(s, 'pod'), 'abc container or pod def')
+
+    def test_exception_both(self):
+        """test that 'pod' on both sides raises exception"""
+        with self.assertRaisesRegex(Exception, "in both left and right sides"):
+            mp.replace_type('<<pod 123|pod 321>>', 'pod')
+
+    def test_exception_neither(self):
+        """test that 'pod' on neither side raises exception"""
+        with self.assertRaisesRegex(Exception, "in either side"):
+            mp.replace_type('<<container 123|container 321>>', 'pod')
+
+class TestPodmanSubcommand(unittest.TestCase):
+    def test_basic(self):
+        """podman subcommand basic test"""
+        self.assertEqual(mp.podman_subcommand("podman-foo.1.md.in"), "foo")
+        self.assertEqual(mp.podman_subcommand("podman-foo-bar.1.md.in"), "foo bar")
+        self.assertEqual(mp.podman_subcommand("podman-pod-rm.1.md.in"), "rm")
+        self.assertEqual(mp.podman_subcommand("podman-pod-rm.1.md.in", "full"), "pod rm")
+
+
+if __name__ == '__main__':
+    unittest.main()
diff --git a/hack/podman-registry b/hack/podman-registry
index f6a266883..f1b68deaa 100755
--- a/hack/podman-registry
+++ b/hack/podman-registry
@@ -7,7 +7,7 @@ ME=$(basename $0)
 ###############################################################################
 # BEGIN defaults
 
-PODMAN_REGISTRY_IMAGE=quay.io/libpod/registry:2.6
+PODMAN_REGISTRY_IMAGE=quay.io/libpod/registry:2.8
 
 PODMAN_REGISTRY_USER=
 PODMAN_REGISTRY_PASS=
@@ -30,7 +30,7 @@ into a local temporary directory, create an htpasswd, start the
 registry, and dump a series of environment variables to stdout:
 
     \$ $ME start
-    PODMAN_REGISTRY_IMAGE=\"docker.io/library/registry:2.6\"
+    PODMAN_REGISTRY_IMAGE=\"docker.io/library/registry:2.8\"
     PODMAN_REGISTRY_PORT=\"5050\"
     PODMAN_REGISTRY_USER=\"userZ3RZ\"
     PODMAN_REGISTRY_PASS=\"T8JVJzKrcl4p6uT\"
@@ -197,13 +197,11 @@ function do_start() {
 
     # Store credentials where container will see them. We can't run
     # this one via must_pass because we need its stdout.
-    podman run --rm                                               \
-           --entrypoint htpasswd ${PODMAN_REGISTRY_IMAGE}         \
-           -Bbn ${PODMAN_REGISTRY_USER} ${PODMAN_REGISTRY_PASS}   \
+    htpasswd -Bbn ${PODMAN_REGISTRY_USER} ${PODMAN_REGISTRY_PASS}   \
            > $AUTHDIR/htpasswd
     if [ $? -ne 0 ]; then
         rm -rf ${PODMAN_REGISTRY_WORKDIR}
-        die "Command failed: podman run [htpasswd]"
+        die "Command failed: htpasswd"
     fi
 
     # In case someone needs to debug
@@ -220,7 +218,7 @@ function do_start() {
               -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd"           \
               -e "REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt"       \
               -e "REGISTRY_HTTP_TLS_KEY=/auth/domain.key"               \
-              registry:2.6
+              ${PODMAN_REGISTRY_IMAGE}
 
     # Confirm that registry started and port is active
     wait_for_port $PODMAN_REGISTRY_PORT
diff --git a/hack/podman-registry-go/registry.go b/hack/podman-registry-go/registry.go
index d66d092b6..30da3b6da 100644
--- a/hack/podman-registry-go/registry.go
+++ b/hack/podman-registry-go/registry.go
@@ -57,7 +57,7 @@ func StartWithOptions(options *Options) (*Registry, error) {
 	// Start a registry.
 	out, err := utils.ExecCmd(binary, args...)
 	if err != nil {
-		return nil, fmt.Errorf("error running %q: %s: %w", binary, out, err)
+		return nil, fmt.Errorf("running %q: %s: %w", binary, out, err)
 	}
 
 	// Parse the output.
@@ -112,7 +112,7 @@ func (r *Registry) Stop() error {
 		return nil
 	}
 	if _, err := utils.ExecCmd(binary, "-P", r.Port, "stop"); err != nil {
-		return fmt.Errorf("error stopping registry (%v) with %q: %w", *r, binary, err)
+		return fmt.Errorf("stopping registry (%v) with %q: %w", *r, binary, err)
 	}
 	r.running = false
 	return nil
diff --git a/hack/swagger-check b/hack/swagger-check
index 1e5b95c3a..b4481f5bb 100755
--- a/hack/swagger-check
+++ b/hack/swagger-check
@@ -320,8 +320,8 @@ sub operation_name {
     if ($action eq 'df') {
         $action = 'dataUsage';
     }
-    elsif ($action eq "delete" && $endpoint eq "/libpod/kube/play") {
-        $action = "PlayDown"
+    elsif ($action eq "delete" && $endpoint eq "/libpod/play/kube") {
+        $action = "KubeDown"
     }
     # Grrrrrr, this one is annoying: some operations get an extra 'All'
     elsif ($action =~ /^(delete|get|stats)$/ && $endpoint !~ /\{/) {
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index 81f11410b..4fd95a3cf 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -85,7 +85,7 @@ func NewBoltState(path string, runtime *Runtime) (State, error) {
 
 	db, err := bolt.Open(path, 0600, nil)
 	if err != nil {
-		return nil, fmt.Errorf("error opening database %s: %w", path, err)
+		return nil, fmt.Errorf("opening database %s: %w", path, err)
 	}
 	// Everywhere else, we use s.deferredCloseDBCon(db) to ensure the state's DB
 	// mutex is also unlocked.
@@ -123,7 +123,7 @@ func NewBoltState(path string, runtime *Runtime) (State, error) {
 		return nil
 	})
 	if err != nil {
-		return nil, fmt.Errorf("error checking DB schema: %w", err)
+		return nil, fmt.Errorf("checking DB schema: %w", err)
 	}
 
 	if !needsUpdate {
@@ -135,13 +135,13 @@ func NewBoltState(path string, runtime *Runtime) (State, error) {
 	err = db.Update(func(tx *bolt.Tx) error {
 		for _, bkt := range createBuckets {
 			if _, err := tx.CreateBucketIfNotExists(bkt); err != nil {
-				return fmt.Errorf("error creating bucket %s: %w", string(bkt), err)
+				return fmt.Errorf("creating bucket %s: %w", string(bkt), err)
 			}
 		}
 		return nil
 	})
 	if err != nil {
-		return nil, fmt.Errorf("error creating buckets for DB: %w", err)
+		return nil, fmt.Errorf("creating buckets for DB: %w", err)
 	}
 
 	state.valid = true
@@ -220,11 +220,11 @@ func (s *BoltState) Refresh() error {
 			return nil
 		})
 		if err != nil {
-			return fmt.Errorf("error reading exit codes bucket: %w", err)
+			return fmt.Errorf("reading exit codes bucket: %w", err)
 		}
 		for _, id := range toRemoveExitCodes {
 			if err := exitCodeBucket.Delete([]byte(id)); err != nil {
-				return fmt.Errorf("error removing exit code for ID %s: %w", id, err)
+				return fmt.Errorf("removing exit code for ID %s: %w", id, err)
 			}
 		}
 
@@ -276,7 +276,7 @@ func (s *BoltState) Refresh() error {
 				state := new(podState)
 
 				if err := json.Unmarshal(stateBytes, state); err != nil {
-					return fmt.Errorf("error unmarshalling state for pod %s: %w", string(id), err)
+					return fmt.Errorf("unmarshalling state for pod %s: %w", string(id), err)
 				}
 
 				// Clear the Cgroup path
@@ -284,11 +284,11 @@ func (s *BoltState) Refresh() error {
 
 				newStateBytes, err := json.Marshal(state)
 				if err != nil {
-					return fmt.Errorf("error marshalling modified state for pod %s: %w", string(id), err)
+					return fmt.Errorf("marshalling modified state for pod %s: %w", string(id), err)
 				}
 
 				if err := podBkt.Put(stateKey, newStateBytes); err != nil {
-					return fmt.Errorf("error updating state for pod %s in DB: %w", string(id), err)
+					return fmt.Errorf("updating state for pod %s in DB: %w", string(id), err)
 				}
 
 				// It's not a container, nothing to do
@@ -297,7 +297,7 @@ func (s *BoltState) Refresh() error {
 
 			// First, delete the network namespace
 			if err := ctrBkt.Delete(netNSKey); err != nil {
-				return fmt.Errorf("error removing network namespace for container %s: %w", string(id), err)
+				return fmt.Errorf("removing network namespace for container %s: %w", string(id), err)
 			}
 
 			stateBytes := ctrBkt.Get(stateKey)
@@ -309,18 +309,18 @@ func (s *BoltState) Refresh() error {
 			state := new(ContainerState)
 
 			if err := json.Unmarshal(stateBytes, state); err != nil {
-				return fmt.Errorf("error unmarshalling state for container %s: %w", string(id), err)
+				return fmt.Errorf("unmarshalling state for container %s: %w", string(id), err)
 			}
 
 			resetState(state)
 
 			newStateBytes, err := json.Marshal(state)
 			if err != nil {
-				return fmt.Errorf("error marshalling modified state for container %s: %w", string(id), err)
+				return fmt.Errorf("marshalling modified state for container %s: %w", string(id), err)
 			}
 
 			if err := ctrBkt.Put(stateKey, newStateBytes); err != nil {
-				return fmt.Errorf("error updating state for container %s in DB: %w", string(id), err)
+				return fmt.Errorf("updating state for container %s in DB: %w", string(id), err)
 			}
 
 			// Delete all exec sessions, if there are any
@@ -338,7 +338,7 @@ func (s *BoltState) Refresh() error {
 				}
 				for _, execID := range toRemove {
 					if err := ctrExecBkt.Delete([]byte(execID)); err != nil {
-						return fmt.Errorf("error removing exec session %s from container %s: %w", execID, string(id), err)
+						return fmt.Errorf("removing exec session %s from container %s: %w", execID, string(id), err)
 					}
 				}
 			}
@@ -358,12 +358,12 @@ func (s *BoltState) Refresh() error {
 				if testID := namesBucket.Get(name); testID != nil {
 					logrus.Infof("Found dangling name %s (ID %s) in database", string(name), id)
 					if err := namesBucket.Delete(name); err != nil {
-						return fmt.Errorf("error removing dangling name %s (ID %s) from database: %w", string(name), id, err)
+						return fmt.Errorf("removing dangling name %s (ID %s) from database: %w", string(name), id, err)
 					}
 				}
 			}
 			if err := idBucket.Delete([]byte(id)); err != nil {
-				return fmt.Errorf("error removing dangling ID %s from database: %w", id, err)
+				return fmt.Errorf("removing dangling ID %s from database: %w", id, err)
 			}
 		}
 
@@ -384,7 +384,7 @@ func (s *BoltState) Refresh() error {
 			oldState := new(VolumeState)
 
 			if err := json.Unmarshal(volStateBytes, oldState); err != nil {
-				return fmt.Errorf("error unmarshalling state for volume %s: %w", string(id), err)
+				return fmt.Errorf("unmarshalling state for volume %s: %w", string(id), err)
 			}
 
 			// Reset mount count to 0
@@ -393,11 +393,11 @@ func (s *BoltState) Refresh() error {
 
 			newState, err := json.Marshal(oldState)
 			if err != nil {
-				return fmt.Errorf("error marshalling state for volume %s: %w", string(id), err)
+				return fmt.Errorf("marshalling state for volume %s: %w", string(id), err)
 			}
 
 			if err := dbVol.Put(stateKey, newState); err != nil {
-				return fmt.Errorf("error storing new state for volume %s: %w", string(id), err)
+				return fmt.Errorf("storing new state for volume %s: %w", string(id), err)
 			}
 
 			return nil
@@ -421,7 +421,7 @@ func (s *BoltState) Refresh() error {
 
 		for _, execSession := range toRemoveExec {
 			if err := execBucket.Delete([]byte(execSession)); err != nil {
-				return fmt.Errorf("error deleting exec session %s registry from database: %w", execSession, err)
+				return fmt.Errorf("deleting exec session %s registry from database: %w", execSession, err)
 			}
 		}
 
@@ -841,7 +841,7 @@ func (s *BoltState) UpdateContainer(ctr *Container) error {
 		}
 
 		if err := json.Unmarshal(newStateBytes, newState); err != nil {
-			return fmt.Errorf("error unmarshalling container %s state: %w", ctr.ID(), err)
+			return fmt.Errorf("unmarshalling container %s state: %w", ctr.ID(), err)
 		}
 
 		netNSBytes := ctrToUpdate.Get(netNSKey)
@@ -886,7 +886,7 @@ func (s *BoltState) SaveContainer(ctr *Container) error {
 
 	stateJSON, err := json.Marshal(ctr.state)
 	if err != nil {
-		return fmt.Errorf("error marshalling container %s state to JSON: %w", ctr.ID(), err)
+		return fmt.Errorf("marshalling container %s state to JSON: %w", ctr.ID(), err)
 	}
 	netNSPath := getNetNSPath(ctr)
 
@@ -912,17 +912,17 @@ func (s *BoltState) SaveContainer(ctr *Container) error {
 
 		// Update the state
 		if err := ctrToSave.Put(stateKey, stateJSON); err != nil {
-			return fmt.Errorf("error updating container %s state in DB: %w", ctr.ID(), err)
+			return fmt.Errorf("updating container %s state in DB: %w", ctr.ID(), err)
 		}
 
 		if netNSPath != "" {
 			if err := ctrToSave.Put(netNSKey, []byte(netNSPath)); err != nil {
-				return fmt.Errorf("error updating network namespace path for container %s in DB: %w", ctr.ID(), err)
+				return fmt.Errorf("updating network namespace path for container %s in DB: %w", ctr.ID(), err)
 			}
 		} else {
 			// Delete the existing network namespace
 			if err := ctrToSave.Delete(netNSKey); err != nil {
-				return fmt.Errorf("error removing network namespace path for container %s in DB: %w", ctr.ID(), err)
+				return fmt.Errorf("removing network namespace path for container %s in DB: %w", ctr.ID(), err)
 			}
 		}
 
@@ -1142,7 +1142,7 @@ func (s *BoltState) GetNetworks(ctr *Container) (map[string]types.PerNetworkOpti
 			if ctrNetworkBkt == nil {
 				ctrNetworkBkt, err = dbCtr.CreateBucket(networksBkt)
 				if err != nil {
-					return fmt.Errorf("error creating networks bucket for container %s: %w", ctr.ID(), err)
+					return fmt.Errorf("creating networks bucket for container %s: %w", ctr.ID(), err)
 				}
 				// the container has no networks in the db lookup config and write to the db
 				networkList = ctr.config.NetworksDeprecated
@@ -1249,7 +1249,7 @@ func (s *BoltState) NetworkConnect(ctr *Container, network string, opts types.Pe
 
 	optBytes, err := json.Marshal(opts)
 	if err != nil {
-		return fmt.Errorf("error marshalling network options JSON for container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("marshalling network options JSON for container %s: %w", ctr.ID(), err)
 	}
 
 	ctrID := []byte(ctr.ID())
@@ -1278,12 +1278,12 @@ func (s *BoltState) NetworkConnect(ctr *Container, network string, opts types.Pe
 		}
 		netConnected := ctrNetworksBkt.Get([]byte(network))
 		if netConnected != nil {
-			return fmt.Errorf("container %s is already connected to network %q: %w", ctr.ID(), network, define.ErrNetworkExists)
+			return fmt.Errorf("container %s is already connected to network %q: %w", ctr.ID(), network, define.ErrNetworkConnected)
 		}
 
 		// Add the network
 		if err := ctrNetworksBkt.Put([]byte(network), optBytes); err != nil {
-			return fmt.Errorf("error adding container %s to network %s in DB: %w", ctr.ID(), network, err)
+			return fmt.Errorf("adding container %s to network %s in DB: %w", ctr.ID(), network, err)
 		}
 
 		return nil
@@ -1340,7 +1340,7 @@ func (s *BoltState) NetworkDisconnect(ctr *Container, network string) error {
 		}
 
 		if err := ctrNetworksBkt.Delete([]byte(network)); err != nil {
-			return fmt.Errorf("error removing container %s from network %s: %w", ctr.ID(), network, err)
+			return fmt.Errorf("removing container %s from network %s: %w", ctr.ID(), network, err)
 		}
 
 		if ctrAliasesBkt != nil {
@@ -1350,7 +1350,7 @@ func (s *BoltState) NetworkDisconnect(ctr *Container, network string) error {
 			}
 
 			if err := ctrAliasesBkt.DeleteBucket([]byte(network)); err != nil {
-				return fmt.Errorf("error removing container %s network aliases for network %s: %w", ctr.ID(), network, err)
+				return fmt.Errorf("removing container %s network aliases for network %s: %w", ctr.ID(), network, err)
 			}
 		}
 
@@ -1626,7 +1626,7 @@ func (s *BoltState) AddExecSession(ctr *Container, session *ExecSession) error {
 
 		ctrExecSessionBucket, err := dbCtr.CreateBucketIfNotExists(execBkt)
 		if err != nil {
-			return fmt.Errorf("error creating exec sessions bucket for container %s: %w", ctr.ID(), err)
+			return fmt.Errorf("creating exec sessions bucket for container %s: %w", ctr.ID(), err)
 		}
 
 		execExists := execBucket.Get(sessionID)
@@ -1635,11 +1635,11 @@ func (s *BoltState) AddExecSession(ctr *Container, session *ExecSession) error {
 		}
 
 		if err := execBucket.Put(sessionID, ctrID); err != nil {
-			return fmt.Errorf("error adding exec session %s to DB: %w", session.ID(), err)
+			return fmt.Errorf("adding exec session %s to DB: %w", session.ID(), err)
 		}
 
 		if err := ctrExecSessionBucket.Put(sessionID, ctrID); err != nil {
-			return fmt.Errorf("error adding exec session %s to container %s in DB: %w", session.ID(), ctr.ID(), err)
+			return fmt.Errorf("adding exec session %s to container %s in DB: %w", session.ID(), ctr.ID(), err)
 		}
 
 		return nil
@@ -1716,7 +1716,7 @@ func (s *BoltState) RemoveExecSession(session *ExecSession) error {
 		}
 
 		if err := execBucket.Delete(sessionID); err != nil {
-			return fmt.Errorf("error removing exec session %s from database: %w", session.ID(), err)
+			return fmt.Errorf("removing exec session %s from database: %w", session.ID(), err)
 		}
 
 		dbCtr := ctrBucket.Bucket(containerID)
@@ -1739,7 +1739,7 @@ func (s *BoltState) RemoveExecSession(session *ExecSession) error {
 		ctrSessionExists := ctrExecBucket.Get(sessionID)
 		if ctrSessionExists != nil {
 			if err := ctrExecBucket.Delete(sessionID); err != nil {
-				return fmt.Errorf("error removing exec session %s from container %s in database: %w", session.ID(), session.ContainerID(), err)
+				return fmt.Errorf("removing exec session %s from container %s in database: %w", session.ID(), session.ContainerID(), err)
 			}
 		}
 
@@ -1847,7 +1847,7 @@ func (s *BoltState) RemoveContainerExecSessions(ctr *Container) error {
 
 		for _, session := range sessions {
 			if err := ctrExecSessions.Delete([]byte(session)); err != nil {
-				return fmt.Errorf("error removing container %s exec session %s from database: %w", ctr.ID(), session, err)
+				return fmt.Errorf("removing container %s exec session %s from database: %w", ctr.ID(), session, err)
 			}
 			// Check if the session exists in the global table
 			// before removing. It should, but in cases where the DB
@@ -1861,7 +1861,7 @@ func (s *BoltState) RemoveContainerExecSessions(ctr *Container) error {
 				return fmt.Errorf("database mismatch: exec session %s is associated with containers %s and %s: %w", session, ctr.ID(), string(sessionExists), define.ErrInternal)
 			}
 			if err := execBucket.Delete([]byte(session)); err != nil {
-				return fmt.Errorf("error removing container %s exec session %s from exec sessions: %w", ctr.ID(), session, err)
+				return fmt.Errorf("removing container %s exec session %s from exec sessions: %w", ctr.ID(), session, err)
 			}
 		}
 
@@ -1884,7 +1884,7 @@ func (s *BoltState) RewriteContainerConfig(ctr *Container, newCfg *ContainerConf
 
 	newCfgJSON, err := json.Marshal(newCfg)
 	if err != nil {
-		return fmt.Errorf("error marshalling new configuration JSON for container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("marshalling new configuration JSON for container %s: %w", ctr.ID(), err)
 	}
 
 	db, err := s.getDBCon()
@@ -1906,7 +1906,7 @@ func (s *BoltState) RewriteContainerConfig(ctr *Container, newCfg *ContainerConf
 		}
 
 		if err := ctrDB.Put(configKey, newCfgJSON); err != nil {
-			return fmt.Errorf("error updating container %s config JSON: %w", ctr.ID(), err)
+			return fmt.Errorf("updating container %s config JSON: %w", ctr.ID(), err)
 		}
 
 		return nil
@@ -1937,7 +1937,7 @@ func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName
 
 	newCfgJSON, err := json.Marshal(newCfg)
 	if err != nil {
-		return fmt.Errorf("error marshalling new configuration JSON for container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("marshalling new configuration JSON for container %s: %w", ctr.ID(), err)
 	}
 
 	db, err := s.getDBCon()
@@ -1978,16 +1978,16 @@ func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName
 				// buckets are ID-indexed so we just need to
 				// overwrite the values there.
 				if err := namesBkt.Delete([]byte(oldName)); err != nil {
-					return fmt.Errorf("error deleting container %s old name from DB for rename: %w", ctr.ID(), err)
+					return fmt.Errorf("deleting container %s old name from DB for rename: %w", ctr.ID(), err)
 				}
 				if err := idBkt.Put([]byte(ctr.ID()), []byte(newName)); err != nil {
-					return fmt.Errorf("error renaming container %s in ID bucket in DB: %w", ctr.ID(), err)
+					return fmt.Errorf("renaming container %s in ID bucket in DB: %w", ctr.ID(), err)
 				}
 				if err := namesBkt.Put([]byte(newName), []byte(ctr.ID())); err != nil {
-					return fmt.Errorf("error adding new name %s for container %s in DB: %w", newName, ctr.ID(), err)
+					return fmt.Errorf("adding new name %s for container %s in DB: %w", newName, ctr.ID(), err)
 				}
 				if err := allCtrsBkt.Put([]byte(ctr.ID()), []byte(newName)); err != nil {
-					return fmt.Errorf("error renaming container %s in all containers bucket in DB: %w", ctr.ID(), err)
+					return fmt.Errorf("renaming container %s in all containers bucket in DB: %w", ctr.ID(), err)
 				}
 				if ctr.config.Pod != "" {
 					podsBkt, err := getPodBucket(tx)
@@ -2003,7 +2003,7 @@ func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName
 						return fmt.Errorf("pod %s does not have a containers bucket: %w", ctr.config.Pod, define.ErrInternal)
 					}
 					if err := podCtrBkt.Put([]byte(ctr.ID()), []byte(newName)); err != nil {
-						return fmt.Errorf("error renaming container %s in pod %s members bucket: %w", ctr.ID(), ctr.config.Pod, err)
+						return fmt.Errorf("renaming container %s in pod %s members bucket: %w", ctr.ID(), ctr.config.Pod, err)
 					}
 				}
 			}
@@ -2021,7 +2021,7 @@ func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName
 		}
 
 		if err := ctrDB.Put(configKey, newCfgJSON); err != nil {
-			return fmt.Errorf("error updating container %s config JSON: %w", ctr.ID(), err)
+			return fmt.Errorf("updating container %s config JSON: %w", ctr.ID(), err)
 		}
 
 		return nil
@@ -2043,7 +2043,7 @@ func (s *BoltState) RewritePodConfig(pod *Pod, newCfg *PodConfig) error {
 
 	newCfgJSON, err := json.Marshal(newCfg)
 	if err != nil {
-		return fmt.Errorf("error marshalling new configuration JSON for pod %s: %w", pod.ID(), err)
+		return fmt.Errorf("marshalling new configuration JSON for pod %s: %w", pod.ID(), err)
 	}
 
 	db, err := s.getDBCon()
@@ -2065,7 +2065,7 @@ func (s *BoltState) RewritePodConfig(pod *Pod, newCfg *PodConfig) error {
 		}
 
 		if err := podDB.Put(configKey, newCfgJSON); err != nil {
-			return fmt.Errorf("error updating pod %s config JSON: %w", pod.ID(), err)
+			return fmt.Errorf("updating pod %s config JSON: %w", pod.ID(), err)
 		}
 
 		return nil
@@ -2087,7 +2087,7 @@ func (s *BoltState) RewriteVolumeConfig(volume *Volume, newCfg *VolumeConfig) er
 
 	newCfgJSON, err := json.Marshal(newCfg)
 	if err != nil {
-		return fmt.Errorf("error marshalling new configuration JSON for volume %q: %w", volume.Name(), err)
+		return fmt.Errorf("marshalling new configuration JSON for volume %q: %w", volume.Name(), err)
 	}
 
 	db, err := s.getDBCon()
@@ -2109,7 +2109,7 @@ func (s *BoltState) RewriteVolumeConfig(volume *Volume, newCfg *VolumeConfig) er
 		}
 
 		if err := volDB.Put(configKey, newCfgJSON); err != nil {
-			return fmt.Errorf("error updating volume %q config JSON: %w", volume.Name(), err)
+			return fmt.Errorf("updating volume %q config JSON: %w", volume.Name(), err)
 		}
 
 		return nil
@@ -2522,7 +2522,7 @@ func (s *BoltState) AddVolume(volume *Volume) error {
 
 	volConfigJSON, err := json.Marshal(volume.config)
 	if err != nil {
-		return fmt.Errorf("error marshalling volume %s config to JSON: %w", volume.Name(), err)
+		return fmt.Errorf("marshalling volume %s config to JSON: %w", volume.Name(), err)
 	}
 
 	// Volume state is allowed to not exist
@@ -2530,7 +2530,7 @@ func (s *BoltState) AddVolume(volume *Volume) error {
 	if volume.state != nil {
 		volStateJSON, err = json.Marshal(volume.state)
 		if err != nil {
-			return fmt.Errorf("error marshalling volume %s state to JSON: %w", volume.Name(), err)
+			return fmt.Errorf("marshalling volume %s state to JSON: %w", volume.Name(), err)
 		}
 	}
 
@@ -2561,27 +2561,27 @@ func (s *BoltState) AddVolume(volume *Volume) error {
 		// Make a bucket for it
 		newVol, err := volBkt.CreateBucket(volName)
 		if err != nil {
-			return fmt.Errorf("error creating bucket for volume %s: %w", volume.Name(), err)
+			return fmt.Errorf("creating bucket for volume %s: %w", volume.Name(), err)
 		}
 
 		// Make a subbucket for the containers using the volume. Dependent container IDs will be addedremoved to
 		// this bucket in addcontainer/removeContainer
 		if _, err := newVol.CreateBucket(volDependenciesBkt); err != nil {
-			return fmt.Errorf("error creating bucket for containers using volume %s: %w", volume.Name(), err)
+			return fmt.Errorf("creating bucket for containers using volume %s: %w", volume.Name(), err)
 		}
 
 		if err := newVol.Put(configKey, volConfigJSON); err != nil {
-			return fmt.Errorf("error storing volume %s configuration in DB: %w", volume.Name(), err)
+			return fmt.Errorf("storing volume %s configuration in DB: %w", volume.Name(), err)
 		}
 
 		if volStateJSON != nil {
 			if err := newVol.Put(stateKey, volStateJSON); err != nil {
-				return fmt.Errorf("error storing volume %s state in DB: %w", volume.Name(), err)
+				return fmt.Errorf("storing volume %s state in DB: %w", volume.Name(), err)
 			}
 		}
 
 		if err := allVolsBkt.Put(volName, volName); err != nil {
-			return fmt.Errorf("error storing volume %s in all volumes bucket in DB: %w", volume.Name(), err)
+			return fmt.Errorf("storing volume %s in all volumes bucket in DB: %w", volume.Name(), err)
 		}
 
 		return nil
@@ -2650,7 +2650,7 @@ func (s *BoltState) RemoveVolume(volume *Volume) error {
 				return nil
 			})
 			if err != nil {
-				return fmt.Errorf("error getting list of dependencies from dependencies bucket for volumes %q: %w", volume.Name(), err)
+				return fmt.Errorf("getting list of dependencies from dependencies bucket for volumes %q: %w", volume.Name(), err)
 			}
 			if len(deps) > 0 {
 				return fmt.Errorf("volume %s is being used by container(s) %s: %w", volume.Name(), strings.Join(deps, ","), define.ErrVolumeBeingUsed)
@@ -2660,10 +2660,10 @@ func (s *BoltState) RemoveVolume(volume *Volume) error {
 		// volume is ready for removal
 		// Let's kick it out
 		if err := allVolsBkt.Delete(volName); err != nil {
-			return fmt.Errorf("error removing volume %s from all volumes bucket in DB: %w", volume.Name(), err)
+			return fmt.Errorf("removing volume %s from all volumes bucket in DB: %w", volume.Name(), err)
 		}
 		if err := volBkt.DeleteBucket(volName); err != nil {
-			return fmt.Errorf("error removing volume %s from DB: %w", volume.Name(), err)
+			return fmt.Errorf("removing volume %s from DB: %w", volume.Name(), err)
 		}
 
 		return nil
@@ -2710,7 +2710,7 @@ func (s *BoltState) UpdateVolume(volume *Volume) error {
 		}
 
 		if err := json.Unmarshal(stateBytes, newState); err != nil {
-			return fmt.Errorf("error unmarshalling volume %s state: %w", volume.Name(), err)
+			return fmt.Errorf("unmarshalling volume %s state: %w", volume.Name(), err)
 		}
 
 		return nil
@@ -2740,7 +2740,7 @@ func (s *BoltState) SaveVolume(volume *Volume) error {
 	if volume.state != nil {
 		stateJSON, err := json.Marshal(volume.state)
 		if err != nil {
-			return fmt.Errorf("error marshalling volume %s state to JSON: %w", volume.Name(), err)
+			return fmt.Errorf("marshalling volume %s state to JSON: %w", volume.Name(), err)
 		}
 		newStateJSON = stateJSON
 	}
@@ -3060,12 +3060,12 @@ func (s *BoltState) AddPod(pod *Pod) error {
 
 	podConfigJSON, err := json.Marshal(pod.config)
 	if err != nil {
-		return fmt.Errorf("error marshalling pod %s config to JSON: %w", pod.ID(), err)
+		return fmt.Errorf("marshalling pod %s config to JSON: %w", pod.ID(), err)
 	}
 
 	podStateJSON, err := json.Marshal(pod.state)
 	if err != nil {
-		return fmt.Errorf("error marshalling pod %s state to JSON: %w", pod.ID(), err)
+		return fmt.Errorf("marshalling pod %s state to JSON: %w", pod.ID(), err)
 	}
 
 	db, err := s.getDBCon()
@@ -3122,40 +3122,40 @@ func (s *BoltState) AddPod(pod *Pod) error {
 		// Make a bucket for it
 		newPod, err := podBkt.CreateBucket(podID)
 		if err != nil {
-			return fmt.Errorf("error creating bucket for pod %s: %w", pod.ID(), err)
+			return fmt.Errorf("creating bucket for pod %s: %w", pod.ID(), err)
 		}
 
 		// Make a subbucket for pod containers
 		if _, err := newPod.CreateBucket(containersBkt); err != nil {
-			return fmt.Errorf("error creating bucket for pod %s containers: %w", pod.ID(), err)
+			return fmt.Errorf("creating bucket for pod %s containers: %w", pod.ID(), err)
 		}
 
 		if err := newPod.Put(configKey, podConfigJSON); err != nil {
-			return fmt.Errorf("error storing pod %s configuration in DB: %w", pod.ID(), err)
+			return fmt.Errorf("storing pod %s configuration in DB: %w", pod.ID(), err)
 		}
 
 		if err := newPod.Put(stateKey, podStateJSON); err != nil {
-			return fmt.Errorf("error storing pod %s state JSON in DB: %w", pod.ID(), err)
+			return fmt.Errorf("storing pod %s state JSON in DB: %w", pod.ID(), err)
 		}
 
 		if podNamespace != nil {
 			if err := newPod.Put(namespaceKey, podNamespace); err != nil {
-				return fmt.Errorf("error storing pod %s namespace in DB: %w", pod.ID(), err)
+				return fmt.Errorf("storing pod %s namespace in DB: %w", pod.ID(), err)
 			}
 			if err := nsBkt.Put(podID, podNamespace); err != nil {
-				return fmt.Errorf("error storing pod %s namespace in DB: %w", pod.ID(), err)
+				return fmt.Errorf("storing pod %s namespace in DB: %w", pod.ID(), err)
 			}
 		}
 
 		// Add us to the ID and names buckets
 		if err := idsBkt.Put(podID, podName); err != nil {
-			return fmt.Errorf("error storing pod %s ID in DB: %w", pod.ID(), err)
+			return fmt.Errorf("storing pod %s ID in DB: %w", pod.ID(), err)
 		}
 		if err := namesBkt.Put(podName, podID); err != nil {
-			return fmt.Errorf("error storing pod %s name in DB: %w", pod.Name(), err)
+			return fmt.Errorf("storing pod %s name in DB: %w", pod.Name(), err)
 		}
 		if err := allPodsBkt.Put(podID, podName); err != nil {
-			return fmt.Errorf("error storing pod %s in all pods bucket in DB: %w", pod.ID(), err)
+			return fmt.Errorf("storing pod %s in all pods bucket in DB: %w", pod.ID(), err)
 		}
 
 		return nil
@@ -3240,19 +3240,19 @@ func (s *BoltState) RemovePod(pod *Pod) error {
 		// Pod is empty, and ready for removal
 		// Let's kick it out
 		if err := idsBkt.Delete(podID); err != nil {
-			return fmt.Errorf("error removing pod %s ID from DB: %w", pod.ID(), err)
+			return fmt.Errorf("removing pod %s ID from DB: %w", pod.ID(), err)
 		}
 		if err := namesBkt.Delete(podName); err != nil {
-			return fmt.Errorf("error removing pod %s name (%s) from DB: %w", pod.ID(), pod.Name(), err)
+			return fmt.Errorf("removing pod %s name (%s) from DB: %w", pod.ID(), pod.Name(), err)
 		}
 		if err := nsBkt.Delete(podID); err != nil {
-			return fmt.Errorf("error removing pod %s namespace from DB: %w", pod.ID(), err)
+			return fmt.Errorf("removing pod %s namespace from DB: %w", pod.ID(), err)
 		}
 		if err := allPodsBkt.Delete(podID); err != nil {
-			return fmt.Errorf("error removing pod %s ID from all pods bucket in DB: %w", pod.ID(), err)
+			return fmt.Errorf("removing pod %s ID from all pods bucket in DB: %w", pod.ID(), err)
 		}
 		if err := podBkt.DeleteBucket(podID); err != nil {
-			return fmt.Errorf("error removing pod %s from DB: %w", pod.ID(), err)
+			return fmt.Errorf("removing pod %s from DB: %w", pod.ID(), err)
 		}
 
 		return nil
@@ -3353,19 +3353,19 @@ func (s *BoltState) RemovePodContainers(pod *Pod) error {
 			// Dependencies are set, we're clear to remove
 
 			if err := ctrBkt.DeleteBucket(id); err != nil {
-				return fmt.Errorf("error deleting container %s from DB: %w", string(id), define.ErrInternal)
+				return fmt.Errorf("deleting container %s from DB: %w", string(id), define.ErrInternal)
 			}
 
 			if err := idsBkt.Delete(id); err != nil {
-				return fmt.Errorf("error deleting container %s ID in DB: %w", string(id), err)
+				return fmt.Errorf("deleting container %s ID in DB: %w", string(id), err)
 			}
 
 			if err := namesBkt.Delete(name); err != nil {
-				return fmt.Errorf("error deleting container %s name in DB: %w", string(id), err)
+				return fmt.Errorf("deleting container %s name in DB: %w", string(id), err)
 			}
 
 			if err := allCtrsBkt.Delete(id); err != nil {
-				return fmt.Errorf("error deleting container %s ID from all containers bucket in DB: %w", string(id), err)
+				return fmt.Errorf("deleting container %s ID from all containers bucket in DB: %w", string(id), err)
 			}
 
 			return nil
@@ -3376,10 +3376,10 @@ func (s *BoltState) RemovePodContainers(pod *Pod) error {
 
 		// Delete and recreate the bucket to empty it
 		if err := podDB.DeleteBucket(containersBkt); err != nil {
-			return fmt.Errorf("error removing pod %s containers bucket: %w", pod.ID(), err)
+			return fmt.Errorf("removing pod %s containers bucket: %w", pod.ID(), err)
 		}
 		if _, err := podDB.CreateBucket(containersBkt); err != nil {
-			return fmt.Errorf("error recreating pod %s containers bucket: %w", pod.ID(), err)
+			return fmt.Errorf("recreating pod %s containers bucket: %w", pod.ID(), err)
 		}
 
 		return nil
@@ -3496,7 +3496,7 @@ func (s *BoltState) UpdatePod(pod *Pod) error {
 		}
 
 		if err := json.Unmarshal(podStateBytes, newState); err != nil {
-			return fmt.Errorf("error unmarshalling pod %s state JSON: %w", pod.ID(), err)
+			return fmt.Errorf("unmarshalling pod %s state JSON: %w", pod.ID(), err)
 		}
 
 		return nil
@@ -3526,7 +3526,7 @@ func (s *BoltState) SavePod(pod *Pod) error {
 
 	stateJSON, err := json.Marshal(pod.state)
 	if err != nil {
-		return fmt.Errorf("error marshalling pod %s state to JSON: %w", pod.ID(), err)
+		return fmt.Errorf("marshalling pod %s state to JSON: %w", pod.ID(), err)
 	}
 
 	db, err := s.getDBCon()
@@ -3551,7 +3551,7 @@ func (s *BoltState) SavePod(pod *Pod) error {
 
 		// Set the pod state JSON
 		if err := podDB.Put(stateKey, stateJSON); err != nil {
-			return fmt.Errorf("error updating pod %s state in database: %w", pod.ID(), err)
+			return fmt.Errorf("updating pod %s state in database: %w", pod.ID(), err)
 		}
 
 		return nil
diff --git a/libpod/boltdb_state_freebsd.go b/libpod/boltdb_state_freebsd.go
new file mode 100644
index 000000000..d0a2d4f28
--- /dev/null
+++ b/libpod/boltdb_state_freebsd.go
@@ -0,0 +1,25 @@
+//go:build freebsd
+// +build freebsd
+
+package libpod
+
+// replaceNetNS handle network namespace transitions after updating a
+// container's state.
+func replaceNetNS(netNSPath string, ctr *Container, newState *ContainerState) error {
+	if netNSPath != "" {
+		// On FreeBSD, we just record the network jail's name in our state.
+		newState.NetNS = &jailNetNS{Name: netNSPath}
+	} else {
+		newState.NetNS = nil
+	}
+	return nil
+}
+
+// getNetNSPath retrieves the netns path to be stored in the database
+func getNetNSPath(ctr *Container) string {
+	if ctr.state.NetNS != nil {
+		return ctr.state.NetNS.Name
+	} else {
+		return ""
+	}
+}
diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go
index f28fadfa9..87f1fa4eb 100644
--- a/libpod/boltdb_state_internal.go
+++ b/libpod/boltdb_state_internal.go
@@ -195,7 +195,7 @@ func checkRuntimeConfig(db *bolt.DB, rt *Runtime) error {
 			}
 
 			if err := configBkt.Put(missing.key, dbValue); err != nil {
-				return fmt.Errorf("error updating %s in DB runtime config: %w", missing.name, err)
+				return fmt.Errorf("updating %s in DB runtime config: %w", missing.name, err)
 			}
 		}
 
@@ -254,7 +254,7 @@ func (s *BoltState) getDBCon() (*bolt.DB, error) {
 
 	db, err := bolt.Open(s.dbPath, 0600, nil)
 	if err != nil {
-		return nil, fmt.Errorf("error opening database %s: %w", s.dbPath, err)
+		return nil, fmt.Errorf("opening database %s: %w", s.dbPath, err)
 	}
 
 	return db, nil
@@ -403,7 +403,7 @@ func (s *BoltState) getContainerConfigFromDB(id []byte, config *ContainerConfig,
 	}
 
 	if err := json.Unmarshal(configBytes, config); err != nil {
-		return fmt.Errorf("error unmarshalling container %s config: %w", string(id), err)
+		return fmt.Errorf("unmarshalling container %s config: %w", string(id), err)
 	}
 
 	// convert ports to the new format if needed
@@ -426,7 +426,7 @@ func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.
 	// Get the lock
 	lock, err := s.runtime.lockManager.RetrieveLock(ctr.config.LockID)
 	if err != nil {
-		return fmt.Errorf("error retrieving lock for container %s: %w", string(id), err)
+		return fmt.Errorf("retrieving lock for container %s: %w", string(id), err)
 	}
 	ctr.lock = lock
 
@@ -489,13 +489,13 @@ func (s *BoltState) getPodFromDB(id []byte, pod *Pod, podBkt *bolt.Bucket) error
 	}
 
 	if err := json.Unmarshal(podConfigBytes, pod.config); err != nil {
-		return fmt.Errorf("error unmarshalling pod %s config from DB: %w", string(id), err)
+		return fmt.Errorf("unmarshalling pod %s config from DB: %w", string(id), err)
 	}
 
 	// Get the lock
 	lock, err := s.runtime.lockManager.RetrieveLock(pod.config.LockID)
 	if err != nil {
-		return fmt.Errorf("error retrieving lock for pod %s: %w", string(id), err)
+		return fmt.Errorf("retrieving lock for pod %s: %w", string(id), err)
 	}
 	pod.lock = lock
 
@@ -517,14 +517,14 @@ func (s *BoltState) getVolumeFromDB(name []byte, volume *Volume, volBkt *bolt.Bu
 	}
 
 	if err := json.Unmarshal(volConfigBytes, volume.config); err != nil {
-		return fmt.Errorf("error unmarshalling volume %s config from DB: %w", string(name), err)
+		return fmt.Errorf("unmarshalling volume %s config from DB: %w", string(name), err)
 	}
 
 	// Volume state is allowed to be nil for legacy compatibility
 	volStateBytes := volDB.Get(stateKey)
 	if volStateBytes != nil {
 		if err := json.Unmarshal(volStateBytes, volume.state); err != nil {
-			return fmt.Errorf("error unmarshalling volume %s state from DB: %w", string(name), err)
+			return fmt.Errorf("unmarshalling volume %s state from DB: %w", string(name), err)
 		}
 	}
 
@@ -546,7 +546,7 @@ func (s *BoltState) getVolumeFromDB(name []byte, volume *Volume, volBkt *bolt.Bu
 	// Get the lock
 	lock, err := s.runtime.lockManager.RetrieveLock(volume.config.LockID)
 	if err != nil {
-		return fmt.Errorf("error retrieving lock for volume %q: %w", string(name), err)
+		return fmt.Errorf("retrieving lock for volume %q: %w", string(name), err)
 	}
 	volume.lock = lock
 
@@ -572,11 +572,11 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 	// JSON container structs to insert into DB
 	configJSON, err := json.Marshal(ctr.config)
 	if err != nil {
-		return fmt.Errorf("error marshalling container %s config to JSON: %w", ctr.ID(), err)
+		return fmt.Errorf("marshalling container %s config to JSON: %w", ctr.ID(), err)
 	}
 	stateJSON, err := json.Marshal(ctr.state)
 	if err != nil {
-		return fmt.Errorf("error marshalling container %s state to JSON: %w", ctr.ID(), err)
+		return fmt.Errorf("marshalling container %s state to JSON: %w", ctr.ID(), err)
 	}
 	netNSPath := getNetNSPath(ctr)
 	dependsCtrs := ctr.Dependencies()
@@ -603,7 +603,7 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 		opts.Aliases = append(opts.Aliases, ctr.config.ID[:12])
 		optBytes, err := json.Marshal(opts)
 		if err != nil {
-			return fmt.Errorf("error marshalling network options JSON for container %s: %w", ctr.ID(), err)
+			return fmt.Errorf("marshalling network options JSON for container %s: %w", ctr.ID(), err)
 		}
 		networks[net] = optBytes
 	}
@@ -694,60 +694,60 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 		// No overlapping containers
 		// Add the new container to the DB
 		if err := idsBucket.Put(ctrID, ctrName); err != nil {
-			return fmt.Errorf("error adding container %s ID to DB: %w", ctr.ID(), err)
+			return fmt.Errorf("adding container %s ID to DB: %w", ctr.ID(), err)
 		}
 		if err := namesBucket.Put(ctrName, ctrID); err != nil {
-			return fmt.Errorf("error adding container %s name (%s) to DB: %w", ctr.ID(), ctr.Name(), err)
+			return fmt.Errorf("adding container %s name (%s) to DB: %w", ctr.ID(), ctr.Name(), err)
 		}
 		if ctrNamespace != nil {
 			if err := nsBucket.Put(ctrID, ctrNamespace); err != nil {
-				return fmt.Errorf("error adding container %s namespace (%q) to DB: %w", ctr.ID(), ctr.Namespace(), err)
+				return fmt.Errorf("adding container %s namespace (%q) to DB: %w", ctr.ID(), ctr.Namespace(), err)
 			}
 		}
 		if err := allCtrsBucket.Put(ctrID, ctrName); err != nil {
-			return fmt.Errorf("error adding container %s to all containers bucket in DB: %w", ctr.ID(), err)
+			return fmt.Errorf("adding container %s to all containers bucket in DB: %w", ctr.ID(), err)
 		}
 
 		newCtrBkt, err := ctrBucket.CreateBucket(ctrID)
 		if err != nil {
-			return fmt.Errorf("error adding container %s bucket to DB: %w", ctr.ID(), err)
+			return fmt.Errorf("adding container %s bucket to DB: %w", ctr.ID(), err)
 		}
 
 		if err := newCtrBkt.Put(configKey, configJSON); err != nil {
-			return fmt.Errorf("error adding container %s config to DB: %w", ctr.ID(), err)
+			return fmt.Errorf("adding container %s config to DB: %w", ctr.ID(), err)
 		}
 		if err := newCtrBkt.Put(stateKey, stateJSON); err != nil {
-			return fmt.Errorf("error adding container %s state to DB: %w", ctr.ID(), err)
+			return fmt.Errorf("adding container %s state to DB: %w", ctr.ID(), err)
 		}
 		if ctrNamespace != nil {
 			if err := newCtrBkt.Put(namespaceKey, ctrNamespace); err != nil {
-				return fmt.Errorf("error adding container %s namespace to DB: %w", ctr.ID(), err)
+				return fmt.Errorf("adding container %s namespace to DB: %w", ctr.ID(), err)
 			}
 		}
 		if pod != nil {
 			if err := newCtrBkt.Put(podIDKey, []byte(pod.ID())); err != nil {
-				return fmt.Errorf("error adding container %s pod to DB: %w", ctr.ID(), err)
+				return fmt.Errorf("adding container %s pod to DB: %w", ctr.ID(), err)
 			}
 		}
 		if netNSPath != "" {
 			if err := newCtrBkt.Put(netNSKey, []byte(netNSPath)); err != nil {
-				return fmt.Errorf("error adding container %s netns path to DB: %w", ctr.ID(), err)
+				return fmt.Errorf("adding container %s netns path to DB: %w", ctr.ID(), err)
 			}
 		}
 		if len(networks) > 0 {
 			ctrNetworksBkt, err := newCtrBkt.CreateBucket(networksBkt)
 			if err != nil {
-				return fmt.Errorf("error creating networks bucket for container %s: %w", ctr.ID(), err)
+				return fmt.Errorf("creating networks bucket for container %s: %w", ctr.ID(), err)
 			}
 			for network, opts := range networks {
 				if err := ctrNetworksBkt.Put([]byte(network), opts); err != nil {
-					return fmt.Errorf("error adding network %q to networks bucket for container %s: %w", network, ctr.ID(), err)
+					return fmt.Errorf("adding network %q to networks bucket for container %s: %w", network, ctr.ID(), err)
 				}
 			}
 		}
 
 		if _, err := newCtrBkt.CreateBucket(dependenciesBkt); err != nil {
-			return fmt.Errorf("error creating dependencies bucket for container %s: %w", ctr.ID(), err)
+			return fmt.Errorf("creating dependencies bucket for container %s: %w", ctr.ID(), err)
 		}
 
 		// Add dependencies for the container
@@ -784,14 +784,14 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 				return fmt.Errorf("container %s does not have a dependencies bucket: %w", dependsCtr, define.ErrInternal)
 			}
 			if err := depCtrDependsBkt.Put(ctrID, ctrName); err != nil {
-				return fmt.Errorf("error adding ctr %s as dependency of container %s: %w", ctr.ID(), dependsCtr, err)
+				return fmt.Errorf("adding ctr %s as dependency of container %s: %w", ctr.ID(), dependsCtr, err)
 			}
 		}
 
 		// Add ctr to pod
 		if pod != nil && podCtrs != nil {
 			if err := podCtrs.Put(ctrID, ctrName); err != nil {
-				return fmt.Errorf("error adding container %s to pod %s: %w", ctr.ID(), pod.ID(), err)
+				return fmt.Errorf("adding container %s to pod %s: %w", ctr.ID(), pod.ID(), err)
 			}
 		}
 
@@ -804,11 +804,11 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 
 			ctrDepsBkt, err := volDB.CreateBucketIfNotExists(volDependenciesBkt)
 			if err != nil {
-				return fmt.Errorf("error creating volume %s dependencies bucket to add container %s: %w", vol.Name, ctr.ID(), err)
+				return fmt.Errorf("creating volume %s dependencies bucket to add container %s: %w", vol.Name, ctr.ID(), err)
 			}
 			if depExists := ctrDepsBkt.Get(ctrID); depExists == nil {
 				if err := ctrDepsBkt.Put(ctrID, ctrID); err != nil {
-					return fmt.Errorf("error adding container %s to volume %s dependencies: %w", ctr.ID(), vol.Name, err)
+					return fmt.Errorf("adding container %s to volume %s dependencies: %w", ctr.ID(), vol.Name, err)
 				}
 			}
 		}
@@ -902,7 +902,7 @@ func (s *BoltState) removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx) error
 				return fmt.Errorf("container %s is not in pod %s: %w", ctr.ID(), pod.ID(), define.ErrNoSuchCtr)
 			}
 			if err := podCtrs.Delete(ctrID); err != nil {
-				return fmt.Errorf("error removing container %s from pod %s: %w", ctr.ID(), pod.ID(), err)
+				return fmt.Errorf("removing container %s from pod %s: %w", ctr.ID(), pod.ID(), err)
 			}
 		}
 	}
@@ -943,21 +943,21 @@ func (s *BoltState) removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx) error
 	}
 
 	if err := ctrBucket.DeleteBucket(ctrID); err != nil {
-		return fmt.Errorf("error deleting container %s from DB: %w", ctr.ID(), define.ErrInternal)
+		return fmt.Errorf("deleting container %s from DB: %w", ctr.ID(), define.ErrInternal)
 	}
 
 	if err := idsBucket.Delete(ctrID); err != nil {
-		return fmt.Errorf("error deleting container %s ID in DB: %w", ctr.ID(), err)
+		return fmt.Errorf("deleting container %s ID in DB: %w", ctr.ID(), err)
 	}
 
 	if err := namesBucket.Delete(ctrName); err != nil {
-		return fmt.Errorf("error deleting container %s name in DB: %w", ctr.ID(), err)
+		return fmt.Errorf("deleting container %s name in DB: %w", ctr.ID(), err)
 	}
 	if err := nsBucket.Delete(ctrID); err != nil {
-		return fmt.Errorf("error deleting container %s namespace in DB: %w", ctr.ID(), err)
+		return fmt.Errorf("deleting container %s namespace in DB: %w", ctr.ID(), err)
 	}
 	if err := allCtrsBucket.Delete(ctrID); err != nil {
-		return fmt.Errorf("error deleting container %s from all containers bucket in DB: %w", ctr.ID(), err)
+		return fmt.Errorf("deleting container %s from all containers bucket in DB: %w", ctr.ID(), err)
 	}
 
 	depCtrs := ctr.Dependencies()
@@ -986,7 +986,7 @@ func (s *BoltState) removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx) error
 		}
 
 		if err := depCtrDependsBkt.Delete(ctrID); err != nil {
-			return fmt.Errorf("error removing container %s as a dependency of container %s: %w", ctr.ID(), depCtr, err)
+			return fmt.Errorf("removing container %s as a dependency of container %s: %w", ctr.ID(), depCtr, err)
 		}
 	}
 
@@ -1005,7 +1005,7 @@ func (s *BoltState) removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx) error
 		}
 		if depExists := ctrDepsBkt.Get(ctrID); depExists == nil {
 			if err := ctrDepsBkt.Delete(ctrID); err != nil {
-				return fmt.Errorf("error deleting container %s dependency on volume %s: %w", ctr.ID(), vol.Name, err)
+				return fmt.Errorf("deleting container %s dependency on volume %s: %w", ctr.ID(), vol.Name, err)
 			}
 		}
 	}
diff --git a/libpod/boltdb_state_linux.go b/libpod/boltdb_state_linux.go
index 813afd8bf..3d9f5b6a2 100644
--- a/libpod/boltdb_state_linux.go
+++ b/libpod/boltdb_state_linux.go
@@ -30,7 +30,7 @@ func replaceNetNS(netNSPath string, ctr *Container, newState *ContainerState) er
 				newState.NetNS = ns
 			} else {
 				if ctr.ensureState(define.ContainerStateRunning, define.ContainerStatePaused) {
-					return fmt.Errorf("error joining network namespace of container %s: %w", ctr.ID(), err)
+					return fmt.Errorf("joining network namespace of container %s: %w", ctr.ID(), err)
 				}
 
 				logrus.Errorf("Joining network namespace for container %s: %v", ctr.ID(), err)
diff --git a/libpod/boltdb_state_unsupported.go b/libpod/boltdb_state_unsupported.go
new file mode 100644
index 000000000..9db1e3c4b
--- /dev/null
+++ b/libpod/boltdb_state_unsupported.go
@@ -0,0 +1,19 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package libpod
+
+import (
+	"errors"
+)
+
+// replaceNetNS handle network namespace transitions after updating a
+// container's state.
+func replaceNetNS(netNSPath string, ctr *Container, newState *ContainerState) error {
+	return errors.New("replaceNetNS not supported on this platform")
+}
+
+// getNetNSPath retrieves the netns path to be stored in the database
+func getNetNSPath(ctr *Container) string {
+	return ""
+}
diff --git a/libpod/common/common.go b/libpod/common/common.go
deleted file mode 100644
index 34cabeadc..000000000
--- a/libpod/common/common.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package common
-
-// IsTrue determines whether the given string equals "true".
-func IsTrue(str string) bool {
-	return str == "true"
-}
-
-// IsFalse determines whether the given string equals "false".
-func IsFalse(str string) bool {
-	return str == "false"
-}
-
-// IsValidBool determines whether the given string equals "true" or "false".
-func IsValidBool(str string) bool {
-	return IsTrue(str) || IsFalse(str)
-}
diff --git a/libpod/common/signing_options.go b/libpod/common/signing_options.go
deleted file mode 100644
index b7e14be82..000000000
--- a/libpod/common/signing_options.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package common
-
-// SigningOptions encapsulates settings that control whether or not we strip or
-// add signatures to images when writing them.
-type SigningOptions struct {
-	// RemoveSignatures directs us to remove any signatures which are already present.
-	RemoveSignatures bool
-	// SignBy is a key identifier of some kind, indicating that a signature should be generated using the specified private key and stored with the image.
-	SignBy string
-}
diff --git a/libpod/container.go b/libpod/container.go
index 4e2d93860..cfffd8ea1 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -124,10 +124,6 @@ type Container struct {
 	// This is true if a container is restored from a checkpoint.
 	restoreFromCheckpoint bool
 
-	// Used to query the NOTIFY_SOCKET once along with setting up
-	// mounts etc.
-	notifySocket string
-
 	slirp4netnsSubnet *net.IPNet
 }
 
@@ -241,6 +237,9 @@ type ContainerNamedVolume struct {
 	Dest string `json:"dest"`
 	// Options are fstab style mount options
 	Options []string `json:"options,omitempty"`
+	// IsAnonymous sets the named volume as anonymous even if it has a name
+	// This is used for emptyDir volumes from a kube yaml
+	IsAnonymous bool `json:"setAnonymous,omitempty"`
 }
 
 // ContainerOverlayVolume is a overlay volume that will be mounted into the
@@ -354,14 +353,16 @@ func (c *Container) specFromState() (*spec.Spec, error) {
 		returnSpec = new(spec.Spec)
 		content, err := ioutil.ReadAll(f)
 		if err != nil {
-			return nil, fmt.Errorf("error reading container config: %w", err)
+			return nil, fmt.Errorf("reading container config: %w", err)
 		}
 		if err := json.Unmarshal(content, &returnSpec); err != nil {
-			return nil, fmt.Errorf("error unmarshalling container config: %w", err)
+			// Malformed spec, just use c.config.Spec instead
+			logrus.Warnf("Error unmarshalling container %s config: %v", c.ID(), err)
+			return c.config.Spec, nil
 		}
 	} else if !os.IsNotExist(err) {
 		// ignore when the file does not exist
-		return nil, fmt.Errorf("error opening container config: %w", err)
+		return nil, fmt.Errorf("opening container config: %w", err)
 	}
 
 	return returnSpec, nil
@@ -704,7 +705,7 @@ func (c *Container) Mounted() (bool, string, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return false, "", fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return false, "", fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	// We cannot directly return c.state.Mountpoint as it is not guaranteed
@@ -734,7 +735,7 @@ func (c *Container) StartedTime() (time.Time, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return time.Time{}, fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return time.Time{}, fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	return c.state.StartedTime, nil
@@ -746,7 +747,7 @@ func (c *Container) FinishedTime() (time.Time, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return time.Time{}, fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return time.Time{}, fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	return c.state.FinishedTime, nil
@@ -761,7 +762,7 @@ func (c *Container) ExitCode() (int32, bool, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return 0, false, fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return 0, false, fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	return c.state.ExitCode, c.state.Exited, nil
@@ -773,7 +774,7 @@ func (c *Container) OOMKilled() (bool, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return false, fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return false, fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	return c.state.OOMKilled, nil
@@ -860,7 +861,7 @@ func (c *Container) ExecSession(id string) (*ExecSession, error) {
 
 	returnSession := new(ExecSession)
 	if err := JSONDeepCopy(session, returnSession); err != nil {
-		return nil, fmt.Errorf("error copying contents of container %s exec session %s: %w", c.ID(), session.ID(), err)
+		return nil, fmt.Errorf("copying contents of container %s exec session %s: %w", c.ID(), session.ID(), err)
 	}
 
 	return returnSession, nil
@@ -920,7 +921,7 @@ func (c *Container) NamespacePath(linuxNS LinuxNS) (string, error) { //nolint:in
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return "", fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return "", fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 
@@ -958,7 +959,7 @@ func (c *Container) CgroupPath() (string, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return "", fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return "", fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	return c.cGroupPath()
@@ -1058,7 +1059,7 @@ func (c *Container) RootFsSize() (int64, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return -1, fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return -1, fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	return c.rootFsSize()
@@ -1070,7 +1071,7 @@ func (c *Container) RWSize() (int64, error) {
 		c.lock.Lock()
 		defer c.lock.Unlock()
 		if err := c.syncContainer(); err != nil {
-			return -1, fmt.Errorf("error updating container %s state: %w", c.ID(), err)
+			return -1, fmt.Errorf("updating container %s state: %w", c.ID(), err)
 		}
 	}
 	return c.rwSize()
@@ -1134,20 +1135,6 @@ func (c *Container) NetworkDisabled() (bool, error) {
 	return networkDisabled(c)
 }
 
-func networkDisabled(c *Container) (bool, error) {
-	if c.config.CreateNetNS {
-		return false, nil
-	}
-	if !c.config.PostConfigureNetNS {
-		for _, ns := range c.config.Spec.Linux.Namespaces {
-			if ns.Type == spec.NetworkNamespace {
-				return ns.Path == "", nil
-			}
-		}
-	}
-	return false, nil
-}
-
 func (c *Container) HostNetwork() bool {
 	if c.config.CreateNetNS || c.config.NetNsCtr != "" {
 		return false
@@ -1172,7 +1159,7 @@ func (c *Container) ContainerState() (*ContainerState, error) {
 	}
 	returnConfig := new(ContainerState)
 	if err := JSONDeepCopy(c.state, returnConfig); err != nil {
-		return nil, fmt.Errorf("error copying container %s state: %w", c.ID(), err)
+		return nil, fmt.Errorf("copying container %s state: %w", c.ID(), err)
 	}
 	return c.state, nil
 }
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 2ff4bfe08..dd47b4d12 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -16,6 +16,7 @@ import (
 	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/pkg/signal"
 	"github.com/containers/storage/pkg/archive"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
 
@@ -98,6 +99,15 @@ func (c *Container) Start(ctx context.Context, recursive bool) error {
 	return c.start()
 }
 
+// Update updates the given container.
+// only the cgroup config can be updated and therefore only a linux resource spec is passed.
+func (c *Container) Update(res *spec.LinuxResources) error {
+	if err := c.syncContainer(); err != nil {
+		return err
+	}
+	return c.update(res)
+}
+
 // StartAndAttach starts a container and attaches to it.
 // This acts as a combination of the Start and Attach APIs, ensuring proper
 // ordering of the two such that no output from the container is lost (e.g. the
@@ -674,7 +684,7 @@ func (c *Container) Cleanup(ctx context.Context) error {
 			// When the container has already been removed, the OCI runtime directory remain.
 			if errors.Is(err, define.ErrNoSuchCtr) || errors.Is(err, define.ErrCtrRemoved) {
 				if err := c.cleanupRuntime(ctx); err != nil {
-					return fmt.Errorf("error cleaning up container %s from OCI runtime: %w", c.ID(), err)
+					return fmt.Errorf("cleaning up container %s from OCI runtime: %w", c.ID(), err)
 				}
 				return nil
 			}
diff --git a/libpod/container_commit.go b/libpod/container_commit.go
index c93c9c7bb..f447816e3 100644
--- a/libpod/container_commit.go
+++ b/libpod/container_commit.go
@@ -48,7 +48,7 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai
 
 	if c.state.State == define.ContainerStateRunning && options.Pause {
 		if err := c.pause(); err != nil {
-			return nil, fmt.Errorf("error pausing container %q to commit: %w", c.ID(), err)
+			return nil, fmt.Errorf("pausing container %q to commit: %w", c.ID(), err)
 		}
 		defer func() {
 			if err := c.unpause(); err != nil {
@@ -202,7 +202,7 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai
 
 		imageRef, err := is.Transport.ParseStoreReference(c.runtime.store, resolvedImageName)
 		if err != nil {
-			return nil, fmt.Errorf("error parsing target image name %q: %w", destImage, err)
+			return nil, fmt.Errorf("parsing target image name %q: %w", destImage, err)
 		}
 		commitRef = imageRef
 	}
diff --git a/libpod/container_config.go b/libpod/container_config.go
index 544c45a8c..f3585d22c 100644
--- a/libpod/container_config.go
+++ b/libpod/container_config.go
@@ -7,6 +7,7 @@ import (
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/secrets"
 	"github.com/containers/image/v5/manifest"
+	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/namespaces"
 	"github.com/containers/podman/v4/pkg/specgen"
 	"github.com/containers/storage"
@@ -386,10 +387,14 @@ type ContainerMiscConfig struct {
 	IsService bool `json:"isService"`
 	// SdNotifyMode tells libpod what to do with a NOTIFY_SOCKET if passed
 	SdNotifyMode string `json:"sdnotifyMode,omitempty"`
+	// SdNotifySocket stores NOTIFY_SOCKET in use by the container
+	SdNotifySocket string `json:"sdnotifySocket,omitempty"`
 	// Systemd tells libpod to set up the container in systemd mode, a value of nil denotes false
 	Systemd *bool `json:"systemd,omitempty"`
 	// HealthCheckConfig has the health check command and related timings
 	HealthCheckConfig *manifest.Schema2HealthConfig `json:"healthcheck"`
+	// HealthCheckOnFailureAction defines an action to take once the container turns unhealthy.
+	HealthCheckOnFailureAction define.HealthCheckOnFailureAction `json:"healthcheck_on_failure_action"`
 	// PreserveFDs is a number of additional file descriptors (in addition
 	// to 0, 1, 2) that will be passed to the executed process. The total FDs
 	// passed will be 3 + PreserveFDs.
diff --git a/libpod/container_copy_unsupported.go b/libpod/container_copy_unsupported.go
new file mode 100644
index 000000000..62937279a
--- /dev/null
+++ b/libpod/container_copy_unsupported.go
@@ -0,0 +1,17 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"errors"
+	"io"
+)
+
+func (c *Container) copyFromArchive(path string, chown, noOverwriteDirNonDir bool, rename map[string]string, reader io.Reader) (func() error, error) {
+	return nil, errors.New("not implemented (*Container) copyFromArchive")
+}
+
+func (c *Container) copyToArchive(path string, writer io.Writer) (func() error, error) {
+	return nil, errors.New("not implemented (*Container) copyToArchive")
+}
diff --git a/libpod/container_exec.go b/libpod/container_exec.go
index d3c80e896..3a2cba52f 100644
--- a/libpod/container_exec.go
+++ b/libpod/container_exec.go
@@ -182,7 +182,7 @@ func (c *Container) ExecCreate(config *ExecConfig) (string, error) {
 	}
 
 	// Generate an ID for our new exec session
-	sessionID := stringid.GenerateNonCryptoID()
+	sessionID := stringid.GenerateRandomID()
 	found := true
 	// This really ought to be a do-while, but Go doesn't have those...
 	for found {
@@ -194,7 +194,7 @@ func (c *Container) ExecCreate(config *ExecConfig) (string, error) {
 			}
 		}
 		if found {
-			sessionID = stringid.GenerateNonCryptoID()
+			sessionID = stringid.GenerateRandomID()
 		}
 	}
 
@@ -205,7 +205,7 @@ func (c *Container) ExecCreate(config *ExecConfig) (string, error) {
 	session.State = define.ExecStateCreated
 	session.Config = new(ExecConfig)
 	if err := JSONDeepCopy(config, session.Config); err != nil {
-		return "", fmt.Errorf("error copying exec configuration into exec session: %w", err)
+		return "", fmt.Errorf("copying exec configuration into exec session: %w", err)
 	}
 
 	if len(session.Config.ExitCommand) > 0 {
@@ -372,7 +372,7 @@ func (c *Container) execStartAndAttach(sessionID string, streams *define.AttachS
 		if lastErr != nil {
 			logrus.Errorf("Container %s exec session %s error: %v", c.ID(), session.ID(), lastErr)
 		}
-		return fmt.Errorf("error syncing container %s state to update exec session %s: %w", c.ID(), sessionID, err)
+		return fmt.Errorf("syncing container %s state to update exec session %s: %w", c.ID(), sessionID, err)
 	}
 
 	// Now handle the error from readExecExitCode above.
@@ -809,7 +809,7 @@ func (c *Container) exec(config *ExecConfig, streams *define.AttachStreams, resi
 			// streaming.
 			diedEvent, err := c.runtime.GetExecDiedEvent(context.Background(), c.ID(), sessionID)
 			if err != nil {
-				return -1, fmt.Errorf("error retrieving exec session %s exit code: %w", sessionID, err)
+				return -1, fmt.Errorf("retrieving exec session %s exit code: %w", sessionID, err)
 			}
 			return diedEvent.ContainerExitCode, nil
 		}
@@ -911,7 +911,7 @@ func (c *Container) createExecBundle(sessionID string) (retErr error) {
 	if err := os.MkdirAll(c.execExitFileDir(sessionID), execDirPermission); err != nil {
 		// The directory is allowed to exist
 		if !os.IsExist(err) {
-			return fmt.Errorf("error creating OCI runtime exit file path %s: %w", c.execExitFileDir(sessionID), err)
+			return fmt.Errorf("creating OCI runtime exit file path %s: %w", c.execExitFileDir(sessionID), err)
 		}
 	}
 	return nil
@@ -1121,7 +1121,7 @@ func writeExecExitCode(c *Container, sessionID string, exitCode int) error {
 			// need to. Exit without error.
 			return nil
 		}
-		return fmt.Errorf("error syncing container %s state to remove exec session %s: %w", c.ID(), sessionID, err)
+		return fmt.Errorf("syncing container %s state to remove exec session %s: %w", c.ID(), sessionID, err)
 	}
 
 	return justWriteExecExitCode(c, sessionID, exitCode)
diff --git a/libpod/container_freebsd.go b/libpod/container_freebsd.go
new file mode 100644
index 000000000..87fb494dd
--- /dev/null
+++ b/libpod/container_freebsd.go
@@ -0,0 +1,31 @@
+//go:build freebsd
+// +build freebsd
+
+package libpod
+
+type containerPlatformState struct {
+	// NetNS is the name of the container's network VNET
+	// jail.  Will only be set if config.CreateNetNS is true, or
+	// the container was told to join another container's network
+	// namespace.
+	NetNS *jailNetNS `json:"-"`
+}
+
+type jailNetNS struct {
+	Name string `json:"-"`
+}
+
+func (ns *jailNetNS) Path() string {
+	// The jail name approximately corresponds to the Linux netns path
+	return ns.Name
+}
+
+func networkDisabled(c *Container) (bool, error) {
+	if c.config.CreateNetNS {
+		return false, nil
+	}
+	if !c.config.PostConfigureNetNS {
+		return c.state.NetNS != nil, nil
+	}
+	return false, nil
+}
diff --git a/libpod/container_graph.go b/libpod/container_graph.go
index 67b1abc34..d43579e4a 100644
--- a/libpod/container_graph.go
+++ b/libpod/container_graph.go
@@ -160,7 +160,7 @@ func detectCycles(graph *ContainerGraph) (bool, error) {
 			// Popped item is no longer on the stack, mark as such
 			topInfo, ok := nodes[topOfStack.id]
 			if !ok {
-				return false, fmt.Errorf("error finding node info for %s: %w", topOfStack.id, define.ErrInternal)
+				return false, fmt.Errorf("finding node info for %s: %w", topOfStack.id, define.ErrInternal)
 			}
 			topInfo.onStack = false
 
@@ -281,3 +281,94 @@ func startNode(ctx context.Context, node *containerNode, setError bool, ctrError
 		startNode(ctx, successor, ctrErrored, ctrErrors, ctrsVisited, restart)
 	}
 }
+
+// Visit a node on the container graph and remove it, or set an error if it
+// failed to remove. Only intended for use in pod removal; do *not* use when
+// removing individual containers.
+// All containers are assumed to be *UNLOCKED* on running this function.
+// Container locks will be acquired as necessary.
+// Pod and infraID are optional. If a pod is given it must be *LOCKED*.
+func removeNode(ctx context.Context, node *containerNode, pod *Pod, force bool, timeout *uint, setError bool, ctrErrors map[string]error, ctrsVisited map[string]bool, ctrNamedVolumes map[string]*ContainerNamedVolume) {
+	// If we already visited this node, we're done.
+	if ctrsVisited[node.id] {
+		return
+	}
+
+	// Someone who depends on us failed.
+	// Mark us as failed and recurse.
+	if setError {
+		ctrsVisited[node.id] = true
+		ctrErrors[node.id] = fmt.Errorf("a container that depends on container %s could not be removed: %w", node.id, define.ErrCtrStateInvalid)
+
+		// Hit anyone who depends on us, set errors there as well.
+		for _, successor := range node.dependsOn {
+			removeNode(ctx, successor, pod, force, timeout, true, ctrErrors, ctrsVisited, ctrNamedVolumes)
+		}
+	}
+
+	// Does anyone still depend on us?
+	// Cannot remove if true. Once all our dependencies have been removed,
+	// we will be removed.
+	for _, dep := range node.dependedOn {
+		// The container that depends on us hasn't been removed yet.
+		// OK to continue on
+		if ok := ctrsVisited[dep.id]; !ok {
+			return
+		}
+	}
+
+	// Going to try to remove the node, mark us as visited
+	ctrsVisited[node.id] = true
+
+	ctrErrored := false
+
+	// Verify that all that depend on us are gone.
+	// Graph traversal should guarantee this is true, but this isn't that
+	// expensive, and it's better to be safe.
+	for _, dep := range node.dependedOn {
+		if _, err := node.container.runtime.GetContainer(dep.id); err == nil {
+			ctrErrored = true
+			ctrErrors[node.id] = fmt.Errorf("a container that depends on container %s still exists: %w", node.id, define.ErrDepExists)
+		}
+	}
+
+	// Lock the container
+	node.container.lock.Lock()
+
+	// Gate all subsequent bits behind a ctrErrored check - we don't want to
+	// proceed if a previous step failed.
+	if !ctrErrored {
+		if err := node.container.syncContainer(); err != nil {
+			ctrErrored = true
+			ctrErrors[node.id] = err
+		}
+	}
+
+	if !ctrErrored {
+		for _, vol := range node.container.config.NamedVolumes {
+			ctrNamedVolumes[vol.Name] = vol
+		}
+
+		if pod != nil && pod.state.InfraContainerID == node.id {
+			pod.state.InfraContainerID = ""
+			if err := pod.save(); err != nil {
+				ctrErrored = true
+				ctrErrors[node.id] = fmt.Errorf("error removing infra container %s from pod %s: %w", node.id, pod.ID(), err)
+			}
+		}
+	}
+
+	if !ctrErrored {
+		if err := node.container.runtime.removeContainer(ctx, node.container, force, false, true, false, timeout); err != nil {
+			ctrErrored = true
+			ctrErrors[node.id] = err
+		}
+	}
+
+	node.container.lock.Unlock()
+
+	// Recurse to anyone who we depend on and remove them
+	for _, successor := range node.dependsOn {
+		removeNode(ctx, successor, pod, force, timeout, ctrErrored, ctrErrors, ctrsVisited, ctrNamedVolumes)
+	}
+}
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index fa2130a28..e4089efa6 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -3,20 +3,15 @@ package libpod
 import (
 	"errors"
 	"fmt"
-	"sort"
 	"strings"
 
-	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/driver"
 	"github.com/containers/podman/v4/pkg/util"
 	"github.com/containers/storage/types"
 	units "github.com/docker/go-units"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/opencontainers/runtime-tools/generate"
-	"github.com/opencontainers/runtime-tools/validate"
 	"github.com/sirupsen/logrus"
-	"github.com/syndtr/gocapability/capability"
 )
 
 // inspectLocked inspects a container for low-level information.
@@ -24,15 +19,15 @@ import (
 func (c *Container) inspectLocked(size bool) (*define.InspectContainerData, error) {
 	storeCtr, err := c.runtime.store.Container(c.ID())
 	if err != nil {
-		return nil, fmt.Errorf("error getting container from store %q: %w", c.ID(), err)
+		return nil, fmt.Errorf("getting container from store %q: %w", c.ID(), err)
 	}
 	layer, err := c.runtime.store.Layer(storeCtr.LayerID)
 	if err != nil {
-		return nil, fmt.Errorf("error reading information about layer %q: %w", storeCtr.LayerID, err)
+		return nil, fmt.Errorf("reading information about layer %q: %w", storeCtr.LayerID, err)
 	}
 	driverData, err := driver.GetDriverData(c.runtime.store, layer.ID)
 	if err != nil {
-		return nil, fmt.Errorf("error getting graph driver info %q: %w", c.ID(), err)
+		return nil, fmt.Errorf("getting graph driver info %q: %w", c.ID(), err)
 	}
 	return c.getContainerInspectData(size, driverData)
 }
@@ -163,8 +158,6 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver
 		Driver:          driverData.Name,
 		MountLabel:      config.MountLabel,
 		ProcessLabel:    config.ProcessLabel,
-		EffectiveCaps:   ctrSpec.Process.Capabilities.Effective,
-		BoundingCaps:    ctrSpec.Process.Capabilities.Bounding,
 		AppArmorProfile: ctrSpec.Process.ApparmorProfile,
 		ExecIDs:         execIDs,
 		GraphDriver:     driverData,
@@ -173,6 +166,10 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver
 		IsInfra:         c.IsInfra(),
 		IsService:       c.IsService(),
 	}
+	if ctrSpec.Process.Capabilities != nil {
+		data.EffectiveCaps = ctrSpec.Process.Capabilities.Effective
+		data.BoundingCaps = ctrSpec.Process.Capabilities.Bounding
+	}
 
 	if c.state.ConfigPath != "" {
 		data.OCIConfigPath = c.state.ConfigPath
@@ -241,7 +238,7 @@ func (c *Container) GetMounts(namedVolumes []*ContainerNamedVolume, imageVolumes
 		// volume.
 		volFromDB, err := c.runtime.state.Volume(volume.Name)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up volume %s in container %s config: %w", volume.Name, c.ID(), err)
+			return nil, fmt.Errorf("looking up volume %s in container %s config: %w", volume.Name, c.ID(), err)
 		}
 		mountStruct.Driver = volFromDB.Driver()
 
@@ -390,6 +387,8 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp
 	// leak.
 	ctrConfig.Healthcheck = c.config.HealthCheckConfig
 
+	ctrConfig.HealthcheckOnFailureAction = c.config.HealthCheckOnFailureAction.String()
+
 	ctrConfig.CreateCommand = c.config.CreateCommand
 
 	ctrConfig.Timezone = c.config.Timezone
@@ -414,6 +413,8 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp
 	ctrConfig.Passwd = c.config.Passwd
 	ctrConfig.ChrootDirs = append(ctrConfig.ChrootDirs, c.config.ChrootDirs...)
 
+	ctrConfig.SdNotifyMode = c.config.SdNotifyMode
+	ctrConfig.SdNotifySocket = c.config.SdNotifySocket
 	return ctrConfig
 }
 
@@ -480,11 +481,6 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
 	hostConfig.ShmSize = c.config.ShmSize
 	hostConfig.Runtime = "oci"
 
-	// This is very expensive to initialize.
-	// So we don't want to initialize it unless we absolutely have to - IE,
-	// there are things that require a major:minor to path translation.
-	var deviceNodes map[string]string
-
 	// Annotations
 	if ctrSpec.Annotations != nil {
 		hostConfig.ContainerIDFile = ctrSpec.Annotations[define.InspectAnnotationCIDFile]
@@ -502,109 +498,8 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
 		}
 	}
 
-	// Resource limits
-	if ctrSpec.Linux != nil {
-		if ctrSpec.Linux.Resources != nil {
-			if ctrSpec.Linux.Resources.CPU != nil {
-				if ctrSpec.Linux.Resources.CPU.Shares != nil {
-					hostConfig.CpuShares = *ctrSpec.Linux.Resources.CPU.Shares
-				}
-				if ctrSpec.Linux.Resources.CPU.Period != nil {
-					hostConfig.CpuPeriod = *ctrSpec.Linux.Resources.CPU.Period
-				}
-				if ctrSpec.Linux.Resources.CPU.Quota != nil {
-					hostConfig.CpuQuota = *ctrSpec.Linux.Resources.CPU.Quota
-				}
-				if ctrSpec.Linux.Resources.CPU.RealtimePeriod != nil {
-					hostConfig.CpuRealtimePeriod = *ctrSpec.Linux.Resources.CPU.RealtimePeriod
-				}
-				if ctrSpec.Linux.Resources.CPU.RealtimeRuntime != nil {
-					hostConfig.CpuRealtimeRuntime = *ctrSpec.Linux.Resources.CPU.RealtimeRuntime
-				}
-				hostConfig.CpusetCpus = ctrSpec.Linux.Resources.CPU.Cpus
-				hostConfig.CpusetMems = ctrSpec.Linux.Resources.CPU.Mems
-			}
-			if ctrSpec.Linux.Resources.Memory != nil {
-				if ctrSpec.Linux.Resources.Memory.Limit != nil {
-					hostConfig.Memory = *ctrSpec.Linux.Resources.Memory.Limit
-				}
-				if ctrSpec.Linux.Resources.Memory.Reservation != nil {
-					hostConfig.MemoryReservation = *ctrSpec.Linux.Resources.Memory.Reservation
-				}
-				if ctrSpec.Linux.Resources.Memory.Swap != nil {
-					hostConfig.MemorySwap = *ctrSpec.Linux.Resources.Memory.Swap
-				}
-				if ctrSpec.Linux.Resources.Memory.Swappiness != nil {
-					hostConfig.MemorySwappiness = int64(*ctrSpec.Linux.Resources.Memory.Swappiness)
-				} else {
-					// Swappiness has a default of -1
-					hostConfig.MemorySwappiness = -1
-				}
-				if ctrSpec.Linux.Resources.Memory.DisableOOMKiller != nil {
-					hostConfig.OomKillDisable = *ctrSpec.Linux.Resources.Memory.DisableOOMKiller
-				}
-			}
-			if ctrSpec.Linux.Resources.Pids != nil {
-				hostConfig.PidsLimit = ctrSpec.Linux.Resources.Pids.Limit
-			}
-			hostConfig.CgroupConf = ctrSpec.Linux.Resources.Unified
-			if ctrSpec.Linux.Resources.BlockIO != nil {
-				if ctrSpec.Linux.Resources.BlockIO.Weight != nil {
-					hostConfig.BlkioWeight = *ctrSpec.Linux.Resources.BlockIO.Weight
-				}
-				hostConfig.BlkioWeightDevice = []define.InspectBlkioWeightDevice{}
-				for _, dev := range ctrSpec.Linux.Resources.BlockIO.WeightDevice {
-					key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor)
-					// TODO: how do we handle LeafWeight vs
-					// Weight? For now, ignore anything
-					// without Weight set.
-					if dev.Weight == nil {
-						logrus.Infof("Ignoring weight device %s as it lacks a weight", key)
-						continue
-					}
-					if deviceNodes == nil {
-						nodes, err := util.FindDeviceNodes()
-						if err != nil {
-							return nil, err
-						}
-						deviceNodes = nodes
-					}
-					path, ok := deviceNodes[key]
-					if !ok {
-						logrus.Infof("Could not locate weight device %s in system devices", key)
-						continue
-					}
-					weightDev := define.InspectBlkioWeightDevice{}
-					weightDev.Path = path
-					weightDev.Weight = *dev.Weight
-					hostConfig.BlkioWeightDevice = append(hostConfig.BlkioWeightDevice, weightDev)
-				}
-
-				readBps, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleReadBpsDevice)
-				if err != nil {
-					return nil, err
-				}
-				hostConfig.BlkioDeviceReadBps = readBps
-
-				writeBps, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice)
-				if err != nil {
-					return nil, err
-				}
-				hostConfig.BlkioDeviceWriteBps = writeBps
-
-				readIops, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice)
-				if err != nil {
-					return nil, err
-				}
-				hostConfig.BlkioDeviceReadIOps = readIops
-
-				writeIops, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice)
-				if err != nil {
-					return nil, err
-				}
-				hostConfig.BlkioDeviceWriteIOps = writeIops
-			}
-		}
+	if err := c.platformInspectContainerHostConfig(ctrSpec, hostConfig); err != nil {
+		return nil, err
 	}
 
 	// NanoCPUs.
@@ -655,182 +550,6 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
 		hostConfig.PortBindings = make(map[string][]define.InspectHostPort)
 	}
 
-	// Cap add and cap drop.
-	// We need a default set of capabilities to compare against.
-	// The OCI generate package has one, and is commonly used, so we'll
-	// use it.
-	// Problem: there are 5 sets of capabilities.
-	// Use the bounding set for this computation, it's the most encompassing
-	// (but still not perfect).
-	capAdd := []string{}
-	capDrop := []string{}
-	// No point in continuing if we got a spec without a Process block...
-	if ctrSpec.Process != nil {
-		// Max an O(1) lookup table for default bounding caps.
-		boundingCaps := make(map[string]bool)
-		g, err := generate.New("linux")
-		if err != nil {
-			return nil, err
-		}
-		if !hostConfig.Privileged {
-			for _, cap := range g.Config.Process.Capabilities.Bounding {
-				boundingCaps[cap] = true
-			}
-		} else {
-			// If we are privileged, use all caps.
-			for _, cap := range capability.List() {
-				if g.HostSpecific && cap > validate.LastCap() {
-					continue
-				}
-				boundingCaps[fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))] = true
-			}
-		}
-		// Iterate through spec caps.
-		// If it's not in default bounding caps, it was added.
-		// If it is, delete from the default set. Whatever remains after
-		// we finish are the dropped caps.
-		for _, cap := range ctrSpec.Process.Capabilities.Bounding {
-			if _, ok := boundingCaps[cap]; ok {
-				delete(boundingCaps, cap)
-			} else {
-				capAdd = append(capAdd, cap)
-			}
-		}
-		for cap := range boundingCaps {
-			capDrop = append(capDrop, cap)
-		}
-		// Sort CapDrop so it displays in consistent order (GH #9490)
-		sort.Strings(capDrop)
-	}
-	hostConfig.CapAdd = capAdd
-	hostConfig.CapDrop = capDrop
-	switch {
-	case c.config.IPCNsCtr != "":
-		hostConfig.IpcMode = fmt.Sprintf("container:%s", c.config.IPCNsCtr)
-	case ctrSpec.Linux != nil:
-		// Locate the spec's IPC namespace.
-		// If there is none, it's ipc=host.
-		// If there is one and it has a path, it's "ns:".
-		// If no path, it's default - the empty string.
-		for _, ns := range ctrSpec.Linux.Namespaces {
-			if ns.Type == spec.IPCNamespace {
-				if ns.Path != "" {
-					hostConfig.IpcMode = fmt.Sprintf("ns:%s", ns.Path)
-				} else {
-					break
-				}
-			}
-		}
-	case c.config.NoShm:
-		hostConfig.IpcMode = "none"
-	case c.config.NoShmShare:
-		hostConfig.IpcMode = "private"
-	}
-	if hostConfig.IpcMode == "" {
-		hostConfig.IpcMode = "shareable"
-	}
-
-	// Cgroup namespace mode
-	cgroupMode := ""
-	if c.config.CgroupNsCtr != "" {
-		cgroupMode = fmt.Sprintf("container:%s", c.config.CgroupNsCtr)
-	} else if ctrSpec.Linux != nil {
-		// Locate the spec's cgroup namespace
-		// If there is none, it's cgroup=host.
-		// If there is one and it has a path, it's "ns:".
-		// If there is no path, it's private.
-		for _, ns := range ctrSpec.Linux.Namespaces {
-			if ns.Type == spec.CgroupNamespace {
-				if ns.Path != "" {
-					cgroupMode = fmt.Sprintf("ns:%s", ns.Path)
-				} else {
-					cgroupMode = "private"
-				}
-			}
-		}
-		if cgroupMode == "" {
-			cgroupMode = "host"
-		}
-	}
-	hostConfig.CgroupMode = cgroupMode
-
-	// Cgroup parent
-	// Need to check if it's the default, and not print if so.
-	defaultCgroupParent := ""
-	switch c.CgroupManager() {
-	case config.CgroupfsCgroupsManager:
-		defaultCgroupParent = CgroupfsDefaultCgroupParent
-	case config.SystemdCgroupsManager:
-		defaultCgroupParent = SystemdDefaultCgroupParent
-	}
-	if c.config.CgroupParent != defaultCgroupParent {
-		hostConfig.CgroupParent = c.config.CgroupParent
-	}
-	hostConfig.CgroupManager = c.CgroupManager()
-
-	// PID namespace mode
-	pidMode := ""
-	if c.config.PIDNsCtr != "" {
-		pidMode = fmt.Sprintf("container:%s", c.config.PIDNsCtr)
-	} else if ctrSpec.Linux != nil {
-		// Locate the spec's PID namespace.
-		// If there is none, it's pid=host.
-		// If there is one and it has a path, it's "ns:".
-		// If there is no path, it's default - the empty string.
-		for _, ns := range ctrSpec.Linux.Namespaces {
-			if ns.Type == spec.PIDNamespace {
-				if ns.Path != "" {
-					pidMode = fmt.Sprintf("ns:%s", ns.Path)
-				} else {
-					pidMode = "private"
-				}
-				break
-			}
-		}
-		if pidMode == "" {
-			pidMode = "host"
-		}
-	}
-	hostConfig.PidMode = pidMode
-
-	// UTS namespace mode
-	utsMode := c.NamespaceMode(spec.UTSNamespace, ctrSpec)
-
-	hostConfig.UTSMode = utsMode
-
-	// User namespace mode
-	usernsMode := ""
-	if c.config.UserNsCtr != "" {
-		usernsMode = fmt.Sprintf("container:%s", c.config.UserNsCtr)
-	} else if ctrSpec.Linux != nil {
-		// Locate the spec's user namespace.
-		// If there is none, it's default - the empty string.
-		// If there is one, it's "private" if no path, or "ns:" if
-		// there's a path.
-
-		for _, ns := range ctrSpec.Linux.Namespaces {
-			if ns.Type == spec.UserNamespace {
-				if ns.Path != "" {
-					usernsMode = fmt.Sprintf("ns:%s", ns.Path)
-				} else {
-					usernsMode = "private"
-				}
-			}
-		}
-	}
-	hostConfig.UsernsMode = usernsMode
-	if c.config.IDMappings.UIDMap != nil && c.config.IDMappings.GIDMap != nil {
-		hostConfig.IDMappings = generateIDMappings(c.config.IDMappings)
-	}
-	// Devices
-	// Do not include if privileged - assumed that all devices will be
-	// included.
-	var err error
-	hostConfig.Devices, err = c.GetDevices(hostConfig.Privileged, *ctrSpec, deviceNodes)
-	if err != nil {
-		return nil, err
-	}
-
 	// Ulimits
 	hostConfig.Ulimits = []define.InspectUlimit{}
 	if ctrSpec.Process != nil {
diff --git a/libpod/container_inspect_freebsd.go b/libpod/container_inspect_freebsd.go
new file mode 100644
index 000000000..8b4e8df87
--- /dev/null
+++ b/libpod/container_inspect_freebsd.go
@@ -0,0 +1,17 @@
+package libpod
+
+import (
+	"github.com/containers/podman/v4/libpod/define"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostConfig *define.InspectContainerHostConfig) error {
+	// Not sure what to put here. FreeBSD jails use pids from the
+	// global pool but can only see their own pids.
+	hostConfig.PidMode = "host"
+
+	// UTS namespace mode
+	hostConfig.UTSMode = c.NamespaceMode(spec.UTSNamespace, ctrSpec)
+
+	return nil
+}
diff --git a/libpod/container_inspect_linux.go b/libpod/container_inspect_linux.go
new file mode 100644
index 000000000..355690d70
--- /dev/null
+++ b/libpod/container_inspect_linux.go
@@ -0,0 +1,306 @@
+package libpod
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/util"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/opencontainers/runtime-tools/validate"
+	"github.com/sirupsen/logrus"
+	"github.com/syndtr/gocapability/capability"
+)
+
+func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostConfig *define.InspectContainerHostConfig) error {
+	// This is very expensive to initialize.
+	// So we don't want to initialize it unless we absolutely have to - IE,
+	// there are things that require a major:minor to path translation.
+	var deviceNodes map[string]string
+
+	// Resource limits
+	if ctrSpec.Linux != nil {
+		if ctrSpec.Linux.Resources != nil {
+			if ctrSpec.Linux.Resources.CPU != nil {
+				if ctrSpec.Linux.Resources.CPU.Shares != nil {
+					hostConfig.CpuShares = *ctrSpec.Linux.Resources.CPU.Shares
+				}
+				if ctrSpec.Linux.Resources.CPU.Period != nil {
+					hostConfig.CpuPeriod = *ctrSpec.Linux.Resources.CPU.Period
+				}
+				if ctrSpec.Linux.Resources.CPU.Quota != nil {
+					hostConfig.CpuQuota = *ctrSpec.Linux.Resources.CPU.Quota
+				}
+				if ctrSpec.Linux.Resources.CPU.RealtimePeriod != nil {
+					hostConfig.CpuRealtimePeriod = *ctrSpec.Linux.Resources.CPU.RealtimePeriod
+				}
+				if ctrSpec.Linux.Resources.CPU.RealtimeRuntime != nil {
+					hostConfig.CpuRealtimeRuntime = *ctrSpec.Linux.Resources.CPU.RealtimeRuntime
+				}
+				hostConfig.CpusetCpus = ctrSpec.Linux.Resources.CPU.Cpus
+				hostConfig.CpusetMems = ctrSpec.Linux.Resources.CPU.Mems
+			}
+			if ctrSpec.Linux.Resources.Memory != nil {
+				if ctrSpec.Linux.Resources.Memory.Limit != nil {
+					hostConfig.Memory = *ctrSpec.Linux.Resources.Memory.Limit
+				}
+				if ctrSpec.Linux.Resources.Memory.Reservation != nil {
+					hostConfig.MemoryReservation = *ctrSpec.Linux.Resources.Memory.Reservation
+				}
+				if ctrSpec.Linux.Resources.Memory.Swap != nil {
+					hostConfig.MemorySwap = *ctrSpec.Linux.Resources.Memory.Swap
+				}
+				if ctrSpec.Linux.Resources.Memory.Swappiness != nil {
+					hostConfig.MemorySwappiness = int64(*ctrSpec.Linux.Resources.Memory.Swappiness)
+				} else {
+					// Swappiness has a default of -1
+					hostConfig.MemorySwappiness = -1
+				}
+				if ctrSpec.Linux.Resources.Memory.DisableOOMKiller != nil {
+					hostConfig.OomKillDisable = *ctrSpec.Linux.Resources.Memory.DisableOOMKiller
+				}
+			}
+			if ctrSpec.Linux.Resources.Pids != nil {
+				hostConfig.PidsLimit = ctrSpec.Linux.Resources.Pids.Limit
+			}
+			hostConfig.CgroupConf = ctrSpec.Linux.Resources.Unified
+			if ctrSpec.Linux.Resources.BlockIO != nil {
+				if ctrSpec.Linux.Resources.BlockIO.Weight != nil {
+					hostConfig.BlkioWeight = *ctrSpec.Linux.Resources.BlockIO.Weight
+				}
+				hostConfig.BlkioWeightDevice = []define.InspectBlkioWeightDevice{}
+				for _, dev := range ctrSpec.Linux.Resources.BlockIO.WeightDevice {
+					key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor)
+					// TODO: how do we handle LeafWeight vs
+					// Weight? For now, ignore anything
+					// without Weight set.
+					if dev.Weight == nil {
+						logrus.Infof("Ignoring weight device %s as it lacks a weight", key)
+						continue
+					}
+					if deviceNodes == nil {
+						nodes, err := util.FindDeviceNodes()
+						if err != nil {
+							return err
+						}
+						deviceNodes = nodes
+					}
+					path, ok := deviceNodes[key]
+					if !ok {
+						logrus.Infof("Could not locate weight device %s in system devices", key)
+						continue
+					}
+					weightDev := define.InspectBlkioWeightDevice{}
+					weightDev.Path = path
+					weightDev.Weight = *dev.Weight
+					hostConfig.BlkioWeightDevice = append(hostConfig.BlkioWeightDevice, weightDev)
+				}
+
+				readBps, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleReadBpsDevice)
+				if err != nil {
+					return err
+				}
+				hostConfig.BlkioDeviceReadBps = readBps
+
+				writeBps, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice)
+				if err != nil {
+					return err
+				}
+				hostConfig.BlkioDeviceWriteBps = writeBps
+
+				readIops, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice)
+				if err != nil {
+					return err
+				}
+				hostConfig.BlkioDeviceReadIOps = readIops
+
+				writeIops, err := blkioDeviceThrottle(deviceNodes, ctrSpec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice)
+				if err != nil {
+					return err
+				}
+				hostConfig.BlkioDeviceWriteIOps = writeIops
+			}
+		}
+	}
+
+	// Cap add and cap drop.
+	// We need a default set of capabilities to compare against.
+	// The OCI generate package has one, and is commonly used, so we'll
+	// use it.
+	// Problem: there are 5 sets of capabilities.
+	// Use the bounding set for this computation, it's the most encompassing
+	// (but still not perfect).
+	capAdd := []string{}
+	capDrop := []string{}
+	// No point in continuing if we got a spec without a Process block...
+	if ctrSpec.Process != nil {
+		// Max an O(1) lookup table for default bounding caps.
+		boundingCaps := make(map[string]bool)
+		g, err := generate.New("linux")
+		if err != nil {
+			return err
+		}
+		if !hostConfig.Privileged {
+			for _, cap := range g.Config.Process.Capabilities.Bounding {
+				boundingCaps[cap] = true
+			}
+		} else {
+			// If we are privileged, use all caps.
+			for _, cap := range capability.List() {
+				if g.HostSpecific && cap > validate.LastCap() {
+					continue
+				}
+				boundingCaps[fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))] = true
+			}
+		}
+		// Iterate through spec caps.
+		// If it's not in default bounding caps, it was added.
+		// If it is, delete from the default set. Whatever remains after
+		// we finish are the dropped caps.
+		for _, cap := range ctrSpec.Process.Capabilities.Bounding {
+			if _, ok := boundingCaps[cap]; ok {
+				delete(boundingCaps, cap)
+			} else {
+				capAdd = append(capAdd, cap)
+			}
+		}
+		for cap := range boundingCaps {
+			capDrop = append(capDrop, cap)
+		}
+		// Sort CapDrop so it displays in consistent order (GH #9490)
+		sort.Strings(capDrop)
+	}
+	hostConfig.CapAdd = capAdd
+	hostConfig.CapDrop = capDrop
+	switch {
+	case c.config.IPCNsCtr != "":
+		hostConfig.IpcMode = fmt.Sprintf("container:%s", c.config.IPCNsCtr)
+	case ctrSpec.Linux != nil:
+		// Locate the spec's IPC namespace.
+		// If there is none, it's ipc=host.
+		// If there is one and it has a path, it's "ns:".
+		// If no path, it's default - the empty string.
+		for _, ns := range ctrSpec.Linux.Namespaces {
+			if ns.Type == spec.IPCNamespace {
+				if ns.Path != "" {
+					hostConfig.IpcMode = fmt.Sprintf("ns:%s", ns.Path)
+				} else {
+					break
+				}
+			}
+		}
+	case c.config.NoShm:
+		hostConfig.IpcMode = "none"
+	case c.config.NoShmShare:
+		hostConfig.IpcMode = "private"
+	}
+	if hostConfig.IpcMode == "" {
+		hostConfig.IpcMode = "shareable"
+	}
+
+	// Cgroup namespace mode
+	cgroupMode := ""
+	if c.config.CgroupNsCtr != "" {
+		cgroupMode = fmt.Sprintf("container:%s", c.config.CgroupNsCtr)
+	} else if ctrSpec.Linux != nil {
+		// Locate the spec's cgroup namespace
+		// If there is none, it's cgroup=host.
+		// If there is one and it has a path, it's "ns:".
+		// If there is no path, it's private.
+		for _, ns := range ctrSpec.Linux.Namespaces {
+			if ns.Type == spec.CgroupNamespace {
+				if ns.Path != "" {
+					cgroupMode = fmt.Sprintf("ns:%s", ns.Path)
+				} else {
+					cgroupMode = "private"
+				}
+			}
+		}
+		if cgroupMode == "" {
+			cgroupMode = "host"
+		}
+	}
+	hostConfig.CgroupMode = cgroupMode
+
+	// Cgroup parent
+	// Need to check if it's the default, and not print if so.
+	defaultCgroupParent := ""
+	switch c.CgroupManager() {
+	case config.CgroupfsCgroupsManager:
+		defaultCgroupParent = CgroupfsDefaultCgroupParent
+	case config.SystemdCgroupsManager:
+		defaultCgroupParent = SystemdDefaultCgroupParent
+	}
+	if c.config.CgroupParent != defaultCgroupParent {
+		hostConfig.CgroupParent = c.config.CgroupParent
+	}
+	hostConfig.CgroupManager = c.CgroupManager()
+
+	// PID namespace mode
+	pidMode := ""
+	if c.config.PIDNsCtr != "" {
+		pidMode = fmt.Sprintf("container:%s", c.config.PIDNsCtr)
+	} else if ctrSpec.Linux != nil {
+		// Locate the spec's PID namespace.
+		// If there is none, it's pid=host.
+		// If there is one and it has a path, it's "ns:".
+		// If there is no path, it's default - the empty string.
+		for _, ns := range ctrSpec.Linux.Namespaces {
+			if ns.Type == spec.PIDNamespace {
+				if ns.Path != "" {
+					pidMode = fmt.Sprintf("ns:%s", ns.Path)
+				} else {
+					pidMode = "private"
+				}
+				break
+			}
+		}
+		if pidMode == "" {
+			pidMode = "host"
+		}
+	}
+	hostConfig.PidMode = pidMode
+
+	// UTS namespace mode
+	utsMode := c.NamespaceMode(spec.UTSNamespace, ctrSpec)
+
+	hostConfig.UTSMode = utsMode
+
+	// User namespace mode
+	usernsMode := ""
+	if c.config.UserNsCtr != "" {
+		usernsMode = fmt.Sprintf("container:%s", c.config.UserNsCtr)
+	} else if ctrSpec.Linux != nil {
+		// Locate the spec's user namespace.
+		// If there is none, it's default - the empty string.
+		// If there is one, it's "private" if no path, or "ns:" if
+		// there's a path.
+
+		for _, ns := range ctrSpec.Linux.Namespaces {
+			if ns.Type == spec.UserNamespace {
+				if ns.Path != "" {
+					usernsMode = fmt.Sprintf("ns:%s", ns.Path)
+				} else {
+					usernsMode = "private"
+				}
+			}
+		}
+	}
+	hostConfig.UsernsMode = usernsMode
+	if c.config.IDMappings.UIDMap != nil && c.config.IDMappings.GIDMap != nil {
+		hostConfig.IDMappings = generateIDMappings(c.config.IDMappings)
+	}
+	// Devices
+	// Do not include if privileged - assumed that all devices will be
+	// included.
+	var err error
+	hostConfig.Devices, err = c.GetDevices(hostConfig.Privileged, *ctrSpec, deviceNodes)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index bad68991b..994243805 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -27,10 +27,12 @@ import (
 	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/events"
+	"github.com/containers/podman/v4/libpod/shutdown"
 	"github.com/containers/podman/v4/pkg/ctime"
 	"github.com/containers/podman/v4/pkg/lookup"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/selinux"
+	"github.com/containers/podman/v4/pkg/systemd/notifyproxy"
 	"github.com/containers/podman/v4/pkg/util"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
@@ -205,7 +207,7 @@ func (c *Container) handleExitFile(exitFile string, fi os.FileInfo) error {
 	}
 	statusCode, err := strconv.Atoi(string(statusCodeStr))
 	if err != nil {
-		return fmt.Errorf("error converting exit status code (%q, err) for container %s to int: %w",
+		return fmt.Errorf("converting exit status code (%q, err) for container %s to int: %w",
 			c.ID(), statusCodeStr, err)
 	}
 	c.state.ExitCode = int32(statusCode)
@@ -292,20 +294,8 @@ func (c *Container) handleRestartPolicy(ctx context.Context) (_ bool, retErr err
 	}
 
 	// set up slirp4netns again because slirp4netns will die when conmon exits
-	if c.config.NetMode.IsSlirp4netns() {
-		err := c.runtime.setupSlirp4netns(c, c.state.NetNS)
-		if err != nil {
-			return false, err
-		}
-	}
-
-	// set up rootlesskit port forwarder again since it dies when conmon exits
-	// we use rootlesskit port forwarder only as rootless and when bridge network is used
-	if rootless.IsRootless() && c.config.NetMode.IsBridge() && len(c.config.PortMappings) > 0 {
-		err := c.runtime.setupRootlessPortMappingViaRLK(c, c.state.NetNS.Path(), c.state.NetworkStatus)
-		if err != nil {
-			return false, err
-		}
+	if err := c.setupRootlessNetwork(); err != nil {
+		return false, err
 	}
 
 	if c.state.State == define.ContainerStateStopped {
@@ -475,7 +465,7 @@ func (c *Container) setupStorage(ctx context.Context) error {
 
 		defOptions, err := storage.GetMountOptions(c.runtime.store.GraphDriverName(), c.runtime.store.GraphOptions())
 		if err != nil {
-			return fmt.Errorf("error getting default mount options: %w", err)
+			return fmt.Errorf("getting default mount options: %w", err)
 		}
 		var newOptions []string
 		for _, opt := range defOptions {
@@ -510,7 +500,7 @@ func (c *Container) setupStorage(ctx context.Context) error {
 		}
 	}
 	if containerInfoErr != nil {
-		return fmt.Errorf("error creating container storage: %w", containerInfoErr)
+		return fmt.Errorf("creating container storage: %w", containerInfoErr)
 	}
 
 	// Only reconfig IDMappings if layer was mounted from storage.
@@ -552,7 +542,7 @@ func (c *Container) setupStorage(ctx context.Context) error {
 
 	artifacts := filepath.Join(c.config.StaticDir, artifactsDir)
 	if err := os.MkdirAll(artifacts, 0755); err != nil {
-		return fmt.Errorf("error creating artifacts directory: %w", err)
+		return fmt.Errorf("creating artifacts directory: %w", err)
 	}
 
 	return nil
@@ -586,7 +576,7 @@ func (c *Container) teardownStorage() error {
 
 	artifacts := filepath.Join(c.config.StaticDir, artifactsDir)
 	if err := os.RemoveAll(artifacts); err != nil {
-		return fmt.Errorf("error removing container %s artifacts %q: %w", c.ID(), artifacts, err)
+		return fmt.Errorf("removing container %s artifacts %q: %w", c.ID(), artifacts, err)
 	}
 
 	if err := c.cleanupStorage(); err != nil {
@@ -603,7 +593,7 @@ func (c *Container) teardownStorage() error {
 			return nil
 		}
 
-		return fmt.Errorf("error removing container %s root filesystem: %w", c.ID(), err)
+		return fmt.Errorf("removing container %s root filesystem: %w", c.ID(), err)
 	}
 
 	return nil
@@ -654,7 +644,7 @@ func (c *Container) refresh() error {
 	// It was lost in the reboot and must be recreated
 	dir, err := c.runtime.storageService.GetRunDir(c.ID())
 	if err != nil {
-		return fmt.Errorf("error retrieving temporary directory for container %s: %w", c.ID(), err)
+		return fmt.Errorf("retrieving temporary directory for container %s: %w", c.ID(), err)
 	}
 	c.state.RunDir = dir
 
@@ -668,7 +658,7 @@ func (c *Container) refresh() error {
 		}
 		root := filepath.Join(c.runtime.config.Engine.TmpDir, "containers-root", c.ID())
 		if err := os.MkdirAll(root, 0755); err != nil {
-			return fmt.Errorf("error creating userNS tmpdir for container %s: %w", c.ID(), err)
+			return fmt.Errorf("creating userNS tmpdir for container %s: %w", c.ID(), err)
 		}
 		if err := os.Chown(root, c.RootUID(), c.RootGID()); err != nil {
 			return err
@@ -678,7 +668,7 @@ func (c *Container) refresh() error {
 	// We need to pick up a new lock
 	lock, err := c.runtime.lockManager.AllocateAndRetrieveLock(c.config.LockID)
 	if err != nil {
-		return fmt.Errorf("error acquiring lock %d for container %s: %w", c.config.LockID, c.ID(), err)
+		return fmt.Errorf("acquiring lock %d for container %s: %w", c.config.LockID, c.ID(), err)
 	}
 	c.lock = lock
 
@@ -699,7 +689,7 @@ func (c *Container) refresh() error {
 	}
 
 	if err := c.save(); err != nil {
-		return fmt.Errorf("error refreshing state for container %s: %w", c.ID(), err)
+		return fmt.Errorf("refreshing state for container %s: %w", c.ID(), err)
 	}
 
 	// Remove ctl and attach files, which may persist across reboot
@@ -720,22 +710,22 @@ func (c *Container) removeConmonFiles() error {
 	}
 
 	if err := os.Remove(attachFile); err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("error removing container %s attach file: %w", c.ID(), err)
+		return fmt.Errorf("removing container %s attach file: %w", c.ID(), err)
 	}
 
 	ctlFile := filepath.Join(c.bundlePath(), "ctl")
 	if err := os.Remove(ctlFile); err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("error removing container %s ctl file: %w", c.ID(), err)
+		return fmt.Errorf("removing container %s ctl file: %w", c.ID(), err)
 	}
 
 	winszFile := filepath.Join(c.bundlePath(), "winsz")
 	if err := os.Remove(winszFile); err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("error removing container %s winsz file: %w", c.ID(), err)
+		return fmt.Errorf("removing container %s winsz file: %w", c.ID(), err)
 	}
 
 	oomFile := filepath.Join(c.bundlePath(), "oom")
 	if err := os.Remove(oomFile); err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("error removing container %s OOM file: %w", c.ID(), err)
+		return fmt.Errorf("removing container %s OOM file: %w", c.ID(), err)
 	}
 
 	// Remove the exit file so we don't leak memory in tmpfs
@@ -744,7 +734,7 @@ func (c *Container) removeConmonFiles() error {
 		return err
 	}
 	if err := os.Remove(exitFile); err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("error removing container %s exit file: %w", c.ID(), err)
+		return fmt.Errorf("removing container %s exit file: %w", c.ID(), err)
 	}
 
 	return nil
@@ -767,12 +757,12 @@ func (c *Container) export(path string) error {
 
 	input, err := archive.Tar(mountPoint, archive.Uncompressed)
 	if err != nil {
-		return fmt.Errorf("error reading container directory %q: %w", c.ID(), err)
+		return fmt.Errorf("reading container directory %q: %w", c.ID(), err)
 	}
 
 	outFile, err := os.Create(path)
 	if err != nil {
-		return fmt.Errorf("error creating file %q: %w", path, err)
+		return fmt.Errorf("creating file %q: %w", path, err)
 	}
 	defer outFile.Close()
 
@@ -788,7 +778,7 @@ func (c *Container) getArtifactPath(name string) string {
 // save container state to the database
 func (c *Container) save() error {
 	if err := c.runtime.state.SaveContainer(c); err != nil {
-		return fmt.Errorf("error saving container %s state: %w", c.ID(), err)
+		return fmt.Errorf("saving container %s state: %w", c.ID(), err)
 	}
 	return nil
 }
@@ -842,7 +832,7 @@ func (c *Container) prepareToStart(ctx context.Context, recursive bool) (retErr
 func (c *Container) checkDependenciesAndHandleError() error {
 	notRunning, err := c.checkDependenciesRunning()
 	if err != nil {
-		return fmt.Errorf("error checking dependencies for container %s: %w", c.ID(), err)
+		return fmt.Errorf("checking dependencies for container %s: %w", c.ID(), err)
 	}
 	if len(notRunning) > 0 {
 		depString := strings.Join(notRunning, ",")
@@ -861,7 +851,7 @@ func (c *Container) startDependencies(ctx context.Context) error {
 
 	depVisitedCtrs := make(map[string]*Container)
 	if err := c.getAllDependencies(depVisitedCtrs); err != nil {
-		return fmt.Errorf("error starting dependency for container %s: %w", c.ID(), err)
+		return fmt.Errorf("starting dependency for container %s: %w", c.ID(), err)
 	}
 
 	// Because of how Go handles passing slices through functions, a slice cannot grow between function calls
@@ -874,7 +864,7 @@ func (c *Container) startDependencies(ctx context.Context) error {
 	// Build a dependency graph of containers
 	graph, err := BuildContainerGraph(depCtrs)
 	if err != nil {
-		return fmt.Errorf("error generating dependency graph for container %s: %w", c.ID(), err)
+		return fmt.Errorf("generating dependency graph for container %s: %w", c.ID(), err)
 	}
 
 	// If there are no containers without dependencies, we can't start
@@ -900,7 +890,7 @@ func (c *Container) startDependencies(ctx context.Context) error {
 		for _, e := range ctrErrors {
 			logrus.Errorf("%q", e)
 		}
-		return fmt.Errorf("error starting some containers: %w", define.ErrInternal)
+		return fmt.Errorf("starting some containers: %w", define.ErrInternal)
 	}
 	return nil
 }
@@ -956,13 +946,13 @@ func (c *Container) checkDependenciesRunning() ([]string, error) {
 		// Get the dependency container
 		depCtr, err := c.runtime.state.Container(dep)
 		if err != nil {
-			return nil, fmt.Errorf("error retrieving dependency %s of container %s from state: %w", dep, c.ID(), err)
+			return nil, fmt.Errorf("retrieving dependency %s of container %s from state: %w", dep, c.ID(), err)
 		}
 
 		// Check the status
 		state, err := depCtr.State()
 		if err != nil {
-			return nil, fmt.Errorf("error retrieving state of dependency %s of container %s: %w", dep, c.ID(), err)
+			return nil, fmt.Errorf("retrieving state of dependency %s of container %s: %w", dep, c.ID(), err)
 		}
 		if state != define.ContainerStateRunning && !depCtr.config.IsInfra {
 			notRunning = append(notRunning, dep)
@@ -1049,6 +1039,13 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error {
 		}
 	}
 
+	// To ensure that we don't lose track of Conmon if hit by a SIGTERM
+	// in the middle of setting up the container, inhibit shutdown signals
+	// until after we save Conmon's PID to the state.
+	// TODO: This can likely be removed once conmon-rs support merges.
+	shutdown.Inhibit()
+	defer shutdown.Uninhibit()
+
 	// With the spec complete, do an OCI create
 	if _, err = c.ociRuntime.CreateContainer(c, nil); err != nil {
 		return err
@@ -1084,6 +1081,7 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error {
 	if err := c.save(); err != nil {
 		return err
 	}
+
 	if c.config.HealthCheckConfig != nil {
 		if err := c.createTimer(); err != nil {
 			logrus.Error(err)
@@ -1224,9 +1222,9 @@ func (c *Container) start() error {
 			payload += "\n"
 			payload += daemon.SdNotifyReady
 		}
-		if sent, err := daemon.SdNotify(false, payload); err != nil {
+		if err := notifyproxy.SendMessage(c.config.SdNotifySocket, payload); err != nil {
 			logrus.Errorf("Notifying systemd of Conmon PID: %s", err.Error())
-		} else if sent {
+		} else {
 			logrus.Debugf("Notify sent successfully")
 		}
 	}
@@ -1282,12 +1280,18 @@ func (c *Container) stop(timeout uint) error {
 	// is held when busy-waiting for the container to be stopped.
 	c.state.State = define.ContainerStateStopping
 	if err := c.save(); err != nil {
-		return fmt.Errorf("error saving container %s state before stopping: %w", c.ID(), err)
+		return fmt.Errorf("saving container %s state before stopping: %w", c.ID(), err)
 	}
 	if !c.batched {
 		c.lock.Unlock()
 	}
 
+	if c.config.HealthCheckConfig != nil {
+		if err := c.removeTransientFiles(context.Background()); err != nil {
+			logrus.Error(err.Error())
+		}
+	}
+
 	stopErr := c.ociRuntime.StopContainer(c, timeout, all)
 
 	if !c.batched {
@@ -1342,7 +1346,7 @@ func (c *Container) stop(timeout uint) error {
 	}
 
 	if err := c.save(); err != nil {
-		return fmt.Errorf("error saving container %s state after stopping: %w", c.ID(), err)
+		return fmt.Errorf("saving container %s state after stopping: %w", c.ID(), err)
 	}
 
 	// Wait until we have an exit file, and sync once we do
@@ -1556,7 +1560,7 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
 
 	rootUID, rootGID := c.RootUID(), c.RootGID()
 
-	dirfd, err := unix.Open(mountPoint, unix.O_RDONLY|unix.O_PATH, 0)
+	dirfd, err := openDirectory(mountPoint)
 	if err != nil {
 		return "", fmt.Errorf("open mount point: %w", err)
 	}
@@ -1579,7 +1583,7 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
 		return "", fmt.Errorf("resolve /etc in the container: %w", err)
 	}
 
-	etcInTheContainerFd, err := unix.Open(etcInTheContainerPath, unix.O_RDONLY|unix.O_PATH, 0)
+	etcInTheContainerFd, err := openDirectory(etcInTheContainerPath)
 	if err != nil {
 		return "", fmt.Errorf("open /etc in the container: %w", err)
 	}
@@ -1629,7 +1633,7 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 	logrus.Debugf("Going to mount named volume %s", v.Name)
 	vol, err := c.runtime.state.Volume(v.Name)
 	if err != nil {
-		return nil, fmt.Errorf("error retrieving named volume %s for container %s: %w", v.Name, c.ID(), err)
+		return nil, fmt.Errorf("retrieving named volume %s for container %s: %w", v.Name, c.ID(), err)
 	}
 
 	if vol.config.LockID == c.config.LockID {
@@ -1639,7 +1643,7 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 	defer vol.lock.Unlock()
 	if vol.needsMount() {
 		if err := vol.mount(); err != nil {
-			return nil, fmt.Errorf("error mounting volume %s for container %s: %w", vol.Name(), c.ID(), err)
+			return nil, fmt.Errorf("mounting volume %s for container %s: %w", vol.Name(), c.ID(), err)
 		}
 	}
 	// The volume may need a copy-up. Check the state.
@@ -1652,7 +1656,7 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 
 		srcDir, err := securejoin.SecureJoin(mountpoint, v.Dest)
 		if err != nil {
-			return nil, fmt.Errorf("error calculating destination path to copy up container %s volume %s: %w", c.ID(), vol.Name(), err)
+			return nil, fmt.Errorf("calculating destination path to copy up container %s volume %s: %w", c.ID(), vol.Name(), err)
 		}
 		// Do a manual stat on the source directory to verify existence.
 		// Skip the rest if it exists.
@@ -1663,7 +1667,7 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 				// up.
 				return vol, nil
 			}
-			return nil, fmt.Errorf("error identifying source directory for copy up into volume %s: %w", vol.Name(), err)
+			return nil, fmt.Errorf("identifying source directory for copy up into volume %s: %w", vol.Name(), err)
 		}
 		// If it's not a directory we're mounting over it.
 		if !srcStat.IsDir() {
@@ -1673,9 +1677,9 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 		// a bizarre issue where something copier.Get will ENOENT on
 		// empty directories and sometimes it will not.
 		// RHBZ#1928643
-		srcContents, err := ioutil.ReadDir(srcDir)
+		srcContents, err := os.ReadDir(srcDir)
 		if err != nil {
-			return nil, fmt.Errorf("error reading contents of source directory for copy up into volume %s: %w", vol.Name(), err)
+			return nil, fmt.Errorf("reading contents of source directory for copy up into volume %s: %w", vol.Name(), err)
 		}
 		if len(srcContents) == 0 {
 			return vol, nil
@@ -1683,9 +1687,9 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 
 		// If the volume is not empty, we should not copy up.
 		volMount := vol.mountPoint()
-		contents, err := ioutil.ReadDir(volMount)
+		contents, err := os.ReadDir(volMount)
 		if err != nil {
-			return nil, fmt.Errorf("error listing contents of volume %s mountpoint when copying up from container %s: %w", vol.Name(), c.ID(), err)
+			return nil, fmt.Errorf("listing contents of volume %s mountpoint when copying up from container %s: %w", vol.Name(), c.ID(), err)
 		}
 		if len(contents) > 0 {
 			// The volume is not empty. It was likely modified
@@ -1727,11 +1731,11 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 			if err2 != nil {
 				logrus.Errorf("Streaming contents of container %s directory for volume copy-up: %v", c.ID(), err2)
 			}
-			return nil, fmt.Errorf("error copying up to volume %s: %w", vol.Name(), err)
+			return nil, fmt.Errorf("copying up to volume %s: %w", vol.Name(), err)
 		}
 
 		if err := <-errChan; err != nil {
-			return nil, fmt.Errorf("error streaming container content for copy up into volume %s: %w", vol.Name(), err)
+			return nil, fmt.Errorf("streaming container content for copy up into volume %s: %w", vol.Name(), err)
 		}
 	}
 	return vol, nil
@@ -1814,7 +1818,7 @@ func (c *Container) cleanupStorage() error {
 			if cleanupErr != nil {
 				logrus.Errorf("Unmounting container %s: %v", c.ID(), cleanupErr)
 			}
-			cleanupErr = fmt.Errorf("error retrieving named volume %s for container %s: %w", v.Name, c.ID(), err)
+			cleanupErr = fmt.Errorf("retrieving named volume %s for container %s: %w", v.Name, c.ID(), err)
 
 			// We need to try and unmount every volume, so continue
 			// if they fail.
@@ -1827,7 +1831,7 @@ func (c *Container) cleanupStorage() error {
 				if cleanupErr != nil {
 					logrus.Errorf("Unmounting container %s: %v", c.ID(), cleanupErr)
 				}
-				cleanupErr = fmt.Errorf("error unmounting volume %s for container %s: %w", vol.Name(), c.ID(), err)
+				cleanupErr = fmt.Errorf("unmounting volume %s for container %s: %w", vol.Name(), c.ID(), err)
 			}
 			vol.lock.Unlock()
 		}
@@ -1852,7 +1856,7 @@ func (c *Container) cleanup(ctx context.Context) error {
 
 	// Clean up network namespace, if present
 	if err := c.cleanupNetwork(); err != nil {
-		lastError = fmt.Errorf("error removing container %s network: %w", c.ID(), err)
+		lastError = fmt.Errorf("removing container %s network: %w", c.ID(), err)
 	}
 
 	// cleanup host entry if it is shared
@@ -1890,7 +1894,7 @@ func (c *Container) cleanup(ctx context.Context) error {
 		if lastError != nil {
 			logrus.Errorf("Unmounting container %s storage: %v", c.ID(), err)
 		} else {
-			lastError = fmt.Errorf("error unmounting container %s storage: %w", c.ID(), err)
+			lastError = fmt.Errorf("unmounting container %s storage: %w", c.ID(), err)
 		}
 	}
 
@@ -1974,7 +1978,7 @@ func (c *Container) stopPodIfNeeded(ctx context.Context) error {
 // hooks.
 func (c *Container) delete(ctx context.Context) error {
 	if err := c.ociRuntime.DeleteContainer(c); err != nil {
-		return fmt.Errorf("error removing container %s from runtime: %w", c.ID(), err)
+		return fmt.Errorf("removing container %s from runtime: %w", c.ID(), err)
 	}
 
 	if err := c.postDeleteHooks(ctx); err != nil {
@@ -2037,7 +2041,7 @@ func (c *Container) writeStringToRundir(destFile, contents string) (string, erro
 	destFileName := filepath.Join(c.state.RunDir, destFile)
 
 	if err := os.Remove(destFileName); err != nil && !os.IsNotExist(err) {
-		return "", fmt.Errorf("error removing %s for container %s: %w", destFile, c.ID(), err)
+		return "", fmt.Errorf("removing %s for container %s: %w", destFile, c.ID(), err)
 	}
 
 	if err := writeStringToPath(destFileName, contents, c.config.MountLabel, c.RootUID(), c.RootGID()); err != nil {
@@ -2071,22 +2075,22 @@ func (c *Container) saveSpec(spec *spec.Spec) error {
 	jsonPath := filepath.Join(c.bundlePath(), "config.json")
 	if _, err := os.Stat(jsonPath); err != nil {
 		if !os.IsNotExist(err) {
-			return fmt.Errorf("error doing stat on container %s spec: %w", c.ID(), err)
+			return fmt.Errorf("doing stat on container %s spec: %w", c.ID(), err)
 		}
 		// The spec does not exist, we're fine
 	} else {
 		// The spec exists, need to remove it
 		if err := os.Remove(jsonPath); err != nil {
-			return fmt.Errorf("error replacing runtime spec for container %s: %w", c.ID(), err)
+			return fmt.Errorf("replacing runtime spec for container %s: %w", c.ID(), err)
 		}
 	}
 
 	fileJSON, err := json.Marshal(spec)
 	if err != nil {
-		return fmt.Errorf("error exporting runtime spec for container %s to JSON: %w", c.ID(), err)
+		return fmt.Errorf("exporting runtime spec for container %s to JSON: %w", c.ID(), err)
 	}
 	if err := ioutil.WriteFile(jsonPath, fileJSON, 0644); err != nil {
-		return fmt.Errorf("error writing runtime spec JSON for container %s to disk: %w", c.ID(), err)
+		return fmt.Errorf("writing runtime spec JSON for container %s to disk: %w", c.ID(), err)
 	}
 
 	logrus.Debugf("Created OCI spec for container %s at %s", c.ID(), jsonPath)
@@ -2154,11 +2158,11 @@ func (c *Container) mount() (string, error) {
 
 	mountPoint, err := c.runtime.storageService.MountContainerImage(c.ID())
 	if err != nil {
-		return "", fmt.Errorf("error mounting storage for container %s: %w", c.ID(), err)
+		return "", fmt.Errorf("mounting storage for container %s: %w", c.ID(), err)
 	}
 	mountPoint, err = filepath.EvalSymlinks(mountPoint)
 	if err != nil {
-		return "", fmt.Errorf("error resolving storage path for container %s: %w", c.ID(), err)
+		return "", fmt.Errorf("resolving storage path for container %s: %w", c.ID(), err)
 	}
 	if err := os.Chown(mountPoint, c.RootUID(), c.RootGID()); err != nil {
 		return "", fmt.Errorf("cannot chown %s to %d:%d: %w", mountPoint, c.RootUID(), c.RootGID(), err)
@@ -2170,7 +2174,7 @@ func (c *Container) mount() (string, error) {
 func (c *Container) unmount(force bool) error {
 	// Also unmount storage
 	if _, err := c.runtime.storageService.UnmountContainerImage(c.ID(), force); err != nil {
-		return fmt.Errorf("error unmounting container %s root filesystem: %w", c.ID(), err)
+		return fmt.Errorf("unmounting container %s root filesystem: %w", c.ID(), err)
 	}
 
 	return nil
@@ -2299,7 +2303,7 @@ func (c *Container) checkExitFile() error {
 			return nil
 		}
 
-		return fmt.Errorf("error running stat on container %s exit file: %w", c.ID(), err)
+		return fmt.Errorf("running stat on container %s exit file: %w", c.ID(), err)
 	}
 
 	// Alright, it exists. Transition to Stopped state.
@@ -2354,3 +2358,12 @@ func (c *Container) extractSecretToCtrStorage(secr *ContainerSecret) error {
 	}
 	return nil
 }
+
+// update calls the ociRuntime update function to modify a cgroup config after container creation
+func (c *Container) update(resources *spec.LinuxResources) error {
+	if err := c.ociRuntime.UpdateContainer(c, resources); err != nil {
+		return err
+	}
+	logrus.Debugf("updated container %s", c.ID())
+	return nil
+}
diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
new file mode 100644
index 000000000..9c4a3bb67
--- /dev/null
+++ b/libpod/container_internal_common.go
@@ -0,0 +1,2694 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package libpod
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math"
+	"os"
+	"os/user"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	metadata "github.com/checkpoint-restore/checkpointctl/lib"
+	"github.com/checkpoint-restore/go-criu/v5/stats"
+	cdi "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
+	"github.com/containers/buildah"
+	"github.com/containers/buildah/pkg/chrootuser"
+	"github.com/containers/buildah/pkg/overlay"
+	butil "github.com/containers/buildah/util"
+	"github.com/containers/common/libnetwork/etchosts"
+	"github.com/containers/common/libnetwork/resolvconf"
+	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/apparmor"
+	"github.com/containers/common/pkg/chown"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/subscriptions"
+	"github.com/containers/common/pkg/umask"
+	cutil "github.com/containers/common/pkg/util"
+	is "github.com/containers/image/v5/storage"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/libpod/events"
+	"github.com/containers/podman/v4/pkg/annotations"
+	"github.com/containers/podman/v4/pkg/checkpoint/crutils"
+	"github.com/containers/podman/v4/pkg/criu"
+	"github.com/containers/podman/v4/pkg/lookup"
+	"github.com/containers/podman/v4/pkg/rootless"
+	"github.com/containers/podman/v4/pkg/util"
+	"github.com/containers/podman/v4/version"
+	"github.com/containers/storage/pkg/archive"
+	"github.com/containers/storage/pkg/idtools"
+	"github.com/containers/storage/pkg/lockfile"
+	securejoin "github.com/cyphar/filepath-securejoin"
+	runcuser "github.com/opencontainers/runc/libcontainer/user"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/opencontainers/selinux/go-selinux"
+	"github.com/opencontainers/selinux/go-selinux/label"
+	"github.com/sirupsen/logrus"
+)
+
+// Internal only function which returns upper and work dir from
+// overlay options.
+func getOverlayUpperAndWorkDir(options []string) (string, string, error) {
+	upperDir := ""
+	workDir := ""
+	for _, o := range options {
+		if strings.HasPrefix(o, "upperdir") {
+			splitOpt := strings.SplitN(o, "=", 2)
+			if len(splitOpt) > 1 {
+				upperDir = splitOpt[1]
+				if upperDir == "" {
+					return "", "", errors.New("cannot accept empty value for upperdir")
+				}
+			}
+		}
+		if strings.HasPrefix(o, "workdir") {
+			splitOpt := strings.SplitN(o, "=", 2)
+			if len(splitOpt) > 1 {
+				workDir = splitOpt[1]
+				if workDir == "" {
+					return "", "", errors.New("cannot accept empty value for workdir")
+				}
+			}
+		}
+	}
+	if (upperDir != "" && workDir == "") || (upperDir == "" && workDir != "") {
+		return "", "", errors.New("must specify both upperdir and workdir")
+	}
+	return upperDir, workDir, nil
+}
+
+// Generate spec for a container
+// Accepts a map of the container's dependencies
+func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
+	overrides := c.getUserOverrides()
+	execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.config.User, overrides)
+	if err != nil {
+		if cutil.StringInSlice(c.config.User, c.config.HostUsers) {
+			execUser, err = lookupHostUser(c.config.User)
+		}
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// NewFromSpec() is deprecated according to its comment
+	// however the recommended replace just causes a nil map panic
+	//nolint:staticcheck
+	g := generate.NewFromSpec(c.config.Spec)
+
+	// If the flag to mount all devices is set for a privileged container, add
+	// all the devices from the host's machine into the container
+	if c.config.MountAllDevices {
+		if err := util.AddPrivilegedDevices(&g); err != nil {
+			return nil, err
+		}
+	}
+
+	// If network namespace was requested, add it now
+	if err := c.addNetworkNamespace(&g); err != nil {
+		return nil, err
+	}
+
+	// Apply AppArmor checks and load the default profile if needed.
+	if len(c.config.Spec.Process.ApparmorProfile) > 0 {
+		updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile)
+		if err != nil {
+			return nil, err
+		}
+		g.SetProcessApparmorProfile(updatedProfile)
+	}
+
+	if err := c.makeBindMounts(); err != nil {
+		return nil, err
+	}
+
+	if err := c.mountNotifySocket(g); err != nil {
+		return nil, err
+	}
+
+	// Get host UID and GID based on the container process UID and GID.
+	hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid))
+	if err != nil {
+		return nil, err
+	}
+
+	// Add named volumes
+	for _, namedVol := range c.config.NamedVolumes {
+		volume, err := c.runtime.GetVolume(namedVol.Name)
+		if err != nil {
+			return nil, fmt.Errorf("retrieving volume %s to add to container %s: %w", namedVol.Name, c.ID(), err)
+		}
+		mountPoint, err := volume.MountPoint()
+		if err != nil {
+			return nil, err
+		}
+
+		overlayFlag := false
+		upperDir := ""
+		workDir := ""
+		for _, o := range namedVol.Options {
+			if o == "O" {
+				overlayFlag = true
+				upperDir, workDir, err = getOverlayUpperAndWorkDir(namedVol.Options)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+
+		if overlayFlag {
+			var overlayMount spec.Mount
+			var overlayOpts *overlay.Options
+			contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
+			if err != nil {
+				return nil, err
+			}
+
+			overlayOpts = &overlay.Options{RootUID: c.RootUID(),
+				RootGID:                c.RootGID(),
+				UpperDirOptionFragment: upperDir,
+				WorkDirOptionFragment:  workDir,
+				GraphOpts:              c.runtime.store.GraphOptions(),
+			}
+
+			overlayMount, err = overlay.MountWithOptions(contentDir, mountPoint, namedVol.Dest, overlayOpts)
+			if err != nil {
+				return nil, fmt.Errorf("mounting overlay failed %q: %w", mountPoint, err)
+			}
+
+			for _, o := range namedVol.Options {
+				if o == "U" {
+					if err := c.ChangeHostPathOwnership(mountPoint, true, int(hostUID), int(hostGID)); err != nil {
+						return nil, err
+					}
+
+					if err := c.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil {
+						return nil, err
+					}
+				}
+			}
+			g.AddMount(overlayMount)
+		} else {
+			volMount := spec.Mount{
+				Type:        define.TypeBind,
+				Source:      mountPoint,
+				Destination: namedVol.Dest,
+				Options:     namedVol.Options,
+			}
+			g.AddMount(volMount)
+		}
+	}
+
+	// Check if the spec file mounts contain the options z, Z or U.
+	// If they have z or Z, relabel the source directory and then remove the option.
+	// If they have U, chown the source directory and them remove the option.
+	for i := range g.Config.Mounts {
+		m := &g.Config.Mounts[i]
+		var options []string
+		for _, o := range m.Options {
+			switch o {
+			case "U":
+				if m.Type == "tmpfs" {
+					options = append(options, []string{fmt.Sprintf("uid=%d", execUser.Uid), fmt.Sprintf("gid=%d", execUser.Gid)}...)
+				} else {
+					// only chown on initial creation of container
+					if err := c.ChangeHostPathOwnership(m.Source, true, int(hostUID), int(hostGID)); err != nil {
+						return nil, err
+					}
+				}
+			case "z":
+				fallthrough
+			case "Z":
+				if err := c.relabel(m.Source, c.MountLabel(), label.IsShared(o)); err != nil {
+					return nil, err
+				}
+
+			default:
+				options = append(options, o)
+			}
+		}
+		m.Options = options
+	}
+
+	c.setProcessLabel(&g)
+	c.setMountLabel(&g)
+
+	// Add bind mounts to container
+	for dstPath, srcPath := range c.state.BindMounts {
+		newMount := spec.Mount{
+			Type:        define.TypeBind,
+			Source:      srcPath,
+			Destination: dstPath,
+			Options:     bindOptions,
+		}
+		if c.IsReadOnly() && dstPath != "/dev/shm" {
+			newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
+		}
+		if dstPath == "/dev/shm" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
+			newMount.Options = append(newMount.Options, "nosuid", "noexec", "nodev")
+		}
+		if !MountExists(g.Mounts(), dstPath) {
+			g.AddMount(newMount)
+		} else {
+			logrus.Infof("User mount overriding libpod mount at %q", dstPath)
+		}
+	}
+
+	// Add overlay volumes
+	for _, overlayVol := range c.config.OverlayVolumes {
+		upperDir, workDir, err := getOverlayUpperAndWorkDir(overlayVol.Options)
+		if err != nil {
+			return nil, err
+		}
+		contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
+		if err != nil {
+			return nil, err
+		}
+		overlayOpts := &overlay.Options{RootUID: c.RootUID(),
+			RootGID:                c.RootGID(),
+			UpperDirOptionFragment: upperDir,
+			WorkDirOptionFragment:  workDir,
+			GraphOpts:              c.runtime.store.GraphOptions(),
+		}
+
+		overlayMount, err := overlay.MountWithOptions(contentDir, overlayVol.Source, overlayVol.Dest, overlayOpts)
+		if err != nil {
+			return nil, fmt.Errorf("mounting overlay failed %q: %w", overlayVol.Source, err)
+		}
+
+		// Check overlay volume options
+		for _, o := range overlayVol.Options {
+			if o == "U" {
+				if err := c.ChangeHostPathOwnership(overlayVol.Source, true, int(hostUID), int(hostGID)); err != nil {
+					return nil, err
+				}
+
+				if err := c.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil {
+					return nil, err
+				}
+			}
+		}
+
+		g.AddMount(overlayMount)
+	}
+
+	// Add image volumes as overlay mounts
+	for _, volume := range c.config.ImageVolumes {
+		// Mount the specified image.
+		img, _, err := c.runtime.LibimageRuntime().LookupImage(volume.Source, nil)
+		if err != nil {
+			return nil, fmt.Errorf("creating image volume %q:%q: %w", volume.Source, volume.Dest, err)
+		}
+		mountPoint, err := img.Mount(ctx, nil, "")
+		if err != nil {
+			return nil, fmt.Errorf("mounting image volume %q:%q: %w", volume.Source, volume.Dest, err)
+		}
+
+		contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
+		if err != nil {
+			return nil, fmt.Errorf("failed to create TempDir in the %s directory: %w", c.config.StaticDir, err)
+		}
+
+		var overlayMount spec.Mount
+		if volume.ReadWrite {
+			overlayMount, err = overlay.Mount(contentDir, mountPoint, volume.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions())
+		} else {
+			overlayMount, err = overlay.MountReadOnly(contentDir, mountPoint, volume.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions())
+		}
+		if err != nil {
+			return nil, fmt.Errorf("creating overlay mount for image %q failed: %w", volume.Source, err)
+		}
+		g.AddMount(overlayMount)
+	}
+
+	hasHomeSet := false
+	for _, s := range c.config.Spec.Process.Env {
+		if strings.HasPrefix(s, "HOME=") {
+			hasHomeSet = true
+			break
+		}
+	}
+	if !hasHomeSet && execUser.Home != "" {
+		c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", execUser.Home))
+	}
+
+	if c.config.User != "" {
+		// User and Group must go together
+		g.SetProcessUID(uint32(execUser.Uid))
+		g.SetProcessGID(uint32(execUser.Gid))
+		g.AddProcessAdditionalGid(uint32(execUser.Gid))
+	}
+
+	if c.config.Umask != "" {
+		decVal, err := strconv.ParseUint(c.config.Umask, 8, 32)
+		if err != nil {
+			return nil, fmt.Errorf("invalid Umask Value: %w", err)
+		}
+		umask := uint32(decVal)
+		g.Config.Process.User.Umask = &umask
+	}
+
+	// Add addition groups if c.config.GroupAdd is not empty
+	if len(c.config.Groups) > 0 {
+		gids, err := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, overrides)
+		if err != nil {
+			return nil, fmt.Errorf("looking up supplemental groups for container %s: %w", c.ID(), err)
+		}
+		for _, gid := range gids {
+			g.AddProcessAdditionalGid(gid)
+		}
+	}
+
+	if err := c.addSystemdMounts(&g); err != nil {
+		return nil, err
+	}
+
+	// Look up and add groups the user belongs to, if a group wasn't directly specified
+	if !strings.Contains(c.config.User, ":") {
+		// the gidMappings that are present inside the container user namespace
+		var gidMappings []idtools.IDMap
+
+		switch {
+		case len(c.config.IDMappings.GIDMap) > 0:
+			gidMappings = c.config.IDMappings.GIDMap
+		case rootless.IsRootless():
+			// Check whether the current user namespace has enough gids available.
+			availableGids, err := rootless.GetAvailableGids()
+			if err != nil {
+				return nil, fmt.Errorf("cannot read number of available GIDs: %w", err)
+			}
+			gidMappings = []idtools.IDMap{{
+				ContainerID: 0,
+				HostID:      0,
+				Size:        int(availableGids),
+			}}
+		default:
+			gidMappings = []idtools.IDMap{{
+				ContainerID: 0,
+				HostID:      0,
+				Size:        math.MaxInt32,
+			}}
+		}
+		for _, gid := range execUser.Sgids {
+			isGIDAvailable := false
+			for _, m := range gidMappings {
+				if gid >= m.ContainerID && gid < m.ContainerID+m.Size {
+					isGIDAvailable = true
+					break
+				}
+			}
+			if isGIDAvailable {
+				g.AddProcessAdditionalGid(uint32(gid))
+			} else {
+				logrus.Warnf("Additional gid=%d is not present in the user namespace, skip setting it", gid)
+			}
+		}
+	}
+
+	// Add shared namespaces from other containers
+	if err := c.addSharedNamespaces(&g); err != nil {
+		return nil, err
+	}
+
+	g.SetRootPath(c.state.Mountpoint)
+	g.AddAnnotation(annotations.Created, c.config.CreatedTime.Format(time.RFC3339Nano))
+	g.AddAnnotation("org.opencontainers.image.stopSignal", fmt.Sprintf("%d", c.config.StopSignal))
+
+	if _, exists := g.Config.Annotations[annotations.ContainerManager]; !exists {
+		g.AddAnnotation(annotations.ContainerManager, annotations.ContainerManagerLibpod)
+	}
+
+	if err := c.setCgroupsPath(&g); err != nil {
+		return nil, err
+	}
+
+	// Warning: CDI may alter g.Config in place.
+	if len(c.config.CDIDevices) > 0 {
+		registry := cdi.GetRegistry(
+			cdi.WithAutoRefresh(false),
+		)
+		if err := registry.Refresh(); err != nil {
+			logrus.Debugf("The following error was triggered when refreshing the CDI registry: %v", err)
+		}
+		_, err := registry.InjectDevices(g.Config, c.config.CDIDevices...)
+		if err != nil {
+			return nil, fmt.Errorf("setting up CDI devices: %w", err)
+		}
+	}
+
+	// Mounts need to be sorted so paths will not cover other paths
+	mounts := sortMounts(g.Mounts())
+	g.ClearMounts()
+
+	for _, m := range mounts {
+		// We need to remove all symlinks from tmpfs mounts.
+		// Runc and other runtimes may choke on them.
+		// Easy solution: use securejoin to do a scoped evaluation of
+		// the links, then trim off the mount prefix.
+		if m.Type == "tmpfs" {
+			finalPath, err := securejoin.SecureJoin(c.state.Mountpoint, m.Destination)
+			if err != nil {
+				return nil, fmt.Errorf("resolving symlinks for mount destination %s: %w", m.Destination, err)
+			}
+			trimmedPath := strings.TrimPrefix(finalPath, strings.TrimSuffix(c.state.Mountpoint, "/"))
+			m.Destination = trimmedPath
+		}
+		g.AddMount(m)
+	}
+
+	if err := c.addRootPropagation(&g, mounts); err != nil {
+		return nil, err
+	}
+
+	// Warning: precreate hooks may alter g.Config in place.
+	if c.state.ExtensionStageHooks, err = c.setupOCIHooks(ctx, g.Config); err != nil {
+		return nil, fmt.Errorf("setting up OCI Hooks: %w", err)
+	}
+	if len(c.config.EnvSecrets) > 0 {
+		manager, err := c.runtime.SecretsManager()
+		if err != nil {
+			return nil, err
+		}
+		if err != nil {
+			return nil, err
+		}
+		for name, secr := range c.config.EnvSecrets {
+			_, data, err := manager.LookupSecretData(secr.Name)
+			if err != nil {
+				return nil, err
+			}
+			g.AddProcessEnv(name, string(data))
+		}
+	}
+
+	// Pass down the LISTEN_* environment (see #10443).
+	for _, key := range []string{"LISTEN_PID", "LISTEN_FDS", "LISTEN_FDNAMES"} {
+		if val, ok := os.LookupEnv(key); ok {
+			// Force the PID to `1` since we cannot rely on (all
+			// versions of) all runtimes to do it for us.
+			if key == "LISTEN_PID" {
+				val = "1"
+			}
+			g.AddProcessEnv(key, val)
+		}
+	}
+
+	return g.Config, nil
+}
+
+// isWorkDirSymlink returns true if resolved workdir is symlink or a chain of symlinks,
+// and final resolved target is present either on  volume, mount or inside of container
+// otherwise it returns false. Following function is meant for internal use only and
+// can change at any point of time.
+func (c *Container) isWorkDirSymlink(resolvedPath string) bool {
+	// We cannot create workdir since explicit --workdir is
+	// set in config but workdir could also be a symlink.
+	// If it's a symlink, check if the resolved target is present in the container.
+	// If so, that's a valid use case: return nil.
+
+	maxSymLinks := 0
+	for {
+		// Linux only supports a chain of 40 links.
+		// Reference: https://github.com/torvalds/linux/blob/master/include/linux/namei.h#L13
+		if maxSymLinks > 40 {
+			break
+		}
+		resolvedSymlink, err := os.Readlink(resolvedPath)
+		if err != nil {
+			// End sym-link resolution loop.
+			break
+		}
+		if resolvedSymlink != "" {
+			_, resolvedSymlinkWorkdir, err := c.resolvePath(c.state.Mountpoint, resolvedSymlink)
+			if isPathOnVolume(c, resolvedSymlinkWorkdir) || isPathOnMount(c, resolvedSymlinkWorkdir) {
+				// Resolved symlink exists on external volume or mount
+				return true
+			}
+			if err != nil {
+				// Could not resolve path so end sym-link resolution loop.
+				break
+			}
+			if resolvedSymlinkWorkdir != "" {
+				resolvedPath = resolvedSymlinkWorkdir
+				_, err := os.Stat(resolvedSymlinkWorkdir)
+				if err == nil {
+					// Symlink resolved successfully and resolved path exists on container,
+					// this is a valid use-case so return nil.
+					logrus.Debugf("Workdir is a symlink with target to %q and resolved symlink exists on container", resolvedSymlink)
+					return true
+				}
+			}
+		}
+		maxSymLinks++
+	}
+	return false
+}
+
+// resolveWorkDir resolves the container's workdir and, depending on the
+// configuration, will create it, or error out if it does not exist.
+// Note that the container must be mounted before.
+func (c *Container) resolveWorkDir() error {
+	workdir := c.WorkingDir()
+
+	// If the specified workdir is a subdir of a volume or mount,
+	// we don't need to do anything.  The runtime is taking care of
+	// that.
+	if isPathOnVolume(c, workdir) || isPathOnMount(c, workdir) {
+		logrus.Debugf("Workdir %q resolved to a volume or mount", workdir)
+		return nil
+	}
+
+	_, resolvedWorkdir, err := c.resolvePath(c.state.Mountpoint, workdir)
+	if err != nil {
+		return err
+	}
+	logrus.Debugf("Workdir %q resolved to host path %q", workdir, resolvedWorkdir)
+
+	st, err := os.Stat(resolvedWorkdir)
+	if err == nil {
+		if !st.IsDir() {
+			return fmt.Errorf("workdir %q exists on container %s, but is not a directory", workdir, c.ID())
+		}
+		return nil
+	}
+	if !c.config.CreateWorkingDir {
+		// No need to create it (e.g., `--workdir=/foo`), so let's make sure
+		// the path exists on the container.
+		if err != nil {
+			if os.IsNotExist(err) {
+				// If resolved Workdir path gets marked as a valid symlink,
+				// return nil cause this is valid use-case.
+				if c.isWorkDirSymlink(resolvedWorkdir) {
+					return nil
+				}
+				return fmt.Errorf("workdir %q does not exist on container %s", workdir, c.ID())
+			}
+			// This might be a serious error (e.g., permission), so
+			// we need to return the full error.
+			return fmt.Errorf("detecting workdir %q on container %s: %w", workdir, c.ID(), err)
+		}
+		return nil
+	}
+	if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil {
+		if os.IsExist(err) {
+			return nil
+		}
+		return fmt.Errorf("creating container %s workdir: %w", c.ID(), err)
+	}
+
+	// Ensure container entrypoint is created (if required).
+	uid, gid, _, err := chrootuser.GetUser(c.state.Mountpoint, c.User())
+	if err != nil {
+		return fmt.Errorf("looking up %s inside of the container %s: %w", c.User(), c.ID(), err)
+	}
+	if err := os.Chown(resolvedWorkdir, int(uid), int(gid)); err != nil {
+		return fmt.Errorf("chowning container %s workdir to container root: %w", c.ID(), err)
+	}
+
+	return nil
+}
+
+func (c *Container) getUserOverrides() *lookup.Overrides {
+	var hasPasswdFile, hasGroupFile bool
+	overrides := lookup.Overrides{}
+	for _, m := range c.config.Spec.Mounts {
+		if m.Destination == "/etc/passwd" {
+			overrides.ContainerEtcPasswdPath = m.Source
+			hasPasswdFile = true
+		}
+		if m.Destination == "/etc/group" {
+			overrides.ContainerEtcGroupPath = m.Source
+			hasGroupFile = true
+		}
+		if m.Destination == "/etc" {
+			if !hasPasswdFile {
+				overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd")
+			}
+			if !hasGroupFile {
+				overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group")
+			}
+		}
+	}
+	if path, ok := c.state.BindMounts["/etc/passwd"]; ok {
+		overrides.ContainerEtcPasswdPath = path
+	}
+	return &overrides
+}
+
+func lookupHostUser(name string) (*runcuser.ExecUser, error) {
+	var execUser runcuser.ExecUser
+	// Look up User on host
+	u, err := util.LookupUser(name)
+	if err != nil {
+		return &execUser, err
+	}
+	uid, err := strconv.ParseUint(u.Uid, 8, 32)
+	if err != nil {
+		return &execUser, err
+	}
+
+	gid, err := strconv.ParseUint(u.Gid, 8, 32)
+	if err != nil {
+		return &execUser, err
+	}
+	execUser.Uid = int(uid)
+	execUser.Gid = int(gid)
+	execUser.Home = u.HomeDir
+	return &execUser, nil
+}
+
+// mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set
+// and if the sdnotify mode is set to container.  It also sets c.notifySocket
+// to avoid redundantly looking up the env variable.
+func (c *Container) mountNotifySocket(g generate.Generator) error {
+	if c.config.SdNotifySocket == "" {
+		return nil
+	}
+	if c.config.SdNotifyMode != define.SdNotifyModeContainer {
+		return nil
+	}
+
+	notifyDir := filepath.Join(c.bundlePath(), "notify")
+	logrus.Debugf("Checking notify %q dir", notifyDir)
+	if err := os.MkdirAll(notifyDir, 0755); err != nil {
+		if !os.IsExist(err) {
+			return fmt.Errorf("unable to create notify %q dir: %w", notifyDir, err)
+		}
+	}
+	if err := label.Relabel(notifyDir, c.MountLabel(), true); err != nil {
+		return fmt.Errorf("relabel failed %q: %w", notifyDir, err)
+	}
+	logrus.Debugf("Add bindmount notify %q dir", notifyDir)
+	if _, ok := c.state.BindMounts["/run/notify"]; !ok {
+		c.state.BindMounts["/run/notify"] = notifyDir
+	}
+
+	// Set the container's notify socket to the proxy socket created by conmon
+	g.AddProcessEnv("NOTIFY_SOCKET", "/run/notify/notify.sock")
+
+	return nil
+}
+
+func (c *Container) addCheckpointImageMetadata(importBuilder *buildah.Builder) error {
+	// Get information about host environment
+	hostInfo, err := c.Runtime().hostInfo()
+	if err != nil {
+		return fmt.Errorf("getting host info: %v", err)
+	}
+
+	criuVersion, err := criu.GetCriuVersion()
+	if err != nil {
+		return fmt.Errorf("getting criu version: %v", err)
+	}
+
+	rootfsImageID, rootfsImageName := c.Image()
+
+	// Add image annotations with information about the container and the host.
+	// This information is useful to check compatibility before restoring the checkpoint
+
+	checkpointImageAnnotations := map[string]string{
+		define.CheckpointAnnotationName:                c.config.Name,
+		define.CheckpointAnnotationRawImageName:        c.config.RawImageName,
+		define.CheckpointAnnotationRootfsImageID:       rootfsImageID,
+		define.CheckpointAnnotationRootfsImageName:     rootfsImageName,
+		define.CheckpointAnnotationPodmanVersion:       version.Version.String(),
+		define.CheckpointAnnotationCriuVersion:         strconv.Itoa(criuVersion),
+		define.CheckpointAnnotationRuntimeName:         hostInfo.OCIRuntime.Name,
+		define.CheckpointAnnotationRuntimeVersion:      hostInfo.OCIRuntime.Version,
+		define.CheckpointAnnotationConmonVersion:       hostInfo.Conmon.Version,
+		define.CheckpointAnnotationHostArch:            hostInfo.Arch,
+		define.CheckpointAnnotationHostKernel:          hostInfo.Kernel,
+		define.CheckpointAnnotationCgroupVersion:       hostInfo.CgroupsVersion,
+		define.CheckpointAnnotationDistributionVersion: hostInfo.Distribution.Version,
+		define.CheckpointAnnotationDistributionName:    hostInfo.Distribution.Distribution,
+	}
+
+	for key, value := range checkpointImageAnnotations {
+		importBuilder.SetAnnotation(key, value)
+	}
+
+	return nil
+}
+
+func (c *Container) resolveCheckpointImageName(options *ContainerCheckpointOptions) error {
+	if options.CreateImage == "" {
+		return nil
+	}
+
+	// Resolve image name
+	resolvedImageName, err := c.runtime.LibimageRuntime().ResolveName(options.CreateImage)
+	if err != nil {
+		return err
+	}
+
+	options.CreateImage = resolvedImageName
+	return nil
+}
+
+func (c *Container) createCheckpointImage(ctx context.Context, options ContainerCheckpointOptions) error {
+	if options.CreateImage == "" {
+		return nil
+	}
+	logrus.Debugf("Create checkpoint image %s", options.CreateImage)
+
+	// Create storage reference
+	imageRef, err := is.Transport.ParseStoreReference(c.runtime.store, options.CreateImage)
+	if err != nil {
+		return errors.New("failed to parse image name")
+	}
+
+	// Build an image scratch
+	builderOptions := buildah.BuilderOptions{
+		FromImage: "scratch",
+	}
+	importBuilder, err := buildah.NewBuilder(ctx, c.runtime.store, builderOptions)
+	if err != nil {
+		return err
+	}
+	// Clean up buildah working container
+	defer func() {
+		if err := importBuilder.Delete(); err != nil {
+			logrus.Errorf("Image builder delete failed: %v", err)
+		}
+	}()
+
+	if err := c.prepareCheckpointExport(); err != nil {
+		return err
+	}
+
+	// Export checkpoint into temporary tar file
+	tmpDir, err := ioutil.TempDir("", "checkpoint_image_")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	options.TargetFile = path.Join(tmpDir, "checkpoint.tar")
+
+	if err := c.exportCheckpoint(options); err != nil {
+		return err
+	}
+
+	// Copy checkpoint from temporary tar file in the image
+	addAndCopyOptions := buildah.AddAndCopyOptions{}
+	if err := importBuilder.Add("", true, addAndCopyOptions, options.TargetFile); err != nil {
+		return err
+	}
+
+	if err := c.addCheckpointImageMetadata(importBuilder); err != nil {
+		return err
+	}
+
+	commitOptions := buildah.CommitOptions{
+		Squash:        true,
+		SystemContext: c.runtime.imageContext,
+	}
+
+	// Create checkpoint image
+	id, _, _, err := importBuilder.Commit(ctx, imageRef, commitOptions)
+	if err != nil {
+		return err
+	}
+	logrus.Debugf("Created checkpoint image: %s", id)
+	return nil
+}
+
+func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
+	if len(c.Dependencies()) == 1 {
+		// Check if the dependency is an infra container. If it is we can checkpoint
+		// the container out of the Pod.
+		if c.config.Pod == "" {
+			return errors.New("cannot export checkpoints of containers with dependencies")
+		}
+
+		pod, err := c.runtime.state.Pod(c.config.Pod)
+		if err != nil {
+			return fmt.Errorf("container %s is in pod %s, but pod cannot be retrieved: %w", c.ID(), c.config.Pod, err)
+		}
+		infraID, err := pod.InfraContainerID()
+		if err != nil {
+			return fmt.Errorf("cannot retrieve infra container ID for pod %s: %w", c.config.Pod, err)
+		}
+		if c.Dependencies()[0] != infraID {
+			return errors.New("cannot export checkpoints of containers with dependencies")
+		}
+	}
+	if len(c.Dependencies()) > 1 {
+		return errors.New("cannot export checkpoints of containers with dependencies")
+	}
+	logrus.Debugf("Exporting checkpoint image of container %q to %q", c.ID(), options.TargetFile)
+
+	includeFiles := []string{
+		"artifacts",
+		metadata.DevShmCheckpointTar,
+		metadata.ConfigDumpFile,
+		metadata.SpecDumpFile,
+		metadata.NetworkStatusFile,
+		stats.StatsDump,
+	}
+
+	if c.LogDriver() == define.KubernetesLogging ||
+		c.LogDriver() == define.JSONLogging {
+		includeFiles = append(includeFiles, "ctr.log")
+	}
+	if options.PreCheckPoint {
+		includeFiles = append(includeFiles, preCheckpointDir)
+	} else {
+		includeFiles = append(includeFiles, metadata.CheckpointDirectory)
+	}
+	// Get root file-system changes included in the checkpoint archive
+	var addToTarFiles []string
+	if !options.IgnoreRootfs {
+		// To correctly track deleted files, let's go through the output of 'podman diff'
+		rootFsChanges, err := c.runtime.GetDiff("", c.ID(), define.DiffContainer)
+		if err != nil {
+			return fmt.Errorf("exporting root file-system diff for %q: %w", c.ID(), err)
+		}
+
+		addToTarFiles, err := crutils.CRCreateRootFsDiffTar(&rootFsChanges, c.state.Mountpoint, c.bundlePath())
+		if err != nil {
+			return err
+		}
+
+		includeFiles = append(includeFiles, addToTarFiles...)
+	}
+
+	// Folder containing archived volumes that will be included in the export
+	expVolDir := filepath.Join(c.bundlePath(), metadata.CheckpointVolumesDirectory)
+
+	// Create an archive for each volume associated with the container
+	if !options.IgnoreVolumes {
+		if err := os.MkdirAll(expVolDir, 0700); err != nil {
+			return fmt.Errorf("creating volumes export directory %q: %w", expVolDir, err)
+		}
+
+		for _, v := range c.config.NamedVolumes {
+			volumeTarFilePath := filepath.Join(metadata.CheckpointVolumesDirectory, v.Name+".tar")
+			volumeTarFileFullPath := filepath.Join(c.bundlePath(), volumeTarFilePath)
+
+			volumeTarFile, err := os.Create(volumeTarFileFullPath)
+			if err != nil {
+				return fmt.Errorf("creating %q: %w", volumeTarFileFullPath, err)
+			}
+
+			volume, err := c.runtime.GetVolume(v.Name)
+			if err != nil {
+				return err
+			}
+
+			mp, err := volume.MountPoint()
+			if err != nil {
+				return err
+			}
+			if mp == "" {
+				return fmt.Errorf("volume %s is not mounted, cannot export: %w", volume.Name(), define.ErrInternal)
+			}
+
+			input, err := archive.TarWithOptions(mp, &archive.TarOptions{
+				Compression:      archive.Uncompressed,
+				IncludeSourceDir: true,
+			})
+			if err != nil {
+				return fmt.Errorf("reading volume directory %q: %w", v.Dest, err)
+			}
+
+			_, err = io.Copy(volumeTarFile, input)
+			if err != nil {
+				return err
+			}
+			volumeTarFile.Close()
+
+			includeFiles = append(includeFiles, volumeTarFilePath)
+		}
+	}
+
+	input, err := archive.TarWithOptions(c.bundlePath(), &archive.TarOptions{
+		Compression:      options.Compression,
+		IncludeSourceDir: true,
+		IncludeFiles:     includeFiles,
+	})
+
+	if err != nil {
+		return fmt.Errorf("reading checkpoint directory %q: %w", c.ID(), err)
+	}
+
+	outFile, err := os.Create(options.TargetFile)
+	if err != nil {
+		return fmt.Errorf("creating checkpoint export file %q: %w", options.TargetFile, err)
+	}
+	defer outFile.Close()
+
+	if err := os.Chmod(options.TargetFile, 0600); err != nil {
+		return err
+	}
+
+	_, err = io.Copy(outFile, input)
+	if err != nil {
+		return err
+	}
+
+	for _, file := range addToTarFiles {
+		os.Remove(filepath.Join(c.bundlePath(), file))
+	}
+
+	if !options.IgnoreVolumes {
+		os.RemoveAll(expVolDir)
+	}
+
+	return nil
+}
+
+func (c *Container) checkpointRestoreSupported(version int) error {
+	if !criu.CheckForCriu(version) {
+		return fmt.Errorf("checkpoint/restore requires at least CRIU %d", version)
+	}
+	if !c.ociRuntime.SupportsCheckpoint() {
+		return errors.New("configured runtime does not support checkpoint/restore")
+	}
+	return nil
+}
+
+func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (*define.CRIUCheckpointRestoreStatistics, int64, error) {
+	if err := c.checkpointRestoreSupported(criu.MinCriuVersion); err != nil {
+		return nil, 0, err
+	}
+
+	if c.state.State != define.ContainerStateRunning {
+		return nil, 0, fmt.Errorf("%q is not running, cannot checkpoint: %w", c.state.State, define.ErrCtrStateInvalid)
+	}
+
+	if c.AutoRemove() && options.TargetFile == "" {
+		return nil, 0, errors.New("cannot checkpoint containers that have been started with '--rm' unless '--export' is used")
+	}
+
+	if err := c.resolveCheckpointImageName(&options); err != nil {
+		return nil, 0, err
+	}
+
+	if err := crutils.CRCreateFileWithLabel(c.bundlePath(), "dump.log", c.MountLabel()); err != nil {
+		return nil, 0, err
+	}
+
+	// Setting CheckpointLog early in case there is a failure.
+	c.state.CheckpointLog = path.Join(c.bundlePath(), "dump.log")
+	c.state.CheckpointPath = c.CheckpointPath()
+
+	runtimeCheckpointDuration, err := c.ociRuntime.CheckpointContainer(c, options)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	// Keep the content of /dev/shm directory
+	if c.config.ShmDir != "" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
+		shmDirTarFileFullPath := filepath.Join(c.bundlePath(), metadata.DevShmCheckpointTar)
+
+		shmDirTarFile, err := os.Create(shmDirTarFileFullPath)
+		if err != nil {
+			return nil, 0, err
+		}
+		defer shmDirTarFile.Close()
+
+		input, err := archive.TarWithOptions(c.config.ShmDir, &archive.TarOptions{
+			Compression:      archive.Uncompressed,
+			IncludeSourceDir: true,
+		})
+		if err != nil {
+			return nil, 0, err
+		}
+
+		if _, err = io.Copy(shmDirTarFile, input); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	// Save network.status. This is needed to restore the container with
+	// the same IP. Currently limited to one IP address in a container
+	// with one interface.
+	// FIXME: will this break something?
+	if _, err := metadata.WriteJSONFile(c.getNetworkStatus(), c.bundlePath(), metadata.NetworkStatusFile); err != nil {
+		return nil, 0, err
+	}
+
+	defer c.newContainerEvent(events.Checkpoint)
+
+	// There is a bug from criu: https://github.com/checkpoint-restore/criu/issues/116
+	// We have to change the symbolic link from absolute path to relative path
+	if options.WithPrevious {
+		os.Remove(path.Join(c.CheckpointPath(), "parent"))
+		if err := os.Symlink("../pre-checkpoint", path.Join(c.CheckpointPath(), "parent")); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	if options.TargetFile != "" {
+		if err := c.exportCheckpoint(options); err != nil {
+			return nil, 0, err
+		}
+	} else {
+		if err := c.createCheckpointImage(ctx, options); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	logrus.Debugf("Checkpointed container %s", c.ID())
+
+	if !options.KeepRunning && !options.PreCheckPoint {
+		c.state.State = define.ContainerStateStopped
+		c.state.Checkpointed = true
+		c.state.CheckpointedTime = time.Now()
+		c.state.Restored = false
+		c.state.RestoredTime = time.Time{}
+
+		// Clean up Storage and Network
+		if err := c.cleanup(ctx); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	criuStatistics, err := func() (*define.CRIUCheckpointRestoreStatistics, error) {
+		if !options.PrintStats {
+			return nil, nil
+		}
+		statsDirectory, err := os.Open(c.bundlePath())
+		if err != nil {
+			return nil, fmt.Errorf("not able to open %q: %w", c.bundlePath(), err)
+		}
+
+		dumpStatistics, err := stats.CriuGetDumpStats(statsDirectory)
+		if err != nil {
+			return nil, fmt.Errorf("displaying checkpointing statistics not possible: %w", err)
+		}
+
+		return &define.CRIUCheckpointRestoreStatistics{
+			FreezingTime: dumpStatistics.GetFreezingTime(),
+			FrozenTime:   dumpStatistics.GetFrozenTime(),
+			MemdumpTime:  dumpStatistics.GetMemdumpTime(),
+			MemwriteTime: dumpStatistics.GetMemwriteTime(),
+			PagesScanned: dumpStatistics.GetPagesScanned(),
+			PagesWritten: dumpStatistics.GetPagesWritten(),
+		}, nil
+	}()
+	if err != nil {
+		return nil, 0, err
+	}
+
+	if !options.Keep && !options.PreCheckPoint {
+		cleanup := []string{
+			"dump.log",
+			stats.StatsDump,
+			metadata.ConfigDumpFile,
+			metadata.SpecDumpFile,
+		}
+		for _, del := range cleanup {
+			file := filepath.Join(c.bundlePath(), del)
+			if err := os.Remove(file); err != nil {
+				logrus.Debugf("Unable to remove file %s", file)
+			}
+		}
+		// The file has been deleted. Do not mention it.
+		c.state.CheckpointLog = ""
+	}
+
+	c.state.FinishedTime = time.Now()
+	return criuStatistics, runtimeCheckpointDuration, c.save()
+}
+
+func (c *Container) generateContainerSpec() error {
+	// Make sure the newly created config.json exists on disk
+
+	// NewFromSpec() is deprecated according to its comment
+	// however the recommended replace just causes a nil map panic
+	//nolint:staticcheck
+	g := generate.NewFromSpec(c.config.Spec)
+
+	if err := c.saveSpec(g.Config); err != nil {
+		return fmt.Errorf("saving imported container specification for restore failed: %w", err)
+	}
+
+	return nil
+}
+
+func (c *Container) importCheckpointImage(ctx context.Context, imageID string) error {
+	img, _, err := c.Runtime().LibimageRuntime().LookupImage(imageID, nil)
+	if err != nil {
+		return err
+	}
+
+	mountPoint, err := img.Mount(ctx, nil, "")
+	defer func() {
+		if err := c.unmount(true); err != nil {
+			logrus.Errorf("Failed to unmount container: %v", err)
+		}
+	}()
+	if err != nil {
+		return err
+	}
+
+	// Import all checkpoint files except ConfigDumpFile and SpecDumpFile. We
+	// generate new container config files to enable to specifying a new
+	// container name.
+	checkpoint := []string{
+		"artifacts",
+		metadata.CheckpointDirectory,
+		metadata.CheckpointVolumesDirectory,
+		metadata.DevShmCheckpointTar,
+		metadata.RootFsDiffTar,
+		metadata.DeletedFilesFile,
+		metadata.PodOptionsFile,
+		metadata.PodDumpFile,
+	}
+
+	for _, name := range checkpoint {
+		src := filepath.Join(mountPoint, name)
+		dst := filepath.Join(c.bundlePath(), name)
+		if err := archive.NewDefaultArchiver().CopyWithTar(src, dst); err != nil {
+			logrus.Debugf("Can't import '%s' from checkpoint image", name)
+		}
+	}
+
+	return c.generateContainerSpec()
+}
+
+func (c *Container) importCheckpointTar(input string) error {
+	if err := crutils.CRImportCheckpointWithoutConfig(c.bundlePath(), input); err != nil {
+		return err
+	}
+
+	return c.generateContainerSpec()
+}
+
+func (c *Container) importPreCheckpoint(input string) error {
+	archiveFile, err := os.Open(input)
+	if err != nil {
+		return fmt.Errorf("failed to open pre-checkpoint archive for import: %w", err)
+	}
+
+	defer archiveFile.Close()
+
+	err = archive.Untar(archiveFile, c.bundlePath(), nil)
+	if err != nil {
+		return fmt.Errorf("unpacking of pre-checkpoint archive %s failed: %w", input, err)
+	}
+	return nil
+}
+
+func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) (criuStatistics *define.CRIUCheckpointRestoreStatistics, runtimeRestoreDuration int64, retErr error) {
+	minCriuVersion := func() int {
+		if options.Pod == "" {
+			return criu.MinCriuVersion
+		}
+		return criu.PodCriuVersion
+	}()
+	if err := c.checkpointRestoreSupported(minCriuVersion); err != nil {
+		return nil, 0, err
+	}
+
+	if options.Pod != "" && !crutils.CRRuntimeSupportsPodCheckpointRestore(c.ociRuntime.Path()) {
+		return nil, 0, fmt.Errorf("runtime %s does not support pod restore", c.ociRuntime.Path())
+	}
+
+	if !c.ensureState(define.ContainerStateConfigured, define.ContainerStateExited) {
+		return nil, 0, fmt.Errorf("container %s is running or paused, cannot restore: %w", c.ID(), define.ErrCtrStateInvalid)
+	}
+
+	if options.ImportPrevious != "" {
+		if err := c.importPreCheckpoint(options.ImportPrevious); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	if options.TargetFile != "" {
+		if err := c.importCheckpointTar(options.TargetFile); err != nil {
+			return nil, 0, err
+		}
+	} else if options.CheckpointImageID != "" {
+		if err := c.importCheckpointImage(ctx, options.CheckpointImageID); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	// Let's try to stat() CRIU's inventory file. If it does not exist, it makes
+	// no sense to try a restore. This is a minimal check if a checkpoint exist.
+	if _, err := os.Stat(filepath.Join(c.CheckpointPath(), "inventory.img")); os.IsNotExist(err) {
+		return nil, 0, fmt.Errorf("a complete checkpoint for this container cannot be found, cannot restore: %w", err)
+	}
+
+	if err := crutils.CRCreateFileWithLabel(c.bundlePath(), "restore.log", c.MountLabel()); err != nil {
+		return nil, 0, err
+	}
+
+	// Setting RestoreLog early in case there is a failure.
+	c.state.RestoreLog = path.Join(c.bundlePath(), "restore.log")
+	c.state.CheckpointPath = c.CheckpointPath()
+
+	// Read network configuration from checkpoint
+	var netStatus map[string]types.StatusBlock
+	_, err := metadata.ReadJSONFile(&netStatus, c.bundlePath(), metadata.NetworkStatusFile)
+	if err != nil {
+		logrus.Infof("Failed to unmarshal network status, cannot restore the same ip/mac: %v", err)
+	}
+	// If the restored container should get a new name, the IP address of
+	// the container will not be restored. This assumes that if a new name is
+	// specified, the container is restored multiple times.
+	// TODO: This implicit restoring with or without IP depending on an
+	//       unrelated restore parameter (--name) does not seem like the
+	//       best solution.
+	if err == nil && options.Name == "" && (!options.IgnoreStaticIP || !options.IgnoreStaticMAC) {
+		// The file with the network.status does exist. Let's restore the
+		// container with the same networks settings as during checkpointing.
+		networkOpts, err := c.networks()
+		if err != nil {
+			return nil, 0, err
+		}
+
+		netOpts := make(map[string]types.PerNetworkOptions, len(netStatus))
+		for network, perNetOpts := range networkOpts {
+			// unset mac and ips before we start adding the ones from the status
+			perNetOpts.StaticMAC = nil
+			perNetOpts.StaticIPs = nil
+			for name, netInt := range netStatus[network].Interfaces {
+				perNetOpts.InterfaceName = name
+				if !options.IgnoreStaticIP {
+					perNetOpts.StaticMAC = netInt.MacAddress
+				}
+				if !options.IgnoreStaticIP {
+					for _, netAddress := range netInt.Subnets {
+						perNetOpts.StaticIPs = append(perNetOpts.StaticIPs, netAddress.IPNet.IP)
+					}
+				}
+				// Normally interfaces have a length of 1, only for some special cni configs we could get more.
+				// For now just use the first interface to get the ips this should be good enough for most cases.
+				break
+			}
+			netOpts[network] = perNetOpts
+		}
+		c.perNetworkOpts = netOpts
+	}
+
+	defer func() {
+		if retErr != nil {
+			if err := c.cleanup(ctx); err != nil {
+				logrus.Errorf("Cleaning up container %s: %v", c.ID(), err)
+			}
+		}
+	}()
+
+	if err := c.prepare(); err != nil {
+		return nil, 0, err
+	}
+
+	// Read config
+	jsonPath := filepath.Join(c.bundlePath(), "config.json")
+	logrus.Debugf("generate.NewFromFile at %v", jsonPath)
+	g, err := generate.NewFromFile(jsonPath)
+	if err != nil {
+		logrus.Debugf("generate.NewFromFile failed with %v", err)
+		return nil, 0, err
+	}
+
+	// Restoring from an import means that we are doing migration
+	if options.TargetFile != "" || options.CheckpointImageID != "" {
+		g.SetRootPath(c.state.Mountpoint)
+	}
+
+	// We want to have the same network namespace as before.
+	if err := c.addNetworkNamespace(&g); err != nil {
+		return nil, 0, err
+	}
+
+	if options.Pod != "" {
+		// Running in a Pod means that we have to change all namespace settings to
+		// the ones from the infrastructure container.
+		pod, err := c.runtime.LookupPod(options.Pod)
+		if err != nil {
+			return nil, 0, fmt.Errorf("pod %q cannot be retrieved: %w", options.Pod, err)
+		}
+
+		infraContainer, err := pod.InfraContainer()
+		if err != nil {
+			return nil, 0, fmt.Errorf("cannot retrieved infra container from pod %q: %w", options.Pod, err)
+		}
+
+		infraContainer.lock.Lock()
+		if err := infraContainer.syncContainer(); err != nil {
+			infraContainer.lock.Unlock()
+			return nil, 0, fmt.Errorf("syncing infrastructure container %s status: %w", infraContainer.ID(), err)
+		}
+		if infraContainer.state.State != define.ContainerStateRunning {
+			if err := infraContainer.initAndStart(ctx); err != nil {
+				infraContainer.lock.Unlock()
+				return nil, 0, fmt.Errorf("starting infrastructure container %s status: %w", infraContainer.ID(), err)
+			}
+		}
+		infraContainer.lock.Unlock()
+
+		if c.config.IPCNsCtr != "" {
+			nsPath, err := infraContainer.namespacePath(IPCNS)
+			if err != nil {
+				return nil, 0, fmt.Errorf("cannot retrieve IPC namespace path for Pod %q: %w", options.Pod, err)
+			}
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), nsPath); err != nil {
+				return nil, 0, err
+			}
+		}
+
+		if c.config.NetNsCtr != "" {
+			nsPath, err := infraContainer.namespacePath(NetNS)
+			if err != nil {
+				return nil, 0, fmt.Errorf("cannot retrieve network namespace path for Pod %q: %w", options.Pod, err)
+			}
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), nsPath); err != nil {
+				return nil, 0, err
+			}
+		}
+
+		if c.config.PIDNsCtr != "" {
+			nsPath, err := infraContainer.namespacePath(PIDNS)
+			if err != nil {
+				return nil, 0, fmt.Errorf("cannot retrieve PID namespace path for Pod %q: %w", options.Pod, err)
+			}
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), nsPath); err != nil {
+				return nil, 0, err
+			}
+		}
+
+		if c.config.UTSNsCtr != "" {
+			nsPath, err := infraContainer.namespacePath(UTSNS)
+			if err != nil {
+				return nil, 0, fmt.Errorf("cannot retrieve UTS namespace path for Pod %q: %w", options.Pod, err)
+			}
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.UTSNamespace), nsPath); err != nil {
+				return nil, 0, err
+			}
+		}
+
+		if c.config.CgroupNsCtr != "" {
+			nsPath, err := infraContainer.namespacePath(CgroupNS)
+			if err != nil {
+				return nil, 0, fmt.Errorf("cannot retrieve Cgroup namespace path for Pod %q: %w", options.Pod, err)
+			}
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), nsPath); err != nil {
+				return nil, 0, err
+			}
+		}
+	}
+
+	if err := c.makeBindMounts(); err != nil {
+		return nil, 0, err
+	}
+
+	if options.TargetFile != "" || options.CheckpointImageID != "" {
+		for dstPath, srcPath := range c.state.BindMounts {
+			newMount := spec.Mount{
+				Type:        "bind",
+				Source:      srcPath,
+				Destination: dstPath,
+				Options:     []string{"bind", "private"},
+			}
+			if c.IsReadOnly() && dstPath != "/dev/shm" {
+				newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
+			}
+			if dstPath == "/dev/shm" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
+				newMount.Options = append(newMount.Options, "nosuid", "noexec", "nodev")
+			}
+			if !MountExists(g.Mounts(), dstPath) {
+				g.AddMount(newMount)
+			}
+		}
+	}
+
+	// Restore /dev/shm content
+	if c.config.ShmDir != "" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
+		shmDirTarFileFullPath := filepath.Join(c.bundlePath(), metadata.DevShmCheckpointTar)
+		if _, err := os.Stat(shmDirTarFileFullPath); err != nil {
+			logrus.Debug("Container checkpoint doesn't contain dev/shm: ", err.Error())
+		} else {
+			shmDirTarFile, err := os.Open(shmDirTarFileFullPath)
+			if err != nil {
+				return nil, 0, err
+			}
+			defer shmDirTarFile.Close()
+
+			if err := archive.UntarUncompressed(shmDirTarFile, c.config.ShmDir, nil); err != nil {
+				return nil, 0, err
+			}
+		}
+	}
+
+	// Cleanup for a working restore.
+	if err := c.removeConmonFiles(); err != nil {
+		return nil, 0, err
+	}
+
+	// Save the OCI spec to disk
+	if err := c.saveSpec(g.Config); err != nil {
+		return nil, 0, err
+	}
+
+	// When restoring from an imported archive, allow restoring the content of volumes.
+	// Volumes are created in setupContainer()
+	if !options.IgnoreVolumes && (options.TargetFile != "" || options.CheckpointImageID != "") {
+		for _, v := range c.config.NamedVolumes {
+			volumeFilePath := filepath.Join(c.bundlePath(), metadata.CheckpointVolumesDirectory, v.Name+".tar")
+
+			volumeFile, err := os.Open(volumeFilePath)
+			if err != nil {
+				return nil, 0, fmt.Errorf("failed to open volume file %s: %w", volumeFilePath, err)
+			}
+			defer volumeFile.Close()
+
+			volume, err := c.runtime.GetVolume(v.Name)
+			if err != nil {
+				return nil, 0, fmt.Errorf("failed to retrieve volume %s: %w", v.Name, err)
+			}
+
+			mountPoint, err := volume.MountPoint()
+			if err != nil {
+				return nil, 0, err
+			}
+			if mountPoint == "" {
+				return nil, 0, fmt.Errorf("unable to import volume %s as it is not mounted: %w", volume.Name(), err)
+			}
+			if err := archive.UntarUncompressed(volumeFile, mountPoint, nil); err != nil {
+				return nil, 0, fmt.Errorf("failed to extract volume %s to %s: %w", volumeFilePath, mountPoint, err)
+			}
+		}
+	}
+
+	// Before actually restarting the container, apply the root file-system changes
+	if !options.IgnoreRootfs {
+		if err := crutils.CRApplyRootFsDiffTar(c.bundlePath(), c.state.Mountpoint); err != nil {
+			return nil, 0, err
+		}
+
+		if err := crutils.CRRemoveDeletedFiles(c.ID(), c.bundlePath(), c.state.Mountpoint); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	runtimeRestoreDuration, err = c.ociRuntime.CreateContainer(c, &options)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	criuStatistics, err = func() (*define.CRIUCheckpointRestoreStatistics, error) {
+		if !options.PrintStats {
+			return nil, nil
+		}
+		statsDirectory, err := os.Open(c.bundlePath())
+		if err != nil {
+			return nil, fmt.Errorf("not able to open %q: %w", c.bundlePath(), err)
+		}
+
+		restoreStatistics, err := stats.CriuGetRestoreStats(statsDirectory)
+		if err != nil {
+			return nil, fmt.Errorf("displaying restore statistics not possible: %w", err)
+		}
+
+		return &define.CRIUCheckpointRestoreStatistics{
+			PagesCompared:   restoreStatistics.GetPagesCompared(),
+			PagesSkippedCow: restoreStatistics.GetPagesSkippedCow(),
+			ForkingTime:     restoreStatistics.GetForkingTime(),
+			RestoreTime:     restoreStatistics.GetRestoreTime(),
+			PagesRestored:   restoreStatistics.GetPagesRestored(),
+		}, nil
+	}()
+	if err != nil {
+		return nil, 0, err
+	}
+
+	logrus.Debugf("Restored container %s", c.ID())
+
+	c.state.State = define.ContainerStateRunning
+	c.state.Checkpointed = false
+	c.state.Restored = true
+	c.state.CheckpointedTime = time.Time{}
+	c.state.RestoredTime = time.Now()
+
+	if !options.Keep {
+		// Delete all checkpoint related files. At this point, in theory, all files
+		// should exist. Still ignoring errors for now as the container should be
+		// restored and running. Not erroring out just because some cleanup operation
+		// failed. Starting with the checkpoint directory
+		err = os.RemoveAll(c.CheckpointPath())
+		if err != nil {
+			logrus.Debugf("Non-fatal: removal of checkpoint directory (%s) failed: %v", c.CheckpointPath(), err)
+		}
+		c.state.CheckpointPath = ""
+		err = os.RemoveAll(c.PreCheckPointPath())
+		if err != nil {
+			logrus.Debugf("Non-fatal: removal of pre-checkpoint directory (%s) failed: %v", c.PreCheckPointPath(), err)
+		}
+		err = os.RemoveAll(c.CheckpointVolumesPath())
+		if err != nil {
+			logrus.Debugf("Non-fatal: removal of checkpoint volumes directory (%s) failed: %v", c.CheckpointVolumesPath(), err)
+		}
+		cleanup := [...]string{
+			"restore.log",
+			"dump.log",
+			stats.StatsDump,
+			stats.StatsRestore,
+			metadata.DevShmCheckpointTar,
+			metadata.NetworkStatusFile,
+			metadata.RootFsDiffTar,
+			metadata.DeletedFilesFile,
+		}
+		for _, del := range cleanup {
+			file := filepath.Join(c.bundlePath(), del)
+			err = os.Remove(file)
+			if err != nil {
+				logrus.Debugf("Non-fatal: removal of checkpoint file (%s) failed: %v", file, err)
+			}
+		}
+		c.state.CheckpointLog = ""
+		c.state.RestoreLog = ""
+	}
+
+	return criuStatistics, runtimeRestoreDuration, c.save()
+}
+
+// Retrieves a container's "root" net namespace container dependency.
+func (c *Container) getRootNetNsDepCtr() (depCtr *Container, err error) {
+	containersVisited := map[string]int{c.config.ID: 1}
+	nextCtr := c.config.NetNsCtr
+	for nextCtr != "" {
+		// Make sure we aren't in a loop
+		if _, visited := containersVisited[nextCtr]; visited {
+			return nil, errors.New("loop encountered while determining net namespace container")
+		}
+		containersVisited[nextCtr] = 1
+
+		depCtr, err = c.runtime.state.Container(nextCtr)
+		if err != nil {
+			return nil, fmt.Errorf("fetching dependency %s of container %s: %w", c.config.NetNsCtr, c.ID(), err)
+		}
+		// This should never happen without an error
+		if depCtr == nil {
+			break
+		}
+		nextCtr = depCtr.config.NetNsCtr
+	}
+
+	if depCtr == nil {
+		return nil, errors.New("unexpected error depCtr is nil without reported error from runtime state")
+	}
+	return depCtr, nil
+}
+
+// Ensure standard bind mounts are mounted into all root directories (including chroot directories)
+func (c *Container) mountIntoRootDirs(mountName string, mountPath string) error {
+	c.state.BindMounts[mountName] = mountPath
+
+	for _, chrootDir := range c.config.ChrootDirs {
+		c.state.BindMounts[filepath.Join(chrootDir, mountName)] = mountPath
+	}
+
+	return nil
+}
+
+// Make standard bind mounts to include in the container
+func (c *Container) makeBindMounts() error {
+	if err := os.Chown(c.state.RunDir, c.RootUID(), c.RootGID()); err != nil {
+		return fmt.Errorf("cannot chown run directory: %w", err)
+	}
+
+	if c.state.BindMounts == nil {
+		c.state.BindMounts = make(map[string]string)
+	}
+	netDisabled, err := c.NetworkDisabled()
+	if err != nil {
+		return err
+	}
+
+	if !netDisabled {
+		// If /etc/resolv.conf and /etc/hosts exist, delete them so we
+		// will recreate. Only do this if we aren't sharing them with
+		// another container.
+		if c.config.NetNsCtr == "" {
+			if resolvePath, ok := c.state.BindMounts["/etc/resolv.conf"]; ok {
+				if err := os.Remove(resolvePath); err != nil && !os.IsNotExist(err) {
+					return fmt.Errorf("container %s: %w", c.ID(), err)
+				}
+				delete(c.state.BindMounts, "/etc/resolv.conf")
+			}
+			if hostsPath, ok := c.state.BindMounts["/etc/hosts"]; ok {
+				if err := os.Remove(hostsPath); err != nil && !os.IsNotExist(err) {
+					return fmt.Errorf("container %s: %w", c.ID(), err)
+				}
+				delete(c.state.BindMounts, "/etc/hosts")
+			}
+		}
+
+		if c.config.NetNsCtr != "" && (!c.config.UseImageResolvConf || !c.config.UseImageHosts) {
+			// We share a net namespace.
+			// We want /etc/resolv.conf and /etc/hosts from the
+			// other container. Unless we're not creating both of
+			// them.
+			depCtr, err := c.getRootNetNsDepCtr()
+			if err != nil {
+				return fmt.Errorf("fetching network namespace dependency container for container %s: %w", c.ID(), err)
+			}
+
+			// We need that container's bind mounts
+			bindMounts, err := depCtr.BindMounts()
+			if err != nil {
+				return fmt.Errorf("fetching bind mounts from dependency %s of container %s: %w", depCtr.ID(), c.ID(), err)
+			}
+
+			// The other container may not have a resolv.conf or /etc/hosts
+			// If it doesn't, don't copy them
+			resolvPath, exists := bindMounts["/etc/resolv.conf"]
+			if !c.config.UseImageResolvConf && exists {
+				err := c.mountIntoRootDirs("/etc/resolv.conf", resolvPath)
+
+				if err != nil {
+					return fmt.Errorf("assigning mounts to container %s: %w", c.ID(), err)
+				}
+			}
+
+			// check if dependency container has an /etc/hosts file.
+			// It may not have one, so only use it if it does.
+			hostsPath, exists := bindMounts[config.DefaultHostsFile]
+			if !c.config.UseImageHosts && exists {
+				// we cannot use the dependency container lock due ABBA deadlocks in cleanup()
+				lock, err := lockfile.GetLockfile(hostsPath)
+				if err != nil {
+					return fmt.Errorf("failed to lock hosts file: %w", err)
+				}
+				lock.Lock()
+
+				// add the newly added container to the hosts file
+				// we always use 127.0.0.1 as ip since they have the same netns
+				err = etchosts.Add(hostsPath, getLocalhostHostEntry(c))
+				lock.Unlock()
+				if err != nil {
+					return fmt.Errorf("creating hosts file for container %s which depends on container %s: %w", c.ID(), depCtr.ID(), err)
+				}
+
+				// finally, save it in the new container
+				err = c.mountIntoRootDirs(config.DefaultHostsFile, hostsPath)
+				if err != nil {
+					return fmt.Errorf("assigning mounts to container %s: %w", c.ID(), err)
+				}
+			}
+
+			if !hasCurrentUserMapped(c) {
+				if err := makeAccessible(resolvPath, c.RootUID(), c.RootGID()); err != nil {
+					return err
+				}
+				if err := makeAccessible(hostsPath, c.RootUID(), c.RootGID()); err != nil {
+					return err
+				}
+			}
+		} else {
+			if !c.config.UseImageResolvConf {
+				if err := c.generateResolvConf(); err != nil {
+					return fmt.Errorf("creating resolv.conf for container %s: %w", c.ID(), err)
+				}
+			}
+
+			if !c.config.UseImageHosts {
+				if err := c.createHosts(); err != nil {
+					return fmt.Errorf("creating hosts file for container %s: %w", c.ID(), err)
+				}
+			}
+		}
+
+		if c.state.BindMounts["/etc/hosts"] != "" {
+			if err := c.relabel(c.state.BindMounts["/etc/hosts"], c.config.MountLabel, true); err != nil {
+				return err
+			}
+		}
+
+		if c.state.BindMounts["/etc/resolv.conf"] != "" {
+			if err := c.relabel(c.state.BindMounts["/etc/resolv.conf"], c.config.MountLabel, true); err != nil {
+				return err
+			}
+		}
+	} else if !c.config.UseImageHosts && c.state.BindMounts["/etc/hosts"] == "" {
+		if err := c.createHosts(); err != nil {
+			return fmt.Errorf("creating hosts file for container %s: %w", c.ID(), err)
+		}
+	}
+
+	if c.config.ShmDir != "" {
+		// If ShmDir has a value SHM is always added when we mount the container
+		c.state.BindMounts["/dev/shm"] = c.config.ShmDir
+	}
+
+	if c.config.Passwd == nil || *c.config.Passwd {
+		newPasswd, newGroup, err := c.generatePasswdAndGroup()
+		if err != nil {
+			return fmt.Errorf("creating temporary passwd file for container %s: %w", c.ID(), err)
+		}
+		if newPasswd != "" {
+			// Make /etc/passwd
+			// If it already exists, delete so we can recreate
+			delete(c.state.BindMounts, "/etc/passwd")
+			c.state.BindMounts["/etc/passwd"] = newPasswd
+		}
+		if newGroup != "" {
+			// Make /etc/group
+			// If it already exists, delete so we can recreate
+			delete(c.state.BindMounts, "/etc/group")
+			c.state.BindMounts["/etc/group"] = newGroup
+		}
+	}
+
+	// Make /etc/localtime
+	ctrTimezone := c.Timezone()
+	if ctrTimezone != "" {
+		// validate the format of the timezone specified if it's not "local"
+		if ctrTimezone != "local" {
+			_, err = time.LoadLocation(ctrTimezone)
+			if err != nil {
+				return fmt.Errorf("finding timezone for container %s: %w", c.ID(), err)
+			}
+		}
+		if _, ok := c.state.BindMounts["/etc/localtime"]; !ok {
+			var zonePath string
+			if ctrTimezone == "local" {
+				zonePath, err = filepath.EvalSymlinks("/etc/localtime")
+				if err != nil {
+					return fmt.Errorf("finding local timezone for container %s: %w", c.ID(), err)
+				}
+			} else {
+				zone := filepath.Join("/usr/share/zoneinfo", ctrTimezone)
+				zonePath, err = filepath.EvalSymlinks(zone)
+				if err != nil {
+					return fmt.Errorf("setting timezone for container %s: %w", c.ID(), err)
+				}
+			}
+			localtimePath, err := c.copyTimezoneFile(zonePath)
+			if err != nil {
+				return fmt.Errorf("setting timezone for container %s: %w", c.ID(), err)
+			}
+			c.state.BindMounts["/etc/localtime"] = localtimePath
+		}
+	}
+
+	_, hasRunContainerenv := c.state.BindMounts["/run/.containerenv"]
+	if !hasRunContainerenv {
+		// check in the spec mounts
+		for _, m := range c.config.Spec.Mounts {
+			if m.Destination == "/run/.containerenv" || m.Destination == "/run" {
+				hasRunContainerenv = true
+				break
+			}
+		}
+	}
+
+	// Make .containerenv if it does not exist
+	if !hasRunContainerenv {
+		containerenv := c.runtime.graphRootMountedFlag(c.config.Spec.Mounts)
+		isRootless := 0
+		if rootless.IsRootless() {
+			isRootless = 1
+		}
+		imageID, imageName := c.Image()
+
+		if c.Privileged() {
+			// Populate the .containerenv with container information
+			containerenv = fmt.Sprintf(`engine="podman-%s"
+name=%q
+id=%q
+image=%q
+imageid=%q
+rootless=%d
+%s`, version.Version.String(), c.Name(), c.ID(), imageName, imageID, isRootless, containerenv)
+		}
+		containerenvPath, err := c.writeStringToRundir(".containerenv", containerenv)
+		if err != nil {
+			return fmt.Errorf("creating containerenv file for container %s: %w", c.ID(), err)
+		}
+		c.state.BindMounts["/run/.containerenv"] = containerenvPath
+	}
+
+	// Add Subscription Mounts
+	subscriptionMounts := subscriptions.MountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.Mountpoint, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
+	for _, mount := range subscriptionMounts {
+		if _, ok := c.state.BindMounts[mount.Destination]; !ok {
+			c.state.BindMounts[mount.Destination] = mount.Source
+		}
+	}
+
+	// Secrets are mounted by getting the secret data from the secrets manager,
+	// copying the data into the container's static dir,
+	// then mounting the copied dir into /run/secrets.
+	// The secrets mounting must come after subscription mounts, since subscription mounts
+	// creates the /run/secrets dir in the container where we mount as well.
+	if len(c.Secrets()) > 0 {
+		// create /run/secrets if subscriptions did not create
+		if err := c.createSecretMountDir(); err != nil {
+			return fmt.Errorf("creating secrets mount: %w", err)
+		}
+		for _, secret := range c.Secrets() {
+			secretFileName := secret.Name
+			base := "/run/secrets"
+			if secret.Target != "" {
+				secretFileName = secret.Target
+				// If absolute path for target given remove base.
+				if filepath.IsAbs(secretFileName) {
+					base = ""
+				}
+			}
+			src := filepath.Join(c.config.SecretsPath, secret.Name)
+			dest := filepath.Join(base, secretFileName)
+			c.state.BindMounts[dest] = src
+		}
+	}
+
+	return c.makePlatformBindMounts()
+}
+
+// generateResolvConf generates a containers resolv.conf
+func (c *Container) generateResolvConf() error {
+	var (
+		networkNameServers   []string
+		networkSearchDomains []string
+	)
+
+	netStatus := c.getNetworkStatus()
+	for _, status := range netStatus {
+		if status.DNSServerIPs != nil {
+			for _, nsIP := range status.DNSServerIPs {
+				networkNameServers = append(networkNameServers, nsIP.String())
+			}
+			logrus.Debugf("Adding nameserver(s) from network status of '%q'", status.DNSServerIPs)
+		}
+		if status.DNSSearchDomains != nil {
+			networkSearchDomains = append(networkSearchDomains, status.DNSSearchDomains...)
+			logrus.Debugf("Adding search domain(s) from network status of '%q'", status.DNSSearchDomains)
+		}
+	}
+
+	ipv6, err := c.checkForIPv6(netStatus)
+	if err != nil {
+		return err
+	}
+
+	nameservers := make([]string, 0, len(c.runtime.config.Containers.DNSServers)+len(c.config.DNSServer))
+	nameservers = append(nameservers, c.runtime.config.Containers.DNSServers...)
+	for _, ip := range c.config.DNSServer {
+		nameservers = append(nameservers, ip.String())
+	}
+	// If the user provided dns, it trumps all; then dns masq; then resolv.conf
+	var search []string
+	keepHostServers := false
+	if len(nameservers) == 0 {
+		keepHostServers = true
+		// first add the nameservers from the networks status
+		nameservers = networkNameServers
+		// when we add network dns server we also have to add the search domains
+		search = networkSearchDomains
+		// slirp4netns has a built in DNS forwarder.
+		nameservers = c.addSlirp4netnsDNS(nameservers)
+	}
+
+	if len(c.config.DNSSearch) > 0 || len(c.runtime.config.Containers.DNSSearches) > 0 {
+		customSearch := make([]string, 0, len(c.config.DNSSearch)+len(c.runtime.config.Containers.DNSSearches))
+		customSearch = append(customSearch, c.runtime.config.Containers.DNSSearches...)
+		customSearch = append(customSearch, c.config.DNSSearch...)
+		search = customSearch
+	}
+
+	options := make([]string, 0, len(c.config.DNSOption)+len(c.runtime.config.Containers.DNSOptions))
+	options = append(options, c.runtime.config.Containers.DNSOptions...)
+	options = append(options, c.config.DNSOption...)
+
+	destPath := filepath.Join(c.state.RunDir, "resolv.conf")
+
+	var namespaces []spec.LinuxNamespace
+	if c.config.Spec.Linux != nil {
+		namespaces = c.config.Spec.Linux.Namespaces
+	}
+
+	if err := resolvconf.New(&resolvconf.Params{
+		IPv6Enabled:     ipv6,
+		KeepHostServers: keepHostServers,
+		Nameservers:     nameservers,
+		Namespaces:      namespaces,
+		Options:         options,
+		Path:            destPath,
+		Searches:        search,
+	}); err != nil {
+		return fmt.Errorf("building resolv.conf for container %s: %w", c.ID(), err)
+	}
+
+	return c.bindMountRootFile(destPath, resolvconf.DefaultResolvConf)
+}
+
+// Check if a container uses IPv6.
+func (c *Container) checkForIPv6(netStatus map[string]types.StatusBlock) (bool, error) {
+	for _, status := range netStatus {
+		for _, netInt := range status.Interfaces {
+			for _, netAddress := range netInt.Subnets {
+				// Note: only using To16() does not work since it also returns a valid ip for ipv4
+				if netAddress.IPNet.IP.To4() == nil && netAddress.IPNet.IP.To16() != nil {
+					return true, nil
+				}
+			}
+		}
+	}
+
+	return c.isSlirp4netnsIPv6()
+}
+
+// Add a new nameserver to the container's resolv.conf, ensuring that it is the
+// first nameserver present.
+// Usable only with running containers.
+func (c *Container) addNameserver(ips []string) error {
+	// Take no action if container is not running.
+	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
+		return nil
+	}
+
+	// Do we have a resolv.conf at all?
+	path, ok := c.state.BindMounts[resolvconf.DefaultResolvConf]
+	if !ok {
+		return nil
+	}
+
+	if err := resolvconf.Add(path, ips); err != nil {
+		return fmt.Errorf("adding new nameserver to container %s resolv.conf: %w", c.ID(), err)
+	}
+
+	return nil
+}
+
+// Remove an entry from the existing resolv.conf of the container.
+// Usable only with running containers.
+func (c *Container) removeNameserver(ips []string) error {
+	// Take no action if container is not running.
+	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
+		return nil
+	}
+
+	// Do we have a resolv.conf at all?
+	path, ok := c.state.BindMounts[resolvconf.DefaultResolvConf]
+	if !ok {
+		return nil
+	}
+
+	if err := resolvconf.Remove(path, ips); err != nil {
+		return fmt.Errorf("removing nameservers from container %s resolv.conf: %w", c.ID(), err)
+	}
+
+	return nil
+}
+
+func getLocalhostHostEntry(c *Container) etchosts.HostEntries {
+	return etchosts.HostEntries{{IP: "127.0.0.1", Names: []string{c.Hostname(), c.config.Name}}}
+}
+
+// getHostsEntries returns the container ip host entries for the correct netmode
+func (c *Container) getHostsEntries() (etchosts.HostEntries, error) {
+	var entries etchosts.HostEntries
+	names := []string{c.Hostname(), c.config.Name}
+	switch {
+	case c.config.NetMode.IsBridge():
+		entries = etchosts.GetNetworkHostEntries(c.state.NetworkStatus, names...)
+	case c.config.NetMode.IsSlirp4netns():
+		ip, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
+		if err != nil {
+			return nil, err
+		}
+		entries = etchosts.HostEntries{{IP: ip.String(), Names: names}}
+	default:
+		if c.hasNetNone() {
+			entries = etchosts.HostEntries{{IP: "127.0.0.1", Names: names}}
+		}
+	}
+	return entries, nil
+}
+
+func (c *Container) createHosts() error {
+	var containerIPsEntries etchosts.HostEntries
+	var err error
+	// if we configure the netns after the container create we should not add
+	// the hosts here since we have no information about the actual ips
+	// instead we will add them in c.completeNetworkSetup()
+	if !c.config.PostConfigureNetNS {
+		containerIPsEntries, err = c.getHostsEntries()
+		if err != nil {
+			return fmt.Errorf("failed to get container ip host entries: %w", err)
+		}
+	}
+	baseHostFile, err := etchosts.GetBaseHostFile(c.runtime.config.Containers.BaseHostsFile, c.state.Mountpoint)
+	if err != nil {
+		return err
+	}
+
+	targetFile := filepath.Join(c.state.RunDir, "hosts")
+	err = etchosts.New(&etchosts.Params{
+		BaseFile:                 baseHostFile,
+		ExtraHosts:               c.config.HostAdd,
+		ContainerIPs:             containerIPsEntries,
+		HostContainersInternalIP: etchosts.GetHostContainersInternalIP(c.runtime.config, c.state.NetworkStatus, c.runtime.network),
+		TargetFile:               targetFile,
+	})
+	if err != nil {
+		return err
+	}
+
+	return c.bindMountRootFile(targetFile, config.DefaultHostsFile)
+}
+
+// bindMountRootFile will chown and relabel the source file to make it usable in the container.
+// It will also add the path to the container bind mount map.
+// source is the path on the host, dest is the path in the container.
+func (c *Container) bindMountRootFile(source, dest string) error {
+	if err := os.Chown(source, c.RootUID(), c.RootGID()); err != nil {
+		return err
+	}
+	if err := label.Relabel(source, c.MountLabel(), false); err != nil {
+		return err
+	}
+
+	return c.mountIntoRootDirs(dest, source)
+}
+
+// generateGroupEntry generates an entry or entries into /etc/group as
+// required by container configuration.
+// Generally speaking, we will make an entry under two circumstances:
+//  1. The container is started as a specific user:group, and that group is both
+//     numeric, and does not already exist in /etc/group.
+//  2. It is requested that Libpod add the group that launched Podman to
+//     /etc/group via AddCurrentUserPasswdEntry (though this does not trigger if
+//     the group in question already exists in /etc/passwd).
+//
+// Returns group entry (as a string that can be appended to /etc/group) and any
+// error that occurred.
+func (c *Container) generateGroupEntry() (string, error) {
+	groupString := ""
+
+	// Things we *can't* handle: adding the user we added in
+	// generatePasswdEntry to any *existing* groups.
+	addedGID := 0
+	if c.config.AddCurrentUserPasswdEntry {
+		entry, gid, err := c.generateCurrentUserGroupEntry()
+		if err != nil {
+			return "", err
+		}
+		groupString += entry
+		addedGID = gid
+	}
+	if c.config.User != "" {
+		entry, err := c.generateUserGroupEntry(addedGID)
+		if err != nil {
+			return "", err
+		}
+		groupString += entry
+	}
+
+	return groupString, nil
+}
+
+// Make an entry in /etc/group for the group of the user running podman iff we
+// are rootless.
+func (c *Container) generateCurrentUserGroupEntry() (string, int, error) {
+	gid := rootless.GetRootlessGID()
+	if gid == 0 {
+		return "", 0, nil
+	}
+
+	g, err := user.LookupGroupId(strconv.Itoa(gid))
+	if err != nil {
+		return "", 0, fmt.Errorf("failed to get current group: %w", err)
+	}
+
+	// Look up group name to see if it exists in the image.
+	_, err = lookup.GetGroup(c.state.Mountpoint, g.Name)
+	if err != runcuser.ErrNoGroupEntries {
+		return "", 0, err
+	}
+
+	// Look up GID to see if it exists in the image.
+	_, err = lookup.GetGroup(c.state.Mountpoint, g.Gid)
+	if err != runcuser.ErrNoGroupEntries {
+		return "", 0, err
+	}
+
+	// We need to get the username of the rootless user so we can add it to
+	// the group.
+	username := ""
+	uid := rootless.GetRootlessUID()
+	if uid != 0 {
+		u, err := user.LookupId(strconv.Itoa(uid))
+		if err != nil {
+			return "", 0, fmt.Errorf("failed to get current user to make group entry: %w", err)
+		}
+		username = u.Username
+	}
+
+	// Make the entry.
+	return fmt.Sprintf("%s:x:%s:%s\n", g.Name, g.Gid, username), gid, nil
+}
+
+// Make an entry in /etc/group for the group the container was specified to run
+// as.
+func (c *Container) generateUserGroupEntry(addedGID int) (string, error) {
+	if c.config.User == "" {
+		return "", nil
+	}
+
+	splitUser := strings.SplitN(c.config.User, ":", 2)
+	group := splitUser[0]
+	if len(splitUser) > 1 {
+		group = splitUser[1]
+	}
+
+	gid, err := strconv.ParseUint(group, 10, 32)
+	if err != nil {
+		return "", nil //nolint: nilerr
+	}
+
+	if addedGID != 0 && addedGID == int(gid) {
+		return "", nil
+	}
+
+	// Check if the group already exists
+	_, err = lookup.GetGroup(c.state.Mountpoint, group)
+	if err != runcuser.ErrNoGroupEntries {
+		return "", err
+	}
+
+	return fmt.Sprintf("%d:x:%d:%s\n", gid, gid, splitUser[0]), nil
+}
+
+// generatePasswdEntry generates an entry or entries into /etc/passwd as
+// required by container configuration.
+// Generally speaking, we will make an entry under two circumstances:
+//  1. The container is started as a specific user who is not in /etc/passwd.
+//     This only triggers if the user is given as a *numeric* ID.
+//  2. It is requested that Libpod add the user that launched Podman to
+//     /etc/passwd via AddCurrentUserPasswdEntry (though this does not trigger if
+//     the user in question already exists in /etc/passwd) or the UID to be added
+//     is 0).
+//  3. The user specified additional host user accounts to add the the /etc/passwd file
+//
+// Returns password entry (as a string that can be appended to /etc/passwd) and
+// any error that occurred.
+func (c *Container) generatePasswdEntry() (string, error) {
+	passwdString := ""
+
+	addedUID := 0
+	for _, userid := range c.config.HostUsers {
+		// Look up User on host
+		u, err := util.LookupUser(userid)
+		if err != nil {
+			return "", err
+		}
+		entry, err := c.userPasswdEntry(u)
+		if err != nil {
+			return "", err
+		}
+		passwdString += entry
+	}
+	if c.config.AddCurrentUserPasswdEntry {
+		entry, uid, _, err := c.generateCurrentUserPasswdEntry()
+		if err != nil {
+			return "", err
+		}
+		passwdString += entry
+		addedUID = uid
+	}
+	if c.config.User != "" {
+		entry, err := c.generateUserPasswdEntry(addedUID)
+		if err != nil {
+			return "", err
+		}
+		passwdString += entry
+	}
+
+	return passwdString, nil
+}
+
+// generateCurrentUserPasswdEntry generates an /etc/passwd entry for the user
+// running the container engine.
+// Returns a passwd entry for the user, and the UID and GID of the added entry.
+func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) {
+	uid := rootless.GetRootlessUID()
+	if uid == 0 {
+		return "", 0, 0, nil
+	}
+
+	u, err := user.LookupId(strconv.Itoa(uid))
+	if err != nil {
+		return "", 0, 0, fmt.Errorf("failed to get current user: %w", err)
+	}
+	pwd, err := c.userPasswdEntry(u)
+	if err != nil {
+		return "", 0, 0, err
+	}
+
+	return pwd, uid, rootless.GetRootlessGID(), nil
+}
+
+func (c *Container) userPasswdEntry(u *user.User) (string, error) {
+	// Look up the user to see if it exists in the container image.
+	_, err := lookup.GetUser(c.state.Mountpoint, u.Username)
+	if err != runcuser.ErrNoPasswdEntries {
+		return "", err
+	}
+
+	// Look up the UID to see if it exists in the container image.
+	_, err = lookup.GetUser(c.state.Mountpoint, u.Uid)
+	if err != runcuser.ErrNoPasswdEntries {
+		return "", err
+	}
+
+	// If the user's actual home directory exists, or was mounted in - use
+	// that.
+	homeDir := c.WorkingDir()
+	hDir := u.HomeDir
+	for hDir != "/" {
+		if MountExists(c.config.Spec.Mounts, hDir) {
+			homeDir = u.HomeDir
+			break
+		}
+		hDir = filepath.Dir(hDir)
+	}
+	if homeDir != u.HomeDir {
+		for _, hDir := range c.UserVolumes() {
+			if hDir == u.HomeDir {
+				homeDir = u.HomeDir
+				break
+			}
+		}
+	}
+	// Set HOME environment if not already set
+	hasHomeSet := false
+	for _, s := range c.config.Spec.Process.Env {
+		if strings.HasPrefix(s, "HOME=") {
+			hasHomeSet = true
+			break
+		}
+	}
+	if !hasHomeSet {
+		c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
+	}
+	if c.config.PasswdEntry != "" {
+		return c.passwdEntry(u.Username, u.Uid, u.Gid, u.Name, homeDir), nil
+	}
+
+	return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), nil
+}
+
+// generateUserPasswdEntry generates an /etc/passwd entry for the container user
+// to run in the container.
+// The UID and GID of the added entry will also be returned.
+// Accepts one argument, that being any UID that has already been added to the
+// passwd file by other functions; if it matches the UID we were given, we don't
+// need to do anything.
+func (c *Container) generateUserPasswdEntry(addedUID int) (string, error) {
+	var (
+		groupspec string
+		gid       int
+	)
+	if c.config.User == "" {
+		return "", nil
+	}
+	splitSpec := strings.SplitN(c.config.User, ":", 2)
+	userspec := splitSpec[0]
+	if len(splitSpec) > 1 {
+		groupspec = splitSpec[1]
+	}
+	// If a non numeric User, then don't generate passwd
+	uid, err := strconv.ParseUint(userspec, 10, 32)
+	if err != nil {
+		return "", nil //nolint: nilerr
+	}
+
+	if addedUID != 0 && int(uid) == addedUID {
+		return "", nil
+	}
+
+	// Look up the user to see if it exists in the container image
+	_, err = lookup.GetUser(c.state.Mountpoint, userspec)
+	if err != runcuser.ErrNoPasswdEntries {
+		return "", err
+	}
+
+	if groupspec != "" {
+		ugid, err := strconv.ParseUint(groupspec, 10, 32)
+		if err == nil {
+			gid = int(ugid)
+		} else {
+			group, err := lookup.GetGroup(c.state.Mountpoint, groupspec)
+			if err != nil {
+				return "", fmt.Errorf("unable to get gid %s from group file: %w", groupspec, err)
+			}
+			gid = group.Gid
+		}
+	}
+
+	if c.config.PasswdEntry != "" {
+		entry := c.passwdEntry(fmt.Sprintf("%d", uid), fmt.Sprintf("%d", uid), fmt.Sprintf("%d", gid), "container user", c.WorkingDir())
+		return entry, nil
+	}
+
+	return fmt.Sprintf("%d:*:%d:%d:container user:%s:/bin/sh\n", uid, uid, gid, c.WorkingDir()), nil
+}
+
+func (c *Container) passwdEntry(username string, uid, gid, name, homeDir string) string {
+	s := c.config.PasswdEntry
+	s = strings.ReplaceAll(s, "$USERNAME", username)
+	s = strings.ReplaceAll(s, "$UID", uid)
+	s = strings.ReplaceAll(s, "$GID", gid)
+	s = strings.ReplaceAll(s, "$NAME", name)
+	s = strings.ReplaceAll(s, "$HOME", homeDir)
+	return s + "\n"
+}
+
+// generatePasswdAndGroup generates container-specific passwd and group files
+// iff g.config.User is a number or we are configured to make a passwd entry for
+// the current user or the user specified HostsUsers
+// Returns path to file to mount at /etc/passwd, path to file to mount at
+// /etc/group, and any error that occurred. If no passwd/group file were
+// required, the empty string will be returned for those path (this may occur
+// even if no error happened).
+// This may modify the mounted container's /etc/passwd and /etc/group instead of
+// making copies to bind-mount in, so we don't break useradd (it wants to make a
+// copy of /etc/passwd and rename the copy to /etc/passwd, which is impossible
+// with a bind mount). This is done in cases where the container is *not*
+// read-only. In this case, the function will return nothing ("", "", nil).
+func (c *Container) generatePasswdAndGroup() (string, string, error) {
+	if !c.config.AddCurrentUserPasswdEntry && c.config.User == "" &&
+		len(c.config.HostUsers) == 0 {
+		return "", "", nil
+	}
+
+	needPasswd := true
+	needGroup := true
+
+	// First, check if there's a mount at /etc/passwd or group, we don't
+	// want to interfere with user mounts.
+	if MountExists(c.config.Spec.Mounts, "/etc/passwd") {
+		needPasswd = false
+	}
+	if MountExists(c.config.Spec.Mounts, "/etc/group") {
+		needGroup = false
+	}
+
+	// Next, check if we already made the files. If we didn't, don't need to
+	// do anything more.
+	if needPasswd {
+		passwdPath := filepath.Join(c.config.StaticDir, "passwd")
+		if _, err := os.Stat(passwdPath); err == nil {
+			needPasswd = false
+		}
+	}
+	if needGroup {
+		groupPath := filepath.Join(c.config.StaticDir, "group")
+		if _, err := os.Stat(groupPath); err == nil {
+			needGroup = false
+		}
+	}
+
+	// If we don't need a /etc/passwd or /etc/group at this point we can
+	// just return.
+	if !needPasswd && !needGroup {
+		return "", "", nil
+	}
+
+	passwdPath := ""
+	groupPath := ""
+
+	ro := c.IsReadOnly()
+
+	if needPasswd {
+		passwdEntry, err := c.generatePasswdEntry()
+		if err != nil {
+			return "", "", err
+		}
+
+		needsWrite := passwdEntry != ""
+		switch {
+		case ro && needsWrite:
+			logrus.Debugf("Making /etc/passwd for container %s", c.ID())
+			originPasswdFile, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/passwd")
+			if err != nil {
+				return "", "", fmt.Errorf("creating path to container %s /etc/passwd: %w", c.ID(), err)
+			}
+			orig, err := ioutil.ReadFile(originPasswdFile)
+			if err != nil && !os.IsNotExist(err) {
+				return "", "", err
+			}
+			passwdFile, err := c.writeStringToStaticDir("passwd", string(orig)+passwdEntry)
+			if err != nil {
+				return "", "", fmt.Errorf("failed to create temporary passwd file: %w", err)
+			}
+			if err := os.Chmod(passwdFile, 0644); err != nil {
+				return "", "", err
+			}
+			passwdPath = passwdFile
+		case !ro && needsWrite:
+			logrus.Debugf("Modifying container %s /etc/passwd", c.ID())
+			containerPasswd, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/passwd")
+			if err != nil {
+				return "", "", fmt.Errorf("looking up location of container %s /etc/passwd: %w", c.ID(), err)
+			}
+
+			f, err := os.OpenFile(containerPasswd, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+			if err != nil {
+				return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
+			}
+			defer f.Close()
+
+			if _, err := f.WriteString(passwdEntry); err != nil {
+				return "", "", fmt.Errorf("unable to append to container %s /etc/passwd: %w", c.ID(), err)
+			}
+		default:
+			logrus.Debugf("Not modifying container %s /etc/passwd", c.ID())
+		}
+	}
+	if needGroup {
+		groupEntry, err := c.generateGroupEntry()
+		if err != nil {
+			return "", "", err
+		}
+
+		needsWrite := groupEntry != ""
+		switch {
+		case ro && needsWrite:
+			logrus.Debugf("Making /etc/group for container %s", c.ID())
+			originGroupFile, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/group")
+			if err != nil {
+				return "", "", fmt.Errorf("creating path to container %s /etc/group: %w", c.ID(), err)
+			}
+			orig, err := ioutil.ReadFile(originGroupFile)
+			if err != nil && !os.IsNotExist(err) {
+				return "", "", err
+			}
+			groupFile, err := c.writeStringToStaticDir("group", string(orig)+groupEntry)
+			if err != nil {
+				return "", "", fmt.Errorf("failed to create temporary group file: %w", err)
+			}
+			if err := os.Chmod(groupFile, 0644); err != nil {
+				return "", "", err
+			}
+			groupPath = groupFile
+		case !ro && needsWrite:
+			logrus.Debugf("Modifying container %s /etc/group", c.ID())
+			containerGroup, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/group")
+			if err != nil {
+				return "", "", fmt.Errorf("looking up location of container %s /etc/group: %w", c.ID(), err)
+			}
+
+			f, err := os.OpenFile(containerGroup, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+			if err != nil {
+				return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
+			}
+			defer f.Close()
+
+			if _, err := f.WriteString(groupEntry); err != nil {
+				return "", "", fmt.Errorf("unable to append to container %s /etc/group: %w", c.ID(), err)
+			}
+		default:
+			logrus.Debugf("Not modifying container %s /etc/group", c.ID())
+		}
+	}
+
+	return passwdPath, groupPath, nil
+}
+
+func (c *Container) copyTimezoneFile(zonePath string) (string, error) {
+	localtimeCopy := filepath.Join(c.state.RunDir, "localtime")
+	file, err := os.Stat(zonePath)
+	if err != nil {
+		return "", err
+	}
+	if file.IsDir() {
+		return "", errors.New("invalid timezone: is a directory")
+	}
+	src, err := os.Open(zonePath)
+	if err != nil {
+		return "", err
+	}
+	defer src.Close()
+	dest, err := os.Create(localtimeCopy)
+	if err != nil {
+		return "", err
+	}
+	defer dest.Close()
+	_, err = io.Copy(dest, src)
+	if err != nil {
+		return "", err
+	}
+	if err := c.relabel(localtimeCopy, c.config.MountLabel, false); err != nil {
+		return "", err
+	}
+	if err := dest.Chown(c.RootUID(), c.RootGID()); err != nil {
+		return "", err
+	}
+	return localtimeCopy, err
+}
+
+func (c *Container) cleanupOverlayMounts() error {
+	return overlay.CleanupContent(c.config.StaticDir)
+}
+
+// Creates and mounts an empty dir to mount secrets into, if it does not already exist
+func (c *Container) createSecretMountDir() error {
+	src := filepath.Join(c.state.RunDir, "/run/secrets")
+	_, err := os.Stat(src)
+	if os.IsNotExist(err) {
+		oldUmask := umask.Set(0)
+		defer umask.Set(oldUmask)
+
+		if err := os.MkdirAll(src, 0755); err != nil {
+			return err
+		}
+		if err := label.Relabel(src, c.config.MountLabel, false); err != nil {
+			return err
+		}
+		if err := os.Chown(src, c.RootUID(), c.RootGID()); err != nil {
+			return err
+		}
+		c.state.BindMounts["/run/secrets"] = src
+		return nil
+	}
+
+	return err
+}
+
+// Fix ownership and permissions of the specified volume if necessary.
+func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
+	vol, err := c.runtime.state.Volume(v.Name)
+	if err != nil {
+		return fmt.Errorf("retrieving named volume %s for container %s: %w", v.Name, c.ID(), err)
+	}
+
+	vol.lock.Lock()
+	defer vol.lock.Unlock()
+
+	// The volume may need a copy-up. Check the state.
+	if err := vol.update(); err != nil {
+		return err
+	}
+
+	// Volumes owned by a volume driver are not chowned - we don't want to
+	// mess with a mount not managed by us.
+	if vol.state.NeedsChown && !vol.UsesVolumeDriver() {
+		vol.state.NeedsChown = false
+
+		uid := int(c.config.Spec.Process.User.UID)
+		gid := int(c.config.Spec.Process.User.GID)
+
+		if c.config.IDMappings.UIDMap != nil {
+			p := idtools.IDPair{
+				UID: uid,
+				GID: gid,
+			}
+			mappings := idtools.NewIDMappingsFromMaps(c.config.IDMappings.UIDMap, c.config.IDMappings.GIDMap)
+			newPair, err := mappings.ToHost(p)
+			if err != nil {
+				return fmt.Errorf("mapping user %d:%d: %w", uid, gid, err)
+			}
+			uid = newPair.UID
+			gid = newPair.GID
+		}
+
+		vol.state.UIDChowned = uid
+		vol.state.GIDChowned = gid
+
+		if err := vol.save(); err != nil {
+			return err
+		}
+
+		mountPoint, err := vol.MountPoint()
+		if err != nil {
+			return err
+		}
+
+		if err := os.Lchown(mountPoint, uid, gid); err != nil {
+			return err
+		}
+
+		// Make sure the new volume matches the permissions of the target directory.
+		// https://github.com/containers/podman/issues/10188
+		st, err := os.Lstat(filepath.Join(c.state.Mountpoint, v.Dest))
+		if err == nil {
+			if stat, ok := st.Sys().(*syscall.Stat_t); ok {
+				if err := os.Lchown(mountPoint, int(stat.Uid), int(stat.Gid)); err != nil {
+					return err
+				}
+			}
+			if err := os.Chmod(mountPoint, st.Mode()); err != nil {
+				return err
+			}
+			if err := setVolumeAtime(mountPoint, st); err != nil {
+				return err
+			}
+		} else if !os.IsNotExist(err) {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *Container) relabel(src, mountLabel string, recurse bool) error {
+	if !selinux.GetEnabled() || mountLabel == "" {
+		return nil
+	}
+	// only relabel on initial creation of container
+	if !c.ensureState(define.ContainerStateConfigured, define.ContainerStateUnknown) {
+		label, err := label.FileLabel(src)
+		if err != nil {
+			return err
+		}
+		// If labels are different, might be on a tmpfs
+		if label == mountLabel {
+			return nil
+		}
+	}
+	return label.Relabel(src, mountLabel, recurse)
+}
+
+func (c *Container) ChangeHostPathOwnership(src string, recurse bool, uid, gid int) error {
+	// only chown on initial creation of container
+	if !c.ensureState(define.ContainerStateConfigured, define.ContainerStateUnknown) {
+		st, err := os.Stat(src)
+		if err != nil {
+			return err
+		}
+
+		// If labels are different, might be on a tmpfs
+		if int(st.Sys().(*syscall.Stat_t).Uid) == uid && int(st.Sys().(*syscall.Stat_t).Gid) == gid {
+			return nil
+		}
+	}
+	return chown.ChangeHostPathOwnership(src, recurse, uid, gid)
+}
diff --git a/libpod/container_internal_freebsd.go b/libpod/container_internal_freebsd.go
new file mode 100644
index 000000000..67f87a98d
--- /dev/null
+++ b/libpod/container_internal_freebsd.go
@@ -0,0 +1,274 @@
+//go:build freebsd
+// +build freebsd
+
+package libpod
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/podman/v4/pkg/rootless"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+var (
+	bindOptions = []string{}
+)
+
+func (c *Container) mountSHM(shmOptions string) error {
+	return nil
+}
+
+func (c *Container) unmountSHM(path string) error {
+	return nil
+}
+
+// prepare mounts the container and sets up other required resources like net
+// namespaces
+func (c *Container) prepare() error {
+	var (
+		wg                              sync.WaitGroup
+		ctrNS                           *jailNetNS
+		networkStatus                   map[string]types.StatusBlock
+		createNetNSErr, mountStorageErr error
+		mountPoint                      string
+		tmpStateLock                    sync.Mutex
+	)
+
+	wg.Add(2)
+
+	go func() {
+		defer wg.Done()
+		// Set up network namespace if not already set up
+		noNetNS := c.state.NetNS == nil
+		if c.config.CreateNetNS && noNetNS && !c.config.PostConfigureNetNS {
+			ctrNS, networkStatus, createNetNSErr = c.runtime.createNetNS(c)
+			if createNetNSErr != nil {
+				return
+			}
+
+			tmpStateLock.Lock()
+			defer tmpStateLock.Unlock()
+
+			// Assign NetNS attributes to container
+			c.state.NetNS = ctrNS
+			c.state.NetworkStatus = networkStatus
+		}
+	}()
+	// Mount storage if not mounted
+	go func() {
+		defer wg.Done()
+		mountPoint, mountStorageErr = c.mountStorage()
+
+		if mountStorageErr != nil {
+			return
+		}
+
+		tmpStateLock.Lock()
+		defer tmpStateLock.Unlock()
+
+		// Finish up mountStorage
+		c.state.Mounted = true
+		c.state.Mountpoint = mountPoint
+
+		logrus.Debugf("Created root filesystem for container %s at %s", c.ID(), c.state.Mountpoint)
+	}()
+
+	wg.Wait()
+
+	var createErr error
+	if mountStorageErr != nil {
+		if createErr != nil {
+			logrus.Errorf("Preparing container %s: %v", c.ID(), createErr)
+		}
+		createErr = mountStorageErr
+	}
+
+	if createErr != nil {
+		return createErr
+	}
+
+	// Save changes to container state
+	if err := c.save(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// cleanupNetwork unmounts and cleans up the container's network
+func (c *Container) cleanupNetwork() error {
+	if c.config.NetNsCtr != "" {
+		return nil
+	}
+	netDisabled, err := c.NetworkDisabled()
+	if err != nil {
+		return err
+	}
+	if netDisabled {
+		return nil
+	}
+
+	// Stop the container's network namespace (if it has one)
+	if err := c.runtime.teardownNetNS(c); err != nil {
+		logrus.Errorf("Unable to cleanup network for container %s: %q", c.ID(), err)
+	}
+
+	if c.valid {
+		return c.save()
+	}
+
+	return nil
+}
+
+// reloadNetwork reloads the network for the given container, recreating
+// firewall rules.
+func (c *Container) reloadNetwork() error {
+	result, err := c.runtime.reloadContainerNetwork(c)
+	if err != nil {
+		return err
+	}
+
+	c.state.NetworkStatus = result
+
+	return c.save()
+}
+
+// Add an existing container's network jail
+func (c *Container) addNetworkContainer(g *generate.Generator, ctr string) error {
+	nsCtr, err := c.runtime.state.Container(ctr)
+	c.runtime.state.UpdateContainer(nsCtr)
+	if err != nil {
+		return fmt.Errorf("retrieving dependency %s of container %s from state: %w", ctr, c.ID(), err)
+	}
+	g.AddAnnotation("org.freebsd.parentJail", nsCtr.state.NetNS.Name)
+	return nil
+}
+
+func isRootlessCgroupSet(cgroup string) bool {
+	return false
+}
+
+func (c *Container) expectPodCgroup() (bool, error) {
+	return false, nil
+}
+
+func (c *Container) getOCICgroupPath() (string, error) {
+	return "", nil
+}
+
+func openDirectory(path string) (fd int, err error) {
+	const O_PATH = 0x00400000
+	return unix.Open(path, unix.O_RDONLY|O_PATH, 0)
+}
+
+func (c *Container) addNetworkNamespace(g *generate.Generator) error {
+	if c.config.CreateNetNS {
+		g.AddAnnotation("org.freebsd.parentJail", c.state.NetNS.Name)
+	}
+	return nil
+}
+
+func (c *Container) addSystemdMounts(g *generate.Generator) error {
+	return nil
+}
+
+func (c *Container) addSharedNamespaces(g *generate.Generator) error {
+	if c.config.NetNsCtr != "" {
+		if err := c.addNetworkContainer(g, c.config.NetNsCtr); err != nil {
+			return err
+		}
+	}
+
+	availableUIDs, availableGIDs, err := rootless.GetAvailableIDMaps()
+	if err != nil {
+		if os.IsNotExist(err) {
+			// The kernel-provided files only exist if user namespaces are supported
+			logrus.Debugf("User or group ID mappings not available: %s", err)
+		} else {
+			return err
+		}
+	} else {
+		g.Config.Linux.UIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.UIDMappings, availableUIDs)
+		g.Config.Linux.GIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.GIDMappings, availableGIDs)
+	}
+
+	// Hostname handling:
+	// If we have a UTS namespace, set Hostname in the OCI spec.
+	// Set the HOSTNAME environment variable unless explicitly overridden by
+	// the user (already present in OCI spec). If we don't have a UTS ns,
+	// set it to the host's hostname instead.
+	hostname := c.Hostname()
+	foundUTS := false
+
+	// TODO: make this optional, needs progress on adding FreeBSD section to the spec
+	foundUTS = true
+	g.SetHostname(hostname)
+
+	if !foundUTS {
+		tmpHostname, err := os.Hostname()
+		if err != nil {
+			return err
+		}
+		hostname = tmpHostname
+	}
+	needEnv := true
+	for _, checkEnv := range g.Config.Process.Env {
+		if strings.SplitN(checkEnv, "=", 2)[0] == "HOSTNAME" {
+			needEnv = false
+			break
+		}
+	}
+	if needEnv {
+		g.AddProcessEnv("HOSTNAME", hostname)
+	}
+	return nil
+}
+
+func (c *Container) addRootPropagation(g *generate.Generator, mounts []spec.Mount) error {
+	return nil
+}
+
+func (c *Container) setProcessLabel(g *generate.Generator) {
+}
+
+func (c *Container) setMountLabel(g *generate.Generator) {
+}
+
+func (c *Container) setCgroupsPath(g *generate.Generator) error {
+	return nil
+}
+
+func (c *Container) addSlirp4netnsDNS(nameservers []string) []string {
+	return nameservers
+}
+
+func (c *Container) isSlirp4netnsIPv6() (bool, error) {
+	return false, nil
+}
+
+// check for net=none
+func (c *Container) hasNetNone() bool {
+	return c.state.NetNS == nil
+}
+
+func setVolumeAtime(mountPoint string, st os.FileInfo) error {
+	stat := st.Sys().(*syscall.Stat_t)
+	atime := time.Unix(int64(stat.Atimespec.Sec), int64(stat.Atimespec.Nsec)) //nolint: unconvert
+	if err := os.Chtimes(mountPoint, atime, st.ModTime()); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *Container) makePlatformBindMounts() error {
+	return nil
+}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index a131ab367..ef8649776 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -4,64 +4,34 @@
 package libpod
 
 import (
-	"context"
 	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
-	"math"
 	"os"
-	"os/user"
 	"path"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"sync"
 	"syscall"
 	"time"
 
-	metadata "github.com/checkpoint-restore/checkpointctl/lib"
-	"github.com/checkpoint-restore/go-criu/v5/stats"
-	cdi "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 	"github.com/containernetworking/plugins/pkg/ns"
-	"github.com/containers/buildah"
-	"github.com/containers/buildah/pkg/chrootuser"
-	"github.com/containers/buildah/pkg/overlay"
-	butil "github.com/containers/buildah/util"
-	"github.com/containers/common/libnetwork/etchosts"
-	"github.com/containers/common/libnetwork/resolvconf"
 	"github.com/containers/common/libnetwork/types"
-	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/cgroups"
-	"github.com/containers/common/pkg/chown"
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/common/pkg/subscriptions"
-	"github.com/containers/common/pkg/umask"
-	cutil "github.com/containers/common/pkg/util"
-	is "github.com/containers/image/v5/storage"
 	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/libpod/events"
-	"github.com/containers/podman/v4/pkg/annotations"
-	"github.com/containers/podman/v4/pkg/checkpoint/crutils"
-	"github.com/containers/podman/v4/pkg/criu"
-	"github.com/containers/podman/v4/pkg/lookup"
 	"github.com/containers/podman/v4/pkg/rootless"
-	"github.com/containers/podman/v4/pkg/util"
 	"github.com/containers/podman/v4/utils"
-	"github.com/containers/podman/v4/version"
-	"github.com/containers/storage/pkg/archive"
-	"github.com/containers/storage/pkg/idtools"
-	"github.com/containers/storage/pkg/lockfile"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	runcuser "github.com/opencontainers/runc/libcontainer/user"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
-	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
+var (
+	bindOptions = []string{"bind", "rprivate"}
+)
+
 func (c *Container) mountSHM(shmOptions string) error {
 	if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV,
 		label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil {
@@ -73,7 +43,7 @@ func (c *Container) mountSHM(shmOptions string) error {
 func (c *Container) unmountSHM(mount string) error {
 	if err := unix.Unmount(mount, 0); err != nil {
 		if err != syscall.EINVAL && err != syscall.ENOENT {
-			return fmt.Errorf("error unmounting container %s SHM mount %s: %w", c.ID(), mount, err)
+			return fmt.Errorf("unmounting container %s SHM mount %s: %w", c.ID(), mount, err)
 		}
 		// If it's just an EINVAL or ENOENT, debug logs only
 		logrus.Debugf("Container %s failed to unmount %s : %v", c.ID(), mount, err)
@@ -152,7 +122,7 @@ func (c *Container) prepare() error {
 			// createErr is guaranteed non-nil, so print
 			// unconditionally
 			logrus.Errorf("Preparing container %s: %v", c.ID(), createErr)
-			createErr = fmt.Errorf("error unmounting storage for container %s after network create failure: %w", c.ID(), err)
+			createErr = fmt.Errorf("unmounting storage for container %s after network create failure: %w", c.ID(), err)
 		}
 	}
 
@@ -161,7 +131,7 @@ func (c *Container) prepare() error {
 	if createErr != nil {
 		if err := c.cleanupNetwork(); err != nil {
 			logrus.Errorf("Preparing container %s: %v", c.ID(), createErr)
-			createErr = fmt.Errorf("error cleaning up container %s network after setup failure: %w", c.ID(), err)
+			createErr = fmt.Errorf("cleaning up container %s network after setup failure: %w", c.ID(), err)
 		}
 	}
 
@@ -177,118 +147,6 @@ func (c *Container) prepare() error {
 	return nil
 }
 
-// isWorkDirSymlink returns true if resolved workdir is symlink or a chain of symlinks,
-// and final resolved target is present either on  volume, mount or inside of container
-// otherwise it returns false. Following function is meant for internal use only and
-// can change at any point of time.
-func (c *Container) isWorkDirSymlink(resolvedPath string) bool {
-	// We cannot create workdir since explicit --workdir is
-	// set in config but workdir could also be a symlink.
-	// If it's a symlink, check if the resolved target is present in the container.
-	// If so, that's a valid use case: return nil.
-
-	maxSymLinks := 0
-	for {
-		// Linux only supports a chain of 40 links.
-		// Reference: https://github.com/torvalds/linux/blob/master/include/linux/namei.h#L13
-		if maxSymLinks > 40 {
-			break
-		}
-		resolvedSymlink, err := os.Readlink(resolvedPath)
-		if err != nil {
-			// End sym-link resolution loop.
-			break
-		}
-		if resolvedSymlink != "" {
-			_, resolvedSymlinkWorkdir, err := c.resolvePath(c.state.Mountpoint, resolvedSymlink)
-			if isPathOnVolume(c, resolvedSymlinkWorkdir) || isPathOnBindMount(c, resolvedSymlinkWorkdir) {
-				// Resolved symlink exists on external volume or mount
-				return true
-			}
-			if err != nil {
-				// Could not resolve path so end sym-link resolution loop.
-				break
-			}
-			if resolvedSymlinkWorkdir != "" {
-				resolvedPath = resolvedSymlinkWorkdir
-				_, err := os.Stat(resolvedSymlinkWorkdir)
-				if err == nil {
-					// Symlink resolved successfully and resolved path exists on container,
-					// this is a valid use-case so return nil.
-					logrus.Debugf("Workdir is a symlink with target to %q and resolved symlink exists on container", resolvedSymlink)
-					return true
-				}
-			}
-		}
-		maxSymLinks++
-	}
-	return false
-}
-
-// resolveWorkDir resolves the container's workdir and, depending on the
-// configuration, will create it, or error out if it does not exist.
-// Note that the container must be mounted before.
-func (c *Container) resolveWorkDir() error {
-	workdir := c.WorkingDir()
-
-	// If the specified workdir is a subdir of a volume or mount,
-	// we don't need to do anything.  The runtime is taking care of
-	// that.
-	if isPathOnVolume(c, workdir) || isPathOnBindMount(c, workdir) {
-		logrus.Debugf("Workdir %q resolved to a volume or mount", workdir)
-		return nil
-	}
-
-	_, resolvedWorkdir, err := c.resolvePath(c.state.Mountpoint, workdir)
-	if err != nil {
-		return err
-	}
-	logrus.Debugf("Workdir %q resolved to host path %q", workdir, resolvedWorkdir)
-
-	st, err := os.Stat(resolvedWorkdir)
-	if err == nil {
-		if !st.IsDir() {
-			return fmt.Errorf("workdir %q exists on container %s, but is not a directory", workdir, c.ID())
-		}
-		return nil
-	}
-	if !c.config.CreateWorkingDir {
-		// No need to create it (e.g., `--workdir=/foo`), so let's make sure
-		// the path exists on the container.
-		if err != nil {
-			if os.IsNotExist(err) {
-				// If resolved Workdir path gets marked as a valid symlink,
-				// return nil cause this is valid use-case.
-				if c.isWorkDirSymlink(resolvedWorkdir) {
-					return nil
-				}
-				return fmt.Errorf("workdir %q does not exist on container %s", workdir, c.ID())
-			}
-			// This might be a serious error (e.g., permission), so
-			// we need to return the full error.
-			return fmt.Errorf("error detecting workdir %q on container %s: %w", workdir, c.ID(), err)
-		}
-		return nil
-	}
-	if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil {
-		if os.IsExist(err) {
-			return nil
-		}
-		return fmt.Errorf("error creating container %s workdir: %w", c.ID(), err)
-	}
-
-	// Ensure container entrypoint is created (if required).
-	uid, gid, _, err := chrootuser.GetUser(c.state.Mountpoint, c.User())
-	if err != nil {
-		return fmt.Errorf("error looking up %s inside of the container %s: %w", c.User(), c.ID(), err)
-	}
-	if err := os.Chown(resolvedWorkdir, int(uid), int(gid)); err != nil {
-		return fmt.Errorf("error chowning container %s workdir to container root: %w", c.ID(), err)
-	}
-
-	return nil
-}
-
 // cleanupNetwork unmounts and cleans up the container's network
 func (c *Container) cleanupNetwork() error {
 	if c.config.NetNsCtr != "" {
@@ -335,671 +193,6 @@ func (c *Container) reloadNetwork() error {
 	return c.save()
 }
 
-func (c *Container) getUserOverrides() *lookup.Overrides {
-	var hasPasswdFile, hasGroupFile bool
-	overrides := lookup.Overrides{}
-	for _, m := range c.config.Spec.Mounts {
-		if m.Destination == "/etc/passwd" {
-			overrides.ContainerEtcPasswdPath = m.Source
-			hasPasswdFile = true
-		}
-		if m.Destination == "/etc/group" {
-			overrides.ContainerEtcGroupPath = m.Source
-			hasGroupFile = true
-		}
-		if m.Destination == "/etc" {
-			if !hasPasswdFile {
-				overrides.ContainerEtcPasswdPath = filepath.Join(m.Source, "passwd")
-			}
-			if !hasGroupFile {
-				overrides.ContainerEtcGroupPath = filepath.Join(m.Source, "group")
-			}
-		}
-	}
-	if path, ok := c.state.BindMounts["/etc/passwd"]; ok {
-		overrides.ContainerEtcPasswdPath = path
-	}
-	return &overrides
-}
-
-func lookupHostUser(name string) (*runcuser.ExecUser, error) {
-	var execUser runcuser.ExecUser
-	// Look up User on host
-	u, err := util.LookupUser(name)
-	if err != nil {
-		return &execUser, err
-	}
-	uid, err := strconv.ParseUint(u.Uid, 8, 32)
-	if err != nil {
-		return &execUser, err
-	}
-
-	gid, err := strconv.ParseUint(u.Gid, 8, 32)
-	if err != nil {
-		return &execUser, err
-	}
-	execUser.Uid = int(uid)
-	execUser.Gid = int(gid)
-	execUser.Home = u.HomeDir
-	return &execUser, nil
-}
-
-// Internal only function which returns upper and work dir from
-// overlay options.
-func getOverlayUpperAndWorkDir(options []string) (string, string, error) {
-	upperDir := ""
-	workDir := ""
-	for _, o := range options {
-		if strings.HasPrefix(o, "upperdir") {
-			splitOpt := strings.SplitN(o, "=", 2)
-			if len(splitOpt) > 1 {
-				upperDir = splitOpt[1]
-				if upperDir == "" {
-					return "", "", errors.New("cannot accept empty value for upperdir")
-				}
-			}
-		}
-		if strings.HasPrefix(o, "workdir") {
-			splitOpt := strings.SplitN(o, "=", 2)
-			if len(splitOpt) > 1 {
-				workDir = splitOpt[1]
-				if workDir == "" {
-					return "", "", errors.New("cannot accept empty value for workdir")
-				}
-			}
-		}
-	}
-	if (upperDir != "" && workDir == "") || (upperDir == "" && workDir != "") {
-		return "", "", errors.New("must specify both upperdir and workdir")
-	}
-	return upperDir, workDir, nil
-}
-
-// Generate spec for a container
-// Accepts a map of the container's dependencies
-func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
-	overrides := c.getUserOverrides()
-	execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, c.config.User, overrides)
-	if err != nil {
-		if cutil.StringInSlice(c.config.User, c.config.HostUsers) {
-			execUser, err = lookupHostUser(c.config.User)
-		}
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	// NewFromSpec() is deprecated according to its comment
-	// however the recommended replace just causes a nil map panic
-	//nolint:staticcheck
-	g := generate.NewFromSpec(c.config.Spec)
-
-	// If the flag to mount all devices is set for a privileged container, add
-	// all the devices from the host's machine into the container
-	if c.config.MountAllDevices {
-		if err := util.AddPrivilegedDevices(&g); err != nil {
-			return nil, err
-		}
-	}
-
-	// If network namespace was requested, add it now
-	if c.config.CreateNetNS {
-		if c.config.PostConfigureNetNS {
-			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), ""); err != nil {
-				return nil, err
-			}
-		} else {
-			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), c.state.NetNS.Path()); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	// Apply AppArmor checks and load the default profile if needed.
-	if len(c.config.Spec.Process.ApparmorProfile) > 0 {
-		updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile)
-		if err != nil {
-			return nil, err
-		}
-		g.SetProcessApparmorProfile(updatedProfile)
-	}
-
-	if err := c.makeBindMounts(); err != nil {
-		return nil, err
-	}
-
-	if err := c.mountNotifySocket(g); err != nil {
-		return nil, err
-	}
-
-	// Get host UID and GID based on the container process UID and GID.
-	hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid))
-	if err != nil {
-		return nil, err
-	}
-
-	// Add named volumes
-	for _, namedVol := range c.config.NamedVolumes {
-		volume, err := c.runtime.GetVolume(namedVol.Name)
-		if err != nil {
-			return nil, fmt.Errorf("error retrieving volume %s to add to container %s: %w", namedVol.Name, c.ID(), err)
-		}
-		mountPoint, err := volume.MountPoint()
-		if err != nil {
-			return nil, err
-		}
-
-		overlayFlag := false
-		upperDir := ""
-		workDir := ""
-		for _, o := range namedVol.Options {
-			if o == "O" {
-				overlayFlag = true
-				upperDir, workDir, err = getOverlayUpperAndWorkDir(namedVol.Options)
-				if err != nil {
-					return nil, err
-				}
-			}
-		}
-
-		if overlayFlag {
-			var overlayMount spec.Mount
-			var overlayOpts *overlay.Options
-			contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
-			if err != nil {
-				return nil, err
-			}
-
-			overlayOpts = &overlay.Options{RootUID: c.RootUID(),
-				RootGID:                c.RootGID(),
-				UpperDirOptionFragment: upperDir,
-				WorkDirOptionFragment:  workDir,
-				GraphOpts:              c.runtime.store.GraphOptions(),
-			}
-
-			overlayMount, err = overlay.MountWithOptions(contentDir, mountPoint, namedVol.Dest, overlayOpts)
-			if err != nil {
-				return nil, fmt.Errorf("mounting overlay failed %q: %w", mountPoint, err)
-			}
-
-			for _, o := range namedVol.Options {
-				if o == "U" {
-					if err := c.ChangeHostPathOwnership(mountPoint, true, int(hostUID), int(hostGID)); err != nil {
-						return nil, err
-					}
-
-					if err := c.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil {
-						return nil, err
-					}
-				}
-			}
-			g.AddMount(overlayMount)
-		} else {
-			volMount := spec.Mount{
-				Type:        "bind",
-				Source:      mountPoint,
-				Destination: namedVol.Dest,
-				Options:     namedVol.Options,
-			}
-			g.AddMount(volMount)
-		}
-	}
-
-	// Check if the spec file mounts contain the options z, Z or U.
-	// If they have z or Z, relabel the source directory and then remove the option.
-	// If they have U, chown the source directory and them remove the option.
-	for i := range g.Config.Mounts {
-		m := &g.Config.Mounts[i]
-		var options []string
-		for _, o := range m.Options {
-			switch o {
-			case "U":
-				if m.Type == "tmpfs" {
-					options = append(options, []string{fmt.Sprintf("uid=%d", execUser.Uid), fmt.Sprintf("gid=%d", execUser.Gid)}...)
-				} else {
-					// only chown on initial creation of container
-					if err := c.ChangeHostPathOwnership(m.Source, true, int(hostUID), int(hostGID)); err != nil {
-						return nil, err
-					}
-				}
-			case "z":
-				fallthrough
-			case "Z":
-				if err := c.relabel(m.Source, c.MountLabel(), label.IsShared(o)); err != nil {
-					return nil, err
-				}
-
-			default:
-				options = append(options, o)
-			}
-		}
-		m.Options = options
-	}
-
-	g.SetProcessSelinuxLabel(c.ProcessLabel())
-	g.SetLinuxMountLabel(c.MountLabel())
-
-	// Add bind mounts to container
-	for dstPath, srcPath := range c.state.BindMounts {
-		newMount := spec.Mount{
-			Type:        "bind",
-			Source:      srcPath,
-			Destination: dstPath,
-			Options:     []string{"bind", "rprivate"},
-		}
-		if c.IsReadOnly() && dstPath != "/dev/shm" {
-			newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
-		}
-		if dstPath == "/dev/shm" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
-			newMount.Options = append(newMount.Options, "nosuid", "noexec", "nodev")
-		}
-		if !MountExists(g.Mounts(), dstPath) {
-			g.AddMount(newMount)
-		} else {
-			logrus.Infof("User mount overriding libpod mount at %q", dstPath)
-		}
-	}
-
-	// Add overlay volumes
-	for _, overlayVol := range c.config.OverlayVolumes {
-		upperDir, workDir, err := getOverlayUpperAndWorkDir(overlayVol.Options)
-		if err != nil {
-			return nil, err
-		}
-		contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
-		if err != nil {
-			return nil, err
-		}
-		overlayOpts := &overlay.Options{RootUID: c.RootUID(),
-			RootGID:                c.RootGID(),
-			UpperDirOptionFragment: upperDir,
-			WorkDirOptionFragment:  workDir,
-			GraphOpts:              c.runtime.store.GraphOptions(),
-		}
-
-		overlayMount, err := overlay.MountWithOptions(contentDir, overlayVol.Source, overlayVol.Dest, overlayOpts)
-		if err != nil {
-			return nil, fmt.Errorf("mounting overlay failed %q: %w", overlayVol.Source, err)
-		}
-
-		// Check overlay volume options
-		for _, o := range overlayVol.Options {
-			if o == "U" {
-				if err := c.ChangeHostPathOwnership(overlayVol.Source, true, int(hostUID), int(hostGID)); err != nil {
-					return nil, err
-				}
-
-				if err := c.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil {
-					return nil, err
-				}
-			}
-		}
-
-		g.AddMount(overlayMount)
-	}
-
-	// Add image volumes as overlay mounts
-	for _, volume := range c.config.ImageVolumes {
-		// Mount the specified image.
-		img, _, err := c.runtime.LibimageRuntime().LookupImage(volume.Source, nil)
-		if err != nil {
-			return nil, fmt.Errorf("error creating image volume %q:%q: %w", volume.Source, volume.Dest, err)
-		}
-		mountPoint, err := img.Mount(ctx, nil, "")
-		if err != nil {
-			return nil, fmt.Errorf("error mounting image volume %q:%q: %w", volume.Source, volume.Dest, err)
-		}
-
-		contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
-		if err != nil {
-			return nil, fmt.Errorf("failed to create TempDir in the %s directory: %w", c.config.StaticDir, err)
-		}
-
-		var overlayMount spec.Mount
-		if volume.ReadWrite {
-			overlayMount, err = overlay.Mount(contentDir, mountPoint, volume.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions())
-		} else {
-			overlayMount, err = overlay.MountReadOnly(contentDir, mountPoint, volume.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions())
-		}
-		if err != nil {
-			return nil, fmt.Errorf("creating overlay mount for image %q failed: %w", volume.Source, err)
-		}
-		g.AddMount(overlayMount)
-	}
-
-	hasHomeSet := false
-	for _, s := range c.config.Spec.Process.Env {
-		if strings.HasPrefix(s, "HOME=") {
-			hasHomeSet = true
-			break
-		}
-	}
-	if !hasHomeSet && execUser.Home != "" {
-		c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", execUser.Home))
-	}
-
-	if c.config.User != "" {
-		// User and Group must go together
-		g.SetProcessUID(uint32(execUser.Uid))
-		g.SetProcessGID(uint32(execUser.Gid))
-	}
-
-	if c.config.Umask != "" {
-		decVal, err := strconv.ParseUint(c.config.Umask, 8, 32)
-		if err != nil {
-			return nil, fmt.Errorf("invalid Umask Value: %w", err)
-		}
-		umask := uint32(decVal)
-		g.Config.Process.User.Umask = &umask
-	}
-
-	// Add addition groups if c.config.GroupAdd is not empty
-	if len(c.config.Groups) > 0 {
-		gids, err := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, overrides)
-		if err != nil {
-			return nil, fmt.Errorf("error looking up supplemental groups for container %s: %w", c.ID(), err)
-		}
-		for _, gid := range gids {
-			g.AddProcessAdditionalGid(gid)
-		}
-	}
-
-	if c.Systemd() {
-		if err := c.setupSystemd(g.Mounts(), g); err != nil {
-			return nil, fmt.Errorf("error adding systemd-specific mounts: %w", err)
-		}
-	}
-
-	// Look up and add groups the user belongs to, if a group wasn't directly specified
-	if !strings.Contains(c.config.User, ":") {
-		// the gidMappings that are present inside the container user namespace
-		var gidMappings []idtools.IDMap
-
-		switch {
-		case len(c.config.IDMappings.GIDMap) > 0:
-			gidMappings = c.config.IDMappings.GIDMap
-		case rootless.IsRootless():
-			// Check whether the current user namespace has enough gids available.
-			availableGids, err := rootless.GetAvailableGids()
-			if err != nil {
-				return nil, fmt.Errorf("cannot read number of available GIDs: %w", err)
-			}
-			gidMappings = []idtools.IDMap{{
-				ContainerID: 0,
-				HostID:      0,
-				Size:        int(availableGids),
-			}}
-		default:
-			gidMappings = []idtools.IDMap{{
-				ContainerID: 0,
-				HostID:      0,
-				Size:        math.MaxInt32,
-			}}
-		}
-		for _, gid := range execUser.Sgids {
-			isGIDAvailable := false
-			for _, m := range gidMappings {
-				if gid >= m.ContainerID && gid < m.ContainerID+m.Size {
-					isGIDAvailable = true
-					break
-				}
-			}
-			if isGIDAvailable {
-				g.AddProcessAdditionalGid(uint32(gid))
-			} else {
-				logrus.Warnf("Additional gid=%d is not present in the user namespace, skip setting it", gid)
-			}
-		}
-	}
-
-	// Add shared namespaces from other containers
-	if c.config.IPCNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, IPCNS, c.config.IPCNsCtr, spec.IPCNamespace); err != nil {
-			return nil, err
-		}
-	}
-	if c.config.MountNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, MountNS, c.config.MountNsCtr, spec.MountNamespace); err != nil {
-			return nil, err
-		}
-	}
-	if c.config.NetNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, NetNS, c.config.NetNsCtr, spec.NetworkNamespace); err != nil {
-			return nil, err
-		}
-	}
-	if c.config.PIDNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, PIDNS, c.config.PIDNsCtr, spec.PIDNamespace); err != nil {
-			return nil, err
-		}
-	}
-	if c.config.UserNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, UserNS, c.config.UserNsCtr, spec.UserNamespace); err != nil {
-			return nil, err
-		}
-		if len(g.Config.Linux.UIDMappings) == 0 {
-			// runc complains if no mapping is specified, even if we join another ns.  So provide a dummy mapping
-			g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1))
-			g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1))
-		}
-	}
-
-	availableUIDs, availableGIDs, err := rootless.GetAvailableIDMaps()
-	if err != nil {
-		if os.IsNotExist(err) {
-			// The kernel-provided files only exist if user namespaces are supported
-			logrus.Debugf("User or group ID mappings not available: %s", err)
-		} else {
-			return nil, err
-		}
-	} else {
-		g.Config.Linux.UIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.UIDMappings, availableUIDs)
-		g.Config.Linux.GIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.GIDMappings, availableGIDs)
-	}
-
-	// Hostname handling:
-	// If we have a UTS namespace, set Hostname in the OCI spec.
-	// Set the HOSTNAME environment variable unless explicitly overridden by
-	// the user (already present in OCI spec). If we don't have a UTS ns,
-	// set it to the host's hostname instead.
-	hostname := c.Hostname()
-	foundUTS := false
-
-	for _, i := range c.config.Spec.Linux.Namespaces {
-		if i.Type == spec.UTSNamespace && i.Path == "" {
-			foundUTS = true
-			g.SetHostname(hostname)
-			break
-		}
-	}
-	if !foundUTS {
-		tmpHostname, err := os.Hostname()
-		if err != nil {
-			return nil, err
-		}
-		hostname = tmpHostname
-	}
-	needEnv := true
-	for _, checkEnv := range g.Config.Process.Env {
-		if strings.SplitN(checkEnv, "=", 2)[0] == "HOSTNAME" {
-			needEnv = false
-			break
-		}
-	}
-	if needEnv {
-		g.AddProcessEnv("HOSTNAME", hostname)
-	}
-
-	if c.config.UTSNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil {
-			return nil, err
-		}
-	}
-	if c.config.CgroupNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, CgroupNS, c.config.CgroupNsCtr, spec.CgroupNamespace); err != nil {
-			return nil, err
-		}
-	}
-
-	if c.config.UserNsCtr == "" && c.config.IDMappings.AutoUserNs {
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.UserNamespace), ""); err != nil {
-			return nil, err
-		}
-		g.ClearLinuxUIDMappings()
-		for _, uidmap := range c.config.IDMappings.UIDMap {
-			g.AddLinuxUIDMapping(uint32(uidmap.HostID), uint32(uidmap.ContainerID), uint32(uidmap.Size))
-		}
-		g.ClearLinuxGIDMappings()
-		for _, gidmap := range c.config.IDMappings.GIDMap {
-			g.AddLinuxGIDMapping(uint32(gidmap.HostID), uint32(gidmap.ContainerID), uint32(gidmap.Size))
-		}
-	}
-
-	g.SetRootPath(c.state.Mountpoint)
-	g.AddAnnotation(annotations.Created, c.config.CreatedTime.Format(time.RFC3339Nano))
-	g.AddAnnotation("org.opencontainers.image.stopSignal", fmt.Sprintf("%d", c.config.StopSignal))
-
-	if _, exists := g.Config.Annotations[annotations.ContainerManager]; !exists {
-		g.AddAnnotation(annotations.ContainerManager, annotations.ContainerManagerLibpod)
-	}
-
-	cgroupPath, err := c.getOCICgroupPath()
-	if err != nil {
-		return nil, err
-	}
-
-	g.SetLinuxCgroupsPath(cgroupPath)
-
-	// Warning: CDI may alter g.Config in place.
-	if len(c.config.CDIDevices) > 0 {
-		registry := cdi.GetRegistry()
-		if errs := registry.GetErrors(); len(errs) > 0 {
-			logrus.Debugf("The following errors were triggered when creating the CDI registry: %v", errs)
-		}
-		_, err := registry.InjectDevices(g.Config, c.config.CDIDevices...)
-		if err != nil {
-			return nil, fmt.Errorf("error setting up CDI devices: %w", err)
-		}
-	}
-
-	// Mounts need to be sorted so paths will not cover other paths
-	mounts := sortMounts(g.Mounts())
-	g.ClearMounts()
-
-	// Determine property of RootPropagation based on volume properties. If
-	// a volume is shared, then keep root propagation shared. This should
-	// work for slave and private volumes too.
-	//
-	// For slave volumes, it can be either [r]shared/[r]slave.
-	//
-	// For private volumes any root propagation value should work.
-	rootPropagation := ""
-	for _, m := range mounts {
-		// We need to remove all symlinks from tmpfs mounts.
-		// Runc and other runtimes may choke on them.
-		// Easy solution: use securejoin to do a scoped evaluation of
-		// the links, then trim off the mount prefix.
-		if m.Type == "tmpfs" {
-			finalPath, err := securejoin.SecureJoin(c.state.Mountpoint, m.Destination)
-			if err != nil {
-				return nil, fmt.Errorf("error resolving symlinks for mount destination %s: %w", m.Destination, err)
-			}
-			trimmedPath := strings.TrimPrefix(finalPath, strings.TrimSuffix(c.state.Mountpoint, "/"))
-			m.Destination = trimmedPath
-		}
-		g.AddMount(m)
-		for _, opt := range m.Options {
-			switch opt {
-			case MountShared, MountRShared:
-				if rootPropagation != MountShared && rootPropagation != MountRShared {
-					rootPropagation = MountShared
-				}
-			case MountSlave, MountRSlave:
-				if rootPropagation != MountShared && rootPropagation != MountRShared && rootPropagation != MountSlave && rootPropagation != MountRSlave {
-					rootPropagation = MountRSlave
-				}
-			}
-		}
-	}
-
-	if rootPropagation != "" {
-		logrus.Debugf("Set root propagation to %q", rootPropagation)
-		if err := g.SetLinuxRootPropagation(rootPropagation); err != nil {
-			return nil, err
-		}
-	}
-
-	// Warning: precreate hooks may alter g.Config in place.
-	if c.state.ExtensionStageHooks, err = c.setupOCIHooks(ctx, g.Config); err != nil {
-		return nil, fmt.Errorf("error setting up OCI Hooks: %w", err)
-	}
-	if len(c.config.EnvSecrets) > 0 {
-		manager, err := c.runtime.SecretsManager()
-		if err != nil {
-			return nil, err
-		}
-		if err != nil {
-			return nil, err
-		}
-		for name, secr := range c.config.EnvSecrets {
-			_, data, err := manager.LookupSecretData(secr.Name)
-			if err != nil {
-				return nil, err
-			}
-			g.AddProcessEnv(name, string(data))
-		}
-	}
-
-	// Pass down the LISTEN_* environment (see #10443).
-	for _, key := range []string{"LISTEN_PID", "LISTEN_FDS", "LISTEN_FDNAMES"} {
-		if val, ok := os.LookupEnv(key); ok {
-			// Force the PID to `1` since we cannot rely on (all
-			// versions of) all runtimes to do it for us.
-			if key == "LISTEN_PID" {
-				val = "1"
-			}
-			g.AddProcessEnv(key, val)
-		}
-	}
-
-	return g.Config, nil
-}
-
-// mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set
-// and if the sdnotify mode is set to container.  It also sets c.notifySocket
-// to avoid redundantly looking up the env variable.
-func (c *Container) mountNotifySocket(g generate.Generator) error {
-	notify, ok := os.LookupEnv("NOTIFY_SOCKET")
-	if !ok {
-		return nil
-	}
-	c.notifySocket = notify
-
-	if c.config.SdNotifyMode != define.SdNotifyModeContainer {
-		return nil
-	}
-
-	notifyDir := filepath.Join(c.bundlePath(), "notify")
-	logrus.Debugf("Checking notify %q dir", notifyDir)
-	if err := os.MkdirAll(notifyDir, 0755); err != nil {
-		if !os.IsExist(err) {
-			return fmt.Errorf("unable to create notify %q dir: %w", notifyDir, err)
-		}
-	}
-	if err := label.Relabel(notifyDir, c.MountLabel(), true); err != nil {
-		return fmt.Errorf("relabel failed %q: %w", notifyDir, err)
-	}
-	logrus.Debugf("Add bindmount notify %q dir", notifyDir)
-	if _, ok := c.state.BindMounts["/run/notify"]; !ok {
-		c.state.BindMounts["/run/notify"] = notifyDir
-	}
-
-	// Set the container's notify socket to the proxy socket created by conmon
-	g.AddProcessEnv("NOTIFY_SOCKET", "/run/notify/notify.sock")
-
-	return nil
-}
-
 // systemd expects to have /run, /run/lock and /tmp on tmpfs
 // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
 func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
@@ -1074,9 +267,15 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 		g.AddMount(systemdMnt)
 	} else {
 		mountOptions := []string{"bind", "rprivate"}
+		skipMount := false
 
 		var statfs unix.Statfs_t
 		if err := unix.Statfs("/sys/fs/cgroup/systemd", &statfs); err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				// If the mount is missing on the host, we cannot bind mount it so
+				// just skip it.
+				skipMount = true
+			}
 			mountOptions = append(mountOptions, "nodev", "noexec", "nosuid")
 		} else {
 			if statfs.Flags&unix.MS_NODEV == unix.MS_NODEV {
@@ -1092,15 +291,16 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 				mountOptions = append(mountOptions, "ro")
 			}
 		}
-
-		systemdMnt := spec.Mount{
-			Destination: "/sys/fs/cgroup/systemd",
-			Type:        "bind",
-			Source:      "/sys/fs/cgroup/systemd",
-			Options:     mountOptions,
+		if !skipMount {
+			systemdMnt := spec.Mount{
+				Destination: "/sys/fs/cgroup/systemd",
+				Type:        "bind",
+				Source:      "/sys/fs/cgroup/systemd",
+				Options:     mountOptions,
+			}
+			g.AddMount(systemdMnt)
+			g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent")
 		}
-		g.AddMount(systemdMnt)
-		g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent")
 	}
 
 	return nil
@@ -1110,7 +310,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 func (c *Container) addNamespaceContainer(g *generate.Generator, ns LinuxNS, ctr string, specNS spec.LinuxNamespaceType) error {
 	nsCtr, err := c.runtime.state.Container(ctr)
 	if err != nil {
-		return fmt.Errorf("error retrieving dependency %s of container %s from state: %w", ctr, c.ID(), err)
+		return fmt.Errorf("retrieving dependency %s of container %s from state: %w", ctr, c.ID(), err)
 	}
 
 	if specNS == spec.UTSNamespace {
@@ -1132,1287 +332,289 @@ func (c *Container) addNamespaceContainer(g *generate.Generator, ns LinuxNS, ctr
 	return nil
 }
 
-func (c *Container) addCheckpointImageMetadata(importBuilder *buildah.Builder) error {
-	// Get information about host environment
-	hostInfo, err := c.Runtime().hostInfo()
-	if err != nil {
-		return fmt.Errorf("getting host info: %v", err)
-	}
-
-	criuVersion, err := criu.GetCriuVersion()
-	if err != nil {
-		return fmt.Errorf("getting criu version: %v", err)
-	}
-
-	rootfsImageID, rootfsImageName := c.Image()
-
-	// Add image annotations with information about the container and the host.
-	// This information is useful to check compatibility before restoring the checkpoint
-
-	checkpointImageAnnotations := map[string]string{
-		define.CheckpointAnnotationName:                c.config.Name,
-		define.CheckpointAnnotationRawImageName:        c.config.RawImageName,
-		define.CheckpointAnnotationRootfsImageID:       rootfsImageID,
-		define.CheckpointAnnotationRootfsImageName:     rootfsImageName,
-		define.CheckpointAnnotationPodmanVersion:       version.Version.String(),
-		define.CheckpointAnnotationCriuVersion:         strconv.Itoa(criuVersion),
-		define.CheckpointAnnotationRuntimeName:         hostInfo.OCIRuntime.Name,
-		define.CheckpointAnnotationRuntimeVersion:      hostInfo.OCIRuntime.Version,
-		define.CheckpointAnnotationConmonVersion:       hostInfo.Conmon.Version,
-		define.CheckpointAnnotationHostArch:            hostInfo.Arch,
-		define.CheckpointAnnotationHostKernel:          hostInfo.Kernel,
-		define.CheckpointAnnotationCgroupVersion:       hostInfo.CgroupsVersion,
-		define.CheckpointAnnotationDistributionVersion: hostInfo.Distribution.Version,
-		define.CheckpointAnnotationDistributionName:    hostInfo.Distribution.Distribution,
-	}
-
-	for key, value := range checkpointImageAnnotations {
-		importBuilder.SetAnnotation(key, value)
-	}
-
-	return nil
-}
-
-func (c *Container) resolveCheckpointImageName(options *ContainerCheckpointOptions) error {
-	if options.CreateImage == "" {
-		return nil
-	}
-
-	// Resolve image name
-	resolvedImageName, err := c.runtime.LibimageRuntime().ResolveName(options.CreateImage)
-	if err != nil {
-		return err
-	}
-
-	options.CreateImage = resolvedImageName
-	return nil
+func isRootlessCgroupSet(cgroup string) bool {
+	// old versions of podman were setting the CgroupParent to CgroupfsDefaultCgroupParent
+	// by default.  Avoid breaking these versions and check whether the cgroup parent is
+	// set to the default and in this case enable the old behavior.  It should not be a real
+	// problem because the default CgroupParent is usually owned by root so rootless users
+	// cannot access it.
+	// This check might be lifted in a future version of Podman.
+	// Check both that the cgroup or its parent is set to the default value (used by pods).
+	return cgroup != CgroupfsDefaultCgroupParent && filepath.Dir(cgroup) != CgroupfsDefaultCgroupParent
 }
 
-func (c *Container) createCheckpointImage(ctx context.Context, options ContainerCheckpointOptions) error {
-	if options.CreateImage == "" {
-		return nil
-	}
-	logrus.Debugf("Create checkpoint image %s", options.CreateImage)
-
-	// Create storage reference
-	imageRef, err := is.Transport.ParseStoreReference(c.runtime.store, options.CreateImage)
-	if err != nil {
-		return errors.New("failed to parse image name")
-	}
-
-	// Build an image scratch
-	builderOptions := buildah.BuilderOptions{
-		FromImage: "scratch",
-	}
-	importBuilder, err := buildah.NewBuilder(ctx, c.runtime.store, builderOptions)
-	if err != nil {
-		return err
-	}
-	// Clean up buildah working container
-	defer func() {
-		if err := importBuilder.Delete(); err != nil {
-			logrus.Errorf("Image builder delete failed: %v", err)
-		}
-	}()
-
-	if err := c.prepareCheckpointExport(); err != nil {
-		return err
-	}
-
-	// Export checkpoint into temporary tar file
-	tmpDir, err := ioutil.TempDir("", "checkpoint_image_")
+func (c *Container) expectPodCgroup() (bool, error) {
+	unified, err := cgroups.IsCgroup2UnifiedMode()
 	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
-
-	options.TargetFile = path.Join(tmpDir, "checkpoint.tar")
-
-	if err := c.exportCheckpoint(options); err != nil {
-		return err
-	}
-
-	// Copy checkpoint from temporary tar file in the image
-	addAndCopyOptions := buildah.AddAndCopyOptions{}
-	if err := importBuilder.Add("", true, addAndCopyOptions, options.TargetFile); err != nil {
-		return err
-	}
-
-	if err := c.addCheckpointImageMetadata(importBuilder); err != nil {
-		return err
+		return false, err
 	}
-
-	commitOptions := buildah.CommitOptions{
-		Squash:        true,
-		SystemContext: c.runtime.imageContext,
+	cgroupManager := c.CgroupManager()
+	switch {
+	case c.config.NoCgroups:
+		return false, nil
+	case cgroupManager == config.SystemdCgroupsManager:
+		return !rootless.IsRootless() || unified, nil
+	case cgroupManager == config.CgroupfsCgroupsManager:
+		return !rootless.IsRootless(), nil
+	default:
+		return false, fmt.Errorf("invalid cgroup mode %s requested for pods: %w", cgroupManager, define.ErrInvalidArg)
 	}
+}
 
-	// Create checkpoint image
-	id, _, _, err := importBuilder.Commit(ctx, imageRef, commitOptions)
+// Get cgroup path in a format suitable for the OCI spec
+func (c *Container) getOCICgroupPath() (string, error) {
+	unified, err := cgroups.IsCgroup2UnifiedMode()
 	if err != nil {
-		return err
+		return "", err
 	}
-	logrus.Debugf("Created checkpoint image: %s", id)
-	return nil
-}
-
-func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
-	if len(c.Dependencies()) == 1 {
-		// Check if the dependency is an infra container. If it is we can checkpoint
-		// the container out of the Pod.
-		if c.config.Pod == "" {
-			return errors.New("cannot export checkpoints of containers with dependencies")
-		}
-
-		pod, err := c.runtime.state.Pod(c.config.Pod)
-		if err != nil {
-			return fmt.Errorf("container %s is in pod %s, but pod cannot be retrieved: %w", c.ID(), c.config.Pod, err)
-		}
-		infraID, err := pod.InfraContainerID()
+	cgroupManager := c.CgroupManager()
+	switch {
+	case c.config.NoCgroups:
+		return "", nil
+	case c.config.CgroupsMode == cgroupSplit:
+		selfCgroup, err := utils.GetOwnCgroupDisallowRoot()
 		if err != nil {
-			return fmt.Errorf("cannot retrieve infra container ID for pod %s: %w", c.config.Pod, err)
+			return "", err
 		}
-		if c.Dependencies()[0] != infraID {
-			return errors.New("cannot export checkpoints of containers with dependencies")
+		return filepath.Join(selfCgroup, fmt.Sprintf("libpod-payload-%s", c.ID())), nil
+	case cgroupManager == config.SystemdCgroupsManager:
+		// When the OCI runtime is set to use Systemd as a cgroup manager, it
+		// expects cgroups to be passed as follows:
+		// slice:prefix:name
+		systemdCgroups := fmt.Sprintf("%s:libpod:%s", path.Base(c.config.CgroupParent), c.ID())
+		logrus.Debugf("Setting Cgroups for container %s to %s", c.ID(), systemdCgroups)
+		return systemdCgroups, nil
+	case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)):
+		if c.config.CgroupParent == "" || !isRootlessCgroupSet(c.config.CgroupParent) {
+			return "", nil
 		}
+		fallthrough
+	case cgroupManager == config.CgroupfsCgroupsManager:
+		cgroupPath := filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID()))
+		logrus.Debugf("Setting Cgroup path for container %s to %s", c.ID(), cgroupPath)
+		return cgroupPath, nil
+	default:
+		return "", fmt.Errorf("invalid cgroup manager %s requested: %w", cgroupManager, define.ErrInvalidArg)
 	}
-	if len(c.Dependencies()) > 1 {
-		return errors.New("cannot export checkpoints of containers with dependencies")
-	}
-	logrus.Debugf("Exporting checkpoint image of container %q to %q", c.ID(), options.TargetFile)
-
-	includeFiles := []string{
-		"artifacts",
-		metadata.DevShmCheckpointTar,
-		metadata.ConfigDumpFile,
-		metadata.SpecDumpFile,
-		metadata.NetworkStatusFile,
-		stats.StatsDump,
-	}
+}
 
-	if c.LogDriver() == define.KubernetesLogging ||
-		c.LogDriver() == define.JSONLogging {
-		includeFiles = append(includeFiles, "ctr.log")
-	}
-	if options.PreCheckPoint {
-		includeFiles = append(includeFiles, preCheckpointDir)
-	} else {
-		includeFiles = append(includeFiles, metadata.CheckpointDirectory)
-	}
-	// Get root file-system changes included in the checkpoint archive
-	var addToTarFiles []string
-	if !options.IgnoreRootfs {
-		// To correctly track deleted files, let's go through the output of 'podman diff'
-		rootFsChanges, err := c.runtime.GetDiff("", c.ID(), define.DiffContainer)
+// If the container is rootless, set up the slirp4netns network
+func (c *Container) setupRootlessNetwork() error {
+	// set up slirp4netns again because slirp4netns will die when conmon exits
+	if c.config.NetMode.IsSlirp4netns() {
+		err := c.runtime.setupSlirp4netns(c, c.state.NetNS)
 		if err != nil {
-			return fmt.Errorf("error exporting root file-system diff for %q: %w", c.ID(), err)
+			return err
 		}
+	}
 
-		addToTarFiles, err := crutils.CRCreateRootFsDiffTar(&rootFsChanges, c.state.Mountpoint, c.bundlePath())
+	// set up rootlesskit port forwarder again since it dies when conmon exits
+	// we use rootlesskit port forwarder only as rootless and when bridge network is used
+	if rootless.IsRootless() && c.config.NetMode.IsBridge() && len(c.config.PortMappings) > 0 {
+		err := c.runtime.setupRootlessPortMappingViaRLK(c, c.state.NetNS.Path(), c.state.NetworkStatus)
 		if err != nil {
 			return err
 		}
-
-		includeFiles = append(includeFiles, addToTarFiles...)
 	}
+	return nil
+}
 
-	// Folder containing archived volumes that will be included in the export
-	expVolDir := filepath.Join(c.bundlePath(), metadata.CheckpointVolumesDirectory)
-
-	// Create an archive for each volume associated with the container
-	if !options.IgnoreVolumes {
-		if err := os.MkdirAll(expVolDir, 0700); err != nil {
-			return fmt.Errorf("error creating volumes export directory %q: %w", expVolDir, err)
-		}
-
-		for _, v := range c.config.NamedVolumes {
-			volumeTarFilePath := filepath.Join(metadata.CheckpointVolumesDirectory, v.Name+".tar")
-			volumeTarFileFullPath := filepath.Join(c.bundlePath(), volumeTarFilePath)
-
-			volumeTarFile, err := os.Create(volumeTarFileFullPath)
-			if err != nil {
-				return fmt.Errorf("error creating %q: %w", volumeTarFileFullPath, err)
-			}
-
-			volume, err := c.runtime.GetVolume(v.Name)
-			if err != nil {
-				return err
-			}
+func openDirectory(path string) (fd int, err error) {
+	return unix.Open(path, unix.O_RDONLY|unix.O_PATH, 0)
+}
 
-			mp, err := volume.MountPoint()
-			if err != nil {
+func (c *Container) addNetworkNamespace(g *generate.Generator) error {
+	if c.config.CreateNetNS {
+		if c.config.PostConfigureNetNS {
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), ""); err != nil {
 				return err
 			}
-			if mp == "" {
-				return fmt.Errorf("volume %s is not mounted, cannot export: %w", volume.Name(), define.ErrInternal)
-			}
-
-			input, err := archive.TarWithOptions(mp, &archive.TarOptions{
-				Compression:      archive.Uncompressed,
-				IncludeSourceDir: true,
-			})
-			if err != nil {
-				return fmt.Errorf("error reading volume directory %q: %w", v.Dest, err)
-			}
-
-			_, err = io.Copy(volumeTarFile, input)
-			if err != nil {
+		} else {
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), c.state.NetNS.Path()); err != nil {
 				return err
 			}
-			volumeTarFile.Close()
-
-			includeFiles = append(includeFiles, volumeTarFilePath)
 		}
 	}
-
-	input, err := archive.TarWithOptions(c.bundlePath(), &archive.TarOptions{
-		Compression:      options.Compression,
-		IncludeSourceDir: true,
-		IncludeFiles:     includeFiles,
-	})
-
-	if err != nil {
-		return fmt.Errorf("error reading checkpoint directory %q: %w", c.ID(), err)
-	}
-
-	outFile, err := os.Create(options.TargetFile)
-	if err != nil {
-		return fmt.Errorf("error creating checkpoint export file %q: %w", options.TargetFile, err)
-	}
-	defer outFile.Close()
-
-	if err := os.Chmod(options.TargetFile, 0600); err != nil {
-		return err
-	}
-
-	_, err = io.Copy(outFile, input)
-	if err != nil {
-		return err
-	}
-
-	for _, file := range addToTarFiles {
-		os.Remove(filepath.Join(c.bundlePath(), file))
-	}
-
-	if !options.IgnoreVolumes {
-		os.RemoveAll(expVolDir)
-	}
-
-	return nil
-}
-
-func (c *Container) checkpointRestoreSupported(version int) error {
-	if !criu.CheckForCriu(version) {
-		return fmt.Errorf("checkpoint/restore requires at least CRIU %d", version)
-	}
-	if !c.ociRuntime.SupportsCheckpoint() {
-		return errors.New("configured runtime does not support checkpoint/restore")
-	}
 	return nil
 }
 
-func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (*define.CRIUCheckpointRestoreStatistics, int64, error) {
-	if err := c.checkpointRestoreSupported(criu.MinCriuVersion); err != nil {
-		return nil, 0, err
-	}
-
-	if c.state.State != define.ContainerStateRunning {
-		return nil, 0, fmt.Errorf("%q is not running, cannot checkpoint: %w", c.state.State, define.ErrCtrStateInvalid)
-	}
-
-	if c.AutoRemove() && options.TargetFile == "" {
-		return nil, 0, errors.New("cannot checkpoint containers that have been started with '--rm' unless '--export' is used")
-	}
-
-	if err := c.resolveCheckpointImageName(&options); err != nil {
-		return nil, 0, err
-	}
-
-	if err := crutils.CRCreateFileWithLabel(c.bundlePath(), "dump.log", c.MountLabel()); err != nil {
-		return nil, 0, err
-	}
-
-	// Setting CheckpointLog early in case there is a failure.
-	c.state.CheckpointLog = path.Join(c.bundlePath(), "dump.log")
-	c.state.CheckpointPath = c.CheckpointPath()
-
-	runtimeCheckpointDuration, err := c.ociRuntime.CheckpointContainer(c, options)
-	if err != nil {
-		return nil, 0, err
-	}
-
-	// Keep the content of /dev/shm directory
-	if c.config.ShmDir != "" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
-		shmDirTarFileFullPath := filepath.Join(c.bundlePath(), metadata.DevShmCheckpointTar)
-
-		shmDirTarFile, err := os.Create(shmDirTarFileFullPath)
-		if err != nil {
-			return nil, 0, err
-		}
-		defer shmDirTarFile.Close()
-
-		input, err := archive.TarWithOptions(c.config.ShmDir, &archive.TarOptions{
-			Compression:      archive.Uncompressed,
-			IncludeSourceDir: true,
-		})
-		if err != nil {
-			return nil, 0, err
-		}
-
-		if _, err = io.Copy(shmDirTarFile, input); err != nil {
-			return nil, 0, err
-		}
-	}
-
-	// Save network.status. This is needed to restore the container with
-	// the same IP. Currently limited to one IP address in a container
-	// with one interface.
-	// FIXME: will this break something?
-	if _, err := metadata.WriteJSONFile(c.getNetworkStatus(), c.bundlePath(), metadata.NetworkStatusFile); err != nil {
-		return nil, 0, err
-	}
-
-	defer c.newContainerEvent(events.Checkpoint)
-
-	// There is a bug from criu: https://github.com/checkpoint-restore/criu/issues/116
-	// We have to change the symbolic link from absolute path to relative path
-	if options.WithPrevious {
-		os.Remove(path.Join(c.CheckpointPath(), "parent"))
-		if err := os.Symlink("../pre-checkpoint", path.Join(c.CheckpointPath(), "parent")); err != nil {
-			return nil, 0, err
-		}
-	}
-
-	if options.TargetFile != "" {
-		if err := c.exportCheckpoint(options); err != nil {
-			return nil, 0, err
-		}
-	} else {
-		if err := c.createCheckpointImage(ctx, options); err != nil {
-			return nil, 0, err
-		}
-	}
-
-	logrus.Debugf("Checkpointed container %s", c.ID())
-
-	if !options.KeepRunning && !options.PreCheckPoint {
-		c.state.State = define.ContainerStateStopped
-		c.state.Checkpointed = true
-		c.state.CheckpointedTime = time.Now()
-		c.state.Restored = false
-		c.state.RestoredTime = time.Time{}
-
-		// Clean up Storage and Network
-		if err := c.cleanup(ctx); err != nil {
-			return nil, 0, err
-		}
-	}
-
-	criuStatistics, err := func() (*define.CRIUCheckpointRestoreStatistics, error) {
-		if !options.PrintStats {
-			return nil, nil
-		}
-		statsDirectory, err := os.Open(c.bundlePath())
-		if err != nil {
-			return nil, fmt.Errorf("not able to open %q: %w", c.bundlePath(), err)
-		}
-
-		dumpStatistics, err := stats.CriuGetDumpStats(statsDirectory)
-		if err != nil {
-			return nil, fmt.Errorf("displaying checkpointing statistics not possible: %w", err)
-		}
-
-		return &define.CRIUCheckpointRestoreStatistics{
-			FreezingTime: dumpStatistics.GetFreezingTime(),
-			FrozenTime:   dumpStatistics.GetFrozenTime(),
-			MemdumpTime:  dumpStatistics.GetMemdumpTime(),
-			MemwriteTime: dumpStatistics.GetMemwriteTime(),
-			PagesScanned: dumpStatistics.GetPagesScanned(),
-			PagesWritten: dumpStatistics.GetPagesWritten(),
-		}, nil
-	}()
-	if err != nil {
-		return nil, 0, err
-	}
-
-	if !options.Keep && !options.PreCheckPoint {
-		cleanup := []string{
-			"dump.log",
-			stats.StatsDump,
-			metadata.ConfigDumpFile,
-			metadata.SpecDumpFile,
-		}
-		for _, del := range cleanup {
-			file := filepath.Join(c.bundlePath(), del)
-			if err := os.Remove(file); err != nil {
-				logrus.Debugf("Unable to remove file %s", file)
-			}
+func (c *Container) addSystemdMounts(g *generate.Generator) error {
+	if c.Systemd() {
+		if err := c.setupSystemd(g.Mounts(), *g); err != nil {
+			return fmt.Errorf("adding systemd-specific mounts: %w", err)
 		}
-		// The file has been deleted. Do not mention it.
-		c.state.CheckpointLog = ""
-	}
-
-	c.state.FinishedTime = time.Now()
-	return criuStatistics, runtimeCheckpointDuration, c.save()
-}
-
-func (c *Container) generateContainerSpec() error {
-	// Make sure the newly created config.json exists on disk
-
-	// NewFromSpec() is deprecated according to its comment
-	// however the recommended replace just causes a nil map panic
-	//nolint:staticcheck
-	g := generate.NewFromSpec(c.config.Spec)
-
-	if err := c.saveSpec(g.Config); err != nil {
-		return fmt.Errorf("saving imported container specification for restore failed: %w", err)
 	}
-
 	return nil
 }
 
-func (c *Container) importCheckpointImage(ctx context.Context, imageID string) error {
-	img, _, err := c.Runtime().LibimageRuntime().LookupImage(imageID, nil)
-	if err != nil {
-		return err
-	}
-
-	mountPoint, err := img.Mount(ctx, nil, "")
-	defer func() {
-		if err := c.unmount(true); err != nil {
-			logrus.Errorf("Failed to unmount container: %v", err)
+func (c *Container) addSharedNamespaces(g *generate.Generator) error {
+	if c.config.IPCNsCtr != "" {
+		if err := c.addNamespaceContainer(g, IPCNS, c.config.IPCNsCtr, spec.IPCNamespace); err != nil {
+			return err
 		}
-	}()
-	if err != nil {
-		return err
-	}
-
-	// Import all checkpoint files except ConfigDumpFile and SpecDumpFile. We
-	// generate new container config files to enable to specifying a new
-	// container name.
-	checkpoint := []string{
-		"artifacts",
-		metadata.CheckpointDirectory,
-		metadata.CheckpointVolumesDirectory,
-		metadata.DevShmCheckpointTar,
-		metadata.RootFsDiffTar,
-		metadata.DeletedFilesFile,
-		metadata.PodOptionsFile,
-		metadata.PodDumpFile,
 	}
-
-	for _, name := range checkpoint {
-		src := filepath.Join(mountPoint, name)
-		dst := filepath.Join(c.bundlePath(), name)
-		if err := archive.NewDefaultArchiver().CopyWithTar(src, dst); err != nil {
-			logrus.Debugf("Can't import '%s' from checkpoint image", name)
+	if c.config.MountNsCtr != "" {
+		if err := c.addNamespaceContainer(g, MountNS, c.config.MountNsCtr, spec.MountNamespace); err != nil {
+			return err
 		}
 	}
-
-	return c.generateContainerSpec()
-}
-
-func (c *Container) importCheckpointTar(input string) error {
-	if err := crutils.CRImportCheckpointWithoutConfig(c.bundlePath(), input); err != nil {
-		return err
-	}
-
-	return c.generateContainerSpec()
-}
-
-func (c *Container) importPreCheckpoint(input string) error {
-	archiveFile, err := os.Open(input)
-	if err != nil {
-		return fmt.Errorf("failed to open pre-checkpoint archive for import: %w", err)
-	}
-
-	defer archiveFile.Close()
-
-	err = archive.Untar(archiveFile, c.bundlePath(), nil)
-	if err != nil {
-		return fmt.Errorf("unpacking of pre-checkpoint archive %s failed: %w", input, err)
-	}
-	return nil
-}
-
-func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) (criuStatistics *define.CRIUCheckpointRestoreStatistics, runtimeRestoreDuration int64, retErr error) {
-	minCriuVersion := func() int {
-		if options.Pod == "" {
-			return criu.MinCriuVersion
+	if c.config.NetNsCtr != "" {
+		if err := c.addNamespaceContainer(g, NetNS, c.config.NetNsCtr, spec.NetworkNamespace); err != nil {
+			return err
 		}
-		return criu.PodCriuVersion
-	}()
-	if err := c.checkpointRestoreSupported(minCriuVersion); err != nil {
-		return nil, 0, err
-	}
-
-	if options.Pod != "" && !crutils.CRRuntimeSupportsPodCheckpointRestore(c.ociRuntime.Path()) {
-		return nil, 0, fmt.Errorf("runtime %s does not support pod restore", c.ociRuntime.Path())
-	}
-
-	if !c.ensureState(define.ContainerStateConfigured, define.ContainerStateExited) {
-		return nil, 0, fmt.Errorf("container %s is running or paused, cannot restore: %w", c.ID(), define.ErrCtrStateInvalid)
 	}
-
-	if options.ImportPrevious != "" {
-		if err := c.importPreCheckpoint(options.ImportPrevious); err != nil {
-			return nil, 0, err
+	if c.config.PIDNsCtr != "" {
+		if err := c.addNamespaceContainer(g, PIDNS, c.config.PIDNsCtr, spec.PIDNamespace); err != nil {
+			return err
 		}
 	}
-
-	if options.TargetFile != "" {
-		if err := c.importCheckpointTar(options.TargetFile); err != nil {
-			return nil, 0, err
+	if c.config.UserNsCtr != "" {
+		if err := c.addNamespaceContainer(g, UserNS, c.config.UserNsCtr, spec.UserNamespace); err != nil {
+			return err
 		}
-	} else if options.CheckpointImageID != "" {
-		if err := c.importCheckpointImage(ctx, options.CheckpointImageID); err != nil {
-			return nil, 0, err
+		if len(g.Config.Linux.UIDMappings) == 0 {
+			// runc complains if no mapping is specified, even if we join another ns.  So provide a dummy mapping
+			g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1))
+			g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1))
 		}
 	}
 
-	// Let's try to stat() CRIU's inventory file. If it does not exist, it makes
-	// no sense to try a restore. This is a minimal check if a checkpoint exist.
-	if _, err := os.Stat(filepath.Join(c.CheckpointPath(), "inventory.img")); os.IsNotExist(err) {
-		return nil, 0, fmt.Errorf("a complete checkpoint for this container cannot be found, cannot restore: %w", err)
-	}
-
-	if err := crutils.CRCreateFileWithLabel(c.bundlePath(), "restore.log", c.MountLabel()); err != nil {
-		return nil, 0, err
-	}
-
-	// Setting RestoreLog early in case there is a failure.
-	c.state.RestoreLog = path.Join(c.bundlePath(), "restore.log")
-	c.state.CheckpointPath = c.CheckpointPath()
-
-	// Read network configuration from checkpoint
-	var netStatus map[string]types.StatusBlock
-	_, err := metadata.ReadJSONFile(&netStatus, c.bundlePath(), metadata.NetworkStatusFile)
+	availableUIDs, availableGIDs, err := rootless.GetAvailableIDMaps()
 	if err != nil {
-		logrus.Infof("Failed to unmarshal network status, cannot restore the same ip/mac: %v", err)
-	}
-	// If the restored container should get a new name, the IP address of
-	// the container will not be restored. This assumes that if a new name is
-	// specified, the container is restored multiple times.
-	// TODO: This implicit restoring with or without IP depending on an
-	//       unrelated restore parameter (--name) does not seem like the
-	//       best solution.
-	if err == nil && options.Name == "" && (!options.IgnoreStaticIP || !options.IgnoreStaticMAC) {
-		// The file with the network.status does exist. Let's restore the
-		// container with the same networks settings as during checkpointing.
-		networkOpts, err := c.networks()
-		if err != nil {
-			return nil, 0, err
-		}
-
-		netOpts := make(map[string]types.PerNetworkOptions, len(netStatus))
-		for network, perNetOpts := range networkOpts {
-			// unset mac and ips before we start adding the ones from the status
-			perNetOpts.StaticMAC = nil
-			perNetOpts.StaticIPs = nil
-			for name, netInt := range netStatus[network].Interfaces {
-				perNetOpts.InterfaceName = name
-				if !options.IgnoreStaticIP {
-					perNetOpts.StaticMAC = netInt.MacAddress
-				}
-				if !options.IgnoreStaticIP {
-					for _, netAddress := range netInt.Subnets {
-						perNetOpts.StaticIPs = append(perNetOpts.StaticIPs, netAddress.IPNet.IP)
-					}
-				}
-				// Normally interfaces have a length of 1, only for some special cni configs we could get more.
-				// For now just use the first interface to get the ips this should be good enough for most cases.
-				break
-			}
-			netOpts[network] = perNetOpts
-		}
-		c.perNetworkOpts = netOpts
-	}
-
-	defer func() {
-		if retErr != nil {
-			if err := c.cleanup(ctx); err != nil {
-				logrus.Errorf("Cleaning up container %s: %v", c.ID(), err)
-			}
+		if os.IsNotExist(err) {
+			// The kernel-provided files only exist if user namespaces are supported
+			logrus.Debugf("User or group ID mappings not available: %s", err)
+		} else {
+			return err
 		}
-	}()
-
-	if err := c.prepare(); err != nil {
-		return nil, 0, err
-	}
-
-	// Read config
-	jsonPath := filepath.Join(c.bundlePath(), "config.json")
-	logrus.Debugf("generate.NewFromFile at %v", jsonPath)
-	g, err := generate.NewFromFile(jsonPath)
-	if err != nil {
-		logrus.Debugf("generate.NewFromFile failed with %v", err)
-		return nil, 0, err
-	}
-
-	// Restoring from an import means that we are doing migration
-	if options.TargetFile != "" || options.CheckpointImageID != "" {
-		g.SetRootPath(c.state.Mountpoint)
+	} else {
+		g.Config.Linux.UIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.UIDMappings, availableUIDs)
+		g.Config.Linux.GIDMappings = rootless.MaybeSplitMappings(g.Config.Linux.GIDMappings, availableGIDs)
 	}
 
-	// We want to have the same network namespace as before.
-	if c.config.CreateNetNS {
-		netNSPath := ""
-		if !c.config.PostConfigureNetNS {
-			netNSPath = c.state.NetNS.Path()
-		}
+	// Hostname handling:
+	// If we have a UTS namespace, set Hostname in the OCI spec.
+	// Set the HOSTNAME environment variable unless explicitly overridden by
+	// the user (already present in OCI spec). If we don't have a UTS ns,
+	// set it to the host's hostname instead.
+	hostname := c.Hostname()
+	foundUTS := false
 
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), netNSPath); err != nil {
-			return nil, 0, err
+	for _, i := range c.config.Spec.Linux.Namespaces {
+		if i.Type == spec.UTSNamespace && i.Path == "" {
+			foundUTS = true
+			g.SetHostname(hostname)
+			break
 		}
 	}
-
-	if options.Pod != "" {
-		// Running in a Pod means that we have to change all namespace settings to
-		// the ones from the infrastructure container.
-		pod, err := c.runtime.LookupPod(options.Pod)
-		if err != nil {
-			return nil, 0, fmt.Errorf("pod %q cannot be retrieved: %w", options.Pod, err)
-		}
-
-		infraContainer, err := pod.InfraContainer()
+	if !foundUTS {
+		tmpHostname, err := os.Hostname()
 		if err != nil {
-			return nil, 0, fmt.Errorf("cannot retrieved infra container from pod %q: %w", options.Pod, err)
-		}
-
-		infraContainer.lock.Lock()
-		if err := infraContainer.syncContainer(); err != nil {
-			infraContainer.lock.Unlock()
-			return nil, 0, fmt.Errorf("error syncing infrastructure container %s status: %w", infraContainer.ID(), err)
-		}
-		if infraContainer.state.State != define.ContainerStateRunning {
-			if err := infraContainer.initAndStart(ctx); err != nil {
-				infraContainer.lock.Unlock()
-				return nil, 0, fmt.Errorf("error starting infrastructure container %s status: %w", infraContainer.ID(), err)
-			}
-		}
-		infraContainer.lock.Unlock()
-
-		if c.config.IPCNsCtr != "" {
-			nsPath, err := infraContainer.namespacePath(IPCNS)
-			if err != nil {
-				return nil, 0, fmt.Errorf("cannot retrieve IPC namespace path for Pod %q: %w", options.Pod, err)
-			}
-			if err := g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), nsPath); err != nil {
-				return nil, 0, err
-			}
-		}
-
-		if c.config.NetNsCtr != "" {
-			nsPath, err := infraContainer.namespacePath(NetNS)
-			if err != nil {
-				return nil, 0, fmt.Errorf("cannot retrieve network namespace path for Pod %q: %w", options.Pod, err)
-			}
-			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), nsPath); err != nil {
-				return nil, 0, err
-			}
-		}
-
-		if c.config.PIDNsCtr != "" {
-			nsPath, err := infraContainer.namespacePath(PIDNS)
-			if err != nil {
-				return nil, 0, fmt.Errorf("cannot retrieve PID namespace path for Pod %q: %w", options.Pod, err)
-			}
-			if err := g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), nsPath); err != nil {
-				return nil, 0, err
-			}
-		}
-
-		if c.config.UTSNsCtr != "" {
-			nsPath, err := infraContainer.namespacePath(UTSNS)
-			if err != nil {
-				return nil, 0, fmt.Errorf("cannot retrieve UTS namespace path for Pod %q: %w", options.Pod, err)
-			}
-			if err := g.AddOrReplaceLinuxNamespace(string(spec.UTSNamespace), nsPath); err != nil {
-				return nil, 0, err
-			}
-		}
-
-		if c.config.CgroupNsCtr != "" {
-			nsPath, err := infraContainer.namespacePath(CgroupNS)
-			if err != nil {
-				return nil, 0, fmt.Errorf("cannot retrieve Cgroup namespace path for Pod %q: %w", options.Pod, err)
-			}
-			if err := g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), nsPath); err != nil {
-				return nil, 0, err
-			}
-		}
-	}
-
-	if err := c.makeBindMounts(); err != nil {
-		return nil, 0, err
-	}
-
-	if options.TargetFile != "" || options.CheckpointImageID != "" {
-		for dstPath, srcPath := range c.state.BindMounts {
-			newMount := spec.Mount{
-				Type:        "bind",
-				Source:      srcPath,
-				Destination: dstPath,
-				Options:     []string{"bind", "private"},
-			}
-			if c.IsReadOnly() && dstPath != "/dev/shm" {
-				newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
-			}
-			if dstPath == "/dev/shm" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
-				newMount.Options = append(newMount.Options, "nosuid", "noexec", "nodev")
-			}
-			if !MountExists(g.Mounts(), dstPath) {
-				g.AddMount(newMount)
-			}
-		}
-	}
-
-	// Restore /dev/shm content
-	if c.config.ShmDir != "" && c.state.BindMounts["/dev/shm"] == c.config.ShmDir {
-		shmDirTarFileFullPath := filepath.Join(c.bundlePath(), metadata.DevShmCheckpointTar)
-		if _, err := os.Stat(shmDirTarFileFullPath); err != nil {
-			logrus.Debug("Container checkpoint doesn't contain dev/shm: ", err.Error())
-		} else {
-			shmDirTarFile, err := os.Open(shmDirTarFileFullPath)
-			if err != nil {
-				return nil, 0, err
-			}
-			defer shmDirTarFile.Close()
-
-			if err := archive.UntarUncompressed(shmDirTarFile, c.config.ShmDir, nil); err != nil {
-				return nil, 0, err
-			}
-		}
-	}
-
-	// Cleanup for a working restore.
-	if err := c.removeConmonFiles(); err != nil {
-		return nil, 0, err
-	}
-
-	// Save the OCI spec to disk
-	if err := c.saveSpec(g.Config); err != nil {
-		return nil, 0, err
-	}
-
-	// When restoring from an imported archive, allow restoring the content of volumes.
-	// Volumes are created in setupContainer()
-	if !options.IgnoreVolumes && (options.TargetFile != "" || options.CheckpointImageID != "") {
-		for _, v := range c.config.NamedVolumes {
-			volumeFilePath := filepath.Join(c.bundlePath(), metadata.CheckpointVolumesDirectory, v.Name+".tar")
-
-			volumeFile, err := os.Open(volumeFilePath)
-			if err != nil {
-				return nil, 0, fmt.Errorf("failed to open volume file %s: %w", volumeFilePath, err)
-			}
-			defer volumeFile.Close()
-
-			volume, err := c.runtime.GetVolume(v.Name)
-			if err != nil {
-				return nil, 0, fmt.Errorf("failed to retrieve volume %s: %w", v.Name, err)
-			}
-
-			mountPoint, err := volume.MountPoint()
-			if err != nil {
-				return nil, 0, err
-			}
-			if mountPoint == "" {
-				return nil, 0, fmt.Errorf("unable to import volume %s as it is not mounted: %w", volume.Name(), err)
-			}
-			if err := archive.UntarUncompressed(volumeFile, mountPoint, nil); err != nil {
-				return nil, 0, fmt.Errorf("failed to extract volume %s to %s: %w", volumeFilePath, mountPoint, err)
-			}
+			return err
 		}
+		hostname = tmpHostname
 	}
-
-	// Before actually restarting the container, apply the root file-system changes
-	if !options.IgnoreRootfs {
-		if err := crutils.CRApplyRootFsDiffTar(c.bundlePath(), c.state.Mountpoint); err != nil {
-			return nil, 0, err
-		}
-
-		if err := crutils.CRRemoveDeletedFiles(c.ID(), c.bundlePath(), c.state.Mountpoint); err != nil {
-			return nil, 0, err
+	needEnv := true
+	for _, checkEnv := range g.Config.Process.Env {
+		if strings.SplitN(checkEnv, "=", 2)[0] == "HOSTNAME" {
+			needEnv = false
+			break
 		}
 	}
-
-	runtimeRestoreDuration, err = c.ociRuntime.CreateContainer(c, &options)
-	if err != nil {
-		return nil, 0, err
+	if needEnv {
+		g.AddProcessEnv("HOSTNAME", hostname)
 	}
 
-	criuStatistics, err = func() (*define.CRIUCheckpointRestoreStatistics, error) {
-		if !options.PrintStats {
-			return nil, nil
-		}
-		statsDirectory, err := os.Open(c.bundlePath())
-		if err != nil {
-			return nil, fmt.Errorf("not able to open %q: %w", c.bundlePath(), err)
-		}
-
-		restoreStatistics, err := stats.CriuGetRestoreStats(statsDirectory)
-		if err != nil {
-			return nil, fmt.Errorf("displaying restore statistics not possible: %w", err)
+	if c.config.UTSNsCtr != "" {
+		if err := c.addNamespaceContainer(g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil {
+			return err
 		}
-
-		return &define.CRIUCheckpointRestoreStatistics{
-			PagesCompared:   restoreStatistics.GetPagesCompared(),
-			PagesSkippedCow: restoreStatistics.GetPagesSkippedCow(),
-			ForkingTime:     restoreStatistics.GetForkingTime(),
-			RestoreTime:     restoreStatistics.GetRestoreTime(),
-			PagesRestored:   restoreStatistics.GetPagesRestored(),
-		}, nil
-	}()
-	if err != nil {
-		return nil, 0, err
 	}
-
-	logrus.Debugf("Restored container %s", c.ID())
-
-	c.state.State = define.ContainerStateRunning
-	c.state.Checkpointed = false
-	c.state.Restored = true
-	c.state.CheckpointedTime = time.Time{}
-	c.state.RestoredTime = time.Now()
-
-	if !options.Keep {
-		// Delete all checkpoint related files. At this point, in theory, all files
-		// should exist. Still ignoring errors for now as the container should be
-		// restored and running. Not erroring out just because some cleanup operation
-		// failed. Starting with the checkpoint directory
-		err = os.RemoveAll(c.CheckpointPath())
-		if err != nil {
-			logrus.Debugf("Non-fatal: removal of checkpoint directory (%s) failed: %v", c.CheckpointPath(), err)
-		}
-		c.state.CheckpointPath = ""
-		err = os.RemoveAll(c.PreCheckPointPath())
-		if err != nil {
-			logrus.Debugf("Non-fatal: removal of pre-checkpoint directory (%s) failed: %v", c.PreCheckPointPath(), err)
-		}
-		err = os.RemoveAll(c.CheckpointVolumesPath())
-		if err != nil {
-			logrus.Debugf("Non-fatal: removal of checkpoint volumes directory (%s) failed: %v", c.CheckpointVolumesPath(), err)
-		}
-		cleanup := [...]string{
-			"restore.log",
-			"dump.log",
-			stats.StatsDump,
-			stats.StatsRestore,
-			metadata.DevShmCheckpointTar,
-			metadata.NetworkStatusFile,
-			metadata.RootFsDiffTar,
-			metadata.DeletedFilesFile,
-		}
-		for _, del := range cleanup {
-			file := filepath.Join(c.bundlePath(), del)
-			err = os.Remove(file)
-			if err != nil {
-				logrus.Debugf("Non-fatal: removal of checkpoint file (%s) failed: %v", file, err)
-			}
+	if c.config.CgroupNsCtr != "" {
+		if err := c.addNamespaceContainer(g, CgroupNS, c.config.CgroupNsCtr, spec.CgroupNamespace); err != nil {
+			return err
 		}
-		c.state.CheckpointLog = ""
-		c.state.RestoreLog = ""
 	}
 
-	return criuStatistics, runtimeRestoreDuration, c.save()
-}
-
-// Retrieves a container's "root" net namespace container dependency.
-func (c *Container) getRootNetNsDepCtr() (depCtr *Container, err error) {
-	containersVisited := map[string]int{c.config.ID: 1}
-	nextCtr := c.config.NetNsCtr
-	for nextCtr != "" {
-		// Make sure we aren't in a loop
-		if _, visited := containersVisited[nextCtr]; visited {
-			return nil, errors.New("loop encountered while determining net namespace container")
+	if c.config.UserNsCtr == "" && c.config.IDMappings.AutoUserNs {
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.UserNamespace), ""); err != nil {
+			return err
 		}
-		containersVisited[nextCtr] = 1
-
-		depCtr, err = c.runtime.state.Container(nextCtr)
-		if err != nil {
-			return nil, fmt.Errorf("error fetching dependency %s of container %s: %w", c.config.NetNsCtr, c.ID(), err)
+		g.ClearLinuxUIDMappings()
+		for _, uidmap := range c.config.IDMappings.UIDMap {
+			g.AddLinuxUIDMapping(uint32(uidmap.HostID), uint32(uidmap.ContainerID), uint32(uidmap.Size))
 		}
-		// This should never happen without an error
-		if depCtr == nil {
-			break
+		g.ClearLinuxGIDMappings()
+		for _, gidmap := range c.config.IDMappings.GIDMap {
+			g.AddLinuxGIDMapping(uint32(gidmap.HostID), uint32(gidmap.ContainerID), uint32(gidmap.Size))
 		}
-		nextCtr = depCtr.config.NetNsCtr
-	}
-
-	if depCtr == nil {
-		return nil, errors.New("unexpected error depCtr is nil without reported error from runtime state")
-	}
-	return depCtr, nil
-}
-
-// Ensure standard bind mounts are mounted into all root directories (including chroot directories)
-func (c *Container) mountIntoRootDirs(mountName string, mountPath string) error {
-	c.state.BindMounts[mountName] = mountPath
-
-	for _, chrootDir := range c.config.ChrootDirs {
-		c.state.BindMounts[filepath.Join(chrootDir, mountName)] = mountPath
 	}
-
 	return nil
 }
 
-// Make standard bind mounts to include in the container
-func (c *Container) makeBindMounts() error {
-	if err := os.Chown(c.state.RunDir, c.RootUID(), c.RootGID()); err != nil {
-		return fmt.Errorf("cannot chown run directory: %w", err)
-	}
-
-	if c.state.BindMounts == nil {
-		c.state.BindMounts = make(map[string]string)
-	}
-	netDisabled, err := c.NetworkDisabled()
-	if err != nil {
-		return err
-	}
-
-	if !netDisabled {
-		// If /etc/resolv.conf and /etc/hosts exist, delete them so we
-		// will recreate. Only do this if we aren't sharing them with
-		// another container.
-		if c.config.NetNsCtr == "" {
-			if resolvePath, ok := c.state.BindMounts["/etc/resolv.conf"]; ok {
-				if err := os.Remove(resolvePath); err != nil && !os.IsNotExist(err) {
-					return fmt.Errorf("container %s: %w", c.ID(), err)
-				}
-				delete(c.state.BindMounts, "/etc/resolv.conf")
-			}
-			if hostsPath, ok := c.state.BindMounts["/etc/hosts"]; ok {
-				if err := os.Remove(hostsPath); err != nil && !os.IsNotExist(err) {
-					return fmt.Errorf("container %s: %w", c.ID(), err)
-				}
-				delete(c.state.BindMounts, "/etc/hosts")
-			}
-		}
-
-		if c.config.NetNsCtr != "" && (!c.config.UseImageResolvConf || !c.config.UseImageHosts) {
-			// We share a net namespace.
-			// We want /etc/resolv.conf and /etc/hosts from the
-			// other container. Unless we're not creating both of
-			// them.
-			depCtr, err := c.getRootNetNsDepCtr()
-			if err != nil {
-				return fmt.Errorf("error fetching network namespace dependency container for container %s: %w", c.ID(), err)
-			}
-
-			// We need that container's bind mounts
-			bindMounts, err := depCtr.BindMounts()
-			if err != nil {
-				return fmt.Errorf("error fetching bind mounts from dependency %s of container %s: %w", depCtr.ID(), c.ID(), err)
-			}
-
-			// The other container may not have a resolv.conf or /etc/hosts
-			// If it doesn't, don't copy them
-			resolvPath, exists := bindMounts["/etc/resolv.conf"]
-			if !c.config.UseImageResolvConf && exists {
-				err := c.mountIntoRootDirs("/etc/resolv.conf", resolvPath)
-
-				if err != nil {
-					return fmt.Errorf("error assigning mounts to container %s: %w", c.ID(), err)
-				}
-			}
-
-			// check if dependency container has an /etc/hosts file.
-			// It may not have one, so only use it if it does.
-			hostsPath, exists := bindMounts[config.DefaultHostsFile]
-			if !c.config.UseImageHosts && exists {
-				// we cannot use the dependency container lock due ABBA deadlocks in cleanup()
-				lock, err := lockfile.GetLockfile(hostsPath)
-				if err != nil {
-					return fmt.Errorf("failed to lock hosts file: %w", err)
-				}
-				lock.Lock()
-
-				// add the newly added container to the hosts file
-				// we always use 127.0.0.1 as ip since they have the same netns
-				err = etchosts.Add(hostsPath, getLocalhostHostEntry(c))
-				lock.Unlock()
-				if err != nil {
-					return fmt.Errorf("error creating hosts file for container %s which depends on container %s: %w", c.ID(), depCtr.ID(), err)
-				}
-
-				// finally, save it in the new container
-				err = c.mountIntoRootDirs(config.DefaultHostsFile, hostsPath)
-				if err != nil {
-					return fmt.Errorf("error assigning mounts to container %s: %w", c.ID(), err)
-				}
-			}
-
-			if !hasCurrentUserMapped(c) {
-				if err := makeAccessible(resolvPath, c.RootUID(), c.RootGID()); err != nil {
-					return err
-				}
-				if err := makeAccessible(hostsPath, c.RootUID(), c.RootGID()); err != nil {
-					return err
-				}
-			}
-		} else {
-			if !c.config.UseImageResolvConf {
-				if err := c.generateResolvConf(); err != nil {
-					return fmt.Errorf("error creating resolv.conf for container %s: %w", c.ID(), err)
-				}
-			}
-
-			if !c.config.UseImageHosts {
-				if err := c.createHosts(); err != nil {
-					return fmt.Errorf("error creating hosts file for container %s: %w", c.ID(), err)
-				}
-			}
-		}
-
-		if c.state.BindMounts["/etc/hosts"] != "" {
-			if err := c.relabel(c.state.BindMounts["/etc/hosts"], c.config.MountLabel, true); err != nil {
-				return err
-			}
-		}
-
-		if c.state.BindMounts["/etc/resolv.conf"] != "" {
-			if err := c.relabel(c.state.BindMounts["/etc/resolv.conf"], c.config.MountLabel, true); err != nil {
-				return err
-			}
-		}
-	} else if !c.config.UseImageHosts && c.state.BindMounts["/etc/hosts"] == "" {
-		if err := c.createHosts(); err != nil {
-			return fmt.Errorf("error creating hosts file for container %s: %w", c.ID(), err)
-		}
-	}
-
-	if c.config.ShmDir != "" {
-		// If ShmDir has a value SHM is always added when we mount the container
-		c.state.BindMounts["/dev/shm"] = c.config.ShmDir
-	}
-
-	if c.config.Passwd == nil || *c.config.Passwd {
-		newPasswd, newGroup, err := c.generatePasswdAndGroup()
-		if err != nil {
-			return fmt.Errorf("error creating temporary passwd file for container %s: %w", c.ID(), err)
-		}
-		if newPasswd != "" {
-			// Make /etc/passwd
-			// If it already exists, delete so we can recreate
-			delete(c.state.BindMounts, "/etc/passwd")
-			c.state.BindMounts["/etc/passwd"] = newPasswd
-		}
-		if newGroup != "" {
-			// Make /etc/group
-			// If it already exists, delete so we can recreate
-			delete(c.state.BindMounts, "/etc/group")
-			c.state.BindMounts["/etc/group"] = newGroup
-		}
-	}
-
-	// Make /etc/hostname
-	// This should never change, so no need to recreate if it exists
-	if _, ok := c.state.BindMounts["/etc/hostname"]; !ok {
-		hostnamePath, err := c.writeStringToRundir("hostname", c.Hostname())
-		if err != nil {
-			return fmt.Errorf("error creating hostname file for container %s: %w", c.ID(), err)
-		}
-		c.state.BindMounts["/etc/hostname"] = hostnamePath
-	}
-
-	// Make /etc/localtime
-	ctrTimezone := c.Timezone()
-	if ctrTimezone != "" {
-		// validate the format of the timezone specified if it's not "local"
-		if ctrTimezone != "local" {
-			_, err = time.LoadLocation(ctrTimezone)
-			if err != nil {
-				return fmt.Errorf("error finding timezone for container %s: %w", c.ID(), err)
-			}
-		}
-		if _, ok := c.state.BindMounts["/etc/localtime"]; !ok {
-			var zonePath string
-			if ctrTimezone == "local" {
-				zonePath, err = filepath.EvalSymlinks("/etc/localtime")
-				if err != nil {
-					return fmt.Errorf("error finding local timezone for container %s: %w", c.ID(), err)
+func (c *Container) addRootPropagation(g *generate.Generator, mounts []spec.Mount) error {
+	// Determine property of RootPropagation based on volume properties. If
+	// a volume is shared, then keep root propagation shared. This should
+	// work for slave and private volumes too.
+	//
+	// For slave volumes, it can be either [r]shared/[r]slave.
+	//
+	// For private volumes any root propagation value should work.
+	rootPropagation := ""
+	for _, m := range mounts {
+		for _, opt := range m.Options {
+			switch opt {
+			case MountShared, MountRShared:
+				if rootPropagation != MountShared && rootPropagation != MountRShared {
+					rootPropagation = MountShared
 				}
-			} else {
-				zone := filepath.Join("/usr/share/zoneinfo", ctrTimezone)
-				zonePath, err = filepath.EvalSymlinks(zone)
-				if err != nil {
-					return fmt.Errorf("error setting timezone for container %s: %w", c.ID(), err)
+			case MountSlave, MountRSlave:
+				if rootPropagation != MountShared && rootPropagation != MountRShared && rootPropagation != MountSlave && rootPropagation != MountRSlave {
+					rootPropagation = MountRSlave
 				}
 			}
-			localtimePath, err := c.copyTimezoneFile(zonePath)
-			if err != nil {
-				return fmt.Errorf("error setting timezone for container %s: %w", c.ID(), err)
-			}
-			c.state.BindMounts["/etc/localtime"] = localtimePath
-		}
-	}
-
-	_, hasRunContainerenv := c.state.BindMounts["/run/.containerenv"]
-	if !hasRunContainerenv {
-		// check in the spec mounts
-		for _, m := range c.config.Spec.Mounts {
-			if m.Destination == "/run/.containerenv" || m.Destination == "/run" {
-				hasRunContainerenv = true
-				break
-			}
 		}
 	}
-
-	// Make .containerenv if it does not exist
-	if !hasRunContainerenv {
-		containerenv := c.runtime.graphRootMountedFlag(c.config.Spec.Mounts)
-		isRootless := 0
-		if rootless.IsRootless() {
-			isRootless = 1
-		}
-		imageID, imageName := c.Image()
-
-		if c.Privileged() {
-			// Populate the .containerenv with container information
-			containerenv = fmt.Sprintf(`engine="podman-%s"
-name=%q
-id=%q
-image=%q
-imageid=%q
-rootless=%d
-%s`, version.Version.String(), c.Name(), c.ID(), imageName, imageID, isRootless, containerenv)
-		}
-		containerenvPath, err := c.writeStringToRundir(".containerenv", containerenv)
-		if err != nil {
-			return fmt.Errorf("error creating containerenv file for container %s: %w", c.ID(), err)
-		}
-		c.state.BindMounts["/run/.containerenv"] = containerenvPath
-	}
-
-	// Add Subscription Mounts
-	subscriptionMounts := subscriptions.MountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.Mountpoint, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
-	for _, mount := range subscriptionMounts {
-		if _, ok := c.state.BindMounts[mount.Destination]; !ok {
-			c.state.BindMounts[mount.Destination] = mount.Source
-		}
-	}
-
-	// Secrets are mounted by getting the secret data from the secrets manager,
-	// copying the data into the container's static dir,
-	// then mounting the copied dir into /run/secrets.
-	// The secrets mounting must come after subscription mounts, since subscription mounts
-	// creates the /run/secrets dir in the container where we mount as well.
-	if len(c.Secrets()) > 0 {
-		// create /run/secrets if subscriptions did not create
-		if err := c.createSecretMountDir(); err != nil {
-			return fmt.Errorf("error creating secrets mount: %w", err)
-		}
-		for _, secret := range c.Secrets() {
-			secretFileName := secret.Name
-			base := "/run/secrets"
-			if secret.Target != "" {
-				secretFileName = secret.Target
-				// If absolute path for target given remove base.
-				if filepath.IsAbs(secretFileName) {
-					base = ""
-				}
-			}
-			src := filepath.Join(c.config.SecretsPath, secret.Name)
-			dest := filepath.Join(base, secretFileName)
-			c.state.BindMounts[dest] = src
+	if rootPropagation != "" {
+		logrus.Debugf("Set root propagation to %q", rootPropagation)
+		if err := g.SetLinuxRootPropagation(rootPropagation); err != nil {
+			return err
 		}
 	}
-
 	return nil
 }
 
-// generateResolvConf generates a containers resolv.conf
-func (c *Container) generateResolvConf() error {
-	var (
-		networkNameServers   []string
-		networkSearchDomains []string
-	)
+func (c *Container) setProcessLabel(g *generate.Generator) {
+	g.SetProcessSelinuxLabel(c.ProcessLabel())
+}
 
-	netStatus := c.getNetworkStatus()
-	for _, status := range netStatus {
-		if status.DNSServerIPs != nil {
-			for _, nsIP := range status.DNSServerIPs {
-				networkNameServers = append(networkNameServers, nsIP.String())
-			}
-			logrus.Debugf("Adding nameserver(s) from network status of '%q'", status.DNSServerIPs)
-		}
-		if status.DNSSearchDomains != nil {
-			networkSearchDomains = append(networkSearchDomains, status.DNSSearchDomains...)
-			logrus.Debugf("Adding search domain(s) from network status of '%q'", status.DNSSearchDomains)
-		}
-	}
+func (c *Container) setMountLabel(g *generate.Generator) {
+	g.SetLinuxMountLabel(c.MountLabel())
+}
 
-	ipv6, err := c.checkForIPv6(netStatus)
+func (c *Container) setCgroupsPath(g *generate.Generator) error {
+	cgroupPath, err := c.getOCICgroupPath()
 	if err != nil {
 		return err
 	}
-
-	nameservers := make([]string, 0, len(c.runtime.config.Containers.DNSServers)+len(c.config.DNSServer))
-	nameservers = append(nameservers, c.runtime.config.Containers.DNSServers...)
-	for _, ip := range c.config.DNSServer {
-		nameservers = append(nameservers, ip.String())
-	}
-	// If the user provided dns, it trumps all; then dns masq; then resolv.conf
-	var search []string
-	keepHostServers := false
-	if len(nameservers) == 0 {
-		keepHostServers = true
-		// first add the nameservers from the networks status
-		nameservers = networkNameServers
-		// when we add network dns server we also have to add the search domains
-		search = networkSearchDomains
-		// slirp4netns has a built in DNS forwarder.
-		if c.config.NetMode.IsSlirp4netns() {
-			slirp4netnsDNS, err := GetSlirp4netnsDNS(c.slirp4netnsSubnet)
-			if err != nil {
-				logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error())
-			} else {
-				nameservers = append(nameservers, slirp4netnsDNS.String())
-			}
-		}
-	}
-
-	if len(c.config.DNSSearch) > 0 || len(c.runtime.config.Containers.DNSSearches) > 0 {
-		customSearch := make([]string, 0, len(c.config.DNSSearch)+len(c.runtime.config.Containers.DNSSearches))
-		customSearch = append(customSearch, c.runtime.config.Containers.DNSSearches...)
-		customSearch = append(customSearch, c.config.DNSSearch...)
-		search = customSearch
-	}
-
-	options := make([]string, 0, len(c.config.DNSOption)+len(c.runtime.config.Containers.DNSOptions))
-	options = append(options, c.runtime.config.Containers.DNSOptions...)
-	options = append(options, c.config.DNSOption...)
-
-	destPath := filepath.Join(c.state.RunDir, "resolv.conf")
-
-	if err := resolvconf.New(&resolvconf.Params{
-		IPv6Enabled:     ipv6,
-		KeepHostServers: keepHostServers,
-		Nameservers:     nameservers,
-		Namespaces:      c.config.Spec.Linux.Namespaces,
-		Options:         options,
-		Path:            destPath,
-		Searches:        search,
-	}); err != nil {
-		return fmt.Errorf("error building resolv.conf for container %s: %w", c.ID(), err)
-	}
-
-	return c.bindMountRootFile(destPath, resolvconf.DefaultResolvConf)
+	g.SetLinuxCgroupsPath(cgroupPath)
+	return nil
 }
 
-// Check if a container uses IPv6.
-func (c *Container) checkForIPv6(netStatus map[string]types.StatusBlock) (bool, error) {
-	for _, status := range netStatus {
-		for _, netInt := range status.Interfaces {
-			for _, netAddress := range netInt.Subnets {
-				// Note: only using To16() does not work since it also returns a valid ip for ipv4
-				if netAddress.IPNet.IP.To4() == nil && netAddress.IPNet.IP.To16() != nil {
-					return true, nil
-				}
-			}
+func (c *Container) addSlirp4netnsDNS(nameservers []string) []string {
+	// slirp4netns has a built in DNS forwarder.
+	if c.config.NetMode.IsSlirp4netns() {
+		slirp4netnsDNS, err := GetSlirp4netnsDNS(c.slirp4netnsSubnet)
+		if err != nil {
+			logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error())
+		} else {
+			nameservers = append(nameservers, slirp4netnsDNS.String())
 		}
 	}
+	return nameservers
+}
 
+func (c *Container) isSlirp4netnsIPv6() (bool, error) {
 	if c.config.NetMode.IsSlirp4netns() {
 		ctrNetworkSlipOpts := []string{}
 		if c.config.NetworkOptions != nil {
@@ -2428,804 +630,38 @@ func (c *Container) checkForIPv6(netStatus map[string]types.StatusBlock) (bool,
 	return false, nil
 }
 
-// Add a new nameserver to the container's resolv.conf, ensuring that it is the
-// first nameserver present.
-// Usable only with running containers.
-func (c *Container) addNameserver(ips []string) error {
-	// Take no action if container is not running.
-	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
-		return nil
-	}
-
-	// Do we have a resolv.conf at all?
-	path, ok := c.state.BindMounts[resolvconf.DefaultResolvConf]
-	if !ok {
-		return nil
-	}
-
-	if err := resolvconf.Add(path, ips); err != nil {
-		return fmt.Errorf("adding new nameserver to container %s resolv.conf: %w", c.ID(), err)
-	}
-
-	return nil
-}
-
-// Remove an entry from the existing resolv.conf of the container.
-// Usable only with running containers.
-func (c *Container) removeNameserver(ips []string) error {
-	// Take no action if container is not running.
-	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
-		return nil
-	}
-
-	// Do we have a resolv.conf at all?
-	path, ok := c.state.BindMounts[resolvconf.DefaultResolvConf]
-	if !ok {
-		return nil
-	}
-
-	if err := resolvconf.Remove(path, ips); err != nil {
-		return fmt.Errorf("removing nameservers from container %s resolv.conf: %w", c.ID(), err)
-	}
-
-	return nil
-}
-
-func getLocalhostHostEntry(c *Container) etchosts.HostEntries {
-	return etchosts.HostEntries{{IP: "127.0.0.1", Names: []string{c.Hostname(), c.config.Name}}}
-}
-
-// getHostsEntries returns the container ip host entries for the correct netmode
-func (c *Container) getHostsEntries() (etchosts.HostEntries, error) {
-	var entries etchosts.HostEntries
-	names := []string{c.Hostname(), c.config.Name}
-	switch {
-	case c.config.NetMode.IsBridge():
-		entries = etchosts.GetNetworkHostEntries(c.state.NetworkStatus, names...)
-	case c.config.NetMode.IsSlirp4netns():
-		ip, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
-		if err != nil {
-			return nil, err
-		}
-		entries = etchosts.HostEntries{{IP: ip.String(), Names: names}}
-	default:
-		// check for net=none
-		if !c.config.CreateNetNS {
-			for _, ns := range c.config.Spec.Linux.Namespaces {
-				if ns.Type == spec.NetworkNamespace {
-					if ns.Path == "" {
-						entries = etchosts.HostEntries{{IP: "127.0.0.1", Names: names}}
-					}
-					break
+// check for net=none
+func (c *Container) hasNetNone() bool {
+	if !c.config.CreateNetNS {
+		for _, ns := range c.config.Spec.Linux.Namespaces {
+			if ns.Type == spec.NetworkNamespace {
+				if ns.Path == "" {
+					return true
 				}
 			}
 		}
 	}
-	return entries, nil
-}
-
-func (c *Container) createHosts() error {
-	var containerIPsEntries etchosts.HostEntries
-	var err error
-	// if we configure the netns after the container create we should not add
-	// the hosts here since we have no information about the actual ips
-	// instead we will add them in c.completeNetworkSetup()
-	if !c.config.PostConfigureNetNS {
-		containerIPsEntries, err = c.getHostsEntries()
-		if err != nil {
-			return fmt.Errorf("failed to get container ip host entries: %w", err)
-		}
-	}
-	baseHostFile, err := etchosts.GetBaseHostFile(c.runtime.config.Containers.BaseHostsFile, c.state.Mountpoint)
-	if err != nil {
-		return err
-	}
-
-	targetFile := filepath.Join(c.state.RunDir, "hosts")
-	err = etchosts.New(&etchosts.Params{
-		BaseFile:                 baseHostFile,
-		ExtraHosts:               c.config.HostAdd,
-		ContainerIPs:             containerIPsEntries,
-		HostContainersInternalIP: etchosts.GetHostContainersInternalIP(c.runtime.config, c.state.NetworkStatus, c.runtime.network),
-		TargetFile:               targetFile,
-	})
-	if err != nil {
-		return err
-	}
-
-	return c.bindMountRootFile(targetFile, config.DefaultHostsFile)
-}
-
-// bindMountRootFile will chown and relabel the source file to make it usable in the container.
-// It will also add the path to the container bind mount map.
-// source is the path on the host, dest is the path in the container.
-func (c *Container) bindMountRootFile(source, dest string) error {
-	if err := os.Chown(source, c.RootUID(), c.RootGID()); err != nil {
-		return err
-	}
-	if err := label.Relabel(source, c.MountLabel(), false); err != nil {
-		return err
-	}
-
-	return c.mountIntoRootDirs(dest, source)
-}
-
-// generateGroupEntry generates an entry or entries into /etc/group as
-// required by container configuration.
-// Generally speaking, we will make an entry under two circumstances:
-// 1. The container is started as a specific user:group, and that group is both
-//    numeric, and does not already exist in /etc/group.
-// 2. It is requested that Libpod add the group that launched Podman to
-//    /etc/group via AddCurrentUserPasswdEntry (though this does not trigger if
-//    the group in question already exists in /etc/passwd).
-// Returns group entry (as a string that can be appended to /etc/group) and any
-// error that occurred.
-func (c *Container) generateGroupEntry() (string, error) {
-	groupString := ""
-
-	// Things we *can't* handle: adding the user we added in
-	// generatePasswdEntry to any *existing* groups.
-	addedGID := 0
-	if c.config.AddCurrentUserPasswdEntry {
-		entry, gid, err := c.generateCurrentUserGroupEntry()
-		if err != nil {
-			return "", err
-		}
-		groupString += entry
-		addedGID = gid
-	}
-	if c.config.User != "" {
-		entry, err := c.generateUserGroupEntry(addedGID)
-		if err != nil {
-			return "", err
-		}
-		groupString += entry
-	}
-
-	return groupString, nil
-}
-
-// Make an entry in /etc/group for the group of the user running podman iff we
-// are rootless.
-func (c *Container) generateCurrentUserGroupEntry() (string, int, error) {
-	gid := rootless.GetRootlessGID()
-	if gid == 0 {
-		return "", 0, nil
-	}
-
-	g, err := user.LookupGroupId(strconv.Itoa(gid))
-	if err != nil {
-		return "", 0, fmt.Errorf("failed to get current group: %w", err)
-	}
-
-	// Look up group name to see if it exists in the image.
-	_, err = lookup.GetGroup(c.state.Mountpoint, g.Name)
-	if err != runcuser.ErrNoGroupEntries {
-		return "", 0, err
-	}
-
-	// Look up GID to see if it exists in the image.
-	_, err = lookup.GetGroup(c.state.Mountpoint, g.Gid)
-	if err != runcuser.ErrNoGroupEntries {
-		return "", 0, err
-	}
-
-	// We need to get the username of the rootless user so we can add it to
-	// the group.
-	username := ""
-	uid := rootless.GetRootlessUID()
-	if uid != 0 {
-		u, err := user.LookupId(strconv.Itoa(uid))
-		if err != nil {
-			return "", 0, fmt.Errorf("failed to get current user to make group entry: %w", err)
-		}
-		username = u.Username
-	}
-
-	// Make the entry.
-	return fmt.Sprintf("%s:x:%s:%s\n", g.Name, g.Gid, username), gid, nil
-}
-
-// Make an entry in /etc/group for the group the container was specified to run
-// as.
-func (c *Container) generateUserGroupEntry(addedGID int) (string, error) {
-	if c.config.User == "" {
-		return "", nil
-	}
-
-	splitUser := strings.SplitN(c.config.User, ":", 2)
-	group := splitUser[0]
-	if len(splitUser) > 1 {
-		group = splitUser[1]
-	}
-
-	gid, err := strconv.ParseUint(group, 10, 32)
-	if err != nil {
-		return "", nil //nolint: nilerr
-	}
-
-	if addedGID != 0 && addedGID == int(gid) {
-		return "", nil
-	}
-
-	// Check if the group already exists
-	_, err = lookup.GetGroup(c.state.Mountpoint, group)
-	if err != runcuser.ErrNoGroupEntries {
-		return "", err
-	}
-
-	return fmt.Sprintf("%d:x:%d:%s\n", gid, gid, splitUser[0]), nil
-}
-
-// generatePasswdEntry generates an entry or entries into /etc/passwd as
-// required by container configuration.
-// Generally speaking, we will make an entry under two circumstances:
-// 1. The container is started as a specific user who is not in /etc/passwd.
-//    This only triggers if the user is given as a *numeric* ID.
-// 2. It is requested that Libpod add the user that launched Podman to
-//    /etc/passwd via AddCurrentUserPasswdEntry (though this does not trigger if
-//    the user in question already exists in /etc/passwd) or the UID to be added
-//    is 0).
-// 3. The user specified additional host user accounts to add the the /etc/passwd file
-// Returns password entry (as a string that can be appended to /etc/passwd) and
-// any error that occurred.
-func (c *Container) generatePasswdEntry() (string, error) {
-	passwdString := ""
-
-	addedUID := 0
-	for _, userid := range c.config.HostUsers {
-		// Look up User on host
-		u, err := util.LookupUser(userid)
-		if err != nil {
-			return "", err
-		}
-		entry, err := c.userPasswdEntry(u)
-		if err != nil {
-			return "", err
-		}
-		passwdString += entry
-	}
-	if c.config.AddCurrentUserPasswdEntry {
-		entry, uid, _, err := c.generateCurrentUserPasswdEntry()
-		if err != nil {
-			return "", err
-		}
-		passwdString += entry
-		addedUID = uid
-	}
-	if c.config.User != "" {
-		entry, err := c.generateUserPasswdEntry(addedUID)
-		if err != nil {
-			return "", err
-		}
-		passwdString += entry
-	}
-
-	return passwdString, nil
-}
-
-// generateCurrentUserPasswdEntry generates an /etc/passwd entry for the user
-// running the container engine.
-// Returns a passwd entry for the user, and the UID and GID of the added entry.
-func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) {
-	uid := rootless.GetRootlessUID()
-	if uid == 0 {
-		return "", 0, 0, nil
-	}
-
-	u, err := user.LookupId(strconv.Itoa(uid))
-	if err != nil {
-		return "", 0, 0, fmt.Errorf("failed to get current user: %w", err)
-	}
-	pwd, err := c.userPasswdEntry(u)
-	if err != nil {
-		return "", 0, 0, err
-	}
-
-	return pwd, uid, rootless.GetRootlessGID(), nil
-}
-
-func (c *Container) userPasswdEntry(u *user.User) (string, error) {
-	// Look up the user to see if it exists in the container image.
-	_, err := lookup.GetUser(c.state.Mountpoint, u.Username)
-	if err != runcuser.ErrNoPasswdEntries {
-		return "", err
-	}
-
-	// Look up the UID to see if it exists in the container image.
-	_, err = lookup.GetUser(c.state.Mountpoint, u.Uid)
-	if err != runcuser.ErrNoPasswdEntries {
-		return "", err
-	}
-
-	// If the user's actual home directory exists, or was mounted in - use
-	// that.
-	homeDir := c.WorkingDir()
-	hDir := u.HomeDir
-	for hDir != "/" {
-		if MountExists(c.config.Spec.Mounts, hDir) {
-			homeDir = u.HomeDir
-			break
-		}
-		hDir = filepath.Dir(hDir)
-	}
-	if homeDir != u.HomeDir {
-		for _, hDir := range c.UserVolumes() {
-			if hDir == u.HomeDir {
-				homeDir = u.HomeDir
-				break
-			}
-		}
-	}
-	// Set HOME environment if not already set
-	hasHomeSet := false
-	for _, s := range c.config.Spec.Process.Env {
-		if strings.HasPrefix(s, "HOME=") {
-			hasHomeSet = true
-			break
-		}
-	}
-	if !hasHomeSet {
-		c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
-	}
-	if c.config.PasswdEntry != "" {
-		return c.passwdEntry(u.Username, u.Uid, u.Gid, u.Name, homeDir), nil
-	}
-
-	return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), nil
-}
-
-// generateUserPasswdEntry generates an /etc/passwd entry for the container user
-// to run in the container.
-// The UID and GID of the added entry will also be returned.
-// Accepts one argument, that being any UID that has already been added to the
-// passwd file by other functions; if it matches the UID we were given, we don't
-// need to do anything.
-func (c *Container) generateUserPasswdEntry(addedUID int) (string, error) {
-	var (
-		groupspec string
-		gid       int
-	)
-	if c.config.User == "" {
-		return "", nil
-	}
-	splitSpec := strings.SplitN(c.config.User, ":", 2)
-	userspec := splitSpec[0]
-	if len(splitSpec) > 1 {
-		groupspec = splitSpec[1]
-	}
-	// If a non numeric User, then don't generate passwd
-	uid, err := strconv.ParseUint(userspec, 10, 32)
-	if err != nil {
-		return "", nil //nolint: nilerr
-	}
-
-	if addedUID != 0 && int(uid) == addedUID {
-		return "", nil
-	}
-
-	// Look up the user to see if it exists in the container image
-	_, err = lookup.GetUser(c.state.Mountpoint, userspec)
-	if err != runcuser.ErrNoPasswdEntries {
-		return "", err
-	}
-
-	if groupspec != "" {
-		ugid, err := strconv.ParseUint(groupspec, 10, 32)
-		if err == nil {
-			gid = int(ugid)
-		} else {
-			group, err := lookup.GetGroup(c.state.Mountpoint, groupspec)
-			if err != nil {
-				return "", fmt.Errorf("unable to get gid %s from group file: %w", groupspec, err)
-			}
-			gid = group.Gid
-		}
-	}
-
-	if c.config.PasswdEntry != "" {
-		entry := c.passwdEntry(fmt.Sprintf("%d", uid), fmt.Sprintf("%d", uid), fmt.Sprintf("%d", gid), "container user", c.WorkingDir())
-		return entry, nil
-	}
-
-	return fmt.Sprintf("%d:*:%d:%d:container user:%s:/bin/sh\n", uid, uid, gid, c.WorkingDir()), nil
-}
-
-func (c *Container) passwdEntry(username string, uid, gid, name, homeDir string) string {
-	s := c.config.PasswdEntry
-	s = strings.ReplaceAll(s, "$USERNAME", username)
-	s = strings.ReplaceAll(s, "$UID", uid)
-	s = strings.ReplaceAll(s, "$GID", gid)
-	s = strings.ReplaceAll(s, "$NAME", name)
-	s = strings.ReplaceAll(s, "$HOME", homeDir)
-	return s + "\n"
-}
-
-// generatePasswdAndGroup generates container-specific passwd and group files
-// iff g.config.User is a number or we are configured to make a passwd entry for
-// the current user or the user specified HostsUsers
-// Returns path to file to mount at /etc/passwd, path to file to mount at
-// /etc/group, and any error that occurred. If no passwd/group file were
-// required, the empty string will be returned for those path (this may occur
-// even if no error happened).
-// This may modify the mounted container's /etc/passwd and /etc/group instead of
-// making copies to bind-mount in, so we don't break useradd (it wants to make a
-// copy of /etc/passwd and rename the copy to /etc/passwd, which is impossible
-// with a bind mount). This is done in cases where the container is *not*
-// read-only. In this case, the function will return nothing ("", "", nil).
-func (c *Container) generatePasswdAndGroup() (string, string, error) {
-	if !c.config.AddCurrentUserPasswdEntry && c.config.User == "" &&
-		len(c.config.HostUsers) == 0 {
-		return "", "", nil
-	}
-
-	needPasswd := true
-	needGroup := true
-
-	// First, check if there's a mount at /etc/passwd or group, we don't
-	// want to interfere with user mounts.
-	if MountExists(c.config.Spec.Mounts, "/etc/passwd") {
-		needPasswd = false
-	}
-	if MountExists(c.config.Spec.Mounts, "/etc/group") {
-		needGroup = false
-	}
-
-	// Next, check if we already made the files. If we didn't, don't need to
-	// do anything more.
-	if needPasswd {
-		passwdPath := filepath.Join(c.config.StaticDir, "passwd")
-		if _, err := os.Stat(passwdPath); err == nil {
-			needPasswd = false
-		}
-	}
-	if needGroup {
-		groupPath := filepath.Join(c.config.StaticDir, "group")
-		if _, err := os.Stat(groupPath); err == nil {
-			needGroup = false
-		}
-	}
-
-	// If we don't need a /etc/passwd or /etc/group at this point we can
-	// just return.
-	if !needPasswd && !needGroup {
-		return "", "", nil
-	}
-
-	passwdPath := ""
-	groupPath := ""
-
-	ro := c.IsReadOnly()
-
-	if needPasswd {
-		passwdEntry, err := c.generatePasswdEntry()
-		if err != nil {
-			return "", "", err
-		}
-
-		needsWrite := passwdEntry != ""
-		switch {
-		case ro && needsWrite:
-			logrus.Debugf("Making /etc/passwd for container %s", c.ID())
-			originPasswdFile, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/passwd")
-			if err != nil {
-				return "", "", fmt.Errorf("error creating path to container %s /etc/passwd: %w", c.ID(), err)
-			}
-			orig, err := ioutil.ReadFile(originPasswdFile)
-			if err != nil && !os.IsNotExist(err) {
-				return "", "", err
-			}
-			passwdFile, err := c.writeStringToStaticDir("passwd", string(orig)+passwdEntry)
-			if err != nil {
-				return "", "", fmt.Errorf("failed to create temporary passwd file: %w", err)
-			}
-			if err := os.Chmod(passwdFile, 0644); err != nil {
-				return "", "", err
-			}
-			passwdPath = passwdFile
-		case !ro && needsWrite:
-			logrus.Debugf("Modifying container %s /etc/passwd", c.ID())
-			containerPasswd, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/passwd")
-			if err != nil {
-				return "", "", fmt.Errorf("error looking up location of container %s /etc/passwd: %w", c.ID(), err)
-			}
-
-			f, err := os.OpenFile(containerPasswd, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
-			if err != nil {
-				return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
-			}
-			defer f.Close()
-
-			if _, err := f.WriteString(passwdEntry); err != nil {
-				return "", "", fmt.Errorf("unable to append to container %s /etc/passwd: %w", c.ID(), err)
-			}
-		default:
-			logrus.Debugf("Not modifying container %s /etc/passwd", c.ID())
-		}
-	}
-	if needGroup {
-		groupEntry, err := c.generateGroupEntry()
-		if err != nil {
-			return "", "", err
-		}
-
-		needsWrite := groupEntry != ""
-		switch {
-		case ro && needsWrite:
-			logrus.Debugf("Making /etc/group for container %s", c.ID())
-			originGroupFile, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/group")
-			if err != nil {
-				return "", "", fmt.Errorf("error creating path to container %s /etc/group: %w", c.ID(), err)
-			}
-			orig, err := ioutil.ReadFile(originGroupFile)
-			if err != nil && !os.IsNotExist(err) {
-				return "", "", err
-			}
-			groupFile, err := c.writeStringToStaticDir("group", string(orig)+groupEntry)
-			if err != nil {
-				return "", "", fmt.Errorf("failed to create temporary group file: %w", err)
-			}
-			if err := os.Chmod(groupFile, 0644); err != nil {
-				return "", "", err
-			}
-			groupPath = groupFile
-		case !ro && needsWrite:
-			logrus.Debugf("Modifying container %s /etc/group", c.ID())
-			containerGroup, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/group")
-			if err != nil {
-				return "", "", fmt.Errorf("error looking up location of container %s /etc/group: %w", c.ID(), err)
-			}
-
-			f, err := os.OpenFile(containerGroup, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
-			if err != nil {
-				return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
-			}
-			defer f.Close()
-
-			if _, err := f.WriteString(groupEntry); err != nil {
-				return "", "", fmt.Errorf("unable to append to container %s /etc/group: %w", c.ID(), err)
-			}
-		default:
-			logrus.Debugf("Not modifying container %s /etc/group", c.ID())
-		}
-	}
-
-	return passwdPath, groupPath, nil
-}
-
-func isRootlessCgroupSet(cgroup string) bool {
-	// old versions of podman were setting the CgroupParent to CgroupfsDefaultCgroupParent
-	// by default.  Avoid breaking these versions and check whether the cgroup parent is
-	// set to the default and in this case enable the old behavior.  It should not be a real
-	// problem because the default CgroupParent is usually owned by root so rootless users
-	// cannot access it.
-	// This check might be lifted in a future version of Podman.
-	// Check both that the cgroup or its parent is set to the default value (used by pods).
-	return cgroup != CgroupfsDefaultCgroupParent && filepath.Dir(cgroup) != CgroupfsDefaultCgroupParent
-}
-
-func (c *Container) expectPodCgroup() (bool, error) {
-	unified, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return false, err
-	}
-	cgroupManager := c.CgroupManager()
-	switch {
-	case c.config.NoCgroups:
-		return false, nil
-	case cgroupManager == config.SystemdCgroupsManager:
-		return !rootless.IsRootless() || unified, nil
-	case cgroupManager == config.CgroupfsCgroupsManager:
-		return !rootless.IsRootless(), nil
-	default:
-		return false, fmt.Errorf("invalid cgroup mode %s requested for pods: %w", cgroupManager, define.ErrInvalidArg)
-	}
-}
-
-// Get cgroup path in a format suitable for the OCI spec
-func (c *Container) getOCICgroupPath() (string, error) {
-	unified, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return "", err
-	}
-	cgroupManager := c.CgroupManager()
-	switch {
-	case c.config.NoCgroups:
-		return "", nil
-	case c.config.CgroupsMode == cgroupSplit:
-		selfCgroup, err := utils.GetOwnCgroupDisallowRoot()
-		if err != nil {
-			return "", err
-		}
-		return filepath.Join(selfCgroup, fmt.Sprintf("libpod-payload-%s", c.ID())), nil
-	case cgroupManager == config.SystemdCgroupsManager:
-		// When the OCI runtime is set to use Systemd as a cgroup manager, it
-		// expects cgroups to be passed as follows:
-		// slice:prefix:name
-		systemdCgroups := fmt.Sprintf("%s:libpod:%s", path.Base(c.config.CgroupParent), c.ID())
-		logrus.Debugf("Setting Cgroups for container %s to %s", c.ID(), systemdCgroups)
-		return systemdCgroups, nil
-	case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)):
-		if c.config.CgroupParent == "" || !isRootlessCgroupSet(c.config.CgroupParent) {
-			return "", nil
-		}
-		fallthrough
-	case cgroupManager == config.CgroupfsCgroupsManager:
-		cgroupPath := filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID()))
-		logrus.Debugf("Setting Cgroup path for container %s to %s", c.ID(), cgroupPath)
-		return cgroupPath, nil
-	default:
-		return "", fmt.Errorf("invalid cgroup manager %s requested: %w", cgroupManager, define.ErrInvalidArg)
-	}
-}
-
-func (c *Container) copyTimezoneFile(zonePath string) (string, error) {
-	localtimeCopy := filepath.Join(c.state.RunDir, "localtime")
-	file, err := os.Stat(zonePath)
-	if err != nil {
-		return "", err
-	}
-	if file.IsDir() {
-		return "", errors.New("invalid timezone: is a directory")
-	}
-	src, err := os.Open(zonePath)
-	if err != nil {
-		return "", err
-	}
-	defer src.Close()
-	dest, err := os.Create(localtimeCopy)
-	if err != nil {
-		return "", err
-	}
-	defer dest.Close()
-	_, err = io.Copy(dest, src)
-	if err != nil {
-		return "", err
-	}
-	if err := c.relabel(localtimeCopy, c.config.MountLabel, false); err != nil {
-		return "", err
-	}
-	if err := dest.Chown(c.RootUID(), c.RootGID()); err != nil {
-		return "", err
-	}
-	return localtimeCopy, err
-}
-
-func (c *Container) cleanupOverlayMounts() error {
-	return overlay.CleanupContent(c.config.StaticDir)
-}
-
-// Creates and mounts an empty dir to mount secrets into, if it does not already exist
-func (c *Container) createSecretMountDir() error {
-	src := filepath.Join(c.state.RunDir, "/run/secrets")
-	_, err := os.Stat(src)
-	if os.IsNotExist(err) {
-		oldUmask := umask.Set(0)
-		defer umask.Set(oldUmask)
-
-		if err := os.MkdirAll(src, 0755); err != nil {
-			return err
-		}
-		if err := label.Relabel(src, c.config.MountLabel, false); err != nil {
-			return err
-		}
-		if err := os.Chown(src, c.RootUID(), c.RootGID()); err != nil {
-			return err
-		}
-		c.state.BindMounts["/run/secrets"] = src
-		return nil
-	}
-
-	return err
+	return false
 }
 
-// Fix ownership and permissions of the specified volume if necessary.
-func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
-	vol, err := c.runtime.state.Volume(v.Name)
-	if err != nil {
-		return fmt.Errorf("error retrieving named volume %s for container %s: %w", v.Name, c.ID(), err)
-	}
-
-	vol.lock.Lock()
-	defer vol.lock.Unlock()
-
-	// The volume may need a copy-up. Check the state.
-	if err := vol.update(); err != nil {
+func setVolumeAtime(mountPoint string, st os.FileInfo) error {
+	stat := st.Sys().(*syscall.Stat_t)
+	atime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) //nolint: unconvert
+	if err := os.Chtimes(mountPoint, atime, st.ModTime()); err != nil {
 		return err
 	}
-
-	// Volumes owned by a volume driver are not chowned - we don't want to
-	// mess with a mount not managed by us.
-	if vol.state.NeedsChown && !vol.UsesVolumeDriver() {
-		vol.state.NeedsChown = false
-
-		uid := int(c.config.Spec.Process.User.UID)
-		gid := int(c.config.Spec.Process.User.GID)
-
-		if c.config.IDMappings.UIDMap != nil {
-			p := idtools.IDPair{
-				UID: uid,
-				GID: gid,
-			}
-			mappings := idtools.NewIDMappingsFromMaps(c.config.IDMappings.UIDMap, c.config.IDMappings.GIDMap)
-			newPair, err := mappings.ToHost(p)
-			if err != nil {
-				return fmt.Errorf("error mapping user %d:%d: %w", uid, gid, err)
-			}
-			uid = newPair.UID
-			gid = newPair.GID
-		}
-
-		vol.state.UIDChowned = uid
-		vol.state.GIDChowned = gid
-
-		if err := vol.save(); err != nil {
-			return err
-		}
-
-		mountPoint, err := vol.MountPoint()
-		if err != nil {
-			return err
-		}
-
-		if err := os.Lchown(mountPoint, uid, gid); err != nil {
-			return err
-		}
-
-		// Make sure the new volume matches the permissions of the target directory.
-		// https://github.com/containers/podman/issues/10188
-		st, err := os.Lstat(filepath.Join(c.state.Mountpoint, v.Dest))
-		if err == nil {
-			if stat, ok := st.Sys().(*syscall.Stat_t); ok {
-				if err := os.Lchown(mountPoint, int(stat.Uid), int(stat.Gid)); err != nil {
-					return err
-				}
-			}
-			if err := os.Chmod(mountPoint, st.Mode()); err != nil {
-				return err
-			}
-			stat := st.Sys().(*syscall.Stat_t)
-			atime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) //nolint: unconvert
-			if err := os.Chtimes(mountPoint, atime, st.ModTime()); err != nil {
-				return err
-			}
-		} else if !os.IsNotExist(err) {
-			return err
-		}
-	}
 	return nil
 }
 
-func (c *Container) relabel(src, mountLabel string, recurse bool) error {
-	if !selinux.GetEnabled() || mountLabel == "" {
-		return nil
-	}
-	// only relabel on initial creation of container
-	if !c.ensureState(define.ContainerStateConfigured, define.ContainerStateUnknown) {
-		label, err := label.FileLabel(src)
-		if err != nil {
-			return err
-		}
-		// If labels are different, might be on a tmpfs
-		if label == mountLabel {
-			return nil
-		}
-	}
-	return label.Relabel(src, mountLabel, recurse)
-}
-
-func (c *Container) ChangeHostPathOwnership(src string, recurse bool, uid, gid int) error {
-	// only chown on initial creation of container
-	if !c.ensureState(define.ContainerStateConfigured, define.ContainerStateUnknown) {
-		st, err := os.Stat(src)
+func (c *Container) makePlatformBindMounts() error {
+	// Make /etc/hostname
+	// This should never change, so no need to recreate if it exists
+	if _, ok := c.state.BindMounts["/etc/hostname"]; !ok {
+		hostnamePath, err := c.writeStringToRundir("hostname", c.Hostname())
 		if err != nil {
-			return err
-		}
-
-		// If labels are different, might be on a tmpfs
-		if int(st.Sys().(*syscall.Stat_t).Uid) == uid && int(st.Sys().(*syscall.Stat_t).Gid) == gid {
-			return nil
+			return fmt.Errorf("creating hostname file for container %s: %w", c.ID(), err)
 		}
+		c.state.BindMounts["/etc/hostname"] = hostnamePath
 	}
-	return chown.ChangeHostPathOwnership(src, recurse, uid, gid)
+	return nil
 }
diff --git a/libpod/container_internal_unsupported.go b/libpod/container_internal_unsupported.go
new file mode 100644
index 000000000..1967c577b
--- /dev/null
+++ b/libpod/container_internal_unsupported.go
@@ -0,0 +1,99 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package libpod
+
+import (
+	"context"
+	"errors"
+
+	"github.com/containers/common/libnetwork/etchosts"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/lookup"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (c *Container) mountSHM(shmOptions string) error {
+	return errors.New("not implemented (*Container) mountSHM")
+}
+
+func (c *Container) unmountSHM(mount string) error {
+	return errors.New("not implemented (*Container) unmountSHM")
+}
+
+func (c *Container) cleanupOverlayMounts() error {
+	return errors.New("not implemented (*Container) cleanupOverlayMounts")
+}
+
+// prepare mounts the container and sets up other required resources like net
+// namespaces
+func (c *Container) prepare() error {
+	return errors.New("not implemented (*Container) prepare")
+}
+
+// resolveWorkDir resolves the container's workdir and, depending on the
+// configuration, will create it, or error out if it does not exist.
+// Note that the container must be mounted before.
+func (c *Container) resolveWorkDir() error {
+	return errors.New("not implemented (*Container) resolveWorkDir")
+}
+
+// cleanupNetwork unmounts and cleans up the container's network
+func (c *Container) cleanupNetwork() error {
+	return errors.New("not implemented (*Container) cleanupNetwork")
+}
+
+// reloadNetwork reloads the network for the given container, recreating
+// firewall rules.
+func (c *Container) reloadNetwork() error {
+	return errors.New("not implemented (*Container) reloadNetwork")
+}
+
+// Generate spec for a container
+// Accepts a map of the container's dependencies
+func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
+	return nil, errors.New("not implemented (*Container) generateSpec")
+}
+
+func (c *Container) getUserOverrides() *lookup.Overrides {
+	return &lookup.Overrides{}
+}
+
+func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (*define.CRIUCheckpointRestoreStatistics, int64, error) {
+	return nil, 0, errors.New("not implemented (*Container) checkpoint")
+}
+
+func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) (criuStatistics *define.CRIUCheckpointRestoreStatistics, runtimeRestoreDuration int64, retErr error) {
+	return nil, 0, errors.New("not implemented (*Container) restore")
+}
+
+// getHostsEntries returns the container ip host entries for the correct netmode
+func (c *Container) getHostsEntries() (etchosts.HostEntries, error) {
+	return nil, errors.New("unsupported (*Container) getHostsEntries")
+}
+
+// Fix ownership and permissions of the specified volume if necessary.
+func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
+	return errors.New("unsupported (*Container) fixVolumePermissions")
+}
+
+func (c *Container) expectPodCgroup() (bool, error) {
+	return false, errors.New("unsupported (*Container) expectPodCgroup")
+}
+
+// Get cgroup path in a format suitable for the OCI spec
+func (c *Container) getOCICgroupPath() (string, error) {
+	return "", errors.New("unsupported (*Container) getOCICgroupPath")
+}
+
+func getLocalhostHostEntry(c *Container) etchosts.HostEntries {
+	return nil
+}
+
+func isRootlessCgroupSet(cgroup string) bool {
+	return false
+}
+
+func openDirectory(path string) (fd int, err error) {
+	return -1, errors.New("unsupported openDirectory")
+}
diff --git a/libpod/container_linux.go b/libpod/container_linux.go
index 8b517e69f..9c17a1966 100644
--- a/libpod/container_linux.go
+++ b/libpod/container_linux.go
@@ -5,6 +5,7 @@ package libpod
 
 import (
 	"github.com/containernetworking/plugins/pkg/ns"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 type containerPlatformState struct {
@@ -13,3 +14,17 @@ type containerPlatformState struct {
 	// told to join another container's network namespace
 	NetNS ns.NetNS `json:"-"`
 }
+
+func networkDisabled(c *Container) (bool, error) {
+	if c.config.CreateNetNS {
+		return false, nil
+	}
+	if !c.config.PostConfigureNetNS {
+		for _, ns := range c.config.Spec.Linux.Namespaces {
+			if ns.Type == spec.NetworkNamespace {
+				return ns.Path == "", nil
+			}
+		}
+	}
+	return false, nil
+}
diff --git a/libpod/container_path_resolution.go b/libpod/container_path_resolution.go
index 35622d623..cd86df540 100644
--- a/libpod/container_path_resolution.go
+++ b/libpod/container_path_resolution.go
@@ -119,15 +119,29 @@ func findVolume(c *Container, containerPath string) (*Volume, error) {
 	return nil, nil
 }
 
+// isSubDir checks whether path is a subdirectory of root.
+func isSubDir(path, root string) bool {
+	// check if the specified container path is below a bind mount.
+	rel, err := filepath.Rel(root, path)
+	if err != nil {
+		return false
+	}
+	return rel != ".." && !strings.HasPrefix(rel, "../")
+}
+
 // isPathOnVolume returns true if the specified containerPath is a subdir of any
 // Volume's destination.
 func isPathOnVolume(c *Container, containerPath string) bool {
 	cleanedContainerPath := filepath.Clean(containerPath)
 	for _, vol := range c.config.NamedVolumes {
-		if cleanedContainerPath == filepath.Clean(vol.Dest) {
+		cleanedDestination := filepath.Clean(vol.Dest)
+		if cleanedContainerPath == cleanedDestination {
 			return true
 		}
-		for dest := vol.Dest; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
+		if isSubDir(cleanedContainerPath, cleanedDestination) {
+			return true
+		}
+		for dest := cleanedDestination; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
 			if cleanedContainerPath == dest {
 				return true
 			}
@@ -152,15 +166,19 @@ func findBindMount(c *Container, containerPath string) *specs.Mount {
 	return nil
 }
 
-/// isPathOnBindMount returns true if the specified containerPath is a subdir of any
+/// isPathOnMount returns true if the specified containerPath is a subdir of any
 // Mount's destination.
-func isPathOnBindMount(c *Container, containerPath string) bool {
+func isPathOnMount(c *Container, containerPath string) bool {
 	cleanedContainerPath := filepath.Clean(containerPath)
 	for _, m := range c.config.Spec.Mounts {
-		if cleanedContainerPath == filepath.Clean(m.Destination) {
+		cleanedDestination := filepath.Clean(m.Destination)
+		if cleanedContainerPath == cleanedDestination {
+			return true
+		}
+		if isSubDir(cleanedContainerPath, cleanedDestination) {
 			return true
 		}
-		for dest := m.Destination; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
+		for dest := cleanedDestination; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
 			if cleanedContainerPath == dest {
 				return true
 			}
diff --git a/libpod/container_path_resolution_test.go b/libpod/container_path_resolution_test.go
new file mode 100644
index 000000000..f906c752d
--- /dev/null
+++ b/libpod/container_path_resolution_test.go
@@ -0,0 +1,28 @@
+package libpod
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIsSubDir(t *testing.T) {
+	assert.True(t, isSubDir("/foo", "/foo"))
+	assert.True(t, isSubDir("/foo/bar", "/foo"))
+	assert.True(t, isSubDir("/foo/bar", "/foo/"))
+	assert.True(t, isSubDir("/foo/bar", "/foo//"))
+	assert.True(t, isSubDir("/foo/bar/", "/foo"))
+	assert.True(t, isSubDir("/foo/bar/baz/", "/foo"))
+	assert.True(t, isSubDir("/foo/bar/baz/", "/foo/bar"))
+	assert.True(t, isSubDir("/foo/bar/baz/", "/foo/bar/"))
+	assert.False(t, isSubDir("/foo/bar/baz/", "/foobar/"))
+	assert.False(t, isSubDir("/foo/bar/baz/../../", "/foobar/"))
+	assert.False(t, isSubDir("/foo/bar/baz/", "../foo/bar"))
+	assert.False(t, isSubDir("/foo/bar/baz/", "../foo/"))
+	assert.False(t, isSubDir("/foo/bar/baz/", "../foo"))
+	assert.False(t, isSubDir("/", ".."))
+	assert.False(t, isSubDir("//", ".."))
+	assert.False(t, isSubDir("//", "../"))
+	assert.False(t, isSubDir("//", "..//"))
+	assert.True(t, isSubDir("/foo/bar/baz/../../", "/foo/"))
+}
diff --git a/libpod/container_stat_linux.go b/libpod/container_stat_linux.go
index 72aabb516..dc3a524f5 100644
--- a/libpod/container_stat_linux.go
+++ b/libpod/container_stat_linux.go
@@ -168,7 +168,7 @@ func secureStat(root string, path string) (*copier.StatForItem, error) {
 		if stat.IsSymlink {
 			target, err := copier.Eval(root, path, copier.EvalOptions{})
 			if err != nil {
-				return nil, fmt.Errorf("error evaluating symlink in container: %w", err)
+				return nil, fmt.Errorf("evaluating symlink in container: %w", err)
 			}
 			// Need to make sure the symlink is relative to the root!
 			target = strings.TrimPrefix(target, root)
diff --git a/libpod/container_stat_unsupported.go b/libpod/container_stat_unsupported.go
new file mode 100644
index 000000000..2f1acd44d
--- /dev/null
+++ b/libpod/container_stat_unsupported.go
@@ -0,0 +1,14 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"errors"
+
+	"github.com/containers/podman/v4/libpod/define"
+)
+
+func (c *Container) stat(containerMountPoint string, containerPath string) (*define.FileInfo, string, string, error) {
+	return nil, "", "", errors.New("Containers stat not supported on this platform")
+}
diff --git a/libpod/container_top_linux.go b/libpod/container_top_linux.go
index 5571edf73..b9916c3a3 100644
--- a/libpod/container_top_linux.go
+++ b/libpod/container_top_linux.go
@@ -70,7 +70,7 @@ func (c *Container) Top(descriptors []string) ([]string, error) {
 
 	output, err = c.execPS(psDescriptors)
 	if err != nil {
-		return nil, fmt.Errorf("error executing ps(1) in the container: %w", err)
+		return nil, fmt.Errorf("executing ps(1) in the container: %w", err)
 	}
 
 	// Trick: filter the ps command from the output instead of
diff --git a/libpod/container_top_unsupported.go b/libpod/container_top_unsupported.go
new file mode 100644
index 000000000..a8d9b970b
--- /dev/null
+++ b/libpod/container_top_unsupported.go
@@ -0,0 +1,14 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"errors"
+)
+
+// Top gathers statistics about the running processes in a container. It returns a
+// []string for output
+func (c *Container) Top(descriptors []string) ([]string, error) {
+	return nil, errors.New("not implemented (*Container) Top")
+}
diff --git a/libpod/container_unsupported.go b/libpod/container_unsupported.go
new file mode 100644
index 000000000..16bf11622
--- /dev/null
+++ b/libpod/container_unsupported.go
@@ -0,0 +1,7 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package libpod
+
+type containerPlatformState struct {
+}
diff --git a/libpod/container_validate.go b/libpod/container_validate.go
index e280c60d2..f4611ecce 100644
--- a/libpod/container_validate.go
+++ b/libpod/container_validate.go
@@ -133,5 +133,13 @@ func (c *Container) validate() error {
 	if len(c.config.InitContainerType) > 0 && len(c.config.Pod) < 1 {
 		return fmt.Errorf("init containers must be created in a pod: %w", define.ErrInvalidArg)
 	}
+
+	if c.config.SdNotifyMode == define.SdNotifyModeIgnore && len(c.config.SdNotifySocket) > 0 {
+		return fmt.Errorf("cannot set sd-notify socket %q with sd-notify mode %q", c.config.SdNotifySocket, c.config.SdNotifyMode)
+	}
+
+	if c.config.HealthCheckOnFailureAction != define.HealthCheckOnFailureActionNone && c.config.HealthCheckConfig == nil {
+		return fmt.Errorf("cannot set on-failure action to %s without a health check", c.config.HealthCheckOnFailureAction.String())
+	}
 	return nil
 }
diff --git a/libpod/define/config.go b/libpod/define/config.go
index 0181bd31c..1fad5cc9a 100644
--- a/libpod/define/config.go
+++ b/libpod/define/config.go
@@ -81,15 +81,8 @@ const NoLogging = "none"
 // PassthroughLogging is the string conmon expects when specifying to use the passthrough driver
 const PassthroughLogging = "passthrough"
 
-// Strings used for --sdnotify option to podman
-const (
-	SdNotifyModeContainer = "container"
-	SdNotifyModeConmon    = "conmon"
-	SdNotifyModeIgnore    = "ignore"
-)
-
 // DefaultRlimitValue is the value set by default for nofile and nproc
 const RLimitDefaultValue = uint64(1048576)
 
 // BindMountPrefix distinguishes its annotations from others
-const BindMountPrefix = "bind-mount-options:"
+const BindMountPrefix = "bind-mount-options"
diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go
index e6a34ba61..da5c58f27 100644
--- a/libpod/define/container_inspect.go
+++ b/libpod/define/container_inspect.go
@@ -55,6 +55,8 @@ type InspectContainerConfig struct {
 	StopSignal uint `json:"StopSignal"`
 	// Configured healthcheck for the container
 	Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"`
+	// HealthcheckOnFailureAction defines an action to take once the container turns unhealthy.
+	HealthcheckOnFailureAction string `json:"HealthcheckOnFailureAction,omitempty"`
 	// CreateCommand is the full command plus arguments of the process the
 	// container has been created with.
 	CreateCommand []string `json:"CreateCommand,omitempty"`
@@ -79,6 +81,10 @@ type InspectContainerConfig struct {
 	// treated as root directories. Standard bind mounts will be mounted
 	// into paths relative to these directories.
 	ChrootDirs []string `json:"ChrootDirs,omitempty"`
+	// SdNotifyMode is the sd-notify mode of the container.
+	SdNotifyMode string `json:"sdNotifyMode,omitempty"`
+	// SdNotifySocket is the NOTIFY_SOCKET in use by/configured for the container.
+	SdNotifySocket string `json:"sdNotifySocket,omitempty"`
 }
 
 // InspectRestartPolicy holds information about the container's restart policy.
diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index fd27e89de..be471c27e 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -179,6 +179,9 @@ var (
 	// ErrNetworkInUse indicates the requested operation failed because the network was in use
 	ErrNetworkInUse = errors.New("network is being used")
 
+	// ErrNetworkConnected indicates that the required operation failed because the container is already a network endpoint
+	ErrNetworkConnected = errors.New("network is already connected")
+
 	// ErrStoreNotInitialized indicates that the container storage was never
 	// initialized.
 	ErrStoreNotInitialized = errors.New("the container storage was never initialized")
diff --git a/libpod/define/exec_codes.go b/libpod/define/exec_codes.go
index 3f2da4910..a84730e72 100644
--- a/libpod/define/exec_codes.go
+++ b/libpod/define/exec_codes.go
@@ -11,8 +11,8 @@ const (
 	// ExecErrorCodeGeneric is the default error code to return from an exec session if libpod failed
 	// prior to calling the runtime
 	ExecErrorCodeGeneric = 125
-	// ExecErrorCodeCannotInvoke is the error code to return when the runtime fails to invoke a command
-	// an example of this can be found by trying to execute a directory:
+	// ExecErrorCodeCannotInvoke is the error code to return when the runtime fails to invoke a command.
+	// An example of this can be found by trying to execute a directory:
 	// `podman exec -l /etc`
 	ExecErrorCodeCannotInvoke = 126
 	// ExecErrorCodeNotFound is the error code to return when a command cannot be found
diff --git a/libpod/define/healthchecks.go b/libpod/define/healthchecks.go
index f71274350..274e02561 100644
--- a/libpod/define/healthchecks.go
+++ b/libpod/define/healthchecks.go
@@ -1,5 +1,10 @@
 package define
 
+import (
+	"fmt"
+	"strings"
+)
+
 const (
 	// HealthCheckHealthy describes a healthy container
 	HealthCheckHealthy string = "healthy"
@@ -57,3 +62,72 @@ const (
 	// HealthConfigTestCmdShell runs commands with the system's default shell
 	HealthConfigTestCmdShell = "CMD-SHELL"
 )
+
+// HealthCheckOnFailureAction defines how Podman reacts when a container's health
+// status turns unhealthy.
+type HealthCheckOnFailureAction int
+
+// Healthcheck on-failure actions.
+const (
+	// HealthCheckOnFailureActionNonce instructs Podman to not react on an unhealthy status.
+	HealthCheckOnFailureActionNone = iota // Must be first iota for backwards compatibility
+	// HealthCheckOnFailureActionInvalid denotes an invalid on-failure policy.
+	HealthCheckOnFailureActionInvalid = iota
+	// HealthCheckOnFailureActionNonce instructs Podman to kill the container on an unhealthy status.
+	HealthCheckOnFailureActionKill = iota
+	// HealthCheckOnFailureActionNonce instructs Podman to restart the container on an unhealthy status.
+	HealthCheckOnFailureActionRestart = iota
+	// HealthCheckOnFailureActionNonce instructs Podman to stop the container on an unhealthy status.
+	HealthCheckOnFailureActionStop = iota
+)
+
+// String representations for on-failure actions.
+const (
+	strHealthCheckOnFailureActionNone    = "none"
+	strHealthCheckOnFailureActionInvalid = "invalid"
+	strHealthCheckOnFailureActionKill    = "kill"
+	strHealthCheckOnFailureActionRestart = "restart"
+	strHealthCheckOnFailureActionStop    = "stop"
+)
+
+// SupportedHealthCheckOnFailureActions lists all supported healthcheck restart policies.
+var SupportedHealthCheckOnFailureActions = []string{
+	strHealthCheckOnFailureActionNone,
+	strHealthCheckOnFailureActionKill,
+	strHealthCheckOnFailureActionRestart,
+	strHealthCheckOnFailureActionStop,
+}
+
+// String returns the string representation of the HealthCheckOnFailureAction.
+func (h HealthCheckOnFailureAction) String() string {
+	switch h {
+	case HealthCheckOnFailureActionNone:
+		return strHealthCheckOnFailureActionNone
+	case HealthCheckOnFailureActionKill:
+		return strHealthCheckOnFailureActionKill
+	case HealthCheckOnFailureActionRestart:
+		return strHealthCheckOnFailureActionRestart
+	case HealthCheckOnFailureActionStop:
+		return strHealthCheckOnFailureActionStop
+	default:
+		return strHealthCheckOnFailureActionInvalid
+	}
+}
+
+// ParseHealthCheckOnFailureAction parses the specified string into a HealthCheckOnFailureAction.
+// An error is returned for an invalid input.
+func ParseHealthCheckOnFailureAction(s string) (HealthCheckOnFailureAction, error) {
+	switch s {
+	case "", strHealthCheckOnFailureActionNone:
+		return HealthCheckOnFailureActionNone, nil
+	case strHealthCheckOnFailureActionKill:
+		return HealthCheckOnFailureActionKill, nil
+	case strHealthCheckOnFailureActionRestart:
+		return HealthCheckOnFailureActionRestart, nil
+	case strHealthCheckOnFailureActionStop:
+		return HealthCheckOnFailureActionStop, nil
+	default:
+		err := fmt.Errorf("invalid on-failure action %q for health check: supported actions are %s", s, strings.Join(SupportedHealthCheckOnFailureActions, ","))
+		return HealthCheckOnFailureActionInvalid, err
+	}
+}
diff --git a/libpod/define/mount.go b/libpod/define/mount.go
index 1b0d019c8..db444fd83 100644
--- a/libpod/define/mount.go
+++ b/libpod/define/mount.go
@@ -1,8 +1,6 @@
 package define
 
 const (
-	// TypeBind is the type for mounting host dir
-	TypeBind = "bind"
 	// TypeVolume is the type for named volumes
 	TypeVolume = "volume"
 	// TypeTmpfs is the type for mounting tmpfs
diff --git a/libpod/define/mount_freebsd.go b/libpod/define/mount_freebsd.go
new file mode 100644
index 000000000..e080c9ec6
--- /dev/null
+++ b/libpod/define/mount_freebsd.go
@@ -0,0 +1,8 @@
+//go:build freebsd
+
+package define
+
+const (
+	// TypeBind is the type for mounting host dir
+	TypeBind = "nullfs"
+)
diff --git a/libpod/define/mount_linux.go b/libpod/define/mount_linux.go
new file mode 100644
index 000000000..5ef848905
--- /dev/null
+++ b/libpod/define/mount_linux.go
@@ -0,0 +1,8 @@
+//go:build linux
+
+package define
+
+const (
+	// TypeBind is the type for mounting host dir
+	TypeBind = "bind"
+)
diff --git a/libpod/define/mount_unsupported.go b/libpod/define/mount_unsupported.go
new file mode 100644
index 000000000..cb8642fe2
--- /dev/null
+++ b/libpod/define/mount_unsupported.go
@@ -0,0 +1,8 @@
+//go:build !linux && !freebsd
+
+package define
+
+const (
+	// TypeBind is the type for mounting host dir
+	TypeBind = "bind"
+)
diff --git a/libpod/define/sdnotify.go b/libpod/define/sdnotify.go
new file mode 100644
index 000000000..1d548c764
--- /dev/null
+++ b/libpod/define/sdnotify.go
@@ -0,0 +1,20 @@
+package define
+
+import "fmt"
+
+// Strings used for --sdnotify option to podman
+const (
+	SdNotifyModeContainer = "container"
+	SdNotifyModeConmon    = "conmon"
+	SdNotifyModeIgnore    = "ignore"
+)
+
+// ValidateSdNotifyMode validates the specified mode.
+func ValidateSdNotifyMode(mode string) error {
+	switch mode {
+	case "", SdNotifyModeContainer, SdNotifyModeConmon, SdNotifyModeIgnore:
+		return nil
+	default:
+		return fmt.Errorf("%w: invalid sdnotify value %q: must be %s, %s or %s", ErrInvalidArg, mode, SdNotifyModeContainer, SdNotifyModeConmon, SdNotifyModeIgnore)
+	}
+}
diff --git a/libpod/define/volume_inspect.go b/libpod/define/volume_inspect.go
index 9279812da..76120647c 100644
--- a/libpod/define/volume_inspect.go
+++ b/libpod/define/volume_inspect.go
@@ -57,7 +57,7 @@ type InspectVolumeData struct {
 	// UID/GID.
 	NeedsChown bool `json:"NeedsChown,omitempty"`
 	// Timeout is the specified driver timeout if given
-	Timeout int `json:"Timeout,omitempty"`
+	Timeout uint `json:"Timeout,omitempty"`
 }
 
 type VolumeReload struct {
diff --git a/libpod/events.go b/libpod/events.go
index c9e4c9d26..2f9799114 100644
--- a/libpod/events.go
+++ b/libpod/events.go
@@ -3,6 +3,7 @@ package libpod
 import (
 	"context"
 	"fmt"
+	"path/filepath"
 	"sync"
 
 	"github.com/containers/podman/v4/libpod/events"
@@ -11,6 +12,10 @@ import (
 
 // newEventer returns an eventer that can be used to read/write events
 func (r *Runtime) newEventer() (events.Eventer, error) {
+	if r.config.Engine.EventsLogFilePath == "" {
+		// default, use path under tmpdir when none was explicitly set by the user
+		r.config.Engine.EventsLogFilePath = filepath.Join(r.config.Engine.TmpDir, "events", "events.log")
+	}
 	options := events.EventerOptions{
 		EventerType:    r.config.Engine.EventsLogger,
 		LogFilePath:    r.config.Engine.EventsLogFilePath,
@@ -55,6 +60,12 @@ func (c *Container) newContainerExitedEvent(exitCode int32) {
 	e.Image = c.config.RootfsImageName
 	e.Type = events.Container
 	e.ContainerExitCode = int(exitCode)
+
+	e.Details = events.Details{
+		ID:         e.ID,
+		Attributes: c.Labels(),
+	}
+
 	if err := c.runtime.eventer.Write(e); err != nil {
 		logrus.Errorf("Unable to write container exited event: %q", err)
 	}
@@ -70,6 +81,12 @@ func (c *Container) newExecDiedEvent(sessionID string, exitCode int) {
 	e.ContainerExitCode = exitCode
 	e.Attributes = make(map[string]string)
 	e.Attributes["execID"] = sessionID
+
+	e.Details = events.Details{
+		ID:         e.ID,
+		Attributes: c.Labels(),
+	}
+
 	if err := c.runtime.eventer.Write(e); err != nil {
 		logrus.Errorf("Unable to write exec died event: %q", err)
 	}
@@ -121,11 +138,7 @@ func (v *Volume) newVolumeEvent(status events.Status) {
 // Events is a wrapper function for everyone to begin tailing the events log
 // with options
 func (r *Runtime) Events(ctx context.Context, options events.ReadOptions) error {
-	eventer, err := r.newEventer()
-	if err != nil {
-		return err
-	}
-	return eventer.Read(ctx, options)
+	return r.eventer.Read(ctx, options)
 }
 
 // GetEvents reads the event log and returns events based on input filters
@@ -137,10 +150,6 @@ func (r *Runtime) GetEvents(ctx context.Context, filters []string) ([]*events.Ev
 		FromStart:    true,
 		Stream:       false,
 	}
-	eventer, err := r.newEventer()
-	if err != nil {
-		return nil, err
-	}
 
 	logEvents := make([]*events.Event, 0, len(eventChannel))
 	readLock := sync.Mutex{}
@@ -152,7 +161,7 @@ func (r *Runtime) GetEvents(ctx context.Context, filters []string) ([]*events.Ev
 		readLock.Unlock()
 	}()
 
-	readErr := eventer.Read(ctx, options)
+	readErr := r.eventer.Read(ctx, options)
 	readLock.Lock() // Wait for the events to be consumed.
 	return logEvents, readErr
 }
diff --git a/libpod/events/events_freebsd.go b/libpod/events/events_freebsd.go
new file mode 100644
index 000000000..90933fa2c
--- /dev/null
+++ b/libpod/events/events_freebsd.go
@@ -0,0 +1,23 @@
+package events
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+)
+
+// NewEventer creates an eventer based on the eventer type
+func NewEventer(options EventerOptions) (Eventer, error) {
+	logrus.Debugf("Initializing event backend %s", options.EventerType)
+	switch strings.ToUpper(options.EventerType) {
+	case strings.ToUpper(LogFile.String()):
+		return EventLogFile{options}, nil
+	case strings.ToUpper(Null.String()):
+		return newNullEventer(), nil
+	case strings.ToUpper(Memory.String()):
+		return NewMemoryEventer(), nil
+	default:
+		return nil, fmt.Errorf("unknown event logger type: %s", strings.ToUpper(options.EventerType))
+	}
+}
diff --git a/libpod/events/events_linux.go b/libpod/events/events_linux.go
index e7801af5b..66b125dd5 100644
--- a/libpod/events/events_linux.go
+++ b/libpod/events/events_linux.go
@@ -18,9 +18,9 @@ func NewEventer(options EventerOptions) (Eventer, error) {
 		}
 		return eventer, nil
 	case strings.ToUpper(LogFile.String()):
-		return EventLogFile{options}, nil
+		return newLogFileEventer(options)
 	case strings.ToUpper(Null.String()):
-		return NewNullEventer(), nil
+		return newNullEventer(), nil
 	case strings.ToUpper(Memory.String()):
 		return NewMemoryEventer(), nil
 	default:
diff --git a/libpod/events/events_unsupported.go b/libpod/events/events_unsupported.go
index d766402a9..01031c225 100644
--- a/libpod/events/events_unsupported.go
+++ b/libpod/events/events_unsupported.go
@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
 
 package events
 
diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go
index 16ef6504f..4986502a2 100644
--- a/libpod/events/journal_linux.go
+++ b/libpod/events/journal_linux.go
@@ -112,57 +112,16 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error {
 		}
 	}
 
-	// the api requires a next|prev before getting a cursor
-	if _, err := j.Next(); err != nil {
-		return fmt.Errorf("failed to move journal cursor to next entry: %w", err)
-	}
-
-	prevCursor, err := j.GetCursor()
-	if err != nil {
-		return fmt.Errorf("failed to get journal cursor: %w", err)
-	}
 	for {
-		select {
-		case <-ctx.Done():
-			// the consumer has cancelled
-			return nil
-		default:
-			// fallthrough
-		}
-
-		if _, err := j.Next(); err != nil {
-			return fmt.Errorf("failed to move journal cursor to next entry: %w", err)
-		}
-		newCursor, err := j.GetCursor()
+		entry, err := getNextEntry(ctx, j, options.Stream, untilTime)
 		if err != nil {
-			return fmt.Errorf("failed to get journal cursor: %w", err)
+			return err
 		}
-		if prevCursor == newCursor {
-			if !options.Stream || (len(options.Until) > 0 && time.Now().After(untilTime)) {
-				break
-			}
-
-			// j.Wait() is blocking, this would cause the goroutine to hang forever
-			// if no more journal entries are generated and thus if the client
-			// has closed the connection in the meantime to leak memory.
-			// Waiting only 5 seconds makes sure we can check if the client closed in the
-			// meantime at least every 5 seconds.
-			t := 5 * time.Second
-			if len(options.Until) > 0 {
-				until := time.Until(untilTime)
-				if until < t {
-					t = until
-				}
-			}
-			_ = j.Wait(t)
-			continue
+		// no entry == we hit the end
+		if entry == nil {
+			return nil
 		}
-		prevCursor = newCursor
 
-		entry, err := j.GetEntry()
-		if err != nil {
-			return fmt.Errorf("failed to read journal entry: %w", err)
-		}
 		newEvent, err := newEventFromJournalEntry(entry)
 		if err != nil {
 			// We can't decode this event.
@@ -177,7 +136,6 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error {
 			options.EventChannel <- newEvent
 		}
 	}
-	return nil
 }
 
 func newEventFromJournalEntry(entry *sdjournal.JournalEntry) (*Event, error) {
@@ -238,3 +196,51 @@ func newEventFromJournalEntry(entry *sdjournal.JournalEntry) (*Event, error) {
 func (e EventJournalD) String() string {
 	return Journald.String()
 }
+
+// getNextEntry returns the next entry in the journal. If the end  of the
+// journal is reached and stream is not set or the current time is after
+// the until time this function return nil,nil.
+func getNextEntry(ctx context.Context, j *sdjournal.Journal, stream bool, untilTime time.Time) (*sdjournal.JournalEntry, error) {
+	for {
+		select {
+		case <-ctx.Done():
+			// the consumer has cancelled
+			return nil, nil
+		default:
+			// fallthrough
+		}
+		// the api requires a next|prev before reading the event
+		ret, err := j.Next()
+		if err != nil {
+			return nil, fmt.Errorf("failed to move journal cursor to next entry: %w", err)
+		}
+		// ret == 0 equals EOF, see sd_journal_next(3)
+		if ret == 0 {
+			if !stream || (!untilTime.IsZero() && time.Now().After(untilTime)) {
+				// we hit the end and should not keep streaming
+				return nil, nil
+			}
+			// keep waiting for the next entry
+			// j.Wait() is blocking, this would cause the goroutine to hang forever
+			// if no more journal entries are generated and thus if the client
+			// has closed the connection in the meantime to leak memory.
+			// Waiting only 5 seconds makes sure we can check if the client closed in the
+			// meantime at least every 5 seconds.
+			t := 5 * time.Second
+			if !untilTime.IsZero() {
+				until := time.Until(untilTime)
+				if until < t {
+					t = until
+				}
+			}
+			_ = j.Wait(t)
+			continue
+		}
+
+		entry, err := j.GetEntry()
+		if err != nil {
+			return nil, fmt.Errorf("failed to read journal entry: %w", err)
+		}
+		return entry, nil
+	}
+}
diff --git a/libpod/events/logfile.go b/libpod/events/logfile.go
index c7dbf4850..d749a0d4d 100644
--- a/libpod/events/logfile.go
+++ b/libpod/events/logfile.go
@@ -1,5 +1,5 @@
-//go:build linux
-// +build linux
+//go:build linux || freebsd
+// +build linux freebsd
 
 package events
 
@@ -12,6 +12,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 	"time"
 
 	"github.com/containers/podman/v4/pkg/util"
@@ -27,6 +28,21 @@ type EventLogFile struct {
 	options EventerOptions
 }
 
+// newLogFileEventer creates a new EventLogFile eventer
+func newLogFileEventer(options EventerOptions) (*EventLogFile, error) {
+	// Create events log dir
+	if err := os.MkdirAll(filepath.Dir(options.LogFilePath), 0700); err != nil {
+		return nil, fmt.Errorf("creating events dirs: %w", err)
+	}
+	// We have to make sure the file is created otherwise reading events will hang.
+	// https://github.com/containers/podman/issues/15688
+	fd, err := os.OpenFile(options.LogFilePath, os.O_RDONLY|os.O_CREATE, 0700)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create event log file: %w", err)
+	}
+	return &EventLogFile{options: options}, fd.Close()
+}
+
 // Writes to the log file
 func (e EventLogFile) Write(ee Event) error {
 	// We need to lock events file
@@ -108,6 +124,8 @@ func (e EventLogFile) Read(ctx context.Context, options ReadOptions) error {
 			}
 		}()
 	}
+	logrus.Debugf("Reading events from file %q", e.options.LogFilePath)
+
 	var line *tail.Line
 	var ok bool
 	for {
diff --git a/libpod/events/nullout.go b/libpod/events/nullout.go
index 587a1b98b..da3820c23 100644
--- a/libpod/events/nullout.go
+++ b/libpod/events/nullout.go
@@ -2,10 +2,11 @@ package events
 
 import (
 	"context"
+	"errors"
 )
 
-// EventToNull is an eventer type that only performs write operations
-// and only writes to /dev/null. It is meant for unittests only
+// EventToNull is an eventer type that does nothing.
+// It is meant for unittests only
 type EventToNull struct{}
 
 // Write eats the event and always returns nil
@@ -13,14 +14,14 @@ func (e EventToNull) Write(ee Event) error {
 	return nil
 }
 
-// Read does nothing. Do not use it.
+// Read does nothing and returns an error.
 func (e EventToNull) Read(ctx context.Context, options ReadOptions) error {
-	return nil
+	return errors.New("cannot read events with the \"none\" backend")
 }
 
-// NewNullEventer returns a new null eventer.  You should only do this for
+// newNullEventer returns a new null eventer.  You should only do this for
 // the purposes of internal libpod testing.
-func NewNullEventer() Eventer {
+func newNullEventer() Eventer {
 	return EventToNull{}
 }
 
diff --git a/libpod/healthcheck.go b/libpod/healthcheck.go
index 9b9d12b17..e835af9f0 100644
--- a/libpod/healthcheck.go
+++ b/libpod/healthcheck.go
@@ -2,6 +2,7 @@ package libpod
 
 import (
 	"bufio"
+	"context"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -12,6 +13,7 @@ import (
 
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -29,9 +31,14 @@ func (r *Runtime) HealthCheck(name string) (define.HealthCheckStatus, error) {
 	if err != nil {
 		return define.HealthCheckContainerNotFound, fmt.Errorf("unable to look up %s to perform a health check: %w", name, err)
 	}
+
 	hcStatus, err := checkHealthCheckCanBeRun(container)
 	if err == nil {
-		return container.runHealthCheck()
+		hcStatus, err := container.runHealthCheck()
+		if err := container.processHealthCheckStatus(hcStatus); err != nil {
+			return hcStatus, err
+		}
+		return hcStatus, err
 	}
 	return hcStatus, err
 }
@@ -127,13 +134,45 @@ func (c *Container) runHealthCheck() (define.HealthCheckStatus, error) {
 		hcResult = define.HealthCheckFailure
 		hcErr = fmt.Errorf("healthcheck command exceeded timeout of %s", c.HealthCheckConfig().Timeout.String())
 	}
+
 	hcl := newHealthCheckLog(timeStart, timeEnd, returnCode, eventLog)
 	if err := c.updateHealthCheckLog(hcl, inStartPeriod); err != nil {
 		return hcResult, fmt.Errorf("unable to update health check log %s for %s: %w", c.healthCheckLogPath(), c.ID(), err)
 	}
+
 	return hcResult, hcErr
 }
 
+func (c *Container) processHealthCheckStatus(status define.HealthCheckStatus) error {
+	if status == define.HealthCheckSuccess {
+		return nil
+	}
+
+	switch c.config.HealthCheckOnFailureAction {
+	case define.HealthCheckOnFailureActionNone: // Nothing to do
+
+	case define.HealthCheckOnFailureActionKill:
+		if err := c.Kill(uint(unix.SIGKILL)); err != nil {
+			return fmt.Errorf("killing container health-check turned unhealthy: %w", err)
+		}
+
+	case define.HealthCheckOnFailureActionRestart:
+		if err := c.RestartWithTimeout(context.Background(), c.config.StopTimeout); err != nil {
+			return fmt.Errorf("restarting container after health-check turned unhealthy: %w", err)
+		}
+
+	case define.HealthCheckOnFailureActionStop:
+		if err := c.Stop(); err != nil {
+			return fmt.Errorf("stopping container after health-check turned unhealthy: %w", err)
+		}
+
+	default: // Should not happen but better be safe than sorry
+		return fmt.Errorf("unsupported on-failure action %d", c.config.HealthCheckOnFailureAction)
+	}
+
+	return nil
+}
+
 func checkHealthCheckCanBeRun(c *Container) (define.HealthCheckStatus, error) {
 	cstate, err := c.State()
 	if err != nil {
diff --git a/libpod/healthcheck_linux.go b/libpod/healthcheck_linux.go
index 3fb6dfb91..6948f976a 100644
--- a/libpod/healthcheck_linux.go
+++ b/libpod/healthcheck_linux.go
@@ -70,7 +70,7 @@ func (c *Container) startTimer() error {
 
 	startFile := fmt.Sprintf("%s.service", c.ID())
 	startChan := make(chan string)
-	if _, err := conn.StartUnitContext(context.Background(), startFile, "fail", startChan); err != nil {
+	if _, err := conn.RestartUnitContext(context.Background(), startFile, "fail", startChan); err != nil {
 		return err
 	}
 	if err := systemdOpSuccessful(startChan); err != nil {
diff --git a/libpod/healthcheck_unsupported.go b/libpod/healthcheck_unsupported.go
new file mode 100644
index 000000000..92cd5d0a3
--- /dev/null
+++ b/libpod/healthcheck_unsupported.go
@@ -0,0 +1,25 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"context"
+	"errors"
+)
+
+// createTimer systemd timers for healthchecks of a container
+func (c *Container) createTimer() error {
+	return errors.New("not implemented (*Container) createTimer")
+}
+
+// startTimer starts a systemd timer for the healthchecks
+func (c *Container) startTimer() error {
+	return errors.New("not implemented (*Container) startTimer")
+}
+
+// removeTransientFiles removes the systemd timer and unit files
+// for the container
+func (c *Container) removeTransientFiles(ctx context.Context) error {
+	return errors.New("not implemented (*Container) removeTransientFiles")
+}
diff --git a/libpod/info.go b/libpod/info.go
index c4193b40d..ad8f65432 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -5,27 +5,21 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"math"
 	"os"
-	"os/exec"
 	"runtime"
-	"strconv"
 	"strings"
 	"syscall"
 	"time"
 
 	"github.com/containers/buildah"
-	"github.com/containers/common/pkg/apparmor"
-	"github.com/containers/common/pkg/cgroups"
-	"github.com/containers/common/pkg/seccomp"
+	"github.com/containers/buildah/pkg/util"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/linkmode"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/system"
-	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/sirupsen/logrus"
 )
 
@@ -34,20 +28,20 @@ func (r *Runtime) info() (*define.Info, error) {
 	info := define.Info{}
 	versionInfo, err := define.GetVersion()
 	if err != nil {
-		return nil, fmt.Errorf("error getting version info: %w", err)
+		return nil, fmt.Errorf("getting version info: %w", err)
 	}
 	info.Version = versionInfo
 	// get host information
 	hostInfo, err := r.hostInfo()
 	if err != nil {
-		return nil, fmt.Errorf("error getting host info: %w", err)
+		return nil, fmt.Errorf("getting host info: %w", err)
 	}
 	info.Host = hostInfo
 
 	// get store information
 	storeInfo, err := r.storeInfo()
 	if err != nil {
-		return nil, fmt.Errorf("error getting store info: %w", err)
+		return nil, fmt.Errorf("getting store info: %w", err)
 	}
 	info.Store = storeInfo
 	registries := make(map[string]interface{})
@@ -55,14 +49,14 @@ func (r *Runtime) info() (*define.Info, error) {
 	sys := r.SystemContext()
 	data, err := sysregistriesv2.GetRegistries(sys)
 	if err != nil {
-		return nil, fmt.Errorf("error getting registries: %w", err)
+		return nil, fmt.Errorf("getting registries: %w", err)
 	}
 	for _, reg := range data {
 		registries[reg.Prefix] = reg
 	}
 	regs, err := sysregistriesv2.UnqualifiedSearchRegistries(sys)
 	if err != nil {
-		return nil, fmt.Errorf("error getting registries: %w", err)
+		return nil, fmt.Errorf("getting registries: %w", err)
 	}
 	if len(regs) > 0 {
 		registries["search"] = regs
@@ -86,109 +80,45 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
 	// lets say OS, arch, number of cpus, amount of memory, maybe os distribution/version, hostname, kernel version, uptime
 	mi, err := system.ReadMemInfo()
 	if err != nil {
-		return nil, fmt.Errorf("error reading memory info: %w", err)
+		return nil, fmt.Errorf("reading memory info: %w", err)
 	}
 
 	hostDistributionInfo := r.GetHostDistributionInfo()
 
-	kv, err := readKernelVersion()
+	kv, err := util.ReadKernelVersion()
 	if err != nil {
-		return nil, fmt.Errorf("error reading kernel version: %w", err)
+		return nil, fmt.Errorf("reading kernel version: %w", err)
 	}
 
 	host, err := os.Hostname()
 	if err != nil {
-		return nil, fmt.Errorf("error getting hostname: %w", err)
+		return nil, fmt.Errorf("getting hostname: %w", err)
 	}
 
-	seccompProfilePath, err := DefaultSeccompPath()
-	if err != nil {
-		return nil, fmt.Errorf("error getting Seccomp profile path: %w", err)
-	}
-
-	// Cgroups version
-	unified, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return nil, fmt.Errorf("error reading cgroups mode: %w", err)
-	}
-
-	// Get Map of all available controllers
-	availableControllers, err := cgroups.GetAvailableControllers(nil, unified)
-	if err != nil {
-		return nil, fmt.Errorf("error getting available cgroup controllers: %w", err)
-	}
 	cpuUtil, err := getCPUUtilization()
 	if err != nil {
 		return nil, err
 	}
 	info := define.HostInfo{
-		Arch:              runtime.GOARCH,
-		BuildahVersion:    buildah.Version,
-		CgroupManager:     r.config.Engine.CgroupManager,
-		CgroupControllers: availableControllers,
-		Linkmode:          linkmode.Linkmode(),
-		CPUs:              runtime.NumCPU(),
-		CPUUtilization:    cpuUtil,
-		Distribution:      hostDistributionInfo,
-		LogDriver:         r.config.Containers.LogDriver,
-		EventLogger:       r.eventer.String(),
-		Hostname:          host,
-		IDMappings:        define.IDMappings{},
-		Kernel:            kv,
-		MemFree:           mi.MemFree,
-		MemTotal:          mi.MemTotal,
-		NetworkBackend:    r.config.Network.NetworkBackend,
-		OS:                runtime.GOOS,
-		Security: define.SecurityInfo{
-			AppArmorEnabled:     apparmor.IsEnabled(),
-			DefaultCapabilities: strings.Join(r.config.Containers.DefaultCapabilities, ","),
-			Rootless:            rootless.IsRootless(),
-			SECCOMPEnabled:      seccomp.IsEnabled(),
-			SECCOMPProfilePath:  seccompProfilePath,
-			SELinuxEnabled:      selinux.GetEnabled(),
-		},
-		Slirp4NetNS: define.SlirpInfo{},
-		SwapFree:    mi.SwapFree,
-		SwapTotal:   mi.SwapTotal,
-	}
-
-	cgroupVersion := "v1"
-	if unified {
-		cgroupVersion = "v2"
-	}
-	info.CgroupsVersion = cgroupVersion
-
-	slirp4netnsPath := r.config.Engine.NetworkCmdPath
-	if slirp4netnsPath == "" {
-		slirp4netnsPath, _ = exec.LookPath("slirp4netns")
-	}
-	if slirp4netnsPath != "" {
-		version, err := programVersion(slirp4netnsPath)
-		if err != nil {
-			logrus.Warnf("Failed to retrieve program version for %s: %v", slirp4netnsPath, err)
-		}
-		program := define.SlirpInfo{
-			Executable: slirp4netnsPath,
-			Package:    packageVersion(slirp4netnsPath),
-			Version:    version,
-		}
-		info.Slirp4NetNS = program
-	}
-
-	if rootless.IsRootless() {
-		uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map")
-		if err != nil {
-			return nil, fmt.Errorf("error reading uid mappings: %w", err)
-		}
-		gidmappings, err := rootless.ReadMappingsProc("/proc/self/gid_map")
-		if err != nil {
-			return nil, fmt.Errorf("error reading gid mappings: %w", err)
-		}
-		idmappings := define.IDMappings{
-			GIDMap: gidmappings,
-			UIDMap: uidmappings,
-		}
-		info.IDMappings = idmappings
+		Arch:           runtime.GOARCH,
+		BuildahVersion: buildah.Version,
+		Linkmode:       linkmode.Linkmode(),
+		CPUs:           runtime.NumCPU(),
+		CPUUtilization: cpuUtil,
+		Distribution:   hostDistributionInfo,
+		LogDriver:      r.config.Containers.LogDriver,
+		EventLogger:    r.eventer.String(),
+		Hostname:       host,
+		Kernel:         kv,
+		MemFree:        mi.MemFree,
+		MemTotal:       mi.MemTotal,
+		NetworkBackend: r.config.Network.NetworkBackend,
+		OS:             runtime.GOOS,
+		SwapFree:       mi.SwapFree,
+		SwapTotal:      mi.SwapTotal,
+	}
+	if err := r.setPlatformHostInfo(&info); err != nil {
+		return nil, err
 	}
 
 	conmonInfo, ociruntimeInfo, err := r.defaultOCIRuntime.RuntimeInfo()
@@ -199,9 +129,9 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
 		info.OCIRuntime = ociruntimeInfo
 	}
 
-	duration, err := procUptime()
+	duration, err := util.ReadUptime()
 	if err != nil {
-		return nil, fmt.Errorf("error reading up time: %w", err)
+		return nil, fmt.Errorf("reading up time: %w", err)
 	}
 
 	uptime := struct {
@@ -271,7 +201,7 @@ func (r *Runtime) storeInfo() (*define.StoreInfo, error) {
 	}
 	images, err := r.store.Images()
 	if err != nil {
-		return nil, fmt.Errorf("error getting number of images: %w", err)
+		return nil, fmt.Errorf("getting number of images: %w", err)
 	}
 	conInfo, err := r.getContainerStoreInfo()
 	if err != nil {
@@ -329,31 +259,6 @@ func (r *Runtime) storeInfo() (*define.StoreInfo, error) {
 	return &info, nil
 }
 
-func readKernelVersion() (string, error) {
-	buf, err := ioutil.ReadFile("/proc/version")
-	if err != nil {
-		return "", err
-	}
-	f := bytes.Fields(buf)
-	if len(f) < 3 {
-		return string(bytes.TrimSpace(buf)), nil
-	}
-	return string(f[2]), nil
-}
-
-func procUptime() (time.Duration, error) {
-	var zero time.Duration
-	buf, err := ioutil.ReadFile("/proc/uptime")
-	if err != nil {
-		return zero, err
-	}
-	f := bytes.Fields(buf)
-	if len(f) < 1 {
-		return zero, errors.New("unable to parse uptime from /proc/uptime")
-	}
-	return time.ParseDuration(string(f[0]) + "s")
-}
-
 // GetHostDistributionInfo returns a map containing the host's distribution and version
 func (r *Runtime) GetHostDistributionInfo() define.DistributionInfo {
 	// Populate values in case we cannot find the values
@@ -385,43 +290,3 @@ func (r *Runtime) GetHostDistributionInfo() define.DistributionInfo {
 	}
 	return dist
 }
-
-// getCPUUtilization Returns a CPUUsage object that summarizes CPU
-// usage for userspace, system, and idle time.
-func getCPUUtilization() (*define.CPUUsage, error) {
-	f, err := os.Open("/proc/stat")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-	scanner := bufio.NewScanner(f)
-	// Read first line of /proc/stat that has entries for system ("cpu" line)
-	for scanner.Scan() {
-		break
-	}
-	// column 1 is user, column 3 is system, column 4 is idle
-	stats := strings.Fields(scanner.Text())
-	return statToPercent(stats)
-}
-
-func statToPercent(stats []string) (*define.CPUUsage, error) {
-	userTotal, err := strconv.ParseFloat(stats[1], 64)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse user value %q: %w", stats[1], err)
-	}
-	systemTotal, err := strconv.ParseFloat(stats[3], 64)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse system value %q: %w", stats[3], err)
-	}
-	idleTotal, err := strconv.ParseFloat(stats[4], 64)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse idle value %q: %w", stats[4], err)
-	}
-	total := userTotal + systemTotal + idleTotal
-	s := define.CPUUsage{
-		UserPercent:   math.Round((userTotal/total*100)*100) / 100,
-		SystemPercent: math.Round((systemTotal/total*100)*100) / 100,
-		IdlePercent:   math.Round((idleTotal/total*100)*100) / 100,
-	}
-	return &s, nil
-}
diff --git a/libpod/info_freebsd.go b/libpod/info_freebsd.go
new file mode 100644
index 000000000..1be988350
--- /dev/null
+++ b/libpod/info_freebsd.go
@@ -0,0 +1,40 @@
+package libpod
+
+import (
+	"fmt"
+	"unsafe"
+
+	"github.com/containers/podman/v4/libpod/define"
+	"golang.org/x/sys/unix"
+)
+
+func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error {
+	return nil
+}
+
+func timeToPercent(time uint64, total uint64) float64 {
+	return 100.0 * float64(time) / float64(total)
+}
+
+// getCPUUtilization Returns a CPUUsage object that summarizes CPU
+// usage for userspace, system, and idle time.
+func getCPUUtilization() (*define.CPUUsage, error) {
+	buf, err := unix.SysctlRaw("kern.cp_time")
+	if err != nil {
+		return nil, fmt.Errorf("reading sysctl kern.cp_time: %w", err)
+	}
+
+	var total uint64 = 0
+	var times [unix.CPUSTATES]uint64
+
+	for i := 0; i < unix.CPUSTATES; i++ {
+		val := *(*uint64)(unsafe.Pointer(&buf[8*i]))
+		times[i] = val
+		total += val
+	}
+	return &define.CPUUsage{
+		UserPercent:   timeToPercent(times[unix.CP_USER], total),
+		SystemPercent: timeToPercent(times[unix.CP_SYS], total),
+		IdlePercent:   timeToPercent(times[unix.CP_IDLE], total),
+	}, nil
+}
diff --git a/libpod/info_linux.go b/libpod/info_linux.go
new file mode 100644
index 000000000..44beafa8c
--- /dev/null
+++ b/libpod/info_linux.go
@@ -0,0 +1,132 @@
+package libpod
+
+import (
+	"bufio"
+	"fmt"
+	"math"
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"github.com/containers/common/pkg/apparmor"
+	"github.com/containers/common/pkg/cgroups"
+	"github.com/containers/common/pkg/seccomp"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/rootless"
+	"github.com/opencontainers/selinux/go-selinux"
+	"github.com/sirupsen/logrus"
+)
+
+func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error {
+	seccompProfilePath, err := DefaultSeccompPath()
+	if err != nil {
+		return fmt.Errorf("getting Seccomp profile path: %w", err)
+	}
+
+	// Cgroups version
+	unified, err := cgroups.IsCgroup2UnifiedMode()
+	if err != nil {
+		return fmt.Errorf("reading cgroups mode: %w", err)
+	}
+
+	// Get Map of all available controllers
+	availableControllers, err := cgroups.GetAvailableControllers(nil, unified)
+	if err != nil {
+		return fmt.Errorf("getting available cgroup controllers: %w", err)
+	}
+
+	info.CgroupManager = r.config.Engine.CgroupManager
+	info.CgroupControllers = availableControllers
+	info.IDMappings = define.IDMappings{}
+	info.Security = define.SecurityInfo{
+		AppArmorEnabled:     apparmor.IsEnabled(),
+		DefaultCapabilities: strings.Join(r.config.Containers.DefaultCapabilities, ","),
+		Rootless:            rootless.IsRootless(),
+		SECCOMPEnabled:      seccomp.IsEnabled(),
+		SECCOMPProfilePath:  seccompProfilePath,
+		SELinuxEnabled:      selinux.GetEnabled(),
+	}
+	info.Slirp4NetNS = define.SlirpInfo{}
+
+	cgroupVersion := "v1"
+	if unified {
+		cgroupVersion = "v2"
+	}
+	info.CgroupsVersion = cgroupVersion
+
+	slirp4netnsPath := r.config.Engine.NetworkCmdPath
+	if slirp4netnsPath == "" {
+		slirp4netnsPath, _ = exec.LookPath("slirp4netns")
+	}
+	if slirp4netnsPath != "" {
+		version, err := programVersion(slirp4netnsPath)
+		if err != nil {
+			logrus.Warnf("Failed to retrieve program version for %s: %v", slirp4netnsPath, err)
+		}
+		program := define.SlirpInfo{
+			Executable: slirp4netnsPath,
+			Package:    packageVersion(slirp4netnsPath),
+			Version:    version,
+		}
+		info.Slirp4NetNS = program
+	}
+
+	if rootless.IsRootless() {
+		uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map")
+		if err != nil {
+			return fmt.Errorf("reading uid mappings: %w", err)
+		}
+		gidmappings, err := rootless.ReadMappingsProc("/proc/self/gid_map")
+		if err != nil {
+			return fmt.Errorf("reading gid mappings: %w", err)
+		}
+		idmappings := define.IDMappings{
+			GIDMap: gidmappings,
+			UIDMap: uidmappings,
+		}
+		info.IDMappings = idmappings
+	}
+
+	return nil
+}
+
+func statToPercent(stats []string) (*define.CPUUsage, error) {
+	userTotal, err := strconv.ParseFloat(stats[1], 64)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse user value %q: %w", stats[1], err)
+	}
+	systemTotal, err := strconv.ParseFloat(stats[3], 64)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse system value %q: %w", stats[3], err)
+	}
+	idleTotal, err := strconv.ParseFloat(stats[4], 64)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse idle value %q: %w", stats[4], err)
+	}
+	total := userTotal + systemTotal + idleTotal
+	s := define.CPUUsage{
+		UserPercent:   math.Round((userTotal/total*100)*100) / 100,
+		SystemPercent: math.Round((systemTotal/total*100)*100) / 100,
+		IdlePercent:   math.Round((idleTotal/total*100)*100) / 100,
+	}
+	return &s, nil
+}
+
+// getCPUUtilization Returns a CPUUsage object that summarizes CPU
+// usage for userspace, system, and idle time.
+func getCPUUtilization() (*define.CPUUsage, error) {
+	f, err := os.Open("/proc/stat")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	scanner := bufio.NewScanner(f)
+	// Read first line of /proc/stat that has entries for system ("cpu" line)
+	for scanner.Scan() {
+		break
+	}
+	// column 1 is user, column 3 is system, column 4 is idle
+	stats := strings.Fields(scanner.Text())
+	return statToPercent(stats)
+}
diff --git a/libpod/info_unsupported.go b/libpod/info_unsupported.go
new file mode 100644
index 000000000..0aed51247
--- /dev/null
+++ b/libpod/info_unsupported.go
@@ -0,0 +1,14 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package libpod
+
+import (
+	"errors"
+
+	"github.com/containers/podman/v4/libpod/define"
+)
+
+func (r *Runtime) info() (*define.Info, error) {
+	return nil, errors.New("not implemented (*Runtime) info")
+}
diff --git a/libpod/kube.go b/libpod/kube.go
index 8c09a6bb5..1f4831006 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -62,6 +62,7 @@ func (p *Pod) GenerateForKube(ctx context.Context) (*v1.Pod, []v1.ServicePort, e
 
 	extraHost := make([]v1.HostAlias, 0)
 	hostNetwork := false
+	hostUsers := true
 	if p.HasInfraContainer() {
 		infraContainer, err := p.getInfraContainer()
 		if err != nil {
@@ -87,8 +88,9 @@ func (p *Pod) GenerateForKube(ctx context.Context) (*v1.Pod, []v1.ServicePort, e
 			return nil, servicePorts, err
 		}
 		hostNetwork = infraContainer.NetworkMode() == string(namespaces.NetworkMode(specgen.Host))
+		hostUsers = infraContainer.IDMappings().HostUIDMapping && infraContainer.IDMappings().HostGIDMapping
 	}
-	pod, err := p.podWithContainers(ctx, allContainers, ports, hostNetwork)
+	pod, err := p.podWithContainers(ctx, allContainers, ports, hostNetwork, hostUsers)
 	if err != nil {
 		return nil, servicePorts, err
 	}
@@ -267,6 +269,8 @@ func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) (Y
 	}
 	service.Spec = serviceSpec
 	service.ObjectMeta = pod.ObjectMeta
+	// Reset the annotations for the service as the pod annotations are not needed for the service
+	service.ObjectMeta.Annotations = nil
 	tm := v12.TypeMeta{
 		Kind:       "Service",
 		APIVersion: pod.TypeMeta.APIVersion,
@@ -346,7 +350,7 @@ func containersToServicePorts(containers []v1.Container) ([]v1.ServicePort, erro
 	return sps, nil
 }
 
-func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, ports []v1.ContainerPort, hostNetwork bool) (*v1.Pod, error) {
+func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, ports []v1.ContainerPort, hostNetwork, hostUsers bool) (*v1.Pod, error) {
 	deDupPodVolumes := make(map[string]*v1.Volume)
 	first := true
 	podContainers := make([]v1.Container, 0, len(containers))
@@ -383,7 +387,7 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
 				return nil, err
 			}
 			for k, v := range annotations {
-				podAnnotations[define.BindMountPrefix+k] = TruncateKubeAnnotation(v)
+				podAnnotations[define.BindMountPrefix] = TruncateKubeAnnotation(k + ":" + v)
 			}
 			// Since port bindings for the pod are handled by the
 			// infra container, wipe them here only if we are sharing the net namespace
@@ -444,10 +448,11 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
 		podVolumes,
 		&dnsInfo,
 		hostNetwork,
+		hostUsers,
 		hostname), nil
 }
 
-func newPodObject(podName string, annotations map[string]string, initCtrs, containers []v1.Container, volumes []v1.Volume, dnsOptions *v1.PodDNSConfig, hostNetwork bool, hostname string) *v1.Pod {
+func newPodObject(podName string, annotations map[string]string, initCtrs, containers []v1.Container, volumes []v1.Volume, dnsOptions *v1.PodDNSConfig, hostNetwork, hostUsers bool, hostname string) *v1.Pod {
 	tm := v12.TypeMeta{
 		Kind:       "Pod",
 		APIVersion: "v1",
@@ -466,12 +471,21 @@ func newPodObject(podName string, annotations map[string]string, initCtrs, conta
 		CreationTimestamp: v12.Now(),
 		Annotations:       annotations,
 	}
+	// Set enableServiceLinks to false as podman doesn't use the service port environment variables
+	enableServiceLinks := false
+	// Set automountServiceAccountToken to false as podman doesn't use service account tokens
+	automountServiceAccountToken := false
 	ps := v1.PodSpec{
-		Containers:     containers,
-		Hostname:       hostname,
-		HostNetwork:    hostNetwork,
-		InitContainers: initCtrs,
-		Volumes:        volumes,
+		Containers:                   containers,
+		Hostname:                     hostname,
+		HostNetwork:                  hostNetwork,
+		InitContainers:               initCtrs,
+		Volumes:                      volumes,
+		EnableServiceLinks:           &enableServiceLinks,
+		AutomountServiceAccountToken: &automountServiceAccountToken,
+	}
+	if !hostUsers {
+		ps.HostUsers = &hostUsers
 	}
 	if dnsOptions != nil && (len(dnsOptions.Nameservers)+len(dnsOptions.Searches)+len(dnsOptions.Options) > 0) {
 		ps.DNSConfig = dnsOptions
@@ -490,6 +504,7 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 	kubeCtrs := make([]v1.Container, 0, len(ctrs))
 	kubeInitCtrs := []v1.Container{}
 	kubeVolumes := make([]v1.Volume, 0)
+	hostUsers := true
 	hostNetwork := true
 	podDNS := v1.PodDNSConfig{}
 	kubeAnnotations := make(map[string]string)
@@ -519,12 +534,15 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 		if !ctr.HostNetwork() {
 			hostNetwork = false
 		}
+		if !(ctr.IDMappings().HostUIDMapping && ctr.IDMappings().HostGIDMapping) {
+			hostUsers = false
+		}
 		kubeCtr, kubeVols, ctrDNS, annotations, err := containerToV1Container(ctx, ctr)
 		if err != nil {
 			return nil, err
 		}
 		for k, v := range annotations {
-			kubeAnnotations[define.BindMountPrefix+k] = TruncateKubeAnnotation(v)
+			kubeAnnotations[define.BindMountPrefix] = TruncateKubeAnnotation(k + ":" + v)
 		}
 		if isInit {
 			kubeInitCtrs = append(kubeInitCtrs, kubeCtr)
@@ -580,6 +598,7 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 		kubeVolumes,
 		&podDNS,
 		hostNetwork,
+		hostUsers,
 		hostname), nil
 }
 
diff --git a/libpod/lock/file/file_lock.go b/libpod/lock/file/file_lock.go
index 1379e690a..bcbaea5e6 100644
--- a/libpod/lock/file/file_lock.go
+++ b/libpod/lock/file/file_lock.go
@@ -2,7 +2,6 @@ package file
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -103,7 +102,7 @@ func (locks *FileLocks) AllocateGivenLock(lck uint32) error {
 
 	f, err := os.OpenFile(locks.getLockPath(lck), os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
 	if err != nil {
-		return fmt.Errorf("error creating lock %d: %w", lck, err)
+		return fmt.Errorf("creating lock %d: %w", lck, err)
 	}
 	f.Close()
 
@@ -129,9 +128,9 @@ func (locks *FileLocks) DeallocateAllLocks() error {
 	if !locks.valid {
 		return fmt.Errorf("locks have already been closed: %w", syscall.EINVAL)
 	}
-	files, err := ioutil.ReadDir(locks.lockPath)
+	files, err := os.ReadDir(locks.lockPath)
 	if err != nil {
-		return fmt.Errorf("error reading directory %s: %w", locks.lockPath, err)
+		return fmt.Errorf("reading directory %s: %w", locks.lockPath, err)
 	}
 	var lastErr error
 	for _, f := range files {
@@ -153,7 +152,7 @@ func (locks *FileLocks) LockFileLock(lck uint32) error {
 
 	l, err := storage.GetLockfile(locks.getLockPath(lck))
 	if err != nil {
-		return fmt.Errorf("error acquiring lock: %w", err)
+		return fmt.Errorf("acquiring lock: %w", err)
 	}
 
 	l.Lock()
@@ -167,7 +166,7 @@ func (locks *FileLocks) UnlockFileLock(lck uint32) error {
 	}
 	l, err := storage.GetLockfile(locks.getLockPath(lck))
 	if err != nil {
-		return fmt.Errorf("error acquiring lock: %w", err)
+		return fmt.Errorf("acquiring lock: %w", err)
 	}
 
 	l.Unlock()
diff --git a/libpod/networking_common.go b/libpod/networking_common.go
new file mode 100644
index 000000000..fa444e26a
--- /dev/null
+++ b/libpod/networking_common.go
@@ -0,0 +1,719 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package libpod
+
+import (
+	"errors"
+	"fmt"
+	"regexp"
+	"sort"
+
+	"github.com/containers/common/libnetwork/etchosts"
+	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/machine"
+	"github.com/containers/common/pkg/util"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/libpod/events"
+	"github.com/containers/podman/v4/pkg/namespaces"
+	"github.com/containers/podman/v4/pkg/rootless"
+	"github.com/containers/storage/pkg/lockfile"
+	"github.com/sirupsen/logrus"
+)
+
+// convertPortMappings will remove the HostIP part from the ports when running inside podman machine.
+// This is need because a HostIP of 127.0.0.1 would now allow the gvproxy forwarder to reach to open ports.
+// For machine the HostIP must only be used by gvproxy and never in the VM.
+func (c *Container) convertPortMappings() []types.PortMapping {
+	if !machine.IsGvProxyBased() || len(c.config.PortMappings) == 0 {
+		return c.config.PortMappings
+	}
+	// if we run in a machine VM we have to ignore the host IP part
+	newPorts := make([]types.PortMapping, 0, len(c.config.PortMappings))
+	for _, port := range c.config.PortMappings {
+		port.HostIP = ""
+		newPorts = append(newPorts, port)
+	}
+	return newPorts
+}
+
+func (c *Container) getNetworkOptions(networkOpts map[string]types.PerNetworkOptions) types.NetworkOptions {
+	opts := types.NetworkOptions{
+		ContainerID:   c.config.ID,
+		ContainerName: getCNIPodName(c),
+	}
+	opts.PortMappings = c.convertPortMappings()
+
+	// If the container requested special network options use this instead of the config.
+	// This is the case for container restore or network reload.
+	if c.perNetworkOpts != nil {
+		opts.Networks = c.perNetworkOpts
+	} else {
+		opts.Networks = networkOpts
+	}
+	return opts
+}
+
+// setUpNetwork will set up the the networks, on error it will also tear down the cni
+// networks. If rootless it will join/create the rootless network namespace.
+func (r *Runtime) setUpNetwork(ns string, opts types.NetworkOptions) (map[string]types.StatusBlock, error) {
+	rootlessNetNS, err := r.GetRootlessNetNs(true)
+	if err != nil {
+		return nil, err
+	}
+	var results map[string]types.StatusBlock
+	setUpPod := func() error {
+		results, err = r.network.Setup(ns, types.SetupOptions{NetworkOptions: opts})
+		return err
+	}
+	// rootlessNetNS is nil if we are root
+	if rootlessNetNS != nil {
+		// execute the setup in the rootless net ns
+		err = rootlessNetNS.Do(setUpPod)
+		rootlessNetNS.Lock.Unlock()
+	} else {
+		err = setUpPod()
+	}
+	return results, err
+}
+
+// getCNIPodName return the pod name (hostname) used by CNI and the dnsname plugin.
+// If we are in the pod network namespace use the pod name otherwise the container name
+func getCNIPodName(c *Container) string {
+	if c.config.NetMode.IsPod() || c.IsInfra() {
+		pod, err := c.runtime.state.Pod(c.PodID())
+		if err == nil {
+			return pod.Name()
+		}
+	}
+	return c.Name()
+}
+
+// Tear down a container's network configuration and joins the
+// rootless net ns as rootless user
+func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error {
+	rootlessNetNS, err := r.GetRootlessNetNs(false)
+	if err != nil {
+		return err
+	}
+	tearDownPod := func() error {
+		if err := r.network.Teardown(ns, types.TeardownOptions{NetworkOptions: opts}); err != nil {
+			return fmt.Errorf("tearing down network namespace configuration for container %s: %w", opts.ContainerID, err)
+		}
+		return nil
+	}
+
+	// rootlessNetNS is nil if we are root
+	if rootlessNetNS != nil {
+		// execute the cni setup in the rootless net ns
+		err = rootlessNetNS.Do(tearDownPod)
+		if cerr := rootlessNetNS.Cleanup(r); cerr != nil {
+			logrus.WithError(err).Error("failed to clean up rootless netns")
+		}
+		rootlessNetNS.Lock.Unlock()
+	} else {
+		err = tearDownPod()
+	}
+	return err
+}
+
+// Tear down a container's CNI network configuration, but do not tear down the
+// namespace itself.
+func (r *Runtime) teardownCNI(ctr *Container) error {
+	if ctr.state.NetNS == nil {
+		// The container has no network namespace, we're set
+		return nil
+	}
+
+	logrus.Debugf("Tearing down network namespace at %s for container %s", ctr.state.NetNS.Path(), ctr.ID())
+
+	networks, err := ctr.networks()
+	if err != nil {
+		return err
+	}
+
+	if !ctr.config.NetMode.IsSlirp4netns() && len(networks) > 0 {
+		netOpts := ctr.getNetworkOptions(networks)
+		return r.teardownNetwork(ctr.state.NetNS.Path(), netOpts)
+	}
+	return nil
+}
+
+// isBridgeNetMode checks if the given network mode is bridge.
+// It returns nil when it is set to bridge and an error otherwise.
+func isBridgeNetMode(n namespaces.NetworkMode) error {
+	if !n.IsBridge() {
+		return fmt.Errorf("%q is not supported: %w", n, define.ErrNetworkModeInvalid)
+	}
+	return nil
+}
+
+// Reload only works with containers with a configured network.
+// It will tear down, and then reconfigure, the network of the container.
+// This is mainly used when a reload of firewall rules wipes out existing
+// firewall configuration.
+// Efforts will be made to preserve MAC and IP addresses, but this only works if
+// the container only joined a single CNI network, and was only assigned a
+// single MAC or IP.
+// Only works on root containers at present, though in the future we could
+// extend this to stop + restart slirp4netns
+func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) {
+	if ctr.state.NetNS == nil {
+		return nil, fmt.Errorf("container %s network is not configured, refusing to reload: %w", ctr.ID(), define.ErrCtrStateInvalid)
+	}
+	if err := isBridgeNetMode(ctr.config.NetMode); err != nil {
+		return nil, err
+	}
+	logrus.Infof("Going to reload container %s network", ctr.ID())
+
+	err := r.teardownCNI(ctr)
+	if err != nil {
+		// teardownCNI will error if the iptables rules do not exists and this is the case after
+		// a firewall reload. The purpose of network reload is to recreate the rules if they do
+		// not exists so we should not log this specific error as error. This would confuse users otherwise.
+		// iptables-legacy and iptables-nft will create different errors make sure to match both.
+		b, rerr := regexp.MatchString("Couldn't load target `CNI-[a-f0-9]{24}':No such file or directory|Chain 'CNI-[a-f0-9]{24}' does not exist", err.Error())
+		if rerr == nil && !b {
+			logrus.Error(err)
+		} else {
+			logrus.Info(err)
+		}
+	}
+
+	networkOpts, err := ctr.networks()
+	if err != nil {
+		return nil, err
+	}
+
+	// Set the same network settings as before..
+	netStatus := ctr.getNetworkStatus()
+	for network, perNetOpts := range networkOpts {
+		for name, netInt := range netStatus[network].Interfaces {
+			perNetOpts.InterfaceName = name
+			perNetOpts.StaticMAC = netInt.MacAddress
+			for _, netAddress := range netInt.Subnets {
+				perNetOpts.StaticIPs = append(perNetOpts.StaticIPs, netAddress.IPNet.IP)
+			}
+			// Normally interfaces have a length of 1, only for some special cni configs we could get more.
+			// For now just use the first interface to get the ips this should be good enough for most cases.
+			break
+		}
+		networkOpts[network] = perNetOpts
+	}
+	ctr.perNetworkOpts = networkOpts
+
+	return r.configureNetNS(ctr, ctr.state.NetNS)
+}
+
+// Produce an InspectNetworkSettings containing information on the container
+// network.
+func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) {
+	if c.config.NetNsCtr != "" {
+		netNsCtr, err := c.runtime.GetContainer(c.config.NetNsCtr)
+		if err != nil {
+			return nil, err
+		}
+		// see https://github.com/containers/podman/issues/10090
+		// the container has to be locked for syncContainer()
+		netNsCtr.lock.Lock()
+		defer netNsCtr.lock.Unlock()
+		// Have to sync to ensure that state is populated
+		if err := netNsCtr.syncContainer(); err != nil {
+			return nil, err
+		}
+		logrus.Debugf("Container %s shares network namespace, retrieving network info of container %s", c.ID(), c.config.NetNsCtr)
+
+		return netNsCtr.getContainerNetworkInfo()
+	}
+
+	settings := new(define.InspectNetworkSettings)
+	settings.Ports = makeInspectPortBindings(c.config.PortMappings, c.config.ExposedPorts)
+
+	networks, err := c.networks()
+	if err != nil {
+		return nil, err
+	}
+
+	if c.state.NetNS == nil {
+		if networkNSPath := c.joinedNetworkNSPath(); networkNSPath != "" {
+			if result, err := c.inspectJoinedNetworkNS(networkNSPath); err == nil {
+				// fallback to dummy configuration
+				settings.InspectBasicNetworkConfig = resultToBasicNetworkConfig(result)
+				return settings, nil
+			}
+			// do not propagate error inspecting a joined network ns
+			logrus.Errorf("Inspecting network namespace: %s of container %s: %v", networkNSPath, c.ID(), err)
+		}
+		// We can't do more if the network is down.
+
+		// We still want to make dummy configurations for each CNI net
+		// the container joined.
+		if len(networks) > 0 {
+			settings.Networks = make(map[string]*define.InspectAdditionalNetwork, len(networks))
+			for net, opts := range networks {
+				cniNet := new(define.InspectAdditionalNetwork)
+				cniNet.NetworkID = net
+				cniNet.Aliases = opts.Aliases
+				settings.Networks[net] = cniNet
+			}
+		}
+
+		return settings, nil
+	}
+
+	// Set network namespace path
+	settings.SandboxKey = c.state.NetNS.Path()
+
+	netStatus := c.getNetworkStatus()
+	// If this is empty, we're probably slirp4netns
+	if len(netStatus) == 0 {
+		return settings, nil
+	}
+
+	// If we have networks - handle that here
+	if len(networks) > 0 {
+		if len(networks) != len(netStatus) {
+			return nil, fmt.Errorf("network inspection mismatch: asked to join %d network(s) %v, but have information on %d network(s): %w", len(networks), networks, len(netStatus), define.ErrInternal)
+		}
+
+		settings.Networks = make(map[string]*define.InspectAdditionalNetwork)
+
+		for name, opts := range networks {
+			result := netStatus[name]
+			addedNet := new(define.InspectAdditionalNetwork)
+			addedNet.NetworkID = name
+			addedNet.Aliases = opts.Aliases
+			addedNet.InspectBasicNetworkConfig = resultToBasicNetworkConfig(result)
+
+			settings.Networks[name] = addedNet
+		}
+
+		// if not only the default network is connected we can return here
+		// otherwise we have to populate the InspectBasicNetworkConfig settings
+		_, isDefaultNet := networks[c.runtime.config.Network.DefaultNetwork]
+		if !(len(networks) == 1 && isDefaultNet) {
+			return settings, nil
+		}
+	}
+
+	// If not joining networks, we should have at most 1 result
+	if len(netStatus) > 1 {
+		return nil, fmt.Errorf("should have at most 1 network status result if not joining networks, instead got %d: %w", len(netStatus), define.ErrInternal)
+	}
+
+	if len(netStatus) == 1 {
+		for _, status := range netStatus {
+			settings.InspectBasicNetworkConfig = resultToBasicNetworkConfig(status)
+		}
+	}
+	return settings, nil
+}
+
+// resultToBasicNetworkConfig produces an InspectBasicNetworkConfig from a CNI
+// result
+func resultToBasicNetworkConfig(result types.StatusBlock) define.InspectBasicNetworkConfig {
+	config := define.InspectBasicNetworkConfig{}
+	interfaceNames := make([]string, 0, len(result.Interfaces))
+	for interfaceName := range result.Interfaces {
+		interfaceNames = append(interfaceNames, interfaceName)
+	}
+	// ensure consistent inspect results by sorting
+	sort.Strings(interfaceNames)
+	for _, interfaceName := range interfaceNames {
+		netInt := result.Interfaces[interfaceName]
+		for _, netAddress := range netInt.Subnets {
+			size, _ := netAddress.IPNet.Mask.Size()
+			if netAddress.IPNet.IP.To4() != nil {
+				// ipv4
+				if config.IPAddress == "" {
+					config.IPAddress = netAddress.IPNet.IP.String()
+					config.IPPrefixLen = size
+					config.Gateway = netAddress.Gateway.String()
+				} else {
+					config.SecondaryIPAddresses = append(config.SecondaryIPAddresses, define.Address{Addr: netAddress.IPNet.IP.String(), PrefixLength: size})
+				}
+			} else {
+				// ipv6
+				if config.GlobalIPv6Address == "" {
+					config.GlobalIPv6Address = netAddress.IPNet.IP.String()
+					config.GlobalIPv6PrefixLen = size
+					config.IPv6Gateway = netAddress.Gateway.String()
+				} else {
+					config.SecondaryIPv6Addresses = append(config.SecondaryIPv6Addresses, define.Address{Addr: netAddress.IPNet.IP.String(), PrefixLength: size})
+				}
+			}
+		}
+		if config.MacAddress == "" {
+			config.MacAddress = netInt.MacAddress.String()
+		} else {
+			config.AdditionalMacAddresses = append(config.AdditionalMacAddresses, netInt.MacAddress.String())
+		}
+	}
+	return config
+}
+
+// NetworkDisconnect removes a container from the network
+func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) error {
+	// only the bridge mode supports cni networks
+	if err := isBridgeNetMode(c.config.NetMode); err != nil {
+		return err
+	}
+
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	networks, err := c.networks()
+	if err != nil {
+		return err
+	}
+
+	// check if network exists and if the input is a ID we get the name
+	// CNI only uses names so it is important that we only use the name
+	netName, err = c.runtime.normalizeNetworkName(netName)
+	if err != nil {
+		return err
+	}
+
+	_, nameExists := networks[netName]
+	if !nameExists && len(networks) > 0 {
+		return fmt.Errorf("container %s is not connected to network %s", nameOrID, netName)
+	}
+
+	if err := c.syncContainer(); err != nil {
+		return err
+	}
+	// get network status before we disconnect
+	networkStatus := c.getNetworkStatus()
+
+	if err := c.runtime.state.NetworkDisconnect(c, netName); err != nil {
+		return err
+	}
+
+	c.newNetworkEvent(events.NetworkDisconnect, netName)
+	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
+		return nil
+	}
+
+	if c.state.NetNS == nil {
+		return fmt.Errorf("unable to disconnect %s from %s: %w", nameOrID, netName, define.ErrNoNetwork)
+	}
+
+	opts := types.NetworkOptions{
+		ContainerID:   c.config.ID,
+		ContainerName: getCNIPodName(c),
+	}
+	opts.PortMappings = c.convertPortMappings()
+	opts.Networks = map[string]types.PerNetworkOptions{
+		netName: networks[netName],
+	}
+
+	if err := c.runtime.teardownNetwork(c.state.NetNS.Path(), opts); err != nil {
+		return err
+	}
+
+	// update network status if container is running
+	oldStatus, statusExist := networkStatus[netName]
+	delete(networkStatus, netName)
+	c.state.NetworkStatus = networkStatus
+	err = c.save()
+	if err != nil {
+		return err
+	}
+
+	// Reload ports when there are still connected networks, maybe we removed the network interface with the child ip.
+	// Reloading without connected networks does not make sense, so we can skip this step.
+	if rootless.IsRootless() && len(networkStatus) > 0 {
+		if err := c.reloadRootlessRLKPortMapping(); err != nil {
+			return err
+		}
+	}
+
+	// Update resolv.conf if required
+	if statusExist {
+		stringIPs := make([]string, 0, len(oldStatus.DNSServerIPs))
+		for _, ip := range oldStatus.DNSServerIPs {
+			stringIPs = append(stringIPs, ip.String())
+		}
+		if len(stringIPs) > 0 {
+			logrus.Debugf("Removing DNS Servers %v from resolv.conf", stringIPs)
+			if err := c.removeNameserver(stringIPs); err != nil {
+				return err
+			}
+		}
+
+		// update /etc/hosts file
+		if file, ok := c.state.BindMounts[config.DefaultHostsFile]; ok {
+			// sync the names with c.getHostsEntries()
+			names := []string{c.Hostname(), c.config.Name}
+			rm := etchosts.GetNetworkHostEntries(map[string]types.StatusBlock{netName: oldStatus}, names...)
+			if len(rm) > 0 {
+				// make sure to lock this file to prevent concurrent writes when
+				// this is used a net dependency container
+				lock, err := lockfile.GetLockfile(file)
+				if err != nil {
+					return fmt.Errorf("failed to lock hosts file: %w", err)
+				}
+				logrus.Debugf("Remove /etc/hosts entries %v", rm)
+				lock.Lock()
+				err = etchosts.Remove(file, rm)
+				lock.Unlock()
+				if err != nil {
+					return err
+				}
+			}
+		}
+	}
+	return nil
+}
+
+// ConnectNetwork connects a container to a given network
+func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
+	// only the bridge mode supports cni networks
+	if err := isBridgeNetMode(c.config.NetMode); err != nil {
+		return err
+	}
+
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	networks, err := c.networks()
+	if err != nil {
+		return err
+	}
+
+	// check if network exists and if the input is a ID we get the name
+	// CNI only uses names so it is important that we only use the name
+	netName, err = c.runtime.normalizeNetworkName(netName)
+	if err != nil {
+		return err
+	}
+
+	if err := c.syncContainer(); err != nil {
+		return err
+	}
+
+	// get network status before we connect
+	networkStatus := c.getNetworkStatus()
+
+	// always add the short id as alias for docker compat
+	netOpts.Aliases = append(netOpts.Aliases, c.config.ID[:12])
+
+	if netOpts.InterfaceName == "" {
+		netOpts.InterfaceName = getFreeInterfaceName(networks)
+		if netOpts.InterfaceName == "" {
+			return errors.New("could not find free network interface name")
+		}
+	}
+
+	if err := c.runtime.state.NetworkConnect(c, netName, netOpts); err != nil {
+		// Docker compat: treat requests to attach already attached networks as a no-op, ignoring opts
+		if errors.Is(err, define.ErrNetworkConnected) && c.ensureState(define.ContainerStateConfigured) {
+			return nil
+		}
+
+		return err
+	}
+	c.newNetworkEvent(events.NetworkConnect, netName)
+	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
+		return nil
+	}
+	if c.state.NetNS == nil {
+		return fmt.Errorf("unable to connect %s to %s: %w", nameOrID, netName, define.ErrNoNetwork)
+	}
+
+	opts := types.NetworkOptions{
+		ContainerID:   c.config.ID,
+		ContainerName: getCNIPodName(c),
+	}
+	opts.PortMappings = c.convertPortMappings()
+	opts.Networks = map[string]types.PerNetworkOptions{
+		netName: netOpts,
+	}
+
+	results, err := c.runtime.setUpNetwork(c.state.NetNS.Path(), opts)
+	if err != nil {
+		return err
+	}
+	if len(results) != 1 {
+		return errors.New("when adding aliases, results must be of length 1")
+	}
+
+	// we need to get the old host entries before we add the new one to the status
+	// if we do not add do it here we will get the wrong existing entries which will throw of the logic
+	// we could also copy the map but this does not seem worth it
+	// sync the hostNames with c.getHostsEntries()
+	hostNames := []string{c.Hostname(), c.config.Name}
+	oldHostEntries := etchosts.GetNetworkHostEntries(networkStatus, hostNames...)
+
+	// update network status
+	if networkStatus == nil {
+		networkStatus = make(map[string]types.StatusBlock, 1)
+	}
+	networkStatus[netName] = results[netName]
+	c.state.NetworkStatus = networkStatus
+
+	err = c.save()
+	if err != nil {
+		return err
+	}
+
+	// The first network needs a port reload to set the correct child ip for the rootlessport process.
+	// Adding a second network does not require a port reload because the child ip is still valid.
+	if rootless.IsRootless() && len(networks) == 0 {
+		if err := c.reloadRootlessRLKPortMapping(); err != nil {
+			return err
+		}
+	}
+
+	ipv6, err := c.checkForIPv6(networkStatus)
+	if err != nil {
+		return err
+	}
+
+	// Update resolv.conf if required
+	stringIPs := make([]string, 0, len(results[netName].DNSServerIPs))
+	for _, ip := range results[netName].DNSServerIPs {
+		if (ip.To4() == nil) && !ipv6 {
+			continue
+		}
+		stringIPs = append(stringIPs, ip.String())
+	}
+	if len(stringIPs) > 0 {
+		logrus.Debugf("Adding DNS Servers %v to resolv.conf", stringIPs)
+		if err := c.addNameserver(stringIPs); err != nil {
+			return err
+		}
+	}
+
+	// update /etc/hosts file
+	if file, ok := c.state.BindMounts[config.DefaultHostsFile]; ok {
+		// make sure to lock this file to prevent concurrent writes when
+		// this is used a net dependency container
+		lock, err := lockfile.GetLockfile(file)
+		if err != nil {
+			return fmt.Errorf("failed to lock hosts file: %w", err)
+		}
+		new := etchosts.GetNetworkHostEntries(results, hostNames...)
+		logrus.Debugf("Add /etc/hosts entries %v", new)
+		// use special AddIfExists API to make sure we only add new entries if an old one exists
+		// see the AddIfExists() comment for more information
+		lock.Lock()
+		err = etchosts.AddIfExists(file, oldHostEntries, new)
+		lock.Unlock()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// get a free interface name for a new network
+// return an empty string if no free name was found
+func getFreeInterfaceName(networks map[string]types.PerNetworkOptions) string {
+	ifNames := make([]string, 0, len(networks))
+	for _, opts := range networks {
+		ifNames = append(ifNames, opts.InterfaceName)
+	}
+	for i := 0; i < 100000; i++ {
+		ifName := fmt.Sprintf("eth%d", i)
+		if !util.StringInSlice(ifName, ifNames) {
+			return ifName
+		}
+	}
+	return ""
+}
+
+// DisconnectContainerFromNetwork removes a container from its CNI network
+func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error {
+	ctr, err := r.LookupContainer(nameOrID)
+	if err != nil {
+		return err
+	}
+	return ctr.NetworkDisconnect(nameOrID, netName, force)
+}
+
+// ConnectContainerToNetwork connects a container to a CNI network
+func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
+	ctr, err := r.LookupContainer(nameOrID)
+	if err != nil {
+		return err
+	}
+	return ctr.NetworkConnect(nameOrID, netName, netOpts)
+}
+
+// normalizeNetworkName takes a network name, a partial or a full network ID and returns the network name.
+// If the network is not found a errors is returned.
+func (r *Runtime) normalizeNetworkName(nameOrID string) (string, error) {
+	net, err := r.network.NetworkInspect(nameOrID)
+	if err != nil {
+		return "", err
+	}
+	return net.Name, nil
+}
+
+// ocicniPortsToNetTypesPorts convert the old port format to the new one
+// while deduplicating ports into ranges
+func ocicniPortsToNetTypesPorts(ports []types.OCICNIPortMapping) []types.PortMapping {
+	if len(ports) == 0 {
+		return nil
+	}
+
+	newPorts := make([]types.PortMapping, 0, len(ports))
+
+	// first sort the ports
+	sort.Slice(ports, func(i, j int) bool {
+		return compareOCICNIPorts(ports[i], ports[j])
+	})
+
+	// we already check if the slice is empty so we can use the first element
+	currentPort := types.PortMapping{
+		HostIP:        ports[0].HostIP,
+		HostPort:      uint16(ports[0].HostPort),
+		ContainerPort: uint16(ports[0].ContainerPort),
+		Protocol:      ports[0].Protocol,
+		Range:         1,
+	}
+
+	for i := 1; i < len(ports); i++ {
+		if ports[i].HostIP == currentPort.HostIP &&
+			ports[i].Protocol == currentPort.Protocol &&
+			ports[i].HostPort-int32(currentPort.Range) == int32(currentPort.HostPort) &&
+			ports[i].ContainerPort-int32(currentPort.Range) == int32(currentPort.ContainerPort) {
+			currentPort.Range++
+		} else {
+			newPorts = append(newPorts, currentPort)
+			currentPort = types.PortMapping{
+				HostIP:        ports[i].HostIP,
+				HostPort:      uint16(ports[i].HostPort),
+				ContainerPort: uint16(ports[i].ContainerPort),
+				Protocol:      ports[i].Protocol,
+				Range:         1,
+			}
+		}
+	}
+	newPorts = append(newPorts, currentPort)
+	return newPorts
+}
+
+// compareOCICNIPorts will sort the ocicni ports by
+// 1) host ip
+// 2) protocol
+// 3) hostPort
+// 4) container port
+func compareOCICNIPorts(i, j types.OCICNIPortMapping) bool {
+	if i.HostIP != j.HostIP {
+		return i.HostIP < j.HostIP
+	}
+
+	if i.Protocol != j.Protocol {
+		return i.Protocol < j.Protocol
+	}
+
+	if i.HostPort != j.HostPort {
+		return i.HostPort < j.HostPort
+	}
+
+	return i.ContainerPort < j.ContainerPort
+}
diff --git a/libpod/networking_freebsd.go b/libpod/networking_freebsd.go
new file mode 100644
index 000000000..230efc99d
--- /dev/null
+++ b/libpod/networking_freebsd.go
@@ -0,0 +1,268 @@
+//go:build freebsd
+// +build freebsd
+
+package libpod
+
+import (
+	"crypto/rand"
+	jdec "encoding/json"
+	"errors"
+	"fmt"
+	"net"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/containers/buildah/pkg/jail"
+	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/storage/pkg/lockfile"
+	"github.com/sirupsen/logrus"
+)
+
+type Netstat struct {
+	Statistics NetstatInterface `json:"statistics"`
+}
+
+type NetstatInterface struct {
+	Interface []NetstatAddress `json:"interface"`
+}
+
+type NetstatAddress struct {
+	Name    string `json:"name"`
+	Flags   string `json:"flags"`
+	Mtu     int    `json:"mtu"`
+	Network string `json:"network"`
+	Address string `json:"address"`
+
+	ReceivedPackets uint64 `json:"received-packets"`
+	ReceivedBytes   uint64 `json:"received-bytes"`
+	ReceivedErrors  uint64 `json:"received-errors"`
+
+	SentPackets uint64 `json:"sent-packets"`
+	SentBytes   uint64 `json:"sent-bytes"`
+	SentErrors  uint64 `json:"send-errors"`
+
+	DroppedPackets uint64 `json:"dropped-packets"`
+
+	Collisions uint64 `json:"collisions"`
+}
+
+// copied from github.com/vishvanada/netlink which does not build on freebsd
+type LinkStatistics64 struct {
+	RxPackets         uint64
+	TxPackets         uint64
+	RxBytes           uint64
+	TxBytes           uint64
+	RxErrors          uint64
+	TxErrors          uint64
+	RxDropped         uint64
+	TxDropped         uint64
+	Multicast         uint64
+	Collisions        uint64
+	RxLengthErrors    uint64
+	RxOverErrors      uint64
+	RxCrcErrors       uint64
+	RxFrameErrors     uint64
+	RxFifoErrors      uint64
+	RxMissedErrors    uint64
+	TxAbortedErrors   uint64
+	TxCarrierErrors   uint64
+	TxFifoErrors      uint64
+	TxHeartbeatErrors uint64
+	TxWindowErrors    uint64
+	RxCompressed      uint64
+	TxCompressed      uint64
+}
+
+type RootlessNetNS struct {
+	dir  string
+	Lock lockfile.Locker
+}
+
+// getPath will join the given path to the rootless netns dir
+func (r *RootlessNetNS) getPath(path string) string {
+	return filepath.Join(r.dir, path)
+}
+
+// Do - run the given function in the rootless netns.
+// It does not lock the rootlessCNI lock, the caller
+// should only lock when needed, e.g. for cni operations.
+func (r *RootlessNetNS) Do(toRun func() error) error {
+	return errors.New("not supported on freebsd")
+}
+
+// Cleanup the rootless network namespace if needed.
+// It checks if we have running containers with the bridge network mode.
+// Cleanup() expects that r.Lock is locked
+func (r *RootlessNetNS) Cleanup(runtime *Runtime) error {
+	return errors.New("not supported on freebsd")
+}
+
+// GetRootlessNetNs returns the rootless netns object. If create is set to true
+// the rootless network namespace will be created if it does not exists already.
+// If called as root it returns always nil.
+// On success the returned RootlessCNI lock is locked and must be unlocked by the caller.
+func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
+	return nil, nil
+}
+
+func GetSlirp4netnsIP(subnet *net.IPNet) (*net.IP, error) {
+	return nil, errors.New("not implemented GetSlirp4netnsIP")
+}
+
+// While there is code in container_internal.go which calls this, in
+// my testing network creation always seems to go through createNetNS.
+func (r *Runtime) setupNetNS(ctr *Container) error {
+	return errors.New("not implemented (*Runtime) setupNetNS")
+}
+
+// Create and configure a new network namespace for a container
+func (r *Runtime) configureNetNS(ctr *Container, ctrNS *jailNetNS) (status map[string]types.StatusBlock, rerr error) {
+	if err := r.exposeMachinePorts(ctr.config.PortMappings); err != nil {
+		return nil, err
+	}
+	defer func() {
+		// make sure to unexpose the gvproxy ports when an error happens
+		if rerr != nil {
+			if err := r.unexposeMachinePorts(ctr.config.PortMappings); err != nil {
+				logrus.Errorf("failed to free gvproxy machine ports: %v", err)
+			}
+		}
+	}()
+	networks, err := ctr.networks()
+	if err != nil {
+		return nil, err
+	}
+	// All networks have been removed from the container.
+	// This is effectively forcing net=none.
+	if len(networks) == 0 {
+		return nil, nil
+	}
+
+	netOpts := ctr.getNetworkOptions(networks)
+	netStatus, err := r.setUpNetwork(ctrNS.Name, netOpts)
+	if err != nil {
+		return nil, err
+	}
+
+	return netStatus, err
+}
+
+// Create and configure a new network namespace for a container
+func (r *Runtime) createNetNS(ctr *Container) (n *jailNetNS, q map[string]types.StatusBlock, retErr error) {
+	b := make([]byte, 16)
+	_, err := rand.Reader.Read(b)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to generate random vnet name: %v", err)
+	}
+	ctrNS := &jailNetNS{Name: fmt.Sprintf("vnet-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:])}
+
+	jconf := jail.NewConfig()
+	jconf.Set("name", ctrNS.Name)
+	jconf.Set("vnet", jail.NEW)
+	jconf.Set("children.max", 1)
+	jconf.Set("persist", true)
+	jconf.Set("enforce_statfs", 0)
+	jconf.Set("devfs_ruleset", 4)
+	jconf.Set("allow.raw_sockets", true)
+	jconf.Set("allow.chflags", true)
+	jconf.Set("securelevel", -1)
+	if _, err := jail.Create(jconf); err != nil {
+		logrus.Debugf("Failed to create vnet jail %s for container %s", ctrNS.Name, ctr.ID())
+	}
+
+	logrus.Debugf("Created vnet jail %s for container %s", ctrNS.Name, ctr.ID())
+
+	var networkStatus map[string]types.StatusBlock
+	networkStatus, err = r.configureNetNS(ctr, ctrNS)
+	return ctrNS, networkStatus, err
+}
+
+// Tear down a network namespace, undoing all state associated with it.
+func (r *Runtime) teardownNetNS(ctr *Container) error {
+	if err := r.unexposeMachinePorts(ctr.config.PortMappings); err != nil {
+		// do not return an error otherwise we would prevent network cleanup
+		logrus.Errorf("failed to free gvproxy machine ports: %v", err)
+	}
+	if err := r.teardownCNI(ctr); err != nil {
+		return err
+	}
+
+	if ctr.state.NetNS != nil {
+		// Rather than destroying the jail immediately, reset the
+		// persist flag so that it will live until the container is
+		// done.
+		netjail, err := jail.FindByName(ctr.state.NetNS.Name)
+		if err != nil {
+			return fmt.Errorf("finding network jail %s: %w", ctr.state.NetNS.Name, err)
+		}
+		jconf := jail.NewConfig()
+		jconf.Set("persist", false)
+		if err := netjail.Set(jconf); err != nil {
+			return fmt.Errorf("releasing network jail %s: %w", ctr.state.NetNS.Name, err)
+		}
+
+		ctr.state.NetNS = nil
+	}
+
+	return nil
+}
+
+func getContainerNetIO(ctr *Container) (*LinkStatistics64, error) {
+	if ctr.state.NetNS == nil {
+		// If NetNS is nil, it was set as none, and no netNS
+		// was set up this is a valid state and thus return no
+		// error, nor any statistics
+		return nil, nil
+	}
+
+	// FIXME get the interface from the container netstatus
+	cmd := exec.Command("jexec", ctr.state.NetNS.Name, "netstat", "-bI", "eth0", "--libxo", "json")
+	out, err := cmd.Output()
+	if err != nil {
+		return nil, err
+	}
+	stats := Netstat{}
+	if err := jdec.Unmarshal(out, &stats); err != nil {
+		return nil, err
+	}
+
+	// Find the link stats
+	for _, ifaddr := range stats.Statistics.Interface {
+		if ifaddr.Mtu > 0 {
+			return &LinkStatistics64{
+				RxPackets:  ifaddr.ReceivedPackets,
+				TxPackets:  ifaddr.SentPackets,
+				RxBytes:    ifaddr.ReceivedBytes,
+				TxBytes:    ifaddr.SentBytes,
+				RxErrors:   ifaddr.ReceivedErrors,
+				TxErrors:   ifaddr.SentErrors,
+				RxDropped:  ifaddr.DroppedPackets,
+				Collisions: ifaddr.Collisions,
+			}, nil
+		}
+	}
+
+	return &LinkStatistics64{}, nil
+}
+
+func (c *Container) joinedNetworkNSPath() string {
+	if c.state.NetNS != nil {
+		return c.state.NetNS.Name
+	} else {
+		return ""
+	}
+}
+
+func (c *Container) inspectJoinedNetworkNS(networkns string) (q types.StatusBlock, retErr error) {
+	// TODO: extract interface information from the vnet jail
+	return types.StatusBlock{}, nil
+
+}
+
+func (c *Container) reloadRootlessRLKPortMapping() error {
+	return errors.New("unsupported (*Container).reloadRootlessRLKPortMapping")
+}
+
+func (c *Container) setupRootlessNetwork() error {
+	return nil
+}
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index c05796768..e27ec8e9d 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -13,25 +13,17 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"regexp"
-	"sort"
 	"strconv"
 	"strings"
 	"syscall"
 	"time"
 
 	"github.com/containernetworking/plugins/pkg/ns"
-	"github.com/containers/common/libnetwork/etchosts"
 	"github.com/containers/common/libnetwork/resolvconf"
 	"github.com/containers/common/libnetwork/types"
-	"github.com/containers/common/pkg/config"
-	"github.com/containers/common/pkg/machine"
 	"github.com/containers/common/pkg/netns"
 	"github.com/containers/common/pkg/util"
-	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/pkg/errorhandling"
-	"github.com/containers/podman/v4/pkg/namespaces"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/utils"
 	"github.com/containers/storage/pkg/lockfile"
@@ -59,39 +51,6 @@ const (
 	persistentCNIDir = "/var/lib/cni"
 )
 
-// convertPortMappings will remove the HostIP part from the ports when running inside podman machine.
-// This is need because a HostIP of 127.0.0.1 would now allow the gvproxy forwarder to reach to open ports.
-// For machine the HostIP must only be used by gvproxy and never in the VM.
-func (c *Container) convertPortMappings() []types.PortMapping {
-	if !machine.IsGvProxyBased() || len(c.config.PortMappings) == 0 {
-		return c.config.PortMappings
-	}
-	// if we run in a machine VM we have to ignore the host IP part
-	newPorts := make([]types.PortMapping, 0, len(c.config.PortMappings))
-	for _, port := range c.config.PortMappings {
-		port.HostIP = ""
-		newPorts = append(newPorts, port)
-	}
-	return newPorts
-}
-
-func (c *Container) getNetworkOptions(networkOpts map[string]types.PerNetworkOptions) types.NetworkOptions {
-	opts := types.NetworkOptions{
-		ContainerID:   c.config.ID,
-		ContainerName: getCNIPodName(c),
-	}
-	opts.PortMappings = c.convertPortMappings()
-
-	// If the container requested special network options use this instead of the config.
-	// This is the case for container restore or network reload.
-	if c.perNetworkOpts != nil {
-		opts.Networks = c.perNetworkOpts
-	} else {
-		opts.Networks = networkOpts
-	}
-	return opts
-}
-
 type RootlessNetNS struct {
 	ns   ns.NetNS
 	dir  string
@@ -354,7 +313,7 @@ func (r *RootlessNetNS) Cleanup(runtime *Runtime) error {
 		}
 	}
 	if err != nil {
-		logrus.Errorf("Failed to kill slirp4netns process: %s", err)
+		logrus.Errorf("Failed to kill slirp4netns process: %v", err)
 	}
 	err = os.RemoveAll(r.dir)
 	if err != nil {
@@ -411,13 +370,13 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 	if err != nil {
 		if !new {
 			// return a error if we could not get the namespace and should no create one
-			return nil, fmt.Errorf("error getting rootless network namespace: %w", err)
+			return nil, fmt.Errorf("getting rootless network namespace: %w", err)
 		}
 		// create a new namespace
 		logrus.Debugf("creating rootless network namespace with name %q", netnsName)
 		ns, err = netns.NewNSWithName(netnsName)
 		if err != nil {
-			return nil, fmt.Errorf("error creating rootless network namespace: %w", err)
+			return nil, fmt.Errorf("creating rootless network namespace: %w", err)
 		}
 		// set up slirp4netns here
 		path := r.config.Engine.NetworkCmdPath
@@ -442,7 +401,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 		}
 		slirpFeatures, err := checkSlirpFlags(path)
 		if err != nil {
-			return nil, fmt.Errorf("error checking slirp4netns binary %s: %q: %w", path, err, err)
+			return nil, fmt.Errorf("checking slirp4netns binary %s: %q: %w", path, err, err)
 		}
 		cmdArgs, err := createBasicSlirp4netnsCmdArgs(netOptions, slirpFeatures)
 		if err != nil {
@@ -589,41 +548,6 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 	return rootlessNetNS, nil
 }
 
-// setUpNetwork will set up the the networks, on error it will also tear down the cni
-// networks. If rootless it will join/create the rootless network namespace.
-func (r *Runtime) setUpNetwork(ns string, opts types.NetworkOptions) (map[string]types.StatusBlock, error) {
-	rootlessNetNS, err := r.GetRootlessNetNs(true)
-	if err != nil {
-		return nil, err
-	}
-	var results map[string]types.StatusBlock
-	setUpPod := func() error {
-		results, err = r.network.Setup(ns, types.SetupOptions{NetworkOptions: opts})
-		return err
-	}
-	// rootlessNetNS is nil if we are root
-	if rootlessNetNS != nil {
-		// execute the setup in the rootless net ns
-		err = rootlessNetNS.Do(setUpPod)
-		rootlessNetNS.Lock.Unlock()
-	} else {
-		err = setUpPod()
-	}
-	return results, err
-}
-
-// getCNIPodName return the pod name (hostname) used by CNI and the dnsname plugin.
-// If we are in the pod network namespace use the pod name otherwise the container name
-func getCNIPodName(c *Container) string {
-	if c.config.NetMode.IsPod() || c.IsInfra() {
-		pod, err := c.runtime.state.Pod(c.PodID())
-		if err == nil {
-			return pod.Name()
-		}
-	}
-	return c.Name()
-}
-
 // Create and configure a new network namespace for a container
 func (r *Runtime) configureNetNS(ctr *Container, ctrNS ns.NetNS) (status map[string]types.StatusBlock, rerr error) {
 	if err := r.exposeMachinePorts(ctr.config.PortMappings); err != nil {
@@ -675,7 +599,7 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS ns.NetNS) (status map[str
 func (r *Runtime) createNetNS(ctr *Container) (n ns.NetNS, q map[string]types.StatusBlock, retErr error) {
 	ctrNS, err := netns.NewNS()
 	if err != nil {
-		return nil, nil, fmt.Errorf("error creating network namespace for container %s: %w", ctr.ID(), err)
+		return nil, nil, fmt.Errorf("creating network namespace for container %s: %w", ctr.ID(), err)
 	}
 	defer func() {
 		if retErr != nil {
@@ -742,7 +666,7 @@ func (r *Runtime) setupNetNS(ctr *Container) error {
 func joinNetNS(path string) (ns.NetNS, error) {
 	netNS, err := ns.GetNS(path)
 	if err != nil {
-		return nil, fmt.Errorf("error retrieving network namespace at %s: %w", path, err)
+		return nil, fmt.Errorf("retrieving network namespace at %s: %w", path, err)
 	}
 
 	return netNS, nil
@@ -758,7 +682,7 @@ func (r *Runtime) closeNetNS(ctr *Container) error {
 	}
 
 	if err := ctr.state.NetNS.Close(); err != nil {
-		return fmt.Errorf("error closing network namespace for container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("closing network namespace for container %s: %w", ctr.ID(), err)
 	}
 
 	ctr.state.NetNS = nil
@@ -766,56 +690,6 @@ func (r *Runtime) closeNetNS(ctr *Container) error {
 	return nil
 }
 
-// Tear down a container's network configuration and joins the
-// rootless net ns as rootless user
-func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error {
-	rootlessNetNS, err := r.GetRootlessNetNs(false)
-	if err != nil {
-		return err
-	}
-	tearDownPod := func() error {
-		if err := r.network.Teardown(ns, types.TeardownOptions{NetworkOptions: opts}); err != nil {
-			return fmt.Errorf("error tearing down network namespace configuration for container %s: %w", opts.ContainerID, err)
-		}
-		return nil
-	}
-
-	// rootlessNetNS is nil if we are root
-	if rootlessNetNS != nil {
-		// execute the cni setup in the rootless net ns
-		err = rootlessNetNS.Do(tearDownPod)
-		if cerr := rootlessNetNS.Cleanup(r); cerr != nil {
-			logrus.WithError(err).Error("failed to clean up rootless netns")
-		}
-		rootlessNetNS.Lock.Unlock()
-	} else {
-		err = tearDownPod()
-	}
-	return err
-}
-
-// Tear down a container's CNI network configuration, but do not tear down the
-// namespace itself.
-func (r *Runtime) teardownCNI(ctr *Container) error {
-	if ctr.state.NetNS == nil {
-		// The container has no network namespace, we're set
-		return nil
-	}
-
-	logrus.Debugf("Tearing down network namespace at %s for container %s", ctr.state.NetNS.Path(), ctr.ID())
-
-	networks, err := ctr.networks()
-	if err != nil {
-		return err
-	}
-
-	if !ctr.config.NetMode.IsSlirp4netns() && len(networks) > 0 {
-		netOpts := ctr.getNetworkOptions(networks)
-		return r.teardownNetwork(ctr.state.NetNS.Path(), netOpts)
-	}
-	return nil
-}
-
 // Tear down a network namespace, undoing all state associated with it.
 func (r *Runtime) teardownNetNS(ctr *Container) error {
 	if err := r.unexposeMachinePorts(ctr.config.PortMappings); err != nil {
@@ -828,12 +702,12 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
 
 	// First unmount the namespace
 	if err := netns.UnmountNS(ctr.state.NetNS); err != nil {
-		return fmt.Errorf("error unmounting network namespace for container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("unmounting network namespace for container %s: %w", ctr.ID(), err)
 	}
 
 	// Now close the open file descriptor
 	if err := ctr.state.NetNS.Close(); err != nil {
-		return fmt.Errorf("error closing network namespace for container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("closing network namespace for container %s: %w", ctr.ID(), err)
 	}
 
 	ctr.state.NetNS = nil
@@ -862,72 +736,6 @@ func getContainerNetNS(ctr *Container) (string, *Container, error) {
 	return "", nil, nil
 }
 
-// isBridgeNetMode checks if the given network mode is bridge.
-// It returns nil when it is set to bridge and an error otherwise.
-func isBridgeNetMode(n namespaces.NetworkMode) error {
-	if !n.IsBridge() {
-		return fmt.Errorf("%q is not supported: %w", n, define.ErrNetworkModeInvalid)
-	}
-	return nil
-}
-
-// Reload only works with containers with a configured network.
-// It will tear down, and then reconfigure, the network of the container.
-// This is mainly used when a reload of firewall rules wipes out existing
-// firewall configuration.
-// Efforts will be made to preserve MAC and IP addresses, but this only works if
-// the container only joined a single CNI network, and was only assigned a
-// single MAC or IP.
-// Only works on root containers at present, though in the future we could
-// extend this to stop + restart slirp4netns
-func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) {
-	if ctr.state.NetNS == nil {
-		return nil, fmt.Errorf("container %s network is not configured, refusing to reload: %w", ctr.ID(), define.ErrCtrStateInvalid)
-	}
-	if err := isBridgeNetMode(ctr.config.NetMode); err != nil {
-		return nil, err
-	}
-	logrus.Infof("Going to reload container %s network", ctr.ID())
-
-	err := r.teardownCNI(ctr)
-	if err != nil {
-		// teardownCNI will error if the iptables rules do not exists and this is the case after
-		// a firewall reload. The purpose of network reload is to recreate the rules if they do
-		// not exists so we should not log this specific error as error. This would confuse users otherwise.
-		// iptables-legacy and iptables-nft will create different errors make sure to match both.
-		b, rerr := regexp.MatchString("Couldn't load target `CNI-[a-f0-9]{24}':No such file or directory|Chain 'CNI-[a-f0-9]{24}' does not exist", err.Error())
-		if rerr == nil && !b {
-			logrus.Error(err)
-		} else {
-			logrus.Info(err)
-		}
-	}
-
-	networkOpts, err := ctr.networks()
-	if err != nil {
-		return nil, err
-	}
-
-	// Set the same network settings as before..
-	netStatus := ctr.getNetworkStatus()
-	for network, perNetOpts := range networkOpts {
-		for name, netInt := range netStatus[network].Interfaces {
-			perNetOpts.InterfaceName = name
-			perNetOpts.StaticMAC = netInt.MacAddress
-			for _, netAddress := range netInt.Subnets {
-				perNetOpts.StaticIPs = append(perNetOpts.StaticIPs, netAddress.IPNet.IP)
-			}
-			// Normally interfaces have a length of 1, only for some special cni configs we could get more.
-			// For now just use the first interface to get the ips this should be good enough for most cases.
-			break
-		}
-		networkOpts[network] = perNetOpts
-	}
-	ctr.perNetworkOpts = networkOpts
-
-	return r.configureNetNS(ctr, ctr.state.NetNS)
-}
-
 // TODO (5.0): return the statistics per network interface
 // This would allow better compat with docker.
 func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) {
@@ -981,110 +789,6 @@ func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) {
 	return netStats, err
 }
 
-// Produce an InspectNetworkSettings containing information on the container
-// network.
-func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) {
-	if c.config.NetNsCtr != "" {
-		netNsCtr, err := c.runtime.GetContainer(c.config.NetNsCtr)
-		if err != nil {
-			return nil, err
-		}
-		// see https://github.com/containers/podman/issues/10090
-		// the container has to be locked for syncContainer()
-		netNsCtr.lock.Lock()
-		defer netNsCtr.lock.Unlock()
-		// Have to sync to ensure that state is populated
-		if err := netNsCtr.syncContainer(); err != nil {
-			return nil, err
-		}
-		logrus.Debugf("Container %s shares network namespace, retrieving network info of container %s", c.ID(), c.config.NetNsCtr)
-
-		return netNsCtr.getContainerNetworkInfo()
-	}
-
-	settings := new(define.InspectNetworkSettings)
-	settings.Ports = makeInspectPortBindings(c.config.PortMappings, c.config.ExposedPorts)
-
-	networks, err := c.networks()
-	if err != nil {
-		return nil, err
-	}
-
-	if c.state.NetNS == nil {
-		if networkNSPath := c.joinedNetworkNSPath(); networkNSPath != "" {
-			if result, err := c.inspectJoinedNetworkNS(networkNSPath); err == nil {
-				// fallback to dummy configuration
-				settings.InspectBasicNetworkConfig = resultToBasicNetworkConfig(result)
-				return settings, nil
-			}
-			// do not propagate error inspecting a joined network ns
-			logrus.Errorf("Inspecting network namespace: %s of container %s: %v", networkNSPath, c.ID(), err)
-		}
-		// We can't do more if the network is down.
-
-		// We still want to make dummy configurations for each CNI net
-		// the container joined.
-		if len(networks) > 0 {
-			settings.Networks = make(map[string]*define.InspectAdditionalNetwork, len(networks))
-			for net, opts := range networks {
-				cniNet := new(define.InspectAdditionalNetwork)
-				cniNet.NetworkID = net
-				cniNet.Aliases = opts.Aliases
-				settings.Networks[net] = cniNet
-			}
-		}
-
-		return settings, nil
-	}
-
-	// Set network namespace path
-	settings.SandboxKey = c.state.NetNS.Path()
-
-	netStatus := c.getNetworkStatus()
-	// If this is empty, we're probably slirp4netns
-	if len(netStatus) == 0 {
-		return settings, nil
-	}
-
-	// If we have networks - handle that here
-	if len(networks) > 0 {
-		if len(networks) != len(netStatus) {
-			return nil, fmt.Errorf("network inspection mismatch: asked to join %d network(s) %v, but have information on %d network(s): %w", len(networks), networks, len(netStatus), define.ErrInternal)
-		}
-
-		settings.Networks = make(map[string]*define.InspectAdditionalNetwork)
-
-		for name, opts := range networks {
-			result := netStatus[name]
-			addedNet := new(define.InspectAdditionalNetwork)
-			addedNet.NetworkID = name
-			addedNet.Aliases = opts.Aliases
-			addedNet.InspectBasicNetworkConfig = resultToBasicNetworkConfig(result)
-
-			settings.Networks[name] = addedNet
-		}
-
-		// if not only the default network is connected we can return here
-		// otherwise we have to populate the InspectBasicNetworkConfig settings
-		_, isDefaultNet := networks[c.runtime.config.Network.DefaultNetwork]
-		if !(len(networks) == 1 && isDefaultNet) {
-			return settings, nil
-		}
-	}
-
-	// If not joining networks, we should have at most 1 result
-	if len(netStatus) > 1 {
-		return nil, fmt.Errorf("should have at most 1 network status result if not joining networks, instead got %d: %w", len(netStatus), define.ErrInternal)
-	}
-
-	if len(netStatus) == 1 {
-		for _, status := range netStatus {
-			settings.InspectBasicNetworkConfig = resultToBasicNetworkConfig(status)
-		}
-	}
-	return settings, nil
-}
-
 func (c *Container) joinedNetworkNSPath() string {
 	for _, namespace := range c.config.Spec.Linux.Namespaces {
 		if namespace.Type == specs.NetworkNamespace {
@@ -1151,49 +855,6 @@ func (c *Container) inspectJoinedNetworkNS(networkns string) (q types.StatusBloc
 	return result, err
 }
 
-// resultToBasicNetworkConfig produces an InspectBasicNetworkConfig from a CNI
-// result
-func resultToBasicNetworkConfig(result types.StatusBlock) define.InspectBasicNetworkConfig {
-	config := define.InspectBasicNetworkConfig{}
-	interfaceNames := make([]string, 0, len(result.Interfaces))
-	for interfaceName := range result.Interfaces {
-		interfaceNames = append(interfaceNames, interfaceName)
-	}
-	// ensure consistent inspect results by sorting
-	sort.Strings(interfaceNames)
-	for _, interfaceName := range interfaceNames {
-		netInt := result.Interfaces[interfaceName]
-		for _, netAddress := range netInt.Subnets {
-			size, _ := netAddress.IPNet.Mask.Size()
-			if netAddress.IPNet.IP.To4() != nil {
-				// ipv4
-				if config.IPAddress == "" {
-					config.IPAddress = netAddress.IPNet.IP.String()
-					config.IPPrefixLen = size
-					config.Gateway = netAddress.Gateway.String()
-				} else {
-					config.SecondaryIPAddresses = append(config.SecondaryIPAddresses, define.Address{Addr: netAddress.IPNet.IP.String(), PrefixLength: size})
-				}
-			} else {
-				// ipv6
-				if config.GlobalIPv6Address == "" {
-					config.GlobalIPv6Address = netAddress.IPNet.IP.String()
-					config.GlobalIPv6PrefixLen = size
-					config.IPv6Gateway = netAddress.Gateway.String()
-				} else {
-					config.SecondaryIPv6Addresses = append(config.SecondaryIPv6Addresses, define.Address{Addr: netAddress.IPNet.IP.String(), PrefixLength: size})
-				}
-			}
-		}
-		if config.MacAddress == "" {
-			config.MacAddress = netInt.MacAddress.String()
-		} else {
-			config.AdditionalMacAddresses = append(config.AdditionalMacAddresses, netInt.MacAddress.String())
-		}
-	}
-	return config
-}
-
 type logrusDebugWriter struct {
 	prefix string
 }
@@ -1202,363 +863,3 @@ func (w *logrusDebugWriter) Write(p []byte) (int, error) {
 	logrus.Debugf("%s%s", w.prefix, string(p))
 	return len(p), nil
 }
-
-// NetworkDisconnect removes a container from the network
-func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) error {
-	// only the bridge mode supports cni networks
-	if err := isBridgeNetMode(c.config.NetMode); err != nil {
-		return err
-	}
-
-	c.lock.Lock()
-	defer c.lock.Unlock()
-
-	networks, err := c.networks()
-	if err != nil {
-		return err
-	}
-
-	// check if network exists and if the input is a ID we get the name
-	// CNI only uses names so it is important that we only use the name
-	netName, err = c.runtime.normalizeNetworkName(netName)
-	if err != nil {
-		return err
-	}
-
-	_, nameExists := networks[netName]
-	if !nameExists && len(networks) > 0 {
-		return fmt.Errorf("container %s is not connected to network %s", nameOrID, netName)
-	}
-
-	if err := c.syncContainer(); err != nil {
-		return err
-	}
-	// get network status before we disconnect
-	networkStatus := c.getNetworkStatus()
-
-	if err := c.runtime.state.NetworkDisconnect(c, netName); err != nil {
-		return err
-	}
-
-	c.newNetworkEvent(events.NetworkDisconnect, netName)
-	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
-		return nil
-	}
-
-	if c.state.NetNS == nil {
-		return fmt.Errorf("unable to disconnect %s from %s: %w", nameOrID, netName, define.ErrNoNetwork)
-	}
-
-	opts := types.NetworkOptions{
-		ContainerID:   c.config.ID,
-		ContainerName: getCNIPodName(c),
-	}
-	opts.PortMappings = c.convertPortMappings()
-	opts.Networks = map[string]types.PerNetworkOptions{
-		netName: networks[netName],
-	}
-
-	if err := c.runtime.teardownNetwork(c.state.NetNS.Path(), opts); err != nil {
-		return err
-	}
-
-	// update network status if container is running
-	oldStatus, statusExist := networkStatus[netName]
-	delete(networkStatus, netName)
-	c.state.NetworkStatus = networkStatus
-	err = c.save()
-	if err != nil {
-		return err
-	}
-
-	// Reload ports when there are still connected networks, maybe we removed the network interface with the child ip.
-	// Reloading without connected networks does not make sense, so we can skip this step.
-	if rootless.IsRootless() && len(networkStatus) > 0 {
-		if err := c.reloadRootlessRLKPortMapping(); err != nil {
-			return err
-		}
-	}
-
-	// Update resolv.conf if required
-	if statusExist {
-		stringIPs := make([]string, 0, len(oldStatus.DNSServerIPs))
-		for _, ip := range oldStatus.DNSServerIPs {
-			stringIPs = append(stringIPs, ip.String())
-		}
-		if len(stringIPs) > 0 {
-			logrus.Debugf("Removing DNS Servers %v from resolv.conf", stringIPs)
-			if err := c.removeNameserver(stringIPs); err != nil {
-				return err
-			}
-		}
-
-		// update /etc/hosts file
-		if file, ok := c.state.BindMounts[config.DefaultHostsFile]; ok {
-			// sync the names with c.getHostsEntries()
-			names := []string{c.Hostname(), c.config.Name}
-			rm := etchosts.GetNetworkHostEntries(map[string]types.StatusBlock{netName: oldStatus}, names...)
-			if len(rm) > 0 {
-				// make sure to lock this file to prevent concurrent writes when
-				// this is used a net dependency container
-				lock, err := lockfile.GetLockfile(file)
-				if err != nil {
-					return fmt.Errorf("failed to lock hosts file: %w", err)
-				}
-				logrus.Debugf("Remove /etc/hosts entries %v", rm)
-				lock.Lock()
-				err = etchosts.Remove(file, rm)
-				lock.Unlock()
-				if err != nil {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
-
-// ConnectNetwork connects a container to a given network
-func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
-	// only the bridge mode supports cni networks
-	if err := isBridgeNetMode(c.config.NetMode); err != nil {
-		return err
-	}
-
-	c.lock.Lock()
-	defer c.lock.Unlock()
-
-	networks, err := c.networks()
-	if err != nil {
-		return err
-	}
-
-	// check if network exists and if the input is a ID we get the name
-	// CNI only uses names so it is important that we only use the name
-	netName, err = c.runtime.normalizeNetworkName(netName)
-	if err != nil {
-		return err
-	}
-
-	if err := c.syncContainer(); err != nil {
-		return err
-	}
-
-	// get network status before we connect
-	networkStatus := c.getNetworkStatus()
-
-	// always add the short id as alias for docker compat
-	netOpts.Aliases = append(netOpts.Aliases, c.config.ID[:12])
-
-	if netOpts.InterfaceName == "" {
-		netOpts.InterfaceName = getFreeInterfaceName(networks)
-		if netOpts.InterfaceName == "" {
-			return errors.New("could not find free network interface name")
-		}
-	}
-
-	if err := c.runtime.state.NetworkConnect(c, netName, netOpts); err != nil {
-		return err
-	}
-	c.newNetworkEvent(events.NetworkConnect, netName)
-	if !c.ensureState(define.ContainerStateRunning, define.ContainerStateCreated) {
-		return nil
-	}
-	if c.state.NetNS == nil {
-		return fmt.Errorf("unable to connect %s to %s: %w", nameOrID, netName, define.ErrNoNetwork)
-	}
-
-	opts := types.NetworkOptions{
-		ContainerID:   c.config.ID,
-		ContainerName: getCNIPodName(c),
-	}
-	opts.PortMappings = c.convertPortMappings()
-	opts.Networks = map[string]types.PerNetworkOptions{
-		netName: netOpts,
-	}
-
-	results, err := c.runtime.setUpNetwork(c.state.NetNS.Path(), opts)
-	if err != nil {
-		return err
-	}
-	if len(results) != 1 {
-		return errors.New("when adding aliases, results must be of length 1")
-	}
-
-	// we need to get the old host entries before we add the new one to the status
-	// if we do not add do it here we will get the wrong existing entries which will throw of the logic
-	// we could also copy the map but this does not seem worth it
-	// sync the hostNames with c.getHostsEntries()
-	hostNames := []string{c.Hostname(), c.config.Name}
-	oldHostEntries := etchosts.GetNetworkHostEntries(networkStatus, hostNames...)
-
-	// update network status
-	if networkStatus == nil {
-		networkStatus = make(map[string]types.StatusBlock, 1)
-	}
-	networkStatus[netName] = results[netName]
-	c.state.NetworkStatus = networkStatus
-
-	err = c.save()
-	if err != nil {
-		return err
-	}
-
-	// The first network needs a port reload to set the correct child ip for the rootlessport process.
-	// Adding a second network does not require a port reload because the child ip is still valid.
-	if rootless.IsRootless() && len(networks) == 0 {
-		if err := c.reloadRootlessRLKPortMapping(); err != nil {
-			return err
-		}
-	}
-
-	ipv6, err := c.checkForIPv6(networkStatus)
-	if err != nil {
-		return err
-	}
-
-	// Update resolv.conf if required
-	stringIPs := make([]string, 0, len(results[netName].DNSServerIPs))
-	for _, ip := range results[netName].DNSServerIPs {
-		if (ip.To4() == nil) && !ipv6 {
-			continue
-		}
-		stringIPs = append(stringIPs, ip.String())
-	}
-	if len(stringIPs) > 0 {
-		logrus.Debugf("Adding DNS Servers %v to resolv.conf", stringIPs)
-		if err := c.addNameserver(stringIPs); err != nil {
-			return err
-		}
-	}
-
-	// update /etc/hosts file
-	if file, ok := c.state.BindMounts[config.DefaultHostsFile]; ok {
-		// make sure to lock this file to prevent concurrent writes when
-		// this is used a net dependency container
-		lock, err := lockfile.GetLockfile(file)
-		if err != nil {
-			return fmt.Errorf("failed to lock hosts file: %w", err)
-		}
-		new := etchosts.GetNetworkHostEntries(results, hostNames...)
-		logrus.Debugf("Add /etc/hosts entries %v", new)
-		// use special AddIfExists API to make sure we only add new entries if an old one exists
-		// see the AddIfExists() comment for more information
-		lock.Lock()
-		err = etchosts.AddIfExists(file, oldHostEntries, new)
-		lock.Unlock()
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// get a free interface name for a new network
-// return an empty string if no free name was found
-func getFreeInterfaceName(networks map[string]types.PerNetworkOptions) string {
-	ifNames := make([]string, 0, len(networks))
-	for _, opts := range networks {
-		ifNames = append(ifNames, opts.InterfaceName)
-	}
-	for i := 0; i < 100000; i++ {
-		ifName := fmt.Sprintf("eth%d", i)
-		if !util.StringInSlice(ifName, ifNames) {
-			return ifName
-		}
-	}
-	return ""
-}
-
-// DisconnectContainerFromNetwork removes a container from its CNI network
-func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error {
-	ctr, err := r.LookupContainer(nameOrID)
-	if err != nil {
-		return err
-	}
-	return ctr.NetworkDisconnect(nameOrID, netName, force)
-}
-
-// ConnectContainerToNetwork connects a container to a CNI network
-func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
-	ctr, err := r.LookupContainer(nameOrID)
-	if err != nil {
-		return err
-	}
-	return ctr.NetworkConnect(nameOrID, netName, netOpts)
-}
-
-// normalizeNetworkName takes a network name, a partial or a full network ID and returns the network name.
-// If the network is not found a errors is returned.
-func (r *Runtime) normalizeNetworkName(nameOrID string) (string, error) {
-	net, err := r.network.NetworkInspect(nameOrID)
-	if err != nil {
-		return "", err
-	}
-	return net.Name, nil
-}
-
-// ocicniPortsToNetTypesPorts convert the old port format to the new one
-// while deduplicating ports into ranges
-func ocicniPortsToNetTypesPorts(ports []types.OCICNIPortMapping) []types.PortMapping {
-	if len(ports) == 0 {
-		return nil
-	}
-
-	newPorts := make([]types.PortMapping, 0, len(ports))
-
-	// first sort the ports
-	sort.Slice(ports, func(i, j int) bool {
-		return compareOCICNIPorts(ports[i], ports[j])
-	})
-
-	// we already check if the slice is empty so we can use the first element
-	currentPort := types.PortMapping{
-		HostIP:        ports[0].HostIP,
-		HostPort:      uint16(ports[0].HostPort),
-		ContainerPort: uint16(ports[0].ContainerPort),
-		Protocol:      ports[0].Protocol,
-		Range:         1,
-	}
-
-	for i := 1; i < len(ports); i++ {
-		if ports[i].HostIP == currentPort.HostIP &&
-			ports[i].Protocol == currentPort.Protocol &&
-			ports[i].HostPort-int32(currentPort.Range) == int32(currentPort.HostPort) &&
-			ports[i].ContainerPort-int32(currentPort.Range) == int32(currentPort.ContainerPort) {
-			currentPort.Range++
-		} else {
-			newPorts = append(newPorts, currentPort)
-			currentPort = types.PortMapping{
-				HostIP:        ports[i].HostIP,
-				HostPort:      uint16(ports[i].HostPort),
-				ContainerPort: uint16(ports[i].ContainerPort),
-				Protocol:      ports[i].Protocol,
-				Range:         1,
-			}
-		}
-	}
-	newPorts = append(newPorts, currentPort)
-	return newPorts
-}
-
-// compareOCICNIPorts will sort the ocicni ports by
-// 1) host ip
-// 2) protocol
-// 3) hostPort
-// 4) container port
-func compareOCICNIPorts(i, j types.OCICNIPortMapping) bool {
-	if i.HostIP != j.HostIP {
-		return i.HostIP < j.HostIP
-	}
-
-	if i.Protocol != j.Protocol {
-		return i.Protocol < j.Protocol
-	}
-
-	if i.HostPort != j.HostPort {
-		return i.HostPort < j.HostPort
-	}
-
-	return i.ContainerPort < j.ContainerPort
-}
diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go
index 4a6462d46..d4ec9082b 100644
--- a/libpod/networking_slirp4netns.go
+++ b/libpod/networking_slirp4netns.go
@@ -243,7 +243,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container, netns ns.NetNS) error {
 	}
 	slirpFeatures, err := checkSlirpFlags(path)
 	if err != nil {
-		return fmt.Errorf("error checking slirp4netns binary %s: %q: %w", path, err, err)
+		return fmt.Errorf("checking slirp4netns binary %s: %q: %w", path, err, err)
 	}
 	cmdArgs, err := createBasicSlirp4netnsCmdArgs(netOptions, slirpFeatures)
 	if err != nil {
@@ -405,7 +405,7 @@ func GetSlirp4netnsIP(subnet *net.IPNet) (*net.IP, error) {
 	}
 	expectedIP, err := addToIP(slirpSubnet, uint32(100))
 	if err != nil {
-		return nil, fmt.Errorf("error calculating expected ip for slirp4netns: %w", err)
+		return nil, fmt.Errorf("calculating expected ip for slirp4netns: %w", err)
 	}
 	return expectedIP, nil
 }
@@ -419,7 +419,7 @@ func GetSlirp4netnsGateway(subnet *net.IPNet) (*net.IP, error) {
 	}
 	expectedGatewayIP, err := addToIP(slirpSubnet, uint32(2))
 	if err != nil {
-		return nil, fmt.Errorf("error calculating expected gateway ip for slirp4netns: %w", err)
+		return nil, fmt.Errorf("calculating expected gateway ip for slirp4netns: %w", err)
 	}
 	return expectedGatewayIP, nil
 }
@@ -433,7 +433,7 @@ func GetSlirp4netnsDNS(subnet *net.IPNet) (*net.IP, error) {
 	}
 	expectedDNSIP, err := addToIP(slirpSubnet, uint32(3))
 	if err != nil {
-		return nil, fmt.Errorf("error calculating expected dns ip for slirp4netns: %w", err)
+		return nil, fmt.Errorf("calculating expected dns ip for slirp4netns: %w", err)
 	}
 	return expectedDNSIP, nil
 }
@@ -465,7 +465,7 @@ func waitForSync(syncR *os.File, cmd *exec.Cmd, logFile io.ReadSeeker, timeout t
 	b := make([]byte, 16)
 	for {
 		if err := syncR.SetDeadline(time.Now().Add(timeout)); err != nil {
-			return fmt.Errorf("error setting %s pipe timeout: %w", prog, err)
+			return fmt.Errorf("setting %s pipe timeout: %w", prog, err)
 		}
 		// FIXME: return err as soon as proc exits, without waiting for timeout
 		if _, err := syncR.Read(b); err == nil {
@@ -676,7 +676,7 @@ func openSlirp4netnsPort(apiSocket, proto, hostip string, hostport, guestport ui
 	// successful.
 	var y map[string]interface{}
 	if err := json.Unmarshal(buf[0:readLength], &y); err != nil {
-		return fmt.Errorf("error parsing error status from slirp4netns: %w", err)
+		return fmt.Errorf("parsing error status from slirp4netns: %w", err)
 	}
 	if e, found := y["error"]; found {
 		return fmt.Errorf("from slirp4netns while setting up port redirection: %v", e)
diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go
new file mode 100644
index 000000000..e5a6d1456
--- /dev/null
+++ b/libpod/networking_unsupported.go
@@ -0,0 +1,91 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package libpod
+
+import (
+	"errors"
+	"net"
+	"path/filepath"
+
+	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/storage/pkg/lockfile"
+)
+
+type RootlessNetNS struct {
+	dir  string
+	Lock lockfile.Locker
+}
+
+// ocicniPortsToNetTypesPorts convert the old port format to the new one
+// while deduplicating ports into ranges
+func ocicniPortsToNetTypesPorts(ports []types.OCICNIPortMapping) []types.PortMapping {
+	return []types.PortMapping{}
+}
+
+func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) {
+	return nil, errors.New("not implemented (*Container) getContainerNetworkInfo")
+}
+
+func (c *Container) setupRootlessNetwork() error {
+	return errors.New("not implemented (*Container) setupRootlessNetwork")
+}
+
+func (r *Runtime) setupNetNS(ctr *Container) error {
+	return errors.New("not implemented (*Runtime) setupNetNS")
+}
+
+// normalizeNetworkName takes a network name, a partial or a full network ID and returns the network name.
+// If the network is not found a errors is returned.
+func (r *Runtime) normalizeNetworkName(nameOrID string) (string, error) {
+	return "", errors.New("not implemented (*Runtime) normalizeNetworkName")
+}
+
+// DisconnectContainerFromNetwork removes a container from its CNI network
+func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error {
+	return errors.New("not implemented (*Runtime) DisconnectContainerFromNetwork")
+}
+
+// ConnectContainerToNetwork connects a container to a CNI network
+func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
+	return errors.New("not implemented (*Runtime) ConnectContainerToNetwork")
+}
+
+// getPath will join the given path to the rootless netns dir
+func (r *RootlessNetNS) getPath(path string) string {
+	return filepath.Join(r.dir, path)
+}
+
+// Do - run the given function in the rootless netns.
+// It does not lock the rootlessCNI lock, the caller
+// should only lock when needed, e.g. for cni operations.
+func (r *RootlessNetNS) Do(toRun func() error) error {
+	return errors.New("not implemented (*RootlessNetNS) Do")
+}
+
+// Cleanup the rootless network namespace if needed.
+// It checks if we have running containers with the bridge network mode.
+// Cleanup() expects that r.Lock is locked
+func (r *RootlessNetNS) Cleanup(runtime *Runtime) error {
+	return errors.New("not implemented (*RootlessNetNS) Cleanup")
+}
+
+// GetRootlessNetNs returns the rootless netns object. If create is set to true
+// the rootless network namespace will be created if it does not exists already.
+// If called as root it returns always nil.
+// On success the returned RootlessCNI lock is locked and must be unlocked by the caller.
+func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
+	return nil, errors.New("not implemented (*Runtime) GetRootlessNetNs")
+}
+
+// convertPortMappings will remove the HostIP part from the ports when running inside podman machine.
+// This is need because a HostIP of 127.0.0.1 would now allow the gvproxy forwarder to reach to open ports.
+// For machine the HostIP must only be used by gvproxy and never in the VM.
+func (c *Container) convertPortMappings() []types.PortMapping {
+	return []types.PortMapping{}
+}
+
+func GetSlirp4netnsIP(subnet *net.IPNet) (*net.IP, error) {
+	return nil, errors.New("not implemented GetSlirp4netnsIP")
+}
diff --git a/libpod/oci.go b/libpod/oci.go
index 70053db1b..e5b9a0dcd 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/containers/common/pkg/resize"
 	"github.com/containers/podman/v4/libpod/define"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // OCIRuntime is an implementation of an OCI runtime.
@@ -148,6 +149,9 @@ type OCIRuntime interface {
 
 	// RuntimeInfo returns verbose information about the runtime.
 	RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error)
+
+	// UpdateContainer updates the given container's cgroup configuration.
+	UpdateContainer(ctr *Container, res *specs.LinuxResources) error
 }
 
 // AttachOptions are options used when attached to a container or an exec
diff --git a/libpod/oci_conmon_attach_common.go b/libpod/oci_conmon_attach_common.go
new file mode 100644
index 000000000..dec749837
--- /dev/null
+++ b/libpod/oci_conmon_attach_common.go
@@ -0,0 +1,305 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package libpod
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/resize"
+	"github.com/containers/common/pkg/util"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/errorhandling"
+	"github.com/moby/term"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+/* Sync with stdpipe_t in conmon.c */
+const (
+	AttachPipeStdin  = 1
+	AttachPipeStdout = 2
+	AttachPipeStderr = 3
+)
+
+// Attach to the given container.
+// Does not check if state is appropriate.
+// started is only required if startContainer is true.
+func (r *ConmonOCIRuntime) Attach(c *Container, params *AttachOptions) error {
+	passthrough := c.LogDriver() == define.PassthroughLogging
+
+	if params == nil || params.Streams == nil {
+		return fmt.Errorf("must provide parameters to Attach: %w", define.ErrInternal)
+	}
+
+	if !params.Streams.AttachOutput && !params.Streams.AttachError && !params.Streams.AttachInput && !passthrough {
+		return fmt.Errorf("must provide at least one stream to attach to: %w", define.ErrInvalidArg)
+	}
+	if params.Start && params.Started == nil {
+		return fmt.Errorf("started chan not passed when startContainer set: %w", define.ErrInternal)
+	}
+
+	keys := config.DefaultDetachKeys
+	if params.DetachKeys != nil {
+		keys = *params.DetachKeys
+	}
+
+	detachKeys, err := processDetachKeys(keys)
+	if err != nil {
+		return err
+	}
+
+	var conn *net.UnixConn
+	if !passthrough {
+		logrus.Debugf("Attaching to container %s", c.ID())
+
+		// If we have a resize, do it.
+		if params.InitialSize != nil {
+			if err := r.AttachResize(c, *params.InitialSize); err != nil {
+				return err
+			}
+		}
+
+		attachSock, err := c.AttachSocketPath()
+		if err != nil {
+			return err
+		}
+
+		conn, err = openUnixSocket(attachSock)
+		if err != nil {
+			return fmt.Errorf("failed to connect to container's attach socket: %v: %w", attachSock, err)
+		}
+		defer func() {
+			if err := conn.Close(); err != nil {
+				logrus.Errorf("unable to close socket: %q", err)
+			}
+		}()
+	}
+
+	// If starting was requested, start the container and notify when that's
+	// done.
+	if params.Start {
+		if err := c.start(); err != nil {
+			return err
+		}
+		params.Started <- true
+	}
+
+	if passthrough {
+		return nil
+	}
+
+	receiveStdoutError, stdinDone := setupStdioChannels(params.Streams, conn, detachKeys)
+	if params.AttachReady != nil {
+		params.AttachReady <- true
+	}
+	return readStdio(conn, params.Streams, receiveStdoutError, stdinDone)
+}
+
+// Attach to the given container's exec session
+// attachFd and startFd must be open file descriptors
+// attachFd must be the output side of the fd. attachFd is used for two things:
+//  conmon will first send a nonce value across the pipe indicating it has set up its side of the console socket
+//    this ensures attachToExec gets all of the output of the called process
+//  conmon will then send the exit code of the exec process, or an error in the exec session
+// startFd must be the input side of the fd.
+// newSize resizes the tty to this size before the process is started, must be nil if the exec session has no tty
+//   conmon will wait to start the exec session until the parent process has set up the console socket.
+//   Once attachToExec successfully attaches to the console socket, the child conmon process responsible for calling runtime exec
+//     will read from the output side of start fd, thus learning to start the child process.
+// Thus, the order goes as follow:
+// 1. conmon parent process sets up its console socket. sends on attachFd
+// 2. attachToExec attaches to the console socket after reading on attachFd and resizes the tty
+// 3. child waits on startFd for attachToExec to attach to said console socket
+// 4. attachToExec sends on startFd, signalling it has attached to the socket and child is ready to go
+// 5. child receives on startFd, runs the runtime exec command
+// attachToExec is responsible for closing startFd and attachFd
+func (c *Container) attachToExec(streams *define.AttachStreams, keys *string, sessionID string, startFd, attachFd *os.File, newSize *resize.TerminalSize) error {
+	if !streams.AttachOutput && !streams.AttachError && !streams.AttachInput {
+		return fmt.Errorf("must provide at least one stream to attach to: %w", define.ErrInvalidArg)
+	}
+	if startFd == nil || attachFd == nil {
+		return fmt.Errorf("start sync pipe and attach sync pipe must be defined for exec attach: %w", define.ErrInvalidArg)
+	}
+
+	defer errorhandling.CloseQuiet(startFd)
+	defer errorhandling.CloseQuiet(attachFd)
+
+	detachString := config.DefaultDetachKeys
+	if keys != nil {
+		detachString = *keys
+	}
+	detachKeys, err := processDetachKeys(detachString)
+	if err != nil {
+		return err
+	}
+
+	logrus.Debugf("Attaching to container %s exec session %s", c.ID(), sessionID)
+
+	// set up the socket path, such that it is the correct length and location for exec
+	sockPath, err := c.execAttachSocketPath(sessionID)
+	if err != nil {
+		return err
+	}
+
+	// 2: read from attachFd that the parent process has set up the console socket
+	if _, err := readConmonPipeData(c.ociRuntime.Name(), attachFd, ""); err != nil {
+		return err
+	}
+
+	// resize before we start the container process
+	if newSize != nil {
+		err = c.ociRuntime.ExecAttachResize(c, sessionID, *newSize)
+		if err != nil {
+			logrus.Warnf("Resize failed: %v", err)
+		}
+	}
+
+	// 2: then attach
+	conn, err := openUnixSocket(sockPath)
+	if err != nil {
+		return fmt.Errorf("failed to connect to container's attach socket: %v: %w", sockPath, err)
+	}
+	defer func() {
+		if err := conn.Close(); err != nil {
+			logrus.Errorf("Unable to close socket: %q", err)
+		}
+	}()
+
+	// start listening on stdio of the process
+	receiveStdoutError, stdinDone := setupStdioChannels(streams, conn, detachKeys)
+
+	// 4: send start message to child
+	if err := writeConmonPipeData(startFd); err != nil {
+		return err
+	}
+
+	return readStdio(conn, streams, receiveStdoutError, stdinDone)
+}
+
+func processDetachKeys(keys string) ([]byte, error) {
+	// Check the validity of the provided keys first
+	if len(keys) == 0 {
+		return []byte{}, nil
+	}
+	detachKeys, err := term.ToBytes(keys)
+	if err != nil {
+		return nil, fmt.Errorf("invalid detach keys: %w", err)
+	}
+	return detachKeys, nil
+}
+
+func registerResizeFunc(r <-chan resize.TerminalSize, bundlePath string) {
+	resize.HandleResizing(r, func(size resize.TerminalSize) {
+		controlPath := filepath.Join(bundlePath, "ctl")
+		controlFile, err := os.OpenFile(controlPath, unix.O_WRONLY, 0)
+		if err != nil {
+			logrus.Debugf("Could not open ctl file: %v", err)
+			return
+		}
+		defer controlFile.Close()
+
+		logrus.Debugf("Received a resize event: %+v", size)
+		if _, err = fmt.Fprintf(controlFile, "%d %d %d\n", 1, size.Height, size.Width); err != nil {
+			logrus.Warnf("Failed to write to control file to resize terminal: %v", err)
+		}
+	})
+}
+
+func setupStdioChannels(streams *define.AttachStreams, conn *net.UnixConn, detachKeys []byte) (chan error, chan error) {
+	receiveStdoutError := make(chan error)
+	go func() {
+		receiveStdoutError <- redirectResponseToOutputStreams(streams.OutputStream, streams.ErrorStream, streams.AttachOutput, streams.AttachError, conn)
+	}()
+
+	stdinDone := make(chan error)
+	go func() {
+		var err error
+		if streams.AttachInput {
+			_, err = util.CopyDetachable(conn, streams.InputStream, detachKeys)
+		}
+		stdinDone <- err
+	}()
+
+	return receiveStdoutError, stdinDone
+}
+
+func redirectResponseToOutputStreams(outputStream, errorStream io.Writer, writeOutput, writeError bool, conn io.Reader) error {
+	var err error
+	buf := make([]byte, 8192+1) /* Sync with conmon STDIO_BUF_SIZE */
+	for {
+		nr, er := conn.Read(buf)
+		if nr > 0 {
+			var dst io.Writer
+			var doWrite bool
+			switch buf[0] {
+			case AttachPipeStdout:
+				dst = outputStream
+				doWrite = writeOutput
+			case AttachPipeStderr:
+				dst = errorStream
+				doWrite = writeError
+			default:
+				logrus.Infof("Received unexpected attach type %+d", buf[0])
+			}
+			if dst == nil {
+				return errors.New("output destination cannot be nil")
+			}
+
+			if doWrite {
+				nw, ew := dst.Write(buf[1:nr])
+				if ew != nil {
+					err = ew
+					break
+				}
+				if nr != nw+1 {
+					err = io.ErrShortWrite
+					break
+				}
+			}
+		}
+		if errors.Is(er, io.EOF) || errors.Is(er, syscall.ECONNRESET) {
+			break
+		}
+		if er != nil {
+			err = er
+			break
+		}
+	}
+	return err
+}
+
+func readStdio(conn *net.UnixConn, streams *define.AttachStreams, receiveStdoutError, stdinDone chan error) error {
+	var err error
+	select {
+	case err = <-receiveStdoutError:
+		if err := socketCloseWrite(conn); err != nil {
+			logrus.Errorf("Failed to close stdin: %v", err)
+		}
+		return err
+	case err = <-stdinDone:
+		if err == define.ErrDetach {
+			if err := socketCloseWrite(conn); err != nil {
+				logrus.Errorf("Failed to close stdin: %v", err)
+			}
+			return err
+		}
+		if err == nil {
+			// copy stdin is done, close it
+			if connErr := socketCloseWrite(conn); connErr != nil {
+				logrus.Errorf("Unable to close conn: %v", connErr)
+			}
+		}
+		if streams.AttachOutput || streams.AttachError {
+			return <-receiveStdoutError
+		}
+	}
+	return nil
+}
diff --git a/libpod/oci_conmon_attach_freebsd.go b/libpod/oci_conmon_attach_freebsd.go
new file mode 100644
index 000000000..de0054381
--- /dev/null
+++ b/libpod/oci_conmon_attach_freebsd.go
@@ -0,0 +1,21 @@
+package libpod
+
+import (
+	"net"
+	"os"
+	"path/filepath"
+)
+
+func openUnixSocket(path string) (*net.UnixConn, error) {
+	// socket paths can be too long to fit into a sockaddr_un so we create a shorter symlink.
+	tmpdir, err := os.MkdirTemp("", "podman")
+	if err != nil {
+		return nil, err
+	}
+	defer os.RemoveAll(tmpdir)
+	tmpsockpath := filepath.Join(tmpdir, "sock")
+	if err := os.Symlink(path, tmpsockpath); err != nil {
+		return nil, err
+	}
+	return net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: tmpsockpath, Net: "unixpacket"})
+}
diff --git a/libpod/oci_conmon_attach_linux.go b/libpod/oci_conmon_attach_linux.go
index aa55aa6f5..f1aa89d3e 100644
--- a/libpod/oci_conmon_attach_linux.go
+++ b/libpod/oci_conmon_attach_linux.go
@@ -1,34 +1,12 @@
-//go:build linux
-// +build linux
-
 package libpod
 
 import (
-	"errors"
 	"fmt"
-	"io"
 	"net"
-	"os"
-	"path/filepath"
-	"syscall"
 
-	"github.com/containers/common/pkg/config"
-	"github.com/containers/common/pkg/resize"
-	"github.com/containers/common/pkg/util"
-	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/pkg/errorhandling"
-	"github.com/moby/term"
-	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
-/* Sync with stdpipe_t in conmon.c */
-const (
-	AttachPipeStdin  = 1
-	AttachPipeStdout = 2
-	AttachPipeStderr = 3
-)
-
 func openUnixSocket(path string) (*net.UnixConn, error) {
 	fd, err := unix.Open(path, unix.O_PATH, 0)
 	if err != nil {
@@ -37,278 +15,3 @@ func openUnixSocket(path string) (*net.UnixConn, error) {
 	defer unix.Close(fd)
 	return net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: fmt.Sprintf("/proc/self/fd/%d", fd), Net: "unixpacket"})
 }
-
-// Attach to the given container.
-// Does not check if state is appropriate.
-// started is only required if startContainer is true.
-func (r *ConmonOCIRuntime) Attach(c *Container, params *AttachOptions) error {
-	passthrough := c.LogDriver() == define.PassthroughLogging
-
-	if params == nil || params.Streams == nil {
-		return fmt.Errorf("must provide parameters to Attach: %w", define.ErrInternal)
-	}
-
-	if !params.Streams.AttachOutput && !params.Streams.AttachError && !params.Streams.AttachInput && !passthrough {
-		return fmt.Errorf("must provide at least one stream to attach to: %w", define.ErrInvalidArg)
-	}
-	if params.Start && params.Started == nil {
-		return fmt.Errorf("started chan not passed when startContainer set: %w", define.ErrInternal)
-	}
-
-	keys := config.DefaultDetachKeys
-	if params.DetachKeys != nil {
-		keys = *params.DetachKeys
-	}
-
-	detachKeys, err := processDetachKeys(keys)
-	if err != nil {
-		return err
-	}
-
-	var conn *net.UnixConn
-	if !passthrough {
-		logrus.Debugf("Attaching to container %s", c.ID())
-
-		// If we have a resize, do it.
-		if params.InitialSize != nil {
-			if err := r.AttachResize(c, *params.InitialSize); err != nil {
-				return err
-			}
-		}
-
-		attachSock, err := c.AttachSocketPath()
-		if err != nil {
-			return err
-		}
-
-		conn, err = openUnixSocket(attachSock)
-		if err != nil {
-			return fmt.Errorf("failed to connect to container's attach socket: %v: %w", attachSock, err)
-		}
-		defer func() {
-			if err := conn.Close(); err != nil {
-				logrus.Errorf("unable to close socket: %q", err)
-			}
-		}()
-	}
-
-	// If starting was requested, start the container and notify when that's
-	// done.
-	if params.Start {
-		if err := c.start(); err != nil {
-			return err
-		}
-		params.Started <- true
-	}
-
-	if passthrough {
-		return nil
-	}
-
-	receiveStdoutError, stdinDone := setupStdioChannels(params.Streams, conn, detachKeys)
-	if params.AttachReady != nil {
-		params.AttachReady <- true
-	}
-	return readStdio(conn, params.Streams, receiveStdoutError, stdinDone)
-}
-
-// Attach to the given container's exec session
-// attachFd and startFd must be open file descriptors
-// attachFd must be the output side of the fd. attachFd is used for two things:
-//  conmon will first send a nonce value across the pipe indicating it has set up its side of the console socket
-//    this ensures attachToExec gets all of the output of the called process
-//  conmon will then send the exit code of the exec process, or an error in the exec session
-// startFd must be the input side of the fd.
-// newSize resizes the tty to this size before the process is started, must be nil if the exec session has no tty
-//   conmon will wait to start the exec session until the parent process has set up the console socket.
-//   Once attachToExec successfully attaches to the console socket, the child conmon process responsible for calling runtime exec
-//     will read from the output side of start fd, thus learning to start the child process.
-// Thus, the order goes as follow:
-// 1. conmon parent process sets up its console socket. sends on attachFd
-// 2. attachToExec attaches to the console socket after reading on attachFd and resizes the tty
-// 3. child waits on startFd for attachToExec to attach to said console socket
-// 4. attachToExec sends on startFd, signalling it has attached to the socket and child is ready to go
-// 5. child receives on startFd, runs the runtime exec command
-// attachToExec is responsible for closing startFd and attachFd
-func (c *Container) attachToExec(streams *define.AttachStreams, keys *string, sessionID string, startFd, attachFd *os.File, newSize *resize.TerminalSize) error {
-	if !streams.AttachOutput && !streams.AttachError && !streams.AttachInput {
-		return fmt.Errorf("must provide at least one stream to attach to: %w", define.ErrInvalidArg)
-	}
-	if startFd == nil || attachFd == nil {
-		return fmt.Errorf("start sync pipe and attach sync pipe must be defined for exec attach: %w", define.ErrInvalidArg)
-	}
-
-	defer errorhandling.CloseQuiet(startFd)
-	defer errorhandling.CloseQuiet(attachFd)
-
-	detachString := config.DefaultDetachKeys
-	if keys != nil {
-		detachString = *keys
-	}
-	detachKeys, err := processDetachKeys(detachString)
-	if err != nil {
-		return err
-	}
-
-	logrus.Debugf("Attaching to container %s exec session %s", c.ID(), sessionID)
-
-	// set up the socket path, such that it is the correct length and location for exec
-	sockPath, err := c.execAttachSocketPath(sessionID)
-	if err != nil {
-		return err
-	}
-
-	// 2: read from attachFd that the parent process has set up the console socket
-	if _, err := readConmonPipeData(c.ociRuntime.Name(), attachFd, ""); err != nil {
-		return err
-	}
-
-	// resize before we start the container process
-	if newSize != nil {
-		err = c.ociRuntime.ExecAttachResize(c, sessionID, *newSize)
-		if err != nil {
-			logrus.Warnf("Resize failed: %v", err)
-		}
-	}
-
-	// 2: then attach
-	conn, err := openUnixSocket(sockPath)
-	if err != nil {
-		return fmt.Errorf("failed to connect to container's attach socket: %v: %w", sockPath, err)
-	}
-	defer func() {
-		if err := conn.Close(); err != nil {
-			logrus.Errorf("Unable to close socket: %q", err)
-		}
-	}()
-
-	// start listening on stdio of the process
-	receiveStdoutError, stdinDone := setupStdioChannels(streams, conn, detachKeys)
-
-	// 4: send start message to child
-	if err := writeConmonPipeData(startFd); err != nil {
-		return err
-	}
-
-	return readStdio(conn, streams, receiveStdoutError, stdinDone)
-}
-
-func processDetachKeys(keys string) ([]byte, error) {
-	// Check the validity of the provided keys first
-	if len(keys) == 0 {
-		return []byte{}, nil
-	}
-	detachKeys, err := term.ToBytes(keys)
-	if err != nil {
-		return nil, fmt.Errorf("invalid detach keys: %w", err)
-	}
-	return detachKeys, nil
-}
-
-func registerResizeFunc(r <-chan resize.TerminalSize, bundlePath string) {
-	resize.HandleResizing(r, func(size resize.TerminalSize) {
-		controlPath := filepath.Join(bundlePath, "ctl")
-		controlFile, err := os.OpenFile(controlPath, unix.O_WRONLY, 0)
-		if err != nil {
-			logrus.Debugf("Could not open ctl file: %v", err)
-			return
-		}
-		defer controlFile.Close()
-
-		logrus.Debugf("Received a resize event: %+v", size)
-		if _, err = fmt.Fprintf(controlFile, "%d %d %d\n", 1, size.Height, size.Width); err != nil {
-			logrus.Warnf("Failed to write to control file to resize terminal: %v", err)
-		}
-	})
-}
-
-func setupStdioChannels(streams *define.AttachStreams, conn *net.UnixConn, detachKeys []byte) (chan error, chan error) {
-	receiveStdoutError := make(chan error)
-	go func() {
-		receiveStdoutError <- redirectResponseToOutputStreams(streams.OutputStream, streams.ErrorStream, streams.AttachOutput, streams.AttachError, conn)
-	}()
-
-	stdinDone := make(chan error)
-	go func() {
-		var err error
-		if streams.AttachInput {
-			_, err = util.CopyDetachable(conn, streams.InputStream, detachKeys)
-		}
-		stdinDone <- err
-	}()
-
-	return receiveStdoutError, stdinDone
-}
-
-func redirectResponseToOutputStreams(outputStream, errorStream io.Writer, writeOutput, writeError bool, conn io.Reader) error {
-	var err error
-	buf := make([]byte, 8192+1) /* Sync with conmon STDIO_BUF_SIZE */
-	for {
-		nr, er := conn.Read(buf)
-		if nr > 0 {
-			var dst io.Writer
-			var doWrite bool
-			switch buf[0] {
-			case AttachPipeStdout:
-				dst = outputStream
-				doWrite = writeOutput
-			case AttachPipeStderr:
-				dst = errorStream
-				doWrite = writeError
-			default:
-				logrus.Infof("Received unexpected attach type %+d", buf[0])
-			}
-			if dst == nil {
-				return errors.New("output destination cannot be nil")
-			}
-
-			if doWrite {
-				nw, ew := dst.Write(buf[1:nr])
-				if ew != nil {
-					err = ew
-					break
-				}
-				if nr != nw+1 {
-					err = io.ErrShortWrite
-					break
-				}
-			}
-		}
-		if errors.Is(er, io.EOF) || errors.Is(er, syscall.ECONNRESET) {
-			break
-		}
-		if er != nil {
-			err = er
-			break
-		}
-	}
-	return err
-}
-
-func readStdio(conn *net.UnixConn, streams *define.AttachStreams, receiveStdoutError, stdinDone chan error) error {
-	var err error
-	select {
-	case err = <-receiveStdoutError:
-		if err := conn.CloseWrite(); err != nil {
-			logrus.Errorf("Failed to close stdin: %v", err)
-		}
-		return err
-	case err = <-stdinDone:
-		if err == define.ErrDetach {
-			if err := conn.CloseWrite(); err != nil {
-				logrus.Errorf("Failed to close stdin: %v", err)
-			}
-			return err
-		}
-		if err == nil {
-			// copy stdin is done, close it
-			if connErr := conn.CloseWrite(); connErr != nil {
-				logrus.Errorf("Unable to close conn: %v", connErr)
-			}
-		}
-		if streams.AttachOutput || streams.AttachError {
-			return <-receiveStdoutError
-		}
-	}
-	return nil
-}
diff --git a/libpod/oci_conmon_common.go b/libpod/oci_conmon_common.go
new file mode 100644
index 000000000..53dddd064
--- /dev/null
+++ b/libpod/oci_conmon_common.go
@@ -0,0 +1,1650 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package libpod
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"text/template"
+	"time"
+
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/resize"
+	cutil "github.com/containers/common/pkg/util"
+	conmonConfig "github.com/containers/conmon/runner/config"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/libpod/logs"
+	"github.com/containers/podman/v4/pkg/checkpoint/crutils"
+	"github.com/containers/podman/v4/pkg/errorhandling"
+	"github.com/containers/podman/v4/pkg/rootless"
+	"github.com/containers/podman/v4/pkg/specgenutil"
+	"github.com/containers/podman/v4/pkg/util"
+	"github.com/containers/podman/v4/utils"
+	"github.com/containers/storage/pkg/homedir"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	// This is Conmon's STDIO_BUF_SIZE. I don't believe we have access to it
+	// directly from the Go code, so const it here
+	// Important: The conmon attach socket uses an extra byte at the beginning of each
+	// message to specify the STREAM so we have to increase the buffer size by one
+	bufferSize = conmonConfig.BufSize + 1
+)
+
+// ConmonOCIRuntime is an OCI runtime managed by Conmon.
+// TODO: Make all calls to OCI runtime have a timeout.
+type ConmonOCIRuntime struct {
+	name              string
+	path              string
+	conmonPath        string
+	conmonEnv         []string
+	tmpDir            string
+	exitsDir          string
+	logSizeMax        int64
+	noPivot           bool
+	reservePorts      bool
+	runtimeFlags      []string
+	supportsJSON      bool
+	supportsKVM       bool
+	supportsNoCgroups bool
+	enableKeyring     bool
+}
+
+// Make a new Conmon-based OCI runtime with the given options.
+// Conmon will wrap the given OCI runtime, which can be `runc`, `crun`, or
+// any runtime with a runc-compatible CLI.
+// The first path that points to a valid executable will be used.
+// Deliberately private. Someone should not be able to construct this outside of
+// libpod.
+func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeFlags []string, runtimeCfg *config.Config) (OCIRuntime, error) {
+	if name == "" {
+		return nil, fmt.Errorf("the OCI runtime must be provided a non-empty name: %w", define.ErrInvalidArg)
+	}
+
+	// Make lookup tables for runtime support
+	supportsJSON := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsJSON))
+	supportsNoCgroups := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsNoCgroups))
+	supportsKVM := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsKVM))
+	for _, r := range runtimeCfg.Engine.RuntimeSupportsJSON {
+		supportsJSON[r] = true
+	}
+	for _, r := range runtimeCfg.Engine.RuntimeSupportsNoCgroups {
+		supportsNoCgroups[r] = true
+	}
+	for _, r := range runtimeCfg.Engine.RuntimeSupportsKVM {
+		supportsKVM[r] = true
+	}
+
+	runtime := new(ConmonOCIRuntime)
+	runtime.name = name
+	runtime.conmonPath = conmonPath
+	runtime.runtimeFlags = runtimeFlags
+
+	runtime.conmonEnv = runtimeCfg.Engine.ConmonEnvVars
+	runtime.tmpDir = runtimeCfg.Engine.TmpDir
+	runtime.logSizeMax = runtimeCfg.Containers.LogSizeMax
+	runtime.noPivot = runtimeCfg.Engine.NoPivotRoot
+	runtime.reservePorts = runtimeCfg.Engine.EnablePortReservation
+	runtime.enableKeyring = runtimeCfg.Containers.EnableKeyring
+
+	// TODO: probe OCI runtime for feature and enable automatically if
+	// available.
+
+	base := filepath.Base(name)
+	runtime.supportsJSON = supportsJSON[base]
+	runtime.supportsNoCgroups = supportsNoCgroups[base]
+	runtime.supportsKVM = supportsKVM[base]
+
+	foundPath := false
+	for _, path := range paths {
+		stat, err := os.Stat(path)
+		if err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, fmt.Errorf("cannot stat OCI runtime %s path: %w", name, err)
+		}
+		if !stat.Mode().IsRegular() {
+			continue
+		}
+		foundPath = true
+		logrus.Tracef("found runtime %q", path)
+		runtime.path = path
+		break
+	}
+
+	// Search the $PATH as last fallback
+	if !foundPath {
+		if foundRuntime, err := exec.LookPath(name); err == nil {
+			foundPath = true
+			runtime.path = foundRuntime
+			logrus.Debugf("using runtime %q from $PATH: %q", name, foundRuntime)
+		}
+	}
+
+	if !foundPath {
+		return nil, fmt.Errorf("no valid executable found for OCI runtime %s: %w", name, define.ErrInvalidArg)
+	}
+
+	runtime.exitsDir = filepath.Join(runtime.tmpDir, "exits")
+
+	// Create the exit files and attach sockets directories
+	if err := os.MkdirAll(runtime.exitsDir, 0750); err != nil {
+		// The directory is allowed to exist
+		if !os.IsExist(err) {
+			return nil, fmt.Errorf("creating OCI runtime exit files directory: %w", err)
+		}
+	}
+	return runtime, nil
+}
+
+// Name returns the name of the runtime being wrapped by Conmon.
+func (r *ConmonOCIRuntime) Name() string {
+	return r.name
+}
+
+// Path returns the path of the OCI runtime being wrapped by Conmon.
+func (r *ConmonOCIRuntime) Path() string {
+	return r.path
+}
+
+// hasCurrentUserMapped checks whether the current user is mapped inside the container user namespace
+func hasCurrentUserMapped(ctr *Container) bool {
+	if len(ctr.config.IDMappings.UIDMap) == 0 && len(ctr.config.IDMappings.GIDMap) == 0 {
+		return true
+	}
+	uid := os.Geteuid()
+	for _, m := range ctr.config.IDMappings.UIDMap {
+		if uid >= m.HostID && uid < m.HostID+m.Size {
+			return true
+		}
+	}
+	return false
+}
+
+// CreateContainer creates a container.
+func (r *ConmonOCIRuntime) CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error) {
+	// always make the run dir accessible to the current user so that the PID files can be read without
+	// being in the rootless user namespace.
+	if err := makeAccessible(ctr.state.RunDir, 0, 0); err != nil {
+		return 0, err
+	}
+	if !hasCurrentUserMapped(ctr) {
+		for _, i := range []string{ctr.state.RunDir, ctr.runtime.config.Engine.TmpDir, ctr.config.StaticDir, ctr.state.Mountpoint, ctr.runtime.config.Engine.VolumePath} {
+			if err := makeAccessible(i, ctr.RootUID(), ctr.RootGID()); err != nil {
+				return 0, err
+			}
+		}
+
+		// if we are running a non privileged container, be sure to umount some kernel paths so they are not
+		// bind mounted inside the container at all.
+		if !ctr.config.Privileged && !rootless.IsRootless() {
+			return r.createRootlessContainer(ctr, restoreOptions)
+		}
+	}
+	return r.createOCIContainer(ctr, restoreOptions)
+}
+
+// UpdateContainerStatus retrieves the current status of the container from the
+// runtime. It updates the container's state but does not save it.
+// If useRuntime is false, we will not directly hit runc to see the container's
+// status, but will instead only check for the existence of the conmon exit file
+// and update state to stopped if it exists.
+func (r *ConmonOCIRuntime) UpdateContainerStatus(ctr *Container) error {
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
+	}
+
+	// Store old state so we know if we were already stopped
+	oldState := ctr.state.State
+
+	state := new(spec.State)
+
+	cmd := exec.Command(r.path, "state", ctr.ID())
+	cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
+
+	outPipe, err := cmd.StdoutPipe()
+	if err != nil {
+		return fmt.Errorf("getting stdout pipe: %w", err)
+	}
+	errPipe, err := cmd.StderrPipe()
+	if err != nil {
+		return fmt.Errorf("getting stderr pipe: %w", err)
+	}
+
+	if err := cmd.Start(); err != nil {
+		out, err2 := ioutil.ReadAll(errPipe)
+		if err2 != nil {
+			return fmt.Errorf("getting container %s state: %w", ctr.ID(), err)
+		}
+		if strings.Contains(string(out), "does not exist") || strings.Contains(string(out), "No such file") {
+			if err := ctr.removeConmonFiles(); err != nil {
+				logrus.Debugf("unable to remove conmon files for container %s", ctr.ID())
+			}
+			ctr.state.ExitCode = -1
+			ctr.state.FinishedTime = time.Now()
+			ctr.state.State = define.ContainerStateExited
+			return ctr.runtime.state.AddContainerExitCode(ctr.ID(), ctr.state.ExitCode)
+		}
+		return fmt.Errorf("getting container %s state. stderr/out: %s: %w", ctr.ID(), out, err)
+	}
+	defer func() {
+		_ = cmd.Wait()
+	}()
+
+	if err := errPipe.Close(); err != nil {
+		return err
+	}
+	out, err := ioutil.ReadAll(outPipe)
+	if err != nil {
+		return fmt.Errorf("reading stdout: %s: %w", ctr.ID(), err)
+	}
+	if err := json.NewDecoder(bytes.NewBuffer(out)).Decode(state); err != nil {
+		return fmt.Errorf("decoding container status for container %s: %w", ctr.ID(), err)
+	}
+	ctr.state.PID = state.Pid
+
+	switch state.Status {
+	case "created":
+		ctr.state.State = define.ContainerStateCreated
+	case "paused":
+		ctr.state.State = define.ContainerStatePaused
+	case "running":
+		ctr.state.State = define.ContainerStateRunning
+	case "stopped":
+		ctr.state.State = define.ContainerStateStopped
+	default:
+		return fmt.Errorf("unrecognized status returned by runtime for container %s: %s: %w",
+			ctr.ID(), state.Status, define.ErrInternal)
+	}
+
+	// Handle ContainerStateStopping - keep it unless the container
+	// transitioned to no longer running.
+	if oldState == define.ContainerStateStopping && (ctr.state.State == define.ContainerStatePaused || ctr.state.State == define.ContainerStateRunning) {
+		ctr.state.State = define.ContainerStateStopping
+	}
+
+	return nil
+}
+
+// StartContainer starts the given container.
+// Sets time the container was started, but does not save it.
+func (r *ConmonOCIRuntime) StartContainer(ctr *Container) error {
+	// TODO: streams should probably *not* be our STDIN/OUT/ERR - redirect to buffers?
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
+	}
+	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
+	if path, ok := os.LookupEnv("PATH"); ok {
+		env = append(env, fmt.Sprintf("PATH=%s", path))
+	}
+	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "start", ctr.ID())...); err != nil {
+		return err
+	}
+
+	ctr.state.StartedTime = time.Now()
+
+	return nil
+}
+
+// UpdateContainer updates the given container's cgroup configuration
+func (r *ConmonOCIRuntime) UpdateContainer(ctr *Container, resources *spec.LinuxResources) error {
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
+	}
+	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
+	if path, ok := os.LookupEnv("PATH"); ok {
+		env = append(env, fmt.Sprintf("PATH=%s", path))
+	}
+	args := r.runtimeFlags
+	args = append(args, "update")
+	tempFile, additionalArgs, err := generateResourceFile(resources)
+	if err != nil {
+		return err
+	}
+	defer os.Remove(tempFile)
+
+	args = append(args, additionalArgs...)
+	return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(args, ctr.ID())...)
+}
+
+func generateResourceFile(res *spec.LinuxResources) (string, []string, error) {
+	flags := []string{}
+	if res == nil {
+		return "", flags, nil
+	}
+
+	f, err := ioutil.TempFile("", "podman")
+	if err != nil {
+		return "", nil, err
+	}
+
+	j, err := json.Marshal(res)
+	if err != nil {
+		return "", nil, err
+	}
+	_, err = f.WriteString(string(j))
+	if err != nil {
+		return "", nil, err
+	}
+
+	flags = append(flags, "--resources="+f.Name())
+	return f.Name(), flags, nil
+}
+
+// KillContainer sends the given signal to the given container.
+// If all is set, send to all PIDs in the container.
+// All is only supported if the container created cgroups.
+func (r *ConmonOCIRuntime) KillContainer(ctr *Container, signal uint, all bool) error {
+	logrus.Debugf("Sending signal %d to container %s", signal, ctr.ID())
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
+	}
+	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
+	var args []string
+	args = append(args, r.runtimeFlags...)
+	if all {
+		args = append(args, "kill", "--all", ctr.ID(), fmt.Sprintf("%d", signal))
+	} else {
+		args = append(args, "kill", ctr.ID(), fmt.Sprintf("%d", signal))
+	}
+	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, args...); err != nil {
+		// Update container state - there's a chance we failed because
+		// the container exited in the meantime.
+		if err2 := r.UpdateContainerStatus(ctr); err2 != nil {
+			logrus.Infof("Error updating status for container %s: %v", ctr.ID(), err2)
+		}
+		if ctr.ensureState(define.ContainerStateStopped, define.ContainerStateExited) {
+			return define.ErrCtrStateInvalid
+		}
+		return fmt.Errorf("sending signal to container %s: %w", ctr.ID(), err)
+	}
+
+	return nil
+}
+
+// StopContainer stops a container, first using its given stop signal (or
+// SIGTERM if no signal was specified), then using SIGKILL.
+// Timeout is given in seconds. If timeout is 0, the container will be
+// immediately kill with SIGKILL.
+// Does not set finished time for container, assumes you will run updateStatus
+// after to pull the exit code.
+func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) error {
+	logrus.Debugf("Stopping container %s (PID %d)", ctr.ID(), ctr.state.PID)
+
+	// Ping the container to see if it's alive
+	// If it's not, it's already stopped, return
+	err := unix.Kill(ctr.state.PID, 0)
+	if err == unix.ESRCH {
+		return nil
+	}
+
+	stopSignal := ctr.config.StopSignal
+	if stopSignal == 0 {
+		stopSignal = uint(syscall.SIGTERM)
+	}
+
+	if timeout > 0 {
+		if err := r.KillContainer(ctr, stopSignal, all); err != nil {
+			// Is the container gone?
+			// If so, it probably died between the first check and
+			// our sending the signal
+			// The container is stopped, so exit cleanly
+			err := unix.Kill(ctr.state.PID, 0)
+			if err == unix.ESRCH {
+				return nil
+			}
+
+			return err
+		}
+
+		if err := waitContainerStop(ctr, time.Duration(timeout)*time.Second); err != nil {
+			logrus.Debugf("Timed out stopping container %s with %s, resorting to SIGKILL: %v", ctr.ID(), unix.SignalName(syscall.Signal(stopSignal)), err)
+			logrus.Warnf("StopSignal %s failed to stop container %s in %d seconds, resorting to SIGKILL", unix.SignalName(syscall.Signal(stopSignal)), ctr.Name(), timeout)
+		} else {
+			// No error, the container is dead
+			return nil
+		}
+	}
+
+	if err := r.KillContainer(ctr, uint(unix.SIGKILL), all); err != nil {
+		// Again, check if the container is gone. If it is, exit cleanly.
+		if aliveErr := unix.Kill(ctr.state.PID, 0); errors.Is(aliveErr, unix.ESRCH) {
+			return nil
+		}
+		return fmt.Errorf("sending SIGKILL to container %s: %w", ctr.ID(), err)
+	}
+
+	// Give runtime a few seconds to make it happen
+	if err := waitContainerStop(ctr, killContainerTimeout); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteContainer deletes a container from the OCI runtime.
+func (r *ConmonOCIRuntime) DeleteContainer(ctr *Container) error {
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
+	}
+	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
+	return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "delete", "--force", ctr.ID())...)
+}
+
+// PauseContainer pauses the given container.
+func (r *ConmonOCIRuntime) PauseContainer(ctr *Container) error {
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
+	}
+	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
+	return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "pause", ctr.ID())...)
+}
+
+// UnpauseContainer unpauses the given container.
+func (r *ConmonOCIRuntime) UnpauseContainer(ctr *Container) error {
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
+	}
+	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
+	return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "resume", ctr.ID())...)
+}
+
+// This filters out ENOTCONN errors which can happen on FreeBSD if the
+// other side of the connection is already closed.
+func socketCloseWrite(conn *net.UnixConn) error {
+	err := conn.CloseWrite()
+	if err != nil && errors.Is(err, syscall.ENOTCONN) {
+		return nil
+	}
+	return err
+}
+
+// HTTPAttach performs an attach for the HTTP API.
+// The caller must handle closing the HTTP connection after this returns.
+// The cancel channel is not closed; it is up to the caller to do so after
+// this function returns.
+// If this is a container with a terminal, we will stream raw. If it is not, we
+// will stream with an 8-byte header to multiplex STDOUT and STDERR.
+// Returns any errors that occurred, and whether the connection was successfully
+// hijacked before that error occurred.
+func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, streamAttach, streamLogs bool) (deferredErr error) {
+	isTerminal := false
+	if ctr.config.Spec.Process != nil {
+		isTerminal = ctr.config.Spec.Process.Terminal
+	}
+
+	if streams != nil {
+		if !streams.Stdin && !streams.Stdout && !streams.Stderr {
+			return fmt.Errorf("must specify at least one stream to attach to: %w", define.ErrInvalidArg)
+		}
+	}
+
+	attachSock, err := r.AttachSocketPath(ctr)
+	if err != nil {
+		return err
+	}
+
+	var conn *net.UnixConn
+	if streamAttach {
+		newConn, err := openUnixSocket(attachSock)
+		if err != nil {
+			return fmt.Errorf("failed to connect to container's attach socket: %v: %w", attachSock, err)
+		}
+		conn = newConn
+		defer func() {
+			if err := conn.Close(); err != nil {
+				logrus.Errorf("Unable to close container %s attach socket: %q", ctr.ID(), err)
+			}
+		}()
+
+		logrus.Debugf("Successfully connected to container %s attach socket %s", ctr.ID(), attachSock)
+	}
+
+	detachString := ctr.runtime.config.Engine.DetachKeys
+	if detachKeys != nil {
+		detachString = *detachKeys
+	}
+	detach, err := processDetachKeys(detachString)
+	if err != nil {
+		return err
+	}
+
+	attachStdout := true
+	attachStderr := true
+	attachStdin := true
+	if streams != nil {
+		attachStdout = streams.Stdout
+		attachStderr = streams.Stderr
+		attachStdin = streams.Stdin
+	}
+
+	logrus.Debugf("Going to hijack container %s attach connection", ctr.ID())
+
+	// Alright, let's hijack.
+	hijacker, ok := w.(http.Hijacker)
+	if !ok {
+		return fmt.Errorf("unable to hijack connection")
+	}
+
+	httpCon, httpBuf, err := hijacker.Hijack()
+	if err != nil {
+		return fmt.Errorf("hijacking connection: %w", err)
+	}
+
+	hijackDone <- true
+
+	writeHijackHeader(req, httpBuf)
+
+	// Force a flush after the header is written.
+	if err := httpBuf.Flush(); err != nil {
+		return fmt.Errorf("flushing HTTP hijack header: %w", err)
+	}
+
+	defer func() {
+		hijackWriteErrorAndClose(deferredErr, ctr.ID(), isTerminal, httpCon, httpBuf)
+	}()
+
+	logrus.Debugf("Hijack for container %s attach session done, ready to stream", ctr.ID())
+
+	// TODO: This is gross. Really, really gross.
+	// I want to say we should read all the logs into an array before
+	// calling this, in container_api.go, but that could take a lot of
+	// memory...
+	// On the whole, we need to figure out a better way of doing this,
+	// though.
+	logSize := 0
+	if streamLogs {
+		logrus.Debugf("Will stream logs for container %s attach session", ctr.ID())
+
+		// Get all logs for the container
+		logChan := make(chan *logs.LogLine)
+		logOpts := new(logs.LogOptions)
+		logOpts.Tail = -1
+		logOpts.WaitGroup = new(sync.WaitGroup)
+		errChan := make(chan error)
+		go func() {
+			var err error
+			// In non-terminal mode we need to prepend with the
+			// stream header.
+			logrus.Debugf("Writing logs for container %s to HTTP attach", ctr.ID())
+			for logLine := range logChan {
+				if !isTerminal {
+					device := logLine.Device
+					var header []byte
+					headerLen := uint32(len(logLine.Msg))
+					logSize += len(logLine.Msg)
+					switch strings.ToLower(device) {
+					case "stdin":
+						header = makeHTTPAttachHeader(0, headerLen)
+					case "stdout":
+						header = makeHTTPAttachHeader(1, headerLen)
+					case "stderr":
+						header = makeHTTPAttachHeader(2, headerLen)
+					default:
+						logrus.Errorf("Unknown device for log line: %s", device)
+						header = makeHTTPAttachHeader(1, headerLen)
+					}
+					_, err = httpBuf.Write(header)
+					if err != nil {
+						break
+					}
+				}
+				_, err = httpBuf.Write([]byte(logLine.Msg))
+				if err != nil {
+					break
+				}
+				if !logLine.Partial() {
+					_, err = httpBuf.Write([]byte("\n"))
+					if err != nil {
+						break
+					}
+				}
+				err = httpBuf.Flush()
+				if err != nil {
+					break
+				}
+			}
+			errChan <- err
+		}()
+		if err := ctr.ReadLog(context.Background(), logOpts, logChan, 0); err != nil {
+			return err
+		}
+		go func() {
+			logOpts.WaitGroup.Wait()
+			close(logChan)
+		}()
+		logrus.Debugf("Done reading logs for container %s, %d bytes", ctr.ID(), logSize)
+		if err := <-errChan; err != nil {
+			return err
+		}
+	}
+	if !streamAttach {
+		logrus.Debugf("Done streaming logs for container %s attach, exiting as attach streaming not requested", ctr.ID())
+		return nil
+	}
+
+	logrus.Debugf("Forwarding attach output for container %s", ctr.ID())
+
+	stdoutChan := make(chan error)
+	stdinChan := make(chan error)
+
+	// Handle STDOUT/STDERR
+	go func() {
+		var err error
+		if isTerminal {
+			// Hack: return immediately if attachStdout not set to
+			// emulate Docker.
+			// Basically, when terminal is set, STDERR goes nowhere.
+			// Everything does over STDOUT.
+			// Therefore, if not attaching STDOUT - we'll never copy
+			// anything from here.
+			logrus.Debugf("Performing terminal HTTP attach for container %s", ctr.ID())
+			if attachStdout {
+				err = httpAttachTerminalCopy(conn, httpBuf, ctr.ID())
+			}
+		} else {
+			logrus.Debugf("Performing non-terminal HTTP attach for container %s", ctr.ID())
+			err = httpAttachNonTerminalCopy(conn, httpBuf, ctr.ID(), attachStdin, attachStdout, attachStderr)
+		}
+		stdoutChan <- err
+		logrus.Debugf("STDOUT/ERR copy completed")
+	}()
+	// Next, STDIN. Avoid entirely if attachStdin unset.
+	if attachStdin {
+		go func() {
+			_, err := cutil.CopyDetachable(conn, httpBuf, detach)
+			logrus.Debugf("STDIN copy completed")
+			stdinChan <- err
+		}()
+	}
+
+	for {
+		select {
+		case err := <-stdoutChan:
+			if err != nil {
+				return err
+			}
+
+			return nil
+		case err := <-stdinChan:
+			if err != nil {
+				return err
+			}
+			// copy stdin is done, close it
+			if connErr := socketCloseWrite(conn); connErr != nil {
+				logrus.Errorf("Unable to close conn: %v", connErr)
+			}
+		case <-cancel:
+			return nil
+		}
+	}
+}
+
+// isRetryable returns whether the error was caused by a blocked syscall or the
+// specified operation on a non blocking file descriptor wasn't ready for completion.
+func isRetryable(err error) bool {
+	var errno syscall.Errno
+	if errors.As(err, &errno) {
+		return errno == syscall.EINTR || errno == syscall.EAGAIN
+	}
+	return false
+}
+
+// openControlFile opens the terminal control file.
+func openControlFile(ctr *Container, parentDir string) (*os.File, error) {
+	controlPath := filepath.Join(parentDir, "ctl")
+	for i := 0; i < 600; i++ {
+		controlFile, err := os.OpenFile(controlPath, unix.O_WRONLY|unix.O_NONBLOCK, 0)
+		if err == nil {
+			return controlFile, nil
+		}
+		if !isRetryable(err) {
+			return nil, fmt.Errorf("could not open ctl file for terminal resize for container %s: %w", ctr.ID(), err)
+		}
+		time.Sleep(time.Second / 10)
+	}
+	return nil, fmt.Errorf("timeout waiting for %q", controlPath)
+}
+
+// AttachResize resizes the terminal used by the given container.
+func (r *ConmonOCIRuntime) AttachResize(ctr *Container, newSize resize.TerminalSize) error {
+	controlFile, err := openControlFile(ctr, ctr.bundlePath())
+	if err != nil {
+		return err
+	}
+	defer controlFile.Close()
+
+	logrus.Debugf("Received a resize event for container %s: %+v", ctr.ID(), newSize)
+	if _, err = fmt.Fprintf(controlFile, "%d %d %d\n", 1, newSize.Height, newSize.Width); err != nil {
+		return fmt.Errorf("failed to write to ctl file to resize terminal: %w", err)
+	}
+
+	return nil
+}
+
+// CheckpointContainer checkpoints the given container.
+func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error) {
+	// imagePath is used by CRIU to store the actual checkpoint files
+	imagePath := ctr.CheckpointPath()
+	if options.PreCheckPoint {
+		imagePath = ctr.PreCheckPointPath()
+	}
+	// workPath will be used to store dump.log and stats-dump
+	workPath := ctr.bundlePath()
+	logrus.Debugf("Writing checkpoint to %s", imagePath)
+	logrus.Debugf("Writing checkpoint logs to %s", workPath)
+	logrus.Debugf("Pre-dump the container %t", options.PreCheckPoint)
+	args := []string{}
+	args = append(args, r.runtimeFlags...)
+	args = append(args, "checkpoint")
+	args = append(args, "--image-path")
+	args = append(args, imagePath)
+	args = append(args, "--work-path")
+	args = append(args, workPath)
+	if options.KeepRunning {
+		args = append(args, "--leave-running")
+	}
+	if options.TCPEstablished {
+		args = append(args, "--tcp-established")
+	}
+	if options.FileLocks {
+		args = append(args, "--file-locks")
+	}
+	if !options.PreCheckPoint && options.KeepRunning {
+		args = append(args, "--leave-running")
+	}
+	if options.PreCheckPoint {
+		args = append(args, "--pre-dump")
+	}
+	if !options.PreCheckPoint && options.WithPrevious {
+		args = append(
+			args,
+			"--parent-path",
+			filepath.Join("..", preCheckpointDir),
+		)
+	}
+
+	args = append(args, ctr.ID())
+	logrus.Debugf("the args to checkpoint: %s %s", r.path, strings.Join(args, " "))
+
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return 0, err
+	}
+	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
+	if path, ok := os.LookupEnv("PATH"); ok {
+		env = append(env, fmt.Sprintf("PATH=%s", path))
+	}
+
+	var runtimeCheckpointStarted time.Time
+	err = r.withContainerSocketLabel(ctr, func() error {
+		runtimeCheckpointStarted = time.Now()
+		return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, args...)
+	})
+
+	runtimeCheckpointDuration := func() int64 {
+		if options.PrintStats {
+			return time.Since(runtimeCheckpointStarted).Microseconds()
+		}
+		return 0
+	}()
+
+	return runtimeCheckpointDuration, err
+}
+
+func (r *ConmonOCIRuntime) CheckConmonRunning(ctr *Container) (bool, error) {
+	if ctr.state.ConmonPID == 0 {
+		// If the container is running or paused, assume Conmon is
+		// running. We didn't record Conmon PID on some old versions, so
+		// that is likely what's going on...
+		// Unusual enough that we should print a warning message though.
+		if ctr.ensureState(define.ContainerStateRunning, define.ContainerStatePaused) {
+			logrus.Warnf("Conmon PID is not set, but container is running!")
+			return true, nil
+		}
+		// Container's not running, so conmon PID being unset is
+		// expected. Conmon is not running.
+		return false, nil
+	}
+
+	// We have a conmon PID. Ping it with signal 0.
+	if err := unix.Kill(ctr.state.ConmonPID, 0); err != nil {
+		if err == unix.ESRCH {
+			return false, nil
+		}
+		return false, fmt.Errorf("pinging container %s conmon with signal 0: %w", ctr.ID(), err)
+	}
+	return true, nil
+}
+
+// SupportsCheckpoint checks if the OCI runtime supports checkpointing
+// containers.
+func (r *ConmonOCIRuntime) SupportsCheckpoint() bool {
+	return crutils.CRRuntimeSupportsCheckpointRestore(r.path)
+}
+
+// SupportsJSONErrors checks if the OCI runtime supports JSON-formatted error
+// messages.
+func (r *ConmonOCIRuntime) SupportsJSONErrors() bool {
+	return r.supportsJSON
+}
+
+// SupportsNoCgroups checks if the OCI runtime supports running containers
+// without cgroups (the --cgroup-manager=disabled flag).
+func (r *ConmonOCIRuntime) SupportsNoCgroups() bool {
+	return r.supportsNoCgroups
+}
+
+// SupportsKVM checks if the OCI runtime supports running containers
+// without KVM separation
+func (r *ConmonOCIRuntime) SupportsKVM() bool {
+	return r.supportsKVM
+}
+
+// AttachSocketPath is the path to a single container's attach socket.
+func (r *ConmonOCIRuntime) AttachSocketPath(ctr *Container) (string, error) {
+	if ctr == nil {
+		return "", fmt.Errorf("must provide a valid container to get attach socket path: %w", define.ErrInvalidArg)
+	}
+
+	return filepath.Join(ctr.bundlePath(), "attach"), nil
+}
+
+// ExitFilePath is the path to a container's exit file.
+func (r *ConmonOCIRuntime) ExitFilePath(ctr *Container) (string, error) {
+	if ctr == nil {
+		return "", fmt.Errorf("must provide a valid container to get exit file path: %w", define.ErrInvalidArg)
+	}
+	return filepath.Join(r.exitsDir, ctr.ID()), nil
+}
+
+// RuntimeInfo provides information on the runtime.
+func (r *ConmonOCIRuntime) RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error) {
+	runtimePackage := packageVersion(r.path)
+	conmonPackage := packageVersion(r.conmonPath)
+	runtimeVersion, err := r.getOCIRuntimeVersion()
+	if err != nil {
+		return nil, nil, fmt.Errorf("getting version of OCI runtime %s: %w", r.name, err)
+	}
+	conmonVersion, err := r.getConmonVersion()
+	if err != nil {
+		return nil, nil, fmt.Errorf("getting conmon version: %w", err)
+	}
+
+	conmon := define.ConmonInfo{
+		Package: conmonPackage,
+		Path:    r.conmonPath,
+		Version: conmonVersion,
+	}
+	ocirt := define.OCIRuntimeInfo{
+		Name:    r.name,
+		Path:    r.path,
+		Package: runtimePackage,
+		Version: runtimeVersion,
+	}
+	return &conmon, &ocirt, nil
+}
+
+// makeAccessible changes the path permission and each parent directory to have --x--x--x
+func makeAccessible(path string, uid, gid int) error {
+	for ; path != "/"; path = filepath.Dir(path) {
+		st, err := os.Stat(path)
+		if err != nil {
+			if os.IsNotExist(err) {
+				return nil
+			}
+			return err
+		}
+		if int(st.Sys().(*syscall.Stat_t).Uid) == uid && int(st.Sys().(*syscall.Stat_t).Gid) == gid {
+			continue
+		}
+		if st.Mode()&0111 != 0111 {
+			if err := os.Chmod(path, st.Mode()|0111); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// Wait for a container which has been sent a signal to stop
+func waitContainerStop(ctr *Container, timeout time.Duration) error {
+	return waitPidStop(ctr.state.PID, timeout)
+}
+
+// Wait for a given PID to stop
+func waitPidStop(pid int, timeout time.Duration) error {
+	done := make(chan struct{})
+	chControl := make(chan struct{})
+	go func() {
+		for {
+			select {
+			case <-chControl:
+				return
+			default:
+				if err := unix.Kill(pid, 0); err != nil {
+					if err == unix.ESRCH {
+						close(done)
+						return
+					}
+					logrus.Errorf("Pinging PID %d with signal 0: %v", pid, err)
+				}
+				time.Sleep(100 * time.Millisecond)
+			}
+		}
+	}()
+	select {
+	case <-done:
+		return nil
+	case <-time.After(timeout):
+		close(chControl)
+		return fmt.Errorf("given PIDs did not die within timeout")
+	}
+}
+
+func (r *ConmonOCIRuntime) getLogTag(ctr *Container) (string, error) {
+	logTag := ctr.LogTag()
+	if logTag == "" {
+		return "", nil
+	}
+	data, err := ctr.inspectLocked(false)
+	if err != nil {
+		// FIXME: this error should probably be returned
+		return "", nil //nolint: nilerr
+	}
+	tmpl, err := template.New("container").Parse(logTag)
+	if err != nil {
+		return "", fmt.Errorf("template parsing error %s: %w", logTag, err)
+	}
+	var b bytes.Buffer
+	err = tmpl.Execute(&b, data)
+	if err != nil {
+		return "", err
+	}
+	return b.String(), nil
+}
+
+// createOCIContainer generates this container's main conmon instance and prepares it for starting
+func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error) {
+	var stderrBuf bytes.Buffer
+
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return 0, err
+	}
+
+	parentSyncPipe, childSyncPipe, err := newPipe()
+	if err != nil {
+		return 0, fmt.Errorf("creating socket pair: %w", err)
+	}
+	defer errorhandling.CloseQuiet(parentSyncPipe)
+
+	childStartPipe, parentStartPipe, err := newPipe()
+	if err != nil {
+		return 0, fmt.Errorf("creating socket pair for start pipe: %w", err)
+	}
+
+	defer errorhandling.CloseQuiet(parentStartPipe)
+
+	var ociLog string
+	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
+		ociLog = filepath.Join(ctr.state.RunDir, "oci-log")
+	}
+
+	logTag, err := r.getLogTag(ctr)
+	if err != nil {
+		return 0, err
+	}
+
+	if ctr.config.CgroupsMode == cgroupSplit {
+		if err := utils.MoveUnderCgroupSubtree("runtime"); err != nil {
+			return 0, err
+		}
+	}
+
+	pidfile := ctr.config.PidFile
+	if pidfile == "" {
+		pidfile = filepath.Join(ctr.state.RunDir, "pidfile")
+	}
+
+	args := r.sharedConmonArgs(ctr, ctr.ID(), ctr.bundlePath(), pidfile, ctr.LogPath(), r.exitsDir, ociLog, ctr.LogDriver(), logTag)
+
+	if ctr.config.SdNotifyMode == define.SdNotifyModeContainer && ctr.config.SdNotifySocket != "" {
+		args = append(args, fmt.Sprintf("--sdnotify-socket=%s", ctr.config.SdNotifySocket))
+	}
+
+	if ctr.config.Spec.Process.Terminal {
+		args = append(args, "-t")
+	} else if ctr.config.Stdin {
+		args = append(args, "-i")
+	}
+
+	if ctr.config.Timeout > 0 {
+		args = append(args, fmt.Sprintf("--timeout=%d", ctr.config.Timeout))
+	}
+
+	if !r.enableKeyring {
+		args = append(args, "--no-new-keyring")
+	}
+	if ctr.config.ConmonPidFile != "" {
+		args = append(args, "--conmon-pidfile", ctr.config.ConmonPidFile)
+	}
+
+	if r.noPivot {
+		args = append(args, "--no-pivot")
+	}
+
+	exitCommand, err := specgenutil.CreateExitCommandArgs(ctr.runtime.storageConfig, ctr.runtime.config, logrus.IsLevelEnabled(logrus.DebugLevel), ctr.AutoRemove(), false)
+	if err != nil {
+		return 0, err
+	}
+	exitCommand = append(exitCommand, ctr.config.ID)
+
+	args = append(args, "--exit-command", exitCommand[0])
+	for _, arg := range exitCommand[1:] {
+		args = append(args, []string{"--exit-command-arg", arg}...)
+	}
+
+	// Pass down the LISTEN_* environment (see #10443).
+	preserveFDs := ctr.config.PreserveFDs
+	if val := os.Getenv("LISTEN_FDS"); val != "" {
+		if ctr.config.PreserveFDs > 0 {
+			logrus.Warnf("Ignoring LISTEN_FDS to preserve custom user-specified FDs")
+		} else {
+			fds, err := strconv.Atoi(val)
+			if err != nil {
+				return 0, fmt.Errorf("converting LISTEN_FDS=%s: %w", val, err)
+			}
+			preserveFDs = uint(fds)
+		}
+	}
+
+	if preserveFDs > 0 {
+		args = append(args, formatRuntimeOpts("--preserve-fds", fmt.Sprintf("%d", preserveFDs))...)
+	}
+
+	if restoreOptions != nil {
+		args = append(args, "--restore", ctr.CheckpointPath())
+		if restoreOptions.TCPEstablished {
+			args = append(args, "--runtime-opt", "--tcp-established")
+		}
+		if restoreOptions.FileLocks {
+			args = append(args, "--runtime-opt", "--file-locks")
+		}
+		if restoreOptions.Pod != "" {
+			mountLabel := ctr.config.MountLabel
+			processLabel := ctr.config.ProcessLabel
+			if mountLabel != "" {
+				args = append(
+					args,
+					"--runtime-opt",
+					fmt.Sprintf(
+						"--lsm-mount-context=%s",
+						mountLabel,
+					),
+				)
+			}
+			if processLabel != "" {
+				args = append(
+					args,
+					"--runtime-opt",
+					fmt.Sprintf(
+						"--lsm-profile=selinux:%s",
+						processLabel,
+					),
+				)
+			}
+		}
+	}
+
+	logrus.WithFields(logrus.Fields{
+		"args": args,
+	}).Debugf("running conmon: %s", r.conmonPath)
+
+	cmd := exec.Command(r.conmonPath, args...)
+	cmd.SysProcAttr = &syscall.SysProcAttr{
+		Setpgid: true,
+	}
+	// TODO this is probably a really bad idea for some uses
+	// Make this configurable
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	if ctr.config.Spec.Process.Terminal {
+		cmd.Stderr = &stderrBuf
+	}
+
+	// 0, 1 and 2 are stdin, stdout and stderr
+	conmonEnv := r.configureConmonEnv(runtimeDir)
+
+	var filesToClose []*os.File
+	if preserveFDs > 0 {
+		for fd := 3; fd < int(3+preserveFDs); fd++ {
+			f := os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd))
+			filesToClose = append(filesToClose, f)
+			cmd.ExtraFiles = append(cmd.ExtraFiles, f)
+		}
+	}
+
+	cmd.Env = r.conmonEnv
+	// we don't want to step on users fds they asked to preserve
+	// Since 0-2 are used for stdio, start the fds we pass in at preserveFDs+3
+	cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_SYNCPIPE=%d", preserveFDs+3), fmt.Sprintf("_OCI_STARTPIPE=%d", preserveFDs+4))
+	cmd.Env = append(cmd.Env, conmonEnv...)
+	cmd.ExtraFiles = append(cmd.ExtraFiles, childSyncPipe, childStartPipe)
+
+	if r.reservePorts && !rootless.IsRootless() && !ctr.config.NetMode.IsSlirp4netns() {
+		ports, err := bindPorts(ctr.convertPortMappings())
+		if err != nil {
+			return 0, err
+		}
+		filesToClose = append(filesToClose, ports...)
+
+		// Leak the port we bound in the conmon process.  These fd's won't be used
+		// by the container and conmon will keep the ports busy so that another
+		// process cannot use them.
+		cmd.ExtraFiles = append(cmd.ExtraFiles, ports...)
+	}
+
+	if ctr.config.NetMode.IsSlirp4netns() || rootless.IsRootless() {
+		if ctr.config.PostConfigureNetNS {
+			havePortMapping := len(ctr.config.PortMappings) > 0
+			if havePortMapping {
+				ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
+				if err != nil {
+					return 0, fmt.Errorf("failed to create rootless port sync pipe: %w", err)
+				}
+			}
+			ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
+			if err != nil {
+				return 0, fmt.Errorf("failed to create rootless network sync pipe: %w", err)
+			}
+		} else {
+			if ctr.rootlessSlirpSyncR != nil {
+				defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR)
+			}
+			if ctr.rootlessSlirpSyncW != nil {
+				defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW)
+			}
+		}
+		// Leak one end in conmon, the other one will be leaked into slirp4netns
+		cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW)
+
+		if ctr.rootlessPortSyncW != nil {
+			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncW)
+			// Leak one end in conmon, the other one will be leaked into rootlessport
+			cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessPortSyncW)
+		}
+	}
+	var runtimeRestoreStarted time.Time
+	if restoreOptions != nil {
+		runtimeRestoreStarted = time.Now()
+	}
+	err = startCommand(cmd, ctr)
+
+	// regardless of whether we errored or not, we no longer need the children pipes
+	childSyncPipe.Close()
+	childStartPipe.Close()
+	if err != nil {
+		return 0, err
+	}
+	if err := r.moveConmonToCgroupAndSignal(ctr, cmd, parentStartPipe); err != nil {
+		return 0, err
+	}
+	/* Wait for initial setup and fork, and reap child */
+	err = cmd.Wait()
+	if err != nil {
+		return 0, err
+	}
+
+	pid, err := readConmonPipeData(r.name, parentSyncPipe, ociLog)
+	if err != nil {
+		if err2 := r.DeleteContainer(ctr); err2 != nil {
+			logrus.Errorf("Removing container %s from runtime after creation failed", ctr.ID())
+		}
+		return 0, err
+	}
+	ctr.state.PID = pid
+
+	conmonPID, err := readConmonPidFile(ctr.config.ConmonPidFile)
+	if err != nil {
+		logrus.Warnf("Error reading conmon pid file for container %s: %v", ctr.ID(), err)
+	} else if conmonPID > 0 {
+		// conmon not having a pid file is a valid state, so don't set it if we don't have it
+		logrus.Infof("Got Conmon PID as %d", conmonPID)
+		ctr.state.ConmonPID = conmonPID
+	}
+
+	runtimeRestoreDuration := func() int64 {
+		if restoreOptions != nil && restoreOptions.PrintStats {
+			return time.Since(runtimeRestoreStarted).Microseconds()
+		}
+		return 0
+	}()
+
+	// These fds were passed down to the runtime.  Close them
+	// and not interfere
+	for _, f := range filesToClose {
+		errorhandling.CloseQuiet(f)
+	}
+
+	return runtimeRestoreDuration, nil
+}
+
+// configureConmonEnv gets the environment values to add to conmon's exec struct
+// TODO this may want to be less hardcoded/more configurable in the future
+func (r *ConmonOCIRuntime) configureConmonEnv(runtimeDir string) []string {
+	var env []string
+	for _, e := range os.Environ() {
+		if strings.HasPrefix(e, "LC_") {
+			env = append(env, e)
+		}
+	}
+	if path, ok := os.LookupEnv("PATH"); ok {
+		env = append(env, fmt.Sprintf("PATH=%s", path))
+	}
+	if conf, ok := os.LookupEnv("CONTAINERS_CONF"); ok {
+		env = append(env, fmt.Sprintf("CONTAINERS_CONF=%s", conf))
+	}
+	if conf, ok := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); ok {
+		env = append(env, fmt.Sprintf("CONTAINERS_HELPER_BINARY_DIR=%s", conf))
+	}
+	env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
+	env = append(env, fmt.Sprintf("_CONTAINERS_USERNS_CONFIGURED=%s", os.Getenv("_CONTAINERS_USERNS_CONFIGURED")))
+	env = append(env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%s", os.Getenv("_CONTAINERS_ROOTLESS_UID")))
+	home := homedir.Get()
+	if home != "" {
+		env = append(env, fmt.Sprintf("HOME=%s", home))
+	}
+
+	return env
+}
+
+// sharedConmonArgs takes common arguments for exec and create/restore and formats them for the conmon CLI
+func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, pidPath, logPath, exitDir, ociLogPath, logDriver, logTag string) []string {
+	// set the conmon API version to be able to use the correct sync struct keys
+	args := []string{
+		"--api-version", "1",
+		"-c", ctr.ID(),
+		"-u", cuuid,
+		"-r", r.path,
+		"-b", bundlePath,
+		"-p", pidPath,
+		"-n", ctr.Name(),
+		"--exit-dir", exitDir,
+		"--full-attach",
+	}
+	if len(r.runtimeFlags) > 0 {
+		rFlags := []string{}
+		for _, arg := range r.runtimeFlags {
+			rFlags = append(rFlags, "--runtime-arg", arg)
+		}
+		args = append(args, rFlags...)
+	}
+
+	if ctr.CgroupManager() == config.SystemdCgroupsManager && !ctr.config.NoCgroups && ctr.config.CgroupsMode != cgroupSplit {
+		args = append(args, "-s")
+	}
+
+	var logDriverArg string
+	switch logDriver {
+	case define.JournaldLogging:
+		logDriverArg = define.JournaldLogging
+	case define.NoLogging:
+		logDriverArg = define.NoLogging
+	case define.PassthroughLogging:
+		logDriverArg = define.PassthroughLogging
+	//lint:ignore ST1015 the default case has to be here
+	default: //nolint:stylecheck,gocritic
+		// No case here should happen except JSONLogging, but keep this here in case the options are extended
+		logrus.Errorf("%s logging specified but not supported. Choosing k8s-file logging instead", ctr.LogDriver())
+		fallthrough
+	case "":
+		// to get here, either a user would specify `--log-driver ""`, or this came from another place in libpod
+		// since the former case is obscure, and the latter case isn't an error, let's silently fallthrough
+		fallthrough
+	case define.JSONLogging:
+		fallthrough
+	case define.KubernetesLogging:
+		logDriverArg = fmt.Sprintf("%s:%s", define.KubernetesLogging, logPath)
+	}
+
+	args = append(args, "-l", logDriverArg)
+	logLevel := logrus.GetLevel()
+	args = append(args, "--log-level", logLevel.String())
+
+	if logLevel == logrus.DebugLevel {
+		logrus.Debugf("%s messages will be logged to syslog", r.conmonPath)
+		args = append(args, "--syslog")
+	}
+
+	size := r.logSizeMax
+	if ctr.config.LogSize > 0 {
+		size = ctr.config.LogSize
+	}
+	if size > 0 {
+		args = append(args, "--log-size-max", fmt.Sprintf("%v", size))
+	}
+
+	if ociLogPath != "" {
+		args = append(args, "--runtime-arg", "--log-format=json", "--runtime-arg", "--log", fmt.Sprintf("--runtime-arg=%s", ociLogPath))
+	}
+	if logTag != "" {
+		args = append(args, "--log-tag", logTag)
+	}
+	if ctr.config.NoCgroups {
+		logrus.Debugf("Running with no Cgroups")
+		args = append(args, "--runtime-arg", "--cgroup-manager", "--runtime-arg", "disabled")
+	}
+	return args
+}
+
+func startCommand(cmd *exec.Cmd, ctr *Container) error {
+	// Make sure to unset the NOTIFY_SOCKET and reset it afterwards if needed.
+	switch ctr.config.SdNotifyMode {
+	case define.SdNotifyModeContainer, define.SdNotifyModeIgnore:
+		if prev := os.Getenv("NOTIFY_SOCKET"); prev != "" {
+			if err := os.Unsetenv("NOTIFY_SOCKET"); err != nil {
+				logrus.Warnf("Error unsetting NOTIFY_SOCKET %v", err)
+			}
+			defer func() {
+				if err := os.Setenv("NOTIFY_SOCKET", prev); err != nil {
+					logrus.Errorf("Resetting NOTIFY_SOCKET=%s", prev)
+				}
+			}()
+		}
+	}
+
+	return cmd.Start()
+}
+
+// newPipe creates a unix socket pair for communication.
+// Returns two files - first is parent, second is child.
+func newPipe() (*os.File, *os.File, error) {
+	fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	return os.NewFile(uintptr(fds[1]), "parent"), os.NewFile(uintptr(fds[0]), "child"), nil
+}
+
+// readConmonPidFile attempts to read conmon's pid from its pid file
+func readConmonPidFile(pidFile string) (int, error) {
+	// Let's try reading the Conmon pid at the same time.
+	if pidFile != "" {
+		contents, err := ioutil.ReadFile(pidFile)
+		if err != nil {
+			return -1, err
+		}
+		// Convert it to an int
+		conmonPID, err := strconv.Atoi(string(contents))
+		if err != nil {
+			return -1, err
+		}
+		return conmonPID, nil
+	}
+	return 0, nil
+}
+
+// readConmonPipeData attempts to read a syncInfo struct from the pipe
+func readConmonPipeData(runtimeName string, pipe *os.File, ociLog string) (int, error) {
+	// syncInfo is used to return data from monitor process to daemon
+	type syncInfo struct {
+		Data    int    `json:"data"`
+		Message string `json:"message,omitempty"`
+	}
+
+	// Wait to get container pid from conmon
+	type syncStruct struct {
+		si  *syncInfo
+		err error
+	}
+	ch := make(chan syncStruct)
+	go func() {
+		var si *syncInfo
+		rdr := bufio.NewReader(pipe)
+		b, err := rdr.ReadBytes('\n')
+		// ignore EOF here, error is returned even when data was read
+		// if it is no valid json unmarshal will fail below
+		if err != nil && !errors.Is(err, io.EOF) {
+			ch <- syncStruct{err: err}
+		}
+		if err := json.Unmarshal(b, &si); err != nil {
+			ch <- syncStruct{err: fmt.Errorf("conmon bytes %q: %w", string(b), err)}
+			return
+		}
+		ch <- syncStruct{si: si}
+	}()
+
+	data := -1 //nolint: wastedassign
+	select {
+	case ss := <-ch:
+		if ss.err != nil {
+			if ociLog != "" {
+				ociLogData, err := ioutil.ReadFile(ociLog)
+				if err == nil {
+					var ociErr ociError
+					if err := json.Unmarshal(ociLogData, &ociErr); err == nil {
+						return -1, getOCIRuntimeError(runtimeName, ociErr.Msg)
+					}
+				}
+			}
+			return -1, fmt.Errorf("container create failed (no logs from conmon): %w", ss.err)
+		}
+		logrus.Debugf("Received: %d", ss.si.Data)
+		if ss.si.Data < 0 {
+			if ociLog != "" {
+				ociLogData, err := ioutil.ReadFile(ociLog)
+				if err == nil {
+					var ociErr ociError
+					if err := json.Unmarshal(ociLogData, &ociErr); err == nil {
+						return ss.si.Data, getOCIRuntimeError(runtimeName, ociErr.Msg)
+					}
+				}
+			}
+			// If we failed to parse the JSON errors, then print the output as it is
+			if ss.si.Message != "" {
+				return ss.si.Data, getOCIRuntimeError(runtimeName, ss.si.Message)
+			}
+			return ss.si.Data, fmt.Errorf("container create failed: %w", define.ErrInternal)
+		}
+		data = ss.si.Data
+	case <-time.After(define.ContainerCreateTimeout):
+		return -1, fmt.Errorf("container creation timeout: %w", define.ErrInternal)
+	}
+	return data, nil
+}
+
+// writeConmonPipeData writes nonce data to a pipe
+func writeConmonPipeData(pipe *os.File) error {
+	someData := []byte{0}
+	_, err := pipe.Write(someData)
+	return err
+}
+
+// formatRuntimeOpts prepends opts passed to it with --runtime-opt for passing to conmon
+func formatRuntimeOpts(opts ...string) []string {
+	args := make([]string, 0, len(opts)*2)
+	for _, o := range opts {
+		args = append(args, "--runtime-opt", o)
+	}
+	return args
+}
+
+// getConmonVersion returns a string representation of the conmon version.
+func (r *ConmonOCIRuntime) getConmonVersion() (string, error) {
+	output, err := utils.ExecCmd(r.conmonPath, "--version")
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimSuffix(strings.Replace(output, "\n", ", ", 1), "\n"), nil
+}
+
+// getOCIRuntimeVersion returns a string representation of the OCI runtime's
+// version.
+func (r *ConmonOCIRuntime) getOCIRuntimeVersion() (string, error) {
+	output, err := utils.ExecCmd(r.path, "--version")
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimSuffix(output, "\n"), nil
+}
+
+// Copy data from container to HTTP connection, for terminal attach.
+// Container is the container's attach socket connection, http is a buffer for
+// the HTTP connection. cid is the ID of the container the attach session is
+// running for (used solely for error messages).
+func httpAttachTerminalCopy(container *net.UnixConn, http *bufio.ReadWriter, cid string) error {
+	buf := make([]byte, bufferSize)
+	for {
+		numR, err := container.Read(buf)
+		logrus.Debugf("Read fd(%d) %d/%d bytes for container %s", int(buf[0]), numR, len(buf), cid)
+
+		if numR > 0 {
+			switch buf[0] {
+			case AttachPipeStdout:
+				// Do nothing
+			default:
+				logrus.Errorf("Received unexpected attach type %+d, discarding %d bytes", buf[0], numR)
+				continue
+			}
+
+			numW, err2 := http.Write(buf[1:numR])
+			if err2 != nil {
+				if err != nil {
+					logrus.Errorf("Reading container %s STDOUT: %v", cid, err)
+				}
+				return err2
+			} else if numW+1 != numR {
+				return io.ErrShortWrite
+			}
+			// We need to force the buffer to write immediately, so
+			// there isn't a delay on the terminal side.
+			if err2 := http.Flush(); err2 != nil {
+				if err != nil {
+					logrus.Errorf("Reading container %s STDOUT: %v", cid, err)
+				}
+				return err2
+			}
+		}
+		if err != nil {
+			if err == io.EOF {
+				return nil
+			}
+			return err
+		}
+	}
+}
+
+// Copy data from a container to an HTTP connection, for non-terminal attach.
+// Appends a header to multiplex input.
+func httpAttachNonTerminalCopy(container *net.UnixConn, http *bufio.ReadWriter, cid string, stdin, stdout, stderr bool) error {
+	buf := make([]byte, bufferSize)
+	for {
+		numR, err := container.Read(buf)
+		if numR > 0 {
+			var headerBuf []byte
+
+			// Subtract 1 because we strip the first byte (used for
+			// multiplexing by Conmon).
+			headerLen := uint32(numR - 1)
+			// Practically speaking, we could make this buf[0] - 1,
+			// but we need to validate it anyway.
+			switch buf[0] {
+			case AttachPipeStdin:
+				headerBuf = makeHTTPAttachHeader(0, headerLen)
+				if !stdin {
+					continue
+				}
+			case AttachPipeStdout:
+				if !stdout {
+					continue
+				}
+				headerBuf = makeHTTPAttachHeader(1, headerLen)
+			case AttachPipeStderr:
+				if !stderr {
+					continue
+				}
+				headerBuf = makeHTTPAttachHeader(2, headerLen)
+			default:
+				logrus.Errorf("Received unexpected attach type %+d, discarding %d bytes", buf[0], numR)
+				continue
+			}
+
+			numH, err2 := http.Write(headerBuf)
+			if err2 != nil {
+				if err != nil {
+					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
+				}
+
+				return err2
+			}
+			// Hardcoding header length is pretty gross, but
+			// fast. Should be safe, as this is a fixed part
+			// of the protocol.
+			if numH != 8 {
+				if err != nil {
+					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
+				}
+
+				return io.ErrShortWrite
+			}
+
+			numW, err2 := http.Write(buf[1:numR])
+			if err2 != nil {
+				if err != nil {
+					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
+				}
+
+				return err2
+			} else if numW+1 != numR {
+				if err != nil {
+					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
+				}
+
+				return io.ErrShortWrite
+			}
+			// We need to force the buffer to write immediately, so
+			// there isn't a delay on the terminal side.
+			if err2 := http.Flush(); err2 != nil {
+				if err != nil {
+					logrus.Errorf("Reading container %s STDOUT: %v", cid, err)
+				}
+				return err2
+			}
+		}
+		if err != nil {
+			if err == io.EOF {
+				return nil
+			}
+
+			return err
+		}
+	}
+}
diff --git a/libpod/oci_conmon_exec_common.go b/libpod/oci_conmon_exec_common.go
new file mode 100644
index 000000000..e5080942b
--- /dev/null
+++ b/libpod/oci_conmon_exec_common.go
@@ -0,0 +1,771 @@
+package libpod
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/resize"
+	cutil "github.com/containers/common/pkg/util"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/errorhandling"
+	"github.com/containers/podman/v4/pkg/lookup"
+	"github.com/containers/podman/v4/pkg/util"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+// ExecContainer executes a command in a running container
+func (r *ConmonOCIRuntime) ExecContainer(c *Container, sessionID string, options *ExecOptions, streams *define.AttachStreams, newSize *resize.TerminalSize) (int, chan error, error) {
+	if options == nil {
+		return -1, nil, fmt.Errorf("must provide an ExecOptions struct to ExecContainer: %w", define.ErrInvalidArg)
+	}
+	if len(options.Cmd) == 0 {
+		return -1, nil, fmt.Errorf("must provide a command to execute: %w", define.ErrInvalidArg)
+	}
+
+	if sessionID == "" {
+		return -1, nil, fmt.Errorf("must provide a session ID for exec: %w", define.ErrEmptyID)
+	}
+
+	// TODO: Should we default this to false?
+	// Or maybe make streams mandatory?
+	attachStdin := true
+	if streams != nil {
+		attachStdin = streams.AttachInput
+	}
+
+	var ociLog string
+	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
+		ociLog = c.execOCILog(sessionID)
+	}
+
+	execCmd, pipes, err := r.startExec(c, sessionID, options, attachStdin, ociLog)
+	if err != nil {
+		return -1, nil, err
+	}
+
+	// Only close sync pipe. Start and attach are consumed in the attach
+	// goroutine.
+	defer func() {
+		if pipes.syncPipe != nil && !pipes.syncClosed {
+			errorhandling.CloseQuiet(pipes.syncPipe)
+			pipes.syncClosed = true
+		}
+	}()
+
+	// TODO Only create if !detach
+	// Attach to the container before starting it
+	attachChan := make(chan error)
+	go func() {
+		// attachToExec is responsible for closing pipes
+		attachChan <- c.attachToExec(streams, options.DetachKeys, sessionID, pipes.startPipe, pipes.attachPipe, newSize)
+		close(attachChan)
+	}()
+
+	if err := execCmd.Wait(); err != nil {
+		return -1, nil, fmt.Errorf("cannot run conmon: %w", err)
+	}
+
+	pid, err := readConmonPipeData(r.name, pipes.syncPipe, ociLog)
+
+	return pid, attachChan, err
+}
+
+// ExecContainerHTTP executes a new command in an existing container and
+// forwards its standard streams over an attach
+func (r *ConmonOCIRuntime) ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, req *http.Request, w http.ResponseWriter,
+	streams *HTTPAttachStreams, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, newSize *resize.TerminalSize) (int, chan error, error) {
+	if streams != nil {
+		if !streams.Stdin && !streams.Stdout && !streams.Stderr {
+			return -1, nil, fmt.Errorf("must provide at least one stream to attach to: %w", define.ErrInvalidArg)
+		}
+	}
+
+	if options == nil {
+		return -1, nil, fmt.Errorf("must provide exec options to ExecContainerHTTP: %w", define.ErrInvalidArg)
+	}
+
+	detachString := config.DefaultDetachKeys
+	if options.DetachKeys != nil {
+		detachString = *options.DetachKeys
+	}
+	detachKeys, err := processDetachKeys(detachString)
+	if err != nil {
+		return -1, nil, err
+	}
+
+	// TODO: Should we default this to false?
+	// Or maybe make streams mandatory?
+	attachStdin := true
+	if streams != nil {
+		attachStdin = streams.Stdin
+	}
+
+	var ociLog string
+	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
+		ociLog = ctr.execOCILog(sessionID)
+	}
+
+	execCmd, pipes, err := r.startExec(ctr, sessionID, options, attachStdin, ociLog)
+	if err != nil {
+		return -1, nil, err
+	}
+
+	// Only close sync pipe. Start and attach are consumed in the attach
+	// goroutine.
+	defer func() {
+		if pipes.syncPipe != nil && !pipes.syncClosed {
+			errorhandling.CloseQuiet(pipes.syncPipe)
+			pipes.syncClosed = true
+		}
+	}()
+
+	attachChan := make(chan error)
+	conmonPipeDataChan := make(chan conmonPipeData)
+	go func() {
+		// attachToExec is responsible for closing pipes
+		attachChan <- attachExecHTTP(ctr, sessionID, req, w, streams, pipes, detachKeys, options.Terminal, cancel, hijackDone, holdConnOpen, execCmd, conmonPipeDataChan, ociLog, newSize, r.name)
+		close(attachChan)
+	}()
+
+	// NOTE: the channel is needed to communicate conmon's data.  In case
+	// of an error, the error will be written on the hijacked http
+	// connection such that remote clients will receive the error.
+	pipeData := <-conmonPipeDataChan
+
+	return pipeData.pid, attachChan, pipeData.err
+}
+
+// conmonPipeData contains the data when reading from conmon's pipe.
+type conmonPipeData struct {
+	pid int
+	err error
+}
+
+// ExecContainerDetached executes a command in a running container, but does
+// not attach to it.
+func (r *ConmonOCIRuntime) ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error) {
+	if options == nil {
+		return -1, fmt.Errorf("must provide exec options to ExecContainerHTTP: %w", define.ErrInvalidArg)
+	}
+
+	var ociLog string
+	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
+		ociLog = ctr.execOCILog(sessionID)
+	}
+
+	execCmd, pipes, err := r.startExec(ctr, sessionID, options, stdin, ociLog)
+	if err != nil {
+		return -1, err
+	}
+
+	defer func() {
+		pipes.cleanup()
+	}()
+
+	// Wait for Conmon to tell us we're ready to attach.
+	// We aren't actually *going* to attach, but this means that we're good
+	// to proceed.
+	if _, err := readConmonPipeData(r.name, pipes.attachPipe, ""); err != nil {
+		return -1, err
+	}
+
+	// Start the exec session
+	if err := writeConmonPipeData(pipes.startPipe); err != nil {
+		return -1, err
+	}
+
+	// Wait for conmon to succeed, when return.
+	if err := execCmd.Wait(); err != nil {
+		return -1, fmt.Errorf("cannot run conmon: %w", err)
+	}
+
+	pid, err := readConmonPipeData(r.name, pipes.syncPipe, ociLog)
+
+	return pid, err
+}
+
+// ExecAttachResize resizes the TTY of the given exec session.
+func (r *ConmonOCIRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error {
+	controlFile, err := openControlFile(ctr, ctr.execBundlePath(sessionID))
+	if err != nil {
+		return err
+	}
+	defer controlFile.Close()
+
+	if _, err = fmt.Fprintf(controlFile, "%d %d %d\n", 1, newSize.Height, newSize.Width); err != nil {
+		return fmt.Errorf("failed to write to ctl file to resize terminal: %w", err)
+	}
+
+	return nil
+}
+
+// ExecStopContainer stops a given exec session in a running container.
+func (r *ConmonOCIRuntime) ExecStopContainer(ctr *Container, sessionID string, timeout uint) error {
+	pid, err := ctr.getExecSessionPID(sessionID)
+	if err != nil {
+		return err
+	}
+
+	logrus.Debugf("Going to stop container %s exec session %s", ctr.ID(), sessionID)
+
+	// Is the session dead?
+	// Ping the PID with signal 0 to see if it still exists.
+	if err := unix.Kill(pid, 0); err != nil {
+		if err == unix.ESRCH {
+			return nil
+		}
+		return fmt.Errorf("pinging container %s exec session %s PID %d with signal 0: %w", ctr.ID(), sessionID, pid, err)
+	}
+
+	if timeout > 0 {
+		// Use SIGTERM by default, then SIGSTOP after timeout.
+		logrus.Debugf("Killing exec session %s (PID %d) of container %s with SIGTERM", sessionID, pid, ctr.ID())
+		if err := unix.Kill(pid, unix.SIGTERM); err != nil {
+			if err == unix.ESRCH {
+				return nil
+			}
+			return fmt.Errorf("killing container %s exec session %s PID %d with SIGTERM: %w", ctr.ID(), sessionID, pid, err)
+		}
+
+		// Wait for the PID to stop
+		if err := waitPidStop(pid, time.Duration(timeout)*time.Second); err != nil {
+			logrus.Infof("Timed out waiting for container %s exec session %s to stop, resorting to SIGKILL: %v", ctr.ID(), sessionID, err)
+		} else {
+			// No error, container is dead
+			return nil
+		}
+	}
+
+	// SIGTERM did not work. On to SIGKILL.
+	logrus.Debugf("Killing exec session %s (PID %d) of container %s with SIGKILL", sessionID, pid, ctr.ID())
+	if err := unix.Kill(pid, unix.SIGTERM); err != nil {
+		if err == unix.ESRCH {
+			return nil
+		}
+		return fmt.Errorf("killing container %s exec session %s PID %d with SIGKILL: %w", ctr.ID(), sessionID, pid, err)
+	}
+
+	// Wait for the PID to stop
+	if err := waitPidStop(pid, killContainerTimeout); err != nil {
+		return fmt.Errorf("timed out waiting for container %s exec session %s PID %d to stop after SIGKILL: %w", ctr.ID(), sessionID, pid, err)
+	}
+
+	return nil
+}
+
+// ExecUpdateStatus checks if the given exec session is still running.
+func (r *ConmonOCIRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) {
+	pid, err := ctr.getExecSessionPID(sessionID)
+	if err != nil {
+		return false, err
+	}
+
+	logrus.Debugf("Checking status of container %s exec session %s", ctr.ID(), sessionID)
+
+	// Is the session dead?
+	// Ping the PID with signal 0 to see if it still exists.
+	if err := unix.Kill(pid, 0); err != nil {
+		if err == unix.ESRCH {
+			return false, nil
+		}
+		return false, fmt.Errorf("pinging container %s exec session %s PID %d with signal 0: %w", ctr.ID(), sessionID, pid, err)
+	}
+
+	return true, nil
+}
+
+// ExecAttachSocketPath is the path to a container's exec session attach socket.
+func (r *ConmonOCIRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error) {
+	// We don't even use container, so don't validity check it
+	if sessionID == "" {
+		return "", fmt.Errorf("must provide a valid session ID to get attach socket path: %w", define.ErrInvalidArg)
+	}
+
+	return filepath.Join(ctr.execBundlePath(sessionID), "attach"), nil
+}
+
+// This contains pipes used by the exec API.
+type execPipes struct {
+	syncPipe     *os.File
+	syncClosed   bool
+	startPipe    *os.File
+	startClosed  bool
+	attachPipe   *os.File
+	attachClosed bool
+}
+
+func (p *execPipes) cleanup() {
+	if p.syncPipe != nil && !p.syncClosed {
+		errorhandling.CloseQuiet(p.syncPipe)
+		p.syncClosed = true
+	}
+	if p.startPipe != nil && !p.startClosed {
+		errorhandling.CloseQuiet(p.startPipe)
+		p.startClosed = true
+	}
+	if p.attachPipe != nil && !p.attachClosed {
+		errorhandling.CloseQuiet(p.attachPipe)
+		p.attachClosed = true
+	}
+}
+
+// Start an exec session's conmon parent from the given options.
+func (r *ConmonOCIRuntime) startExec(c *Container, sessionID string, options *ExecOptions, attachStdin bool, ociLog string) (_ *exec.Cmd, _ *execPipes, deferredErr error) {
+	pipes := new(execPipes)
+
+	if options == nil {
+		return nil, nil, fmt.Errorf("must provide an ExecOptions struct to ExecContainer: %w", define.ErrInvalidArg)
+	}
+	if len(options.Cmd) == 0 {
+		return nil, nil, fmt.Errorf("must provide a command to execute: %w", define.ErrInvalidArg)
+	}
+
+	if sessionID == "" {
+		return nil, nil, fmt.Errorf("must provide a session ID for exec: %w", define.ErrEmptyID)
+	}
+
+	// create sync pipe to receive the pid
+	parentSyncPipe, childSyncPipe, err := newPipe()
+	if err != nil {
+		return nil, nil, fmt.Errorf("creating socket pair: %w", err)
+	}
+	pipes.syncPipe = parentSyncPipe
+
+	defer func() {
+		if deferredErr != nil {
+			pipes.cleanup()
+		}
+	}()
+
+	// create start pipe to set the cgroup before running
+	// attachToExec is responsible for closing parentStartPipe
+	childStartPipe, parentStartPipe, err := newPipe()
+	if err != nil {
+		return nil, nil, fmt.Errorf("creating socket pair: %w", err)
+	}
+	pipes.startPipe = parentStartPipe
+
+	// create the attach pipe to allow attach socket to be created before
+	// $RUNTIME exec starts running. This is to make sure we can capture all output
+	// from the process through that socket, rather than half reading the log, half attaching to the socket
+	// attachToExec is responsible for closing parentAttachPipe
+	parentAttachPipe, childAttachPipe, err := newPipe()
+	if err != nil {
+		return nil, nil, fmt.Errorf("creating socket pair: %w", err)
+	}
+	pipes.attachPipe = parentAttachPipe
+
+	childrenClosed := false
+	defer func() {
+		if !childrenClosed {
+			errorhandling.CloseQuiet(childSyncPipe)
+			errorhandling.CloseQuiet(childAttachPipe)
+			errorhandling.CloseQuiet(childStartPipe)
+		}
+	}()
+
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	finalEnv := make([]string, 0, len(options.Env))
+	for k, v := range options.Env {
+		finalEnv = append(finalEnv, fmt.Sprintf("%s=%s", k, v))
+	}
+
+	processFile, err := c.prepareProcessExec(options, finalEnv, sessionID)
+	if err != nil {
+		return nil, nil, err
+	}
+	defer processFile.Close()
+
+	args := r.sharedConmonArgs(c, sessionID, c.execBundlePath(sessionID), c.execPidPath(sessionID), c.execLogPath(sessionID), c.execExitFileDir(sessionID), ociLog, define.NoLogging, c.config.LogTag)
+
+	if options.PreserveFDs > 0 {
+		args = append(args, formatRuntimeOpts("--preserve-fds", fmt.Sprintf("%d", options.PreserveFDs))...)
+	}
+
+	if options.Terminal {
+		args = append(args, "-t")
+	}
+
+	if attachStdin {
+		args = append(args, "-i")
+	}
+
+	// Append container ID and command
+	args = append(args, "-e")
+	// TODO make this optional when we can detach
+	args = append(args, "--exec-attach")
+	args = append(args, "--exec-process-spec", processFile.Name())
+
+	if len(options.ExitCommand) > 0 {
+		args = append(args, "--exit-command", options.ExitCommand[0])
+		for _, arg := range options.ExitCommand[1:] {
+			args = append(args, []string{"--exit-command-arg", arg}...)
+		}
+		if options.ExitCommandDelay > 0 {
+			args = append(args, []string{"--exit-delay", fmt.Sprintf("%d", options.ExitCommandDelay)}...)
+		}
+	}
+
+	logrus.WithFields(logrus.Fields{
+		"args": args,
+	}).Debugf("running conmon: %s", r.conmonPath)
+	execCmd := exec.Command(r.conmonPath, args...)
+
+	// TODO: This is commented because it doesn't make much sense in HTTP
+	// attach, and I'm not certain it does for non-HTTP attach as well.
+	// if streams != nil {
+	// 	// Don't add the InputStream to the execCmd. Instead, the data should be passed
+	// 	// through CopyDetachable
+	// 	if streams.AttachOutput {
+	// 		execCmd.Stdout = options.Streams.OutputStream
+	// 	}
+	// 	if streams.AttachError {
+	// 		execCmd.Stderr = options.Streams.ErrorStream
+	// 	}
+	// }
+
+	conmonEnv := r.configureConmonEnv(runtimeDir)
+
+	var filesToClose []*os.File
+	if options.PreserveFDs > 0 {
+		for fd := 3; fd < int(3+options.PreserveFDs); fd++ {
+			f := os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd))
+			filesToClose = append(filesToClose, f)
+			execCmd.ExtraFiles = append(execCmd.ExtraFiles, f)
+		}
+	}
+
+	// we don't want to step on users fds they asked to preserve
+	// Since 0-2 are used for stdio, start the fds we pass in at preserveFDs+3
+	execCmd.Env = r.conmonEnv
+	execCmd.Env = append(execCmd.Env, fmt.Sprintf("_OCI_SYNCPIPE=%d", options.PreserveFDs+3), fmt.Sprintf("_OCI_STARTPIPE=%d", options.PreserveFDs+4), fmt.Sprintf("_OCI_ATTACHPIPE=%d", options.PreserveFDs+5))
+	execCmd.Env = append(execCmd.Env, conmonEnv...)
+
+	execCmd.ExtraFiles = append(execCmd.ExtraFiles, childSyncPipe, childStartPipe, childAttachPipe)
+	execCmd.Dir = c.execBundlePath(sessionID)
+	execCmd.SysProcAttr = &syscall.SysProcAttr{
+		Setpgid: true,
+	}
+
+	err = startCommand(execCmd, c)
+
+	// We don't need children pipes  on the parent side
+	errorhandling.CloseQuiet(childSyncPipe)
+	errorhandling.CloseQuiet(childAttachPipe)
+	errorhandling.CloseQuiet(childStartPipe)
+	childrenClosed = true
+
+	if err != nil {
+		return nil, nil, fmt.Errorf("cannot start container %s: %w", c.ID(), err)
+	}
+	if err := r.moveConmonToCgroupAndSignal(c, execCmd, parentStartPipe); err != nil {
+		return nil, nil, err
+	}
+
+	// These fds were passed down to the runtime.  Close them
+	// and not interfere
+	for _, f := range filesToClose {
+		errorhandling.CloseQuiet(f)
+	}
+
+	return execCmd, pipes, nil
+}
+
+// Attach to a container over HTTP
+func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, pipes *execPipes, detachKeys []byte, isTerminal bool, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, execCmd *exec.Cmd, conmonPipeDataChan chan<- conmonPipeData, ociLog string, newSize *resize.TerminalSize, runtimeName string) (deferredErr error) {
+	// NOTE: As you may notice, the attach code is quite complex.
+	// Many things happen concurrently and yet are interdependent.
+	// If you ever change this function, make sure to write to the
+	// conmonPipeDataChan in case of an error.
+
+	if pipes == nil || pipes.startPipe == nil || pipes.attachPipe == nil {
+		err := fmt.Errorf("must provide a start and attach pipe to finish an exec attach: %w", define.ErrInvalidArg)
+		conmonPipeDataChan <- conmonPipeData{-1, err}
+		return err
+	}
+
+	defer func() {
+		if !pipes.startClosed {
+			errorhandling.CloseQuiet(pipes.startPipe)
+			pipes.startClosed = true
+		}
+		if !pipes.attachClosed {
+			errorhandling.CloseQuiet(pipes.attachPipe)
+			pipes.attachClosed = true
+		}
+	}()
+
+	logrus.Debugf("Attaching to container %s exec session %s", c.ID(), sessionID)
+
+	// set up the socket path, such that it is the correct length and location for exec
+	sockPath, err := c.execAttachSocketPath(sessionID)
+	if err != nil {
+		conmonPipeDataChan <- conmonPipeData{-1, err}
+		return err
+	}
+
+	// 2: read from attachFd that the parent process has set up the console socket
+	if _, err := readConmonPipeData(runtimeName, pipes.attachPipe, ""); err != nil {
+		conmonPipeDataChan <- conmonPipeData{-1, err}
+		return err
+	}
+
+	// resize before we start the container process
+	if newSize != nil {
+		err = c.ociRuntime.ExecAttachResize(c, sessionID, *newSize)
+		if err != nil {
+			logrus.Warnf("Resize failed: %v", err)
+		}
+	}
+
+	// 2: then attach
+	conn, err := openUnixSocket(sockPath)
+	if err != nil {
+		conmonPipeDataChan <- conmonPipeData{-1, err}
+		return fmt.Errorf("failed to connect to container's attach socket: %v: %w", sockPath, err)
+	}
+	defer func() {
+		if err := conn.Close(); err != nil {
+			logrus.Errorf("Unable to close socket: %q", err)
+		}
+	}()
+
+	attachStdout := true
+	attachStderr := true
+	attachStdin := true
+	if streams != nil {
+		attachStdout = streams.Stdout
+		attachStderr = streams.Stderr
+		attachStdin = streams.Stdin
+	}
+
+	// Perform hijack
+	hijacker, ok := w.(http.Hijacker)
+	if !ok {
+		conmonPipeDataChan <- conmonPipeData{-1, err}
+		return errors.New("unable to hijack connection")
+	}
+
+	httpCon, httpBuf, err := hijacker.Hijack()
+	if err != nil {
+		conmonPipeDataChan <- conmonPipeData{-1, err}
+		return fmt.Errorf("hijacking connection: %w", err)
+	}
+
+	hijackDone <- true
+
+	// Write a header to let the client know what happened
+	writeHijackHeader(r, httpBuf)
+
+	// Force a flush after the header is written.
+	if err := httpBuf.Flush(); err != nil {
+		conmonPipeDataChan <- conmonPipeData{-1, err}
+		return fmt.Errorf("flushing HTTP hijack header: %w", err)
+	}
+
+	go func() {
+		// Wait for conmon to succeed, when return.
+		if err := execCmd.Wait(); err != nil {
+			conmonPipeDataChan <- conmonPipeData{-1, err}
+		} else {
+			pid, err := readConmonPipeData(runtimeName, pipes.syncPipe, ociLog)
+			if err != nil {
+				hijackWriteError(err, c.ID(), isTerminal, httpBuf)
+				conmonPipeDataChan <- conmonPipeData{pid, err}
+			} else {
+				conmonPipeDataChan <- conmonPipeData{pid, err}
+			}
+		}
+		// We need to hold the connection open until the complete exec
+		// function has finished. This channel will be closed in a defer
+		// in that function, so we can wait for it here.
+		// Can't be a defer, because this would block the function from
+		// returning.
+		<-holdConnOpen
+		hijackWriteErrorAndClose(deferredErr, c.ID(), isTerminal, httpCon, httpBuf)
+	}()
+
+	stdoutChan := make(chan error)
+	stdinChan := make(chan error)
+
+	// Next, STDIN. Avoid entirely if attachStdin unset.
+	if attachStdin {
+		go func() {
+			logrus.Debugf("Beginning STDIN copy")
+			_, err := cutil.CopyDetachable(conn, httpBuf, detachKeys)
+			logrus.Debugf("STDIN copy completed")
+			stdinChan <- err
+		}()
+	}
+
+	// 4: send start message to child
+	if err := writeConmonPipeData(pipes.startPipe); err != nil {
+		return err
+	}
+
+	// Handle STDOUT/STDERR *after* start message is sent
+	go func() {
+		var err error
+		if isTerminal {
+			// Hack: return immediately if attachStdout not set to
+			// emulate Docker.
+			// Basically, when terminal is set, STDERR goes nowhere.
+			// Everything does over STDOUT.
+			// Therefore, if not attaching STDOUT - we'll never copy
+			// anything from here.
+			logrus.Debugf("Performing terminal HTTP attach for container %s", c.ID())
+			if attachStdout {
+				err = httpAttachTerminalCopy(conn, httpBuf, c.ID())
+			}
+		} else {
+			logrus.Debugf("Performing non-terminal HTTP attach for container %s", c.ID())
+			err = httpAttachNonTerminalCopy(conn, httpBuf, c.ID(), attachStdin, attachStdout, attachStderr)
+		}
+		stdoutChan <- err
+		logrus.Debugf("STDOUT/ERR copy completed")
+	}()
+
+	for {
+		select {
+		case err := <-stdoutChan:
+			if err != nil {
+				return err
+			}
+
+			return nil
+		case err := <-stdinChan:
+			if err != nil {
+				return err
+			}
+			// copy stdin is done, close it
+			if connErr := socketCloseWrite(conn); connErr != nil {
+				logrus.Errorf("Unable to close conn: %v", connErr)
+			}
+		case <-cancel:
+			return nil
+		}
+	}
+}
+
+// prepareProcessExec returns the path of the process.json used in runc exec -p
+// caller is responsible to close the returned *os.File if needed.
+func (c *Container) prepareProcessExec(options *ExecOptions, env []string, sessionID string) (*os.File, error) {
+	f, err := ioutil.TempFile(c.execBundlePath(sessionID), "exec-process-")
+	if err != nil {
+		return nil, err
+	}
+	pspec := new(spec.Process)
+	if err := JSONDeepCopy(c.config.Spec.Process, pspec); err != nil {
+		return nil, err
+	}
+	pspec.SelinuxLabel = c.config.ProcessLabel
+	pspec.Args = options.Cmd
+
+	// We need to default this to false else it will inherit terminal as true
+	// from the container.
+	pspec.Terminal = false
+	if options.Terminal {
+		pspec.Terminal = true
+	}
+	if len(env) > 0 {
+		pspec.Env = append(pspec.Env, env...)
+	}
+
+	// Add secret envs if they exist
+	manager, err := c.runtime.SecretsManager()
+	if err != nil {
+		return nil, err
+	}
+	for name, secr := range c.config.EnvSecrets {
+		_, data, err := manager.LookupSecretData(secr.Name)
+		if err != nil {
+			return nil, err
+		}
+		pspec.Env = append(pspec.Env, fmt.Sprintf("%s=%s", name, string(data)))
+	}
+
+	if options.Cwd != "" {
+		pspec.Cwd = options.Cwd
+	}
+
+	var addGroups []string
+	var sgids []uint32
+
+	// if the user is empty, we should inherit the user that the container is currently running with
+	user := options.User
+	if user == "" {
+		logrus.Debugf("Set user to %s", c.config.User)
+		user = c.config.User
+		addGroups = c.config.Groups
+	}
+
+	overrides := c.getUserOverrides()
+	execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, overrides)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(addGroups) > 0 {
+		sgids, err = lookup.GetContainerGroups(addGroups, c.state.Mountpoint, overrides)
+		if err != nil {
+			return nil, fmt.Errorf("looking up supplemental groups for container %s exec session %s: %w", c.ID(), sessionID, err)
+		}
+	}
+
+	// If user was set, look it up in the container to get a UID to use on
+	// the host
+	if user != "" || len(sgids) > 0 {
+		if user != "" {
+			for _, sgid := range execUser.Sgids {
+				sgids = append(sgids, uint32(sgid))
+			}
+		}
+		processUser := spec.User{
+			UID:            uint32(execUser.Uid),
+			GID:            uint32(execUser.Gid),
+			AdditionalGids: sgids,
+		}
+
+		pspec.User = processUser
+	}
+
+	if err := c.setProcessCapabilitiesExec(options, user, execUser, pspec); err != nil {
+		return nil, err
+	}
+
+	hasHomeSet := false
+	for _, s := range pspec.Env {
+		if strings.HasPrefix(s, "HOME=") {
+			hasHomeSet = true
+			break
+		}
+	}
+	if !hasHomeSet {
+		pspec.Env = append(pspec.Env, fmt.Sprintf("HOME=%s", execUser.Home))
+	}
+
+	processJSON, err := json.Marshal(pspec)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := ioutil.WriteFile(f.Name(), processJSON, 0644); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
diff --git a/libpod/oci_conmon_exec_freebsd.go b/libpod/oci_conmon_exec_freebsd.go
new file mode 100644
index 000000000..bf30404a1
--- /dev/null
+++ b/libpod/oci_conmon_exec_freebsd.go
@@ -0,0 +1,10 @@
+package libpod
+
+import (
+	"github.com/opencontainers/runc/libcontainer/user"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (c *Container) setProcessCapabilitiesExec(options *ExecOptions, user string, execUser *user.ExecUser, pspec *spec.Process) error {
+	return nil
+}
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go
index 16cd7ef9f..617e8d601 100644
--- a/libpod/oci_conmon_exec_linux.go
+++ b/libpod/oci_conmon_exec_linux.go
@@ -1,758 +1,20 @@
 package libpod
 
 import (
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-	"syscall"
-	"time"
-
 	"github.com/containers/common/pkg/capabilities"
-	"github.com/containers/common/pkg/config"
-	"github.com/containers/common/pkg/resize"
-	cutil "github.com/containers/common/pkg/util"
-	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/pkg/errorhandling"
-	"github.com/containers/podman/v4/pkg/lookup"
-	"github.com/containers/podman/v4/pkg/util"
+	"github.com/opencontainers/runc/libcontainer/user"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
 )
 
-// ExecContainer executes a command in a running container
-func (r *ConmonOCIRuntime) ExecContainer(c *Container, sessionID string, options *ExecOptions, streams *define.AttachStreams, newSize *resize.TerminalSize) (int, chan error, error) {
-	if options == nil {
-		return -1, nil, fmt.Errorf("must provide an ExecOptions struct to ExecContainer: %w", define.ErrInvalidArg)
-	}
-	if len(options.Cmd) == 0 {
-		return -1, nil, fmt.Errorf("must provide a command to execute: %w", define.ErrInvalidArg)
-	}
-
-	if sessionID == "" {
-		return -1, nil, fmt.Errorf("must provide a session ID for exec: %w", define.ErrEmptyID)
-	}
-
-	// TODO: Should we default this to false?
-	// Or maybe make streams mandatory?
-	attachStdin := true
-	if streams != nil {
-		attachStdin = streams.AttachInput
-	}
-
-	var ociLog string
-	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
-		ociLog = c.execOCILog(sessionID)
-	}
-
-	execCmd, pipes, err := r.startExec(c, sessionID, options, attachStdin, ociLog)
-	if err != nil {
-		return -1, nil, err
-	}
-
-	// Only close sync pipe. Start and attach are consumed in the attach
-	// goroutine.
-	defer func() {
-		if pipes.syncPipe != nil && !pipes.syncClosed {
-			errorhandling.CloseQuiet(pipes.syncPipe)
-			pipes.syncClosed = true
-		}
-	}()
-
-	// TODO Only create if !detach
-	// Attach to the container before starting it
-	attachChan := make(chan error)
-	go func() {
-		// attachToExec is responsible for closing pipes
-		attachChan <- c.attachToExec(streams, options.DetachKeys, sessionID, pipes.startPipe, pipes.attachPipe, newSize)
-		close(attachChan)
-	}()
-
-	if err := execCmd.Wait(); err != nil {
-		return -1, nil, fmt.Errorf("cannot run conmon: %w", err)
-	}
-
-	pid, err := readConmonPipeData(r.name, pipes.syncPipe, ociLog)
-
-	return pid, attachChan, err
-}
-
-// ExecContainerHTTP executes a new command in an existing container and
-// forwards its standard streams over an attach
-func (r *ConmonOCIRuntime) ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, req *http.Request, w http.ResponseWriter,
-	streams *HTTPAttachStreams, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, newSize *resize.TerminalSize) (int, chan error, error) {
-	if streams != nil {
-		if !streams.Stdin && !streams.Stdout && !streams.Stderr {
-			return -1, nil, fmt.Errorf("must provide at least one stream to attach to: %w", define.ErrInvalidArg)
-		}
-	}
-
-	if options == nil {
-		return -1, nil, fmt.Errorf("must provide exec options to ExecContainerHTTP: %w", define.ErrInvalidArg)
-	}
-
-	detachString := config.DefaultDetachKeys
-	if options.DetachKeys != nil {
-		detachString = *options.DetachKeys
-	}
-	detachKeys, err := processDetachKeys(detachString)
-	if err != nil {
-		return -1, nil, err
-	}
-
-	// TODO: Should we default this to false?
-	// Or maybe make streams mandatory?
-	attachStdin := true
-	if streams != nil {
-		attachStdin = streams.Stdin
-	}
-
-	var ociLog string
-	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
-		ociLog = ctr.execOCILog(sessionID)
-	}
-
-	execCmd, pipes, err := r.startExec(ctr, sessionID, options, attachStdin, ociLog)
-	if err != nil {
-		return -1, nil, err
-	}
-
-	// Only close sync pipe. Start and attach are consumed in the attach
-	// goroutine.
-	defer func() {
-		if pipes.syncPipe != nil && !pipes.syncClosed {
-			errorhandling.CloseQuiet(pipes.syncPipe)
-			pipes.syncClosed = true
-		}
-	}()
-
-	attachChan := make(chan error)
-	conmonPipeDataChan := make(chan conmonPipeData)
-	go func() {
-		// attachToExec is responsible for closing pipes
-		attachChan <- attachExecHTTP(ctr, sessionID, req, w, streams, pipes, detachKeys, options.Terminal, cancel, hijackDone, holdConnOpen, execCmd, conmonPipeDataChan, ociLog, newSize, r.name)
-		close(attachChan)
-	}()
-
-	// NOTE: the channel is needed to communicate conmon's data.  In case
-	// of an error, the error will be written on the hijacked http
-	// connection such that remote clients will receive the error.
-	pipeData := <-conmonPipeDataChan
-
-	return pipeData.pid, attachChan, pipeData.err
-}
-
-// conmonPipeData contains the data when reading from conmon's pipe.
-type conmonPipeData struct {
-	pid int
-	err error
-}
-
-// ExecContainerDetached executes a command in a running container, but does
-// not attach to it.
-func (r *ConmonOCIRuntime) ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error) {
-	if options == nil {
-		return -1, fmt.Errorf("must provide exec options to ExecContainerHTTP: %w", define.ErrInvalidArg)
-	}
-
-	var ociLog string
-	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
-		ociLog = ctr.execOCILog(sessionID)
-	}
-
-	execCmd, pipes, err := r.startExec(ctr, sessionID, options, stdin, ociLog)
-	if err != nil {
-		return -1, err
-	}
-
-	defer func() {
-		pipes.cleanup()
-	}()
-
-	// Wait for Conmon to tell us we're ready to attach.
-	// We aren't actually *going* to attach, but this means that we're good
-	// to proceed.
-	if _, err := readConmonPipeData(r.name, pipes.attachPipe, ""); err != nil {
-		return -1, err
-	}
-
-	// Start the exec session
-	if err := writeConmonPipeData(pipes.startPipe); err != nil {
-		return -1, err
-	}
-
-	// Wait for conmon to succeed, when return.
-	if err := execCmd.Wait(); err != nil {
-		return -1, fmt.Errorf("cannot run conmon: %w", err)
-	}
-
-	pid, err := readConmonPipeData(r.name, pipes.syncPipe, ociLog)
-
-	return pid, err
-}
-
-// ExecAttachResize resizes the TTY of the given exec session.
-func (r *ConmonOCIRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error {
-	controlFile, err := openControlFile(ctr, ctr.execBundlePath(sessionID))
-	if err != nil {
-		return err
-	}
-	defer controlFile.Close()
-
-	if _, err = fmt.Fprintf(controlFile, "%d %d %d\n", 1, newSize.Height, newSize.Width); err != nil {
-		return fmt.Errorf("failed to write to ctl file to resize terminal: %w", err)
-	}
-
-	return nil
-}
-
-// ExecStopContainer stops a given exec session in a running container.
-func (r *ConmonOCIRuntime) ExecStopContainer(ctr *Container, sessionID string, timeout uint) error {
-	pid, err := ctr.getExecSessionPID(sessionID)
-	if err != nil {
-		return err
-	}
-
-	logrus.Debugf("Going to stop container %s exec session %s", ctr.ID(), sessionID)
-
-	// Is the session dead?
-	// Ping the PID with signal 0 to see if it still exists.
-	if err := unix.Kill(pid, 0); err != nil {
-		if err == unix.ESRCH {
-			return nil
-		}
-		return fmt.Errorf("error pinging container %s exec session %s PID %d with signal 0: %w", ctr.ID(), sessionID, pid, err)
-	}
-
-	if timeout > 0 {
-		// Use SIGTERM by default, then SIGSTOP after timeout.
-		logrus.Debugf("Killing exec session %s (PID %d) of container %s with SIGTERM", sessionID, pid, ctr.ID())
-		if err := unix.Kill(pid, unix.SIGTERM); err != nil {
-			if err == unix.ESRCH {
-				return nil
-			}
-			return fmt.Errorf("error killing container %s exec session %s PID %d with SIGTERM: %w", ctr.ID(), sessionID, pid, err)
-		}
-
-		// Wait for the PID to stop
-		if err := waitPidStop(pid, time.Duration(timeout)*time.Second); err != nil {
-			logrus.Infof("Timed out waiting for container %s exec session %s to stop, resorting to SIGKILL: %v", ctr.ID(), sessionID, err)
-		} else {
-			// No error, container is dead
-			return nil
-		}
-	}
-
-	// SIGTERM did not work. On to SIGKILL.
-	logrus.Debugf("Killing exec session %s (PID %d) of container %s with SIGKILL", sessionID, pid, ctr.ID())
-	if err := unix.Kill(pid, unix.SIGTERM); err != nil {
-		if err == unix.ESRCH {
-			return nil
-		}
-		return fmt.Errorf("error killing container %s exec session %s PID %d with SIGKILL: %w", ctr.ID(), sessionID, pid, err)
-	}
-
-	// Wait for the PID to stop
-	if err := waitPidStop(pid, killContainerTimeout); err != nil {
-		return fmt.Errorf("timed out waiting for container %s exec session %s PID %d to stop after SIGKILL: %w", ctr.ID(), sessionID, pid, err)
-	}
-
-	return nil
-}
-
-// ExecUpdateStatus checks if the given exec session is still running.
-func (r *ConmonOCIRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) {
-	pid, err := ctr.getExecSessionPID(sessionID)
-	if err != nil {
-		return false, err
-	}
-
-	logrus.Debugf("Checking status of container %s exec session %s", ctr.ID(), sessionID)
-
-	// Is the session dead?
-	// Ping the PID with signal 0 to see if it still exists.
-	if err := unix.Kill(pid, 0); err != nil {
-		if err == unix.ESRCH {
-			return false, nil
-		}
-		return false, fmt.Errorf("error pinging container %s exec session %s PID %d with signal 0: %w", ctr.ID(), sessionID, pid, err)
-	}
-
-	return true, nil
-}
-
-// ExecAttachSocketPath is the path to a container's exec session attach socket.
-func (r *ConmonOCIRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error) {
-	// We don't even use container, so don't validity check it
-	if sessionID == "" {
-		return "", fmt.Errorf("must provide a valid session ID to get attach socket path: %w", define.ErrInvalidArg)
-	}
-
-	return filepath.Join(ctr.execBundlePath(sessionID), "attach"), nil
-}
-
-// This contains pipes used by the exec API.
-type execPipes struct {
-	syncPipe     *os.File
-	syncClosed   bool
-	startPipe    *os.File
-	startClosed  bool
-	attachPipe   *os.File
-	attachClosed bool
-}
-
-func (p *execPipes) cleanup() {
-	if p.syncPipe != nil && !p.syncClosed {
-		errorhandling.CloseQuiet(p.syncPipe)
-		p.syncClosed = true
-	}
-	if p.startPipe != nil && !p.startClosed {
-		errorhandling.CloseQuiet(p.startPipe)
-		p.startClosed = true
-	}
-	if p.attachPipe != nil && !p.attachClosed {
-		errorhandling.CloseQuiet(p.attachPipe)
-		p.attachClosed = true
-	}
-}
-
-// Start an exec session's conmon parent from the given options.
-func (r *ConmonOCIRuntime) startExec(c *Container, sessionID string, options *ExecOptions, attachStdin bool, ociLog string) (_ *exec.Cmd, _ *execPipes, deferredErr error) {
-	pipes := new(execPipes)
-
-	if options == nil {
-		return nil, nil, fmt.Errorf("must provide an ExecOptions struct to ExecContainer: %w", define.ErrInvalidArg)
-	}
-	if len(options.Cmd) == 0 {
-		return nil, nil, fmt.Errorf("must provide a command to execute: %w", define.ErrInvalidArg)
-	}
-
-	if sessionID == "" {
-		return nil, nil, fmt.Errorf("must provide a session ID for exec: %w", define.ErrEmptyID)
-	}
-
-	// create sync pipe to receive the pid
-	parentSyncPipe, childSyncPipe, err := newPipe()
-	if err != nil {
-		return nil, nil, fmt.Errorf("error creating socket pair: %w", err)
-	}
-	pipes.syncPipe = parentSyncPipe
-
-	defer func() {
-		if deferredErr != nil {
-			pipes.cleanup()
-		}
-	}()
-
-	// create start pipe to set the cgroup before running
-	// attachToExec is responsible for closing parentStartPipe
-	childStartPipe, parentStartPipe, err := newPipe()
-	if err != nil {
-		return nil, nil, fmt.Errorf("error creating socket pair: %w", err)
-	}
-	pipes.startPipe = parentStartPipe
-
-	// create the attach pipe to allow attach socket to be created before
-	// $RUNTIME exec starts running. This is to make sure we can capture all output
-	// from the process through that socket, rather than half reading the log, half attaching to the socket
-	// attachToExec is responsible for closing parentAttachPipe
-	parentAttachPipe, childAttachPipe, err := newPipe()
-	if err != nil {
-		return nil, nil, fmt.Errorf("error creating socket pair: %w", err)
-	}
-	pipes.attachPipe = parentAttachPipe
-
-	childrenClosed := false
-	defer func() {
-		if !childrenClosed {
-			errorhandling.CloseQuiet(childSyncPipe)
-			errorhandling.CloseQuiet(childAttachPipe)
-			errorhandling.CloseQuiet(childStartPipe)
-		}
-	}()
-
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return nil, nil, err
-	}
-
-	finalEnv := make([]string, 0, len(options.Env))
-	for k, v := range options.Env {
-		finalEnv = append(finalEnv, fmt.Sprintf("%s=%s", k, v))
-	}
-
-	processFile, err := prepareProcessExec(c, options, finalEnv, sessionID)
-	if err != nil {
-		return nil, nil, err
-	}
-	defer processFile.Close()
-
-	args := r.sharedConmonArgs(c, sessionID, c.execBundlePath(sessionID), c.execPidPath(sessionID), c.execLogPath(sessionID), c.execExitFileDir(sessionID), ociLog, define.NoLogging, c.config.LogTag)
-
-	if options.PreserveFDs > 0 {
-		args = append(args, formatRuntimeOpts("--preserve-fds", fmt.Sprintf("%d", options.PreserveFDs))...)
-	}
-
-	if options.Terminal {
-		args = append(args, "-t")
-	}
-
-	if attachStdin {
-		args = append(args, "-i")
-	}
-
-	// Append container ID and command
-	args = append(args, "-e")
-	// TODO make this optional when we can detach
-	args = append(args, "--exec-attach")
-	args = append(args, "--exec-process-spec", processFile.Name())
-
-	if len(options.ExitCommand) > 0 {
-		args = append(args, "--exit-command", options.ExitCommand[0])
-		for _, arg := range options.ExitCommand[1:] {
-			args = append(args, []string{"--exit-command-arg", arg}...)
-		}
-		if options.ExitCommandDelay > 0 {
-			args = append(args, []string{"--exit-delay", fmt.Sprintf("%d", options.ExitCommandDelay)}...)
-		}
-	}
-
-	logrus.WithFields(logrus.Fields{
-		"args": args,
-	}).Debugf("running conmon: %s", r.conmonPath)
-	execCmd := exec.Command(r.conmonPath, args...)
-
-	// TODO: This is commented because it doesn't make much sense in HTTP
-	// attach, and I'm not certain it does for non-HTTP attach as well.
-	// if streams != nil {
-	// 	// Don't add the InputStream to the execCmd. Instead, the data should be passed
-	// 	// through CopyDetachable
-	// 	if streams.AttachOutput {
-	// 		execCmd.Stdout = options.Streams.OutputStream
-	// 	}
-	// 	if streams.AttachError {
-	// 		execCmd.Stderr = options.Streams.ErrorStream
-	// 	}
-	// }
-
-	conmonEnv := r.configureConmonEnv(runtimeDir)
-
-	var filesToClose []*os.File
-	if options.PreserveFDs > 0 {
-		for fd := 3; fd < int(3+options.PreserveFDs); fd++ {
-			f := os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd))
-			filesToClose = append(filesToClose, f)
-			execCmd.ExtraFiles = append(execCmd.ExtraFiles, f)
-		}
-	}
-
-	// we don't want to step on users fds they asked to preserve
-	// Since 0-2 are used for stdio, start the fds we pass in at preserveFDs+3
-	execCmd.Env = r.conmonEnv
-	execCmd.Env = append(execCmd.Env, fmt.Sprintf("_OCI_SYNCPIPE=%d", options.PreserveFDs+3), fmt.Sprintf("_OCI_STARTPIPE=%d", options.PreserveFDs+4), fmt.Sprintf("_OCI_ATTACHPIPE=%d", options.PreserveFDs+5))
-	execCmd.Env = append(execCmd.Env, conmonEnv...)
-
-	execCmd.ExtraFiles = append(execCmd.ExtraFiles, childSyncPipe, childStartPipe, childAttachPipe)
-	execCmd.Dir = c.execBundlePath(sessionID)
-	execCmd.SysProcAttr = &syscall.SysProcAttr{
-		Setpgid: true,
-	}
-
-	err = startCommand(execCmd, c)
-
-	// We don't need children pipes  on the parent side
-	errorhandling.CloseQuiet(childSyncPipe)
-	errorhandling.CloseQuiet(childAttachPipe)
-	errorhandling.CloseQuiet(childStartPipe)
-	childrenClosed = true
-
-	if err != nil {
-		return nil, nil, fmt.Errorf("cannot start container %s: %w", c.ID(), err)
-	}
-	if err := r.moveConmonToCgroupAndSignal(c, execCmd, parentStartPipe); err != nil {
-		return nil, nil, err
-	}
-
-	// These fds were passed down to the runtime.  Close them
-	// and not interfere
-	for _, f := range filesToClose {
-		errorhandling.CloseQuiet(f)
-	}
-
-	return execCmd, pipes, nil
-}
-
-// Attach to a container over HTTP
-func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, pipes *execPipes, detachKeys []byte, isTerminal bool, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, execCmd *exec.Cmd, conmonPipeDataChan chan<- conmonPipeData, ociLog string, newSize *resize.TerminalSize, runtimeName string) (deferredErr error) {
-	// NOTE: As you may notice, the attach code is quite complex.
-	// Many things happen concurrently and yet are interdependent.
-	// If you ever change this function, make sure to write to the
-	// conmonPipeDataChan in case of an error.
-
-	if pipes == nil || pipes.startPipe == nil || pipes.attachPipe == nil {
-		err := fmt.Errorf("must provide a start and attach pipe to finish an exec attach: %w", define.ErrInvalidArg)
-		conmonPipeDataChan <- conmonPipeData{-1, err}
-		return err
-	}
-
-	defer func() {
-		if !pipes.startClosed {
-			errorhandling.CloseQuiet(pipes.startPipe)
-			pipes.startClosed = true
-		}
-		if !pipes.attachClosed {
-			errorhandling.CloseQuiet(pipes.attachPipe)
-			pipes.attachClosed = true
-		}
-	}()
-
-	logrus.Debugf("Attaching to container %s exec session %s", c.ID(), sessionID)
-
-	// set up the socket path, such that it is the correct length and location for exec
-	sockPath, err := c.execAttachSocketPath(sessionID)
-	if err != nil {
-		conmonPipeDataChan <- conmonPipeData{-1, err}
-		return err
-	}
-
-	// 2: read from attachFd that the parent process has set up the console socket
-	if _, err := readConmonPipeData(runtimeName, pipes.attachPipe, ""); err != nil {
-		conmonPipeDataChan <- conmonPipeData{-1, err}
-		return err
-	}
-
-	// resize before we start the container process
-	if newSize != nil {
-		err = c.ociRuntime.ExecAttachResize(c, sessionID, *newSize)
-		if err != nil {
-			logrus.Warnf("Resize failed: %v", err)
-		}
-	}
-
-	// 2: then attach
-	conn, err := openUnixSocket(sockPath)
-	if err != nil {
-		conmonPipeDataChan <- conmonPipeData{-1, err}
-		return fmt.Errorf("failed to connect to container's attach socket: %v: %w", sockPath, err)
-	}
-	defer func() {
-		if err := conn.Close(); err != nil {
-			logrus.Errorf("Unable to close socket: %q", err)
-		}
-	}()
-
-	attachStdout := true
-	attachStderr := true
-	attachStdin := true
-	if streams != nil {
-		attachStdout = streams.Stdout
-		attachStderr = streams.Stderr
-		attachStdin = streams.Stdin
-	}
-
-	// Perform hijack
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		conmonPipeDataChan <- conmonPipeData{-1, err}
-		return errors.New("unable to hijack connection")
-	}
-
-	httpCon, httpBuf, err := hijacker.Hijack()
-	if err != nil {
-		conmonPipeDataChan <- conmonPipeData{-1, err}
-		return fmt.Errorf("error hijacking connection: %w", err)
-	}
-
-	hijackDone <- true
-
-	// Write a header to let the client know what happened
-	writeHijackHeader(r, httpBuf)
-
-	// Force a flush after the header is written.
-	if err := httpBuf.Flush(); err != nil {
-		conmonPipeDataChan <- conmonPipeData{-1, err}
-		return fmt.Errorf("error flushing HTTP hijack header: %w", err)
-	}
-
-	go func() {
-		// Wait for conmon to succeed, when return.
-		if err := execCmd.Wait(); err != nil {
-			conmonPipeDataChan <- conmonPipeData{-1, err}
-		} else {
-			pid, err := readConmonPipeData(runtimeName, pipes.syncPipe, ociLog)
-			if err != nil {
-				hijackWriteError(err, c.ID(), isTerminal, httpBuf)
-				conmonPipeDataChan <- conmonPipeData{pid, err}
-			} else {
-				conmonPipeDataChan <- conmonPipeData{pid, err}
-			}
-		}
-		// We need to hold the connection open until the complete exec
-		// function has finished. This channel will be closed in a defer
-		// in that function, so we can wait for it here.
-		// Can't be a defer, because this would block the function from
-		// returning.
-		<-holdConnOpen
-		hijackWriteErrorAndClose(deferredErr, c.ID(), isTerminal, httpCon, httpBuf)
-	}()
-
-	stdoutChan := make(chan error)
-	stdinChan := make(chan error)
-
-	// Next, STDIN. Avoid entirely if attachStdin unset.
-	if attachStdin {
-		go func() {
-			logrus.Debugf("Beginning STDIN copy")
-			_, err := cutil.CopyDetachable(conn, httpBuf, detachKeys)
-			logrus.Debugf("STDIN copy completed")
-			stdinChan <- err
-		}()
-	}
-
-	// 4: send start message to child
-	if err := writeConmonPipeData(pipes.startPipe); err != nil {
-		return err
-	}
-
-	// Handle STDOUT/STDERR *after* start message is sent
-	go func() {
-		var err error
-		if isTerminal {
-			// Hack: return immediately if attachStdout not set to
-			// emulate Docker.
-			// Basically, when terminal is set, STDERR goes nowhere.
-			// Everything does over STDOUT.
-			// Therefore, if not attaching STDOUT - we'll never copy
-			// anything from here.
-			logrus.Debugf("Performing terminal HTTP attach for container %s", c.ID())
-			if attachStdout {
-				err = httpAttachTerminalCopy(conn, httpBuf, c.ID())
-			}
-		} else {
-			logrus.Debugf("Performing non-terminal HTTP attach for container %s", c.ID())
-			err = httpAttachNonTerminalCopy(conn, httpBuf, c.ID(), attachStdin, attachStdout, attachStderr)
-		}
-		stdoutChan <- err
-		logrus.Debugf("STDOUT/ERR copy completed")
-	}()
-
-	for {
-		select {
-		case err := <-stdoutChan:
-			if err != nil {
-				return err
-			}
-
-			return nil
-		case err := <-stdinChan:
-			if err != nil {
-				return err
-			}
-			// copy stdin is done, close it
-			if connErr := conn.CloseWrite(); connErr != nil {
-				logrus.Errorf("Unable to close conn: %v", connErr)
-			}
-		case <-cancel:
-			return nil
-		}
-	}
-}
-
-// prepareProcessExec returns the path of the process.json used in runc exec -p
-// caller is responsible to close the returned *os.File if needed.
-func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessionID string) (*os.File, error) {
-	f, err := ioutil.TempFile(c.execBundlePath(sessionID), "exec-process-")
-	if err != nil {
-		return nil, err
-	}
-	pspec := new(spec.Process)
-	if err := JSONDeepCopy(c.config.Spec.Process, pspec); err != nil {
-		return nil, err
-	}
-	pspec.SelinuxLabel = c.config.ProcessLabel
-	pspec.Args = options.Cmd
-
-	// We need to default this to false else it will inherit terminal as true
-	// from the container.
-	pspec.Terminal = false
-	if options.Terminal {
-		pspec.Terminal = true
-	}
-	if len(env) > 0 {
-		pspec.Env = append(pspec.Env, env...)
-	}
-
-	// Add secret envs if they exist
-	manager, err := c.runtime.SecretsManager()
-	if err != nil {
-		return nil, err
-	}
-	for name, secr := range c.config.EnvSecrets {
-		_, data, err := manager.LookupSecretData(secr.Name)
-		if err != nil {
-			return nil, err
-		}
-		pspec.Env = append(pspec.Env, fmt.Sprintf("%s=%s", name, string(data)))
-	}
-
-	if options.Cwd != "" {
-		pspec.Cwd = options.Cwd
-	}
-
-	var addGroups []string
-	var sgids []uint32
-
-	// if the user is empty, we should inherit the user that the container is currently running with
-	user := options.User
-	if user == "" {
-		logrus.Debugf("Set user to %s", c.config.User)
-		user = c.config.User
-		addGroups = c.config.Groups
-	}
-
-	overrides := c.getUserOverrides()
-	execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, overrides)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(addGroups) > 0 {
-		sgids, err = lookup.GetContainerGroups(addGroups, c.state.Mountpoint, overrides)
-		if err != nil {
-			return nil, fmt.Errorf("error looking up supplemental groups for container %s exec session %s: %w", c.ID(), sessionID, err)
-		}
-	}
-
-	// If user was set, look it up in the container to get a UID to use on
-	// the host
-	if user != "" || len(sgids) > 0 {
-		if user != "" {
-			for _, sgid := range execUser.Sgids {
-				sgids = append(sgids, uint32(sgid))
-			}
-		}
-		processUser := spec.User{
-			UID:            uint32(execUser.Uid),
-			GID:            uint32(execUser.Gid),
-			AdditionalGids: sgids,
-		}
-
-		pspec.User = processUser
-	}
-
+func (c *Container) setProcessCapabilitiesExec(options *ExecOptions, user string, execUser *user.ExecUser, pspec *spec.Process) error {
 	ctrSpec, err := c.specFromState()
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	allCaps, err := capabilities.BoundingSet()
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if options.Privileged {
 		pspec.Capabilities.Bounding = allCaps
@@ -773,25 +35,5 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio
 		pspec.Capabilities.Permitted = ctrSpec.Process.Capabilities.Effective
 		pspec.Capabilities.Ambient = ctrSpec.Process.Capabilities.Effective
 	}
-
-	hasHomeSet := false
-	for _, s := range pspec.Env {
-		if strings.HasPrefix(s, "HOME=") {
-			hasHomeSet = true
-			break
-		}
-	}
-	if !hasHomeSet {
-		pspec.Env = append(pspec.Env, fmt.Sprintf("HOME=%s", execUser.Home))
-	}
-
-	processJSON, err := json.Marshal(pspec)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := ioutil.WriteFile(f.Name(), processJSON, 0644); err != nil {
-		return nil, err
-	}
-	return f, nil
+	return nil
 }
diff --git a/libpod/oci_conmon_freebsd.go b/libpod/oci_conmon_freebsd.go
new file mode 100644
index 000000000..d74f2af01
--- /dev/null
+++ b/libpod/oci_conmon_freebsd.go
@@ -0,0 +1,27 @@
+package libpod
+
+import (
+	"errors"
+	"os"
+	"os/exec"
+)
+
+func (r *ConmonOCIRuntime) createRootlessContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error) {
+	return -1, errors.New("unsupported (*ConmonOCIRuntime) createRootlessContainer")
+}
+
+// Run the closure with the container's socket label set
+func (r *ConmonOCIRuntime) withContainerSocketLabel(ctr *Container, closure func() error) error {
+	// No label support yet
+	return closure()
+}
+
+// moveConmonToCgroupAndSignal gets a container's cgroupParent and moves the conmon process to that cgroup
+// it then signals for conmon to start by sending nonce data down the start fd
+func (r *ConmonOCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec.Cmd, startFd *os.File) error {
+	// No equivalent to cgroup on FreeBSD, just signal conmon to start
+	if err := writeConmonPipeData(startFd); err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index cb76de72c..0964d4ea3 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1,46 +1,21 @@
-//go:build linux
-// +build linux
-
 package libpod
 
 import (
-	"bufio"
-	"bytes"
-	"context"
-	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
-	"strconv"
 	"strings"
-	"sync"
-	"syscall"
-	"text/template"
-	"time"
 
 	runcconfig "github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/devices"
 
 	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/common/pkg/resize"
-	cutil "github.com/containers/common/pkg/util"
-	conmonConfig "github.com/containers/conmon/runner/config"
-	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/libpod/logs"
-	"github.com/containers/podman/v4/pkg/checkpoint/crutils"
 	"github.com/containers/podman/v4/pkg/errorhandling"
 	"github.com/containers/podman/v4/pkg/rootless"
-	"github.com/containers/podman/v4/pkg/specgenutil"
-	"github.com/containers/podman/v4/pkg/util"
 	"github.com/containers/podman/v4/utils"
-	"github.com/containers/storage/pkg/homedir"
 	pmount "github.com/containers/storage/pkg/mount"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/selinux/go-selinux/label"
@@ -48,782 +23,70 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-const (
-	// This is Conmon's STDIO_BUF_SIZE. I don't believe we have access to it
-	// directly from the Go code, so const it here
-	// Important: The conmon attach socket uses an extra byte at the beginning of each
-	// message to specify the STREAM so we have to increase the buffer size by one
-	bufferSize = conmonConfig.BufSize + 1
-)
-
-// ConmonOCIRuntime is an OCI runtime managed by Conmon.
-// TODO: Make all calls to OCI runtime have a timeout.
-type ConmonOCIRuntime struct {
-	name              string
-	path              string
-	conmonPath        string
-	conmonEnv         []string
-	tmpDir            string
-	exitsDir          string
-	logSizeMax        int64
-	noPivot           bool
-	reservePorts      bool
-	runtimeFlags      []string
-	supportsJSON      bool
-	supportsKVM       bool
-	supportsNoCgroups bool
-	enableKeyring     bool
-}
-
-// Make a new Conmon-based OCI runtime with the given options.
-// Conmon will wrap the given OCI runtime, which can be `runc`, `crun`, or
-// any runtime with a runc-compatible CLI.
-// The first path that points to a valid executable will be used.
-// Deliberately private. Someone should not be able to construct this outside of
-// libpod.
-func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeFlags []string, runtimeCfg *config.Config) (OCIRuntime, error) {
-	if name == "" {
-		return nil, fmt.Errorf("the OCI runtime must be provided a non-empty name: %w", define.ErrInvalidArg)
-	}
-
-	// Make lookup tables for runtime support
-	supportsJSON := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsJSON))
-	supportsNoCgroups := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsNoCgroups))
-	supportsKVM := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsKVM))
-	for _, r := range runtimeCfg.Engine.RuntimeSupportsJSON {
-		supportsJSON[r] = true
-	}
-	for _, r := range runtimeCfg.Engine.RuntimeSupportsNoCgroups {
-		supportsNoCgroups[r] = true
-	}
-	for _, r := range runtimeCfg.Engine.RuntimeSupportsKVM {
-		supportsKVM[r] = true
-	}
-
-	runtime := new(ConmonOCIRuntime)
-	runtime.name = name
-	runtime.conmonPath = conmonPath
-	runtime.runtimeFlags = runtimeFlags
-
-	runtime.conmonEnv = runtimeCfg.Engine.ConmonEnvVars
-	runtime.tmpDir = runtimeCfg.Engine.TmpDir
-	runtime.logSizeMax = runtimeCfg.Containers.LogSizeMax
-	runtime.noPivot = runtimeCfg.Engine.NoPivotRoot
-	runtime.reservePorts = runtimeCfg.Engine.EnablePortReservation
-	runtime.enableKeyring = runtimeCfg.Containers.EnableKeyring
-
-	// TODO: probe OCI runtime for feature and enable automatically if
-	// available.
-
-	base := filepath.Base(name)
-	runtime.supportsJSON = supportsJSON[base]
-	runtime.supportsNoCgroups = supportsNoCgroups[base]
-	runtime.supportsKVM = supportsKVM[base]
-
-	foundPath := false
-	for _, path := range paths {
-		stat, err := os.Stat(path)
-		if err != nil {
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, fmt.Errorf("cannot stat OCI runtime %s path: %w", name, err)
-		}
-		if !stat.Mode().IsRegular() {
-			continue
-		}
-		foundPath = true
-		logrus.Tracef("found runtime %q", path)
-		runtime.path = path
-		break
-	}
-
-	// Search the $PATH as last fallback
-	if !foundPath {
-		if foundRuntime, err := exec.LookPath(name); err == nil {
-			foundPath = true
-			runtime.path = foundRuntime
-			logrus.Debugf("using runtime %q from $PATH: %q", name, foundRuntime)
-		}
-	}
-
-	if !foundPath {
-		return nil, fmt.Errorf("no valid executable found for OCI runtime %s: %w", name, define.ErrInvalidArg)
-	}
-
-	runtime.exitsDir = filepath.Join(runtime.tmpDir, "exits")
-
-	// Create the exit files and attach sockets directories
-	if err := os.MkdirAll(runtime.exitsDir, 0750); err != nil {
-		// The directory is allowed to exist
-		if !os.IsExist(err) {
-			return nil, fmt.Errorf("error creating OCI runtime exit files directory: %w", err)
-		}
+func (r *ConmonOCIRuntime) createRootlessContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error) {
+	type result struct {
+		restoreDuration int64
+		err             error
 	}
-	return runtime, nil
-}
-
-// Name returns the name of the runtime being wrapped by Conmon.
-func (r *ConmonOCIRuntime) Name() string {
-	return r.name
-}
-
-// Path returns the path of the OCI runtime being wrapped by Conmon.
-func (r *ConmonOCIRuntime) Path() string {
-	return r.path
-}
-
-// hasCurrentUserMapped checks whether the current user is mapped inside the container user namespace
-func hasCurrentUserMapped(ctr *Container) bool {
-	if len(ctr.config.IDMappings.UIDMap) == 0 && len(ctr.config.IDMappings.GIDMap) == 0 {
-		return true
-	}
-	uid := os.Geteuid()
-	for _, m := range ctr.config.IDMappings.UIDMap {
-		if uid >= m.HostID && uid < m.HostID+m.Size {
-			return true
-		}
-	}
-	return false
-}
-
-// CreateContainer creates a container.
-func (r *ConmonOCIRuntime) CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error) {
-	// always make the run dir accessible to the current user so that the PID files can be read without
-	// being in the rootless user namespace.
-	if err := makeAccessible(ctr.state.RunDir, 0, 0); err != nil {
-		return 0, err
-	}
-	if !hasCurrentUserMapped(ctr) {
-		for _, i := range []string{ctr.state.RunDir, ctr.runtime.config.Engine.TmpDir, ctr.config.StaticDir, ctr.state.Mountpoint, ctr.runtime.config.Engine.VolumePath} {
-			if err := makeAccessible(i, ctr.RootUID(), ctr.RootGID()); err != nil {
+	ch := make(chan result)
+	go func() {
+		runtime.LockOSThread()
+		restoreDuration, err := func() (int64, error) {
+			fd, err := os.Open(fmt.Sprintf("/proc/%d/task/%d/ns/mnt", os.Getpid(), unix.Gettid()))
+			if err != nil {
 				return 0, err
 			}
-		}
+			defer errorhandling.CloseQuiet(fd)
 
-		// if we are running a non privileged container, be sure to umount some kernel paths so they are not
-		// bind mounted inside the container at all.
-		if !ctr.config.Privileged && !rootless.IsRootless() {
-			type result struct {
-				restoreDuration int64
-				err             error
+			// create a new mountns on the current thread
+			if err = unix.Unshare(unix.CLONE_NEWNS); err != nil {
+				return 0, err
 			}
-			ch := make(chan result)
-			go func() {
-				runtime.LockOSThread()
-				restoreDuration, err := func() (int64, error) {
-					fd, err := os.Open(fmt.Sprintf("/proc/%d/task/%d/ns/mnt", os.Getpid(), unix.Gettid()))
-					if err != nil {
-						return 0, err
-					}
-					defer errorhandling.CloseQuiet(fd)
-
-					// create a new mountns on the current thread
-					if err = unix.Unshare(unix.CLONE_NEWNS); err != nil {
-						return 0, err
-					}
-					defer func() {
-						if err := unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS); err != nil {
-							logrus.Errorf("Unable to clone new namespace: %q", err)
-						}
-					}()
-
-					// don't spread our mounts around.  We are setting only /sys to be slave
-					// so that the cleanup process is still able to umount the storage and the
-					// changes are propagated to the host.
-					err = unix.Mount("/sys", "/sys", "none", unix.MS_REC|unix.MS_SLAVE, "")
-					if err != nil {
-						return 0, fmt.Errorf("cannot make /sys slave: %w", err)
-					}
-
-					mounts, err := pmount.GetMounts()
-					if err != nil {
-						return 0, err
-					}
-					for _, m := range mounts {
-						if !strings.HasPrefix(m.Mountpoint, "/sys/kernel") {
-							continue
-						}
-						err = unix.Unmount(m.Mountpoint, 0)
-						if err != nil && !os.IsNotExist(err) {
-							return 0, fmt.Errorf("cannot unmount %s: %w", m.Mountpoint, err)
-						}
-					}
-					return r.createOCIContainer(ctr, restoreOptions)
-				}()
-				ch <- result{
-					restoreDuration: restoreDuration,
-					err:             err,
+			defer func() {
+				if err := unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS); err != nil {
+					logrus.Errorf("Unable to clone new namespace: %q", err)
 				}
 			}()
-			r := <-ch
-			return r.restoreDuration, r.err
-		}
-	}
-	return r.createOCIContainer(ctr, restoreOptions)
-}
-
-// UpdateContainerStatus retrieves the current status of the container from the
-// runtime. It updates the container's state but does not save it.
-// If useRuntime is false, we will not directly hit runc to see the container's
-// status, but will instead only check for the existence of the conmon exit file
-// and update state to stopped if it exists.
-func (r *ConmonOCIRuntime) UpdateContainerStatus(ctr *Container) error {
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return err
-	}
-
-	// Store old state so we know if we were already stopped
-	oldState := ctr.state.State
-
-	state := new(spec.State)
-
-	cmd := exec.Command(r.path, "state", ctr.ID())
-	cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
-
-	outPipe, err := cmd.StdoutPipe()
-	if err != nil {
-		return fmt.Errorf("getting stdout pipe: %w", err)
-	}
-	errPipe, err := cmd.StderrPipe()
-	if err != nil {
-		return fmt.Errorf("getting stderr pipe: %w", err)
-	}
-
-	if err := cmd.Start(); err != nil {
-		out, err2 := ioutil.ReadAll(errPipe)
-		if err2 != nil {
-			return fmt.Errorf("error getting container %s state: %w", ctr.ID(), err)
-		}
-		if strings.Contains(string(out), "does not exist") || strings.Contains(string(out), "No such file") {
-			if err := ctr.removeConmonFiles(); err != nil {
-				logrus.Debugf("unable to remove conmon files for container %s", ctr.ID())
-			}
-			ctr.state.ExitCode = -1
-			ctr.state.FinishedTime = time.Now()
-			ctr.state.State = define.ContainerStateExited
-			return ctr.runtime.state.AddContainerExitCode(ctr.ID(), ctr.state.ExitCode)
-		}
-		return fmt.Errorf("error getting container %s state. stderr/out: %s: %w", ctr.ID(), out, err)
-	}
-	defer func() {
-		_ = cmd.Wait()
-	}()
-
-	if err := errPipe.Close(); err != nil {
-		return err
-	}
-	out, err := ioutil.ReadAll(outPipe)
-	if err != nil {
-		return fmt.Errorf("error reading stdout: %s: %w", ctr.ID(), err)
-	}
-	if err := json.NewDecoder(bytes.NewBuffer(out)).Decode(state); err != nil {
-		return fmt.Errorf("error decoding container status for container %s: %w", ctr.ID(), err)
-	}
-	ctr.state.PID = state.Pid
-
-	switch state.Status {
-	case "created":
-		ctr.state.State = define.ContainerStateCreated
-	case "paused":
-		ctr.state.State = define.ContainerStatePaused
-	case "running":
-		ctr.state.State = define.ContainerStateRunning
-	case "stopped":
-		ctr.state.State = define.ContainerStateStopped
-	default:
-		return fmt.Errorf("unrecognized status returned by runtime for container %s: %s: %w",
-			ctr.ID(), state.Status, define.ErrInternal)
-	}
-
-	// Only grab exit status if we were not already stopped
-	// If we were, it should already be in the database
-	if ctr.state.State == define.ContainerStateStopped && oldState != define.ContainerStateStopped {
-		if _, err := ctr.Wait(context.Background()); err != nil {
-			logrus.Errorf("Waiting for container %s to exit: %v", ctr.ID(), err)
-		}
-		return nil
-	}
-
-	// Handle ContainerStateStopping - keep it unless the container
-	// transitioned to no longer running.
-	if oldState == define.ContainerStateStopping && (ctr.state.State == define.ContainerStatePaused || ctr.state.State == define.ContainerStateRunning) {
-		ctr.state.State = define.ContainerStateStopping
-	}
 
-	return nil
-}
-
-// StartContainer starts the given container.
-// Sets time the container was started, but does not save it.
-func (r *ConmonOCIRuntime) StartContainer(ctr *Container) error {
-	// TODO: streams should probably *not* be our STDIN/OUT/ERR - redirect to buffers?
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return err
-	}
-	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
-	if path, ok := os.LookupEnv("PATH"); ok {
-		env = append(env, fmt.Sprintf("PATH=%s", path))
-	}
-	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "start", ctr.ID())...); err != nil {
-		return err
-	}
-
-	ctr.state.StartedTime = time.Now()
-
-	return nil
-}
-
-// KillContainer sends the given signal to the given container.
-// If all is set, send to all PIDs in the container.
-// All is only supported if the container created cgroups.
-func (r *ConmonOCIRuntime) KillContainer(ctr *Container, signal uint, all bool) error {
-	logrus.Debugf("Sending signal %d to container %s", signal, ctr.ID())
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return err
-	}
-	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
-	var args []string
-	args = append(args, r.runtimeFlags...)
-	if all {
-		args = append(args, "kill", "--all", ctr.ID(), fmt.Sprintf("%d", signal))
-	} else {
-		args = append(args, "kill", ctr.ID(), fmt.Sprintf("%d", signal))
-	}
-	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, args...); err != nil {
-		// Update container state - there's a chance we failed because
-		// the container exited in the meantime.
-		if err2 := r.UpdateContainerStatus(ctr); err2 != nil {
-			logrus.Infof("Error updating status for container %s: %v", ctr.ID(), err2)
-		}
-		if ctr.ensureState(define.ContainerStateStopped, define.ContainerStateExited) {
-			return define.ErrCtrStateInvalid
-		}
-		return fmt.Errorf("error sending signal to container %s: %w", ctr.ID(), err)
-	}
-
-	return nil
-}
-
-// StopContainer stops a container, first using its given stop signal (or
-// SIGTERM if no signal was specified), then using SIGKILL.
-// Timeout is given in seconds. If timeout is 0, the container will be
-// immediately kill with SIGKILL.
-// Does not set finished time for container, assumes you will run updateStatus
-// after to pull the exit code.
-func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) error {
-	logrus.Debugf("Stopping container %s (PID %d)", ctr.ID(), ctr.state.PID)
-
-	// Ping the container to see if it's alive
-	// If it's not, it's already stopped, return
-	err := unix.Kill(ctr.state.PID, 0)
-	if err == unix.ESRCH {
-		return nil
-	}
-
-	stopSignal := ctr.config.StopSignal
-	if stopSignal == 0 {
-		stopSignal = uint(syscall.SIGTERM)
-	}
-
-	if timeout > 0 {
-		if err := r.KillContainer(ctr, stopSignal, all); err != nil {
-			// Is the container gone?
-			// If so, it probably died between the first check and
-			// our sending the signal
-			// The container is stopped, so exit cleanly
-			err := unix.Kill(ctr.state.PID, 0)
-			if err == unix.ESRCH {
-				return nil
+			// don't spread our mounts around.  We are setting only /sys to be slave
+			// so that the cleanup process is still able to umount the storage and the
+			// changes are propagated to the host.
+			err = unix.Mount("/sys", "/sys", "none", unix.MS_REC|unix.MS_SLAVE, "")
+			if err != nil {
+				return 0, fmt.Errorf("cannot make /sys slave: %w", err)
 			}
 
-			return err
-		}
-
-		if err := waitContainerStop(ctr, time.Duration(timeout)*time.Second); err != nil {
-			logrus.Debugf("Timed out stopping container %s with %s, resorting to SIGKILL: %v", ctr.ID(), unix.SignalName(syscall.Signal(stopSignal)), err)
-			logrus.Warnf("StopSignal %s failed to stop container %s in %d seconds, resorting to SIGKILL", unix.SignalName(syscall.Signal(stopSignal)), ctr.Name(), timeout)
-		} else {
-			// No error, the container is dead
-			return nil
-		}
-	}
-
-	if err := r.KillContainer(ctr, 9, all); err != nil {
-		// Again, check if the container is gone. If it is, exit cleanly.
-		err := unix.Kill(ctr.state.PID, 0)
-		if err == unix.ESRCH {
-			return nil
-		}
-
-		return fmt.Errorf("error sending SIGKILL to container %s: %w", ctr.ID(), err)
-	}
-
-	// Give runtime a few seconds to make it happen
-	if err := waitContainerStop(ctr, killContainerTimeout); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// DeleteContainer deletes a container from the OCI runtime.
-func (r *ConmonOCIRuntime) DeleteContainer(ctr *Container) error {
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return err
-	}
-	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
-	return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "delete", "--force", ctr.ID())...)
-}
-
-// PauseContainer pauses the given container.
-func (r *ConmonOCIRuntime) PauseContainer(ctr *Container) error {
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return err
-	}
-	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
-	return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "pause", ctr.ID())...)
-}
-
-// UnpauseContainer unpauses the given container.
-func (r *ConmonOCIRuntime) UnpauseContainer(ctr *Container) error {
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return err
-	}
-	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
-	return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, append(r.runtimeFlags, "resume", ctr.ID())...)
-}
-
-// HTTPAttach performs an attach for the HTTP API.
-// The caller must handle closing the HTTP connection after this returns.
-// The cancel channel is not closed; it is up to the caller to do so after
-// this function returns.
-// If this is a container with a terminal, we will stream raw. If it is not, we
-// will stream with an 8-byte header to multiplex STDOUT and STDERR.
-// Returns any errors that occurred, and whether the connection was successfully
-// hijacked before that error occurred.
-func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, streamAttach, streamLogs bool) (deferredErr error) {
-	isTerminal := false
-	if ctr.config.Spec.Process != nil {
-		isTerminal = ctr.config.Spec.Process.Terminal
-	}
-
-	if streams != nil {
-		if !streams.Stdin && !streams.Stdout && !streams.Stderr {
-			return fmt.Errorf("must specify at least one stream to attach to: %w", define.ErrInvalidArg)
-		}
-	}
-
-	attachSock, err := r.AttachSocketPath(ctr)
-	if err != nil {
-		return err
-	}
-
-	var conn *net.UnixConn
-	if streamAttach {
-		newConn, err := openUnixSocket(attachSock)
-		if err != nil {
-			return fmt.Errorf("failed to connect to container's attach socket: %v: %w", attachSock, err)
-		}
-		conn = newConn
-		defer func() {
-			if err := conn.Close(); err != nil {
-				logrus.Errorf("Unable to close container %s attach socket: %q", ctr.ID(), err)
+			mounts, err := pmount.GetMounts()
+			if err != nil {
+				return 0, err
 			}
-		}()
-
-		logrus.Debugf("Successfully connected to container %s attach socket %s", ctr.ID(), attachSock)
-	}
-
-	detachString := ctr.runtime.config.Engine.DetachKeys
-	if detachKeys != nil {
-		detachString = *detachKeys
-	}
-	detach, err := processDetachKeys(detachString)
-	if err != nil {
-		return err
-	}
-
-	attachStdout := true
-	attachStderr := true
-	attachStdin := true
-	if streams != nil {
-		attachStdout = streams.Stdout
-		attachStderr = streams.Stderr
-		attachStdin = streams.Stdin
-	}
-
-	logrus.Debugf("Going to hijack container %s attach connection", ctr.ID())
-
-	// Alright, let's hijack.
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		return fmt.Errorf("unable to hijack connection")
-	}
-
-	httpCon, httpBuf, err := hijacker.Hijack()
-	if err != nil {
-		return fmt.Errorf("error hijacking connection: %w", err)
-	}
-
-	hijackDone <- true
-
-	writeHijackHeader(req, httpBuf)
-
-	// Force a flush after the header is written.
-	if err := httpBuf.Flush(); err != nil {
-		return fmt.Errorf("error flushing HTTP hijack header: %w", err)
-	}
-
-	defer func() {
-		hijackWriteErrorAndClose(deferredErr, ctr.ID(), isTerminal, httpCon, httpBuf)
-	}()
-
-	logrus.Debugf("Hijack for container %s attach session done, ready to stream", ctr.ID())
-
-	// TODO: This is gross. Really, really gross.
-	// I want to say we should read all the logs into an array before
-	// calling this, in container_api.go, but that could take a lot of
-	// memory...
-	// On the whole, we need to figure out a better way of doing this,
-	// though.
-	logSize := 0
-	if streamLogs {
-		logrus.Debugf("Will stream logs for container %s attach session", ctr.ID())
-
-		// Get all logs for the container
-		logChan := make(chan *logs.LogLine)
-		logOpts := new(logs.LogOptions)
-		logOpts.Tail = -1
-		logOpts.WaitGroup = new(sync.WaitGroup)
-		errChan := make(chan error)
-		go func() {
-			var err error
-			// In non-terminal mode we need to prepend with the
-			// stream header.
-			logrus.Debugf("Writing logs for container %s to HTTP attach", ctr.ID())
-			for logLine := range logChan {
-				if !isTerminal {
-					device := logLine.Device
-					var header []byte
-					headerLen := uint32(len(logLine.Msg))
-					logSize += len(logLine.Msg)
-					switch strings.ToLower(device) {
-					case "stdin":
-						header = makeHTTPAttachHeader(0, headerLen)
-					case "stdout":
-						header = makeHTTPAttachHeader(1, headerLen)
-					case "stderr":
-						header = makeHTTPAttachHeader(2, headerLen)
-					default:
-						logrus.Errorf("Unknown device for log line: %s", device)
-						header = makeHTTPAttachHeader(1, headerLen)
-					}
-					_, err = httpBuf.Write(header)
-					if err != nil {
-						break
-					}
-				}
-				_, err = httpBuf.Write([]byte(logLine.Msg))
-				if err != nil {
-					break
-				}
-				if !logLine.Partial() {
-					_, err = httpBuf.Write([]byte("\n"))
-					if err != nil {
-						break
-					}
+			for _, m := range mounts {
+				if !strings.HasPrefix(m.Mountpoint, "/sys/kernel") {
+					continue
 				}
-				err = httpBuf.Flush()
-				if err != nil {
-					break
+				err = unix.Unmount(m.Mountpoint, 0)
+				if err != nil && !os.IsNotExist(err) {
+					return 0, fmt.Errorf("cannot unmount %s: %w", m.Mountpoint, err)
 				}
 			}
-			errChan <- err
-		}()
-		if err := ctr.ReadLog(context.Background(), logOpts, logChan, 0); err != nil {
-			return err
-		}
-		go func() {
-			logOpts.WaitGroup.Wait()
-			close(logChan)
+			return r.createOCIContainer(ctr, restoreOptions)
 		}()
-		logrus.Debugf("Done reading logs for container %s, %d bytes", ctr.ID(), logSize)
-		if err := <-errChan; err != nil {
-			return err
+		ch <- result{
+			restoreDuration: restoreDuration,
+			err:             err,
 		}
-	}
-	if !streamAttach {
-		logrus.Debugf("Done streaming logs for container %s attach, exiting as attach streaming not requested", ctr.ID())
-		return nil
-	}
-
-	logrus.Debugf("Forwarding attach output for container %s", ctr.ID())
-
-	stdoutChan := make(chan error)
-	stdinChan := make(chan error)
-
-	// Handle STDOUT/STDERR
-	go func() {
-		var err error
-		if isTerminal {
-			// Hack: return immediately if attachStdout not set to
-			// emulate Docker.
-			// Basically, when terminal is set, STDERR goes nowhere.
-			// Everything does over STDOUT.
-			// Therefore, if not attaching STDOUT - we'll never copy
-			// anything from here.
-			logrus.Debugf("Performing terminal HTTP attach for container %s", ctr.ID())
-			if attachStdout {
-				err = httpAttachTerminalCopy(conn, httpBuf, ctr.ID())
-			}
-		} else {
-			logrus.Debugf("Performing non-terminal HTTP attach for container %s", ctr.ID())
-			err = httpAttachNonTerminalCopy(conn, httpBuf, ctr.ID(), attachStdin, attachStdout, attachStderr)
-		}
-		stdoutChan <- err
-		logrus.Debugf("STDOUT/ERR copy completed")
 	}()
-	// Next, STDIN. Avoid entirely if attachStdin unset.
-	if attachStdin {
-		go func() {
-			_, err := cutil.CopyDetachable(conn, httpBuf, detach)
-			logrus.Debugf("STDIN copy completed")
-			stdinChan <- err
-		}()
-	}
-
-	for {
-		select {
-		case err := <-stdoutChan:
-			if err != nil {
-				return err
-			}
-
-			return nil
-		case err := <-stdinChan:
-			if err != nil {
-				return err
-			}
-			// copy stdin is done, close it
-			if connErr := conn.CloseWrite(); connErr != nil {
-				logrus.Errorf("Unable to close conn: %v", connErr)
-			}
-		case <-cancel:
-			return nil
-		}
-	}
-}
-
-// isRetryable returns whether the error was caused by a blocked syscall or the
-// specified operation on a non blocking file descriptor wasn't ready for completion.
-func isRetryable(err error) bool {
-	var errno syscall.Errno
-	if errors.As(err, &errno) {
-		return errno == syscall.EINTR || errno == syscall.EAGAIN
-	}
-	return false
-}
-
-// openControlFile opens the terminal control file.
-func openControlFile(ctr *Container, parentDir string) (*os.File, error) {
-	controlPath := filepath.Join(parentDir, "ctl")
-	for i := 0; i < 600; i++ {
-		controlFile, err := os.OpenFile(controlPath, unix.O_WRONLY|unix.O_NONBLOCK, 0)
-		if err == nil {
-			return controlFile, nil
-		}
-		if !isRetryable(err) {
-			return nil, fmt.Errorf("could not open ctl file for terminal resize for container %s: %w", ctr.ID(), err)
-		}
-		time.Sleep(time.Second / 10)
-	}
-	return nil, fmt.Errorf("timeout waiting for %q", controlPath)
+	res := <-ch
+	return res.restoreDuration, res.err
 }
 
-// AttachResize resizes the terminal used by the given container.
-func (r *ConmonOCIRuntime) AttachResize(ctr *Container, newSize resize.TerminalSize) error {
-	controlFile, err := openControlFile(ctr, ctr.bundlePath())
-	if err != nil {
-		return err
-	}
-	defer controlFile.Close()
-
-	logrus.Debugf("Received a resize event for container %s: %+v", ctr.ID(), newSize)
-	if _, err = fmt.Fprintf(controlFile, "%d %d %d\n", 1, newSize.Height, newSize.Width); err != nil {
-		return fmt.Errorf("failed to write to ctl file to resize terminal: %w", err)
-	}
-
-	return nil
-}
-
-// CheckpointContainer checkpoints the given container.
-func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error) {
-	// imagePath is used by CRIU to store the actual checkpoint files
-	imagePath := ctr.CheckpointPath()
-	if options.PreCheckPoint {
-		imagePath = ctr.PreCheckPointPath()
-	}
-	// workPath will be used to store dump.log and stats-dump
-	workPath := ctr.bundlePath()
-	logrus.Debugf("Writing checkpoint to %s", imagePath)
-	logrus.Debugf("Writing checkpoint logs to %s", workPath)
-	logrus.Debugf("Pre-dump the container %t", options.PreCheckPoint)
-	args := []string{}
-	args = append(args, r.runtimeFlags...)
-	args = append(args, "checkpoint")
-	args = append(args, "--image-path")
-	args = append(args, imagePath)
-	args = append(args, "--work-path")
-	args = append(args, workPath)
-	if options.KeepRunning {
-		args = append(args, "--leave-running")
-	}
-	if options.TCPEstablished {
-		args = append(args, "--tcp-established")
-	}
-	if options.FileLocks {
-		args = append(args, "--file-locks")
-	}
-	if !options.PreCheckPoint && options.KeepRunning {
-		args = append(args, "--leave-running")
-	}
-	if options.PreCheckPoint {
-		args = append(args, "--pre-dump")
-	}
-	if !options.PreCheckPoint && options.WithPrevious {
-		args = append(
-			args,
-			"--parent-path",
-			filepath.Join("..", preCheckpointDir),
-		)
-	}
-
-	args = append(args, ctr.ID())
-	logrus.Debugf("the args to checkpoint: %s %s", r.path, strings.Join(args, " "))
-
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return 0, err
-	}
-	env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
-	if path, ok := os.LookupEnv("PATH"); ok {
-		env = append(env, fmt.Sprintf("PATH=%s", path))
-	}
-
+// Run the closure with the container's socket label set
+func (r *ConmonOCIRuntime) withContainerSocketLabel(ctr *Container, closure func() error) error {
 	runtime.LockOSThread()
 	if err := label.SetSocketLabel(ctr.ProcessLabel()); err != nil {
-		return 0, err
+		return err
 	}
-
-	runtimeCheckpointStarted := time.Now()
-	err = utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, args...)
+	err := closure()
 	// Ignore error returned from SetSocketLabel("") call,
 	// can't recover.
 	if labelErr := label.SetSocketLabel(""); labelErr == nil {
@@ -834,577 +97,7 @@ func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options Container
 	} else {
 		logrus.Errorf("Unable to reset socket label: %q", labelErr)
 	}
-
-	runtimeCheckpointDuration := func() int64 {
-		if options.PrintStats {
-			return time.Since(runtimeCheckpointStarted).Microseconds()
-		}
-		return 0
-	}()
-
-	return runtimeCheckpointDuration, err
-}
-
-func (r *ConmonOCIRuntime) CheckConmonRunning(ctr *Container) (bool, error) {
-	if ctr.state.ConmonPID == 0 {
-		// If the container is running or paused, assume Conmon is
-		// running. We didn't record Conmon PID on some old versions, so
-		// that is likely what's going on...
-		// Unusual enough that we should print a warning message though.
-		if ctr.ensureState(define.ContainerStateRunning, define.ContainerStatePaused) {
-			logrus.Warnf("Conmon PID is not set, but container is running!")
-			return true, nil
-		}
-		// Container's not running, so conmon PID being unset is
-		// expected. Conmon is not running.
-		return false, nil
-	}
-
-	// We have a conmon PID. Ping it with signal 0.
-	if err := unix.Kill(ctr.state.ConmonPID, 0); err != nil {
-		if err == unix.ESRCH {
-			return false, nil
-		}
-		return false, fmt.Errorf("error pinging container %s conmon with signal 0: %w", ctr.ID(), err)
-	}
-	return true, nil
-}
-
-// SupportsCheckpoint checks if the OCI runtime supports checkpointing
-// containers.
-func (r *ConmonOCIRuntime) SupportsCheckpoint() bool {
-	return crutils.CRRuntimeSupportsCheckpointRestore(r.path)
-}
-
-// SupportsJSONErrors checks if the OCI runtime supports JSON-formatted error
-// messages.
-func (r *ConmonOCIRuntime) SupportsJSONErrors() bool {
-	return r.supportsJSON
-}
-
-// SupportsNoCgroups checks if the OCI runtime supports running containers
-// without cgroups (the --cgroup-manager=disabled flag).
-func (r *ConmonOCIRuntime) SupportsNoCgroups() bool {
-	return r.supportsNoCgroups
-}
-
-// SupportsKVM checks if the OCI runtime supports running containers
-// without KVM separation
-func (r *ConmonOCIRuntime) SupportsKVM() bool {
-	return r.supportsKVM
-}
-
-// AttachSocketPath is the path to a single container's attach socket.
-func (r *ConmonOCIRuntime) AttachSocketPath(ctr *Container) (string, error) {
-	if ctr == nil {
-		return "", fmt.Errorf("must provide a valid container to get attach socket path: %w", define.ErrInvalidArg)
-	}
-
-	return filepath.Join(ctr.bundlePath(), "attach"), nil
-}
-
-// ExitFilePath is the path to a container's exit file.
-func (r *ConmonOCIRuntime) ExitFilePath(ctr *Container) (string, error) {
-	if ctr == nil {
-		return "", fmt.Errorf("must provide a valid container to get exit file path: %w", define.ErrInvalidArg)
-	}
-	return filepath.Join(r.exitsDir, ctr.ID()), nil
-}
-
-// RuntimeInfo provides information on the runtime.
-func (r *ConmonOCIRuntime) RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error) {
-	runtimePackage := packageVersion(r.path)
-	conmonPackage := packageVersion(r.conmonPath)
-	runtimeVersion, err := r.getOCIRuntimeVersion()
-	if err != nil {
-		return nil, nil, fmt.Errorf("error getting version of OCI runtime %s: %w", r.name, err)
-	}
-	conmonVersion, err := r.getConmonVersion()
-	if err != nil {
-		return nil, nil, fmt.Errorf("error getting conmon version: %w", err)
-	}
-
-	conmon := define.ConmonInfo{
-		Package: conmonPackage,
-		Path:    r.conmonPath,
-		Version: conmonVersion,
-	}
-	ocirt := define.OCIRuntimeInfo{
-		Name:    r.name,
-		Path:    r.path,
-		Package: runtimePackage,
-		Version: runtimeVersion,
-	}
-	return &conmon, &ocirt, nil
-}
-
-// makeAccessible changes the path permission and each parent directory to have --x--x--x
-func makeAccessible(path string, uid, gid int) error {
-	for ; path != "/"; path = filepath.Dir(path) {
-		st, err := os.Stat(path)
-		if err != nil {
-			if os.IsNotExist(err) {
-				return nil
-			}
-			return err
-		}
-		if int(st.Sys().(*syscall.Stat_t).Uid) == uid && int(st.Sys().(*syscall.Stat_t).Gid) == gid {
-			continue
-		}
-		if st.Mode()&0111 != 0111 {
-			if err := os.Chmod(path, st.Mode()|0111); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-// Wait for a container which has been sent a signal to stop
-func waitContainerStop(ctr *Container, timeout time.Duration) error {
-	return waitPidStop(ctr.state.PID, timeout)
-}
-
-// Wait for a given PID to stop
-func waitPidStop(pid int, timeout time.Duration) error {
-	done := make(chan struct{})
-	chControl := make(chan struct{})
-	go func() {
-		for {
-			select {
-			case <-chControl:
-				return
-			default:
-				if err := unix.Kill(pid, 0); err != nil {
-					if err == unix.ESRCH {
-						close(done)
-						return
-					}
-					logrus.Errorf("Pinging PID %d with signal 0: %v", pid, err)
-				}
-				time.Sleep(100 * time.Millisecond)
-			}
-		}
-	}()
-	select {
-	case <-done:
-		return nil
-	case <-time.After(timeout):
-		close(chControl)
-		return fmt.Errorf("given PIDs did not die within timeout")
-	}
-}
-
-func (r *ConmonOCIRuntime) getLogTag(ctr *Container) (string, error) {
-	logTag := ctr.LogTag()
-	if logTag == "" {
-		return "", nil
-	}
-	data, err := ctr.inspectLocked(false)
-	if err != nil {
-		// FIXME: this error should probably be returned
-		return "", nil //nolint: nilerr
-	}
-	tmpl, err := template.New("container").Parse(logTag)
-	if err != nil {
-		return "", fmt.Errorf("template parsing error %s: %w", logTag, err)
-	}
-	var b bytes.Buffer
-	err = tmpl.Execute(&b, data)
-	if err != nil {
-		return "", err
-	}
-	return b.String(), nil
-}
-
-// createOCIContainer generates this container's main conmon instance and prepares it for starting
-func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error) {
-	var stderrBuf bytes.Buffer
-
-	runtimeDir, err := util.GetRuntimeDir()
-	if err != nil {
-		return 0, err
-	}
-
-	parentSyncPipe, childSyncPipe, err := newPipe()
-	if err != nil {
-		return 0, fmt.Errorf("error creating socket pair: %w", err)
-	}
-	defer errorhandling.CloseQuiet(parentSyncPipe)
-
-	childStartPipe, parentStartPipe, err := newPipe()
-	if err != nil {
-		return 0, fmt.Errorf("error creating socket pair for start pipe: %w", err)
-	}
-
-	defer errorhandling.CloseQuiet(parentStartPipe)
-
-	var ociLog string
-	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
-		ociLog = filepath.Join(ctr.state.RunDir, "oci-log")
-	}
-
-	logTag, err := r.getLogTag(ctr)
-	if err != nil {
-		return 0, err
-	}
-
-	if ctr.config.CgroupsMode == cgroupSplit {
-		if err := utils.MoveUnderCgroupSubtree("runtime"); err != nil {
-			return 0, err
-		}
-	}
-
-	pidfile := ctr.config.PidFile
-	if pidfile == "" {
-		pidfile = filepath.Join(ctr.state.RunDir, "pidfile")
-	}
-
-	args := r.sharedConmonArgs(ctr, ctr.ID(), ctr.bundlePath(), pidfile, ctr.LogPath(), r.exitsDir, ociLog, ctr.LogDriver(), logTag)
-
-	if ctr.config.SdNotifyMode == define.SdNotifyModeContainer && ctr.notifySocket != "" {
-		args = append(args, fmt.Sprintf("--sdnotify-socket=%s", ctr.notifySocket))
-	}
-
-	if ctr.config.Spec.Process.Terminal {
-		args = append(args, "-t")
-	} else if ctr.config.Stdin {
-		args = append(args, "-i")
-	}
-
-	if ctr.config.Timeout > 0 {
-		args = append(args, fmt.Sprintf("--timeout=%d", ctr.config.Timeout))
-	}
-
-	if !r.enableKeyring {
-		args = append(args, "--no-new-keyring")
-	}
-	if ctr.config.ConmonPidFile != "" {
-		args = append(args, "--conmon-pidfile", ctr.config.ConmonPidFile)
-	}
-
-	if r.noPivot {
-		args = append(args, "--no-pivot")
-	}
-
-	exitCommand, err := specgenutil.CreateExitCommandArgs(ctr.runtime.storageConfig, ctr.runtime.config, logrus.IsLevelEnabled(logrus.DebugLevel), ctr.AutoRemove(), false)
-	if err != nil {
-		return 0, err
-	}
-	exitCommand = append(exitCommand, ctr.config.ID)
-
-	args = append(args, "--exit-command", exitCommand[0])
-	for _, arg := range exitCommand[1:] {
-		args = append(args, []string{"--exit-command-arg", arg}...)
-	}
-
-	// Pass down the LISTEN_* environment (see #10443).
-	preserveFDs := ctr.config.PreserveFDs
-	if val := os.Getenv("LISTEN_FDS"); val != "" {
-		if ctr.config.PreserveFDs > 0 {
-			logrus.Warnf("Ignoring LISTEN_FDS to preserve custom user-specified FDs")
-		} else {
-			fds, err := strconv.Atoi(val)
-			if err != nil {
-				return 0, fmt.Errorf("converting LISTEN_FDS=%s: %w", val, err)
-			}
-			preserveFDs = uint(fds)
-		}
-	}
-
-	if preserveFDs > 0 {
-		args = append(args, formatRuntimeOpts("--preserve-fds", fmt.Sprintf("%d", preserveFDs))...)
-	}
-
-	if restoreOptions != nil {
-		args = append(args, "--restore", ctr.CheckpointPath())
-		if restoreOptions.TCPEstablished {
-			args = append(args, "--runtime-opt", "--tcp-established")
-		}
-		if restoreOptions.FileLocks {
-			args = append(args, "--runtime-opt", "--file-locks")
-		}
-		if restoreOptions.Pod != "" {
-			mountLabel := ctr.config.MountLabel
-			processLabel := ctr.config.ProcessLabel
-			if mountLabel != "" {
-				args = append(
-					args,
-					"--runtime-opt",
-					fmt.Sprintf(
-						"--lsm-mount-context=%s",
-						mountLabel,
-					),
-				)
-			}
-			if processLabel != "" {
-				args = append(
-					args,
-					"--runtime-opt",
-					fmt.Sprintf(
-						"--lsm-profile=selinux:%s",
-						processLabel,
-					),
-				)
-			}
-		}
-	}
-
-	logrus.WithFields(logrus.Fields{
-		"args": args,
-	}).Debugf("running conmon: %s", r.conmonPath)
-
-	cmd := exec.Command(r.conmonPath, args...)
-	cmd.SysProcAttr = &syscall.SysProcAttr{
-		Setpgid: true,
-	}
-	// TODO this is probably a really bad idea for some uses
-	// Make this configurable
-	cmd.Stdin = os.Stdin
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	if ctr.config.Spec.Process.Terminal {
-		cmd.Stderr = &stderrBuf
-	}
-
-	// 0, 1 and 2 are stdin, stdout and stderr
-	conmonEnv := r.configureConmonEnv(runtimeDir)
-
-	var filesToClose []*os.File
-	if preserveFDs > 0 {
-		for fd := 3; fd < int(3+preserveFDs); fd++ {
-			f := os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd))
-			filesToClose = append(filesToClose, f)
-			cmd.ExtraFiles = append(cmd.ExtraFiles, f)
-		}
-	}
-
-	cmd.Env = r.conmonEnv
-	// we don't want to step on users fds they asked to preserve
-	// Since 0-2 are used for stdio, start the fds we pass in at preserveFDs+3
-	cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_SYNCPIPE=%d", preserveFDs+3), fmt.Sprintf("_OCI_STARTPIPE=%d", preserveFDs+4))
-	cmd.Env = append(cmd.Env, conmonEnv...)
-	cmd.ExtraFiles = append(cmd.ExtraFiles, childSyncPipe, childStartPipe)
-
-	if r.reservePorts && !rootless.IsRootless() && !ctr.config.NetMode.IsSlirp4netns() {
-		ports, err := bindPorts(ctr.convertPortMappings())
-		if err != nil {
-			return 0, err
-		}
-		filesToClose = append(filesToClose, ports...)
-
-		// Leak the port we bound in the conmon process.  These fd's won't be used
-		// by the container and conmon will keep the ports busy so that another
-		// process cannot use them.
-		cmd.ExtraFiles = append(cmd.ExtraFiles, ports...)
-	}
-
-	if ctr.config.NetMode.IsSlirp4netns() || rootless.IsRootless() {
-		if ctr.config.PostConfigureNetNS {
-			havePortMapping := len(ctr.config.PortMappings) > 0
-			if havePortMapping {
-				ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
-				if err != nil {
-					return 0, fmt.Errorf("failed to create rootless port sync pipe: %w", err)
-				}
-			}
-			ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
-			if err != nil {
-				return 0, fmt.Errorf("failed to create rootless network sync pipe: %w", err)
-			}
-		} else {
-			if ctr.rootlessSlirpSyncR != nil {
-				defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR)
-			}
-			if ctr.rootlessSlirpSyncW != nil {
-				defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW)
-			}
-		}
-		// Leak one end in conmon, the other one will be leaked into slirp4netns
-		cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW)
-
-		if ctr.rootlessPortSyncW != nil {
-			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncW)
-			// Leak one end in conmon, the other one will be leaked into rootlessport
-			cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessPortSyncW)
-		}
-	}
-	var runtimeRestoreStarted time.Time
-	if restoreOptions != nil {
-		runtimeRestoreStarted = time.Now()
-	}
-	err = startCommand(cmd, ctr)
-
-	// regardless of whether we errored or not, we no longer need the children pipes
-	childSyncPipe.Close()
-	childStartPipe.Close()
-	if err != nil {
-		return 0, err
-	}
-	if err := r.moveConmonToCgroupAndSignal(ctr, cmd, parentStartPipe); err != nil {
-		return 0, err
-	}
-	/* Wait for initial setup and fork, and reap child */
-	err = cmd.Wait()
-	if err != nil {
-		return 0, err
-	}
-
-	pid, err := readConmonPipeData(r.name, parentSyncPipe, ociLog)
-	if err != nil {
-		if err2 := r.DeleteContainer(ctr); err2 != nil {
-			logrus.Errorf("Removing container %s from runtime after creation failed", ctr.ID())
-		}
-		return 0, err
-	}
-	ctr.state.PID = pid
-
-	conmonPID, err := readConmonPidFile(ctr.config.ConmonPidFile)
-	if err != nil {
-		logrus.Warnf("Error reading conmon pid file for container %s: %v", ctr.ID(), err)
-	} else if conmonPID > 0 {
-		// conmon not having a pid file is a valid state, so don't set it if we don't have it
-		logrus.Infof("Got Conmon PID as %d", conmonPID)
-		ctr.state.ConmonPID = conmonPID
-	}
-
-	runtimeRestoreDuration := func() int64 {
-		if restoreOptions != nil && restoreOptions.PrintStats {
-			return time.Since(runtimeRestoreStarted).Microseconds()
-		}
-		return 0
-	}()
-
-	// These fds were passed down to the runtime.  Close them
-	// and not interfere
-	for _, f := range filesToClose {
-		errorhandling.CloseQuiet(f)
-	}
-
-	return runtimeRestoreDuration, nil
-}
-
-// configureConmonEnv gets the environment values to add to conmon's exec struct
-// TODO this may want to be less hardcoded/more configurable in the future
-func (r *ConmonOCIRuntime) configureConmonEnv(runtimeDir string) []string {
-	var env []string
-	for _, e := range os.Environ() {
-		if strings.HasPrefix(e, "LC_") {
-			env = append(env, e)
-		}
-	}
-	conf, ok := os.LookupEnv("CONTAINERS_CONF")
-	if ok {
-		env = append(env, fmt.Sprintf("CONTAINERS_CONF=%s", conf))
-	}
-	env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
-	env = append(env, fmt.Sprintf("_CONTAINERS_USERNS_CONFIGURED=%s", os.Getenv("_CONTAINERS_USERNS_CONFIGURED")))
-	env = append(env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%s", os.Getenv("_CONTAINERS_ROOTLESS_UID")))
-	home := homedir.Get()
-	if home != "" {
-		env = append(env, fmt.Sprintf("HOME=%s", home))
-	}
-
-	return env
-}
-
-// sharedConmonArgs takes common arguments for exec and create/restore and formats them for the conmon CLI
-func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, pidPath, logPath, exitDir, ociLogPath, logDriver, logTag string) []string {
-	// set the conmon API version to be able to use the correct sync struct keys
-	args := []string{
-		"--api-version", "1",
-		"-c", ctr.ID(),
-		"-u", cuuid,
-		"-r", r.path,
-		"-b", bundlePath,
-		"-p", pidPath,
-		"-n", ctr.Name(),
-		"--exit-dir", exitDir,
-		"--full-attach",
-	}
-	if len(r.runtimeFlags) > 0 {
-		rFlags := []string{}
-		for _, arg := range r.runtimeFlags {
-			rFlags = append(rFlags, "--runtime-arg", arg)
-		}
-		args = append(args, rFlags...)
-	}
-
-	if ctr.CgroupManager() == config.SystemdCgroupsManager && !ctr.config.NoCgroups && ctr.config.CgroupsMode != cgroupSplit {
-		args = append(args, "-s")
-	}
-
-	var logDriverArg string
-	switch logDriver {
-	case define.JournaldLogging:
-		logDriverArg = define.JournaldLogging
-	case define.NoLogging:
-		logDriverArg = define.NoLogging
-	case define.PassthroughLogging:
-		logDriverArg = define.PassthroughLogging
-	//lint:ignore ST1015 the default case has to be here
-	default: //nolint:stylecheck,gocritic
-		// No case here should happen except JSONLogging, but keep this here in case the options are extended
-		logrus.Errorf("%s logging specified but not supported. Choosing k8s-file logging instead", ctr.LogDriver())
-		fallthrough
-	case "":
-		// to get here, either a user would specify `--log-driver ""`, or this came from another place in libpod
-		// since the former case is obscure, and the latter case isn't an error, let's silently fallthrough
-		fallthrough
-	case define.JSONLogging:
-		fallthrough
-	case define.KubernetesLogging:
-		logDriverArg = fmt.Sprintf("%s:%s", define.KubernetesLogging, logPath)
-	}
-
-	args = append(args, "-l", logDriverArg)
-	logLevel := logrus.GetLevel()
-	args = append(args, "--log-level", logLevel.String())
-
-	if logLevel == logrus.DebugLevel {
-		logrus.Debugf("%s messages will be logged to syslog", r.conmonPath)
-		args = append(args, "--syslog")
-	}
-
-	size := r.logSizeMax
-	if ctr.config.LogSize > 0 {
-		size = ctr.config.LogSize
-	}
-	if size > 0 {
-		args = append(args, "--log-size-max", fmt.Sprintf("%v", size))
-	}
-
-	if ociLogPath != "" {
-		args = append(args, "--runtime-arg", "--log-format=json", "--runtime-arg", "--log", fmt.Sprintf("--runtime-arg=%s", ociLogPath))
-	}
-	if logTag != "" {
-		args = append(args, "--log-tag", logTag)
-	}
-	if ctr.config.NoCgroups {
-		logrus.Debugf("Running with no Cgroups")
-		args = append(args, "--runtime-arg", "--cgroup-manager", "--runtime-arg", "disabled")
-	}
-	return args
-}
-
-func startCommand(cmd *exec.Cmd, ctr *Container) error {
-	// Make sure to unset the NOTIFY_SOCKET and reset it afterwards if needed.
-	switch ctr.config.SdNotifyMode {
-	case define.SdNotifyModeContainer, define.SdNotifyModeIgnore:
-		if ctr.notifySocket != "" {
-			if err := os.Unsetenv("NOTIFY_SOCKET"); err != nil {
-				logrus.Warnf("Error unsetting NOTIFY_SOCKET %v", err)
-			}
-
-			defer func() {
-				if err := os.Setenv("NOTIFY_SOCKET", ctr.notifySocket); err != nil {
-					logrus.Errorf("Resetting NOTIFY_SOCKET=%s", ctr.notifySocket)
-				}
-			}()
-		}
-	}
-
-	return cmd.Start()
+	return err
 }
 
 // moveConmonToCgroupAndSignal gets a container's cgroupParent and moves the conmon process to that cgroup
@@ -1476,271 +169,6 @@ func (r *ConmonOCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec
 	return nil
 }
 
-// newPipe creates a unix socket pair for communication.
-// Returns two files - first is parent, second is child.
-func newPipe() (*os.File, *os.File, error) {
-	fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0)
-	if err != nil {
-		return nil, nil, err
-	}
-	return os.NewFile(uintptr(fds[1]), "parent"), os.NewFile(uintptr(fds[0]), "child"), nil
-}
-
-// readConmonPidFile attempts to read conmon's pid from its pid file
-func readConmonPidFile(pidFile string) (int, error) {
-	// Let's try reading the Conmon pid at the same time.
-	if pidFile != "" {
-		contents, err := ioutil.ReadFile(pidFile)
-		if err != nil {
-			return -1, err
-		}
-		// Convert it to an int
-		conmonPID, err := strconv.Atoi(string(contents))
-		if err != nil {
-			return -1, err
-		}
-		return conmonPID, nil
-	}
-	return 0, nil
-}
-
-// readConmonPipeData attempts to read a syncInfo struct from the pipe
-func readConmonPipeData(runtimeName string, pipe *os.File, ociLog string) (int, error) {
-	// syncInfo is used to return data from monitor process to daemon
-	type syncInfo struct {
-		Data    int    `json:"data"`
-		Message string `json:"message,omitempty"`
-	}
-
-	// Wait to get container pid from conmon
-	type syncStruct struct {
-		si  *syncInfo
-		err error
-	}
-	ch := make(chan syncStruct)
-	go func() {
-		var si *syncInfo
-		rdr := bufio.NewReader(pipe)
-		b, err := rdr.ReadBytes('\n')
-		// ignore EOF here, error is returned even when data was read
-		// if it is no valid json unmarshal will fail below
-		if err != nil && !errors.Is(err, io.EOF) {
-			ch <- syncStruct{err: err}
-		}
-		if err := json.Unmarshal(b, &si); err != nil {
-			ch <- syncStruct{err: fmt.Errorf("conmon bytes %q: %w", string(b), err)}
-			return
-		}
-		ch <- syncStruct{si: si}
-	}()
-
-	data := -1 //nolint: wastedassign
-	select {
-	case ss := <-ch:
-		if ss.err != nil {
-			if ociLog != "" {
-				ociLogData, err := ioutil.ReadFile(ociLog)
-				if err == nil {
-					var ociErr ociError
-					if err := json.Unmarshal(ociLogData, &ociErr); err == nil {
-						return -1, getOCIRuntimeError(runtimeName, ociErr.Msg)
-					}
-				}
-			}
-			return -1, fmt.Errorf("container create failed (no logs from conmon): %w", ss.err)
-		}
-		logrus.Debugf("Received: %d", ss.si.Data)
-		if ss.si.Data < 0 {
-			if ociLog != "" {
-				ociLogData, err := ioutil.ReadFile(ociLog)
-				if err == nil {
-					var ociErr ociError
-					if err := json.Unmarshal(ociLogData, &ociErr); err == nil {
-						return ss.si.Data, getOCIRuntimeError(runtimeName, ociErr.Msg)
-					}
-				}
-			}
-			// If we failed to parse the JSON errors, then print the output as it is
-			if ss.si.Message != "" {
-				return ss.si.Data, getOCIRuntimeError(runtimeName, ss.si.Message)
-			}
-			return ss.si.Data, fmt.Errorf("container create failed: %w", define.ErrInternal)
-		}
-		data = ss.si.Data
-	case <-time.After(define.ContainerCreateTimeout):
-		return -1, fmt.Errorf("container creation timeout: %w", define.ErrInternal)
-	}
-	return data, nil
-}
-
-// writeConmonPipeData writes nonce data to a pipe
-func writeConmonPipeData(pipe *os.File) error {
-	someData := []byte{0}
-	_, err := pipe.Write(someData)
-	return err
-}
-
-// formatRuntimeOpts prepends opts passed to it with --runtime-opt for passing to conmon
-func formatRuntimeOpts(opts ...string) []string {
-	args := make([]string, 0, len(opts)*2)
-	for _, o := range opts {
-		args = append(args, "--runtime-opt", o)
-	}
-	return args
-}
-
-// getConmonVersion returns a string representation of the conmon version.
-func (r *ConmonOCIRuntime) getConmonVersion() (string, error) {
-	output, err := utils.ExecCmd(r.conmonPath, "--version")
-	if err != nil {
-		return "", err
-	}
-	return strings.TrimSuffix(strings.Replace(output, "\n", ", ", 1), "\n"), nil
-}
-
-// getOCIRuntimeVersion returns a string representation of the OCI runtime's
-// version.
-func (r *ConmonOCIRuntime) getOCIRuntimeVersion() (string, error) {
-	output, err := utils.ExecCmd(r.path, "--version")
-	if err != nil {
-		return "", err
-	}
-	return strings.TrimSuffix(output, "\n"), nil
-}
-
-// Copy data from container to HTTP connection, for terminal attach.
-// Container is the container's attach socket connection, http is a buffer for
-// the HTTP connection. cid is the ID of the container the attach session is
-// running for (used solely for error messages).
-func httpAttachTerminalCopy(container *net.UnixConn, http *bufio.ReadWriter, cid string) error {
-	buf := make([]byte, bufferSize)
-	for {
-		numR, err := container.Read(buf)
-		logrus.Debugf("Read fd(%d) %d/%d bytes for container %s", int(buf[0]), numR, len(buf), cid)
-
-		if numR > 0 {
-			switch buf[0] {
-			case AttachPipeStdout:
-				// Do nothing
-			default:
-				logrus.Errorf("Received unexpected attach type %+d, discarding %d bytes", buf[0], numR)
-				continue
-			}
-
-			numW, err2 := http.Write(buf[1:numR])
-			if err2 != nil {
-				if err != nil {
-					logrus.Errorf("Reading container %s STDOUT: %v", cid, err)
-				}
-				return err2
-			} else if numW+1 != numR {
-				return io.ErrShortWrite
-			}
-			// We need to force the buffer to write immediately, so
-			// there isn't a delay on the terminal side.
-			if err2 := http.Flush(); err2 != nil {
-				if err != nil {
-					logrus.Errorf("Reading container %s STDOUT: %v", cid, err)
-				}
-				return err2
-			}
-		}
-		if err != nil {
-			if err == io.EOF {
-				return nil
-			}
-			return err
-		}
-	}
-}
-
-// Copy data from a container to an HTTP connection, for non-terminal attach.
-// Appends a header to multiplex input.
-func httpAttachNonTerminalCopy(container *net.UnixConn, http *bufio.ReadWriter, cid string, stdin, stdout, stderr bool) error {
-	buf := make([]byte, bufferSize)
-	for {
-		numR, err := container.Read(buf)
-		if numR > 0 {
-			var headerBuf []byte
-
-			// Subtract 1 because we strip the first byte (used for
-			// multiplexing by Conmon).
-			headerLen := uint32(numR - 1)
-			// Practically speaking, we could make this buf[0] - 1,
-			// but we need to validate it anyway.
-			switch buf[0] {
-			case AttachPipeStdin:
-				headerBuf = makeHTTPAttachHeader(0, headerLen)
-				if !stdin {
-					continue
-				}
-			case AttachPipeStdout:
-				if !stdout {
-					continue
-				}
-				headerBuf = makeHTTPAttachHeader(1, headerLen)
-			case AttachPipeStderr:
-				if !stderr {
-					continue
-				}
-				headerBuf = makeHTTPAttachHeader(2, headerLen)
-			default:
-				logrus.Errorf("Received unexpected attach type %+d, discarding %d bytes", buf[0], numR)
-				continue
-			}
-
-			numH, err2 := http.Write(headerBuf)
-			if err2 != nil {
-				if err != nil {
-					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
-				}
-
-				return err2
-			}
-			// Hardcoding header length is pretty gross, but
-			// fast. Should be safe, as this is a fixed part
-			// of the protocol.
-			if numH != 8 {
-				if err != nil {
-					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
-				}
-
-				return io.ErrShortWrite
-			}
-
-			numW, err2 := http.Write(buf[1:numR])
-			if err2 != nil {
-				if err != nil {
-					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
-				}
-
-				return err2
-			} else if numW+1 != numR {
-				if err != nil {
-					logrus.Errorf("Reading container %s standard streams: %v", cid, err)
-				}
-
-				return io.ErrShortWrite
-			}
-			// We need to force the buffer to write immediately, so
-			// there isn't a delay on the terminal side.
-			if err2 := http.Flush(); err2 != nil {
-				if err != nil {
-					logrus.Errorf("Reading container %s STDOUT: %v", cid, err)
-				}
-				return err2
-			}
-		}
-		if err != nil {
-			if err == io.EOF {
-				return nil
-			}
-
-			return err
-		}
-	}
-}
-
 // GetLimits converts spec resource limits to cgroup consumable limits
 func GetLimits(resource *spec.LinuxResources) (runcconfig.Resources, error) {
 	if resource == nil {
diff --git a/libpod/oci_conmon_unsupported.go b/libpod/oci_conmon_unsupported.go
new file mode 100644
index 000000000..cc6d68e89
--- /dev/null
+++ b/libpod/oci_conmon_unsupported.go
@@ -0,0 +1,24 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package libpod
+
+import (
+	"errors"
+
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/resize"
+)
+
+// Make a new Conmon-based OCI runtime with the given options.
+// Conmon will wrap the given OCI runtime, which can be `runc`, `crun`, or
+// any runtime with a runc-compatible CLI.
+// The first path that points to a valid executable will be used.
+// Deliberately private. Someone should not be able to construct this outside of
+// libpod.
+func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeFlags []string, runtimeCfg *config.Config) (OCIRuntime, error) {
+	return nil, errors.New("newConmonOCIRuntime not supported on this platform")
+}
+
+func registerResizeFunc(r <-chan resize.TerminalSize, bundlePath string) {
+}
diff --git a/libpod/oci_missing.go b/libpod/oci_missing.go
index 2ab2b4577..bbf2957ff 100644
--- a/libpod/oci_missing.go
+++ b/libpod/oci_missing.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/containers/common/pkg/resize"
 	"github.com/containers/podman/v4/libpod/define"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
 
@@ -80,6 +81,11 @@ func (r *MissingRuntime) StartContainer(ctr *Container) error {
 	return r.printError()
 }
 
+// UpdateContainer is not available as the runtime is missing
+func (r *MissingRuntime) UpdateContainer(ctr *Container, resources *spec.LinuxResources) error {
+	return r.printError()
+}
+
 // KillContainer is not available as the runtime is missing
 // TODO: We could attempt to unix.Kill() the PID as recorded in the state if we
 // really want to smooth things out? Won't be perfect, but if the container has
diff --git a/libpod/options.go b/libpod/options.go
index b31cb4ab2..71ad3d11e 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -6,14 +6,12 @@ import (
 	"net"
 	"os"
 	"path/filepath"
-	"strings"
 	"syscall"
 
 	"github.com/containers/buildah/pkg/parse"
 	nettypes "github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/secrets"
-	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/libpod/define"
@@ -29,12 +27,6 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// Runtime Creation Options
-var (
-	// SdNotifyModeValues describes the only values that SdNotifyMode can be
-	SdNotifyModeValues = []string{define.SdNotifyModeContainer, define.SdNotifyModeConmon, define.SdNotifyModeIgnore}
-)
-
 // WithStorageConfig uses the given configuration to set up container storage.
 // If this is not specified, the system default configuration will be used
 // instead.
@@ -613,6 +605,17 @@ func WithSystemd() CtrCreateOption {
 	}
 }
 
+// WithSdNotifySocket sets the sd-notify of the container
+func WithSdNotifySocket(socketPath string) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return define.ErrCtrFinalized
+		}
+		ctr.config.SdNotifySocket = socketPath
+		return nil
+	}
+}
+
 // WithSdNotifyMode sets the sd-notify method
 func WithSdNotifyMode(mode string) CtrCreateOption {
 	return func(ctr *Container) error {
@@ -620,9 +623,8 @@ func WithSdNotifyMode(mode string) CtrCreateOption {
 			return define.ErrCtrFinalized
 		}
 
-		// verify values
-		if len(mode) > 0 && !cutil.StringInSlice(strings.ToLower(mode), SdNotifyModeValues) {
-			return fmt.Errorf("--sdnotify values must be one of %q: %w", strings.Join(SdNotifyModeValues, ", "), define.ErrInvalidArg)
+		if err := define.ValidateSdNotifyMode(mode); err != nil {
+			return err
 		}
 
 		ctr.config.SdNotifyMode = mode
@@ -1411,9 +1413,10 @@ func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption {
 			}
 
 			ctr.config.NamedVolumes = append(ctr.config.NamedVolumes, &ContainerNamedVolume{
-				Name:    vol.Name,
-				Dest:    vol.Dest,
-				Options: mountOpts,
+				Name:        vol.Name,
+				Dest:        vol.Dest,
+				Options:     mountOpts,
+				IsAnonymous: vol.IsAnonymous,
 			})
 		}
 
@@ -1470,6 +1473,17 @@ func WithHealthCheck(healthCheck *manifest.Schema2HealthConfig) CtrCreateOption
 	}
 }
 
+// WithHealthCheckOnFailureAction adds an on-failure action to health-check config
+func WithHealthCheckOnFailureAction(action define.HealthCheckOnFailureAction) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return define.ErrCtrFinalized
+		}
+		ctr.config.HealthCheckOnFailureAction = action
+		return nil
+	}
+}
+
 // WithPreserveFDs forwards from the process running Libpod into the container
 // the given number of extra FDs (starting after the standard streams) to the created container
 func WithPreserveFDs(fd uint) CtrCreateOption {
@@ -1693,14 +1707,22 @@ func withSetAnon() VolumeCreateOption {
 	}
 }
 
-// WithVolumeDriverTimeout sets the volume creation timeout period
-func WithVolumeDriverTimeout(timeout int) VolumeCreateOption {
+// WithVolumeDriverTimeout sets the volume creation timeout period.
+// Only usable if a non-local volume driver is in use.
+func WithVolumeDriverTimeout(timeout uint) VolumeCreateOption {
 	return func(volume *Volume) error {
 		if volume.valid {
 			return define.ErrVolumeFinalized
 		}
 
-		volume.config.Timeout = timeout
+		if volume.config.Driver == "" || volume.config.Driver == define.VolumeDriverLocal {
+			return fmt.Errorf("Volume driver timeout can only be used with non-local volume drivers: %w", define.ErrInvalidArg)
+		}
+
+		tm := timeout
+
+		volume.config.Timeout = &tm
+
 		return nil
 	}
 }
diff --git a/libpod/plugin/volume_api.go b/libpod/plugin/volume_api.go
index 0a5eaae53..522895798 100644
--- a/libpod/plugin/volume_api.go
+++ b/libpod/plugin/volume_api.go
@@ -3,6 +3,7 @@ package plugin
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -13,8 +14,7 @@ import (
 	"sync"
 	"time"
 
-	"errors"
-
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/docker/go-plugins-helpers/sdk"
 	"github.com/docker/go-plugins-helpers/volume"
@@ -40,7 +40,6 @@ var (
 )
 
 const (
-	defaultTimeout   = 5 * time.Second
 	volumePluginType = "VolumeDriver"
 )
 
@@ -77,7 +76,7 @@ func validatePlugin(newPlugin *VolumePlugin) error {
 	// Hit the Activate endpoint to find out if it is, and if so what kind
 	req, err := http.NewRequest("POST", "http://plugin"+activatePath, nil)
 	if err != nil {
-		return fmt.Errorf("error making request to volume plugin %s activation endpoint: %w", newPlugin.Name, err)
+		return fmt.Errorf("making request to volume plugin %s activation endpoint: %w", newPlugin.Name, err)
 	}
 
 	req.Header.Set("Host", newPlugin.getURI())
@@ -85,7 +84,7 @@ func validatePlugin(newPlugin *VolumePlugin) error {
 
 	resp, err := newPlugin.Client.Do(req)
 	if err != nil {
-		return fmt.Errorf("error sending request to plugin %s activation endpoint: %w", newPlugin.Name, err)
+		return fmt.Errorf("sending request to plugin %s activation endpoint: %w", newPlugin.Name, err)
 	}
 	defer resp.Body.Close()
 
@@ -98,12 +97,12 @@ func validatePlugin(newPlugin *VolumePlugin) error {
 	// Read and decode the body so we can tell if this is a volume plugin.
 	respBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return fmt.Errorf("error reading activation response body from plugin %s: %w", newPlugin.Name, err)
+		return fmt.Errorf("reading activation response body from plugin %s: %w", newPlugin.Name, err)
 	}
 
 	respStruct := new(activateResponse)
 	if err := json.Unmarshal(respBytes, respStruct); err != nil {
-		return fmt.Errorf("error unmarshalling plugin %s activation response: %w", newPlugin.Name, err)
+		return fmt.Errorf("unmarshalling plugin %s activation response: %w", newPlugin.Name, err)
 	}
 
 	foundVolume := false
@@ -129,7 +128,7 @@ func validatePlugin(newPlugin *VolumePlugin) error {
 
 // GetVolumePlugin gets a single volume plugin, with the given name, at the
 // given path.
-func GetVolumePlugin(name string, path string, timeout int) (*VolumePlugin, error) {
+func GetVolumePlugin(name string, path string, timeout *uint, cfg *config.Config) (*VolumePlugin, error) {
 	pluginsLock.Lock()
 	defer pluginsLock.Unlock()
 
@@ -152,13 +151,11 @@ func GetVolumePlugin(name string, path string, timeout int) (*VolumePlugin, erro
 	// Need an HTTP client to force a Unix connection.
 	// And since we can reuse it, might as well cache it.
 	client := new(http.Client)
-	client.Timeout = defaultTimeout
-	// if the user specified a non-zero timeout, use their value. Else, keep the default.
-	if timeout != 0 {
-		if time.Duration(timeout)*time.Second < defaultTimeout {
-			logrus.Warnf("the default timeout for volume creation is %d seconds, setting a time less than that may break this feature.", defaultTimeout)
-		}
-		client.Timeout = time.Duration(timeout) * time.Second
+	client.Timeout = 5 * time.Second
+	if timeout != nil {
+		client.Timeout = time.Duration(*timeout) * time.Second
+	} else if cfg != nil {
+		client.Timeout = time.Duration(cfg.Engine.VolumePluginTimeout) * time.Second
 	}
 	// This bit borrowed from pkg/bindings/connection.go
 	client.Transport = &http.Transport{
@@ -199,7 +196,7 @@ func (p *VolumePlugin) verifyReachable() error {
 			return fmt.Errorf("%s: %w", p.Name, ErrPluginRemoved)
 		}
 
-		return fmt.Errorf("error accessing plugin %s: %w", p.Name, err)
+		return fmt.Errorf("accessing plugin %s: %w", p.Name, err)
 	}
 	return nil
 }
@@ -215,13 +212,13 @@ func (p *VolumePlugin) sendRequest(toJSON interface{}, endpoint string) (*http.R
 	if toJSON != nil {
 		reqJSON, err = json.Marshal(toJSON)
 		if err != nil {
-			return nil, fmt.Errorf("error marshalling request JSON for volume plugin %s endpoint %s: %w", p.Name, endpoint, err)
+			return nil, fmt.Errorf("marshalling request JSON for volume plugin %s endpoint %s: %w", p.Name, endpoint, err)
 		}
 	}
 
 	req, err := http.NewRequest("POST", "http://plugin"+endpoint, bytes.NewReader(reqJSON))
 	if err != nil {
-		return nil, fmt.Errorf("error making request to volume plugin %s endpoint %s: %w", p.Name, endpoint, err)
+		return nil, fmt.Errorf("making request to volume plugin %s endpoint %s: %w", p.Name, endpoint, err)
 	}
 
 	req.Header.Set("Host", p.getURI())
@@ -229,7 +226,7 @@ func (p *VolumePlugin) sendRequest(toJSON interface{}, endpoint string) (*http.R
 
 	resp, err := p.Client.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("error sending request to volume plugin %s endpoint %s: %w", p.Name, endpoint, err)
+		return nil, fmt.Errorf("sending request to volume plugin %s endpoint %s: %w", p.Name, endpoint, err)
 	}
 	// We are *deliberately not closing* response here. It is the
 	// responsibility of the caller to do so after reading the response.
@@ -243,9 +240,9 @@ func (p *VolumePlugin) makeErrorResponse(err, endpoint, volName string) error {
 		err = "empty error from plugin"
 	}
 	if volName != "" {
-		return fmt.Errorf("error on %s on volume %s in volume plugin %s: %w", endpoint, volName, p.Name, errors.New(err))
+		return fmt.Errorf("on %s on volume %s in volume plugin %s: %w", endpoint, volName, p.Name, errors.New(err))
 	}
-	return fmt.Errorf("error on %s in volume plugin %s: %w", endpoint, p.Name, errors.New(err))
+	return fmt.Errorf("on %s in volume plugin %s: %w", endpoint, p.Name, errors.New(err))
 }
 
 // Handle error responses from plugin
@@ -257,12 +254,12 @@ func (p *VolumePlugin) handleErrorResponse(resp *http.Response, endpoint, volNam
 	if resp.StatusCode != 200 {
 		errResp, err := ioutil.ReadAll(resp.Body)
 		if err != nil {
-			return fmt.Errorf("error reading response body from volume plugin %s: %w", p.Name, err)
+			return fmt.Errorf("reading response body from volume plugin %s: %w", p.Name, err)
 		}
 
 		errStruct := new(volume.ErrorResponse)
 		if err := json.Unmarshal(errResp, errStruct); err != nil {
-			return fmt.Errorf("error unmarshalling JSON response from volume plugin %s: %w", p.Name, err)
+			return fmt.Errorf("unmarshalling JSON response from volume plugin %s: %w", p.Name, err)
 		}
 
 		return p.makeErrorResponse(errStruct.Err, endpoint, volName)
@@ -312,12 +309,12 @@ func (p *VolumePlugin) ListVolumes() ([]*volume.Volume, error) {
 
 	volumeRespBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("error reading response body from volume plugin %s: %w", p.Name, err)
+		return nil, fmt.Errorf("reading response body from volume plugin %s: %w", p.Name, err)
 	}
 
 	volumeResp := new(volume.ListResponse)
 	if err := json.Unmarshal(volumeRespBytes, volumeResp); err != nil {
-		return nil, fmt.Errorf("error unmarshalling volume plugin %s list response: %w", p.Name, err)
+		return nil, fmt.Errorf("unmarshalling volume plugin %s list response: %w", p.Name, err)
 	}
 
 	return volumeResp.Volumes, nil
@@ -347,12 +344,12 @@ func (p *VolumePlugin) GetVolume(req *volume.GetRequest) (*volume.Volume, error)
 
 	getRespBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("error reading response body from volume plugin %s: %w", p.Name, err)
+		return nil, fmt.Errorf("reading response body from volume plugin %s: %w", p.Name, err)
 	}
 
 	getResp := new(volume.GetResponse)
 	if err := json.Unmarshal(getRespBytes, getResp); err != nil {
-		return nil, fmt.Errorf("error unmarshalling volume plugin %s get response: %w", p.Name, err)
+		return nil, fmt.Errorf("unmarshalling volume plugin %s get response: %w", p.Name, err)
 	}
 
 	return getResp.Volume, nil
@@ -403,12 +400,12 @@ func (p *VolumePlugin) GetVolumePath(req *volume.PathRequest) (string, error) {
 
 	pathRespBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return "", fmt.Errorf("error reading response body from volume plugin %s: %w", p.Name, err)
+		return "", fmt.Errorf("reading response body from volume plugin %s: %w", p.Name, err)
 	}
 
 	pathResp := new(volume.PathResponse)
 	if err := json.Unmarshal(pathRespBytes, pathResp); err != nil {
-		return "", fmt.Errorf("error unmarshalling volume plugin %s path response: %w", p.Name, err)
+		return "", fmt.Errorf("unmarshalling volume plugin %s path response: %w", p.Name, err)
 	}
 
 	return pathResp.Mountpoint, nil
@@ -440,12 +437,12 @@ func (p *VolumePlugin) MountVolume(req *volume.MountRequest) (string, error) {
 
 	mountRespBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return "", fmt.Errorf("error reading response body from volume plugin %s: %w", p.Name, err)
+		return "", fmt.Errorf("reading response body from volume plugin %s: %w", p.Name, err)
 	}
 
 	mountResp := new(volume.MountResponse)
 	if err := json.Unmarshal(mountRespBytes, mountResp); err != nil {
-		return "", fmt.Errorf("error unmarshalling volume plugin %s path response: %w", p.Name, err)
+		return "", fmt.Errorf("unmarshalling volume plugin %s path response: %w", p.Name, err)
 	}
 
 	return mountResp.Mountpoint, nil
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index 29964ae95..924d43436 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -40,7 +40,7 @@ func (p *Pod) startInitContainers(ctx context.Context) error {
 			icLock := initCon.lock
 			icLock.Lock()
 			var time *uint
-			if err := p.runtime.removeContainer(ctx, initCon, false, false, true, time); err != nil {
+			if err := p.runtime.removeContainer(ctx, initCon, false, false, true, false, time); err != nil {
 				icLock.Unlock()
 				return fmt.Errorf("failed to remove once init container %s: %w", initCon.ID(), err)
 			}
@@ -92,7 +92,7 @@ func (p *Pod) Start(ctx context.Context) (map[string]error, error) {
 	// Build a dependency graph of containers in the pod
 	graph, err := BuildContainerGraph(allCtrs)
 	if err != nil {
-		return nil, fmt.Errorf("error generating dependency graph for pod %s: %w", p.ID(), err)
+		return nil, fmt.Errorf("generating dependency graph for pod %s: %w", p.ID(), err)
 	}
 	// If there are no containers without dependencies, we can't start
 	// Error out
@@ -109,7 +109,7 @@ func (p *Pod) Start(ctx context.Context) (map[string]error, error) {
 	}
 
 	if len(ctrErrors) > 0 {
-		return ctrErrors, fmt.Errorf("error starting some containers: %w", define.ErrPodPartialFail)
+		return ctrErrors, fmt.Errorf("starting some containers: %w", define.ErrPodPartialFail)
 	}
 	defer p.newPodEvent(events.Start)
 	return nil, nil
@@ -201,7 +201,7 @@ func (p *Pod) stopWithTimeout(ctx context.Context, cleanup bool, timeout int) (m
 	}
 
 	if len(ctrErrors) > 0 {
-		return ctrErrors, fmt.Errorf("error stopping some containers: %w", define.ErrPodPartialFail)
+		return ctrErrors, fmt.Errorf("stopping some containers: %w", define.ErrPodPartialFail)
 	}
 
 	if err := p.maybeStopServiceContainer(); err != nil {
@@ -305,7 +305,7 @@ func (p *Pod) Cleanup(ctx context.Context) (map[string]error, error) {
 	}
 
 	if len(ctrErrors) > 0 {
-		return ctrErrors, fmt.Errorf("error cleaning up some containers: %w", define.ErrPodPartialFail)
+		return ctrErrors, fmt.Errorf("cleaning up some containers: %w", define.ErrPodPartialFail)
 	}
 
 	if err := p.maybeStopServiceContainer(); err != nil {
@@ -376,7 +376,7 @@ func (p *Pod) Pause(ctx context.Context) (map[string]error, error) {
 	}
 
 	if len(ctrErrors) > 0 {
-		return ctrErrors, fmt.Errorf("error pausing some containers: %w", define.ErrPodPartialFail)
+		return ctrErrors, fmt.Errorf("pausing some containers: %w", define.ErrPodPartialFail)
 	}
 	return nil, nil
 }
@@ -432,7 +432,7 @@ func (p *Pod) Unpause(ctx context.Context) (map[string]error, error) {
 	}
 
 	if len(ctrErrors) > 0 {
-		return ctrErrors, fmt.Errorf("error unpausing some containers: %w", define.ErrPodPartialFail)
+		return ctrErrors, fmt.Errorf("unpausing some containers: %w", define.ErrPodPartialFail)
 	}
 	return nil, nil
 }
@@ -470,7 +470,7 @@ func (p *Pod) Restart(ctx context.Context) (map[string]error, error) {
 	// Build a dependency graph of containers in the pod
 	graph, err := BuildContainerGraph(allCtrs)
 	if err != nil {
-		return nil, fmt.Errorf("error generating dependency graph for pod %s: %w", p.ID(), err)
+		return nil, fmt.Errorf("generating dependency graph for pod %s: %w", p.ID(), err)
 	}
 
 	ctrErrors := make(map[string]error)
@@ -488,7 +488,7 @@ func (p *Pod) Restart(ctx context.Context) (map[string]error, error) {
 	}
 
 	if len(ctrErrors) > 0 {
-		return ctrErrors, fmt.Errorf("error stopping some containers: %w", define.ErrPodPartialFail)
+		return ctrErrors, fmt.Errorf("stopping some containers: %w", define.ErrPodPartialFail)
 	}
 	p.newPodEvent(events.Stop)
 	p.newPodEvent(events.Start)
@@ -547,7 +547,7 @@ func (p *Pod) Kill(ctx context.Context, signal uint) (map[string]error, error) {
 	}
 
 	if len(ctrErrors) > 0 {
-		return ctrErrors, fmt.Errorf("error killing some containers: %w", define.ErrPodPartialFail)
+		return ctrErrors, fmt.Errorf("killing some containers: %w", define.ErrPodPartialFail)
 	}
 
 	if err := p.maybeStopServiceContainer(); err != nil {
diff --git a/libpod/pod_internal.go b/libpod/pod_internal.go
index a86cd6d21..d63bff2c9 100644
--- a/libpod/pod_internal.go
+++ b/libpod/pod_internal.go
@@ -16,7 +16,7 @@ import (
 func newPod(runtime *Runtime) *Pod {
 	pod := new(Pod)
 	pod.config = new(PodConfig)
-	pod.config.ID = stringid.GenerateNonCryptoID()
+	pod.config.ID = stringid.GenerateRandomID()
 	pod.config.Labels = make(map[string]string)
 	pod.config.CreatedTime = time.Now()
 	//	pod.config.InfraContainer = new(ContainerConfig)
@@ -38,7 +38,7 @@ func (p *Pod) updatePod() error {
 // Save pod state to database
 func (p *Pod) save() error {
 	if err := p.runtime.state.SavePod(p); err != nil {
-		return fmt.Errorf("error saving pod %s state: %w", p.ID(), err)
+		return fmt.Errorf("saving pod %s state: %w", p.ID(), err)
 	}
 
 	return nil
@@ -60,7 +60,7 @@ func (p *Pod) refresh() error {
 	// Retrieve the pod's lock
 	lock, err := p.runtime.lockManager.AllocateAndRetrieveLock(p.config.LockID)
 	if err != nil {
-		return fmt.Errorf("error retrieving lock %d for pod %s: %w", p.config.LockID, p.ID(), err)
+		return fmt.Errorf("retrieving lock %d for pod %s: %w", p.config.LockID, p.ID(), err)
 	}
 	p.lock = lock
 
diff --git a/libpod/pod_top_unsupported.go b/libpod/pod_top_unsupported.go
new file mode 100644
index 000000000..92323043a
--- /dev/null
+++ b/libpod/pod_top_unsupported.go
@@ -0,0 +1,20 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"errors"
+)
+
+// GetPodPidInformation returns process-related data of all processes in
+// the pod.  The output data can be controlled via the `descriptors`
+// argument which expects format descriptors and supports all AIXformat
+// descriptors of ps (1) plus some additional ones to for instance inspect the
+// set of effective capabilities.  Each element in the returned string slice
+// is a tab-separated string.
+//
+// For more details, please refer to github.com/containers/psgo.
+func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error) {
+	return nil, errors.New("not implemented (*Pod) GetPodPidInformation")
+}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index ea4b34954..83c9f53e2 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -2,15 +2,12 @@ package libpod
 
 import (
 	"bufio"
-	"bytes"
 	"context"
 	"errors"
 	"fmt"
+	"math/rand"
 	"os"
-	"os/exec"
 	"path/filepath"
-	"regexp"
-	"strconv"
 	"strings"
 	"sync"
 	"syscall"
@@ -44,17 +41,6 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-const (
-	// conmonMinMajorVersion is the major version required for conmon.
-	conmonMinMajorVersion = 2
-
-	// conmonMinMinorVersion is the minor version required for conmon.
-	conmonMinMinorVersion = 0
-
-	// conmonMinPatchVersion is the sub-minor version required for conmon.
-	conmonMinPatchVersion = 24
-)
-
 // A RuntimeOption is a functional option which alters the Runtime created by
 // NewRuntime
 type RuntimeOption func(*Runtime) error
@@ -127,6 +113,13 @@ type Runtime struct {
 	secretsManager *secrets.SecretsManager
 }
 
+func init() {
+	// generateName calls namesgenerator.GetRandomName which the
+	// global RNG from math/rand. Seed it here to make sure we
+	// don't get the same name every time.
+	rand.Seed(time.Now().UnixNano())
+}
+
 // SetXdgDirs ensures the XDG_RUNTIME_DIR env and XDG_CONFIG_HOME variables are set.
 // containers/image uses XDG_RUNTIME_DIR to locate the auth file, XDG_CONFIG_HOME is
 // use for the containers.conf configuration file.
@@ -214,7 +207,7 @@ func newRuntimeFromConfig(conf *config.Config, options ...RuntimeOption) (*Runti
 	// Overwrite config with user-given configuration options
 	for _, opt := range options {
 		if err := opt(runtime); err != nil {
-			return nil, fmt.Errorf("error configuring runtime: %w", err)
+			return nil, fmt.Errorf("configuring runtime: %w", err)
 		}
 	}
 
@@ -230,7 +223,7 @@ func newRuntimeFromConfig(conf *config.Config, options ...RuntimeOption) (*Runti
 	}
 
 	if err := shutdown.Start(); err != nil {
-		return nil, fmt.Errorf("error starting shutdown signal handler: %w", err)
+		return nil, fmt.Errorf("starting shutdown signal handler: %w", err)
 	}
 
 	if err := makeRuntime(runtime); err != nil {
@@ -287,7 +280,7 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) {
 				// Since we're renumbering, this is not fatal.
 				// Remove the earlier set of locks and recreate.
 				if err := os.Remove(filepath.Join("/dev/shm", lockPath)); err != nil {
-					return nil, fmt.Errorf("error removing libpod locks file %s: %w", lockPath, err)
+					return nil, fmt.Errorf("removing libpod locks file %s: %w", lockPath, err)
 				}
 
 				manager, err = lock.NewSHMLockManager(lockPath, runtime.config.Engine.NumLocks)
@@ -308,7 +301,7 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) {
 // Sets up containers/storage, state store, OCI runtime
 func makeRuntime(runtime *Runtime) (retErr error) {
 	// Find a working conmon binary
-	cPath, err := findConmon(runtime.config.Engine.ConmonPath)
+	cPath, err := runtime.config.FindConmon()
 	if err != nil {
 		return err
 	}
@@ -325,7 +318,7 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 	if err := os.MkdirAll(runtime.config.Engine.StaticDir, 0700); err != nil {
 		// The directory is allowed to exist
 		if !errors.Is(err, os.ErrExist) {
-			return fmt.Errorf("error creating runtime static files directory: %w", err)
+			return fmt.Errorf("creating runtime static files directory: %w", err)
 		}
 	}
 
@@ -369,7 +362,7 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 			}
 		}
 
-		return fmt.Errorf("error retrieving runtime configuration from database: %w", err)
+		return fmt.Errorf("retrieving runtime configuration from database: %w", err)
 	}
 
 	runtime.mergeDBConfig(dbConfig)
@@ -412,7 +405,7 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 	}
 
 	if err := runtime.state.SetNamespace(runtime.config.Engine.Namespace); err != nil {
-		return fmt.Errorf("error setting libpod namespace in state: %w", err)
+		return fmt.Errorf("setting libpod namespace in state: %w", err)
 	}
 	logrus.Debugf("Set libpod namespace to %q", runtime.config.Engine.Namespace)
 
@@ -469,15 +462,7 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 	if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0751); err != nil {
 		// The directory is allowed to exist
 		if !errors.Is(err, os.ErrExist) {
-			return fmt.Errorf("error creating tmpdir: %w", err)
-		}
-	}
-
-	// Create events log dir
-	if err := os.MkdirAll(filepath.Dir(runtime.config.Engine.EventsLogFilePath), 0700); err != nil {
-		// The directory is allowed to exist
-		if !errors.Is(err, os.ErrExist) {
-			return fmt.Errorf("error creating events dirs: %w", err)
+			return fmt.Errorf("creating tmpdir: %w", err)
 		}
 	}
 
@@ -535,7 +520,7 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 	if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0755); err != nil {
 		// The directory is allowed to exist
 		if !errors.Is(err, os.ErrExist) {
-			return fmt.Errorf("error creating runtime temporary files directory: %w", err)
+			return fmt.Errorf("creating runtime temporary files directory: %w", err)
 		}
 	}
 
@@ -556,7 +541,7 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 	runtimeAliveFile := filepath.Join(runtime.config.Engine.TmpDir, "alive")
 	aliveLock, err := storage.GetLockfile(runtimeAliveLock)
 	if err != nil {
-		return fmt.Errorf("error acquiring runtime init lock: %w", err)
+		return fmt.Errorf("acquiring runtime init lock: %w", err)
 	}
 	// Acquire the lock and hold it until we return
 	// This ensures that no two processes will be in runtime.refresh at once
@@ -610,7 +595,7 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 		if errors.Is(err, os.ErrNotExist) {
 			doRefresh = true
 		} else {
-			return fmt.Errorf("error reading runtime status file %s: %w", runtimeAliveFile, err)
+			return fmt.Errorf("reading runtime status file %s: %w", runtimeAliveFile, err)
 		}
 	}
 
@@ -670,102 +655,6 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 	return nil
 }
 
-// findConmon iterates over conmonPaths and returns the path
-// to the first conmon binary with a new enough version. If none is found,
-// we try to do a path lookup of "conmon".
-func findConmon(conmonPaths []string) (string, error) {
-	foundOutdatedConmon := false
-	for _, path := range conmonPaths {
-		stat, err := os.Stat(path)
-		if err != nil {
-			continue
-		}
-		if stat.IsDir() {
-			continue
-		}
-		if err := probeConmon(path); err != nil {
-			logrus.Warnf("Conmon at %s invalid: %v", path, err)
-			foundOutdatedConmon = true
-			continue
-		}
-		logrus.Debugf("Using conmon: %q", path)
-		return path, nil
-	}
-
-	// Search the $PATH as last fallback
-	if path, err := exec.LookPath("conmon"); err == nil {
-		if err := probeConmon(path); err != nil {
-			logrus.Warnf("Conmon at %s is invalid: %v", path, err)
-			foundOutdatedConmon = true
-		} else {
-			logrus.Debugf("Using conmon from $PATH: %q", path)
-			return path, nil
-		}
-	}
-
-	if foundOutdatedConmon {
-		return "", fmt.Errorf(
-			"please update to v%d.%d.%d or later: %w",
-			conmonMinMajorVersion, conmonMinMinorVersion, conmonMinPatchVersion, define.ErrConmonOutdated)
-	}
-
-	return "", fmt.Errorf(
-		"could not find a working conmon binary (configured options: %v): %w",
-		conmonPaths, define.ErrInvalidArg)
-}
-
-// probeConmon calls conmon --version and verifies it is a new enough version for
-// the runtime expectations the container engine currently has.
-func probeConmon(conmonBinary string) error {
-	cmd := exec.Command(conmonBinary, "--version")
-	var out bytes.Buffer
-	cmd.Stdout = &out
-	err := cmd.Run()
-	if err != nil {
-		return err
-	}
-	r := regexp.MustCompile(`^conmon version (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`)
-
-	matches := r.FindStringSubmatch(out.String())
-	if len(matches) != 4 {
-		return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err)
-	}
-	major, err := strconv.Atoi(matches[1])
-	if err != nil {
-		return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err)
-	}
-	if major < conmonMinMajorVersion {
-		return define.ErrConmonOutdated
-	}
-	if major > conmonMinMajorVersion {
-		return nil
-	}
-
-	minor, err := strconv.Atoi(matches[2])
-	if err != nil {
-		return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err)
-	}
-	if minor < conmonMinMinorVersion {
-		return define.ErrConmonOutdated
-	}
-	if minor > conmonMinMinorVersion {
-		return nil
-	}
-
-	patch, err := strconv.Atoi(matches[3])
-	if err != nil {
-		return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err)
-	}
-	if patch < conmonMinPatchVersion {
-		return define.ErrConmonOutdated
-	}
-	if patch > conmonMinPatchVersion {
-		return nil
-	}
-
-	return nil
-}
-
 // TmpDir gets the current Libpod temporary files directory.
 func (r *Runtime) TmpDir() (string, error) {
 	if !r.valid {
@@ -798,7 +687,7 @@ func (r *Runtime) GetConfig() (*config.Config, error) {
 
 	// Copy so the caller won't be able to modify the actual config
 	if err := JSONDeepCopy(rtConfig, config); err != nil {
-		return nil, fmt.Errorf("error copying config: %w", err)
+		return nil, fmt.Errorf("copying config: %w", err)
 	}
 
 	return config, nil
@@ -909,7 +798,7 @@ func (r *Runtime) Shutdown(force bool) error {
 
 		// Note that the libimage runtime shuts down the store.
 		if err := r.libimageRuntime.Shutdown(force); err != nil {
-			lastError = fmt.Errorf("error shutting down container storage: %w", err)
+			lastError = fmt.Errorf("shutting down container storage: %w", err)
 		}
 	}
 	if err := r.state.Close(); err != nil {
@@ -941,15 +830,15 @@ func (r *Runtime) refresh(alivePath string) error {
 	// Containers, pods, and volumes must also reacquire their locks.
 	ctrs, err := r.state.AllContainers()
 	if err != nil {
-		return fmt.Errorf("error retrieving all containers from state: %w", err)
+		return fmt.Errorf("retrieving all containers from state: %w", err)
 	}
 	pods, err := r.state.AllPods()
 	if err != nil {
-		return fmt.Errorf("error retrieving all pods from state: %w", err)
+		return fmt.Errorf("retrieving all pods from state: %w", err)
 	}
 	vols, err := r.state.AllVolumes()
 	if err != nil {
-		return fmt.Errorf("error retrieving all volumes from state: %w", err)
+		return fmt.Errorf("retrieving all volumes from state: %w", err)
 	}
 	// No locks are taken during pod, volume, and container refresh.
 	// Furthermore, the pod/volume/container refresh() functions are not
@@ -977,7 +866,7 @@ func (r *Runtime) refresh(alivePath string) error {
 	// Create a file indicating the runtime is alive and ready
 	file, err := os.OpenFile(alivePath, os.O_RDONLY|os.O_CREATE, 0644)
 	if err != nil {
-		return fmt.Errorf("error creating runtime status file: %w", err)
+		return fmt.Errorf("creating runtime status file: %w", err)
 	}
 	defer file.Close()
 
@@ -1141,9 +1030,6 @@ func (r *Runtime) mergeDBConfig(dbConfig *DBConfig) {
 			logrus.Debugf("Overriding tmp dir %q with %q from database", c.TmpDir, dbConfig.LibpodTmp)
 		}
 		c.TmpDir = dbConfig.LibpodTmp
-		if c.EventsLogFilePath == "" {
-			c.EventsLogFilePath = filepath.Join(dbConfig.LibpodTmp, "events", "events.log")
-		}
 	}
 
 	if !r.storageSet.VolumePathSet && dbConfig.VolumePath != "" {
@@ -1208,7 +1094,7 @@ func (r *Runtime) getVolumePlugin(volConfig *VolumeConfig) (*plugin.VolumePlugin
 		return nil, fmt.Errorf("no volume plugin with name %s available: %w", name, define.ErrMissingPlugin)
 	}
 
-	return plugin.GetVolumePlugin(name, pluginPath, timeout)
+	return plugin.GetVolumePlugin(name, pluginPath, timeout, r.config)
 }
 
 // GetSecretsStorageDir returns the directory that the secrets manager should take
diff --git a/libpod/runtime_cstorage.go b/libpod/runtime_cstorage.go
index 047375628..372434b49 100644
--- a/libpod/runtime_cstorage.go
+++ b/libpod/runtime_cstorage.go
@@ -39,7 +39,7 @@ func (r *Runtime) ListStorageContainers() ([]*StorageContainer, error) {
 		// Look up if container is in state
 		hasCtr, err := r.state.HasContainer(ctr.ID)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up container %s in state: %w", ctr.ID, err)
+			return nil, fmt.Errorf("looking up container %s in state: %w", ctr.ID, err)
 		}
 
 		storageCtr.PresentInLibpod = hasCtr
@@ -64,7 +64,7 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error {
 		if errors.Is(err, storage.ErrLayerUnknown) {
 			return fmt.Errorf("no container with ID or name %q found: %w", idOrName, define.ErrNoSuchCtr)
 		}
-		return fmt.Errorf("error looking up container %q: %w", idOrName, err)
+		return fmt.Errorf("looking up container %q: %w", idOrName, err)
 	}
 
 	// Lookup returns an ID but it's not guaranteed to be a container ID.
@@ -74,7 +74,7 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error {
 		if errors.Is(err, storage.ErrContainerUnknown) {
 			return fmt.Errorf("%q does not refer to a container: %w", idOrName, define.ErrNoSuchCtr)
 		}
-		return fmt.Errorf("error retrieving container %q: %w", idOrName, err)
+		return fmt.Errorf("retrieving container %q: %w", idOrName, err)
 	}
 
 	// Error out if the container exists in libpod
@@ -115,7 +115,7 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error {
 			logrus.Infof("Storage for container %s already removed", ctr.ID)
 			return nil
 		}
-		return fmt.Errorf("error removing storage for container %q: %w", idOrName, err)
+		return fmt.Errorf("removing storage for container %q: %w", idOrName, err)
 	}
 
 	return nil
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index ce0fd869d..7b3cbadfa 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -86,7 +86,7 @@ func (r *Runtime) RestoreContainer(ctx context.Context, rSpec *spec.Spec, config
 
 	ctr, err := r.initContainerVariables(rSpec, config)
 	if err != nil {
-		return nil, fmt.Errorf("error initializing container variables: %w", err)
+		return nil, fmt.Errorf("initializing container variables: %w", err)
 	}
 	// For an imported checkpoint no one has ever set the StartedTime. Set it now.
 	ctr.state.StartedTime = time.Now()
@@ -126,7 +126,7 @@ func (r *Runtime) RenameContainer(ctx context.Context, ctr *Container, newName s
 	// the config was re-written.
 	newConf, err := r.state.GetContainerConfig(ctr.ID())
 	if err != nil {
-		return nil, fmt.Errorf("error retrieving container %s configuration from DB to remove: %w", ctr.ID(), err)
+		return nil, fmt.Errorf("retrieving container %s configuration from DB to remove: %w", ctr.ID(), err)
 	}
 	ctr.config = newConf
 
@@ -143,7 +143,7 @@ func (r *Runtime) RenameContainer(ctx context.Context, ctr *Container, newName s
 		// Set config back to the old name so reflect what is actually
 		// present in the DB.
 		ctr.config.Name = oldName
-		return nil, fmt.Errorf("error renaming container %s: %w", ctr.ID(), err)
+		return nil, fmt.Errorf("renaming container %s: %w", ctr.ID(), err)
 	}
 
 	// Step 3: rename the container in c/storage.
@@ -169,14 +169,19 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf
 	ctr.state = new(ContainerState)
 
 	if config == nil {
-		ctr.config.ID = stringid.GenerateNonCryptoID()
+		ctr.config.ID = stringid.GenerateRandomID()
 		size, err := units.FromHumanSize(r.config.Containers.ShmSize)
-		if err != nil {
-			return nil, fmt.Errorf("converting containers.conf ShmSize %s to an int: %w", r.config.Containers.ShmSize, err)
+		if useDevShm {
+			if err != nil {
+				return nil, fmt.Errorf("converting containers.conf ShmSize %s to an int: %w", r.config.Containers.ShmSize, err)
+			}
+			ctr.config.ShmSize = size
+			ctr.config.NoShm = false
+			ctr.config.NoShmShare = false
+		} else {
+			ctr.config.NoShm = true
+			ctr.config.NoShmShare = true
 		}
-		ctr.config.ShmSize = size
-		ctr.config.NoShm = false
-		ctr.config.NoShmShare = false
 		ctr.config.StopSignal = 15
 
 		ctr.config.StopTimeout = r.config.Engine.StopTimeout
@@ -184,11 +189,11 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf
 		// This is a restore from an imported checkpoint
 		ctr.restoreFromCheckpoint = true
 		if err := JSONDeepCopy(config, ctr.config); err != nil {
-			return nil, fmt.Errorf("error copying container config for restore: %w", err)
+			return nil, fmt.Errorf("copying container config for restore: %w", err)
 		}
 		// If the ID is empty a new name for the restored container was requested
 		if ctr.config.ID == "" {
-			ctr.config.ID = stringid.GenerateNonCryptoID()
+			ctr.config.ID = stringid.GenerateRandomID()
 		}
 		// Reset the log path to point to the default
 		ctr.config.LogPath = ""
@@ -224,12 +229,12 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
 	ctr, err = r.initContainerVariables(rSpec, nil)
 
 	if err != nil {
-		return nil, fmt.Errorf("error initializing container variables: %w", err)
+		return nil, fmt.Errorf("initializing container variables: %w", err)
 	}
 
 	for _, option := range options {
 		if err := option(ctr); err != nil {
-			return nil, fmt.Errorf("error running container create option: %w", err)
+			return nil, fmt.Errorf("running container create option: %w", err)
 		}
 	}
 
@@ -296,7 +301,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 	// Allocate a lock for the container
 	lock, err := r.lockManager.AllocateLock()
 	if err != nil {
-		return nil, fmt.Errorf("error allocating lock for new container: %w", err)
+		return nil, fmt.Errorf("allocating lock for new container: %w", err)
 	}
 	ctr.lock = lock
 	ctr.config.LockID = ctr.lock.ID()
@@ -350,7 +355,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 				if pod != nil && pod.config.UsePodCgroup && !ctr.IsInfra() {
 					podCgroup, err := pod.CgroupPath()
 					if err != nil {
-						return nil, fmt.Errorf("error retrieving pod %s cgroup: %w", pod.ID(), err)
+						return nil, fmt.Errorf("retrieving pod %s cgroup: %w", pod.ID(), err)
 					}
 					expectPodCgroup, err := ctr.expectPodCgroup()
 					if err != nil {
@@ -375,7 +380,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 				case pod != nil && pod.config.UsePodCgroup && !ctr.IsInfra():
 					podCgroup, err := pod.CgroupPath()
 					if err != nil {
-						return nil, fmt.Errorf("error retrieving pod %s cgroup: %w", pod.ID(), err)
+						return nil, fmt.Errorf("retrieving pod %s cgroup: %w", pod.ID(), err)
 					}
 					ctr.config.CgroupParent = podCgroup
 				case rootless.IsRootless() && ctr.config.CgroupsMode != cgroupSplit:
@@ -427,7 +432,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 	defer func() {
 		if retErr != nil {
 			if err := ctr.teardownStorage(); err != nil {
-				logrus.Errorf("Removing partially-created container root filesystem: %s", err)
+				logrus.Errorf("Removing partially-created container root filesystem: %v", err)
 			}
 		}
 	}()
@@ -461,7 +466,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		if vol.Name == "" {
 			// Anonymous volume. We'll need to create it.
 			// It needs a name first.
-			vol.Name = stringid.GenerateNonCryptoID()
+			vol.Name = stringid.GenerateRandomID()
 			isAnonymous = true
 		} else {
 			// Check if it exists already
@@ -471,9 +476,14 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 				// The volume exists, we're good
 				continue
 			} else if !errors.Is(err, define.ErrNoSuchVolume) {
-				return nil, fmt.Errorf("error retrieving named volume %s for new container: %w", vol.Name, err)
+				return nil, fmt.Errorf("retrieving named volume %s for new container: %w", vol.Name, err)
 			}
 		}
+		if vol.IsAnonymous {
+			// If SetAnonymous is true, make this an anonymous volume
+			// this is needed for emptyDir volumes from kube yamls
+			isAnonymous = true
+		}
 
 		logrus.Debugf("Creating new volume %s for container", vol.Name)
 
@@ -504,7 +514,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		}
 		newVol, err := r.newVolume(false, volOptions...)
 		if err != nil {
-			return nil, fmt.Errorf("error creating named volume %q: %w", vol.Name, err)
+			return nil, fmt.Errorf("creating named volume %q: %w", vol.Name, err)
 		}
 
 		ctrNamedVolumes = append(ctrNamedVolumes, newVol)
@@ -523,7 +533,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		}
 	}
 
-	if !MountExists(ctr.config.Spec.Mounts, "/dev/shm") && ctr.config.ShmDir == "" && !ctr.config.NoShm {
+	if useDevShm && !MountExists(ctr.config.Spec.Mounts, "/dev/shm") && ctr.config.ShmDir == "" && !ctr.config.NoShm {
 		ctr.config.ShmDir = filepath.Join(ctr.bundlePath(), "shm")
 		if err := os.MkdirAll(ctr.config.ShmDir, 0700); err != nil {
 			if !os.IsExist(err) {
@@ -571,7 +581,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 // be removed also if and only if the container is the sole user
 // Otherwise, RemoveContainer will return an error if the container is running
 func (r *Runtime) RemoveContainer(ctx context.Context, c *Container, force bool, removeVolume bool, timeout *uint) error {
-	return r.removeContainer(ctx, c, force, removeVolume, false, timeout)
+	return r.removeContainer(ctx, c, force, removeVolume, false, false, timeout)
 }
 
 // Internal function to remove a container.
@@ -579,7 +589,9 @@ func (r *Runtime) RemoveContainer(ctx context.Context, c *Container, force bool,
 // removePod is used only when removing pods. It instructs Podman to ignore
 // infra container protections, and *not* remove from the database (as pod
 // remove will handle that).
-func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, removeVolume, removePod bool, timeout *uint) error {
+// ignoreDeps is *DANGEROUS* and should not be used outside of a very specific
+// context (alternate pod removal code, where graph traversal is not possible).
+func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, removeVolume, removePod, ignoreDeps bool, timeout *uint) error {
 	if !c.valid {
 		if ok, _ := r.state.HasContainer(c.ID()); !ok {
 			// Container probably already removed
@@ -596,7 +608,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 	// exist once we're done.
 	newConf, err := r.state.GetContainerConfig(c.ID())
 	if err != nil {
-		return fmt.Errorf("error retrieving container %s configuration from DB to remove: %w", c.ID(), err)
+		return fmt.Errorf("retrieving container %s configuration from DB to remove: %w", c.ID(), err)
 	}
 	c.config = newConf
 
@@ -608,25 +620,27 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 	// pod.
 	var pod *Pod
 	runtime := c.runtime
-	if c.config.Pod != "" && !removePod {
+	if c.config.Pod != "" {
 		pod, err = r.state.Pod(c.config.Pod)
 		if err != nil {
 			return fmt.Errorf("container %s is in pod %s, but pod cannot be retrieved: %w", c.ID(), pod.ID(), err)
 		}
 
-		// Lock the pod while we're removing container
-		if pod.config.LockID == c.config.LockID {
-			return fmt.Errorf("container %s and pod %s share lock ID %d: %w", c.ID(), pod.ID(), c.config.LockID, define.ErrWillDeadlock)
-		}
-		pod.lock.Lock()
-		defer pod.lock.Unlock()
-		if err := pod.updatePod(); err != nil {
-			return err
-		}
+		if !removePod {
+			// Lock the pod while we're removing container
+			if pod.config.LockID == c.config.LockID {
+				return fmt.Errorf("container %s and pod %s share lock ID %d: %w", c.ID(), pod.ID(), c.config.LockID, define.ErrWillDeadlock)
+			}
+			pod.lock.Lock()
+			defer pod.lock.Unlock()
+			if err := pod.updatePod(); err != nil {
+				return err
+			}
 
-		infraID := pod.state.InfraContainerID
-		if c.ID() == infraID {
-			return fmt.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID())
+			infraID := pod.state.InfraContainerID
+			if c.ID() == infraID {
+				return fmt.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID())
+			}
 		}
 	}
 
@@ -686,7 +700,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 	// Check that no other containers depend on the container.
 	// Only used if not removing a pod - pods guarantee that all
 	// deps will be evicted at the same time.
-	if !removePod {
+	if !ignoreDeps {
 		deps, err := r.state.ContainerInUse(c)
 		if err != nil {
 			return err
@@ -717,7 +731,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 		if ok, _ := r.state.HasContainer(c.ID()); !ok {
 			// When the container has already been removed, the OCI runtime directory remain.
 			if err := c.cleanupRuntime(ctx); err != nil {
-				return fmt.Errorf("error cleaning up container %s from OCI runtime: %w", c.ID(), err)
+				return fmt.Errorf("cleaning up container %s from OCI runtime: %w", c.ID(), err)
 			}
 			return nil
 		}
@@ -729,7 +743,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 	// Do this before we set ContainerStateRemoving, to ensure that we can
 	// actually remove from the OCI runtime.
 	if err := c.cleanup(ctx); err != nil {
-		cleanupErr = fmt.Errorf("error cleaning up container %s: %w", c.ID(), err)
+		cleanupErr = fmt.Errorf("cleaning up container %s: %w", c.ID(), err)
 	}
 
 	// Set ContainerStateRemoving
@@ -767,13 +781,11 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 	if c.config.Pod != "" {
 		// If we're removing the pod, the container will be evicted
 		// from the state elsewhere
-		if !removePod {
-			if err := r.state.RemoveContainerFromPod(pod, c); err != nil {
-				if cleanupErr == nil {
-					cleanupErr = err
-				} else {
-					logrus.Errorf("Removing container %s from database: %v", c.ID(), err)
-				}
+		if err := r.state.RemoveContainerFromPod(pod, c); err != nil {
+			if cleanupErr == nil {
+				cleanupErr = err
+			} else {
+				logrus.Errorf("Removing container %s from database: %v", c.ID(), err)
 			}
 		}
 	} else {
@@ -788,8 +800,8 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 
 	// Deallocate the container's lock
 	if err := c.lock.Free(); err != nil {
-		if cleanupErr == nil {
-			cleanupErr = fmt.Errorf("error freeing lock for container %s: %w", c.ID(), err)
+		if cleanupErr == nil && !os.IsNotExist(err) {
+			cleanupErr = fmt.Errorf("freeing lock for container %s: %w", c.ID(), err)
 		} else {
 			logrus.Errorf("Free container lock: %v", err)
 		}
@@ -814,11 +826,11 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo
 					// Ignore error, since podman will report original error
 					volumesFrom, _ := c.volumesFrom()
 					if len(volumesFrom) > 0 {
-						logrus.Debugf("Cleaning up volume not possible since volume is in use (%s)", v)
+						logrus.Debugf("Cleaning up volume not possible since volume is in use (%s)", v.Name)
 						continue
 					}
 				}
-				logrus.Errorf("Cleaning up volume (%s): %v", v, err)
+				logrus.Errorf("Cleaning up volume (%s): %v", v.Name, err)
 			}
 		}
 	}
@@ -862,7 +874,7 @@ func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVol
 	if err == nil {
 		logrus.Infof("Container %s successfully retrieved from state, attempting normal removal", id)
 		// Assume force = true for the evict case
-		err = r.removeContainer(ctx, tmpCtr, true, removeVolume, false, timeout)
+		err = r.removeContainer(ctx, tmpCtr, true, removeVolume, false, false, timeout)
 		if !tmpCtr.valid {
 			// If the container is marked invalid, remove succeeded
 			// in kicking it out of the state - no need to continue.
@@ -968,7 +980,7 @@ func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVol
 				continue
 			}
 			if err := r.removeVolume(ctx, volume, false, timeout, false); err != nil && err != define.ErrNoSuchVolume && err != define.ErrVolumeBeingUsed {
-				logrus.Errorf("Cleaning up volume (%s): %v", v, err)
+				logrus.Errorf("Cleaning up volume (%s): %v", v.Name, err)
 			}
 		}
 	}
@@ -995,7 +1007,7 @@ func (r *Runtime) RemoveDepend(ctx context.Context, rmCtr *Container, force bool
 			return nil, err
 		}
 		for _, cID := range podContainerIDS {
-			rmReports = append(rmReports, &reports.RmReport{Id: cID})
+			rmReports = append(rmReports, &reports.RmReport{Id: cID, RawInput: cID})
 		}
 		return rmReports, nil
 	}
@@ -1023,8 +1035,8 @@ func (r *Runtime) RemoveDepend(ctx context.Context, rmCtr *Container, force bool
 		rmReports = append(rmReports, reports...)
 	}
 
-	report := reports.RmReport{Id: rmCtr.ID()}
-	report.Err = r.removeContainer(ctx, rmCtr, force, removeVolume, false, timeout)
+	report := reports.RmReport{Id: rmCtr.ID(), RawInput: rmCtr.ID()}
+	report.Err = r.removeContainer(ctx, rmCtr, force, removeVolume, false, false, timeout)
 	return append(rmReports, &report), nil
 }
 
@@ -1217,7 +1229,7 @@ func (r *Runtime) MountStorageContainer(id string) (string, error) {
 	}
 	mountPoint, err := r.store.Mount(container.ID, "")
 	if err != nil {
-		return "", fmt.Errorf("error mounting storage for container %s: %w", id, err)
+		return "", fmt.Errorf("mounting storage for container %s: %w", id, err)
 	}
 	return mountPoint, nil
 }
@@ -1265,7 +1277,7 @@ func (r *Runtime) StorageContainers() ([]storage.Container, error) {
 
 	storeContainers, err := r.store.Containers()
 	if err != nil {
-		return nil, fmt.Errorf("error reading list of all storage containers: %w", err)
+		return nil, fmt.Errorf("reading list of all storage containers: %w", err)
 	}
 	retCtrs := []storage.Container{}
 	for _, container := range storeContainers {
diff --git a/libpod/runtime_ctr_freebsd.go b/libpod/runtime_ctr_freebsd.go
new file mode 100644
index 000000000..a8870a38c
--- /dev/null
+++ b/libpod/runtime_ctr_freebsd.go
@@ -0,0 +1,5 @@
+package libpod
+
+const (
+	useDevShm = false
+)
diff --git a/libpod/runtime_ctr_linux.go b/libpod/runtime_ctr_linux.go
new file mode 100644
index 000000000..7812d8238
--- /dev/null
+++ b/libpod/runtime_ctr_linux.go
@@ -0,0 +1,5 @@
+package libpod
+
+const (
+	useDevShm = true
+)
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index d04607d2e..dacbd752f 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -47,7 +47,7 @@ func (r *Runtime) RemoveContainersForImageCallback(ctx context.Context) libimage
 					return fmt.Errorf("removing image %s: container %s using image could not be removed: %w", imageID, ctr.ID(), err)
 				}
 			} else {
-				if err := r.removeContainer(ctx, ctr, true, false, false, timeout); err != nil {
+				if err := r.removeContainer(ctx, ctr, true, false, false, false, timeout); err != nil {
 					return fmt.Errorf("removing image %s: container %s using image could not be removed: %w", imageID, ctr.ID(), err)
 				}
 			}
@@ -107,7 +107,7 @@ func (r *Runtime) Build(ctx context.Context, options buildahDefine.BuildOptions,
 func DownloadFromFile(reader *os.File) (string, error) {
 	outFile, err := ioutil.TempFile(util.Tmpdir(), "import")
 	if err != nil {
-		return "", fmt.Errorf("error creating file: %w", err)
+		return "", fmt.Errorf("creating file: %w", err)
 	}
 	defer outFile.Close()
 
@@ -115,7 +115,7 @@ func DownloadFromFile(reader *os.File) (string, error) {
 
 	_, err = io.Copy(outFile, reader)
 	if err != nil {
-		return "", fmt.Errorf("error saving %s to %s: %w", reader.Name(), outFile.Name(), err)
+		return "", fmt.Errorf("saving %s to %s: %w", reader.Name(), outFile.Name(), err)
 	}
 
 	return outFile.Name(), nil
diff --git a/libpod/runtime_migrate.go b/libpod/runtime_migrate.go
index 139638a6b..36901d4d0 100644
--- a/libpod/runtime_migrate.go
+++ b/libpod/runtime_migrate.go
@@ -92,7 +92,7 @@ func (r *Runtime) migrate() error {
 
 		if needsWrite {
 			if err := r.state.RewriteContainerConfig(ctr, ctr.config); err != nil {
-				return fmt.Errorf("error rewriting config for container %s: %w", ctr.ID(), err)
+				return fmt.Errorf("rewriting config for container %s: %w", ctr.ID(), err)
 			}
 		}
 	}
diff --git a/libpod/runtime_migrate_unsupported.go b/libpod/runtime_migrate_unsupported.go
new file mode 100644
index 000000000..77c2737a9
--- /dev/null
+++ b/libpod/runtime_migrate_unsupported.go
@@ -0,0 +1,16 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"errors"
+)
+
+func (r *Runtime) stopPauseProcess() error {
+	return errors.New("not implemented (*Runtime) stopPauseProcess")
+}
+
+func (r *Runtime) migrate() error {
+	return errors.New("not implemented (*Runtime) migrate")
+}
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 57c0b5c48..24e9f3da7 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -17,6 +17,7 @@ import (
 	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/hashicorp/go-multierror"
 	"github.com/sirupsen/logrus"
 )
 
@@ -36,14 +37,14 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
 
 	for _, option := range options {
 		if err := option(pod); err != nil {
-			return nil, fmt.Errorf("error running pod create option: %w", err)
+			return nil, fmt.Errorf("running pod create option: %w", err)
 		}
 	}
 
 	// Allocate a lock for the pod
 	lock, err := r.lockManager.AllocateLock()
 	if err != nil {
-		return nil, fmt.Errorf("error allocating lock for new pod: %w", err)
+		return nil, fmt.Errorf("allocating lock for new pod: %w", err)
 	}
 	pod.lock = lock
 	pod.config.LockID = pod.lock.ID()
@@ -160,7 +161,7 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
 		}
 	}
 	if addPodErr != nil {
-		return nil, fmt.Errorf("error adding pod to state: %w", addPodErr)
+		return nil, fmt.Errorf("adding pod to state: %w", addPodErr)
 	}
 
 	return pod, nil
@@ -191,29 +192,9 @@ func (r *Runtime) SavePod(pod *Pod) error {
 	return nil
 }
 
-func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, timeout *uint) error {
-	if err := p.updatePod(); err != nil {
-		return err
-	}
-
-	ctrs, err := r.state.PodContainers(p)
-	if err != nil {
-		return err
-	}
-	numCtrs := len(ctrs)
-
-	// If the only running container in the pod is the pause container, remove the pod and container unconditionally.
-	pauseCtrID := p.state.InfraContainerID
-	if numCtrs == 1 && ctrs[0].ID() == pauseCtrID {
-		removeCtrs = true
-		force = true
-	}
-	if !removeCtrs && numCtrs > 0 {
-		return fmt.Errorf("pod %s contains containers and cannot be removed: %w", p.ID(), define.ErrCtrExists)
-	}
-
-	ctrNamedVolumes := make(map[string]*ContainerNamedVolume)
-
+// DO NOT USE THIS FUNCTION DIRECTLY. Use removePod(), below. It will call
+// removeMalformedPod() if necessary.
+func (r *Runtime) removeMalformedPod(ctx context.Context, p *Pod, ctrs []*Container, force bool, timeout *uint, ctrNamedVolumes map[string]*ContainerNamedVolume) error {
 	var removalErr error
 	for _, ctr := range ctrs {
 		err := func() error {
@@ -231,7 +212,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 				ctrNamedVolumes[vol.Name] = vol
 			}
 
-			return r.removeContainer(ctx, ctr, force, false, true, timeout)
+			return r.removeContainer(ctx, ctr, force, false, true, true, timeout)
 		}()
 
 		if removalErr == nil {
@@ -261,6 +242,69 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 		return err
 	}
 
+	return nil
+}
+
+func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, timeout *uint) error {
+	if err := p.updatePod(); err != nil {
+		return err
+	}
+
+	ctrs, err := r.state.PodContainers(p)
+	if err != nil {
+		return err
+	}
+	numCtrs := len(ctrs)
+
+	// If the only running container in the pod is the pause container, remove the pod and container unconditionally.
+	pauseCtrID := p.state.InfraContainerID
+	if numCtrs == 1 && ctrs[0].ID() == pauseCtrID {
+		removeCtrs = true
+		force = true
+	}
+	if !removeCtrs && numCtrs > 0 {
+		return fmt.Errorf("pod %s contains containers and cannot be removed: %w", p.ID(), define.ErrCtrExists)
+	}
+
+	var removalErr error
+	ctrNamedVolumes := make(map[string]*ContainerNamedVolume)
+
+	// Build a graph of all containers in the pod.
+	graph, err := BuildContainerGraph(ctrs)
+	if err != nil {
+		// We have to allow the pod to be removed.
+		// But let's only do it if force is set.
+		if !force {
+			return fmt.Errorf("cannot create container graph for pod %s: %w", p.ID(), err)
+		}
+
+		removalErr = fmt.Errorf("creating container graph for pod %s failed, fell back to loop removal: %w", p.ID(), err)
+
+		if err := r.removeMalformedPod(ctx, p, ctrs, force, timeout, ctrNamedVolumes); err != nil {
+			logrus.Errorf("Error creating container graph for pod %s: %v. Falling back to loop removal.", p.ID(), err)
+			return err
+		}
+	} else {
+		ctrErrors := make(map[string]error)
+		ctrsVisited := make(map[string]bool)
+
+		for _, node := range graph.notDependedOnNodes {
+			removeNode(ctx, node, p, force, timeout, false, ctrErrors, ctrsVisited, ctrNamedVolumes)
+		}
+
+		// This is gross, but I don't want to change the signature on
+		// removePod - especially since any change here eventually has
+		// to map down to one error unless we want to make a breaking
+		// API change.
+		if len(ctrErrors) > 0 {
+			var allErrs error
+			for id, err := range ctrErrors {
+				allErrs = multierror.Append(allErrs, fmt.Errorf("removing container %s from pod %s: %w", id, p.ID(), err))
+			}
+			return allErrs
+		}
+	}
+
 	for volName := range ctrNamedVolumes {
 		volume, err := r.state.Volume(volName)
 		if err != nil && !errors.Is(err, define.ErrNoSuchVolume) {
@@ -286,7 +330,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 		case config.SystemdCgroupsManager:
 			if err := deleteSystemdCgroup(p.state.CgroupPath, p.ResourceLim()); err != nil {
 				if removalErr == nil {
-					removalErr = fmt.Errorf("error removing pod %s cgroup: %w", p.ID(), err)
+					removalErr = fmt.Errorf("removing pod %s cgroup: %w", p.ID(), err)
 				} else {
 					logrus.Errorf("Deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err)
 				}
@@ -300,7 +344,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 			conmonCgroup, err := cgroups.Load(conmonCgroupPath)
 			if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless {
 				if removalErr == nil {
-					removalErr = fmt.Errorf("error retrieving pod %s conmon cgroup: %w", p.ID(), err)
+					removalErr = fmt.Errorf("retrieving pod %s conmon cgroup: %w", p.ID(), err)
 				} else {
 					logrus.Debugf("Error retrieving pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err)
 				}
@@ -308,7 +352,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 			if err == nil {
 				if err = conmonCgroup.Delete(); err != nil {
 					if removalErr == nil {
-						removalErr = fmt.Errorf("error removing pod %s conmon cgroup: %w", p.ID(), err)
+						removalErr = fmt.Errorf("removing pod %s conmon cgroup: %w", p.ID(), err)
 					} else {
 						logrus.Errorf("Deleting pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err)
 					}
@@ -317,7 +361,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 			cgroup, err := cgroups.Load(p.state.CgroupPath)
 			if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless {
 				if removalErr == nil {
-					removalErr = fmt.Errorf("error retrieving pod %s cgroup: %w", p.ID(), err)
+					removalErr = fmt.Errorf("retrieving pod %s cgroup: %w", p.ID(), err)
 				} else {
 					logrus.Errorf("Retrieving pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err)
 				}
@@ -325,7 +369,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 			if err == nil {
 				if err := cgroup.Delete(); err != nil {
 					if removalErr == nil {
-						removalErr = fmt.Errorf("error removing pod %s cgroup: %w", p.ID(), err)
+						removalErr = fmt.Errorf("removing pod %s cgroup: %w", p.ID(), err)
 					} else {
 						logrus.Errorf("Deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err)
 					}
@@ -362,7 +406,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 	// Deallocate the pod lock
 	if err := p.lock.Free(); err != nil {
 		if removalErr == nil {
-			removalErr = fmt.Errorf("error freeing pod %s lock: %w", p.ID(), err)
+			removalErr = fmt.Errorf("freeing pod %s lock: %w", p.ID(), err)
 		} else {
 			logrus.Errorf("Freeing pod %s lock: %v", p.ID(), err)
 		}
diff --git a/libpod/runtime_pod_unsupported.go b/libpod/runtime_pod_unsupported.go
new file mode 100644
index 000000000..0c7ff8655
--- /dev/null
+++ b/libpod/runtime_pod_unsupported.go
@@ -0,0 +1,30 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"context"
+	"errors"
+
+	"github.com/containers/podman/v4/pkg/specgen"
+)
+
+// NewPod makes a new, empty pod
+func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, options ...PodCreateOption) (_ *Pod, deferredErr error) {
+	return nil, errors.New("not implemented (*Runtime) NewPod")
+}
+
+// AddInfra adds the created infra container to the pod state
+func (r *Runtime) AddInfra(ctx context.Context, pod *Pod, infraCtr *Container) (*Pod, error) {
+	return nil, errors.New("not implemented (*Runtime) AddInfra")
+}
+
+// SavePod is a helper function to save the pod state from outside of libpod
+func (r *Runtime) SavePod(pod *Pod) error {
+	return errors.New("not implemented (*Runtime) SavePod")
+}
+
+func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, timeout *uint) error {
+	return errors.New("not implemented (*Runtime) removePod")
+}
diff --git a/libpod/runtime_renumber.go b/libpod/runtime_renumber.go
index 9149dd72f..ff70081d8 100644
--- a/libpod/runtime_renumber.go
+++ b/libpod/runtime_renumber.go
@@ -27,7 +27,7 @@ func (r *Runtime) renumberLocks() error {
 	for _, ctr := range allCtrs {
 		lock, err := r.lockManager.AllocateLock()
 		if err != nil {
-			return fmt.Errorf("error allocating lock for container %s: %w", ctr.ID(), err)
+			return fmt.Errorf("allocating lock for container %s: %w", ctr.ID(), err)
 		}
 
 		ctr.config.LockID = lock.ID()
@@ -44,7 +44,7 @@ func (r *Runtime) renumberLocks() error {
 	for _, pod := range allPods {
 		lock, err := r.lockManager.AllocateLock()
 		if err != nil {
-			return fmt.Errorf("error allocating lock for pod %s: %w", pod.ID(), err)
+			return fmt.Errorf("allocating lock for pod %s: %w", pod.ID(), err)
 		}
 
 		pod.config.LockID = lock.ID()
@@ -61,7 +61,7 @@ func (r *Runtime) renumberLocks() error {
 	for _, vol := range allVols {
 		lock, err := r.lockManager.AllocateLock()
 		if err != nil {
-			return fmt.Errorf("error allocating lock for volume %s: %w", vol.Name(), err)
+			return fmt.Errorf("allocating lock for volume %s: %w", vol.Name(), err)
 		}
 
 		vol.config.LockID = lock.ID()
diff --git a/libpod/runtime_test.go b/libpod/runtime_test.go
new file mode 100644
index 000000000..2e16c7fcd
--- /dev/null
+++ b/libpod/runtime_test.go
@@ -0,0 +1,28 @@
+package libpod
+
+import (
+	"math/rand"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_generateName(t *testing.T) {
+	state, path, _, err := getEmptyBoltState()
+	assert.NoError(t, err)
+	defer os.RemoveAll(path)
+	defer state.Close()
+
+	r := &Runtime{
+		state: state,
+	}
+
+	// Test that (*Runtime).generateName returns different names
+	// if called twice, even if the global RNG has the default
+	// seed.
+	n1, _ := r.generateName()
+	rand.Seed(1)
+	n2, _ := r.generateName()
+	assert.NotEqual(t, n1, n2)
+}
diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go
index 1f354e41b..08fdbf977 100644
--- a/libpod/runtime_volume_linux.go
+++ b/libpod/runtime_volume_linux.go
@@ -42,7 +42,7 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp
 	}
 
 	if volume.config.Name == "" {
-		volume.config.Name = stringid.GenerateNonCryptoID()
+		volume.config.Name = stringid.GenerateRandomID()
 	}
 	if volume.config.Driver == "" {
 		volume.config.Driver = define.VolumeDriverLocal
@@ -184,7 +184,7 @@ func (r *Runtime) UpdateVolumePlugins(ctx context.Context) *define.VolumeReload
 	)
 
 	for driverName, socket := range r.config.Engine.VolumePlugins {
-		driver, err := volplugin.GetVolumePlugin(driverName, socket, 0)
+		driver, err := volplugin.GetVolumePlugin(driverName, socket, nil, r.config)
 		if err != nil {
 			errs = append(errs, err)
 			continue
@@ -324,7 +324,7 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo
 
 			logrus.Debugf("Removing container %s (depends on volume %q)", ctr.ID(), v.Name())
 
-			if err := r.removeContainer(ctx, ctr, force, false, false, timeout); err != nil {
+			if err := r.removeContainer(ctx, ctr, force, false, false, false, timeout); err != nil {
 				return fmt.Errorf("removing container %s that depends on volume %s: %w", ctr.ID(), v.Name(), err)
 			}
 		}
diff --git a/libpod/runtime_volume_unsupported.go b/libpod/runtime_volume_unsupported.go
new file mode 100644
index 000000000..c2816b817
--- /dev/null
+++ b/libpod/runtime_volume_unsupported.go
@@ -0,0 +1,42 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"context"
+	"errors"
+
+	"github.com/containers/podman/v4/libpod/define"
+)
+
+// NewVolume creates a new empty volume
+func (r *Runtime) NewVolume(ctx context.Context, options ...VolumeCreateOption) (*Volume, error) {
+	if !r.valid {
+		return nil, define.ErrRuntimeStopped
+	}
+	return r.newVolume(false, options...)
+}
+
+// NewVolume creates a new empty volume
+func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOption) (*Volume, error) {
+	return nil, errors.New("not implemented (*Runtime) newVolume")
+}
+
+// UpdateVolumePlugins reads all volumes from all configured volume plugins and
+// imports them into the libpod db. It also checks if existing libpod volumes
+// are removed in the plugin, in this case we try to remove it from libpod.
+// On errors we continue and try to do as much as possible. all errors are
+// returned as array in the returned struct.
+// This function has many race conditions, it is best effort but cannot guarantee
+// a perfect state since plugins can be modified from the outside at any time.
+func (r *Runtime) UpdateVolumePlugins(ctx context.Context) *define.VolumeReload {
+	return nil
+}
+
+// removeVolume removes the specified volume from state as well tears down its mountpoint and storage.
+// ignoreVolumePlugin is used to only remove the volume from the db and not the plugin,
+// this is required when the volume was already removed from the plugin, i.e. in UpdateVolumePlugins().
+func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeout *uint, ignoreVolumePlugin bool) error {
+	return errors.New("not implemented (*Runtime) removeVolume")
+}
diff --git a/libpod/stats_common.go b/libpod/stats_common.go
new file mode 100644
index 000000000..122160bda
--- /dev/null
+++ b/libpod/stats_common.go
@@ -0,0 +1,49 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package libpod
+
+import (
+	"fmt"
+
+	"github.com/containers/podman/v4/libpod/define"
+)
+
+// GetContainerStats gets the running stats for a given container.
+// The previousStats is used to correctly calculate cpu percentages. You
+// should pass nil if there is no previous stat for this container.
+func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*define.ContainerStats, error) {
+	stats := new(define.ContainerStats)
+	stats.ContainerID = c.ID()
+	stats.Name = c.Name()
+
+	if c.config.NoCgroups {
+		return nil, fmt.Errorf("cannot run top on container %s as it did not create a cgroup: %w", c.ID(), define.ErrNoCgroups)
+	}
+
+	if !c.batched {
+		c.lock.Lock()
+		defer c.lock.Unlock()
+		if err := c.syncContainer(); err != nil {
+			return stats, err
+		}
+	}
+
+	// returns stats with the fields' default values respective of their type
+	if c.state.State != define.ContainerStateRunning && c.state.State != define.ContainerStatePaused {
+		return stats, nil
+	}
+
+	if previousStats == nil {
+		previousStats = &define.ContainerStats{
+			// if we have no prev stats use the container start time as prev time
+			// otherwise we cannot correctly calculate the CPU percentage
+			SystemNano: uint64(c.state.StartedTime.UnixNano()),
+		}
+	}
+
+	if err := c.getPlatformContainerStats(stats, previousStats); err != nil {
+		return nil, err
+	}
+	return stats, nil
+}
diff --git a/libpod/stats_freebsd.go b/libpod/stats_freebsd.go
new file mode 100644
index 000000000..53bc3f19a
--- /dev/null
+++ b/libpod/stats_freebsd.go
@@ -0,0 +1,153 @@
+package libpod
+
+import (
+	"fmt"
+	"math"
+	"strings"
+	"time"
+
+	"github.com/containers/common/pkg/cgroups"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/rctl"
+	"github.com/containers/storage/pkg/system"
+	"github.com/sirupsen/logrus"
+)
+
+// getPlatformContainerStats gets the platform-specific running stats
+// for a given container.  The previousStats is used to correctly
+// calculate cpu percentages. You should pass nil if there is no
+// previous stat for this container.
+func (c *Container) getPlatformContainerStats(stats *define.ContainerStats, previousStats *define.ContainerStats) error {
+	now := uint64(time.Now().UnixNano())
+
+	jailName := c.ID()
+	if c.state.NetNS != nil {
+		jailName = c.state.NetNS.Name + "." + jailName
+	}
+	entries, err := rctl.GetRacct("jail:" + jailName)
+	if err != nil {
+		return fmt.Errorf("unable to read accounting for %s: %w", jailName, err)
+	}
+
+	// If the current total usage is less than what was previously
+	// recorded then it means the container was restarted and runs
+	// in a new jail
+	if dur, ok := entries["wallclock"]; ok {
+		if previousStats.Duration > dur*1000000000 {
+			previousStats = &define.ContainerStats{}
+		}
+	}
+
+	for key, val := range entries {
+		switch key {
+		case "cputime": // CPU time, in seconds
+			stats.CPUNano = val * 1000000000
+			stats.AvgCPU = calculateCPUPercent(stats.CPUNano, 0, now, uint64(c.state.StartedTime.UnixNano()))
+		case "datasize": // data size, in bytes
+		case "stacksize": // stack size, in bytes
+		case "coredumpsize": // core dump size, in bytes
+		case "memoryuse": // resident set size, in bytes
+			stats.MemUsage = val
+		case "memorylocked": // locked memory, in bytes
+		case "maxproc": // number of processes
+			stats.PIDs = val
+		case "openfiles": // file descriptor table size
+		case "vmemoryuse": // address space limit, in bytes
+		case "pseudoterminals": // number of PTYs
+		case "swapuse": // swap space that may be reserved or used, in bytes
+		case "nthr": // number of threads
+		case "msgqqueued": // number of queued SysV messages
+		case "msgqsize": // SysV message queue size, in bytes
+		case "nmsgq": // number of SysV message queues
+		case "nsem": // number of SysV semaphores
+		case "nsemop": // number of SysV semaphores modified in a single semop(2) call
+		case "nshm": // number of SysV shared memory segments
+		case "shmsize": // SysV shared memory size, in bytes
+		case "wallclock": // wallclock time, in seconds
+			stats.Duration = val * 1000000000
+			stats.UpTime = time.Duration(stats.Duration)
+		case "pcpu": // %CPU, in percents of a single CPU core
+			stats.CPU = float64(val)
+		case "readbps": // filesystem reads, in bytes per second
+			stats.BlockInput = val
+		case "writebps": // filesystem writes, in bytes per second
+			stats.BlockOutput = val
+		case "readiops": // filesystem reads, in operations per second
+		case "writeiops": // filesystem writes, in operations per second
+		}
+	}
+	stats.MemLimit = c.getMemLimit()
+	stats.SystemNano = now
+
+	netStats, err := getContainerNetIO(c)
+	if err != nil {
+		return err
+	}
+
+	// Handle case where the container is not in a network namespace
+	if netStats != nil {
+		stats.NetInput = netStats.TxBytes
+		stats.NetOutput = netStats.RxBytes
+	} else {
+		stats.NetInput = 0
+		stats.NetOutput = 0
+	}
+
+	return nil
+}
+
+// getMemory limit returns the memory limit for a container
+func (c *Container) getMemLimit() uint64 {
+	memLimit := uint64(math.MaxUint64)
+
+	if c.config.Spec.Linux != nil && c.config.Spec.Linux.Resources != nil &&
+		c.config.Spec.Linux.Resources.Memory != nil && c.config.Spec.Linux.Resources.Memory.Limit != nil {
+		memLimit = uint64(*c.config.Spec.Linux.Resources.Memory.Limit)
+	}
+
+	mi, err := system.ReadMemInfo()
+	if err != nil {
+		logrus.Errorf("ReadMemInfo error: %v", err)
+		return 0
+	}
+
+	//nolint:unconvert
+	physicalLimit := uint64(mi.MemTotal)
+
+	if memLimit <= 0 || memLimit > physicalLimit {
+		return physicalLimit
+	}
+
+	return memLimit
+}
+
+// calculateCPUPercent calculates the cpu usage using the latest measurement in stats.
+// previousCPU is the last value of stats.CPU.Usage.Total measured at the time previousSystem.
+//
+//	(now - previousSystem) is the time delta in nanoseconds, between the measurement in previousCPU
+//
+// and the updated value in stats.
+func calculateCPUPercent(currentCPU, previousCPU, now, previousSystem uint64) float64 {
+	var (
+		cpuPercent  = 0.0
+		cpuDelta    = float64(currentCPU - previousCPU)
+		systemDelta = float64(now - previousSystem)
+	)
+	if systemDelta > 0.0 && cpuDelta > 0.0 {
+		// gets a ratio of container cpu usage total, and multiplies that by 100 to get a percentage
+		cpuPercent = (cpuDelta / systemDelta) * 100
+	}
+	return cpuPercent
+}
+
+func calculateBlockIO(stats *cgroups.Metrics) (read uint64, write uint64) {
+	for _, blkIOEntry := range stats.Blkio.IoServiceBytesRecursive {
+		switch strings.ToLower(blkIOEntry.Op) {
+		case "read":
+			read += blkIOEntry.Value
+		case "write":
+			write += blkIOEntry.Value
+		}
+	}
+	return
+}
diff --git a/libpod/stats.go b/libpod/stats_linux.go
index c7e9e5128..ad8f33c91 100644
--- a/libpod/stats.go
+++ b/libpod/stats_linux.go
@@ -16,57 +16,33 @@ import (
 	"github.com/containers/podman/v4/libpod/define"
 )
 
-// GetContainerStats gets the running stats for a given container.
-// The previousStats is used to correctly calculate cpu percentages. You
-// should pass nil if there is no previous stat for this container.
-func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*define.ContainerStats, error) {
-	stats := new(define.ContainerStats)
-	stats.ContainerID = c.ID()
-	stats.Name = c.Name()
-
+// getPlatformContainerStats gets the platform-specific running stats
+// for a given container.  The previousStats is used to correctly
+// calculate cpu percentages. You should pass nil if there is no
+// previous stat for this container.
+func (c *Container) getPlatformContainerStats(stats *define.ContainerStats, previousStats *define.ContainerStats) error {
 	if c.config.NoCgroups {
-		return nil, fmt.Errorf("cannot run top on container %s as it did not create a cgroup: %w", c.ID(), define.ErrNoCgroups)
-	}
-
-	if !c.batched {
-		c.lock.Lock()
-		defer c.lock.Unlock()
-		if err := c.syncContainer(); err != nil {
-			return stats, err
-		}
-	}
-
-	// returns stats with the fields' default values respective of their type
-	if c.state.State != define.ContainerStateRunning && c.state.State != define.ContainerStatePaused {
-		return stats, nil
-	}
-
-	if previousStats == nil {
-		previousStats = &define.ContainerStats{
-			// if we have no prev stats use the container start time as prev time
-			// otherwise we cannot correctly calculate the CPU percentage
-			SystemNano: uint64(c.state.StartedTime.UnixNano()),
-		}
+		return fmt.Errorf("cannot run top on container %s as it did not create a cgroup: %w", c.ID(), define.ErrNoCgroups)
 	}
 
 	cgroupPath, err := c.cGroupPath()
 	if err != nil {
-		return nil, err
+		return err
 	}
 	cgroup, err := cgroups.Load(cgroupPath)
 	if err != nil {
-		return stats, fmt.Errorf("unable to load cgroup at %s: %w", cgroupPath, err)
+		return fmt.Errorf("unable to load cgroup at %s: %w", cgroupPath, err)
 	}
 
 	// Ubuntu does not have swap memory in cgroups because swap is often not enabled.
 	cgroupStats, err := cgroup.Stat()
 	if err != nil {
-		return stats, fmt.Errorf("unable to obtain cgroup stats: %w", err)
+		return fmt.Errorf("unable to obtain cgroup stats: %w", err)
 	}
 	conState := c.state.State
 	netStats, err := getContainerNetIO(c)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	// If the current total usage in the cgroup is less than what was previously
@@ -103,7 +79,7 @@ func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*de
 		stats.NetOutput = 0
 	}
 
-	return stats, nil
+	return nil
 }
 
 // getMemory limit returns the memory limit for a container
@@ -133,7 +109,9 @@ func (c *Container) getMemLimit() uint64 {
 
 // calculateCPUPercent calculates the cpu usage using the latest measurement in stats.
 // previousCPU is the last value of stats.CPU.Usage.Total measured at the time previousSystem.
-//  (now - previousSystem) is the time delta in nanoseconds, between the measurement in previousCPU
+//
+//	(now - previousSystem) is the time delta in nanoseconds, between the measurement in previousCPU
+//
 // and the updated value in stats.
 func calculateCPUPercent(stats *runccgroup.Stats, previousCPU, now, previousSystem uint64) float64 {
 	var (
diff --git a/libpod/stats_unsupported.go b/libpod/stats_unsupported.go
new file mode 100644
index 000000000..3094e2eaa
--- /dev/null
+++ b/libpod/stats_unsupported.go
@@ -0,0 +1,17 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package libpod
+
+import (
+	"errors"
+
+	"github.com/containers/podman/v4/libpod/define"
+)
+
+// GetContainerStats gets the running stats for a given container.
+// The previousStats is used to correctly calculate cpu percentages. You
+// should pass nil if there is no previous stat for this container.
+func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*define.ContainerStats, error) {
+	return nil, errors.New("not implemented (*Container) GetContainerStats")
+}
diff --git a/libpod/util.go b/libpod/util.go
index a6e6a4f3e..c5a2b81bd 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -231,7 +231,7 @@ func DefaultSeccompPath() (string, error) {
 func checkDependencyContainer(depCtr, ctr *Container) error {
 	state, err := depCtr.State()
 	if err != nil {
-		return fmt.Errorf("error accessing dependency container %s state: %w", depCtr.ID(), err)
+		return fmt.Errorf("accessing dependency container %s state: %w", depCtr.ID(), err)
 	}
 	if state == define.ContainerStateRemoving {
 		return fmt.Errorf("cannot use container %s as a dependency as it is being removed: %w", depCtr.ID(), define.ErrCtrStateInvalid)
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index 7c79e6ce4..efc11710f 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -29,7 +29,7 @@ func systemdSliceFromPath(parent, name string, resources *spec.LinuxResources) (
 	logrus.Debugf("Created cgroup path %s for parent %s and name %s", cgroupPath, parent, name)
 
 	if err := makeSystemdCgroup(cgroupPath, resources); err != nil {
-		return "", fmt.Errorf("error creating cgroup %s: %w", cgroupPath, err)
+		return "", fmt.Errorf("creating cgroup %s: %w", cgroupPath, err)
 	}
 
 	logrus.Debugf("Created cgroup %s", cgroupPath)
@@ -112,17 +112,17 @@ var lvpReleaseLabel = label.ReleaseLabel
 func LabelVolumePath(path string) error {
 	_, mountLabel, err := lvpInitLabels([]string{})
 	if err != nil {
-		return fmt.Errorf("error getting default mountlabels: %w", err)
+		return fmt.Errorf("getting default mountlabels: %w", err)
 	}
 	if err := lvpReleaseLabel(mountLabel); err != nil {
-		return fmt.Errorf("error releasing label %q: %w", mountLabel, err)
+		return fmt.Errorf("releasing label %q: %w", mountLabel, err)
 	}
 
 	if err := lvpRelabel(path, mountLabel, true); err != nil {
 		if err == syscall.ENOTSUP {
 			logrus.Debugf("Labeling not supported on %q", path)
 		} else {
-			return fmt.Errorf("error setting selinux label for %s to %q as shared: %w", path, mountLabel, err)
+			return fmt.Errorf("setting selinux label for %s to %q as shared: %w", path, mountLabel, err)
 		}
 	}
 	return nil
diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go
new file mode 100644
index 000000000..d2ec3ae7b
--- /dev/null
+++ b/libpod/util_unsupported.go
@@ -0,0 +1,27 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"errors"
+
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// systemdSliceFromPath makes a new systemd slice under the given parent with
+// the given name.
+// The parent must be a slice. The name must NOT include ".slice"
+func systemdSliceFromPath(parent, name string, resources *spec.LinuxResources) (string, error) {
+	return "", errors.New("not implemented systemdSliceFromPath")
+}
+
+// Unmount umounts a target directory
+func Unmount(mount string) {
+}
+
+// LabelVolumePath takes a mount path for a volume and gives it an
+// selinux label of either shared or not
+func LabelVolumePath(path string) error {
+	return errors.New("not implemented LabelVolumePath")
+}
diff --git a/libpod/volume.go b/libpod/volume.go
index 2e8cd77a5..a054e4032 100644
--- a/libpod/volume.go
+++ b/libpod/volume.go
@@ -56,7 +56,7 @@ type VolumeConfig struct {
 	// quota tracking.
 	DisableQuota bool `json:"disableQuota,omitempty"`
 	// Timeout allows users to override the default driver timeout of 5 seconds
-	Timeout int
+	Timeout *uint `json:"timeout,omitempty"`
 }
 
 // VolumeState holds the volume's mutable state.
diff --git a/libpod/volume_inspect.go b/libpod/volume_inspect.go
index dd2f3fd01..73441576b 100644
--- a/libpod/volume_inspect.go
+++ b/libpod/volume_inspect.go
@@ -39,7 +39,7 @@ func (v *Volume) Inspect() (*define.InspectVolumeData, error) {
 		req.Name = v.Name()
 		resp, err := v.plugin.GetVolume(req)
 		if err != nil {
-			return nil, fmt.Errorf("error retrieving volume %s information from plugin %s: %w", v.Name(), v.Driver(), err)
+			return nil, fmt.Errorf("retrieving volume %s information from plugin %s: %w", v.Name(), v.Driver(), err)
 		}
 		if resp != nil {
 			data.Status = resp.Status
@@ -64,7 +64,12 @@ func (v *Volume) Inspect() (*define.InspectVolumeData, error) {
 	data.MountCount = v.state.MountCount
 	data.NeedsCopyUp = v.state.NeedsCopyUp
 	data.NeedsChown = v.state.NeedsChown
-	data.Timeout = v.config.Timeout
+
+	if v.config.Timeout != nil {
+		data.Timeout = *v.config.Timeout
+	} else if v.UsesVolumeDriver() {
+		data.Timeout = v.runtime.config.Engine.VolumePluginTimeout
+	}
 
 	return data, nil
 }
diff --git a/libpod/volume_internal_unsupported.go b/libpod/volume_internal_unsupported.go
new file mode 100644
index 000000000..50515e692
--- /dev/null
+++ b/libpod/volume_internal_unsupported.go
@@ -0,0 +1,32 @@
+//go:build !linux
+// +build !linux
+
+package libpod
+
+import (
+	"errors"
+)
+
+// mount mounts the volume if necessary.
+// A mount is necessary if a volume has any options set.
+// If a mount is necessary, v.state.MountCount will be incremented.
+// If it was 0 when the increment occurred, the volume will be mounted on the
+// host. Otherwise, we assume it is already mounted.
+// Must be done while the volume is locked.
+// Is a no-op on volumes that do not require a mount (as defined by
+// volumeNeedsMount()).
+func (v *Volume) mount() error {
+	return errors.New("not implemented (*Volume) mount")
+}
+
+// unmount unmounts the volume if necessary.
+// Unmounting a volume that is not mounted is a no-op.
+// Unmounting a volume that does not require a mount is a no-op.
+// The volume must be locked for this to occur.
+// The mount counter will be decremented if non-zero. If the counter reaches 0,
+// the volume will really be unmounted, as no further containers are using the
+// volume.
+// If force is set, the volume will be unmounted regardless of mount counter.
+func (v *Volume) unmount(force bool) error {
+	return errors.New("not implemented (*Volume) unmount")
+}
diff --git a/pkg/api/handlers/compat/auth.go b/pkg/api/handlers/compat/auth.go
index 37d2b784d..ee478b9e3 100644
--- a/pkg/api/handlers/compat/auth.go
+++ b/pkg/api/handlers/compat/auth.go
@@ -1,7 +1,6 @@
 package compat
 
 import (
-	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -44,7 +43,7 @@ func Auth(w http.ResponseWriter, r *http.Request) {
 
 	fmt.Println("Authenticating with existing credentials...")
 	registry := stripAddressOfScheme(authConfig.ServerAddress)
-	if err := DockerClient.CheckAuth(context.Background(), sysCtx, authConfig.Username, authConfig.Password, registry); err == nil {
+	if err := DockerClient.CheckAuth(r.Context(), sysCtx, authConfig.Username, authConfig.Password, registry); err == nil {
 		utils.WriteResponse(w, http.StatusOK, entities.AuthReport{
 			IdentityToken: "",
 			Status:        "Login Succeeded",
diff --git a/pkg/api/handlers/compat/containers.go b/pkg/api/handlers/compat/containers.go
index ae063dc9f..61d6fc86d 100644
--- a/pkg/api/handlers/compat/containers.go
+++ b/pkg/api/handlers/compat/containers.go
@@ -407,7 +407,7 @@ func convertSecondaryIPPrefixLen(input *define.InspectNetworkSettings, output *t
 }
 
 func LibpodToContainerJSON(l *libpod.Container, sz bool) (*types.ContainerJSON, error) {
-	_, imageName := l.Image()
+	imageID, imageName := l.Image()
 	inspect, err := l.Inspect(sz)
 	if err != nil {
 		return nil, err
@@ -467,6 +467,7 @@ func LibpodToContainerJSON(l *libpod.Container, sz bool) (*types.ContainerJSON,
 	if err := json.Unmarshal(h, &hc); err != nil {
 		return nil, err
 	}
+	sort.Strings(hc.Binds)
 
 	// k8s-file == json-file
 	if hc.LogConfig.Type == define.KubernetesLogging {
@@ -487,7 +488,7 @@ func LibpodToContainerJSON(l *libpod.Container, sz bool) (*types.ContainerJSON,
 		Path:            inspect.Path,
 		Args:            inspect.Args,
 		State:           &state,
-		Image:           imageName,
+		Image:           "sha256:" + imageID,
 		ResolvConfPath:  inspect.ResolvConfPath,
 		HostnamePath:    inspect.HostnamePath,
 		HostsPath:       inspect.HostsPath,
diff --git a/pkg/api/handlers/compat/containers_attach.go b/pkg/api/handlers/compat/containers_attach.go
index e804e628a..c37dc09af 100644
--- a/pkg/api/handlers/compat/containers_attach.go
+++ b/pkg/api/handlers/compat/containers_attach.go
@@ -86,7 +86,7 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
 	// For Docker compatibility, we need to re-initialize containers in these states.
 	if state == define.ContainerStateConfigured || state == define.ContainerStateExited || state == define.ContainerStateStopped {
 		if err := ctr.Init(r.Context(), ctr.PodID() != ""); err != nil {
-			utils.Error(w, http.StatusConflict, fmt.Errorf("error preparing container %s for attach: %w", ctr.ID(), err))
+			utils.Error(w, http.StatusConflict, fmt.Errorf("preparing container %s for attach: %w", ctr.ID(), err))
 			return
 		}
 	} else if !(state == define.ContainerStateCreated || state == define.ContainerStateRunning) {
diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 9fff8b4c8..a86b0b0d5 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -64,7 +64,7 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 
 	imageName, err := utils.NormalizeToDockerHub(r, body.Config.Image)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 	body.Config.Image = imageName
@@ -76,7 +76,7 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error looking up image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("looking up image: %w", err))
 		return
 	}
 
@@ -408,6 +408,7 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
 		Systemd:           "true", // podman default
 		TmpFS:             parsedTmp,
 		TTY:               cc.Config.Tty,
+		EnvMerge:          cc.EnvMerge,
 		UnsetEnv:          cc.UnsetEnv,
 		UnsetEnvAll:       cc.UnsetEnvAll,
 		User:              cc.Config.User,
@@ -479,7 +480,7 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
 		}
 		if err := os.MkdirAll(vol, 0o755); err != nil {
 			if !os.IsExist(err) {
-				return nil, nil, fmt.Errorf("error making volume mountpoint for volume %s: %w", vol, err)
+				return nil, nil, fmt.Errorf("making volume mountpoint for volume %s: %w", vol, err)
 			}
 		}
 	}
diff --git a/pkg/api/handlers/compat/containers_stats.go b/pkg/api/handlers/compat/containers_stats.go
index c115b4181..519661675 100644
--- a/pkg/api/handlers/compat/containers_stats.go
+++ b/pkg/api/handlers/compat/containers_stats.go
@@ -11,6 +11,7 @@ import (
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/api/handlers/utils"
 	api "github.com/containers/podman/v4/pkg/api/types"
+	"github.com/containers/storage/pkg/system"
 	docker "github.com/docker/docker/api/types"
 	"github.com/gorilla/schema"
 	runccgroups "github.com/opencontainers/runc/libcontainer/cgroups"
@@ -139,6 +140,16 @@ streamLabel: // A label to flatten the scope
 			memoryLimit = uint64(*cfg.Spec.Linux.Resources.Memory.Limit)
 		}
 
+		memInfo, err := system.ReadMemInfo()
+		if err != nil {
+			logrus.Errorf("Unable to get cgroup stats: %v", err)
+			return
+		}
+		// cap the memory limit to the available memory.
+		if memInfo.MemTotal > 0 && memoryLimit > uint64(memInfo.MemTotal) {
+			memoryLimit = uint64(memInfo.MemTotal)
+		}
+
 		systemUsage, _ := cgroups.GetSystemCPUUsage()
 		s := StatsJSON{
 			Stats: Stats{
@@ -177,7 +188,7 @@ streamLabel: // A label to flatten the scope
 				PreCPUStats: preCPUStats,
 				MemoryStats: docker.MemoryStats{
 					Usage:             cgroupStat.MemoryStats.Usage.Usage,
-					MaxUsage:          cgroupStat.MemoryStats.Usage.Limit,
+					MaxUsage:          cgroupStat.MemoryStats.Usage.MaxUsage,
 					Stats:             nil,
 					Failcnt:           0,
 					Limit:             memoryLimit,
diff --git a/pkg/api/handlers/compat/events.go b/pkg/api/handlers/compat/events.go
index 18fb35966..105404a0d 100644
--- a/pkg/api/handlers/compat/events.go
+++ b/pkg/api/handlers/compat/events.go
@@ -89,6 +89,12 @@ func GetEvents(w http.ResponseWriter, r *http.Request) {
 			}
 
 			e := entities.ConvertToEntitiesEvent(*evt)
+			// Some events differ between Libpod and Docker endpoints.
+			// Handle these differences for Docker-compat.
+			if !utils.IsLibpodRequest(r) && e.Type == "image" && e.Status == "remove" {
+				e.Status = "delete"
+				e.Action = "delete"
+			}
 			if !utils.IsLibpodRequest(r) && e.Status == "died" {
 				e.Status = "die"
 				e.Action = "die"
diff --git a/pkg/api/handlers/compat/exec.go b/pkg/api/handlers/compat/exec.go
index 1b4dead8b..17f199a8b 100644
--- a/pkg/api/handlers/compat/exec.go
+++ b/pkg/api/handlers/compat/exec.go
@@ -26,7 +26,7 @@ func ExecCreateHandler(w http.ResponseWriter, r *http.Request) {
 
 	input := new(handlers.ExecCreateConfig)
 	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
-		utils.InternalServerError(w, fmt.Errorf("error decoding request body as JSON: %w", err))
+		utils.InternalServerError(w, fmt.Errorf("decoding request body as JSON: %w", err))
 		return
 	}
 
@@ -114,7 +114,7 @@ func ExecInspectHandler(w http.ResponseWriter, r *http.Request) {
 
 	session, err := sessionCtr.ExecSession(sessionID)
 	if err != nil {
-		utils.InternalServerError(w, fmt.Errorf("error retrieving exec session %s from container %s: %w", sessionID, sessionCtr.ID(), err))
+		utils.InternalServerError(w, fmt.Errorf("retrieving exec session %s from container %s: %w", sessionID, sessionCtr.ID(), err))
 		return
 	}
 
@@ -174,7 +174,7 @@ func ExecStartHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	logErr := func(e error) {
-		logrus.Error(fmt.Errorf("error attaching to container %s exec session %s: %w", sessionCtr.ID(), sessionID, e))
+		logrus.Error(fmt.Errorf("attaching to container %s exec session %s: %w", sessionCtr.ID(), sessionID, e))
 	}
 
 	var size *resize.TerminalSize
diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go
index 39bd165d6..0493c6ffb 100644
--- a/pkg/api/handlers/compat/images.go
+++ b/pkg/api/handlers/compat/images.go
@@ -59,7 +59,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) {
 	name := utils.GetName(r)
 	possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, name)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 
@@ -155,7 +155,7 @@ func CommitContainer(w http.ResponseWriter, r *http.Request) {
 		destImage = fmt.Sprintf("%s:%s", query.Repo, query.Tag)
 		possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, destImage)
 		if err != nil {
-			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 			return
 		}
 		destImage = possiblyNormalizedName
@@ -209,7 +209,7 @@ func CreateImageFromSrc(w http.ResponseWriter, r *http.Request) {
 	if query.Repo != "" {
 		possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, reference)
 		if err != nil {
-			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 			return
 		}
 		reference = possiblyNormalizedName
@@ -272,7 +272,7 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) {
 
 	possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, mergeNameAndTagOrDigest(query.FromImage, query.Tag))
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 
@@ -390,7 +390,7 @@ func GetImage(w http.ResponseWriter, r *http.Request) {
 	name := utils.GetName(r)
 	possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, name)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 
@@ -541,7 +541,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) {
 	for i, img := range query.Names {
 		possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, img)
 		if err != nil {
-			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 			return
 		}
 		images[i] = possiblyNormalizedName
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 15cfc824e..4035b4315 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -17,6 +17,7 @@ import (
 	"github.com/containers/buildah"
 	buildahDefine "github.com/containers/buildah/define"
 	"github.com/containers/buildah/pkg/parse"
+	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/pkg/api/handlers/utils"
@@ -78,6 +79,8 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		AppArmor                string   `schema:"apparmor"`
 		BuildArgs               string   `schema:"buildargs"`
 		CacheFrom               string   `schema:"cachefrom"`
+		CacheTo                 string   `schema:"cacheto"`
+		CacheTTL                string   `schema:"cachettl"`
 		CgroupParent            string   `schema:"cgroupparent"`
 		Compression             uint64   `schema:"compression"`
 		ConfigureNetwork        string   `schema:"networkmode"`
@@ -98,6 +101,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		ForceRm                 bool     `schema:"forcerm"`
 		From                    string   `schema:"from"`
 		HTTPProxy               bool     `schema:"httpproxy"`
+		IDMappingOptions        string   `schema:"idmappingoptions"`
 		IdentityLabel           bool     `schema:"identitylabel"`
 		Ignore                  bool     `schema:"ignore"`
 		Isolation               string   `schema:"isolation"`
@@ -339,7 +343,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 	if len(tags) > 0 {
 		possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, tags[0])
 		if err != nil {
-			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 			return
 		}
 		output = possiblyNormalizedName
@@ -372,7 +376,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 	for i := 1; i < len(tags); i++ {
 		possiblyNormalizedTag, err := utils.NormalizeToDockerHub(r, tags[i])
 		if err != nil {
-			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 			return
 		}
 		additionalTags = append(additionalTags, possiblyNormalizedTag)
@@ -386,6 +390,39 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	var idMappingOptions buildahDefine.IDMappingOptions
+	if _, found := r.URL.Query()["idmappingoptions"]; found {
+		if err := json.Unmarshal([]byte(query.IDMappingOptions), &idMappingOptions); err != nil {
+			utils.BadRequest(w, "idmappingoptions", query.IDMappingOptions, err)
+			return
+		}
+	}
+
+	var cacheFrom reference.Named
+	if _, found := r.URL.Query()["cachefrom"]; found {
+		cacheFrom, err = parse.RepoNameToNamedReference(query.CacheFrom)
+		if err != nil {
+			utils.BadRequest(w, "cacheFrom", query.CacheFrom, err)
+			return
+		}
+	}
+	var cacheTo reference.Named
+	if _, found := r.URL.Query()["cacheto"]; found {
+		cacheTo, err = parse.RepoNameToNamedReference(query.CacheTo)
+		if err != nil {
+			utils.BadRequest(w, "cacheto", query.CacheTo, err)
+			return
+		}
+	}
+	var cacheTTL time.Duration
+	if _, found := r.URL.Query()["cachettl"]; found {
+		cacheTTL, err = time.ParseDuration(query.CacheTTL)
+		if err != nil {
+			utils.BadRequest(w, "cachettl", query.CacheTTL, err)
+			return
+		}
+	}
+
 	var buildArgs = map[string]string{}
 	if _, found := r.URL.Query()["buildargs"]; found {
 		if err := json.Unmarshal([]byte(query.BuildArgs), &buildArgs); err != nil {
@@ -541,7 +578,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 	if fromImage != "" {
 		possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, fromImage)
 		if err != nil {
-			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 			return
 		}
 		fromImage = possiblyNormalizedName
@@ -578,6 +615,9 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		AdditionalTags:          additionalTags,
 		Annotations:             annotations,
 		CPPFlags:                cppflags,
+		CacheFrom:               cacheFrom,
+		CacheTo:                 cacheTo,
+		CacheTTL:                cacheTTL,
 		Args:                    buildArgs,
 		AllPlatforms:            query.AllPlatforms,
 		CommonBuildOpts: &buildah.CommonBuildOptions{
@@ -613,6 +653,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		Excludes:                       excludes,
 		ForceRmIntermediateCtrs:        query.ForceRm,
 		From:                           fromImage,
+		IDMappingOptions:               &idMappingOptions,
 		IgnoreUnrecognizedInstructions: query.Ignore,
 		Isolation:                      isolation,
 		Jobs:                           &jobs,
@@ -663,7 +704,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		success bool
 	)
 
-	runCtx, cancel := context.WithCancel(context.Background())
+	runCtx, cancel := context.WithCancel(r.Context())
 	go func() {
 		defer cancel()
 		imageID, _, err = runtime.Build(r.Context(), buildOptions, containerFiles...)
diff --git a/pkg/api/handlers/compat/images_history.go b/pkg/api/handlers/compat/images_history.go
index ebb5acdd9..1b83d274a 100644
--- a/pkg/api/handlers/compat/images_history.go
+++ b/pkg/api/handlers/compat/images_history.go
@@ -16,7 +16,7 @@ func HistoryImage(w http.ResponseWriter, r *http.Request) {
 
 	possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, name)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 
diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go
index f29808124..a1173de0b 100644
--- a/pkg/api/handlers/compat/images_push.go
+++ b/pkg/api/handlers/compat/images_push.go
@@ -69,7 +69,7 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
 
 	possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, imageName)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 	imageName = possiblyNormalizedName
diff --git a/pkg/api/handlers/compat/images_remove.go b/pkg/api/handlers/compat/images_remove.go
index b59bfd0b1..71d6a644f 100644
--- a/pkg/api/handlers/compat/images_remove.go
+++ b/pkg/api/handlers/compat/images_remove.go
@@ -37,7 +37,7 @@ func RemoveImage(w http.ResponseWriter, r *http.Request) {
 	name := utils.GetName(r)
 	possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, name)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 
diff --git a/pkg/api/handlers/compat/images_tag.go b/pkg/api/handlers/compat/images_tag.go
index a1da7a4b9..e9f6dedd0 100644
--- a/pkg/api/handlers/compat/images_tag.go
+++ b/pkg/api/handlers/compat/images_tag.go
@@ -17,7 +17,7 @@ func TagImage(w http.ResponseWriter, r *http.Request) {
 	name := utils.GetName(r)
 	possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, name)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 
@@ -42,7 +42,7 @@ func TagImage(w http.ResponseWriter, r *http.Request) {
 
 	possiblyNormalizedTag, err := utils.NormalizeToDockerHub(r, tagName)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error normalizing image: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("normalizing image: %w", err))
 		return
 	}
 
diff --git a/pkg/api/handlers/compat/info.go b/pkg/api/handlers/compat/info.go
index d82513284..60bbd40fe 100644
--- a/pkg/api/handlers/compat/info.go
+++ b/pkg/api/handlers/compat/info.go
@@ -2,7 +2,6 @@ package compat
 
 import (
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
 	goRuntime "runtime"
@@ -198,7 +197,7 @@ func getRuntimes(configInfo *config.Config) map[string]docker.Runtime {
 
 func getFdCount() (count int) {
 	count = -1
-	if entries, err := ioutil.ReadDir("/proc/self/fd"); err == nil {
+	if entries, err := os.ReadDir("/proc/self/fd"); err == nil {
 		count = len(entries)
 	}
 	return
diff --git a/pkg/api/handlers/compat/system.go b/pkg/api/handlers/compat/system.go
index 97bc9eac2..23f116d16 100644
--- a/pkg/api/handlers/compat/system.go
+++ b/pkg/api/handlers/compat/system.go
@@ -76,7 +76,7 @@ func GetDiskUsage(w http.ResponseWriter, r *http.Request) {
 			Scope:      "local",
 			Status:     nil,
 			UsageData: &docker.VolumeUsageData{
-				RefCount: 1,
+				RefCount: int64(o.Links),
 				Size:     o.Size,
 			},
 		}
diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go
index 5d85d4009..a76e3d988 100644
--- a/pkg/api/handlers/libpod/containers.go
+++ b/pkg/api/handlers/libpod/containers.go
@@ -1,6 +1,7 @@
 package libpod
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -10,6 +11,7 @@ import (
 
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/api/handlers"
 	"github.com/containers/podman/v4/pkg/api/handlers/compat"
 	"github.com/containers/podman/v4/pkg/api/handlers/utils"
 	api "github.com/containers/podman/v4/pkg/api/types"
@@ -17,6 +19,7 @@ import (
 	"github.com/containers/podman/v4/pkg/domain/infra/abi"
 	"github.com/containers/podman/v4/pkg/util"
 	"github.com/gorilla/schema"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
 
@@ -263,16 +266,16 @@ func Checkpoint(w http.ResponseWriter, r *http.Request) {
 		utils.InternalServerError(w, err)
 		return
 	}
+	if len(reports) != 1 {
+		utils.InternalServerError(w, fmt.Errorf("expected 1 restore report but got %d", len(reports)))
+		return
+	}
+	if reports[0].Err != nil {
+		utils.InternalServerError(w, reports[0].Err)
+		return
+	}
 
 	if !query.Export {
-		if len(reports) != 1 {
-			utils.InternalServerError(w, fmt.Errorf("expected 1 restore report but got %d", len(reports)))
-			return
-		}
-		if reports[0].Err != nil {
-			utils.InternalServerError(w, reports[0].Err)
-			return
-		}
 		utils.WriteResponse(w, http.StatusOK, reports[0])
 		return
 	}
@@ -391,6 +394,28 @@ func InitContainer(w http.ResponseWriter, r *http.Request) {
 	utils.WriteResponse(w, http.StatusNoContent, "")
 }
 
+func UpdateContainer(w http.ResponseWriter, r *http.Request) {
+	name := utils.GetName(r)
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	ctr, err := runtime.LookupContainer(name)
+	if err != nil {
+		utils.ContainerNotFound(w, name, err)
+		return
+	}
+
+	options := &handlers.UpdateEntities{Resources: &specs.LinuxResources{}}
+	if err := json.NewDecoder(r.Body).Decode(&options.Resources); err != nil {
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("decode(): %w", err))
+		return
+	}
+	err = ctr.Update(options.Resources)
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusCreated, ctr.ID())
+}
+
 func ShouldRestart(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
 	// Now use the ABI implementation to prevent us from having duplicate
diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go
index 1307c267a..429f45f91 100644
--- a/pkg/api/handlers/libpod/containers_create.go
+++ b/pkg/api/handlers/libpod/containers_create.go
@@ -1,7 +1,6 @@
 package libpod
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -63,12 +62,12 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 		utils.InternalServerError(w, err)
 		return
 	}
-	rtSpec, spec, opts, err := generate.MakeContainer(context.Background(), runtime, &sg, false, nil)
+	rtSpec, spec, opts, err := generate.MakeContainer(r.Context(), runtime, &sg, false, nil)
 	if err != nil {
 		utils.InternalServerError(w, err)
 		return
 	}
-	ctr, err := generate.ExecuteCreate(context.Background(), runtime, rtSpec, spec, false, opts...)
+	ctr, err := generate.ExecuteCreate(r.Context(), runtime, rtSpec, spec, false, opts...)
 	if err != nil {
 		utils.InternalServerError(w, err)
 		return
diff --git a/pkg/api/handlers/libpod/generate.go b/pkg/api/handlers/libpod/generate.go
index 48c4c59e1..9b38829ad 100644
--- a/pkg/api/handlers/libpod/generate.go
+++ b/pkg/api/handlers/libpod/generate.go
@@ -17,20 +17,21 @@ func GenerateSystemd(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
 	decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
 	query := struct {
-		Name             bool     `schema:"useName"`
-		New              bool     `schema:"new"`
-		NoHeader         bool     `schema:"noHeader"`
-		TemplateUnitFile bool     `schema:"templateUnitFile"`
-		RestartPolicy    *string  `schema:"restartPolicy"`
-		RestartSec       uint     `schema:"restartSec"`
-		StopTimeout      uint     `schema:"stopTimeout"`
-		StartTimeout     uint     `schema:"startTimeout"`
-		ContainerPrefix  *string  `schema:"containerPrefix"`
-		PodPrefix        *string  `schema:"podPrefix"`
-		Separator        *string  `schema:"separator"`
-		Wants            []string `schema:"wants"`
-		After            []string `schema:"after"`
-		Requires         []string `schema:"requires"`
+		Name                   bool     `schema:"useName"`
+		New                    bool     `schema:"new"`
+		NoHeader               bool     `schema:"noHeader"`
+		TemplateUnitFile       bool     `schema:"templateUnitFile"`
+		RestartPolicy          *string  `schema:"restartPolicy"`
+		RestartSec             uint     `schema:"restartSec"`
+		StopTimeout            uint     `schema:"stopTimeout"`
+		StartTimeout           uint     `schema:"startTimeout"`
+		ContainerPrefix        *string  `schema:"containerPrefix"`
+		PodPrefix              *string  `schema:"podPrefix"`
+		Separator              *string  `schema:"separator"`
+		Wants                  []string `schema:"wants"`
+		After                  []string `schema:"after"`
+		Requires               []string `schema:"requires"`
+		AdditionalEnvVariables []string `schema:"additionalEnvVariables"`
 	}{
 		StartTimeout: 0,
 		StopTimeout:  util.DefaultContainerConfig().Engine.StopTimeout,
@@ -58,25 +59,26 @@ func GenerateSystemd(w http.ResponseWriter, r *http.Request) {
 
 	containerEngine := abi.ContainerEngine{Libpod: runtime}
 	options := entities.GenerateSystemdOptions{
-		Name:             query.Name,
-		New:              query.New,
-		NoHeader:         query.NoHeader,
-		TemplateUnitFile: query.TemplateUnitFile,
-		RestartPolicy:    query.RestartPolicy,
-		StartTimeout:     &query.StartTimeout,
-		StopTimeout:      &query.StopTimeout,
-		ContainerPrefix:  ContainerPrefix,
-		PodPrefix:        PodPrefix,
-		Separator:        Separator,
-		RestartSec:       &query.RestartSec,
-		Wants:            query.Wants,
-		After:            query.After,
-		Requires:         query.Requires,
+		Name:                   query.Name,
+		New:                    query.New,
+		NoHeader:               query.NoHeader,
+		TemplateUnitFile:       query.TemplateUnitFile,
+		RestartPolicy:          query.RestartPolicy,
+		StartTimeout:           &query.StartTimeout,
+		StopTimeout:            &query.StopTimeout,
+		ContainerPrefix:        ContainerPrefix,
+		PodPrefix:              PodPrefix,
+		Separator:              Separator,
+		RestartSec:             &query.RestartSec,
+		Wants:                  query.Wants,
+		After:                  query.After,
+		Requires:               query.Requires,
+		AdditionalEnvVariables: query.AdditionalEnvVariables,
 	}
 
 	report, err := containerEngine.GenerateSystemd(r.Context(), utils.GetName(r), options)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error generating systemd units: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("generating systemd units: %w", err))
 		return
 	}
 
@@ -102,7 +104,7 @@ func GenerateKube(w http.ResponseWriter, r *http.Request) {
 	options := entities.GenerateKubeOptions{Service: query.Service}
 	report, err := containerEngine.GenerateKube(r.Context(), query.Names, options)
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error generating YAML: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("generating YAML: %w", err))
 		return
 	}
 
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 67943ecf1..82c1971cd 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/containers/buildah"
 	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
@@ -547,6 +548,7 @@ func ImagesBatchRemove(w http.ResponseWriter, r *http.Request) {
 		Ignore         bool     `schema:"ignore"`
 		LookupManifest bool     `schema:"lookupManifest"`
 		Images         []string `schema:"images"`
+		NoPrune        bool     `schema:"noprune"`
 	}{}
 
 	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
@@ -554,7 +556,7 @@ func ImagesBatchRemove(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	opts := entities.ImageRemoveOptions{All: query.All, Force: query.Force, Ignore: query.Ignore, LookupManifest: query.LookupManifest}
+	opts := entities.ImageRemoveOptions{All: query.All, Force: query.Force, Ignore: query.Ignore, LookupManifest: query.LookupManifest, NoPrune: query.NoPrune}
 	imageEngine := abi.ImageEngine{Libpod: runtime}
 	rmReport, rmErrors := imageEngine.Remove(r.Context(), query.Images, opts)
 	strErrs := errorhandling.ErrorsToStrings(rmErrors)
@@ -617,7 +619,7 @@ func ImageScp(w http.ResponseWriter, r *http.Request) {
 
 	sourceArg := utils.GetName(r)
 
-	rep, source, dest, _, err := domainUtils.ExecuteTransfer(sourceArg, query.Destination, []string{}, query.Quiet)
+	rep, source, dest, _, err := domainUtils.ExecuteTransfer(sourceArg, query.Destination, []string{}, query.Quiet, ssh.GolangMode)
 	if err != nil {
 		utils.Error(w, http.StatusInternalServerError, err)
 		return
diff --git a/pkg/api/handlers/libpod/images_pull.go b/pkg/api/handlers/libpod/images_pull.go
index 7e24ae5ac..57b2e3a78 100644
--- a/pkg/api/handlers/libpod/images_pull.go
+++ b/pkg/api/handlers/libpod/images_pull.go
@@ -82,17 +82,32 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 		pullOptions.IdentityToken = authConf.IdentityToken
 	}
 
-	writer := channel.NewWriter(make(chan []byte))
-	defer writer.Close()
-
-	pullOptions.Writer = writer
-
 	pullPolicy, err := config.ParsePullPolicy(query.PullPolicy)
 	if err != nil {
 		utils.Error(w, http.StatusBadRequest, err)
 		return
 	}
 
+	// Let's keep thing simple when running in quiet mode and pull directly.
+	if query.Quiet {
+		images, err := runtime.LibimageRuntime().Pull(r.Context(), query.Reference, pullPolicy, pullOptions)
+		var report entities.ImagePullReport
+		if err != nil {
+			report.Error = err.Error()
+		}
+		for _, image := range images {
+			report.Images = append(report.Images, image.ID())
+			// Pull last ID from list and publish in 'id' stanza.  This maintains previous API contract
+			report.ID = image.ID()
+		}
+		utils.WriteResponse(w, http.StatusOK, report)
+		return
+	}
+
+	writer := channel.NewWriter(make(chan []byte))
+	defer writer.Close()
+	pullOptions.Writer = writer
+
 	var pulledImages []*libimage.Image
 	var pullError error
 	runCtx, cancel := context.WithCancel(r.Context())
@@ -118,10 +133,8 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 		select {
 		case s := <-writer.Chan():
 			report.Stream = string(s)
-			if !query.Quiet {
-				if err := enc.Encode(report); err != nil {
-					logrus.Warnf("Failed to encode json: %v", err)
-				}
+			if err := enc.Encode(report); err != nil {
+				logrus.Warnf("Failed to encode json: %v", err)
 			}
 			flush()
 		case <-runCtx.Done():
diff --git a/pkg/api/handlers/libpod/images_push.go b/pkg/api/handlers/libpod/images_push.go
index e931fd2f9..4102f23de 100644
--- a/pkg/api/handlers/libpod/images_push.go
+++ b/pkg/api/handlers/libpod/images_push.go
@@ -90,8 +90,8 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
 
 	// Let's keep thing simple when running in quiet mode and push directly.
 	if query.Quiet {
-		if err := imageEngine.Push(context.Background(), source, destination, options); err != nil {
-			utils.Error(w, http.StatusBadRequest, fmt.Errorf("error pushing image %q: %w", destination, err))
+		if err := imageEngine.Push(r.Context(), source, destination, options); err != nil {
+			utils.Error(w, http.StatusBadRequest, fmt.Errorf("pushing image %q: %w", destination, err))
 			return
 		}
 		utils.WriteResponse(w, http.StatusOK, "")
diff --git a/pkg/api/handlers/libpod/kube.go b/pkg/api/handlers/libpod/kube.go
index 6cad58795..2a61d1723 100644
--- a/pkg/api/handlers/libpod/kube.go
+++ b/pkg/api/handlers/libpod/kube.go
@@ -103,7 +103,7 @@ func KubePlay(w http.ResponseWriter, r *http.Request) {
 	report, err := containerEngine.PlayKube(r.Context(), r.Body, options)
 	_ = r.Body.Close()
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error playing YAML file: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("playing YAML file: %w", err))
 		return
 	}
 	utils.WriteResponse(w, http.StatusOK, report)
@@ -116,8 +116,12 @@ func KubePlayDown(w http.ResponseWriter, r *http.Request) {
 	report, err := containerEngine.PlayKubeDown(r.Context(), r.Body, *options)
 	_ = r.Body.Close()
 	if err != nil {
-		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error tearing down YAML file: %w", err))
+		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("tearing down YAML file: %w", err))
 		return
 	}
 	utils.WriteResponse(w, http.StatusOK, report)
 }
+
+func KubeGenerate(w http.ResponseWriter, r *http.Request) {
+	GenerateKube(w, r)
+}
diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go
index 2d6223e4e..d5af72a61 100644
--- a/pkg/api/handlers/libpod/manifests.go
+++ b/pkg/api/handlers/libpod/manifests.go
@@ -19,12 +19,14 @@ import (
 	"github.com/containers/podman/v4/pkg/api/handlers/utils"
 	api "github.com/containers/podman/v4/pkg/api/types"
 	"github.com/containers/podman/v4/pkg/auth"
+	"github.com/containers/podman/v4/pkg/channel"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/containers/podman/v4/pkg/domain/infra/abi"
 	"github.com/containers/podman/v4/pkg/errorhandling"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/schema"
 	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
 func ManifestCreate(w http.ResponseWriter, r *http.Request) {
@@ -34,6 +36,7 @@ func ManifestCreate(w http.ResponseWriter, r *http.Request) {
 		Name   string   `schema:"name"`
 		Images []string `schema:"images"`
 		All    bool     `schema:"all"`
+		Amend  bool     `schema:"amend"`
 	}{
 		// Add defaults here once needed.
 	}
@@ -68,7 +71,7 @@ func ManifestCreate(w http.ResponseWriter, r *http.Request) {
 
 	imageEngine := abi.ImageEngine{Libpod: runtime}
 
-	createOptions := entities.ManifestCreateOptions{All: query.All}
+	createOptions := entities.ManifestCreateOptions{All: query.All, Amend: query.Amend}
 	manID, err := imageEngine.ManifestCreate(r.Context(), query.Name, query.Images, createOptions)
 	if err != nil {
 		utils.InternalServerError(w, err)
@@ -290,9 +293,9 @@ func ManifestPushV3(w http.ResponseWriter, r *http.Request) {
 		options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
 	}
 	imageEngine := abi.ImageEngine{Libpod: runtime}
-	digest, err := imageEngine.ManifestPush(context.Background(), source, query.Destination, options)
+	digest, err := imageEngine.ManifestPush(r.Context(), source, query.Destination, options)
 	if err != nil {
-		utils.Error(w, http.StatusBadRequest, fmt.Errorf("error pushing image %q: %w", query.Destination, err))
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("pushing image %q: %w", query.Destination, err))
 		return
 	}
 	utils.WriteResponse(w, http.StatusOK, entities.IDResponse{ID: digest})
@@ -311,9 +314,13 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
 		Format            string `schema:"format"`
 		RemoveSignatures  bool   `schema:"removeSignatures"`
 		TLSVerify         bool   `schema:"tlsVerify"`
+		Quiet             bool   `schema:"quiet"`
 	}{
 		// Add defaults here once needed.
 		TLSVerify: true,
+		// #15210: older versions did not sent *any* data, so we need
+		//         to be quiet by default to remain backwards compatible
+		Quiet: true,
 	}
 	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
 		utils.Error(w, http.StatusBadRequest,
@@ -344,6 +351,7 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
 		CompressionFormat: query.CompressionFormat,
 		Format:            query.Format,
 		Password:          password,
+		Quiet:             true,
 		RemoveSignatures:  query.RemoveSignatures,
 		Username:          username,
 	}
@@ -356,12 +364,67 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
 
 	imageEngine := abi.ImageEngine{Libpod: runtime}
 	source := utils.GetName(r)
-	digest, err := imageEngine.ManifestPush(context.Background(), source, destination, options)
-	if err != nil {
-		utils.Error(w, http.StatusBadRequest, fmt.Errorf("error pushing image %q: %w", destination, err))
+
+	// Let's keep thing simple when running in quiet mode and push directly.
+	if query.Quiet {
+		digest, err := imageEngine.ManifestPush(r.Context(), source, destination, options)
+		if err != nil {
+			utils.Error(w, http.StatusBadRequest, fmt.Errorf("pushing image %q: %w", destination, err))
+			return
+		}
+		utils.WriteResponse(w, http.StatusOK, entities.ManifestPushReport{ID: digest})
 		return
 	}
-	utils.WriteResponse(w, http.StatusOK, entities.IDResponse{ID: digest})
+
+	writer := channel.NewWriter(make(chan []byte))
+	defer writer.Close()
+	options.Writer = writer
+
+	pushCtx, pushCancel := context.WithCancel(r.Context())
+	var digest string
+	var pushError error
+	go func() {
+		defer pushCancel()
+		digest, pushError = imageEngine.ManifestPush(pushCtx, source, destination, options)
+	}()
+
+	flush := func() {
+		if flusher, ok := w.(http.Flusher); ok {
+			flusher.Flush()
+		}
+	}
+
+	w.WriteHeader(http.StatusOK)
+	w.Header().Set("Content-Type", "application/json")
+	flush()
+
+	enc := json.NewEncoder(w)
+	enc.SetEscapeHTML(true)
+	for {
+		var report entities.ManifestPushReport
+		select {
+		case s := <-writer.Chan():
+			report.Stream = string(s)
+			if err := enc.Encode(report); err != nil {
+				logrus.Warnf("Failed to encode json: %v", err)
+			}
+			flush()
+		case <-pushCtx.Done():
+			if pushError != nil {
+				report.Error = pushError.Error()
+			} else {
+				report.ID = digest
+			}
+			if err := enc.Encode(report); err != nil {
+				logrus.Warnf("Failed to encode json: %v", err)
+			}
+			flush()
+			return
+		case <-r.Context().Done():
+			// Client has closed connection
+			return
+		}
+	}
 }
 
 // ManifestModify efficiently updates the named manifest list
diff --git a/pkg/api/handlers/libpod/pods.go b/pkg/api/handlers/libpod/pods.go
index 8b1d456ec..c39b9ee2f 100644
--- a/pkg/api/handlers/libpod/pods.go
+++ b/pkg/api/handlers/libpod/pods.go
@@ -51,7 +51,7 @@ func PodCreate(w http.ResponseWriter, r *http.Request) {
 		}
 		err = specgenutil.FillOutSpecGen(psg.InfraContainerSpec, &infraOptions, []string{}) // necessary for default values in many cases (userns, idmappings)
 		if err != nil {
-			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error filling out specgen: %w", err))
+			utils.Error(w, http.StatusInternalServerError, fmt.Errorf("filling out specgen: %w", err))
 			return
 		}
 		out, err := json.Marshal(psg) // marshal our spec so the matching options can be unmarshaled into infra
@@ -178,7 +178,7 @@ func PodStop(w http.ResponseWriter, r *http.Request) {
 
 	report := entities.PodStopReport{Id: pod.ID()}
 	for id, err := range responses {
-		report.Errs = append(report.Errs, fmt.Errorf("error stopping container %s: %w", id, err))
+		report.Errs = append(report.Errs, fmt.Errorf("stopping container %s: %w", id, err))
 	}
 
 	code := http.StatusOK
@@ -214,7 +214,7 @@ func PodStart(w http.ResponseWriter, r *http.Request) {
 
 	report := entities.PodStartReport{Id: pod.ID()}
 	for id, err := range responses {
-		report.Errs = append(report.Errs, fmt.Errorf("%v: %w", "error starting container "+id, err))
+		report.Errs = append(report.Errs, fmt.Errorf("%v: %w", "starting container "+id, err))
 	}
 
 	code := http.StatusOK
@@ -270,7 +270,7 @@ func PodRestart(w http.ResponseWriter, r *http.Request) {
 
 	report := entities.PodRestartReport{Id: pod.ID()}
 	for id, err := range responses {
-		report.Errs = append(report.Errs, fmt.Errorf("error restarting container %s: %w", id, err))
+		report.Errs = append(report.Errs, fmt.Errorf("restarting container %s: %w", id, err))
 	}
 
 	code := http.StatusOK
@@ -321,7 +321,7 @@ func PodPause(w http.ResponseWriter, r *http.Request) {
 
 	report := entities.PodPauseReport{Id: pod.ID()}
 	for id, v := range responses {
-		report.Errs = append(report.Errs, fmt.Errorf("error pausing container %s: %w", id, v))
+		report.Errs = append(report.Errs, fmt.Errorf("pausing container %s: %w", id, v))
 	}
 
 	code := http.StatusOK
@@ -347,7 +347,7 @@ func PodUnpause(w http.ResponseWriter, r *http.Request) {
 
 	report := entities.PodUnpauseReport{Id: pod.ID()}
 	for id, v := range responses {
-		report.Errs = append(report.Errs, fmt.Errorf("error unpausing container %s: %w", id, v))
+		report.Errs = append(report.Errs, fmt.Errorf("unpausing container %s: %w", id, v))
 	}
 
 	code := http.StatusOK
diff --git a/pkg/api/handlers/swagger/responses.go b/pkg/api/handlers/swagger/responses.go
index 5731f8edd..3de9b06e9 100644
--- a/pkg/api/handlers/swagger/responses.go
+++ b/pkg/api/handlers/swagger/responses.go
@@ -71,7 +71,7 @@ type imagesRemoveResponseLibpod struct {
 
 // PlayKube response
 // swagger:response
-type kubePlayResponseLibpod struct {
+type playKubeResponseLibpod struct {
 	// in:body
 	Body entities.PlayKubeReport
 }
@@ -313,6 +313,11 @@ type containerCreateResponse struct {
 	Body entities.ContainerCreateResponse
 }
 
+type containerUpdateResponse struct {
+	// in:body
+	ID string
+}
+
 // Wait container
 // swagger:response
 type containerWaitResponse struct {
diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go
index b533e131c..bb416d9f4 100644
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@@ -11,6 +11,7 @@ import (
 	dockerContainer "github.com/docker/docker/api/types/container"
 	dockerNetwork "github.com/docker/docker/api/types/network"
 	"github.com/docker/go-connections/nat"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 type AuthConfig struct {
@@ -64,6 +65,12 @@ type LibpodContainersRmReport struct {
 	RmError string `json:"Err,omitempty"`
 }
 
+// UpdateEntities used to wrap the oci resource spec in a swagger model
+// swagger:model
+type UpdateEntities struct {
+	Resources *specs.LinuxResources
+}
+
 type Info struct {
 	docker.Info
 	BuildahVersion     string
@@ -127,6 +134,7 @@ type CreateContainerConfig struct {
 	dockerContainer.Config                                // desired container configuration
 	HostConfig             dockerContainer.HostConfig     // host dependent configuration for container
 	NetworkingConfig       dockerNetwork.NetworkingConfig // network configuration for container
+	EnvMerge               []string                       // preprocess env variables from image before injecting into containers
 	UnsetEnv               []string                       // unset specified default environment variables
 	UnsetEnvAll            bool                           // unset all default environment variables
 }
@@ -162,7 +170,7 @@ type ExecStartConfig struct {
 
 func ImageDataToImageInspect(ctx context.Context, l *libimage.Image) (*ImageInspect, error) {
 	options := &libimage.InspectOptions{WithParent: true, WithSize: true}
-	info, err := l.Inspect(context.Background(), options)
+	info, err := l.Inspect(ctx, options)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/api/server/register_containers.go b/pkg/api/server/register_containers.go
index b319fc14a..311eecd17 100644
--- a/pkg/api/server/register_containers.go
+++ b/pkg/api/server/register_containers.go
@@ -11,9 +11,9 @@ import (
 func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	// swagger:operation POST /containers/create compat ContainerCreate
 	// ---
-	//   summary: Create a container
 	//   tags:
 	//    - containers (compat)
+	//   summary: Create a container
 	//   produces:
 	//   - application/json
 	//   parameters:
@@ -212,7 +212,6 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//  - in: query
 	//    name: signal
 	//    type: string
-	//    default: TERM
 	//    description: signal to be sent to container
 	//    default: SIGKILL
 	// produces:
@@ -678,9 +677,9 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 
 	// swagger:operation POST /libpod/containers/create libpod ContainerCreateLibpod
 	// ---
-	//   summary: Create a container
 	//   tags:
 	//    - containers
+	//   summary: Create a container
 	//   produces:
 	//   - application/json
 	//   parameters:
@@ -689,6 +688,7 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//      description: attributes for creating a container
 	//      schema:
 	//        $ref: "#/definitions/SpecGenerator"
+	//      required: true
 	//   responses:
 	//     201:
 	//       $ref: "#/responses/containerCreateResponse"
@@ -722,6 +722,7 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//    type: boolean
 	//    description: Include namespace information
 	//    default: false
+	//  - in: query
 	//    name: pod
 	//    type: boolean
 	//    default: false
@@ -896,7 +897,7 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//  - in: query
 	//    name: signal
 	//    type: string
-	//    default: TERM
+	//    default: SIGKILL
 	//    description: signal to be sent to container, either by integer or SIG_ name
 	// produces:
 	// - application/json
@@ -1290,11 +1291,6 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//    required: true
 	//    description: the name or ID of the container
 	//  - in: query
-	//    name: all
-	//    type: boolean
-	//    default: false
-	//    description: Stop all containers
-	//  - in: query
 	//    name: timeout
 	//    type: integer
 	//    default: 10
@@ -1625,5 +1621,33 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//   500:
 	//     $ref: "#/responses/internalError"
 	r.HandleFunc(VersionedPath("/libpod/containers/{name}/rename"), s.APIHandler(compat.RenameContainer)).Methods(http.MethodPost)
+	// swagger:operation POST /libpod/containers/{name}/update libpod ContainerUpdateLibpod
+	// ---
+	// tags:
+	//   - containers
+	// summary: Update an existing containers cgroup configuration
+	// description: Update an existing containers cgroup configuration.
+	// parameters:
+	//  - in: path
+	//    name: name
+	//    type: string
+	//    required: true
+	//    description: Full or partial ID or full name of the container to update
+	//  - in: body
+	//    name: resources
+	//    description: attributes for updating the container
+	//    schema:
+	//      $ref: "#/definitions/UpdateEntities"
+	// produces:
+	// - application/json
+	// responses:
+	//   responses:
+	//     201:
+	//       $ref: "#/responses/containerUpdateResponse"
+	//   404:
+	//     $ref: "#/responses/containerNotFound"
+	//   500:
+	//     $ref: "#/responses/internalError"
+	r.HandleFunc(VersionedPath("/libpod/containers/{name}/update"), s.APIHandler(libpod.UpdateContainer)).Methods(http.MethodPost)
 	return nil
 }
diff --git a/pkg/api/server/register_generate.go b/pkg/api/server/register_generate.go
index 82fbe3d09..ac2818db0 100644
--- a/pkg/api/server/register_generate.go
+++ b/pkg/api/server/register_generate.go
@@ -93,6 +93,13 @@ func (s *APIServer) registerGenerateHandlers(r *mux.Router) error {
 	//        type: string
 	//    default: []
 	//    description: Systemd Requires list for the container or pods.
+	//  - in: query
+	//    name: additionalEnvVariables
+	//    type: array
+	//    items:
+	//        type: string
+	//    default: []
+	//    description: Set environment variables to the systemd unit files.
 	// produces:
 	// - application/json
 	// responses:
diff --git a/pkg/api/server/register_kube.go b/pkg/api/server/register_kube.go
index 6ae9e8123..0c3cd1d04 100644
--- a/pkg/api/server/register_kube.go
+++ b/pkg/api/server/register_kube.go
@@ -8,7 +8,7 @@ import (
 )
 
 func (s *APIServer) registerKubeHandlers(r *mux.Router) error {
-	// swagger:operation POST /libpod/kube/play libpod KubePlayLibpod
+	// swagger:operation POST /libpod/play/kube libpod PlayKubeLibpod
 	// ---
 	// tags:
 	//  - containers
@@ -57,12 +57,12 @@ func (s *APIServer) registerKubeHandlers(r *mux.Router) error {
 	// - application/json
 	// responses:
 	//   200:
-	//     $ref: "#/responses/kubePlayResponseLibpod"
+	//     $ref: "#/responses/playKubeResponseLibpod"
 	//   500:
 	//     $ref: "#/responses/internalError"
-	r.HandleFunc(VersionedPath("/libpod/kube/play"), s.APIHandler(libpod.KubePlay)).Methods(http.MethodPost)
 	r.HandleFunc(VersionedPath("/libpod/play/kube"), s.APIHandler(libpod.PlayKube)).Methods(http.MethodPost)
-	// swagger:operation DELETE /libpod/kube/play libpod KubePlayDownLibpod
+	r.HandleFunc(VersionedPath("/libpod/kube/play"), s.APIHandler(libpod.KubePlay)).Methods(http.MethodPost)
+	// swagger:operation DELETE /libpod/play/kube libpod PlayKubeDownLibpod
 	// ---
 	// tags:
 	//  - containers
@@ -73,10 +73,43 @@ func (s *APIServer) registerKubeHandlers(r *mux.Router) error {
 	// - application/json
 	// responses:
 	//   200:
-	//     $ref: "#/responses/kubePlayResponseLibpod"
+	//     $ref: "#/responses/playKubeResponseLibpod"
 	//   500:
 	//     $ref: "#/responses/internalError"
-	r.HandleFunc(VersionedPath("/libpod/kube/play"), s.APIHandler(libpod.KubePlayDown)).Methods(http.MethodDelete)
 	r.HandleFunc(VersionedPath("/libpod/play/kube"), s.APIHandler(libpod.PlayKubeDown)).Methods(http.MethodDelete)
+	r.HandleFunc(VersionedPath("/libpod/kube/play"), s.APIHandler(libpod.KubePlayDown)).Methods(http.MethodDelete)
+	// swagger:operation GET /libpod/generate/kube libpod GenerateKubeLibpod
+	// ---
+	// tags:
+	//  - containers
+	//  - pods
+	// summary: Generate a Kubernetes YAML file.
+	// description: Generate Kubernetes YAML based on a pod or container.
+	// parameters:
+	//  - in: query
+	//    name: names
+	//    type: array
+	//    items:
+	//       type: string
+	//    required: true
+	//    description: Name or ID of the container or pod.
+	//  - in: query
+	//    name: service
+	//    type: boolean
+	//    default: false
+	//    description: Generate YAML for a Kubernetes service object.
+	// produces:
+	// - text/vnd.yaml
+	// - application/json
+	// responses:
+	//   200:
+	//     description: Kubernetes YAML file describing pod
+	//     schema:
+	//      type: string
+	//      format: binary
+	//   500:
+	//     $ref: "#/responses/internalError"
+	r.HandleFunc(VersionedPath("/libpod/generate/kube"), s.APIHandler(libpod.GenerateKube)).Methods(http.MethodGet)
+	r.HandleFunc(VersionedPath("/libpod/kube/generate"), s.APIHandler(libpod.KubeGenerate)).Methods(http.MethodGet)
 	return nil
 }
diff --git a/pkg/api/server/register_manifest.go b/pkg/api/server/register_manifest.go
index 19b507047..7a55eaefe 100644
--- a/pkg/api/server/register_manifest.go
+++ b/pkg/api/server/register_manifest.go
@@ -75,6 +75,11 @@ func (s *APIServer) registerManifestHandlers(r *mux.Router) error {
 	//    type: boolean
 	//    default: true
 	//    description: Require HTTPS and verify signatures when contacting registries.
+	//  - in: query
+	//    name: quiet
+	//    description: "silences extra stream data on push"
+	//    type: boolean
+	//    default: true
 	// responses:
 	//   200:
 	//     schema:
@@ -112,6 +117,10 @@ func (s *APIServer) registerManifestHandlers(r *mux.Router) error {
 	//   name: all
 	//   type: boolean
 	//   description: add all contents if given list
+	// - in: query
+	//   name: amend
+	//   type: boolean
+	//   description: modify an existing list if one with the desired name already exists
 	// - in: body
 	//   name: options
 	//   description: options for new manifest
diff --git a/pkg/api/server/register_secrets.go b/pkg/api/server/register_secrets.go
index f4608baa6..8918ad238 100644
--- a/pkg/api/server/register_secrets.go
+++ b/pkg/api/server/register_secrets.go
@@ -54,7 +54,6 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error {
 	//        - `id=[id]` Matches for full or partial ID.
 	// produces:
 	// - application/json
-	// parameters:
 	// responses:
 	//   '200':
 	//     "$ref": "#/responses/SecretListResponse"
@@ -128,7 +127,6 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error {
 	//        - `id=[id]` Matches for full or partial ID.
 	// produces:
 	// - application/json
-	// parameters:
 	// responses:
 	//   '200':
 	//     "$ref": "#/responses/SecretListCompatResponse"
diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index a6d8b5e4c..39423dabe 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -126,11 +126,11 @@ func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.Ser
 		server.registerHealthCheckHandlers,
 		server.registerImagesHandlers,
 		server.registerInfoHandlers,
-		server.registerKubeHandlers,
 		server.registerManifestHandlers,
 		server.registerMonitorHandlers,
 		server.registerNetworkHandlers,
 		server.registerPingHandlers,
+		server.registerKubeHandlers,
 		server.registerPluginsHandlers,
 		server.registerPodsHandlers,
 		server.registerSecretHandlers,
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index dd934fabd..270cd4207 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -238,10 +238,10 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin
 		return "", err
 	}
 	if _, err := tmpFile.Write([]byte{'{', '}'}); err != nil {
-		return "", fmt.Errorf("error initializing temporary auth file: %w", err)
+		return "", fmt.Errorf("initializing temporary auth file: %w", err)
 	}
 	if err := tmpFile.Close(); err != nil {
-		return "", fmt.Errorf("error closing temporary auth file: %w", err)
+		return "", fmt.Errorf("closing temporary auth file: %w", err)
 	}
 	authFilePath := tmpFile.Name()
 
@@ -255,7 +255,7 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin
 		// that all credentials are valid. They'll be used on demand
 		// later.
 		if err := imageAuth.SetAuthentication(&sys, key, config.Username, config.Password); err != nil {
-			return "", fmt.Errorf("error storing credentials in temporary auth file (key: %q / %q, user: %q): %w", authFileKey, key, config.Username, err)
+			return "", fmt.Errorf("storing credentials in temporary auth file (key: %q / %q, user: %q): %w", authFileKey, key, config.Username, err)
 		}
 	}
 
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go
index 8d9991622..9cf77d135 100644
--- a/pkg/autoupdate/autoupdate.go
+++ b/pkg/autoupdate/autoupdate.go
@@ -43,15 +43,41 @@ const (
 
 // Map for easy lookups of supported policies.
 var supportedPolicies = map[string]Policy{
-	"":         PolicyDefault,
-	"disabled": PolicyDefault,
-	"image":    PolicyRegistryImage,
-	"registry": PolicyRegistryImage,
-	"local":    PolicyLocalImage,
+	"":                          PolicyDefault,
+	string(PolicyDefault):       PolicyDefault,
+	"image":                     PolicyRegistryImage, // Deprecated in favor of PolicyRegistryImage
+	string(PolicyRegistryImage): PolicyRegistryImage,
+	string(PolicyLocalImage):    PolicyLocalImage,
 }
 
-// policyMapper is used for tying a container to it's autoupdate policy
-type policyMapper map[Policy][]*libpod.Container
+// updater includes shared state for auto-updating one or more containers.
+type updater struct {
+	conn             *dbus.Conn                  // DBUS connection
+	options          *entities.AutoUpdateOptions // User-specified options
+	unitToTasks      map[string][]*task          // Keeps track of tasks per unit
+	updatedRawImages map[string]bool             // Keeps track of updated images
+	runtime          *libpod.Runtime             // The libpod runtime
+}
+
+const (
+	statusFailed     = "failed"      // The update has failed
+	statusUpdated    = "true"        // The update succeeded
+	statusNotUpdated = "false"       // No update was needed
+	statusPending    = "pending"     // The update is pending (see options.DryRun)
+	statusRolledBack = "rolled back" // Rollback after a failed update
+)
+
+// task includes data and state for updating a container
+type task struct {
+	authfile     string            // Container-specific authfile
+	auto         *updater          // Reverse pointer to the updater
+	container    *libpod.Container // Container to update
+	policy       Policy            // Update policy
+	image        *libimage.Image   // Original image before the update
+	rawImageName string            // The container's raw image name
+	status       string            // Auto-update status
+	unit         string            // Name of the systemd unit
+}
 
 // LookupPolicy looks up the corresponding Policy for the specified
 // string. If none is found, an errors is returned including the list of
@@ -116,211 +142,233 @@ func ValidateImageReference(imageName string) error {
 // It returns a slice of successfully restarted systemd units and a slice of
 // errors encountered during auto update.
 func AutoUpdate(ctx context.Context, runtime *libpod.Runtime, options entities.AutoUpdateOptions) ([]*entities.AutoUpdateReport, []error) {
-	// Create a map from `image ID -> []*Container`.
-	containerMap, errs := imageContainersMap(runtime)
-	if len(containerMap) == 0 {
-		return nil, errs
-	}
+	// Note that (most) errors are non-fatal such that a single
+	// misconfigured container does not prevent others from being updated
+	// (which could be a security threat).
 
-	// Create a map from `image ID -> *libimage.Image` for image lookups.
-	listOptions := &libimage.ListImagesOptions{
-		Filters: []string{"readonly=false"},
-	}
-	imagesSlice, err := runtime.LibimageRuntime().ListImages(ctx, nil, listOptions)
-	if err != nil {
-		return nil, []error{err}
+	auto := updater{
+		options:          &options,
+		runtime:          runtime,
+		updatedRawImages: make(map[string]bool),
 	}
-	imageMap := make(map[string]*libimage.Image)
-	for i := range imagesSlice {
-		imageMap[imagesSlice[i].ID()] = imagesSlice[i]
+
+	// Find auto-update tasks and assemble them by unit.
+	allErrors := auto.assembleTasks(ctx)
+
+	// Nothing to do.
+	if len(auto.unitToTasks) == 0 {
+		return nil, allErrors
 	}
 
 	// Connect to DBUS.
 	conn, err := systemd.ConnectToDBUS()
 	if err != nil {
 		logrus.Errorf(err.Error())
-		return nil, []error{err}
+		allErrors = append(allErrors, err)
+		return nil, allErrors
 	}
 	defer conn.Close()
+	auto.conn = conn
 
 	runtime.NewSystemEvent(events.AutoUpdate)
 
 	// Update all images/container according to their auto-update policy.
 	var allReports []*entities.AutoUpdateReport
-	updatedRawImages := make(map[string]bool)
-	for imageID, policyMapper := range containerMap {
-		image, exists := imageMap[imageID]
-		if !exists {
-			errs = append(errs, fmt.Errorf("container image ID %q not found in local storage", imageID))
-			return nil, errs
+	for unit, tasks := range auto.unitToTasks {
+		unitErrors := auto.updateUnit(ctx, unit, tasks)
+		allErrors = append(allErrors, unitErrors...)
+		for _, task := range tasks {
+			allReports = append(allReports, task.report())
 		}
+	}
+
+	return allReports, allErrors
+}
+
+// updateUnit auto updates the tasks in the specified systemd unit.
+func (u *updater) updateUnit(ctx context.Context, unit string, tasks []*task) []error {
+	var errors []error
+	tasksUpdated := false
 
-		for _, ctr := range policyMapper[PolicyRegistryImage] {
-			report, err := autoUpdateRegistry(ctx, image, ctr, updatedRawImages, &options, conn, runtime)
+	for _, task := range tasks {
+		err := func() error { // Use an anonymous function to avoid spaghetti continue's
+			updateAvailable, err := task.updateAvailable(ctx)
 			if err != nil {
-				errs = append(errs, err)
+				task.status = statusFailed
+				return fmt.Errorf("checking image updates for container %s: %w", task.container.ID(), err)
 			}
-			if report != nil {
-				allReports = append(allReports, report)
-			}
-		}
 
-		for _, ctr := range policyMapper[PolicyLocalImage] {
-			report, err := autoUpdateLocally(ctx, image, ctr, &options, conn, runtime)
-			if err != nil {
-				errs = append(errs, err)
+			if !updateAvailable {
+				task.status = statusNotUpdated
+				return nil
 			}
-			if report != nil {
-				allReports = append(allReports, report)
+
+			if u.options.DryRun {
+				task.status = statusPending
+				return nil
 			}
-		}
-	}
 
-	return allReports, errs
-}
+			if err := task.update(ctx); err != nil {
+				task.status = statusFailed
+				return fmt.Errorf("updating image for container %s: %w", task.container.ID(), err)
+			}
 
-// autoUpdateRegistry updates the image/container according to the "registry" policy.
-func autoUpdateRegistry(ctx context.Context, image *libimage.Image, ctr *libpod.Container, updatedRawImages map[string]bool, options *entities.AutoUpdateOptions, conn *dbus.Conn, runtime *libpod.Runtime) (*entities.AutoUpdateReport, error) {
-	cid := ctr.ID()
-	rawImageName := ctr.RawImageName()
-	if rawImageName == "" {
-		return nil, fmt.Errorf("registry auto-updating container %q: raw-image name is empty", cid)
-	}
+			tasksUpdated = true
+			return nil
+		}()
 
-	labels := ctr.Labels()
-	unit, exists := labels[systemdDefine.EnvVariable]
-	if !exists {
-		return nil, fmt.Errorf("auto-updating container %q: no %s label found", ctr.ID(), systemdDefine.EnvVariable)
+		if err != nil {
+			errors = append(errors, err)
+		}
 	}
 
-	report := &entities.AutoUpdateReport{
-		ContainerID:   cid,
-		ContainerName: ctr.Name(),
-		ImageName:     rawImageName,
-		Policy:        PolicyRegistryImage,
-		SystemdUnit:   unit,
-		Updated:       "failed",
+	// If no task has been updated, we can jump directly to the next unit.
+	if !tasksUpdated {
+		return errors
 	}
 
-	if _, updated := updatedRawImages[rawImageName]; updated {
-		logrus.Infof("Auto-updating container %q using registry image %q", cid, rawImageName)
-		if err := restartSystemdUnit(ctx, ctr, unit, conn); err != nil {
-			return report, err
+	updateError := u.restartSystemdUnit(ctx, unit)
+	for _, task := range tasks {
+		if updateError == nil {
+			task.status = statusUpdated
+		} else {
+			task.status = statusFailed
 		}
-		report.Updated = "true"
-		return report, nil
 	}
 
-	authfile := getAuthfilePath(ctr, options)
-	needsUpdate, err := newerRemoteImageAvailable(ctx, image, rawImageName, authfile)
-	if err != nil {
-		return report, fmt.Errorf("registry auto-updating container %q: image check for %q failed: %w", cid, rawImageName, err)
-	}
-
-	if !needsUpdate {
-		report.Updated = "false"
-		return report, nil
+	// Jump to the next unit on successful update or if rollbacks are disabled.
+	if updateError == nil || !u.options.Rollback {
+		return errors
 	}
 
-	if options.DryRun {
-		report.Updated = "pending"
-		return report, nil
+	// The update has failed and rollbacks are enabled.
+	for _, task := range tasks {
+		if err := task.rollbackImage(); err != nil {
+			err = fmt.Errorf("rolling back image for container %s in unit %s: %w", task.container.ID(), unit, err)
+			errors = append(errors, err)
+		}
 	}
 
-	if _, err := updateImage(ctx, runtime, rawImageName, authfile); err != nil {
-		return report, fmt.Errorf("registry auto-updating container %q: image update for %q failed: %w", cid, rawImageName, err)
+	if err := u.restartSystemdUnit(ctx, unit); err != nil {
+		for _, task := range tasks {
+			task.status = statusFailed
+		}
+		err = fmt.Errorf("restarting unit %s during rollback: %w", unit, err)
+		errors = append(errors, err)
+		return errors
 	}
-	updatedRawImages[rawImageName] = true
 
-	logrus.Infof("Auto-updating container %q using registry image %q", cid, rawImageName)
-	updateErr := restartSystemdUnit(ctx, ctr, unit, conn)
-	if updateErr == nil {
-		report.Updated = "true"
-		return report, nil
+	for _, task := range tasks {
+		task.status = statusRolledBack
 	}
 
-	if !options.Rollback {
-		return report, updateErr
-	}
+	return errors
+}
 
-	// To fallback, simply retag the old image and restart the service.
-	if err := image.Tag(rawImageName); err != nil {
-		return report, fmt.Errorf("falling back to previous image: %w", err)
+// report creates an auto-update report for the task.
+func (t *task) report() *entities.AutoUpdateReport {
+	return &entities.AutoUpdateReport{
+		ContainerID:   t.container.ID(),
+		ContainerName: t.container.Name(),
+		ImageName:     t.container.RawImageName(),
+		Policy:        string(t.policy),
+		SystemdUnit:   t.unit,
+		Updated:       t.status,
 	}
-	if err := restartSystemdUnit(ctx, ctr, unit, conn); err != nil {
-		return report, fmt.Errorf("restarting unit with old image during fallback: %w", err)
-	}
-
-	report.Updated = "rolled back"
-	return report, nil
 }
 
-// autoUpdateRegistry updates the image/container according to the "local" policy.
-func autoUpdateLocally(ctx context.Context, image *libimage.Image, ctr *libpod.Container, options *entities.AutoUpdateOptions, conn *dbus.Conn, runtime *libpod.Runtime) (*entities.AutoUpdateReport, error) {
-	cid := ctr.ID()
-	rawImageName := ctr.RawImageName()
-	if rawImageName == "" {
-		return nil, fmt.Errorf("locally auto-updating container %q: raw-image name is empty", cid)
+// updateAvailable returns whether an update for the task is available.
+func (t *task) updateAvailable(ctx context.Context) (bool, error) {
+	switch t.policy {
+	case PolicyRegistryImage:
+		// Errors checking for updates only should not be fatal.
+		// Especially on Edge systems, connection may be limited or
+		// there may just be a temporary downtime of the registry.
+		// But make sure to leave some breadcrumbs in the debug logs
+		// such that potential issues _can_ be analyzed if needed.
+		available, err := t.registryUpdateAvailable(ctx)
+		if err != nil {
+			logrus.Debugf("Error checking updates for image %s: %v (ignoring error)", t.rawImageName, err)
+		}
+		return available, nil
+	case PolicyLocalImage:
+		return t.localUpdateAvailable()
+	default:
+		return false, fmt.Errorf("unexpected auto-update policy %s for container %s", t.policy, t.container.ID())
 	}
+}
 
-	labels := ctr.Labels()
-	unit, exists := labels[systemdDefine.EnvVariable]
-	if !exists {
-		return nil, fmt.Errorf("auto-updating container %q: no %s label found", ctr.ID(), systemdDefine.EnvVariable)
+// update the task according to its auto-update policy.
+func (t *task) update(ctx context.Context) error {
+	switch t.policy {
+	case PolicyRegistryImage:
+		return t.registryUpdate(ctx)
+	case PolicyLocalImage:
+		// Nothing to do as the image is already available in the local storage.
+		return nil
+	default:
+		return fmt.Errorf("unexpected auto-update policy %s for container %s", t.policy, t.container.ID())
 	}
+}
 
-	report := &entities.AutoUpdateReport{
-		ContainerID:   cid,
-		ContainerName: ctr.Name(),
-		ImageName:     rawImageName,
-		Policy:        PolicyLocalImage,
-		SystemdUnit:   unit,
-		Updated:       "failed",
+// registryUpdateAvailable returns whether a new image on the registry is available.
+func (t *task) registryUpdateAvailable(ctx context.Context) (bool, error) {
+	// The newer image has already been pulled for another task, so we know
+	// there's a newer one available.
+	if _, exists := t.auto.updatedRawImages[t.rawImageName]; exists {
+		return true, nil
 	}
 
-	needsUpdate, err := newerLocalImageAvailable(runtime, image, rawImageName)
+	remoteRef, err := docker.ParseReference("//" + t.rawImageName)
 	if err != nil {
-		return report, fmt.Errorf("locally auto-updating container %q: image check for %q failed: %w", cid, rawImageName, err)
+		return false, err
 	}
+	options := &libimage.HasDifferentDigestOptions{AuthFilePath: t.authfile}
+	return t.image.HasDifferentDigest(ctx, remoteRef, options)
+}
 
-	if !needsUpdate {
-		report.Updated = "false"
-		return report, nil
+// registryUpdate pulls down the image from the registry.
+func (t *task) registryUpdate(ctx context.Context) error {
+	// The newer image has already been pulled for another task.
+	if _, exists := t.auto.updatedRawImages[t.rawImageName]; exists {
+		return nil
 	}
 
-	if options.DryRun {
-		report.Updated = "pending"
-		return report, nil
+	pullOptions := &libimage.PullOptions{}
+	pullOptions.AuthFilePath = t.authfile
+	pullOptions.Writer = os.Stderr
+	if _, err := t.auto.runtime.LibimageRuntime().Pull(ctx, t.rawImageName, config.PullPolicyAlways, pullOptions); err != nil {
+		return err
 	}
 
-	logrus.Infof("Auto-updating container %q using local image %q", cid, rawImageName)
-	updateErr := restartSystemdUnit(ctx, ctr, unit, conn)
-	if updateErr == nil {
-		report.Updated = "true"
-		return report, nil
-	}
+	t.auto.updatedRawImages[t.rawImageName] = true
+	return nil
+}
 
-	if !options.Rollback {
-		return report, updateErr
+// localUpdateAvailable returns whether a new image in the local storage is available.
+func (t *task) localUpdateAvailable() (bool, error) {
+	localImg, _, err := t.auto.runtime.LibimageRuntime().LookupImage(t.rawImageName, nil)
+	if err != nil {
+		return false, err
 	}
+	return localImg.Digest().String() != t.image.Digest().String(), nil
+}
 
+// rollbackImage rolls back the task's image to the previous version before the update.
+func (t *task) rollbackImage() error {
 	// To fallback, simply retag the old image and restart the service.
-	if err := image.Tag(rawImageName); err != nil {
-		return report, fmt.Errorf("falling back to previous image: %w", err)
+	if err := t.image.Tag(t.rawImageName); err != nil {
+		return err
 	}
-	if err := restartSystemdUnit(ctx, ctr, unit, conn); err != nil {
-		return report, fmt.Errorf("restarting unit with old image during fallback: %w", err)
-	}
-
-	report.Updated = "rolled back"
-	return report, nil
+	t.auto.updatedRawImages[t.rawImageName] = false
+	return nil
 }
 
 // restartSystemdUnit restarts the systemd unit the container is running in.
-func restartSystemdUnit(ctx context.Context, ctr *libpod.Container, unit string, conn *dbus.Conn) error {
+func (u *updater) restartSystemdUnit(ctx context.Context, unit string) error {
 	restartChan := make(chan string)
-	if _, err := conn.RestartUnitContext(ctx, unit, "replace", restartChan); err != nil {
-		return fmt.Errorf("auto-updating container %q: restarting systemd unit %q failed: %w", ctr.ID(), unit, err)
+	if _, err := u.conn.RestartUnitContext(ctx, unit, "replace", restartChan); err != nil {
+		return err
 	}
 
 	// Wait for the restart to finish and actually check if it was
@@ -329,25 +377,34 @@ func restartSystemdUnit(ctx context.Context, ctr *libpod.Container, unit string,
 
 	switch result {
 	case "done":
-		logrus.Infof("Successfully restarted systemd unit %q of container %q", unit, ctr.ID())
+		logrus.Infof("Successfully restarted systemd unit %q", unit)
 		return nil
 
 	default:
-		return fmt.Errorf("auto-updating container %q: restarting systemd unit %q failed: expected %q but received %q", ctr.ID(), unit, "done", result)
+		return fmt.Errorf("expected %q but received %q", "done", result)
 	}
 }
 
-// imageContainersMap generates a map[image ID] -> [containers using the image]
-// of all containers with a valid auto-update policy.
-func imageContainersMap(runtime *libpod.Runtime) (map[string]policyMapper, []error) {
-	allContainers, err := runtime.GetAllContainers()
+// assembleTasks assembles update tasks per unit and populates a mapping from
+// `unit -> []*task` such that multiple containers _can_ run in a single unit.
+func (u *updater) assembleTasks(ctx context.Context) []error {
+	// Assemble a map `image ID -> *libimage.Image` that we can consult
+	// later on for lookups.
+	imageMap, err := u.assembleImageMap(ctx)
 	if err != nil {
-		return nil, []error{err}
+		return []error{err}
 	}
 
+	allContainers, err := u.runtime.GetAllContainers()
+	if err != nil {
+		return []error{err}
+	}
+
+	u.unitToTasks = make(map[string][]*task)
+
 	errors := []error{}
-	containerMap := make(map[string]policyMapper)
-	for _, ctr := range allContainers {
+	for _, c := range allContainers {
+		ctr := c
 		state, err := ctr.State()
 		if err != nil {
 			errors = append(errors, err)
@@ -358,77 +415,75 @@ func imageContainersMap(runtime *libpod.Runtime) (map[string]policyMapper, []err
 			continue
 		}
 
-		// Only update containers with the specific label/policy set.
+		// Check the container's auto-update policy which is configured
+		// as a label.
 		labels := ctr.Labels()
 		value, exists := labels[Label]
 		if !exists {
 			continue
 		}
-
 		policy, err := LookupPolicy(value)
 		if err != nil {
 			errors = append(errors, err)
 			continue
 		}
-
-		// Skip labels not related to autoupdate
 		if policy == PolicyDefault {
 			continue
-		} else {
-			id, _ := ctr.Image()
-			policyMap, exists := containerMap[id]
-			if !exists {
-				policyMap = make(map[Policy][]*libpod.Container)
-			}
-			policyMap[policy] = append(policyMap[policy], ctr)
-			containerMap[id] = policyMap
-			// Now we know that `ctr` is configured for auto updates.
 		}
-	}
 
-	return containerMap, errors
-}
+		// Make sure the container runs in a systemd unit which is
+		// stored as a label at container creation.
+		unit, exists := labels[systemdDefine.EnvVariable]
+		if !exists {
+			errors = append(errors, fmt.Errorf("auto-updating container %q: no %s label found", ctr.ID(), systemdDefine.EnvVariable))
+			continue
+		}
 
-// getAuthfilePath returns an authfile path, if set. The authfile label in the
-// container, if set, as precedence over the one set in the options.
-func getAuthfilePath(ctr *libpod.Container, options *entities.AutoUpdateOptions) string {
-	labels := ctr.Labels()
-	authFilePath, exists := labels[AuthfileLabel]
-	if exists {
-		return authFilePath
-	}
-	return options.Authfile
-}
+		id, _ := ctr.Image()
+		image, exists := imageMap[id]
+		if !exists {
+			err := fmt.Errorf("internal error: no image found for ID %s", id)
+			errors = append(errors, err)
+			continue
+		}
 
-// newerRemoteImageAvailable returns true if there corresponding image on the remote
-// registry is newer.
-func newerRemoteImageAvailable(ctx context.Context, img *libimage.Image, origName string, authfile string) (bool, error) {
-	remoteRef, err := docker.ParseReference("//" + origName)
-	if err != nil {
-		return false, err
-	}
-	options := &libimage.HasDifferentDigestOptions{AuthFilePath: authfile}
-	return img.HasDifferentDigest(ctx, remoteRef, options)
-}
+		rawImageName := ctr.RawImageName()
+		if rawImageName == "" {
+			errors = append(errors, fmt.Errorf("locally auto-updating container %q: raw-image name is empty", ctr.ID()))
+			continue
+		}
 
-// newerLocalImageAvailable returns true if the container and local image have different digests
-func newerLocalImageAvailable(runtime *libpod.Runtime, img *libimage.Image, rawImageName string) (bool, error) {
-	localImg, _, err := runtime.LibimageRuntime().LookupImage(rawImageName, nil)
-	if err != nil {
-		return false, err
+		t := task{
+			authfile:     labels[AuthfileLabel],
+			auto:         u,
+			container:    ctr,
+			policy:       policy,
+			image:        image,
+			unit:         unit,
+			rawImageName: rawImageName,
+			status:       statusFailed, // must be updated later on
+		}
+
+		// Add the task to the unit.
+		u.unitToTasks[unit] = append(u.unitToTasks[unit], &t)
 	}
-	return localImg.Digest().String() != img.Digest().String(), nil
-}
 
-// updateImage pulls the specified image.
-func updateImage(ctx context.Context, runtime *libpod.Runtime, name, authfile string) (*libimage.Image, error) {
-	pullOptions := &libimage.PullOptions{}
-	pullOptions.AuthFilePath = authfile
-	pullOptions.Writer = os.Stderr
+	return errors
+}
 
-	pulledImages, err := runtime.LibimageRuntime().Pull(ctx, name, config.PullPolicyAlways, pullOptions)
+// assembleImageMap creates a map from `image ID -> *libimage.Image` for image lookups.
+func (u *updater) assembleImageMap(ctx context.Context) (map[string]*libimage.Image, error) {
+	listOptions := &libimage.ListImagesOptions{
+		Filters: []string{"readonly=false"},
+	}
+	imagesSlice, err := u.runtime.LibimageRuntime().ListImages(ctx, nil, listOptions)
 	if err != nil {
 		return nil, err
 	}
-	return pulledImages[0], nil
+	imageMap := make(map[string]*libimage.Image)
+	for i := range imagesSlice {
+		imageMap[imagesSlice[i].ID()] = imagesSlice[i]
+	}
+
+	return imageMap, nil
 }
diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go
index b994a5857..6d7b052b7 100644
--- a/pkg/bindings/connection.go
+++ b/pkg/bindings/connection.go
@@ -14,11 +14,9 @@ import (
 	"time"
 
 	"github.com/blang/semver/v4"
-	"github.com/containers/podman/v4/pkg/terminal"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/version"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/agent"
 )
 
 type APIResponse struct {
@@ -74,8 +72,7 @@ func NewConnection(ctx context.Context, uri string) (context.Context, error) {
 // or ssh://<user>@<host>[:port]/run/podman/podman.sock?secure=True
 func NewConnectionWithIdentity(ctx context.Context, uri string, identity string) (context.Context, error) {
 	var (
-		err    error
-		secure bool
+		err error
 	)
 	if v, found := os.LookupEnv("CONTAINER_HOST"); found && uri == "" {
 		uri = v
@@ -85,11 +82,6 @@ func NewConnectionWithIdentity(ctx context.Context, uri string, identity string)
 		identity = v
 	}
 
-	passPhrase := ""
-	if v, found := os.LookupEnv("CONTAINER_PASSPHRASE"); found {
-		passPhrase = v
-	}
-
 	_url, err := url.Parse(uri)
 	if err != nil {
 		return nil, fmt.Errorf("value of CONTAINER_HOST is not a valid url: %s: %w", uri, err)
@@ -99,11 +91,26 @@ func NewConnectionWithIdentity(ctx context.Context, uri string, identity string)
 	var connection Connection
 	switch _url.Scheme {
 	case "ssh":
-		secure, err = strconv.ParseBool(_url.Query().Get("secure"))
+		port, err := strconv.Atoi(_url.Port())
 		if err != nil {
-			secure = false
+			return nil, err
 		}
-		connection, err = sshClient(_url, secure, passPhrase, identity)
+		conn, err := ssh.Dial(&ssh.ConnectionDialOptions{
+			Host:     uri,
+			Identity: identity,
+			User:     _url.User,
+			Port:     port,
+		}, "golang")
+		if err != nil {
+			return nil, err
+		}
+		connection = Connection{URI: _url}
+		connection.Client = &http.Client{
+			Transport: &http.Transport{
+				DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
+					return ssh.DialNet(conn, "unix", _url)
+				},
+			}}
 	case "unix":
 		if !strings.HasPrefix(uri, "unix:///") {
 			// autofix unix://path_element vs unix:///path_element
@@ -184,124 +191,6 @@ func pingNewConnection(ctx context.Context) (*semver.Version, error) {
 	return nil, fmt.Errorf("ping response was %d", response.StatusCode)
 }
 
-func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) (Connection, error) {
-	// if you modify the authmethods or their conditionals, you will also need to make similar
-	// changes in the client (currently cmd/podman/system/connection/add getUDS).
-
-	var signers []ssh.Signer // order Signers are appended to this list determines which key is presented to server
-
-	if len(identity) > 0 {
-		s, err := terminal.PublicKey(identity, []byte(passPhrase))
-		if err != nil {
-			return Connection{}, fmt.Errorf("failed to parse identity %q: %w", identity, err)
-		}
-
-		signers = append(signers, s)
-		logrus.Debugf("SSH Ident Key %q %s %s", identity, ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
-	}
-
-	if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found {
-		logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer(s) enabled", sock)
-
-		c, err := net.Dial("unix", sock)
-		if err != nil {
-			return Connection{}, err
-		}
-
-		agentSigners, err := agent.NewClient(c).Signers()
-		if err != nil {
-			return Connection{}, err
-		}
-		signers = append(signers, agentSigners...)
-
-		if logrus.IsLevelEnabled(logrus.DebugLevel) {
-			for _, s := range agentSigners {
-				logrus.Debugf("SSH Agent Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
-			}
-		}
-	}
-
-	var authMethods []ssh.AuthMethod
-	if len(signers) > 0 {
-		var dedup = make(map[string]ssh.Signer)
-		// Dedup signers based on fingerprint, ssh-agent keys override CONTAINER_SSHKEY
-		for _, s := range signers {
-			fp := ssh.FingerprintSHA256(s.PublicKey())
-			if _, found := dedup[fp]; found {
-				logrus.Debugf("Dedup SSH Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
-			}
-			dedup[fp] = s
-		}
-
-		var uniq []ssh.Signer
-		for _, s := range dedup {
-			uniq = append(uniq, s)
-		}
-		authMethods = append(authMethods, ssh.PublicKeysCallback(func() ([]ssh.Signer, error) {
-			return uniq, nil
-		}))
-	}
-
-	if pw, found := _url.User.Password(); found {
-		authMethods = append(authMethods, ssh.Password(pw))
-	}
-
-	if len(authMethods) == 0 {
-		callback := func() (string, error) {
-			pass, err := terminal.ReadPassword("Login password:")
-			return string(pass), err
-		}
-		authMethods = append(authMethods, ssh.PasswordCallback(callback))
-	}
-
-	port := _url.Port()
-	if port == "" {
-		port = "22"
-	}
-
-	callback := ssh.InsecureIgnoreHostKey()
-	if secure {
-		host := _url.Hostname()
-		if port != "22" {
-			host = fmt.Sprintf("[%s]:%s", host, port)
-		}
-		key := terminal.HostKey(host)
-		if key != nil {
-			callback = ssh.FixedHostKey(key)
-		}
-	}
-
-	bastion, err := ssh.Dial("tcp",
-		net.JoinHostPort(_url.Hostname(), port),
-		&ssh.ClientConfig{
-			User:            _url.User.Username(),
-			Auth:            authMethods,
-			HostKeyCallback: callback,
-			HostKeyAlgorithms: []string{
-				ssh.KeyAlgoRSA,
-				ssh.KeyAlgoDSA,
-				ssh.KeyAlgoECDSA256,
-				ssh.KeyAlgoECDSA384,
-				ssh.KeyAlgoECDSA521,
-				ssh.KeyAlgoED25519,
-			},
-			Timeout: 5 * time.Second,
-		},
-	)
-	if err != nil {
-		return Connection{}, fmt.Errorf("connection to bastion host (%s) failed: %w", _url.String(), err)
-	}
-
-	connection := Connection{URI: _url}
-	connection.Client = &http.Client{
-		Transport: &http.Transport{
-			DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
-				return bastion.Dial("unix", _url.Path)
-			},
-		}}
-	return connection, nil
-}
-
 func unixClient(_url *url.URL) Connection {
 	connection := Connection{URI: _url}
 	connection.Client = &http.Client{
diff --git a/pkg/bindings/containers/checkpoint.go b/pkg/bindings/containers/checkpoint.go
index bcb944488..8c072f588 100644
--- a/pkg/bindings/containers/checkpoint.go
+++ b/pkg/bindings/containers/checkpoint.go
@@ -39,7 +39,7 @@ func Checkpoint(ctx context.Context, nameOrID string, options *CheckpointOptions
 	}
 	defer response.Body.Close()
 
-	if !export {
+	if response.StatusCode != http.StatusOK || !export {
 		return &report, response.Process(&report)
 	}
 
diff --git a/pkg/bindings/containers/exec.go b/pkg/bindings/containers/exec.go
index 3d19fb812..c5c8760ed 100644
--- a/pkg/bindings/containers/exec.go
+++ b/pkg/bindings/containers/exec.go
@@ -33,7 +33,7 @@ func ExecCreate(ctx context.Context, nameOrID string, config *handlers.ExecCreat
 
 	requestJSON, err := json.Marshal(config)
 	if err != nil {
-		return "", fmt.Errorf("error marshalling exec config to JSON: %w", err)
+		return "", fmt.Errorf("marshalling exec config to JSON: %w", err)
 	}
 	jsonReader := strings.NewReader(string(requestJSON))
 
diff --git a/pkg/bindings/containers/update.go b/pkg/bindings/containers/update.go
new file mode 100644
index 000000000..7cda7c306
--- /dev/null
+++ b/pkg/bindings/containers/update.go
@@ -0,0 +1,31 @@
+package containers
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	"github.com/containers/podman/v4/pkg/bindings"
+	"github.com/containers/podman/v4/pkg/domain/entities"
+	jsoniter "github.com/json-iterator/go"
+)
+
+func Update(ctx context.Context, options *entities.ContainerUpdateOptions) (string, error) {
+	conn, err := bindings.GetClient(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	resources, err := jsoniter.MarshalToString(options.Specgen.ResourceLimits)
+	if err != nil {
+		return "", err
+	}
+	stringReader := strings.NewReader(resources)
+	response, err := conn.DoRequest(ctx, stringReader, http.MethodPost, "/containers/%s/update", nil, nil, options.NameOrID)
+	if err != nil {
+		return "", err
+	}
+	defer response.Body.Close()
+
+	return options.NameOrID, response.Process(nil)
+}
diff --git a/pkg/bindings/generate/types.go b/pkg/bindings/generate/types.go
index 25c398c8b..31b43897c 100644
--- a/pkg/bindings/generate/types.go
+++ b/pkg/bindings/generate/types.go
@@ -38,4 +38,6 @@ type SystemdOptions struct {
 	After *[]string
 	// Requires - systemd requires list for the container or pods
 	Requires *[]string
+	// AdditionalEnvVariables - Sets environment variables to a systemd unit file
+	AdditionalEnvVariables *[]string
 }
diff --git a/pkg/bindings/generate/types_systemd_options.go b/pkg/bindings/generate/types_systemd_options.go
index 4d436945b..3aec33a54 100644
--- a/pkg/bindings/generate/types_systemd_options.go
+++ b/pkg/bindings/generate/types_systemd_options.go
@@ -226,3 +226,18 @@ func (o *SystemdOptions) GetRequires() []string {
 	}
 	return *o.Requires
 }
+
+// WithAdditionalEnvVariables set field AdditionalEnvVariables to given value
+func (o *SystemdOptions) WithAdditionalEnvVariables(value []string) *SystemdOptions {
+	o.AdditionalEnvVariables = &value
+	return o
+}
+
+// GetAdditionalEnvVariables returns value of field AdditionalEnvVariables
+func (o *SystemdOptions) GetAdditionalEnvVariables() []string {
+	if o.AdditionalEnvVariables == nil {
+		var z []string
+		return z
+	}
+	return *o.AdditionalEnvVariables
+}
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index 6883585e2..ef875c9eb 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -88,6 +88,13 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
 		}
 		params.Set("additionalbuildcontexts", string(additionalBuildContextMap))
 	}
+	if options.IDMappingOptions != nil {
+		idmappingsOptions, err := jsoniter.Marshal(options.IDMappingOptions)
+		if err != nil {
+			return nil, err
+		}
+		params.Set("idmappingoptions", string(idmappingsOptions))
+	}
 	if buildArgs := options.Args; len(buildArgs) > 0 {
 		bArgs, err := jsoniter.MarshalToString(buildArgs)
 		if err != nil {
@@ -224,6 +231,15 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
 	if len(options.Manifest) > 0 {
 		params.Set("manifest", options.Manifest)
 	}
+	if options.CacheFrom != nil {
+		params.Set("cachefrom", options.CacheFrom.String())
+	}
+	if options.CacheTo != nil {
+		params.Set("cacheto", options.CacheTo.String())
+	}
+	if int64(options.CacheTTL) != 0 {
+		params.Set("cachettl", options.CacheTTL.String())
+	}
 	if memSwap := options.CommonBuildOpts.MemorySwap; memSwap > 0 {
 		params.Set("memswap", strconv.Itoa(int(memSwap)))
 	}
@@ -574,7 +590,7 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
 func nTar(excludes []string, sources ...string) (io.ReadCloser, error) {
 	pm, err := fileutils.NewPatternMatcher(excludes)
 	if err != nil {
-		return nil, fmt.Errorf("error processing excludes list %v: %w", excludes, err)
+		return nil, fmt.Errorf("processing excludes list %v: %w", excludes, err)
 	}
 
 	if len(sources) == 0 {
@@ -623,7 +639,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) {
 
 				excluded, err := pm.Matches(name) //nolint:staticcheck
 				if err != nil {
-					return fmt.Errorf("error checking if %q is excluded: %w", name, err)
+					return fmt.Errorf("checking if %q is excluded: %w", name, err)
 				}
 				if excluded {
 					// Note: filepath.SkipDir is not possible to use given .dockerignore semantics.
@@ -726,7 +742,7 @@ func parseDockerignore(root string) ([]string, error) {
 		var dockerIgnoreErr error
 		ignore, dockerIgnoreErr = ioutil.ReadFile(filepath.Join(root, ".dockerignore"))
 		if dockerIgnoreErr != nil && !os.IsNotExist(dockerIgnoreErr) {
-			return nil, fmt.Errorf("error reading .containerignore: '%s': %w", root, err)
+			return nil, err
 		}
 	}
 	rawexcludes := strings.Split(string(ignore), "\n")
diff --git a/pkg/bindings/images/images.go b/pkg/bindings/images/images.go
index bb7867c4e..ea7d445db 100644
--- a/pkg/bindings/images/images.go
+++ b/pkg/bindings/images/images.go
@@ -282,9 +282,9 @@ func Search(ctx context.Context, term string, options *SearchOptions) ([]entitie
 	}
 	params.Set("term", term)
 
-	// Note: we have to verify if skipped is false.
+	// SkipTLSVerify is special.  It's not being serialized by ToParams()
+	// because we need to flip the boolean.
 	if options.SkipTLSVerify != nil {
-		params.Del("SkipTLSVerify")
 		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
 	}
 
diff --git a/pkg/bindings/images/pull.go b/pkg/bindings/images/pull.go
index 1a4aa3038..8caf45c0e 100644
--- a/pkg/bindings/images/pull.go
+++ b/pkg/bindings/images/pull.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"strconv"
@@ -36,9 +35,9 @@ func Pull(ctx context.Context, rawImage string, options *PullOptions) ([]string,
 	}
 	params.Set("reference", rawImage)
 
+	// SkipTLSVerify is special.  It's not being serialized by ToParams()
+	// because we need to flip the boolean.
 	if options.SkipTLSVerify != nil {
-		params.Del("SkipTLSVerify")
-		// Note: we have to verify if skipped is false.
 		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
 	}
 
@@ -57,10 +56,14 @@ func Pull(ctx context.Context, rawImage string, options *PullOptions) ([]string,
 		return nil, response.Process(err)
 	}
 
-	// Historically pull writes status to stderr
-	stderr := io.Writer(os.Stderr)
+	var writer io.Writer
 	if options.GetQuiet() {
-		stderr = ioutil.Discard
+		writer = io.Discard
+	} else if progressWriter := options.GetProgressWriter(); progressWriter != nil {
+		writer = progressWriter
+	} else {
+		// Historically push writes status to stderr
+		writer = os.Stderr
 	}
 
 	dec := json.NewDecoder(response.Body)
@@ -84,7 +87,7 @@ func Pull(ctx context.Context, rawImage string, options *PullOptions) ([]string,
 
 		switch {
 		case report.Stream != "":
-			fmt.Fprint(stderr, report.Stream)
+			fmt.Fprint(writer, report.Stream)
 		case report.Error != "":
 			pullErrors = append(pullErrors, errors.New(report.Error))
 		case len(report.Images) > 0:
diff --git a/pkg/bindings/images/push.go b/pkg/bindings/images/push.go
index 8db3726e6..0e1309e91 100644
--- a/pkg/bindings/images/push.go
+++ b/pkg/bindings/images/push.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"strconv"
@@ -39,10 +38,9 @@ func Push(ctx context.Context, source string, destination string, options *PushO
 	if err != nil {
 		return err
 	}
-	// SkipTLSVerify is special.  We need to delete the param added by
-	// toparams and change the key and flip the bool
+	// SkipTLSVerify is special.  It's not being serialized by ToParams()
+	// because we need to flip the boolean.
 	if options.SkipTLSVerify != nil {
-		params.Del("SkipTLSVerify")
 		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
 	}
 	params.Set("destination", destination)
@@ -58,10 +56,14 @@ func Push(ctx context.Context, source string, destination string, options *PushO
 		return response.Process(err)
 	}
 
-	// Historically push writes status to stderr
-	writer := io.Writer(os.Stderr)
+	var writer io.Writer
 	if options.GetQuiet() {
-		writer = ioutil.Discard
+		writer = io.Discard
+	} else if progressWriter := options.GetProgressWriter(); progressWriter != nil {
+		writer = progressWriter
+	} else {
+		// Historically push writes status to stderr
+		writer = os.Stderr
 	}
 
 	dec := json.NewDecoder(response.Body)
diff --git a/pkg/bindings/images/types.go b/pkg/bindings/images/types.go
index 0664afc1b..f8630926e 100644
--- a/pkg/bindings/images/types.go
+++ b/pkg/bindings/images/types.go
@@ -1,6 +1,8 @@
 package images
 
 import (
+	"io"
+
 	buildahDefine "github.com/containers/buildah/define"
 )
 
@@ -15,6 +17,8 @@ type RemoveOptions struct {
 	Ignore *bool
 	// Confirms if given name is a manifest list and removes it, otherwise returns error.
 	LookupManifest *bool
+	// Does not remove dangling parent images
+	NoPrune *bool
 }
 
 //go:generate go run ../generator/generator.go DiffOptions
@@ -129,8 +133,12 @@ type PushOptions struct {
 	Format *string
 	// Password for authenticating against the registry.
 	Password *string
+	// ProgressWriter is a writer where push progress are sent.
+	// Since API handler for image push is quiet by default, WithQuiet(false) is necessary for
+	// the writer to receive progress messages.
+	ProgressWriter *io.Writer `schema:"-"`
 	// SkipTLSVerify to skip HTTPS and certificate verification.
-	SkipTLSVerify *bool
+	SkipTLSVerify *bool `schema:"-"`
 	// RemoveSignatures Discard any pre-existing signatures in the image.
 	RemoveSignatures *bool
 	// Username for authenticating against the registry.
@@ -150,7 +158,7 @@ type SearchOptions struct {
 	// Limit the number of results.
 	Limit *int
 	// SkipTLSVerify to skip  HTTPS and certificate verification.
-	SkipTLSVerify *bool
+	SkipTLSVerify *bool `schema:"-"`
 	// ListTags search the available tags of the repository
 	ListTags *bool
 }
@@ -174,11 +182,13 @@ type PullOptions struct {
 	Policy *string
 	// Password for authenticating against the registry.
 	Password *string
+	// ProgressWriter is a writer where pull progress are sent.
+	ProgressWriter *io.Writer `schema:"-"`
 	// Quiet can be specified to suppress pull progress when pulling.  Ignored
 	// for remote calls.
 	Quiet *bool
 	// SkipTLSVerify to skip HTTPS and certificate verification.
-	SkipTLSVerify *bool
+	SkipTLSVerify *bool `schema:"-"`
 	// Username for authenticating against the registry.
 	Username *string
 	// Variant will overwrite the local variant for image pulls.
diff --git a/pkg/bindings/images/types_pull_options.go b/pkg/bindings/images/types_pull_options.go
index 4cd525185..c1a88fd9e 100644
--- a/pkg/bindings/images/types_pull_options.go
+++ b/pkg/bindings/images/types_pull_options.go
@@ -2,6 +2,7 @@
 package images
 
 import (
+	"io"
 	"net/url"
 
 	"github.com/containers/podman/v4/pkg/bindings/internal/util"
@@ -107,6 +108,21 @@ func (o *PullOptions) GetPassword() string {
 	return *o.Password
 }
 
+// WithProgressWriter set field ProgressWriter to given value
+func (o *PullOptions) WithProgressWriter(value io.Writer) *PullOptions {
+	o.ProgressWriter = &value
+	return o
+}
+
+// GetProgressWriter returns value of field ProgressWriter
+func (o *PullOptions) GetProgressWriter() io.Writer {
+	if o.ProgressWriter == nil {
+		var z io.Writer
+		return z
+	}
+	return *o.ProgressWriter
+}
+
 // WithQuiet set field Quiet to given value
 func (o *PullOptions) WithQuiet(value bool) *PullOptions {
 	o.Quiet = &value
diff --git a/pkg/bindings/images/types_push_options.go b/pkg/bindings/images/types_push_options.go
index 1ae031824..817d873f8 100644
--- a/pkg/bindings/images/types_push_options.go
+++ b/pkg/bindings/images/types_push_options.go
@@ -2,6 +2,7 @@
 package images
 
 import (
+	"io"
 	"net/url"
 
 	"github.com/containers/podman/v4/pkg/bindings/internal/util"
@@ -107,6 +108,21 @@ func (o *PushOptions) GetPassword() string {
 	return *o.Password
 }
 
+// WithProgressWriter set field ProgressWriter to given value
+func (o *PushOptions) WithProgressWriter(value io.Writer) *PushOptions {
+	o.ProgressWriter = &value
+	return o
+}
+
+// GetProgressWriter returns value of field ProgressWriter
+func (o *PushOptions) GetProgressWriter() io.Writer {
+	if o.ProgressWriter == nil {
+		var z io.Writer
+		return z
+	}
+	return *o.ProgressWriter
+}
+
 // WithSkipTLSVerify set field SkipTLSVerify to given value
 func (o *PushOptions) WithSkipTLSVerify(value bool) *PushOptions {
 	o.SkipTLSVerify = &value
diff --git a/pkg/bindings/images/types_remove_options.go b/pkg/bindings/images/types_remove_options.go
index 559ebcfd5..8972ac93c 100644
--- a/pkg/bindings/images/types_remove_options.go
+++ b/pkg/bindings/images/types_remove_options.go
@@ -76,3 +76,18 @@ func (o *RemoveOptions) GetLookupManifest() bool {
 	}
 	return *o.LookupManifest
 }
+
+// WithNoPrune set field NoPrune to given value
+func (o *RemoveOptions) WithNoPrune(value bool) *RemoveOptions {
+	o.NoPrune = &value
+	return o
+}
+
+// GetNoPrune returns value of field NoPrune
+func (o *RemoveOptions) GetNoPrune() bool {
+	if o.NoPrune == nil {
+		var z bool
+		return z
+	}
+	return *o.NoPrune
+}
diff --git a/pkg/bindings/internal/util/util.go b/pkg/bindings/internal/util/util.go
index f8f99d6c1..52ce14738 100644
--- a/pkg/bindings/internal/util/util.go
+++ b/pkg/bindings/internal/util/util.go
@@ -74,6 +74,9 @@ func ToParams(o interface{}) (url.Values, error) {
 		}
 		paramName := fieldName
 		if pn, ok := sType.Field(i).Tag.Lookup("schema"); ok {
+			if pn == "-" {
+				continue
+			}
 			paramName = pn
 		}
 		switch {
diff --git a/pkg/bindings/kube/kube.go b/pkg/bindings/kube/kube.go
index b9cc0efa7..1b9f888ef 100644
--- a/pkg/bindings/kube/kube.go
+++ b/pkg/bindings/kube/kube.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/pkg/auth"
 	"github.com/containers/podman/v4/pkg/bindings"
+	"github.com/containers/podman/v4/pkg/bindings/generate"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/sirupsen/logrus"
 )
@@ -39,8 +40,10 @@ func PlayWithBody(ctx context.Context, body io.Reader, options *PlayOptions) (*e
 	if err != nil {
 		return nil, err
 	}
+	// SkipTLSVerify is special.  It's not being serialized by ToParams()
+	// because we need to flip the boolean.
 	if options.SkipTLSVerify != nil {
-		params.Set("tlsVerify", strconv.FormatBool(options.GetSkipTLSVerify()))
+		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
 	}
 	if options.Start != nil {
 		params.Set("start", strconv.FormatBool(options.GetStart()))
@@ -51,7 +54,7 @@ func PlayWithBody(ctx context.Context, body io.Reader, options *PlayOptions) (*e
 		return nil, err
 	}
 
-	response, err := conn.DoRequest(ctx, body, http.MethodPost, "/kube/play", params, header)
+	response, err := conn.DoRequest(ctx, body, http.MethodPost, "/play/kube", params, header)
 	if err != nil {
 		return nil, err
 	}
@@ -85,7 +88,7 @@ func DownWithBody(ctx context.Context, body io.Reader) (*entities.KubePlayReport
 		return nil, err
 	}
 
-	response, err := conn.DoRequest(ctx, body, http.MethodDelete, "/kube/play", nil, nil)
+	response, err := conn.DoRequest(ctx, body, http.MethodDelete, "/play/kube", nil, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -94,3 +97,8 @@ func DownWithBody(ctx context.Context, body io.Reader) (*entities.KubePlayReport
 	}
 	return &report, nil
 }
+
+// Kube generate Kubernetes YAML (v1 specification)
+func Generate(ctx context.Context, nameOrIDs []string, options generate.KubeOptions) (*entities.GenerateKubeReport, error) {
+	return generate.Kube(ctx, nameOrIDs, &options)
+}
diff --git a/pkg/bindings/kube/types.go b/pkg/bindings/kube/types.go
index 783d1912a..279a9f8f3 100644
--- a/pkg/bindings/kube/types.go
+++ b/pkg/bindings/kube/types.go
@@ -27,7 +27,7 @@ type PlayOptions struct {
 	SignaturePolicy *string
 	// SkipTLSVerify - skip https and certificate validation when
 	// contacting container registries.
-	SkipTLSVerify *bool
+	SkipTLSVerify *bool `schema:"-"`
 	// SeccompProfileRoot - path to a directory containing seccomp
 	// profiles.
 	SeccompProfileRoot *string
diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go
index 80153c4b4..752366937 100644
--- a/pkg/bindings/manifests/manifests.go
+++ b/pkg/bindings/manifests/manifests.go
@@ -2,10 +2,13 @@ package manifests
 
 import (
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 
@@ -142,7 +145,6 @@ func Delete(ctx context.Context, name string) (*entities.ManifestRemoveReport, e
 // the name will be used instead.  If the optional all boolean is specified, all images specified
 // in the list will be pushed as well.
 func Push(ctx context.Context, name, destination string, options *images.PushOptions) (string, error) {
-	var idr entities.IDResponse
 	if options == nil {
 		options = new(images.PushOptions)
 	}
@@ -163,10 +165,9 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt
 	if err != nil {
 		return "", err
 	}
-	// SkipTLSVerify is special.  We need to delete the param added by
-	// ToParams() and change the key and flip the bool
+	// SkipTLSVerify is special.  It's not being serialized by ToParams()
+	// because we need to flip the boolean.
 	if options.SkipTLSVerify != nil {
-		params.Del("SkipTLSVerify")
 		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
 	}
 
@@ -176,7 +177,46 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt
 	}
 	defer response.Body.Close()
 
-	return idr.ID, response.Process(&idr)
+	if !response.IsSuccess() {
+		return "", response.Process(err)
+	}
+
+	var writer io.Writer
+	if options.GetQuiet() {
+		writer = io.Discard
+	} else if progressWriter := options.GetProgressWriter(); progressWriter != nil {
+		writer = progressWriter
+	} else {
+		// Historically push writes status to stderr
+		writer = os.Stderr
+	}
+
+	dec := json.NewDecoder(response.Body)
+	for {
+		var report entities.ManifestPushReport
+		if err := dec.Decode(&report); err != nil {
+			return "", err
+		}
+
+		select {
+		case <-response.Request.Context().Done():
+			break
+		default:
+			// non-blocking select
+		}
+
+		switch {
+		case report.ID != "":
+			return report.ID, nil
+		case report.Stream != "":
+			fmt.Fprint(writer, report.Stream)
+		case report.Error != "":
+			// There can only be one error.
+			return "", errors.New(report.Error)
+		default:
+			return "", fmt.Errorf("failed to parse push results stream, unexpected input: %v", report)
+		}
+	}
 }
 
 // Modify modifies the given manifest list using options and the optional list of images
@@ -205,10 +245,9 @@ func Modify(ctx context.Context, name string, images []string, options *ModifyOp
 	if err != nil {
 		return "", err
 	}
-	// SkipTLSVerify is special.  We need to delete the param added by
-	// ToParams() and change the key and flip the bool
+	// SkipTLSVerify is special.  It's not being serialized by ToParams()
+	// because we need to flip the boolean.
 	if options.SkipTLSVerify != nil {
-		params.Del("SkipTLSVerify")
 		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
 	}
 
diff --git a/pkg/bindings/manifests/types.go b/pkg/bindings/manifests/types.go
index e23ef798d..fec3f9d13 100644
--- a/pkg/bindings/manifests/types.go
+++ b/pkg/bindings/manifests/types.go
@@ -8,7 +8,8 @@ type InspectOptions struct {
 //go:generate go run ../generator/generator.go CreateOptions
 // CreateOptions are optional options for creating manifests
 type CreateOptions struct {
-	All *bool
+	All   *bool
+	Amend *bool
 }
 
 //go:generate go run ../generator/generator.go ExistsOptions
@@ -31,7 +32,7 @@ type AddOptions struct {
 	Authfile      *string
 	Password      *string
 	Username      *string
-	SkipTLSVerify *bool
+	SkipTLSVerify *bool `schema:"-"`
 }
 
 //go:generate go run ../generator/generator.go RemoveOptions
@@ -59,5 +60,5 @@ type ModifyOptions struct {
 	Authfile      *string
 	Password      *string
 	Username      *string
-	SkipTLSVerify *bool
+	SkipTLSVerify *bool `schema:"-"`
 }
diff --git a/pkg/bindings/manifests/types_create_options.go b/pkg/bindings/manifests/types_create_options.go
index 960332a82..09942c00a 100644
--- a/pkg/bindings/manifests/types_create_options.go
+++ b/pkg/bindings/manifests/types_create_options.go
@@ -31,3 +31,18 @@ func (o *CreateOptions) GetAll() bool {
 	}
 	return *o.All
 }
+
+// WithAmend set field Amend to given value
+func (o *CreateOptions) WithAmend(value bool) *CreateOptions {
+	o.Amend = &value
+	return o
+}
+
+// GetAmend returns value of field Amend
+func (o *CreateOptions) GetAmend() bool {
+	if o.Amend == nil {
+		var z bool
+		return z
+	}
+	return *o.Amend
+}
diff --git a/pkg/bindings/system/system.go b/pkg/bindings/system/system.go
index dae80384b..733b2cb5c 100644
--- a/pkg/bindings/system/system.go
+++ b/pkg/bindings/system/system.go
@@ -36,8 +36,9 @@ func Events(ctx context.Context, eventChan chan entities.Event, cancelChan chan
 	if cancelChan != nil {
 		go func() {
 			<-cancelChan
-			err = response.Body.Close()
-			logrus.Errorf("Unable to close event response body: %v", err)
+			if err := response.Body.Close(); err != nil {
+				logrus.Errorf("Unable to close event response body: %v", err)
+			}
 		}()
 	}
 
diff --git a/pkg/bindings/test/images_test.go b/pkg/bindings/test/images_test.go
index 8f76ce456..53c5a1e83 100644
--- a/pkg/bindings/test/images_test.go
+++ b/pkg/bindings/test/images_test.go
@@ -1,11 +1,14 @@
 package bindings_test
 
 import (
+	"bytes"
+	"fmt"
 	"net/http"
 	"os"
 	"path/filepath"
 	"time"
 
+	podmanRegistry "github.com/containers/podman/v4/hack/podman-registry-go"
 	"github.com/containers/podman/v4/pkg/bindings"
 	"github.com/containers/podman/v4/pkg/bindings/containers"
 	"github.com/containers/podman/v4/pkg/bindings/images"
@@ -362,9 +365,14 @@ var _ = Describe("Podman images", func() {
 	It("Image Pull", func() {
 		rawImage := "docker.io/library/busybox:latest"
 
-		pulledImages, err := images.Pull(bt.conn, rawImage, nil)
+		var writer bytes.Buffer
+		pullOpts := new(images.PullOptions).WithProgressWriter(&writer)
+		pulledImages, err := images.Pull(bt.conn, rawImage, pullOpts)
 		Expect(err).NotTo(HaveOccurred())
 		Expect(len(pulledImages)).To(Equal(1))
+		output := writer.String()
+		Expect(output).To(ContainSubstring("Trying to pull "))
+		Expect(output).To(ContainSubstring("Getting image source signatures"))
 
 		exists, err := images.Exists(bt.conn, rawImage, nil)
 		Expect(err).NotTo(HaveOccurred())
@@ -379,6 +387,22 @@ var _ = Describe("Podman images", func() {
 		Expect(err).To(HaveOccurred())
 	})
 
+	It("Image Push", func() {
+		registry, err := podmanRegistry.Start()
+		Expect(err).To(BeNil())
+
+		var writer bytes.Buffer
+		pushOpts := new(images.PushOptions).WithUsername(registry.User).WithPassword(registry.Password).WithSkipTLSVerify(true).WithProgressWriter(&writer).WithQuiet(false)
+		err = images.Push(bt.conn, alpine.name, fmt.Sprintf("localhost:%s/test:latest", registry.Port), pushOpts)
+		Expect(err).ToNot(HaveOccurred())
+
+		output := writer.String()
+		Expect(output).To(ContainSubstring("Copying blob "))
+		Expect(output).To(ContainSubstring("Copying config "))
+		Expect(output).To(ContainSubstring("Writing manifest to image destination"))
+		Expect(output).To(ContainSubstring("Storing signatures"))
+	})
+
 	It("Build no options", func() {
 		results, err := images.Build(bt.conn, []string{"fixture/Containerfile"}, entities.BuildOptions{})
 		Expect(err).ToNot(HaveOccurred())
diff --git a/pkg/bindings/test/manifests_test.go b/pkg/bindings/test/manifests_test.go
index 6a34ef5a6..d6749f920 100644
--- a/pkg/bindings/test/manifests_test.go
+++ b/pkg/bindings/test/manifests_test.go
@@ -1,9 +1,12 @@
 package bindings_test
 
 import (
+	"bytes"
+	"fmt"
 	"net/http"
 	"time"
 
+	podmanRegistry "github.com/containers/podman/v4/hack/podman-registry-go"
 	"github.com/containers/podman/v4/pkg/bindings"
 	"github.com/containers/podman/v4/pkg/bindings/images"
 	"github.com/containers/podman/v4/pkg/bindings/manifests"
@@ -12,7 +15,7 @@ import (
 	"github.com/onsi/gomega/gexec"
 )
 
-var _ = Describe("podman manifest", func() {
+var _ = Describe("Podman manifests", func() {
 	var (
 		bt *bindingTest
 		s  *gexec.Session
@@ -172,7 +175,21 @@ var _ = Describe("podman manifest", func() {
 		Expect(list.Manifests[0].Platform.OS).To(Equal("foo"))
 	})
 
-	It("push manifest", func() {
-		Skip("TODO: implement test for manifest push to registry")
+	It("Manifest Push", func() {
+		registry, err := podmanRegistry.Start()
+		Expect(err).To(BeNil())
+
+		name := "quay.io/libpod/foobar:latest"
+		_, err = manifests.Create(bt.conn, name, []string{alpine.name}, nil)
+		Expect(err).ToNot(HaveOccurred())
+
+		var writer bytes.Buffer
+		pushOpts := new(images.PushOptions).WithUsername(registry.User).WithPassword(registry.Password).WithAll(true).WithSkipTLSVerify(true).WithProgressWriter(&writer).WithQuiet(false)
+		_, err = manifests.Push(bt.conn, name, fmt.Sprintf("localhost:%s/test:latest", registry.Port), pushOpts)
+		Expect(err).ToNot(HaveOccurred())
+
+		output := writer.String()
+		Expect(output).To(ContainSubstring("Writing manifest list to image destination"))
+		Expect(output).To(ContainSubstring("Storing list signatures"))
 	})
 })
diff --git a/pkg/bindings/test/types_test.go b/pkg/bindings/test/types_test.go
new file mode 100644
index 000000000..bc98c8b7d
--- /dev/null
+++ b/pkg/bindings/test/types_test.go
@@ -0,0 +1,66 @@
+package bindings_test
+
+import (
+	"bytes"
+
+	"github.com/containers/podman/v4/pkg/bindings/images"
+	"github.com/containers/podman/v4/pkg/bindings/kube"
+	"github.com/containers/podman/v4/pkg/bindings/manifests"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Binding types", func() {
+	It("serialize image pull options", func() {
+		var writer bytes.Buffer
+		opts := new(images.PullOptions).WithOS("foo").WithProgressWriter(&writer).WithSkipTLSVerify(true)
+		params, err := opts.ToParams()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(params.Get("os")).To(Equal("foo"))
+		Expect(params.Has("progresswriter")).To(BeFalse())
+		Expect(params.Has("skiptlsverify")).To(BeFalse())
+	})
+
+	It("serialize image push options", func() {
+		var writer bytes.Buffer
+		opts := new(images.PushOptions).WithAll(true).WithProgressWriter(&writer).WithSkipTLSVerify(true)
+		params, err := opts.ToParams()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(params.Get("all")).To(Equal("true"))
+		Expect(params.Has("progresswriter")).To(BeFalse())
+		Expect(params.Has("skiptlsverify")).To(BeFalse())
+	})
+
+	It("serialize image search options", func() {
+		opts := new(images.SearchOptions).WithLimit(123).WithSkipTLSVerify(true)
+		params, err := opts.ToParams()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(params.Get("limit")).To(Equal("123"))
+		Expect(params.Has("skiptlsverify")).To(BeFalse())
+	})
+
+	It("serialize manifest modify options", func() {
+		opts := new(manifests.ModifyOptions).WithOS("foo").WithSkipTLSVerify(true)
+		params, err := opts.ToParams()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(params.Get("os")).To(Equal("foo"))
+		Expect(params.Has("skiptlsverify")).To(BeFalse())
+	})
+
+	It("serialize manifest add options", func() {
+		opts := new(manifests.AddOptions).WithAll(true).WithOS("foo").WithSkipTLSVerify(true)
+		params, err := opts.ToParams()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(params.Get("all")).To(Equal("true"))
+		Expect(params.Get("os")).To(Equal("foo"))
+		Expect(params.Has("skiptlsverify")).To(BeFalse())
+	})
+
+	It("serialize kube play options", func() {
+		opts := new(kube.PlayOptions).WithQuiet(true).WithSkipTLSVerify(true)
+		params, err := opts.ToParams()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(params.Get("quiet")).To(Equal("true"))
+		Expect(params.Has("skiptlsverify")).To(BeFalse())
+	})
+})
diff --git a/pkg/checkpoint/crutils/checkpoint_restore_utils.go b/pkg/checkpoint/crutils/checkpoint_restore_utils.go
index 1437a09df..132632322 100644
--- a/pkg/checkpoint/crutils/checkpoint_restore_utils.go
+++ b/pkg/checkpoint/crutils/checkpoint_restore_utils.go
@@ -159,11 +159,11 @@ func CRCreateRootFsDiffTar(changes *[]archive.Change, mountPoint, destination st
 			IncludeFiles:     rootfsIncludeFiles,
 		})
 		if err != nil {
-			return includeFiles, fmt.Errorf("error exporting root file-system diff to %q: %w", rootfsDiffPath, err)
+			return includeFiles, fmt.Errorf("exporting root file-system diff to %q: %w", rootfsDiffPath, err)
 		}
 		rootfsDiffFile, err := os.Create(rootfsDiffPath)
 		if err != nil {
-			return includeFiles, fmt.Errorf("error creating root file-system diff file %q: %w", rootfsDiffPath, err)
+			return includeFiles, fmt.Errorf("creating root file-system diff file %q: %w", rootfsDiffPath, err)
 		}
 		defer rootfsDiffFile.Close()
 		if _, err = io.Copy(rootfsDiffFile, rootfsTar); err != nil {
diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go
index df793034b..47225f25c 100644
--- a/pkg/domain/entities/containers.go
+++ b/pkg/domain/entities/containers.go
@@ -119,6 +119,7 @@ type KillReport struct {
 }
 
 type RestartOptions struct {
+	Filters map[string][]string
 	All     bool
 	Latest  bool
 	Running bool
@@ -126,11 +127,13 @@ type RestartOptions struct {
 }
 
 type RestartReport struct {
-	Err error
-	Id  string //nolint:revive,stylecheck
+	Err      error
+	Id       string //nolint:revive,stylecheck
+	RawInput string
 }
 
 type RmOptions struct {
+	Filters map[string][]string
 	All     bool
 	Depend  bool
 	Force   bool
@@ -201,6 +204,7 @@ type CheckpointOptions struct {
 type CheckpointReport struct {
 	Err             error                                   `json:"-"`
 	Id              string                                  `json:"Id"` //nolint:revive,stylecheck
+	RawInput        string                                  `json:"RawInput"`
 	RuntimeDuration int64                                   `json:"runtime_checkpoint_duration"`
 	CRIUStatistics  *define.CRIUCheckpointRestoreStatistics `json:"criu_statistics"`
 }
@@ -227,6 +231,7 @@ type RestoreOptions struct {
 type RestoreReport struct {
 	Err             error                                   `json:"-"`
 	Id              string                                  `json:"Id"` //nolint:revive,stylecheck
+	RawInput        string                                  `json:"RawInput"`
 	RuntimeDuration int64                                   `json:"runtime_restore_duration"`
 	CRIUStatistics  *define.CRIUCheckpointRestoreStatistics `json:"criu_statistics"`
 }
@@ -373,6 +378,7 @@ type ContainerCleanupOptions struct {
 type ContainerCleanupReport struct {
 	CleanErr error
 	Id       string //nolint:revive,stylecheck
+	RawInput string
 	RmErr    error
 	RmiErr   error
 }
@@ -387,8 +393,9 @@ type ContainerInitOptions struct {
 // ContainerInitReport describes the results of a
 // container init
 type ContainerInitReport struct {
-	Err error
-	Id  string //nolint:revive,stylecheck
+	Err      error
+	Id       string //nolint:revive,stylecheck
+	RawInput string
 }
 
 // ContainerMountOptions describes the input values for mounting containers
@@ -488,3 +495,9 @@ type ContainerCloneOptions struct {
 	Run          bool
 	Force        bool
 }
+
+// ContainerUpdateOptions containers options for updating an existing containers cgroup configuration
+type ContainerUpdateOptions struct {
+	NameOrID string
+	Specgen  *specgen.SpecGenerator
+}
diff --git a/pkg/domain/entities/engine.go b/pkg/domain/entities/engine.go
index 32faa74af..a69cf5111 100644
--- a/pkg/domain/entities/engine.go
+++ b/pkg/domain/entities/engine.go
@@ -33,6 +33,7 @@ type PodmanConfig struct {
 	*config.Config
 	*pflag.FlagSet
 
+	DockerConfig   string     // Used for Docker compatibility
 	CgroupUsage    string     // rootless code determines Usage message
 	ConmonPath     string     // --conmon flag will set Engine.ConmonPath
 	CPUProfile     string     // Hidden: Should CPU profile be taken
@@ -52,4 +53,5 @@ type PodmanConfig struct {
 	Runroot       string
 	StorageDriver string
 	StorageOpts   []string
+	SSHMode       string
 }
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index e4eb808b4..19b666f8e 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -51,9 +51,11 @@ type ContainerEngine interface {
 	ContainerTop(ctx context.Context, options TopOptions) (*StringSliceReport, error)
 	ContainerUnmount(ctx context.Context, nameOrIDs []string, options ContainerUnmountOptions) ([]*ContainerUnmountReport, error)
 	ContainerUnpause(ctx context.Context, namesOrIds []string, options PauseUnPauseOptions) ([]*PauseUnpauseReport, error)
+	ContainerUpdate(ctx context.Context, options *ContainerUpdateOptions) (string, error)
 	ContainerWait(ctx context.Context, namesOrIds []string, options WaitOptions) ([]WaitReport, error)
 	Diff(ctx context.Context, namesOrIds []string, options DiffOptions) (*DiffReport, error)
 	Events(ctx context.Context, opts EventsOptions) error
+	GenerateSpec(ctx context.Context, opts *GenerateSpecOptions) (*GenerateSpecReport, error)
 	GenerateSystemd(ctx context.Context, nameOrID string, opts GenerateSystemdOptions) (*GenerateSystemdReport, error)
 	GenerateKube(ctx context.Context, nameOrIDs []string, opts GenerateKubeOptions) (*GenerateKubeReport, error)
 	SystemPrune(ctx context.Context, options SystemPruneOptions) (*SystemPruneReport, error)
@@ -73,7 +75,7 @@ type ContainerEngine interface {
 	PodCreate(ctx context.Context, specg PodSpec) (*PodCreateReport, error)
 	PodClone(ctx context.Context, podClone PodCloneOptions) (*PodCloneReport, error)
 	PodExists(ctx context.Context, nameOrID string) (*BoolReport, error)
-	PodInspect(ctx context.Context, options PodInspectOptions) (*PodInspectReport, error)
+	PodInspect(ctx context.Context, namesOrID []string, options InspectOptions) ([]*PodInspectReport, []error, error)
 	PodKill(ctx context.Context, namesOrIds []string, options PodKillOptions) ([]*PodKillReport, error)
 	PodLogs(ctx context.Context, pod string, options PodLogsOptions) error
 	PodPause(ctx context.Context, namesOrIds []string, options PodPauseOptions) ([]*PodPauseReport, error)
diff --git a/pkg/domain/entities/engine_image.go b/pkg/domain/entities/engine_image.go
index 5f76ae50b..b8b694873 100644
--- a/pkg/domain/entities/engine_image.go
+++ b/pkg/domain/entities/engine_image.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/pkg/domain/entities/reports"
 )
 
@@ -22,7 +23,7 @@ type ImageEngine interface {
 	Push(ctx context.Context, source string, destination string, opts ImagePushOptions) error
 	Remove(ctx context.Context, images []string, opts ImageRemoveOptions) (*ImageRemoveReport, []error)
 	Save(ctx context.Context, nameOrID string, tags []string, options ImageSaveOptions) error
-	Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool) error
+	Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool, sshMode ssh.EngineMode) error
 	Search(ctx context.Context, term string, opts ImageSearchOptions) ([]ImageSearchReport, error)
 	SetTrust(ctx context.Context, args []string, options SetTrustOptions) error
 	ShowTrust(ctx context.Context, args []string, options ShowTrustOptions) (*ShowTrustReport, error)
diff --git a/pkg/domain/entities/generate.go b/pkg/domain/entities/generate.go
index 73dd64ecd..314996497 100644
--- a/pkg/domain/entities/generate.go
+++ b/pkg/domain/entities/generate.go
@@ -4,34 +4,21 @@ import "io"
 
 // GenerateSystemdOptions control the generation of systemd unit files.
 type GenerateSystemdOptions struct {
-	// Name - use container/pod name instead of its ID.
-	Name bool
-	// New - create a new container instead of starting a new one.
-	New bool
-	// RestartPolicy - systemd restart policy.
-	RestartPolicy *string
-	// RestartSec - systemd service restartsec. Configures the time to sleep before restarting a service.
-	RestartSec *uint
-	// StartTimeout - time when starting the container.
-	StartTimeout *uint
-	// StopTimeout - time when stopping the container.
-	StopTimeout *uint
-	// ContainerPrefix - systemd unit name prefix for containers
-	ContainerPrefix string
-	// PodPrefix - systemd unit name prefix for pods
-	PodPrefix string
-	// Separator - systemd unit name separator between name/id and prefix
-	Separator string
-	// NoHeader - skip header generation
-	NoHeader bool
-	// TemplateUnitFile - make use of %i and %I to differentiate between the different instances of the unit
-	TemplateUnitFile bool
-	// Wants - systemd wants list for the container or pods
-	Wants []string
-	// After - systemd after list for the container or pods
-	After []string
-	// Requires - systemd requires list for the container or pods
-	Requires []string
+	Name                   bool
+	New                    bool
+	RestartPolicy          *string
+	RestartSec             *uint
+	StartTimeout           *uint
+	StopTimeout            *uint
+	ContainerPrefix        string
+	PodPrefix              string
+	Separator              string
+	NoHeader               bool
+	TemplateUnitFile       bool
+	Wants                  []string
+	After                  []string
+	Requires               []string
+	AdditionalEnvVariables []string
 }
 
 // GenerateSystemdReport
@@ -46,6 +33,8 @@ type GenerateKubeOptions struct {
 	Service bool
 }
 
+type KubeGenerateOptions = GenerateKubeOptions
+
 // GenerateKubeReport
 //
 // FIXME: Podman4.0 should change io.Reader to io.ReaderCloser
@@ -53,3 +42,14 @@ type GenerateKubeReport struct {
 	// Reader - the io.Reader to reader the generated YAML file.
 	Reader io.Reader
 }
+
+type GenerateSpecReport struct {
+	Data []byte
+}
+
+type GenerateSpecOptions struct {
+	ID       string
+	FileName string
+	Compact  bool
+	Name     bool
+}
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index b8b346005..cad11b0ab 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -94,6 +94,8 @@ type ImageRemoveOptions struct {
 	Ignore bool
 	// Confirms if given name is a manifest list and removes it, otherwise returns error.
 	LookupManifest bool
+	// NoPrune will not remove dangling images
+	NoPrune bool
 }
 
 // ImageRemoveReport is the response for removing one or more image(s) from storage
@@ -154,6 +156,8 @@ type ImagePullOptions struct {
 	SkipTLSVerify types.OptionalBool
 	// PullPolicy whether to pull new image
 	PullPolicy config.PullPolicy
+	// Writer is used to display copy information including progress bars.
+	Writer io.Writer
 }
 
 // ImagePullReport is the response from pulling one or more images.
@@ -205,6 +209,16 @@ type ImagePushOptions struct {
 	// SignBy adds a signature at the destination using the specified key.
 	// Ignored for remote calls.
 	SignBy string
+	// SignPassphrase, if non-empty, specifies a passphrase to use when signing
+	// with the key ID from SignBy.
+	SignPassphrase string
+	// SignBySigstorePrivateKeyFile, if non-empty, asks for a signature to be added
+	// during the copy, using a sigstore private key file at the provided path.
+	// Ignored for remote calls.
+	SignBySigstorePrivateKeyFile string
+	// SignSigstorePrivateKeyPassphrase is the passphrase to use when signing with
+	// SignBySigstorePrivateKeyFile.
+	SignSigstorePrivateKeyPassphrase []byte
 	// SkipTLSVerify to skip HTTPS and certificate verification.
 	SkipTLSVerify types.OptionalBool
 	// Progress to get progress notifications
diff --git a/pkg/domain/entities/manifest.go b/pkg/domain/entities/manifest.go
index e88c5f854..f17079271 100644
--- a/pkg/domain/entities/manifest.go
+++ b/pkg/domain/entities/manifest.go
@@ -4,7 +4,12 @@ import "github.com/containers/image/v5/types"
 
 // ManifestCreateOptions provides model for creating manifest
 type ManifestCreateOptions struct {
+	// True when adding lists to include all images
 	All bool `schema:"all"`
+	// Amend an extant list if there's already one with the desired name
+	Amend bool `schema:"amend"`
+	// Should TLS registry certificate be verified?
+	SkipTLSVerify types.OptionalBool `json:"-" schema:"-"`
 }
 
 // ManifestAddOptions provides model for adding digests to manifest list
@@ -61,6 +66,18 @@ type ManifestModifyOptions struct {
 	ManifestRemoveOptions
 }
 
+// ManifestPushReport provides the model for the pushed manifest
+//
+// swagger:model
+type ManifestPushReport struct {
+	// ID of the pushed manifest
+	ID string `json:"Id"`
+	// Stream used to provide push progress
+	Stream string `json:"stream,omitempty"`
+	// Error contains text of errors from pushing
+	Error string `json:"error,omitempty"`
+}
+
 // ManifestRemoveOptions provides the model for removing digests from a manifest
 //
 // swagger:model
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 14ce370c1..a059cd7b5 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -164,6 +164,15 @@ type PodCloneOptions struct {
 	Start               bool
 }
 
+type ContainerMode string
+
+const (
+	InfraMode  = ContainerMode("infra")
+	CloneMode  = ContainerMode("clone")
+	UpdateMode = ContainerMode("update")
+	CreateMode = ContainerMode("create")
+)
+
 type ContainerCreateOptions struct {
 	Annotation        []string
 	Attach            []string
@@ -203,6 +212,7 @@ type ContainerCreateOptions struct {
 	HealthRetries     uint
 	HealthStartPeriod string
 	HealthTimeout     string
+	HealthOnFailure   string
 	Hostname          string `json:"hostname,omitempty"`
 	HTTPProxy         bool
 	HostUsers         []string
@@ -263,6 +273,7 @@ type ContainerCreateOptions struct {
 	TTY               bool
 	Timezone          string
 	Umask             string
+	EnvMerge          []string
 	UnsetEnv          []string
 	UnsetEnvAll       bool
 	UIDMap            []string
@@ -428,15 +439,6 @@ type PodPSOptions struct {
 	Sort      string
 }
 
-type PodInspectOptions struct {
-	Latest bool
-
-	// Options for the API.
-	NameOrID string
-
-	Format string
-}
-
 type PodInspectReport struct {
 	*define.InspectPodData
 }
diff --git a/pkg/domain/entities/reports/containers.go b/pkg/domain/entities/reports/containers.go
index db9a66012..6759fc402 100644
--- a/pkg/domain/entities/reports/containers.go
+++ b/pkg/domain/entities/reports/containers.go
@@ -1,8 +1,9 @@
 package reports
 
 type RmReport struct {
-	Id  string `json:"Id"` //nolint:revive,stylecheck
-	Err error  `json:"Err,omitempty"`
+	Id       string `json:"Id"` //nolint:revive,stylecheck
+	Err      error  `json:"Err,omitempty"`
+	RawInput string
 }
 
 func RmReportsIds(r []*RmReport) []string {
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 783224e9c..535c4a613 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -4,10 +4,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"strconv"
-	"strings"
 	"sync"
 	"time"
 
@@ -40,6 +38,7 @@ import (
 // is specified.  It also returns a list of the corresponding input name used to lookup each container.
 func getContainersAndInputByContext(all, latest bool, names []string, filters map[string][]string, runtime *libpod.Runtime) (ctrs []*libpod.Container, rawInput []string, err error) {
 	var ctr *libpod.Container
+	var filteredCtrs []*libpod.Container
 	ctrs = []*libpod.Container{}
 	filterFuncs := make([]libpod.ContainerFilter, 0, len(filters))
 
@@ -58,7 +57,17 @@ func getContainersAndInputByContext(all, latest bool, names []string, filters ma
 		}
 		rawInput = []string{}
 		for _, candidate := range ctrs {
-			rawInput = append(rawInput, candidate.ID())
+			if len(names) > 0 {
+				for _, name := range names {
+					if candidate.ID() == name || candidate.Name() == name {
+						rawInput = append(rawInput, candidate.ID())
+						filteredCtrs = append(filteredCtrs, candidate)
+					}
+				}
+				ctrs = filteredCtrs
+			} else {
+				rawInput = append(rawInput, candidate.ID())
+			}
 		}
 	case all:
 		ctrs, err = runtime.GetAllContainers()
@@ -142,10 +151,10 @@ func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []stri
 	if err != nil {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	if len(rawInputs) == len(ctrs) {
 		for i := range ctrs {
-			ctrMap[ctrs[i].ID()] = rawInputs[i]
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
 		}
 	}
 	reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
@@ -158,7 +167,7 @@ func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []stri
 		reports = append(reports, &entities.PauseUnpauseReport{
 			Id:       c.ID(),
 			Err:      err,
-			RawInput: ctrMap[c.ID()],
+			RawInput: idToRawInput[c.ID()],
 		})
 	}
 	return reports, nil
@@ -169,10 +178,10 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st
 	if err != nil {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	if len(rawInputs) == len(ctrs) {
 		for i := range ctrs {
-			ctrMap[ctrs[i].ID()] = rawInputs[i]
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
 		}
 	}
 	reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
@@ -185,7 +194,7 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st
 		reports = append(reports, &entities.PauseUnpauseReport{
 			Id:       c.ID(),
 			Err:      err,
-			RawInput: ctrMap[c.ID()],
+			RawInput: idToRawInput[c.ID()],
 		})
 	}
 	return reports, nil
@@ -196,10 +205,10 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin
 	if err != nil && !(options.Ignore && errors.Is(err, define.ErrNoSuchCtr)) {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	if len(rawInputs) == len(ctrs) {
 		for i := range ctrs {
-			ctrMap[ctrs[i].ID()] = rawInputs[i]
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
 		}
 	}
 	errMap, err := parallelctr.ContainerOp(ctx, ctrs, func(c *libpod.Container) error {
@@ -245,7 +254,7 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin
 		if options.All {
 			report.RawInput = ctr.ID()
 		} else {
-			report.RawInput = ctrMap[ctr.ID()]
+			report.RawInput = idToRawInput[ctr.ID()]
 		}
 		report.Err = err
 		reports = append(reports, report)
@@ -275,10 +284,10 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin
 	if err != nil {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	if len(rawInputs) == len(ctrs) {
 		for i := range ctrs {
-			ctrMap[ctrs[i].ID()] = rawInputs[i]
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
 		}
 	}
 	reports := make([]*entities.KillReport, 0, len(ctrs))
@@ -291,7 +300,7 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin
 		reports = append(reports, &entities.KillReport{
 			Id:       con.ID(),
 			Err:      err,
-			RawInput: ctrMap[con.ID()],
+			RawInput: idToRawInput[con.ID()],
 		})
 	}
 	return reports, nil
@@ -299,31 +308,42 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin
 
 func (ic *ContainerEngine) ContainerRestart(ctx context.Context, namesOrIds []string, options entities.RestartOptions) ([]*entities.RestartReport, error) {
 	var (
-		ctrs []*libpod.Container
-		err  error
+		ctrs      []*libpod.Container
+		err       error
+		rawInputs = []string{}
 	)
 
 	if options.Running {
 		ctrs, err = ic.Libpod.GetRunningContainers()
+		for _, candidate := range ctrs {
+			rawInputs = append(rawInputs, candidate.ID())
+		}
+
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		ctrs, err = getContainersByContext(options.All, options.Latest, namesOrIds, ic.Libpod)
+		ctrs, rawInputs, err = getContainersAndInputByContext(options.All, options.Latest, namesOrIds, options.Filters, ic.Libpod)
 		if err != nil {
 			return nil, err
 		}
 	}
-
+	idToRawInput := map[string]string{}
+	if len(rawInputs) == len(ctrs) {
+		for i := range ctrs {
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
+		}
+	}
 	reports := make([]*entities.RestartReport, 0, len(ctrs))
-	for _, con := range ctrs {
-		timeout := con.StopTimeout()
+	for _, c := range ctrs {
+		timeout := c.StopTimeout()
 		if options.Timeout != nil {
 			timeout = *options.Timeout
 		}
 		reports = append(reports, &entities.RestartReport{
-			Id:  con.ID(),
-			Err: con.RestartWithTimeout(ctx, timeout),
+			Id:       c.ID(),
+			Err:      c.RestartWithTimeout(ctx, timeout),
+			RawInput: idToRawInput[c.ID()],
 		})
 	}
 	return reports, nil
@@ -381,7 +401,16 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string,
 	}
 	names = tmpNames
 
-	ctrs, err := getContainersByContext(options.All, options.Latest, names, ic.Libpod)
+	ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, names, options.Filters, ic.Libpod)
+	if err != nil && !(options.Ignore && errors.Is(err, define.ErrNoSuchCtr)) {
+		return nil, err
+	}
+	idToRawInput := map[string]string{}
+	if len(rawInputs) == len(ctrs) {
+		for i := range ctrs {
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
+		}
+	}
 	if err != nil && !(options.Ignore && errors.Is(err, define.ErrNoSuchCtr)) {
 		// Failed to get containers. If force is specified, get the containers ID
 		// and evict them
@@ -391,7 +420,10 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string,
 
 		for _, ctr := range names {
 			logrus.Debugf("Evicting container %q", ctr)
-			report := reports.RmReport{Id: ctr}
+			report := reports.RmReport{
+				Id:       ctr,
+				RawInput: idToRawInput[ctr],
+			}
 			_, err := ic.Libpod.EvictContainer(ctx, ctr, options.Volumes)
 			if err != nil {
 				if options.Ignore && errors.Is(err, define.ErrNoSuchCtr) {
@@ -461,6 +493,7 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string,
 		report := new(reports.RmReport)
 		report.Id = ctr.ID()
 		report.Err = err
+		report.RawInput = idToRawInput[ctr.ID()]
 		rmReports = append(rmReports, report)
 	}
 	return rmReports, nil
@@ -598,8 +631,9 @@ func (ic *ContainerEngine) ContainerExport(ctx context.Context, nameOrID string,
 
 func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds []string, options entities.CheckpointOptions) ([]*entities.CheckpointReport, error) {
 	var (
-		err  error
-		cons []*libpod.Container
+		ctrs      []*libpod.Container
+		rawInputs []string
+		err       error
 	)
 	checkOpts := libpod.ContainerCheckpointOptions{
 		Keep:           options.Keep,
@@ -616,24 +650,34 @@ func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds [
 		CreateImage:    options.CreateImage,
 	}
 
+	idToRawInput := map[string]string{}
 	if options.All {
 		running := func(c *libpod.Container) bool {
 			state, _ := c.State()
 			return state == define.ContainerStateRunning
 		}
-		cons, err = ic.Libpod.GetContainers(running)
+		ctrs, err = ic.Libpod.GetContainers(running)
+		if err != nil {
+			return nil, err
+		}
 	} else {
-		cons, err = getContainersByContext(false, options.Latest, namesOrIds, ic.Libpod)
-	}
-	if err != nil {
-		return nil, err
+		ctrs, rawInputs, err = getContainersAndInputByContext(false, options.Latest, namesOrIds, nil, ic.Libpod)
+		if err != nil {
+			return nil, err
+		}
+		if len(rawInputs) == len(ctrs) {
+			for i := range ctrs {
+				idToRawInput[ctrs[i].ID()] = rawInputs[i]
+			}
+		}
 	}
-	reports := make([]*entities.CheckpointReport, 0, len(cons))
-	for _, con := range cons {
-		criuStatistics, runtimeCheckpointDuration, err := con.Checkpoint(ctx, checkOpts)
+	reports := make([]*entities.CheckpointReport, 0, len(ctrs))
+	for _, c := range ctrs {
+		criuStatistics, runtimeCheckpointDuration, err := c.Checkpoint(ctx, checkOpts)
 		reports = append(reports, &entities.CheckpointReport{
 			Err:             err,
-			Id:              con.ID(),
+			Id:              c.ID(),
+			RawInput:        idToRawInput[c.ID()],
 			RuntimeDuration: runtimeCheckpointDuration,
 			CRIUStatistics:  criuStatistics,
 		})
@@ -643,7 +687,7 @@ func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds [
 
 func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []string, options entities.RestoreOptions) ([]*entities.RestoreReport, error) {
 	var (
-		containers                  []*libpod.Container
+		ctrs                        []*libpod.Container
 		checkpointImageImportErrors []error
 		err                         error
 	)
@@ -670,19 +714,21 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 		},
 	}
 
+	idToRawInput := map[string]string{}
 	switch {
 	case options.Import != "":
-		containers, err = checkpoint.CRImportCheckpointTar(ctx, ic.Libpod, options)
+		ctrs, err = checkpoint.CRImportCheckpointTar(ctx, ic.Libpod, options)
 	case options.All:
-		containers, err = ic.Libpod.GetContainers(filterFuncs...)
+		ctrs, err = ic.Libpod.GetContainers(filterFuncs...)
 	case options.Latest:
-		containers, err = getContainersByContext(false, options.Latest, namesOrIds, ic.Libpod)
+		ctrs, err = getContainersByContext(false, options.Latest, namesOrIds, ic.Libpod)
 	default:
 		for _, nameOrID := range namesOrIds {
 			logrus.Debugf("look up container: %q", nameOrID)
-			ctr, err := ic.Libpod.LookupContainer(nameOrID)
+			c, err := ic.Libpod.LookupContainer(nameOrID)
 			if err == nil {
-				containers = append(containers, ctr)
+				ctrs = append(ctrs, c)
+				idToRawInput[c.ID()] = nameOrID
 			} else {
 				// If container was not found, check if this is a checkpoint image
 				logrus.Debugf("look up image: %q", nameOrID)
@@ -700,7 +746,7 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 				if err != nil {
 					return nil, err
 				}
-				importedContainers, err := checkpoint.CRImportCheckpoint(ctx, ic.Libpod, options, mountPoint)
+				importedCtrs, err := checkpoint.CRImportCheckpoint(ctx, ic.Libpod, options, mountPoint)
 				if err != nil {
 					// CRImportCheckpoint is expected to import exactly one container from checkpoint image
 					checkpointImageImportErrors = append(
@@ -708,7 +754,7 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 						fmt.Errorf("unable to import checkpoint from image: %q: %v", nameOrID, err),
 					)
 				} else {
-					containers = append(containers, importedContainers[0])
+					ctrs = append(ctrs, importedCtrs[0])
 				}
 			}
 		}
@@ -717,12 +763,13 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 		return nil, err
 	}
 
-	reports := make([]*entities.RestoreReport, 0, len(containers))
-	for _, con := range containers {
-		criuStatistics, runtimeRestoreDuration, err := con.Restore(ctx, restoreOptions)
+	reports := make([]*entities.RestoreReport, 0, len(ctrs))
+	for _, c := range ctrs {
+		criuStatistics, runtimeRestoreDuration, err := c.Restore(ctx, restoreOptions)
 		reports = append(reports, &entities.RestoreReport{
 			Err:             err,
-			Id:              con.ID(),
+			Id:              c.ID(),
+			RawInput:        idToRawInput[c.ID()],
 			RuntimeDuration: runtimeRestoreDuration,
 			CRIUStatistics:  criuStatistics,
 		})
@@ -774,7 +821,7 @@ func (ic *ContainerEngine) ContainerAttach(ctx context.Context, nameOrID string,
 	// If the container is in a pod, also set to recursively start dependencies
 	err = terminal.StartAttachCtr(ctx, ctr, options.Stdout, options.Stderr, options.Stdin, options.DetachKeys, options.SigProxy, false)
 	if err != nil && !errors.Is(err, define.ErrDetach) {
-		return fmt.Errorf("error attaching to container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("attaching to container %s: %w", ctr.ID(), err)
 	}
 	os.Stdout.WriteString("\n")
 	return nil
@@ -796,12 +843,12 @@ func makeExecConfig(options entities.ExecOptions, rt *libpod.Runtime) (*libpod.E
 	storageConfig := rt.StorageConfig()
 	runtimeConfig, err := rt.GetConfig()
 	if err != nil {
-		return nil, fmt.Errorf("error retrieving Libpod configuration to build exec exit command: %w", err)
+		return nil, fmt.Errorf("retrieving Libpod configuration to build exec exit command: %w", err)
 	}
 	// TODO: Add some ability to toggle syslog
 	exitCommandArgs, err := specgenutil.CreateExitCommandArgs(storageConfig, runtimeConfig, logrus.IsLevelEnabled(logrus.DebugLevel), false, true)
 	if err != nil {
-		return nil, fmt.Errorf("error constructing exit command for exec session: %w", err)
+		return nil, fmt.Errorf("constructing exit command for exec session: %w", err)
 	}
 	execConfig.ExitCommand = exitCommandArgs
 
@@ -810,7 +857,7 @@ func makeExecConfig(options entities.ExecOptions, rt *libpod.Runtime) (*libpod.E
 
 func checkExecPreserveFDs(options entities.ExecOptions) error {
 	if options.PreserveFDs > 0 {
-		entries, err := ioutil.ReadDir("/proc/self/fd")
+		entries, err := os.ReadDir("/proc/self/fd")
 		if err != nil {
 			return err
 		}
@@ -886,48 +933,19 @@ func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrID s
 func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []string, options entities.ContainerStartOptions) ([]*entities.ContainerStartReport, error) {
 	reports := []*entities.ContainerStartReport{}
 	var exitCode = define.ExecErrorCodeGeneric
-	containersNamesOrIds := namesOrIds
-	all := options.All
-	if len(options.Filters) > 0 {
-		all = false
-		filterFuncs := make([]libpod.ContainerFilter, 0, len(options.Filters))
-		if len(options.Filters) > 0 {
-			for k, v := range options.Filters {
-				generatedFunc, err := dfilters.GenerateContainerFilterFuncs(k, v, ic.Libpod)
-				if err != nil {
-					return nil, err
-				}
-				filterFuncs = append(filterFuncs, generatedFunc)
-			}
-		}
-		candidates, err := ic.Libpod.GetContainers(filterFuncs...)
-		if err != nil {
-			return nil, err
-		}
-		containersNamesOrIds = []string{}
-		for _, candidate := range candidates {
-			if options.All {
-				containersNamesOrIds = append(containersNamesOrIds, candidate.ID())
-				continue
-			}
-			for _, nameOrID := range namesOrIds {
-				if nameOrID == candidate.ID() || nameOrID == candidate.Name() {
-					containersNamesOrIds = append(containersNamesOrIds, nameOrID)
-				}
-			}
-		}
-	}
-	ctrs, rawInputs, err := getContainersAndInputByContext(all, options.Latest, containersNamesOrIds, options.Filters, ic.Libpod)
+	ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, options.Filters, ic.Libpod)
 	if err != nil {
 		return nil, err
 	}
+	idToRawInput := map[string]string{}
+	if len(rawInputs) == len(ctrs) {
+		for i := range ctrs {
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
+		}
+	}
 	// There can only be one container if attach was used
 	for i := range ctrs {
 		ctr := ctrs[i]
-		rawInput := ctr.ID()
-		if !options.All {
-			rawInput = rawInputs[i]
-		}
 		ctrState, err := ctr.State()
 		if err != nil {
 			return nil, err
@@ -941,7 +959,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
 				// Exit cleanly immediately
 				reports = append(reports, &entities.ContainerStartReport{
 					Id:       ctr.ID(),
-					RawInput: rawInput,
+					RawInput: idToRawInput[ctr.ID()],
 					Err:      nil,
 					ExitCode: 0,
 				})
@@ -952,7 +970,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
 				logrus.Debugf("Deadlock error: %v", err)
 				reports = append(reports, &entities.ContainerStartReport{
 					Id:       ctr.ID(),
-					RawInput: rawInput,
+					RawInput: idToRawInput[ctr.ID()],
 					Err:      err,
 					ExitCode: define.ExitCode(err),
 				})
@@ -962,7 +980,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
 			if ctrRunning {
 				reports = append(reports, &entities.ContainerStartReport{
 					Id:       ctr.ID(),
-					RawInput: rawInput,
+					RawInput: idToRawInput[ctr.ID()],
 					Err:      nil,
 					ExitCode: 0,
 				})
@@ -972,7 +990,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
 			if err != nil {
 				reports = append(reports, &entities.ContainerStartReport{
 					Id:       ctr.ID(),
-					RawInput: rawInput,
+					RawInput: idToRawInput[ctr.ID()],
 					Err:      err,
 					ExitCode: exitCode,
 				})
@@ -987,7 +1005,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
 			exitCode = ic.GetContainerExitCode(ctx, ctr)
 			reports = append(reports, &entities.ContainerStartReport{
 				Id:       ctr.ID(),
-				RawInput: rawInput,
+				RawInput: idToRawInput[ctr.ID()],
 				Err:      err,
 				ExitCode: exitCode,
 			})
@@ -1000,7 +1018,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
 			// If the container is in a pod, also set to recursively start dependencies
 			report := &entities.ContainerStartReport{
 				Id:       ctr.ID(),
-				RawInput: rawInput,
+				RawInput: idToRawInput[ctr.ID()],
 				ExitCode: 125,
 			}
 			if err := ctr.Start(ctx, true); err != nil {
@@ -1211,14 +1229,20 @@ func (ic *ContainerEngine) ContainerLogs(ctx context.Context, containers []strin
 }
 
 func (ic *ContainerEngine) ContainerCleanup(ctx context.Context, namesOrIds []string, options entities.ContainerCleanupOptions) ([]*entities.ContainerCleanupReport, error) {
-	reports := []*entities.ContainerCleanupReport{}
-	ctrs, err := getContainersByContext(options.All, options.Latest, namesOrIds, ic.Libpod)
+	ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, nil, ic.Libpod)
 	if err != nil {
 		return nil, err
 	}
+	idToRawInput := map[string]string{}
+	if len(rawInputs) == len(ctrs) {
+		for i := range ctrs {
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
+		}
+	}
+	reports := []*entities.ContainerCleanupReport{}
 	for _, ctr := range ctrs {
 		var err error
-		report := entities.ContainerCleanupReport{Id: ctr.ID()}
+		report := entities.ContainerCleanupReport{Id: ctr.ID(), RawInput: idToRawInput[ctr.ID()]}
 
 		if options.Exec != "" {
 			if options.Remove {
@@ -1259,13 +1283,19 @@ func (ic *ContainerEngine) ContainerCleanup(ctx context.Context, namesOrIds []st
 }
 
 func (ic *ContainerEngine) ContainerInit(ctx context.Context, namesOrIds []string, options entities.ContainerInitOptions) ([]*entities.ContainerInitReport, error) {
-	ctrs, err := getContainersByContext(options.All, options.Latest, namesOrIds, ic.Libpod)
+	ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, nil, ic.Libpod)
 	if err != nil {
 		return nil, err
 	}
+	idToRawInput := map[string]string{}
+	if len(rawInputs) == len(ctrs) {
+		for i := range ctrs {
+			idToRawInput[ctrs[i].ID()] = rawInputs[i]
+		}
+	}
 	reports := make([]*entities.ContainerInitReport, 0, len(ctrs))
 	for _, ctr := range ctrs {
-		report := entities.ContainerInitReport{Id: ctr.ID()}
+		report := entities.ContainerInitReport{Id: ctr.ID(), RawInput: idToRawInput[ctr.ID()]}
 		err := ctr.Init(ctx, ctr.PodID() != "")
 
 		// If we're initializing all containers, ignore invalid state errors
@@ -1418,7 +1448,7 @@ func (ic *ContainerEngine) ContainerUnmount(ctx context.Context, nameOrIDs []str
 				logrus.Debugf("Error umounting container %s, storage.ErrLayerNotMounted", ctr.ID())
 				continue
 			}
-			report.Err = fmt.Errorf("error unmounting container %s: %w", ctr.ID(), err)
+			report.Err = fmt.Errorf("unmounting container %s: %w", ctr.ID(), err)
 		}
 		reports = append(reports, &report)
 	}
@@ -1656,31 +1686,7 @@ func (ic *ContainerEngine) ContainerClone(ctx context.Context, ctrCloneOpts enti
 		if err == nil {
 			n += "-clone"
 		}
-		switch {
-		case strings.Contains(n, "-clone"):
-			ind := strings.Index(n, "-clone") + 6
-			num, err := strconv.Atoi(n[ind:])
-			if num == 0 && err != nil { // clone1 is hard to get with this logic, just check for it here.
-				_, err = ic.Libpod.LookupContainer(n + "1")
-				if err != nil {
-					spec.Name = n + "1"
-					break
-				}
-			} else {
-				n = n[0:ind]
-			}
-			err = nil
-			count := num
-			for err == nil {
-				count++
-				tempN := n + strconv.Itoa(count)
-				_, err = ic.Libpod.LookupContainer(tempN)
-			}
-			n += strconv.Itoa(count)
-			spec.Name = n
-		default:
-			spec.Name = c.Name() + "-clone"
-		}
+		spec.Name = generate.CheckName(ic.Libpod, n, true)
 	}
 
 	rtSpec, spec, opts, err := generate.MakeContainer(context.Background(), ic.Libpod, spec, true, c)
@@ -1708,3 +1714,27 @@ func (ic *ContainerEngine) ContainerClone(ctx context.Context, ctrCloneOpts enti
 
 	return &entities.ContainerCreateReport{Id: ctr.ID()}, nil
 }
+
+// ContainerUpdate finds and updates the given container's cgroup config with the specified options
+func (ic *ContainerEngine) ContainerUpdate(ctx context.Context, updateOptions *entities.ContainerUpdateOptions) (string, error) {
+	err := specgen.WeightDevices(updateOptions.Specgen)
+	if err != nil {
+		return "", err
+	}
+	err = specgen.FinishThrottleDevices(updateOptions.Specgen)
+	if err != nil {
+		return "", err
+	}
+	ctrs, err := getContainersByContext(false, false, []string{updateOptions.NameOrID}, ic.Libpod)
+	if err != nil {
+		return "", err
+	}
+	if len(ctrs) != 1 {
+		return "", fmt.Errorf("container not found")
+	}
+
+	if err = ctrs[0].Update(updateOptions.Specgen.ResourceLimits); err != nil {
+		return "", err
+	}
+	return ctrs[0].ID(), nil
+}
diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go
index 31885ce54..f588f591a 100644
--- a/pkg/domain/infra/abi/generate.go
+++ b/pkg/domain/infra/abi/generate.go
@@ -3,6 +3,7 @@ package abi
 import (
 	"bytes"
 	"context"
+	"encoding/json"
 	"fmt"
 	"strings"
 
@@ -10,6 +11,8 @@ import (
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	k8sAPI "github.com/containers/podman/v4/pkg/k8s.io/api/core/v1"
+	"github.com/containers/podman/v4/pkg/specgen"
+	generateUtils "github.com/containers/podman/v4/pkg/specgen/generate"
 	"github.com/containers/podman/v4/pkg/systemd/generate"
 	"github.com/ghodss/yaml"
 )
@@ -41,6 +44,63 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string,
 	return &entities.GenerateSystemdReport{Units: units}, nil
 }
 
+func (ic *ContainerEngine) GenerateSpec(ctx context.Context, opts *entities.GenerateSpecOptions) (*entities.GenerateSpecReport, error) {
+	var spec *specgen.SpecGenerator
+	var pspec *specgen.PodSpecGenerator
+	var err error
+	if _, err := ic.Libpod.LookupContainer(opts.ID); err == nil {
+		spec = &specgen.SpecGenerator{}
+		_, _, err = generateUtils.ConfigToSpec(ic.Libpod, spec, opts.ID)
+		if err != nil {
+			return nil, err
+		}
+	} else if p, err := ic.Libpod.LookupPod(opts.ID); err == nil {
+		pspec = &specgen.PodSpecGenerator{}
+		pspec.Name = p.Name()
+		_, err := generateUtils.PodConfigToSpec(ic.Libpod, pspec, &entities.ContainerCreateOptions{}, opts.ID)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if pspec == nil && spec == nil {
+		return nil, fmt.Errorf("could not find a pod or container with the id %s", opts.ID)
+	}
+
+	// rename if we are looking to consume the output and make a new entity
+	if opts.Name {
+		if spec != nil {
+			spec.Name = generateUtils.CheckName(ic.Libpod, spec.Name, true)
+		} else {
+			pspec.Name = generateUtils.CheckName(ic.Libpod, pspec.Name, false)
+		}
+	}
+
+	j := []byte{}
+	if spec != nil {
+		j, err = json.MarshalIndent(spec, "", " ")
+		if err != nil {
+			return nil, err
+		}
+	} else if pspec != nil {
+		j, err = json.MarshalIndent(pspec, "", " ")
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// compact output
+	if opts.Compact {
+		compacted := &bytes.Buffer{}
+		err := json.Compact(compacted, j)
+		if err != nil {
+			return nil, err
+		}
+		return &entities.GenerateSpecReport{Data: compacted.Bytes()}, nil
+	}
+	return &entities.GenerateSpecReport{Data: j}, nil // regular output
+}
+
 func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
 	var (
 		pods       []*libpod.Pod
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index ff42b0367..6934de60e 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -18,6 +18,7 @@ import (
 
 	"github.com/containers/common/libimage"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/manifest"
@@ -236,8 +237,9 @@ func (ir *ImageEngine) Pull(ctx context.Context, rawImage string, options entiti
 	pullOptions.Variant = options.Variant
 	pullOptions.SignaturePolicyPath = options.SignaturePolicy
 	pullOptions.InsecureSkipTLSVerify = options.SkipTLSVerify
+	pullOptions.Writer = options.Writer
 
-	if !options.Quiet {
+	if !options.Quiet && pullOptions.Writer == nil {
 		pullOptions.Writer = os.Stderr
 	}
 
@@ -304,6 +306,9 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
 	pushOptions.ManifestMIMEType = manifestType
 	pushOptions.RemoveSignatures = options.RemoveSignatures
 	pushOptions.SignBy = options.SignBy
+	pushOptions.SignPassphrase = options.SignPassphrase
+	pushOptions.SignBySigstorePrivateKeyFile = options.SignBySigstorePrivateKeyFile
+	pushOptions.SignSigstorePrivateKeyPassphrase = options.SignSigstorePrivateKeyPassphrase
 	pushOptions.InsecureSkipTLSVerify = options.SkipTLSVerify
 	pushOptions.Writer = options.Writer
 
@@ -562,6 +567,7 @@ func (ir *ImageEngine) Remove(ctx context.Context, images []string, opts entitie
 	libimageOptions.Force = opts.Force
 	libimageOptions.Ignore = opts.Ignore
 	libimageOptions.LookupManifest = opts.LookupManifest
+	libimageOptions.NoPrune = opts.NoPrune
 	if !opts.All {
 		libimageOptions.Filters = append(libimageOptions.Filters, "intermediate=false")
 	}
@@ -578,7 +584,7 @@ func (ir *ImageEngine) Remove(ctx context.Context, images []string, opts entitie
 
 	rmErrors = libimageErrors
 
-	return
+	return report, rmErrors
 }
 
 // Shutdown Libpod engine
@@ -591,7 +597,7 @@ func (ir *ImageEngine) Shutdown(_ context.Context) {
 func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entities.SignOptions) (*entities.SignReport, error) {
 	mech, err := signature.NewGPGSigningMechanism()
 	if err != nil {
-		return nil, fmt.Errorf("error initializing GPG: %w", err)
+		return nil, fmt.Errorf("initializing GPG: %w", err)
 	}
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil {
@@ -605,11 +611,11 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 		err = func() error {
 			srcRef, err := alltransports.ParseImageName(signimage)
 			if err != nil {
-				return fmt.Errorf("error parsing image name: %w", err)
+				return fmt.Errorf("parsing image name: %w", err)
 			}
 			rawSource, err := srcRef.NewImageSource(ctx, sc)
 			if err != nil {
-				return fmt.Errorf("error getting image source: %w", err)
+				return fmt.Errorf("getting image source: %w", err)
 			}
 			defer func() {
 				if err = rawSource.Close(); err != nil {
@@ -618,7 +624,7 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 			}()
 			topManifestBlob, manifestType, err := rawSource.GetManifest(ctx, nil)
 			if err != nil {
-				return fmt.Errorf("error getting manifest blob: %w", err)
+				return fmt.Errorf("getting manifest blob: %w", err)
 			}
 			dockerReference := rawSource.Reference().DockerReference()
 			if dockerReference == nil {
@@ -652,7 +658,7 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 				}
 				list, err := manifest.ListFromBlob(topManifestBlob, manifestType)
 				if err != nil {
-					return fmt.Errorf("error parsing manifest list %q: %w", string(topManifestBlob), err)
+					return fmt.Errorf("parsing manifest list %q: %w", string(topManifestBlob), err)
 				}
 				instanceDigests := list.Instances()
 				for _, instanceDigest := range instanceDigests {
@@ -662,13 +668,13 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 						return err
 					}
 					if err = putSignature(man, mech, sigStoreDir, instanceDigest, dockerReference, options); err != nil {
-						return fmt.Errorf("error storing signature for %s, %v: %w", dockerReference.String(), instanceDigest, err)
+						return fmt.Errorf("storing signature for %s, %v: %w", dockerReference.String(), instanceDigest, err)
 					}
 				}
 				return nil
 			}
 			if err = putSignature(topManifestBlob, mech, sigStoreDir, manifestDigest, dockerReference, options); err != nil {
-				return fmt.Errorf("error storing signature for %s, %v: %w", dockerReference.String(), manifestDigest, err)
+				return fmt.Errorf("storing signature for %s, %v: %w", dockerReference.String(), manifestDigest, err)
 			}
 			return nil
 		}()
@@ -679,8 +685,8 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 	return nil, nil
 }
 
-func (ir *ImageEngine) Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool) error {
-	rep, source, dest, flags, err := domainUtils.ExecuteTransfer(src, dst, parentFlags, quiet)
+func (ir *ImageEngine) Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool, sshMode ssh.EngineMode) error {
+	rep, source, dest, flags, err := domainUtils.ExecuteTransfer(src, dst, parentFlags, quiet, sshMode)
 	if err != nil {
 		return err
 	}
@@ -863,7 +869,7 @@ func execTransferPodman(execUser *user.User, command []string, needToTag bool) (
 
 func getSigFilename(sigStoreDirPath string) (string, error) {
 	sigFileSuffix := 1
-	sigFiles, err := ioutil.ReadDir(sigStoreDirPath)
+	sigFiles, err := os.ReadDir(sigStoreDirPath)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/domain/infra/abi/images_list.go b/pkg/domain/infra/abi/images_list.go
index 96e99fbf0..4788ecef9 100644
--- a/pkg/domain/infra/abi/images_list.go
+++ b/pkg/domain/infra/abi/images_list.go
@@ -32,7 +32,7 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
 		}
 		isDangling, err := img.IsDangling(ctx)
 		if err != nil {
-			return nil, fmt.Errorf("error checking if image %q is dangling: %w", img.ID(), err)
+			return nil, fmt.Errorf("checking if image %q is dangling: %w", img.ID(), err)
 		}
 
 		e := entities.ImageSummary{
@@ -49,18 +49,18 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
 		}
 		e.Labels, err = img.Labels(ctx)
 		if err != nil {
-			return nil, fmt.Errorf("error retrieving label for image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
+			return nil, fmt.Errorf("retrieving label for image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
 		}
 
 		ctnrs, err := img.Containers()
 		if err != nil {
-			return nil, fmt.Errorf("error retrieving containers for image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
+			return nil, fmt.Errorf("retrieving containers for image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
 		}
 		e.Containers = len(ctnrs)
 
 		sz, err := img.Size()
 		if err != nil {
-			return nil, fmt.Errorf("error retrieving size of image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
+			return nil, fmt.Errorf("retrieving size of image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
 		}
 		e.Size = sz
 		// This is good enough for now, but has to be
@@ -69,7 +69,7 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
 
 		parent, err := img.Parent(ctx)
 		if err != nil {
-			return nil, fmt.Errorf("error retrieving parent of image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
+			return nil, fmt.Errorf("retrieving parent of image %q: you may need to remove the image to resolve the error: %w", img.ID(), err)
 		}
 		if parent != nil {
 			e.ParentId = parent.ID()
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index b135b05ba..ac3eedbe8 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -32,7 +32,15 @@ func (ir *ImageEngine) ManifestCreate(ctx context.Context, name string, images [
 
 	manifestList, err := ir.Libpod.LibimageRuntime().CreateManifestList(name)
 	if err != nil {
-		return "", err
+		if errors.Is(err, storage.ErrDuplicateName) && opts.Amend {
+			amendList, amendErr := ir.Libpod.LibimageRuntime().LookupManifestList(name)
+			if amendErr != nil {
+				return "", err
+			}
+			manifestList = amendList
+		} else {
+			return "", err
+		}
 	}
 
 	addOptions := &libimage.ManifestListAddOptions{All: opts.All}
@@ -87,7 +95,7 @@ func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte
 
 	var b bytes.Buffer
 	if err := json.Indent(&b, rawSchema2List, "", "    "); err != nil {
-		return nil, fmt.Errorf("error rendering manifest %s for display: %w", name, err)
+		return nil, fmt.Errorf("rendering manifest %s for display: %w", name, err)
 	}
 	return b.Bytes(), nil
 }
@@ -150,7 +158,7 @@ func (ir *ImageEngine) remoteManifestInspect(ctx context.Context, name string) (
 		logrus.Warnf("The manifest type %s is not a manifest list but a single image.", manType)
 		schema2Manifest, err := manifest.Schema2FromManifest(result)
 		if err != nil {
-			return nil, fmt.Errorf("error parsing manifest blob %q as a %q: %w", string(result), manType, err)
+			return nil, fmt.Errorf("parsing manifest blob %q as a %q: %w", string(result), manType, err)
 		}
 		if result, err = schema2Manifest.Serialize(); err != nil {
 			return nil, err
@@ -158,7 +166,7 @@ func (ir *ImageEngine) remoteManifestInspect(ctx context.Context, name string) (
 	default:
 		listBlob, err := manifest.ListFromBlob(result, manType)
 		if err != nil {
-			return nil, fmt.Errorf("error parsing manifest blob %q as a %q: %w", string(result), manType, err)
+			return nil, fmt.Errorf("parsing manifest blob %q as a %q: %w", string(result), manType, err)
 		}
 		list, err := listBlob.ConvertToMIMEType(manifest.DockerV2ListMediaType)
 		if err != nil {
@@ -170,7 +178,7 @@ func (ir *ImageEngine) remoteManifestInspect(ctx context.Context, name string) (
 	}
 
 	if err = json.Indent(&b, result, "", "    "); err != nil {
-		return nil, fmt.Errorf("error rendering manifest %s for display: %w", name, err)
+		return nil, fmt.Errorf("rendering manifest %s for display: %w", name, err)
 	}
 	return b.Bytes(), nil
 }
@@ -293,7 +301,7 @@ func (ir *ImageEngine) ManifestRm(ctx context.Context, names []string) (report *
 func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination string, opts entities.ImagePushOptions) (string, error) {
 	manifestList, err := ir.Libpod.LibimageRuntime().LookupManifestList(name)
 	if err != nil {
-		return "", fmt.Errorf("error retrieving local image from image name %s: %w", name, err)
+		return "", fmt.Errorf("retrieving local image from image name %s: %w", name, err)
 	}
 
 	var manifestType string
@@ -317,7 +325,11 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination strin
 	pushOptions.ManifestMIMEType = manifestType
 	pushOptions.RemoveSignatures = opts.RemoveSignatures
 	pushOptions.SignBy = opts.SignBy
+	pushOptions.SignPassphrase = opts.SignPassphrase
+	pushOptions.SignBySigstorePrivateKeyFile = opts.SignBySigstorePrivateKeyFile
+	pushOptions.SignSigstorePrivateKeyPassphrase = opts.SignSigstorePrivateKeyPassphrase
 	pushOptions.InsecureSkipTLSVerify = opts.SkipTLSVerify
+	pushOptions.Writer = opts.Writer
 
 	compressionFormat := opts.CompressionFormat
 	if compressionFormat == "" {
@@ -338,7 +350,7 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination strin
 	if opts.All {
 		pushOptions.ImageListSelection = cp.CopyAllImages
 	}
-	if !opts.Quiet {
+	if !opts.Quiet && pushOptions.Writer == nil {
 		pushOptions.Writer = os.Stderr
 	}
 
@@ -350,7 +362,7 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination strin
 	if opts.Rm {
 		rmOpts := &libimage.RemoveImagesOptions{LookupManifest: true}
 		if _, rmErrors := ir.Libpod.LibimageRuntime().RemoveImages(ctx, []string{manifestList.ID()}, rmOpts); len(rmErrors) > 0 {
-			return "", fmt.Errorf("error removing manifest after push: %w", rmErrors[0])
+			return "", fmt.Errorf("removing manifest after push: %w", rmErrors[0])
 		}
 	}
 
diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go
index 2428abfe9..a29b6818f 100644
--- a/pkg/domain/infra/abi/network.go
+++ b/pkg/domain/infra/abi/network.go
@@ -61,7 +61,7 @@ func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []stri
 				errs = append(errs, fmt.Errorf("network %s: %w", name, err))
 				continue
 			} else {
-				return nil, nil, fmt.Errorf("error inspecting network %s: %w", name, err)
+				return nil, nil, fmt.Errorf("inspecting network %s: %w", name, err)
 			}
 		}
 		networks = append(networks, net)
diff --git a/pkg/domain/infra/abi/parse/parse.go b/pkg/domain/infra/abi/parse/parse.go
index 19699589b..fb2876bb2 100644
--- a/pkg/domain/infra/abi/parse/parse.go
+++ b/pkg/domain/infra/abi/parse/parse.go
@@ -86,8 +86,11 @@ func VolumeOptions(opts map[string]string) ([]libpod.VolumeCreateOption, error)
 					if err != nil {
 						return nil, fmt.Errorf("cannot convert Timeout %s to an integer: %w", splitO[1], err)
 					}
+					if intTimeout < 0 {
+						return nil, fmt.Errorf("volume timeout cannot be negative (got %d)", intTimeout)
+					}
 					logrus.Debugf("Removing timeout from options and adding WithTimeout for Timeout %d", intTimeout)
-					libpodOptions = append(libpodOptions, libpod.WithVolumeDriverTimeout(intTimeout))
+					libpodOptions = append(libpodOptions, libpod.WithVolumeDriverTimeout(uint(intTimeout)))
 				default:
 					finalVal = append(finalVal, o)
 				}
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 3f2fd5f92..d447b4d00 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -16,6 +16,7 @@ import (
 	"github.com/containers/common/libimage"
 	nettypes "github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/secrets"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
@@ -27,13 +28,19 @@ import (
 	"github.com/containers/podman/v4/pkg/specgen/generate"
 	"github.com/containers/podman/v4/pkg/specgen/generate/kube"
 	"github.com/containers/podman/v4/pkg/specgenutil"
+	"github.com/containers/podman/v4/pkg/systemd/notifyproxy"
 	"github.com/containers/podman/v4/pkg/util"
+	"github.com/coreos/go-systemd/v22/daemon"
 	"github.com/ghodss/yaml"
 	"github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
 	yamlv3 "gopkg.in/yaml.v3"
 )
 
+// sdNotifyAnnotation allows for configuring service-global and
+// container-specific sd-notify modes.
+const sdNotifyAnnotation = "io.containers.sdnotify"
+
 // createServiceContainer creates a container that can later on
 // be associated with the pods of a K8s yaml.  It will be started along with
 // the first pod.
@@ -73,7 +80,12 @@ func (ic *ContainerEngine) createServiceContainer(ctx context.Context, name stri
 		return nil, fmt.Errorf("creating runtime spec for service container: %w", err)
 	}
 	opts = append(opts, libpod.WithIsService())
-	opts = append(opts, libpod.WithSdNotifyMode(define.SdNotifyModeConmon))
+
+	// Set the sd-notify mode to "ignore".  Podman is responsible for
+	// sending the notify messages when all containers are ready.
+	// The mode for individual containers or entire pods can be configured
+	// via the `sdNotifyAnnotation` annotation in the K8s YAML.
+	opts = append(opts, libpod.WithSdNotifyMode(define.SdNotifyModeIgnore))
 
 	// Create a new libpod container based on the spec.
 	ctr, err := ic.Libpod.NewContainer(ctx, runtimeSpec, spec, false, opts...)
@@ -96,6 +108,10 @@ func k8sName(content []byte, suffix string) string {
 }
 
 func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options entities.PlayKubeOptions) (_ *entities.PlayKubeReport, finalErr error) {
+	if options.ServiceContainer && options.Start == types.OptionalBoolFalse { // Sanity check to be future proof
+		return nil, fmt.Errorf("running a service container requires starting the pod(s)")
+	}
+
 	report := &entities.PlayKubeReport{}
 	validKinds := 0
 
@@ -121,6 +137,8 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
 
 	var configMaps []v1.ConfigMap
 
+	ranContainers := false
+	var serviceContainer *libpod.Container
 	// create pod on each document if it is a pod or deployment
 	// any other kube kind will be skipped
 	for _, document := range documentList {
@@ -130,8 +148,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
 		}
 
 		// TODO: create constants for the various "kinds" of yaml files.
-		var serviceContainer *libpod.Container
-		if options.ServiceContainer && (kind == "Pod" || kind == "Deployment") {
+		if options.ServiceContainer && serviceContainer == nil && (kind == "Pod" || kind == "Deployment") {
 			ctr, err := ic.createServiceContainer(ctx, k8sName(content, "service"), options)
 			if err != nil {
 				return nil, err
@@ -178,6 +195,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
 
 			report.Pods = append(report.Pods, r.Pods...)
 			validKinds++
+			ranContainers = true
 		case "Deployment":
 			var deploymentYAML v1apps.Deployment
 
@@ -192,6 +210,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
 
 			report.Pods = append(report.Pods, r.Pods...)
 			validKinds++
+			ranContainers = true
 		case "PersistentVolumeClaim":
 			var pvcYAML v1.PersistentVolumeClaim
 
@@ -239,6 +258,20 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
 		return nil, fmt.Errorf("YAML document does not contain any supported kube kind")
 	}
 
+	if options.ServiceContainer && ranContainers {
+		// We can consider the service to be up and running now.
+		// Send the sd-notify messages pointing systemd to the
+		// service container.
+		data, err := serviceContainer.Inspect(false)
+		if err != nil {
+			return nil, err
+		}
+		message := fmt.Sprintf("MAINPID=%d\n%s", data.State.ConmonPid, daemon.SdNotifyReady)
+		if err := notifyproxy.SendMessage("", message); err != nil {
+			return nil, err
+		}
+	}
+
 	return report, nil
 }
 
@@ -266,7 +299,7 @@ func (ic *ContainerEngine) playKubeDeployment(ctx context.Context, deploymentYAM
 		podName := fmt.Sprintf("%s-pod-%d", deploymentName, i)
 		podReport, err := ic.playKubePod(ctx, podName, &podSpec, options, ipIndex, deploymentYAML.Annotations, configMaps, serviceContainer)
 		if err != nil {
-			return nil, fmt.Errorf("error encountered while bringing up pod %s: %w", podName, err)
+			return nil, fmt.Errorf("encountered while bringing up pod %s: %w", podName, err)
 		}
 		report.Pods = append(report.Pods, podReport.Pods...)
 	}
@@ -280,6 +313,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		report      entities.PlayKubeReport
 	)
 
+	mainSdNotifyMode, err := getSdNotifyMode(annotations, "")
+	if err != nil {
+		return nil, err
+	}
+
 	// Create the secret manager before hand
 	secretsManager, err := ic.Libpod.SecretsManager()
 	if err != nil {
@@ -318,6 +356,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 
 	if options.Userns == "" {
 		options.Userns = "host"
+		if podYAML.Spec.HostUsers != nil && !*podYAML.Spec.HostUsers {
+			options.Userns = "auto"
+		}
+	} else if podYAML.Spec.HostUsers != nil {
+		logrus.Info("overriding the user namespace mode in the pod spec")
 	}
 
 	// Validate the userns modes supported.
@@ -399,7 +442,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 	}
 
 	// Go through the volumes and create a podman volume for all volumes that have been
-	// defined by a configmap
+	// defined by a configmap or secret
 	for _, v := range volumes {
 		if (v.Type == kube.KubeVolumeTypeConfigMap || v.Type == kube.KubeVolumeTypeSecret) && !v.Optional {
 			vol, err := ic.Libpod.NewVolume(ctx, libpod.WithVolumeName(v.Source))
@@ -562,6 +605,9 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 
 		initContainers = append(initContainers, ctr)
 	}
+
+	var sdNotifyProxies []*notifyproxy.NotifyProxy // containers' sd-notify proxies
+
 	for _, container := range podYAML.Spec.Containers {
 		// Error out if the same name is used for more than one container
 		if _, ok := ctrNames[container.Name]; ok {
@@ -606,11 +652,39 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		if err != nil {
 			return nil, err
 		}
-		opts = append(opts, libpod.WithSdNotifyMode(define.SdNotifyModeIgnore))
+
+		sdNotifyMode := mainSdNotifyMode
+		ctrNotifyMode, err := getSdNotifyMode(annotations, container.Name)
+		if err != nil {
+			return nil, err
+		}
+		if ctrNotifyMode != "" {
+			sdNotifyMode = ctrNotifyMode
+		}
+		if sdNotifyMode == "" { // Default to "ignore"
+			sdNotifyMode = define.SdNotifyModeIgnore
+		}
+
+		opts = append(opts, libpod.WithSdNotifyMode(sdNotifyMode))
+
+		var proxy *notifyproxy.NotifyProxy
+		// Create a notify proxy for the container.
+		if sdNotifyMode != "" && sdNotifyMode != define.SdNotifyModeIgnore {
+			proxy, err = notifyproxy.New("")
+			if err != nil {
+				return nil, err
+			}
+			sdNotifyProxies = append(sdNotifyProxies, proxy)
+			opts = append(opts, libpod.WithSdNotifySocket(proxy.SocketPath()))
+		}
+
 		ctr, err := generate.ExecuteCreate(ctx, ic.Libpod, rtSpec, spec, false, opts...)
 		if err != nil {
 			return nil, err
 		}
+		if proxy != nil {
+			proxy.AddContainer(ctr)
+		}
 		containers = append(containers, ctr)
 	}
 
@@ -621,9 +695,16 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 			return nil, err
 		}
 		for id, err := range podStartErrors {
-			playKubePod.ContainerErrors = append(playKubePod.ContainerErrors, fmt.Errorf("error starting container %s: %w", id, err).Error())
+			playKubePod.ContainerErrors = append(playKubePod.ContainerErrors, fmt.Errorf("starting container %s: %w", id, err).Error())
 			fmt.Println(playKubePod.ContainerErrors)
 		}
+
+		// Wait for each proxy to receive a READY message.
+		for _, proxy := range sdNotifyProxies {
+			if err := proxy.WaitAndClose(); err != nil {
+				return nil, err
+			}
+		}
 	}
 
 	playKubePod.ID = pod.ID()
@@ -703,21 +784,26 @@ func (ic *ContainerEngine) getImageAndLabelInfo(ctx context.Context, cwd string,
 	}
 
 	// Handle kube annotations
-	for k, v := range annotations {
-		switch k {
-		// Auto update annotation without container name will apply to
-		// all containers within the pod
-		case autoupdate.Label, autoupdate.AuthfileLabel:
-			labels[k] = v
-		// Auto update annotation with container name will apply only
-		// to the specified container
-		case fmt.Sprintf("%s/%s", autoupdate.Label, container.Name),
-			fmt.Sprintf("%s/%s", autoupdate.AuthfileLabel, container.Name):
-			prefixAndCtr := strings.Split(k, "/")
-			labels[prefixAndCtr[0]] = v
+	setLabel := func(label string) {
+		var result string
+		ctrSpecific := fmt.Sprintf("%s/%s", label, container.Name)
+		for k, v := range annotations {
+			switch k {
+			case label:
+				result = v
+			case ctrSpecific:
+				labels[label] = v
+				return
+			}
+		}
+		if result != "" {
+			labels[label] = result
 		}
 	}
 
+	setLabel(autoupdate.Label)
+	setLabel(autoupdate.AuthfileLabel)
+
 	return pulledImage, labels, nil
 }
 
@@ -1025,7 +1111,13 @@ func (ic *ContainerEngine) playKubeSecret(secret *v1.Secret) (*entities.SecretCr
 	if secret.Immutable != nil && *secret.Immutable {
 		meta["immutable"] = "true"
 	}
-	secretID, err := secretsManager.Store(secret.Name, data, "file", opts, meta)
+
+	storeOpts := secrets.StoreOptions{
+		DriverOpts: opts,
+		Metadata:   meta,
+	}
+
+	secretID, err := secretsManager.Store(secret.Name, data, "file", storeOpts)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/domain/infra/abi/play_utils.go b/pkg/domain/infra/abi/play_utils.go
new file mode 100644
index 000000000..482a158e6
--- /dev/null
+++ b/pkg/domain/infra/abi/play_utils.go
@@ -0,0 +1,16 @@
+package abi
+
+import "github.com/containers/podman/v4/libpod/define"
+
+// getSdNotifyMode returns the `sdNotifyAnnotation/$name` for the specified
+// name. If name is empty, it'll only look for `sdNotifyAnnotation`.
+func getSdNotifyMode(annotations map[string]string, name string) (string, error) {
+	var mode string
+	switch len(name) {
+	case 0:
+		mode = annotations[sdNotifyAnnotation]
+	default:
+		mode = annotations[sdNotifyAnnotation+"/"+name]
+	}
+	return mode, define.ValidateSdNotifyMode(mode)
+}
diff --git a/pkg/domain/infra/abi/play_utils_test.go b/pkg/domain/infra/abi/play_utils_test.go
new file mode 100644
index 000000000..80a9fe543
--- /dev/null
+++ b/pkg/domain/infra/abi/play_utils_test.go
@@ -0,0 +1,38 @@
+package abi
+
+import (
+	"testing"
+
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetSdNotifyMode(t *testing.T) {
+	tests := []struct {
+		key, value, name, result string
+		mustError                bool
+	}{
+		{sdNotifyAnnotation, define.SdNotifyModeConmon, "", define.SdNotifyModeConmon, false},
+		{sdNotifyAnnotation + "/container-a", define.SdNotifyModeContainer, "container-a", define.SdNotifyModeContainer, false},
+		{sdNotifyAnnotation + "/container-b", define.SdNotifyModeIgnore, "container-b", define.SdNotifyModeIgnore, false},
+		{sdNotifyAnnotation + "/container-c", "", "container-c", "", false},
+		{sdNotifyAnnotation + "-/wrong-key", "xxx", "wrong-key", "", false},
+		{sdNotifyAnnotation + "/container-error", "invalid", "container-error", "", true},
+	}
+
+	annotations := make(map[string]string)
+	// Populate the annotations
+	for _, test := range tests {
+		annotations[test.key] = test.value
+	}
+	// Run the tests
+	for _, test := range tests {
+		result, err := getSdNotifyMode(annotations, test.name)
+		if test.mustError {
+			require.Error(t, err, "%v", test)
+			continue
+		}
+		require.NoError(t, err, "%v", test)
+		require.Equal(t, test.result, result, "%v", test)
+	}
+}
diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go
index 03c8082c4..45a47b46e 100644
--- a/pkg/domain/infra/abi/pods.go
+++ b/pkg/domain/infra/abi/pods.go
@@ -77,7 +77,7 @@ func (ic *ContainerEngine) PodKill(ctx context.Context, namesOrIds []string, opt
 		}
 		if len(conErrs) > 0 {
 			for id, err := range conErrs {
-				report.Errs = append(report.Errs, fmt.Errorf("error killing container %s: %w", id, err))
+				report.Errs = append(report.Errs, fmt.Errorf("killing container %s: %w", id, err))
 			}
 			reports = append(reports, &report)
 			continue
@@ -143,7 +143,7 @@ func (ic *ContainerEngine) PodPause(ctx context.Context, namesOrIds []string, op
 		}
 		if len(errs) > 0 {
 			for id, v := range errs {
-				report.Errs = append(report.Errs, fmt.Errorf("error pausing container %s: %w", id, v))
+				report.Errs = append(report.Errs, fmt.Errorf("pausing container %s: %w", id, v))
 			}
 			reports = append(reports, &report)
 			continue
@@ -177,7 +177,7 @@ func (ic *ContainerEngine) PodUnpause(ctx context.Context, namesOrIds []string,
 		}
 		if len(errs) > 0 {
 			for id, v := range errs {
-				report.Errs = append(report.Errs, fmt.Errorf("error unpausing container %s: %w", id, v))
+				report.Errs = append(report.Errs, fmt.Errorf("unpausing container %s: %w", id, v))
 			}
 			reports = append(reports, &report)
 			continue
@@ -203,7 +203,7 @@ func (ic *ContainerEngine) PodStop(ctx context.Context, namesOrIds []string, opt
 		}
 		if len(errs) > 0 {
 			for id, v := range errs {
-				report.Errs = append(report.Errs, fmt.Errorf("error stopping container %s: %w", id, v))
+				report.Errs = append(report.Errs, fmt.Errorf("stopping container %s: %w", id, v))
 			}
 			reports = append(reports, &report)
 			continue
@@ -229,7 +229,7 @@ func (ic *ContainerEngine) PodRestart(ctx context.Context, namesOrIds []string,
 		}
 		if len(errs) > 0 {
 			for id, v := range errs {
-				report.Errs = append(report.Errs, fmt.Errorf("error restarting container %s: %w", id, v))
+				report.Errs = append(report.Errs, fmt.Errorf("restarting container %s: %w", id, v))
 			}
 			reports = append(reports, &report)
 			continue
@@ -256,7 +256,7 @@ func (ic *ContainerEngine) PodStart(ctx context.Context, namesOrIds []string, op
 		}
 		if len(errs) > 0 {
 			for id, v := range errs {
-				report.Errs = append(report.Errs, fmt.Errorf("error starting container %s: %w", id, v))
+				report.Errs = append(report.Errs, fmt.Errorf("starting container %s: %w", id, v))
 			}
 			reports = append(reports, &report)
 			continue
@@ -505,23 +505,49 @@ func (ic *ContainerEngine) PodPs(ctx context.Context, options entities.PodPSOpti
 	return reports, nil
 }
 
-func (ic *ContainerEngine) PodInspect(ctx context.Context, options entities.PodInspectOptions) (*entities.PodInspectReport, error) {
-	var (
-		pod *libpod.Pod
-		err error
-	)
-	// Look up the pod.
+func (ic *ContainerEngine) PodInspect(ctx context.Context, nameOrIDs []string, options entities.InspectOptions) ([]*entities.PodInspectReport, []error, error) {
 	if options.Latest {
-		pod, err = ic.Libpod.GetLatestPod()
-	} else {
-		pod, err = ic.Libpod.LookupPod(options.NameOrID)
-	}
-	if err != nil {
-		return nil, fmt.Errorf("unable to look up requested container: %w", err)
+		pod, err := ic.Libpod.GetLatestPod()
+		if err != nil {
+			return nil, nil, err
+		}
+		inspect, err := pod.Inspect()
+		if err != nil {
+			return nil, nil, err
+		}
+
+		return []*entities.PodInspectReport{
+			{
+				InspectPodData: inspect,
+			},
+		}, nil, nil
 	}
-	inspect, err := pod.Inspect()
-	if err != nil {
-		return nil, err
+
+	var errs []error
+	podReport := make([]*entities.PodInspectReport, 0, len(nameOrIDs))
+	for _, name := range nameOrIDs {
+		pod, err := ic.Libpod.LookupPod(name)
+		if err != nil {
+			// ErrNoSuchPod is non-fatal, other errors will be
+			// treated as fatal.
+			if errors.Is(err, define.ErrNoSuchPod) {
+				errs = append(errs, fmt.Errorf("no such pod %s", name))
+				continue
+			}
+			return nil, nil, err
+		}
+
+		inspect, err := pod.Inspect()
+		if err != nil {
+			// ErrNoSuchPod is non-fatal, other errors will be
+			// treated as fatal.
+			if errors.Is(err, define.ErrNoSuchPod) {
+				errs = append(errs, fmt.Errorf("no such pod %s", name))
+				continue
+			}
+			return nil, nil, err
+		}
+		podReport = append(podReport, &entities.PodInspectReport{InspectPodData: inspect})
 	}
-	return &entities.PodInspectReport{InspectPodData: inspect}, nil
+	return podReport, errs, nil
 }
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index e82fa4fdd..47159d65a 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/containers/common/pkg/secrets"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/containers/podman/v4/pkg/domain/utils"
 )
@@ -42,10 +43,15 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
 		}
 	}
 
-	secretID, err := manager.Store(name, data, options.Driver, options.DriverOpts, nil)
+	storeOpts := secrets.StoreOptions{
+		DriverOpts: options.DriverOpts,
+	}
+
+	secretID, err := manager.Store(name, data, options.Driver, storeOpts)
 	if err != nil {
 		return nil, err
 	}
+
 	return &entities.SecretCreateReport{
 		ID: secretID,
 	}, nil
@@ -65,7 +71,7 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
 				errs = append(errs, err)
 				continue
 			} else {
-				return nil, nil, fmt.Errorf("error inspecting secret %s: %w", nameOrID, err)
+				return nil, nil, fmt.Errorf("inspecting secret %s: %w", nameOrID, err)
 			}
 		}
 		report := &entities.SecretInfoReport{
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index 3389abd88..da903df9e 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -11,7 +11,6 @@ import (
 
 	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/common/pkg/config"
-	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/containers/podman/v4/pkg/domain/entities/reports"
@@ -321,19 +320,9 @@ func (ic *ContainerEngine) SystemDf(ctx context.Context, options entities.System
 		return nil, err
 	}
 
-	running, err := ic.Libpod.GetRunningContainers()
-	if err != nil {
-		return nil, err
-	}
-	runningContainers := make([]string, 0, len(running))
-	for _, c := range running {
-		runningContainers = append(runningContainers, c.ID())
-	}
-
 	dfVolumes := make([]*entities.SystemDfVolumeReport, 0, len(vols))
 	for _, v := range vols {
 		var reclaimableSize uint64
-		var consInUse int
 		mountPoint, err := v.MountPoint()
 		if err != nil {
 			return nil, err
@@ -355,14 +344,9 @@ func (ic *ContainerEngine) SystemDf(ctx context.Context, options entities.System
 		if len(inUse) == 0 {
 			reclaimableSize = volSize
 		}
-		for _, viu := range inUse {
-			if cutil.StringInSlice(viu, runningContainers) {
-				consInUse++
-			}
-		}
 		report := entities.SystemDfVolumeReport{
 			VolumeName:      v.Name(),
-			Links:           consInUse,
+			Links:           len(inUse),
 			Size:            int64(volSize),
 			ReclaimableSize: int64(reclaimableSize),
 		}
diff --git a/pkg/domain/infra/abi/terminal/sigproxy_linux.go b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
index 16d345f06..3a0132ef3 100644
--- a/pkg/domain/infra/abi/terminal/sigproxy_linux.go
+++ b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
@@ -1,3 +1,6 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
 package terminal
 
 import (
diff --git a/pkg/domain/infra/abi/terminal/terminal_linux.go b/pkg/domain/infra/abi/terminal/terminal_common.go
index 222590871..d00595908 100644
--- a/pkg/domain/infra/abi/terminal/terminal_linux.go
+++ b/pkg/domain/infra/abi/terminal/terminal_common.go
@@ -1,3 +1,6 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
 package terminal
 
 import (
@@ -103,7 +106,7 @@ func StartAttachCtr(ctx context.Context, ctr *libpod.Container, stdout, stderr,
 
 	err = <-attachChan
 	if err != nil {
-		return fmt.Errorf("error attaching to container %s: %w", ctr.ID(), err)
+		return fmt.Errorf("attaching to container %s: %w", ctr.ID(), err)
 	}
 
 	return nil
diff --git a/pkg/domain/infra/abi/terminal/terminal_unsupported.go b/pkg/domain/infra/abi/terminal/terminal_unsupported.go
new file mode 100644
index 000000000..21ed6c8d4
--- /dev/null
+++ b/pkg/domain/infra/abi/terminal/terminal_unsupported.go
@@ -0,0 +1,25 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package terminal
+
+import (
+	"context"
+	"errors"
+	"os"
+
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/libpod/define"
+)
+
+// ExecAttachCtr execs and attaches to a container
+func ExecAttachCtr(ctx context.Context, ctr *libpod.Container, execConfig *libpod.ExecConfig, streams *define.AttachStreams) (int, error) {
+	return -1, errors.New("not implemented ExecAttachCtr")
+}
+
+// StartAttachCtr starts and (if required) attaches to a container
+// if you change the signature of this function from os.File to io.Writer, it will trigger a downstream
+// error. we may need to just lint disable this one.
+func StartAttachCtr(ctx context.Context, ctr *libpod.Container, stdout, stderr, stdin *os.File, detachKeys string, sigProxy bool, startContainer bool) error { //nolint: interfacer
+	return errors.New("not implemented StartAttachCtr")
+}
diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go
index 0e3d8fad9..c58ddff06 100644
--- a/pkg/domain/infra/abi/trust.go
+++ b/pkg/domain/infra/abi/trust.go
@@ -2,16 +2,11 @@ package abi
 
 import (
 	"context"
-	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
-	"os"
-	"strings"
 
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/containers/podman/v4/pkg/trust"
-	"github.com/sirupsen/logrus"
 )
 
 func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options entities.ShowTrustOptions) (*entities.ShowTrustReport, error) {
@@ -34,11 +29,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
 	if len(options.RegistryPath) > 0 {
 		report.SystemRegistriesDirPath = options.RegistryPath
 	}
-	policyContentStruct, err := trust.GetPolicy(policyPath)
-	if err != nil {
-		return nil, fmt.Errorf("could not read trust policies: %w", err)
-	}
-	report.Policies, err = getPolicyShowOutput(policyContentStruct, report.SystemRegistriesDirPath)
+	report.Policies, err = trust.PolicyDescription(policyPath, report.SystemRegistriesDirPath)
 	if err != nil {
 		return nil, fmt.Errorf("could not show trust policies: %w", err)
 	}
@@ -46,133 +37,19 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
 }
 
 func (ir *ImageEngine) SetTrust(ctx context.Context, args []string, options entities.SetTrustOptions) error {
-	var (
-		policyContentStruct trust.PolicyContent
-		newReposContent     []trust.RepoContent
-	)
-	trustType := options.Type
-	if trustType == "accept" {
-		trustType = "insecureAcceptAnything"
-	}
-
-	pubkeysfile := options.PubKeysFile
-	if len(pubkeysfile) == 0 && trustType == "signedBy" {
-		return errors.New("at least one public key must be defined for type 'signedBy'")
+	if len(args) != 1 {
+		return fmt.Errorf("SetTrust called with unexpected %d args", len(args))
 	}
+	scope := args[0]
 
 	policyPath := trust.DefaultPolicyPath(ir.Libpod.SystemContext())
 	if len(options.PolicyPath) > 0 {
 		policyPath = options.PolicyPath
 	}
-	_, err := os.Stat(policyPath)
-	if !os.IsNotExist(err) {
-		policyContent, err := ioutil.ReadFile(policyPath)
-		if err != nil {
-			return err
-		}
-		if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
-			return errors.New("could not read trust policies")
-		}
-	}
-	if len(pubkeysfile) != 0 {
-		for _, filepath := range pubkeysfile {
-			newReposContent = append(newReposContent, trust.RepoContent{Type: trustType, KeyType: "GPGKeys", KeyPath: filepath})
-		}
-	} else {
-		newReposContent = append(newReposContent, trust.RepoContent{Type: trustType})
-	}
-	if args[0] == "default" {
-		policyContentStruct.Default = newReposContent
-	} else {
-		if len(policyContentStruct.Default) == 0 {
-			return errors.New("default trust policy must be set")
-		}
-		registryExists := false
-		for transport, transportval := range policyContentStruct.Transports {
-			_, registryExists = transportval[args[0]]
-			if registryExists {
-				policyContentStruct.Transports[transport][args[0]] = newReposContent
-				break
-			}
-		}
-		if !registryExists {
-			if policyContentStruct.Transports == nil {
-				policyContentStruct.Transports = make(map[string]trust.RepoMap)
-			}
-			if policyContentStruct.Transports["docker"] == nil {
-				policyContentStruct.Transports["docker"] = make(map[string][]trust.RepoContent)
-			}
-			policyContentStruct.Transports["docker"][args[0]] = append(policyContentStruct.Transports["docker"][args[0]], newReposContent...)
-		}
-	}
-
-	data, err := json.MarshalIndent(policyContentStruct, "", "    ")
-	if err != nil {
-		return fmt.Errorf("error setting trust policy: %w", err)
-	}
-	return ioutil.WriteFile(policyPath, data, 0644)
-}
-
-func getPolicyShowOutput(policyContentStruct trust.PolicyContent, systemRegistriesDirPath string) ([]*trust.Policy, error) {
-	var output []*trust.Policy
-
-	registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(policyContentStruct.Default) > 0 {
-		defaultPolicyStruct := trust.Policy{
-			Transport: "all",
-			Name:      "* (default)",
-			RepoName:  "default",
-			Type:      trustTypeDescription(policyContentStruct.Default[0].Type),
-		}
-		output = append(output, &defaultPolicyStruct)
-	}
-	for transport, transval := range policyContentStruct.Transports {
-		if transport == "docker" {
-			transport = "repository"
-		}
 
-		for repo, repoval := range transval {
-			tempTrustShowOutput := trust.Policy{
-				Name:      repo,
-				RepoName:  repo,
-				Transport: transport,
-				Type:      trustTypeDescription(repoval[0].Type),
-			}
-			// TODO - keyarr is not used and I don't know its intent; commenting out for now for someone to fix later
-			// keyarr := []string{}
-			uids := []string{}
-			for _, repoele := range repoval {
-				if len(repoele.KeyPath) > 0 {
-					// keyarr = append(keyarr, repoele.KeyPath)
-					uids = append(uids, trust.GetGPGIdFromKeyPath(repoele.KeyPath)...)
-				}
-				if len(repoele.KeyData) > 0 {
-					// keyarr = append(keyarr, string(repoele.KeyData))
-					uids = append(uids, trust.GetGPGIdFromKeyData(repoele.KeyData)...)
-				}
-			}
-			tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
-
-			registryNamespace := trust.HaveMatchRegistry(repo, registryConfigs)
-			if registryNamespace != nil {
-				tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
-			}
-			output = append(output, &tempTrustShowOutput)
-		}
-	}
-	return output, nil
-}
-
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
-	trustDescription, exist := typeDescription[trustType]
-	if !exist {
-		logrus.Warnf("Invalid trust type %s", trustType)
-	}
-	return trustDescription
+	return trust.AddPolicyEntries(policyPath, trust.AddPolicyEntriesInput{
+		Scope:       scope,
+		Type:        options.Type,
+		PubKeyFiles: options.PubKeysFile,
+	})
 }
diff --git a/pkg/domain/infra/abi/volumes.go b/pkg/domain/infra/abi/volumes.go
index 5e95a0551..bdfd4d5aa 100644
--- a/pkg/domain/infra/abi/volumes.go
+++ b/pkg/domain/infra/abi/volumes.go
@@ -96,7 +96,7 @@ func (ic *ContainerEngine) VolumeInspect(ctx context.Context, namesOrIds []strin
 					errs = append(errs, fmt.Errorf("no such volume %s", v))
 					continue
 				} else {
-					return nil, nil, fmt.Errorf("error inspecting volume %s: %w", v, err)
+					return nil, nil, fmt.Errorf("inspecting volume %s: %w", v, err)
 				}
 			}
 			vols = append(vols, vol)
diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go
index f76fab4ea..a23a23653 100644
--- a/pkg/domain/infra/runtime_libpod.go
+++ b/pkg/domain/infra/runtime_libpod.go
@@ -294,57 +294,6 @@ func ParseIDMapping(mode namespaces.UsernsMode, uidMapSlice, gidMapSlice []strin
 		options.AutoUserNsOpts = *opts
 		return &options, nil
 	}
-	if mode.IsKeepID() {
-		if len(uidMapSlice) > 0 || len(gidMapSlice) > 0 {
-			return nil, errors.New("cannot specify custom mappings with --userns=keep-id")
-		}
-		if len(subUIDMap) > 0 || len(subGIDMap) > 0 {
-			return nil, errors.New("cannot specify subuidmap or subgidmap with --userns=keep-id")
-		}
-		if !rootless.IsRootless() {
-			return nil, errors.New("keep-id is only supported in rootless mode")
-		}
-		min := func(a, b int) int {
-			if a < b {
-				return a
-			}
-			return b
-		}
-
-		uid := rootless.GetRootlessUID()
-		gid := rootless.GetRootlessGID()
-
-		uids, gids, err := rootless.GetConfiguredMappings()
-		if err != nil {
-			return nil, fmt.Errorf("cannot read mappings: %w", err)
-		}
-		maxUID, maxGID := 0, 0
-		for _, u := range uids {
-			maxUID += u.Size
-		}
-		for _, g := range gids {
-			maxGID += g.Size
-		}
-
-		options.UIDMap, options.GIDMap = nil, nil
-
-		options.UIDMap = append(options.UIDMap, idtools.IDMap{ContainerID: 0, HostID: 1, Size: min(uid, maxUID)})
-		options.UIDMap = append(options.UIDMap, idtools.IDMap{ContainerID: uid, HostID: 0, Size: 1})
-		if maxUID > uid {
-			options.UIDMap = append(options.UIDMap, idtools.IDMap{ContainerID: uid + 1, HostID: uid + 1, Size: maxUID - uid})
-		}
-
-		options.GIDMap = append(options.GIDMap, idtools.IDMap{ContainerID: 0, HostID: 1, Size: min(gid, maxGID)})
-		options.GIDMap = append(options.GIDMap, idtools.IDMap{ContainerID: gid, HostID: 0, Size: 1})
-		if maxGID > gid {
-			options.GIDMap = append(options.GIDMap, idtools.IDMap{ContainerID: gid + 1, HostID: gid + 1, Size: maxGID - gid})
-		}
-
-		options.HostUIDMapping = false
-		options.HostGIDMapping = false
-		// Simply ignore the setting and do not set up an inner namespace for root as it is a no-op
-		return &options, nil
-	}
 
 	if subGIDMap == "" && subUIDMap != "" {
 		subGIDMap = subUIDMap
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 98c73c51a..0dc73081d 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -61,9 +61,9 @@ func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []stri
 	if err != nil {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	for i := range ctrs {
-		ctrMap[ctrs[i].ID] = rawInputs[i]
+		idToRawInput[ctrs[i].ID] = rawInputs[i]
 	}
 	reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
 	for _, c := range ctrs {
@@ -75,7 +75,7 @@ func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []stri
 		reports = append(reports, &entities.PauseUnpauseReport{
 			Id:       c.ID,
 			Err:      err,
-			RawInput: ctrMap[c.ID],
+			RawInput: idToRawInput[c.ID],
 		})
 	}
 	return reports, nil
@@ -86,9 +86,9 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st
 	if err != nil {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	for i := range ctrs {
-		ctrMap[ctrs[i].ID] = rawInputs[i]
+		idToRawInput[ctrs[i].ID] = rawInputs[i]
 	}
 	reports := make([]*entities.PauseUnpauseReport, 0, len(ctrs))
 	for _, c := range ctrs {
@@ -100,7 +100,7 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st
 		reports = append(reports, &entities.PauseUnpauseReport{
 			Id:       c.ID,
 			Err:      err,
-			RawInput: ctrMap[c.ID],
+			RawInput: idToRawInput[c.ID],
 		})
 	}
 	return reports, nil
@@ -111,9 +111,9 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin
 	if err != nil {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	for i := range ctrs {
-		ctrMap[ctrs[i].ID] = rawInputs[i]
+		idToRawInput[ctrs[i].ID] = rawInputs[i]
 	}
 	options := new(containers.StopOptions).WithIgnore(opts.Ignore)
 	if to := opts.Timeout; to != nil {
@@ -123,7 +123,7 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin
 	for _, c := range ctrs {
 		report := entities.StopReport{
 			Id:       c.ID,
-			RawInput: ctrMap[c.ID],
+			RawInput: idToRawInput[c.ID],
 		}
 		if err = containers.Stop(ic.ClientCtx, c.ID, options); err != nil {
 			// These first two are considered non-fatal under the right conditions
@@ -154,9 +154,9 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin
 	if err != nil {
 		return nil, err
 	}
-	ctrMap := map[string]string{}
+	idToRawInput := map[string]string{}
 	for i := range ctrs {
-		ctrMap[ctrs[i].ID] = rawInputs[i]
+		idToRawInput[ctrs[i].ID] = rawInputs[i]
 	}
 	options := new(containers.KillOptions).WithSignal(opts.Signal)
 	reports := make([]*entities.KillReport, 0, len(ctrs))
@@ -169,7 +169,7 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin
 		reports = append(reports, &entities.KillReport{
 			Id:       c.ID,
 			Err:      err,
-			RawInput: ctrMap[c.ID],
+			RawInput: idToRawInput[c.ID],
 		})
 	}
 	return reports, nil
@@ -183,17 +183,22 @@ func (ic *ContainerEngine) ContainerRestart(ctx context.Context, namesOrIds []st
 	if to := opts.Timeout; to != nil {
 		options.WithTimeout(int(*to))
 	}
-	ctrs, err := getContainersByContext(ic.ClientCtx, opts.All, false, namesOrIds)
+	ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, opts.All, false, namesOrIds, opts.Filters)
 	if err != nil {
 		return nil, err
 	}
+	idToRawInput := map[string]string{}
+	for i := range ctrs {
+		idToRawInput[ctrs[i].ID] = rawInputs[i]
+	}
 	for _, c := range ctrs {
 		if opts.Running && c.State != define.ContainerStateRunning.String() {
 			continue
 		}
 		reports = append(reports, &entities.RestartReport{
-			Id:  c.ID,
-			Err: containers.Restart(ic.ClientCtx, c.ID, options),
+			Id:       c.ID,
+			Err:      containers.Restart(ic.ClientCtx, c.ID, options),
+			RawInput: idToRawInput[c.ID],
 		})
 	}
 	return reports, nil
@@ -208,11 +213,18 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string,
 
 	toRemove := []string{}
 	alreadyRemoved := make(map[string]bool) // Avoids trying to remove already removed containers
-	if opts.All {
-		ctrs, err := getContainersByContext(ic.ClientCtx, opts.All, opts.Ignore, nil)
+	idToRawInput := map[string]string{}
+
+	if opts.All || len(opts.Filters) > 0 {
+		ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, opts.All, opts.Ignore, nil, opts.Filters)
 		if err != nil {
 			return nil, err
 		}
+		if len(rawInputs) == len(ctrs) {
+			for i := range ctrs {
+				idToRawInput[ctrs[i].ID] = rawInputs[i]
+			}
+		}
 		for _, c := range ctrs {
 			toRemove = append(toRemove, c.ID)
 		}
@@ -225,10 +237,15 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string,
 			// instead of the ID. Since this can only happen
 			// with external containers, it poses no threat
 			// to the `alreadyRemoved` checks below.
-			ctrs, err := getContainersByContext(ic.ClientCtx, false, true, []string{ctr})
+			ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, false, true, []string{ctr}, opts.Filters)
 			if err != nil {
 				return nil, err
 			}
+			if len(rawInputs) == len(ctrs) {
+				for i := range ctrs {
+					idToRawInput[ctrs[i].ID] = rawInputs[i]
+				}
+			}
 			id := ctr
 			if len(ctrs) == 1 {
 				id = ctrs[0].ID
@@ -238,13 +255,20 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string,
 	}
 
 	rmReports := make([]*reports.RmReport, 0, len(toRemove))
-	for _, nameOrID := range toRemove {
-		if alreadyRemoved[nameOrID] {
+	for _, rmCtr := range toRemove {
+		if alreadyRemoved[rmCtr] {
 			continue
 		}
-		newReports, err := containers.Remove(ic.ClientCtx, nameOrID, options)
+		if ctr, exist := idToRawInput[rmCtr]; exist {
+			rmCtr = ctr
+		}
+		newReports, err := containers.Remove(ic.ClientCtx, rmCtr, options)
 		if err != nil {
-			rmReports = append(rmReports, &reports.RmReport{Id: nameOrID, Err: err})
+			rmReports = append(rmReports, &reports.RmReport{
+				Id:       rmCtr,
+				Err:      err,
+				RawInput: idToRawInput[rmCtr],
+			})
 			continue
 		}
 		for i := range newReports {
@@ -307,7 +331,7 @@ func (ic *ContainerEngine) ContainerCommit(ctx context.Context, nameOrID string,
 	if len(opts.ImageName) > 0 {
 		ref, err := reference.Parse(opts.ImageName)
 		if err != nil {
-			return nil, fmt.Errorf("error parsing reference %q: %w", opts.ImageName, err)
+			return nil, fmt.Errorf("parsing reference %q: %w", opts.ImageName, err)
 		}
 		if t, ok := ref.(reference.Tagged); ok {
 			tag = t.Tag()
@@ -343,6 +367,12 @@ func (ic *ContainerEngine) ContainerExport(ctx context.Context, nameOrID string,
 }
 
 func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds []string, opts entities.CheckpointOptions) ([]*entities.CheckpointReport, error) {
+	var (
+		err          error
+		ctrs         []entities.ListContainer
+		rawInputs    []string
+		idToRawInput = map[string]string{}
+	)
 	options := new(containers.CheckpointOptions)
 	options.WithFileLocks(opts.FileLocks)
 	options.WithIgnoreRootfs(opts.IgnoreRootFS)
@@ -355,11 +385,6 @@ func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds [
 	options.WithLeaveRunning(opts.LeaveRunning)
 	options.WithWithPrevious(opts.WithPrevious)
 
-	var (
-		err  error
-		ctrs = []entities.ListContainer{}
-	)
-
 	if opts.All {
 		allCtrs, err := getContainersByContext(ic.ClientCtx, true, false, []string{})
 		if err != nil {
@@ -372,10 +397,15 @@ func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds [
 			}
 		}
 	} else {
-		ctrs, err = getContainersByContext(ic.ClientCtx, false, false, namesOrIds)
+		ctrs, rawInputs, err = getContainersAndInputByContext(ic.ClientCtx, false, false, namesOrIds, nil)
 		if err != nil {
 			return nil, err
 		}
+		if len(rawInputs) == len(ctrs) {
+			for i := range ctrs {
+				idToRawInput[ctrs[i].ID] = rawInputs[i]
+			}
+		}
 	}
 	reports := make([]*entities.CheckpointReport, 0, len(ctrs))
 	for _, c := range ctrs {
@@ -383,6 +413,7 @@ func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds [
 		if err != nil {
 			reports = append(reports, &entities.CheckpointReport{Id: c.ID, Err: err})
 		} else {
+			report.RawInput = idToRawInput[c.ID]
 			reports = append(reports, report)
 		}
 	}
@@ -394,6 +425,10 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 		return nil, fmt.Errorf("--import-previous is not supported on the remote client")
 	}
 
+	var (
+		ids          []string
+		idToRawInput = map[string]string{}
+	)
 	options := new(containers.RestoreOptions)
 	options.WithFileLocks(opts.FileLocks)
 	options.WithIgnoreRootfs(opts.IgnoreRootFS)
@@ -412,10 +447,6 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 		report, err := containers.Restore(ic.ClientCtx, "", options)
 		return []*entities.RestoreReport{report}, err
 	}
-
-	var (
-		ids = []string{}
-	)
 	if opts.All {
 		allCtrs, err := getContainersByContext(ic.ClientCtx, true, false, []string{})
 		if err != nil {
@@ -438,6 +469,7 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 			ctrData, _, err := ic.ContainerInspect(ic.ClientCtx, []string{nameOrID}, entities.InspectOptions{})
 			if err == nil && len(ctrData) > 0 {
 				ids = append(ids, ctrData[0].ID)
+				idToRawInput[ctrData[0].ID] = nameOrID
 			} else {
 				// If container was not found, check if this is a checkpoint image
 				inspectReport, err := images.GetImage(ic.ClientCtx, nameOrID, getImageOptions)
@@ -461,6 +493,7 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st
 		if err != nil {
 			reports = append(reports, &entities.RestoreReport{Id: id, Err: err})
 		}
+		report.RawInput = idToRawInput[report.Id]
 		reports = append(reports, report)
 	}
 	return reports, nil
@@ -484,7 +517,7 @@ func (ic *ContainerEngine) ContainerLogs(_ context.Context, nameOrIDs []string,
 	stdout := opts.StdoutWriter != nil
 	stderr := opts.StderrWriter != nil
 	options := new(containers.LogOptions).WithFollow(opts.Follow).WithSince(since).WithUntil(until).WithStderr(stderr)
-	options.WithStdout(stdout).WithTail(tail)
+	options.WithStdout(stdout).WithTail(tail).WithTimestamps(opts.Timestamps)
 
 	var err error
 	stdoutCh := make(chan string)
@@ -639,39 +672,16 @@ func logIfRmError(id string, err error, reports []*reports.RmReport) {
 func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []string, options entities.ContainerStartOptions) ([]*entities.ContainerStartReport, error) {
 	reports := []*entities.ContainerStartReport{}
 	var exitCode = define.ExecErrorCodeGeneric
-	containersNamesOrIds := namesOrIds
-	all := options.All
-	if len(options.Filters) > 0 {
-		all = false
-		containersNamesOrIds = []string{}
-		opts := new(containers.ListOptions).WithFilters(options.Filters).WithAll(true)
-		candidates, listErr := containers.List(ic.ClientCtx, opts)
-		if listErr != nil {
-			return nil, listErr
-		}
-		for _, candidate := range candidates {
-			if options.All {
-				containersNamesOrIds = append(containersNamesOrIds, candidate.ID)
-				continue
-			}
-			for _, nameOrID := range namesOrIds {
-				if nameOrID == candidate.ID {
-					containersNamesOrIds = append(containersNamesOrIds, nameOrID)
-					continue
-				}
-				for _, containerName := range candidate.Names {
-					if containerName == nameOrID {
-						containersNamesOrIds = append(containersNamesOrIds, nameOrID)
-						continue
-					}
-				}
-			}
-		}
-	}
-	ctrs, err := getContainersByContext(ic.ClientCtx, all, false, containersNamesOrIds)
+	ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, options.All, false, namesOrIds, options.Filters)
 	if err != nil {
 		return nil, err
 	}
+	idToRawInput := map[string]string{}
+	if len(rawInputs) == len(ctrs) {
+		for i := range ctrs {
+			idToRawInput[ctrs[i].ID] = rawInputs[i]
+		}
+	}
 	removeOptions := new(containers.RemoveOptions).WithVolumes(true).WithForce(false)
 	removeContainer := func(id string) {
 		reports, err := containers.Remove(ic.ClientCtx, id, removeOptions)
@@ -679,15 +689,11 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
 	}
 
 	// There can only be one container if attach was used
-	for i, ctr := range ctrs {
+	for _, ctr := range ctrs {
 		name := ctr.ID
-		rawInput := ctr.ID
-		if !options.All {
-			rawInput = namesOrIds[i]
-		}
 		report := entities.ContainerStartReport{
 			Id:       name,
-			RawInput: rawInput,
+			RawInput: idToRawInput[name],
 			ExitCode: exitCode,
 		}
 		ctrRunning := ctr.State == define.ContainerStateRunning.String()
@@ -916,21 +922,28 @@ func (ic *ContainerEngine) ContainerCleanup(ctx context.Context, namesOrIds []st
 }
 
 func (ic *ContainerEngine) ContainerInit(ctx context.Context, namesOrIds []string, options entities.ContainerInitOptions) ([]*entities.ContainerInitReport, error) {
-	ctrs, err := getContainersByContext(ic.ClientCtx, options.All, false, namesOrIds)
+	ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, options.All, false, namesOrIds, nil)
 	if err != nil {
 		return nil, err
 	}
+	idToRawInput := map[string]string{}
+	if len(rawInputs) == len(ctrs) {
+		for i := range ctrs {
+			idToRawInput[ctrs[i].ID] = rawInputs[i]
+		}
+	}
 	reports := make([]*entities.ContainerInitReport, 0, len(ctrs))
-	for _, ctr := range ctrs {
-		err := containers.ContainerInit(ic.ClientCtx, ctr.ID, nil)
+	for _, c := range ctrs {
+		err := containers.ContainerInit(ic.ClientCtx, c.ID, nil)
 		// When using all, it is NOT considered an error if a container
 		// has already been init'd.
 		if err != nil && options.All && strings.Contains(err.Error(), define.ErrCtrStateInvalid.Error()) {
 			err = nil
 		}
 		reports = append(reports, &entities.ContainerInitReport{
-			Err: err,
-			Id:  ctr.ID,
+			Err:      err,
+			RawInput: idToRawInput[c.ID],
+			Id:       c.ID,
 		})
 	}
 	return reports, nil
@@ -1011,3 +1024,16 @@ func (ic *ContainerEngine) ContainerRename(ctx context.Context, nameOrID string,
 func (ic *ContainerEngine) ContainerClone(ctx context.Context, ctrCloneOpts entities.ContainerCloneOptions) (*entities.ContainerCreateReport, error) {
 	return nil, errors.New("cloning a container is not supported on the remote client")
 }
+
+// ContainerUpdate finds and updates the given container's cgroup config with the specified options
+func (ic *ContainerEngine) ContainerUpdate(ctx context.Context, updateOptions *entities.ContainerUpdateOptions) (string, error) {
+	err := specgen.WeightDevices(updateOptions.Specgen)
+	if err != nil {
+		return "", err
+	}
+	err = specgen.FinishThrottleDevices(updateOptions.Specgen)
+	if err != nil {
+		return "", err
+	}
+	return containers.Update(ic.ClientCtx, updateOptions)
+}
diff --git a/pkg/domain/infra/tunnel/generate.go b/pkg/domain/infra/tunnel/generate.go
index 235d478ec..d3c3638cb 100644
--- a/pkg/domain/infra/tunnel/generate.go
+++ b/pkg/domain/infra/tunnel/generate.go
@@ -2,6 +2,7 @@ package tunnel
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/containers/podman/v4/pkg/bindings/generate"
 	"github.com/containers/podman/v4/pkg/domain/entities"
@@ -18,7 +19,8 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string,
 		WithSeparator(opts.Separator).
 		WithWants(opts.Wants).
 		WithAfter(opts.After).
-		WithRequires(opts.Requires)
+		WithRequires(opts.Requires).
+		WithAdditionalEnvVariables(opts.AdditionalEnvVariables)
 
 	if opts.StartTimeout != nil {
 		options.WithStartTimeout(*opts.StartTimeout)
@@ -43,3 +45,7 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string,
 	options := new(generate.KubeOptions).WithService(opts.Service)
 	return generate.Kube(ic.ClientCtx, nameOrIDs, options)
 }
+
+func (ic *ContainerEngine) GenerateSpec(ctx context.Context, opts *entities.GenerateSpecOptions) (*entities.GenerateSpecReport, error) {
+	return nil, fmt.Errorf("GenerateSpec is not supported on the remote API")
+}
diff --git a/pkg/domain/infra/tunnel/helpers.go b/pkg/domain/infra/tunnel/helpers.go
index 9ff1641f0..90d558119 100644
--- a/pkg/domain/infra/tunnel/helpers.go
+++ b/pkg/domain/infra/tunnel/helpers.go
@@ -14,7 +14,7 @@ import (
 
 // FIXME: the `ignore` parameter is very likely wrong here as it should rather
 //        be used on *errors* from operations such as remove.
-func getContainersByContext(contextWithConnection context.Context, all, ignore bool, namesOrIDs []string) ([]entities.ListContainer, error) {
+func getContainersByContext(contextWithConnection context.Context, all, ignore bool, namesOrIDs []string) ([]entities.ListContainer, error) { //nolint:unparam
 	ctrs, _, err := getContainersAndInputByContext(contextWithConnection, all, ignore, namesOrIDs, nil)
 	return ctrs, err
 }
@@ -31,8 +31,17 @@ func getContainersAndInputByContext(contextWithConnection context.Context, all,
 	rawInputs := []string{}
 	switch {
 	case len(filters) > 0:
+		namesOrIDs = nil
 		for i := range allContainers {
-			namesOrIDs = append(namesOrIDs, allContainers[i].ID)
+			if len(namesOrIDs) > 0 {
+				for _, name := range namesOrIDs {
+					if name == allContainers[i].ID {
+						namesOrIDs = append(namesOrIDs, allContainers[i].ID)
+					}
+				}
+			} else {
+				namesOrIDs = append(namesOrIDs, allContainers[i].ID)
+			}
 		}
 	case all:
 		for i := range allContainers {
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index 4f79325fd..cc99b1b3a 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/containers/common/libimage"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/pkg/bindings/images"
@@ -28,7 +29,7 @@ func (ir *ImageEngine) Exists(_ context.Context, nameOrID string) (*entities.Boo
 }
 
 func (ir *ImageEngine) Remove(ctx context.Context, imagesArg []string, opts entities.ImageRemoveOptions) (*entities.ImageRemoveReport, []error) {
-	options := new(images.RemoveOptions).WithForce(opts.Force).WithIgnore(opts.Ignore).WithAll(opts.All).WithLookupManifest(opts.LookupManifest)
+	options := new(images.RemoveOptions).WithForce(opts.Force).WithIgnore(opts.Ignore).WithAll(opts.All).WithLookupManifest(opts.LookupManifest).WithNoPrune(opts.NoPrune)
 	return images.Remove(ir.ClientCtx, imagesArg, options)
 }
 
@@ -109,6 +110,7 @@ func (ir *ImageEngine) Pull(ctx context.Context, rawImage string, opts entities.
 	options.WithAllTags(opts.AllTags).WithAuthfile(opts.Authfile).WithArch(opts.Arch).WithOS(opts.OS)
 	options.WithVariant(opts.Variant).WithPassword(opts.Password)
 	options.WithQuiet(opts.Quiet).WithUsername(opts.Username).WithPolicy(opts.PullPolicy.String())
+	options.WithProgressWriter(opts.Writer)
 	if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
 		if s == types.OptionalBoolTrue {
 			options.WithSkipTLSVerify(true)
@@ -131,7 +133,7 @@ func (ir *ImageEngine) Tag(ctx context.Context, nameOrID string, tags []string,
 		)
 		ref, err := reference.Parse(newTag)
 		if err != nil {
-			return fmt.Errorf("error parsing reference %q: %w", newTag, err)
+			return fmt.Errorf("parsing reference %q: %w", newTag, err)
 		}
 		if t, ok := ref.(reference.Tagged); ok {
 			tag = t.Tag()
@@ -161,7 +163,7 @@ func (ir *ImageEngine) Untag(ctx context.Context, nameOrID string, tags []string
 		)
 		ref, err := reference.Parse(newTag)
 		if err != nil {
-			return fmt.Errorf("error parsing reference %q: %w", newTag, err)
+			return fmt.Errorf("parsing reference %q: %w", newTag, err)
 		}
 		if t, ok := ref.(reference.Tagged); ok {
 			tag = t.Tag()
@@ -240,7 +242,7 @@ func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOpti
 
 func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, opts entities.ImagePushOptions) error {
 	options := new(images.PushOptions)
-	options.WithAll(opts.All).WithCompress(opts.Compress).WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile).WithFormat(opts.Format).WithRemoveSignatures(opts.RemoveSignatures).WithQuiet(opts.Quiet).WithCompressionFormat(opts.CompressionFormat)
+	options.WithAll(opts.All).WithCompress(opts.Compress).WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile).WithFormat(opts.Format).WithRemoveSignatures(opts.RemoveSignatures).WithQuiet(opts.Quiet).WithCompressionFormat(opts.CompressionFormat).WithProgressWriter(opts.Writer)
 
 	if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
 		if s == types.OptionalBoolTrue {
@@ -364,7 +366,7 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 	return nil, errors.New("not implemented yet")
 }
 
-func (ir *ImageEngine) Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool) error {
+func (ir *ImageEngine) Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool, sshMode ssh.EngineMode) error {
 	options := new(images.ScpOptions)
 
 	var destination *string
diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go
index 00ecb3b59..696d0a963 100644
--- a/pkg/domain/infra/tunnel/manifest.go
+++ b/pkg/domain/infra/tunnel/manifest.go
@@ -15,10 +15,10 @@ import (
 
 // ManifestCreate implements manifest create via ImageEngine
 func (ir *ImageEngine) ManifestCreate(ctx context.Context, name string, images []string, opts entities.ManifestCreateOptions) (string, error) {
-	options := new(manifests.CreateOptions).WithAll(opts.All)
+	options := new(manifests.CreateOptions).WithAll(opts.All).WithAmend(opts.Amend)
 	imageID, err := manifests.Create(ir.ClientCtx, name, images, options)
 	if err != nil {
-		return imageID, fmt.Errorf("error creating manifest: %w", err)
+		return imageID, fmt.Errorf("creating manifest: %w", err)
 	}
 	return imageID, err
 }
@@ -36,12 +36,12 @@ func (ir *ImageEngine) ManifestExists(ctx context.Context, name string) (*entiti
 func (ir *ImageEngine) ManifestInspect(_ context.Context, name string) ([]byte, error) {
 	list, err := manifests.Inspect(ir.ClientCtx, name, nil)
 	if err != nil {
-		return nil, fmt.Errorf("error getting content of manifest list or image %s: %w", name, err)
+		return nil, fmt.Errorf("getting content of manifest list or image %s: %w", name, err)
 	}
 
 	buf, err := json.MarshalIndent(list, "", "    ")
 	if err != nil {
-		return buf, fmt.Errorf("error rendering manifest for display: %w", err)
+		return buf, fmt.Errorf("rendering manifest for display: %w", err)
 	}
 	return buf, err
 }
@@ -72,7 +72,7 @@ func (ir *ImageEngine) ManifestAdd(_ context.Context, name string, imageNames []
 
 	id, err := manifests.Add(ir.ClientCtx, name, options)
 	if err != nil {
-		return id, fmt.Errorf("error adding to manifest list %s: %w", name, err)
+		return id, fmt.Errorf("adding to manifest list %s: %w", name, err)
 	}
 	return id, nil
 }
@@ -86,7 +86,7 @@ func (ir *ImageEngine) ManifestAnnotate(ctx context.Context, name, images string
 func (ir *ImageEngine) ManifestRemoveDigest(ctx context.Context, name string, image string) (string, error) {
 	updatedListID, err := manifests.Remove(ir.ClientCtx, name, image, nil)
 	if err != nil {
-		return updatedListID, fmt.Errorf("error removing from manifest %s: %w", name, err)
+		return updatedListID, fmt.Errorf("removing from manifest %s: %w", name, err)
 	}
 	return fmt.Sprintf("%s :%s\n", updatedListID, image), nil
 }
@@ -99,7 +99,7 @@ func (ir *ImageEngine) ManifestRm(ctx context.Context, names []string) (*entitie
 // ManifestPush pushes a manifest list or image index to the destination
 func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination string, opts entities.ImagePushOptions) (string, error) {
 	options := new(images.PushOptions)
-	options.WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile).WithRemoveSignatures(opts.RemoveSignatures).WithAll(opts.All).WithFormat(opts.Format).WithCompressionFormat(opts.CompressionFormat)
+	options.WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile).WithRemoveSignatures(opts.RemoveSignatures).WithAll(opts.All).WithFormat(opts.Format).WithCompressionFormat(opts.CompressionFormat).WithQuiet(opts.Quiet).WithProgressWriter(opts.Writer)
 
 	if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
 		if s == types.OptionalBoolTrue {
@@ -110,12 +110,12 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination strin
 	}
 	digest, err := manifests.Push(ir.ClientCtx, name, destination, options)
 	if err != nil {
-		return "", fmt.Errorf("error adding to manifest list %s: %w", name, err)
+		return "", fmt.Errorf("adding to manifest list %s: %w", name, err)
 	}
 
 	if opts.Rm {
 		if _, rmErrors := ir.Remove(ctx, []string{name}, entities.ImageRemoveOptions{LookupManifest: true}); len(rmErrors) > 0 {
-			return "", fmt.Errorf("error removing manifest after push: %w", rmErrors[0])
+			return "", fmt.Errorf("removing manifest after push: %w", rmErrors[0])
 		}
 	}
 
diff --git a/pkg/domain/infra/tunnel/pods.go b/pkg/domain/infra/tunnel/pods.go
index bcbd32d1b..f9314dcfe 100644
--- a/pkg/domain/infra/tunnel/pods.go
+++ b/pkg/domain/infra/tunnel/pods.go
@@ -3,10 +3,12 @@ package tunnel
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/bindings/pods"
 	"github.com/containers/podman/v4/pkg/domain/entities"
+	"github.com/containers/podman/v4/pkg/errorhandling"
 	"github.com/containers/podman/v4/pkg/util"
 )
 
@@ -223,14 +225,25 @@ func (ic *ContainerEngine) PodPs(ctx context.Context, opts entities.PodPSOptions
 	return pods.List(ic.ClientCtx, options)
 }
 
-func (ic *ContainerEngine) PodInspect(ctx context.Context, options entities.PodInspectOptions) (*entities.PodInspectReport, error) {
-	switch {
-	case options.Latest:
-		return nil, errors.New("latest is not supported")
-	case options.NameOrID == "":
-		return nil, errors.New("NameOrID must be specified")
+func (ic *ContainerEngine) PodInspect(ctx context.Context, namesOrIDs []string, options entities.InspectOptions) ([]*entities.PodInspectReport, []error, error) {
+	var errs []error
+	podReport := make([]*entities.PodInspectReport, 0, len(namesOrIDs))
+	for _, name := range namesOrIDs {
+		inspect, err := pods.Inspect(ic.ClientCtx, name, nil)
+		if err != nil {
+			errModel, ok := err.(*errorhandling.ErrorModel)
+			if !ok {
+				return nil, nil, err
+			}
+			if errModel.ResponseCode == 404 {
+				errs = append(errs, fmt.Errorf("no such pod %q", name))
+				continue
+			}
+			return nil, nil, err
+		}
+		podReport = append(podReport, inspect)
 	}
-	return pods.Inspect(ic.ClientCtx, options.NameOrID, nil)
+	return podReport, errs, nil
 }
 
 func (ic *ContainerEngine) PodStats(ctx context.Context, namesOrIds []string, opts entities.PodStatsOptions) ([]*entities.PodStatsReport, error) {
diff --git a/pkg/domain/utils/scp.go b/pkg/domain/utils/scp.go
index 3c73cddd1..44a0d94d7 100644
--- a/pkg/domain/utils/scp.go
+++ b/pkg/domain/utils/scp.go
@@ -1,31 +1,24 @@
 package utils
 
 import (
-	"bytes"
 	"fmt"
 	"io/ioutil"
-	"net"
 	"net/url"
 	"os"
 	"os/exec"
 	"os/user"
 	"strconv"
 	"strings"
-	"time"
-
-	scpD "github.com/dtylman/scp"
 
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
+	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/domain/entities"
-	"github.com/containers/podman/v4/pkg/terminal"
-	"github.com/docker/distribution/reference"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/agent"
 )
 
-func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool) (*entities.ImageLoadReport, *entities.ImageScpOptions, *entities.ImageScpOptions, []string, error) {
+func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool, sshMode ssh.EngineMode) (*entities.ImageLoadReport, *entities.ImageScpOptions, *entities.ImageScpOptions, []string, error) {
 	source := entities.ImageScpOptions{}
 	dest := entities.ImageScpOptions{}
 	sshInfo := entities.ImageScpConnections{}
@@ -46,10 +39,6 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool) (*entiti
 		return nil, nil, nil, nil, fmt.Errorf("could not make config: %w", err)
 	}
 
-	cfg, err := config.ReadCustomConfig() // get ready to set ssh destination if necessary
-	if err != nil {
-		return nil, nil, nil, nil, err
-	}
 	locations := []*entities.ImageScpOptions{}
 	cliConnections := []string{}
 	args := []string{src}
@@ -83,9 +72,7 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool) (*entiti
 	source.Quiet = quiet
 	source.File = f.Name() // after parsing the arguments, set the file for the save/load
 	dest.File = source.File
-	if err = os.Remove(source.File); err != nil { // remove the file and simply use its name so podman creates the file upon save. avoids umask errors
-		return nil, nil, nil, nil, err
-	}
+	defer os.Remove(source.File)
 
 	allLocal := true // if we are all localhost, do not validate connections but if we are using one localhost and one non we need to use sshd
 	for _, val := range cliConnections {
@@ -98,6 +85,10 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool) (*entiti
 		cliConnections = []string{}
 	}
 
+	cfg, err := config.ReadCustomConfig() // get ready to set ssh destination if necessary
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
 	var serv map[string]config.Destination
 	serv, err = GetServiceInformation(&sshInfo, cliConnections, cfg)
 	if err != nil {
@@ -109,12 +100,12 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool) (*entiti
 
 	switch {
 	case source.Remote: // if we want to load FROM the remote, dest can either be local or remote in this case
-		err = SaveToRemote(source.Image, source.File, "", sshInfo.URI[0], sshInfo.Identities[0])
+		err = SaveToRemote(source.Image, source.File, "", sshInfo.URI[0], sshInfo.Identities[0], sshMode)
 		if err != nil {
 			return nil, nil, nil, nil, err
 		}
 		if dest.Remote { // we want to load remote -> remote, both source and dest are remote
-			rep, id, err := LoadToRemote(dest, dest.File, "", sshInfo.URI[1], sshInfo.Identities[1])
+			rep, id, err := LoadToRemote(dest, dest.File, "", sshInfo.URI[1], sshInfo.Identities[1], sshMode)
 			if err != nil {
 				return nil, nil, nil, nil, err
 			}
@@ -138,7 +129,8 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool) (*entiti
 		if err != nil {
 			return nil, nil, nil, nil, err
 		}
-		rep, id, err := LoadToRemote(dest, source.File, "", sshInfo.URI[0], sshInfo.Identities[0])
+
+		rep, id, err := LoadToRemote(dest, source.File, "", sshInfo.URI[0], sshInfo.Identities[0], sshMode)
 		if err != nil {
 			return nil, nil, nil, nil, err
 		}
@@ -220,34 +212,37 @@ func LoginUser(user string) (*exec.Cmd, error) {
 // loadToRemote takes image and remote connection information. it connects to the specified client
 // and copies the saved image dir over to the remote host and then loads it onto the machine
 // returns a string containing output or an error
-func LoadToRemote(dest entities.ImageScpOptions, localFile string, tag string, url *url.URL, iden string) (string, string, error) {
-	dial, remoteFile, err := CreateConnection(url, iden)
+func LoadToRemote(dest entities.ImageScpOptions, localFile string, tag string, url *url.URL, iden string, sshEngine ssh.EngineMode) (string, string, error) {
+	port, err := strconv.Atoi(url.Port())
 	if err != nil {
 		return "", "", err
 	}
-	defer dial.Close()
 
-	n, err := scpD.CopyTo(dial, localFile, remoteFile)
+	remoteFile, err := ssh.Exec(&ssh.ConnectionExecOptions{Host: url.String(), Port: port, User: url.User, Args: []string{"mktemp"}}, sshEngine)
 	if err != nil {
-		errOut := strconv.Itoa(int(n)) + " Bytes copied before error"
-		return " ", "", fmt.Errorf("%v: %w", errOut, err)
+		return "", "", err
 	}
-	var run string
-	if tag != "" {
-		return "", "", fmt.Errorf("renaming of an image is currently not supported: %w", define.ErrInvalidArg)
+
+	opts := ssh.ConnectionScpOptions{User: url.User, Identity: iden, Port: port, Source: localFile, Destination: "ssh://" + url.User.String() + "@" + url.Hostname() + ":" + remoteFile}
+	scpRep, err := ssh.Scp(&opts, sshEngine)
+	if err != nil {
+		return "", "", err
 	}
-	podman := os.Args[0]
-	run = podman + " image load --input=" + remoteFile + ";rm " + remoteFile // run ssh image load of the file copied via scp
-	out, err := ExecRemoteCommand(dial, run)
+	out, err := ssh.Exec(&ssh.ConnectionExecOptions{Host: url.String(), Port: port, User: url.User, Args: []string{"podman", "image", "load", "--input=" + scpRep + ";", "rm", scpRep}}, sshEngine)
 	if err != nil {
 		return "", "", err
 	}
-	rep := strings.TrimSuffix(string(out), "\n")
+	if tag != "" {
+		return "", "", fmt.Errorf("renaming of an image is currently not supported: %w", define.ErrInvalidArg)
+	}
+	rep := strings.TrimSuffix(out, "\n")
 	outArr := strings.Split(rep, " ")
 	id := outArr[len(outArr)-1]
 	if len(dest.Tag) > 0 { // tag the remote image using the output ID
-		run = podman + " tag " + id + " " + dest.Tag
-		_, err = ExecRemoteCommand(dial, run)
+		_, err := ssh.Exec(&ssh.ConnectionExecOptions{Host: url.Hostname(), Port: port, User: url.User, Args: []string{"podman", "image", "tag", id, dest.Tag}}, sshEngine)
+		if err != nil {
+			return "", "", err
+		}
 		if err != nil {
 			return "", "", err
 		}
@@ -258,94 +253,37 @@ func LoadToRemote(dest entities.ImageScpOptions, localFile string, tag string, u
 // saveToRemote takes image information and remote connection information. it connects to the specified client
 // and saves the specified image on the remote machine and then copies it to the specified local location
 // returns an error if one occurs.
-func SaveToRemote(image, localFile string, tag string, uri *url.URL, iden string) error {
-	dial, remoteFile, err := CreateConnection(uri, iden)
-
-	if err != nil {
-		return err
-	}
-	defer dial.Close()
-
+func SaveToRemote(image, localFile string, tag string, uri *url.URL, iden string, sshEngine ssh.EngineMode) error {
 	if tag != "" {
 		return fmt.Errorf("renaming of an image is currently not supported: %w", define.ErrInvalidArg)
 	}
-	podman := os.Args[0]
-	run := podman + " image save " + image + " --format=oci-archive --output=" + remoteFile // run ssh image load of the file copied via scp. Files are reverse in this case...
-	_, err = ExecRemoteCommand(dial, run)
+
+	port, err := strconv.Atoi(uri.Port())
 	if err != nil {
 		return err
 	}
-	n, err := scpD.CopyFrom(dial, remoteFile, localFile)
-	if _, conErr := ExecRemoteCommand(dial, "rm "+remoteFile); conErr != nil {
-		logrus.Errorf("Removing file on endpoint: %v", conErr)
-	}
-	if err != nil {
-		errOut := strconv.Itoa(int(n)) + " Bytes copied before error"
-		return fmt.Errorf("%v: %w", errOut, err)
-	}
-	return nil
-}
 
-// makeRemoteFile creates the necessary remote file on the host to
-// save or load the image to. returns a string with the file name or an error
-func MakeRemoteFile(dial *ssh.Client) (string, error) {
-	run := "mktemp"
-	remoteFile, err := ExecRemoteCommand(dial, run)
+	remoteFile, err := ssh.Exec(&ssh.ConnectionExecOptions{Host: uri.String(), Port: port, User: uri.User, Args: []string{"mktemp"}}, sshEngine)
 	if err != nil {
-		return "", err
+		return err
 	}
-	return strings.TrimSuffix(string(remoteFile), "\n"), nil
-}
 
-// createConnections takes a boolean determining which ssh client to dial
-// and returns the dials client, its newly opened remote file, and an error if applicable.
-func CreateConnection(url *url.URL, iden string) (*ssh.Client, string, error) {
-	cfg, err := ValidateAndConfigure(url, iden)
+	_, err = ssh.Exec(&ssh.ConnectionExecOptions{Host: uri.String(), Port: port, User: uri.User, Args: []string{"podman", "image", "save", image, "--format", "oci-archive", "--output", remoteFile}}, sshEngine)
 	if err != nil {
-		return nil, "", err
+		return err
 	}
-	dialAdd, err := ssh.Dial("tcp", url.Host, cfg) // dial the client
+
+	opts := ssh.ConnectionScpOptions{User: uri.User, Identity: iden, Port: port, Source: "ssh://" + uri.User.String() + "@" + uri.Hostname() + ":" + remoteFile, Destination: localFile}
+	scpRep, err := ssh.Scp(&opts, sshEngine)
 	if err != nil {
-		return nil, "", fmt.Errorf("failed to connect: %w", err)
+		return err
 	}
-	file, err := MakeRemoteFile(dialAdd)
+	_, err = ssh.Exec(&ssh.ConnectionExecOptions{Host: uri.String(), Port: port, User: uri.User, Args: []string{"rm", scpRep}}, sshEngine)
 	if err != nil {
-		return nil, "", err
+		logrus.Errorf("Removing file on endpoint: %v", err)
 	}
 
-	return dialAdd, file, nil
-}
-
-// GetSerivceInformation takes the parsed list of hosts to connect to and validates the information
-func GetServiceInformation(sshInfo *entities.ImageScpConnections, cliConnections []string, cfg *config.Config) (map[string]config.Destination, error) {
-	var serv map[string]config.Destination
-	var urlS string
-	var iden string
-	for i, val := range cliConnections {
-		splitEnv := strings.SplitN(val, "::", 2)
-		sshInfo.Connections = append(sshInfo.Connections, splitEnv[0])
-		conn, found := cfg.Engine.ServiceDestinations[sshInfo.Connections[i]]
-		if found {
-			urlS = conn.URI
-			iden = conn.Identity
-		} else { // no match, warn user and do a manual connection.
-			urlS = "ssh://" + sshInfo.Connections[i]
-			iden = ""
-			logrus.Warnf("Unknown connection name given. Please use system connection add to specify the default remote socket location")
-		}
-		urlFinal, err := url.Parse(urlS) // create an actual url to pass to exec command
-		if err != nil {
-			return nil, err
-		}
-		if urlFinal.User.Username() == "" {
-			if urlFinal.User, err = GetUserInfo(urlFinal); err != nil {
-				return nil, err
-			}
-		}
-		sshInfo.URI = append(sshInfo.URI, urlFinal)
-		sshInfo.Identities = append(sshInfo.Identities, iden)
-	}
-	return serv, nil
+	return nil
 }
 
 // execPodman executes the podman save/load command given the podman binary
@@ -413,18 +351,32 @@ func ParseImageSCPArg(arg string) (*entities.ImageScpOptions, []string, error) {
 	return &location, cliConnections, nil
 }
 
-// validateImagePortion is a helper function to validate the image name in an SCP argument
 func ValidateImagePortion(location entities.ImageScpOptions, arg string) (entities.ImageScpOptions, error) {
 	if RemoteArgLength(arg, 1) > 0 {
-		err := ValidateImageName(strings.Split(arg, "::")[1])
-		if err != nil {
-			return location, err
-		}
-		location.Image = strings.Split(arg, "::")[1] // this will get checked/set again once we validate connections
+		before := strings.Split(arg, "::")[1]
+		name := ValidateImageName(before)
+		if before != name {
+			location.Image = name
+		} else {
+			location.Image = before
+		} // this will get checked/set again once we validate connections
 	}
 	return location, nil
 }
 
+// validateImageName makes sure that the image given is valid and no injections are occurring
+// we simply use this for error checking, bot setting the image
+func ValidateImageName(input string) string {
+	// ParseNormalizedNamed transforms a shortname image into its
+	// full name reference so busybox => docker.io/library/busybox
+	// we want to keep our shortnames, so only return an error if
+	// we cannot parse what the user has given us
+	if ref, err := alltransports.ParseImageName(input); err == nil {
+		return ref.Transport().Name()
+	}
+	return input
+}
+
 // validateSCPArgs takes the array of source and destination options and checks for common errors
 func ValidateSCPArgs(locations []*entities.ImageScpOptions) error {
 	if len(locations) > 2 {
@@ -440,17 +392,6 @@ func ValidateSCPArgs(locations []*entities.ImageScpOptions) error {
 	return nil
 }
 
-// validateImageName makes sure that the image given is valid and no injections are occurring
-// we simply use this for error checking, bot setting the image
-func ValidateImageName(input string) error {
-	// ParseNormalizedNamed transforms a shortname image into its
-	// full name reference so busybox => docker.io/library/busybox
-	// we want to keep our shortnames, so only return an error if
-	// we cannot parse what the user has given us
-	_, err := reference.ParseNormalizedNamed(input)
-	return err
-}
-
 // remoteArgLength is a helper function to simplify the extracting of host argument data
 // returns an int which contains the length of a specified index in a host::image string
 func RemoteArgLength(input string, side int) int {
@@ -460,23 +401,36 @@ func RemoteArgLength(input string, side int) int {
 	return -1
 }
 
-// ExecRemoteCommand takes a ssh client connection and a command to run and executes the
-// command on the specified client. The function returns the Stdout from the client or the Stderr
-func ExecRemoteCommand(dial *ssh.Client, run string) ([]byte, error) {
-	sess, err := dial.NewSession() // new ssh client session
-	if err != nil {
-		return nil, err
-	}
-	defer sess.Close()
-
-	var buffer bytes.Buffer
-	var bufferErr bytes.Buffer
-	sess.Stdout = &buffer                 // output from client funneled into buffer
-	sess.Stderr = &bufferErr              // err form client funneled into buffer
-	if err := sess.Run(run); err != nil { // run the command on the ssh client
-		return nil, fmt.Errorf("%v: %w", bufferErr.String(), err)
+// GetSerivceInformation takes the parsed list of hosts to connect to and validates the information
+func GetServiceInformation(sshInfo *entities.ImageScpConnections, cliConnections []string, cfg *config.Config) (map[string]config.Destination, error) {
+	var serv map[string]config.Destination
+	var urlS string
+	var iden string
+	for i, val := range cliConnections {
+		splitEnv := strings.SplitN(val, "::", 2)
+		sshInfo.Connections = append(sshInfo.Connections, splitEnv[0])
+		conn, found := cfg.Engine.ServiceDestinations[sshInfo.Connections[i]]
+		if found {
+			urlS = conn.URI
+			iden = conn.Identity
+		} else { // no match, warn user and do a manual connection.
+			urlS = "ssh://" + sshInfo.Connections[i]
+			iden = ""
+			logrus.Warnf("Unknown connection name given. Please use system connection add to specify the default remote socket location")
+		}
+		urlFinal, err := url.Parse(urlS) // create an actual url to pass to exec command
+		if err != nil {
+			return nil, err
+		}
+		if urlFinal.User.Username() == "" {
+			if urlFinal.User, err = GetUserInfo(urlFinal); err != nil {
+				return nil, err
+			}
+		}
+		sshInfo.URI = append(sshInfo.URI, urlFinal)
+		sshInfo.Identities = append(sshInfo.Identities, iden)
 	}
-	return buffer.Bytes(), nil
+	return serv, nil
 }
 
 func GetUserInfo(uri *url.URL) (*url.Userinfo, error) {
@@ -502,79 +456,3 @@ func GetUserInfo(uri *url.URL) (*url.Userinfo, error) {
 	}
 	return url.User(usr.Username), nil
 }
-
-// ValidateAndConfigure will take a ssh url and an identity key (rsa and the like) and ensure the information given is valid
-// iden iden can be blank to mean no identity key
-// once the function validates the information it creates and returns an ssh.ClientConfig.
-func ValidateAndConfigure(uri *url.URL, iden string) (*ssh.ClientConfig, error) {
-	var signers []ssh.Signer
-	passwd, passwdSet := uri.User.Password()
-	if iden != "" { // iden might be blank if coming from image scp or if no validation is needed
-		value := iden
-		s, err := terminal.PublicKey(value, []byte(passwd))
-		if err != nil {
-			return nil, fmt.Errorf("failed to read identity %q: %w", value, err)
-		}
-		signers = append(signers, s)
-		logrus.Debugf("SSH Ident Key %q %s %s", value, ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
-	}
-	if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found { // validate ssh information, specifically the unix file socket used by the ssh agent.
-		logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer enabled", sock)
-
-		c, err := net.Dial("unix", sock)
-		if err != nil {
-			return nil, err
-		}
-		agentSigners, err := agent.NewClient(c).Signers()
-		if err != nil {
-			return nil, err
-		}
-
-		signers = append(signers, agentSigners...)
-
-		if logrus.IsLevelEnabled(logrus.DebugLevel) {
-			for _, s := range agentSigners {
-				logrus.Debugf("SSH Agent Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
-			}
-		}
-	}
-	var authMethods []ssh.AuthMethod // now we validate and check for the authorization methods, most notaibly public key authorization
-	if len(signers) > 0 {
-		var dedup = make(map[string]ssh.Signer)
-		for _, s := range signers {
-			fp := ssh.FingerprintSHA256(s.PublicKey())
-			if _, found := dedup[fp]; found {
-				logrus.Debugf("Dedup SSH Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
-			}
-			dedup[fp] = s
-		}
-
-		var uniq []ssh.Signer
-		for _, s := range dedup {
-			uniq = append(uniq, s)
-		}
-		authMethods = append(authMethods, ssh.PublicKeysCallback(func() ([]ssh.Signer, error) {
-			return uniq, nil
-		}))
-	}
-	if passwdSet { // if password authentication is given and valid, add to the list
-		authMethods = append(authMethods, ssh.Password(passwd))
-	}
-	if len(authMethods) == 0 {
-		authMethods = append(authMethods, ssh.PasswordCallback(func() (string, error) {
-			pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username()))
-			return string(pass), err
-		}))
-	}
-	tick, err := time.ParseDuration("40s")
-	if err != nil {
-		return nil, err
-	}
-	cfg := &ssh.ClientConfig{
-		User:            uri.User.Username(),
-		Auth:            authMethods,
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-		Timeout:         tick,
-	}
-	return cfg, nil
-}
diff --git a/pkg/env/env.go b/pkg/env/env.go
index 8af9fd77c..202f55267 100644
--- a/pkg/env/env.go
+++ b/pkg/env/env.go
@@ -37,6 +37,22 @@ func Slice(m map[string]string) []string {
 	return env
 }
 
+// Map transforms the specified slice of environment variables into a
+// map.
+func Map(slice []string) map[string]string {
+	envmap := make(map[string]string, len(slice))
+	for _, val := range slice {
+		data := strings.SplitN(val, "=", 2)
+
+		if len(data) > 1 {
+			envmap[data[0]] = data[1]
+		} else {
+			envmap[data[0]] = ""
+		}
+	}
+	return envmap
+}
+
 // Join joins the two environment maps with override overriding base.
 func Join(base map[string]string, override map[string]string) map[string]string {
 	if len(base) == 0 {
@@ -54,7 +70,7 @@ func ParseFile(path string) (_ map[string]string, err error) {
 	env := make(map[string]string)
 	defer func() {
 		if err != nil {
-			err = fmt.Errorf("error parsing env file %q: %w", path, err)
+			err = fmt.Errorf("parsing env file %q: %w", path, err)
 		}
 	}()
 
@@ -87,10 +103,6 @@ func parseEnv(env map[string]string, line string) error {
 	}
 	// trim the front of a variable, but nothing else
 	name := strings.TrimLeft(data[0], whiteSpaces)
-	if strings.ContainsAny(name, whiteSpaces) {
-		return fmt.Errorf("name %q has white spaces, poorly formatted name", name)
-	}
-
 	if len(data) > 1 {
 		env[name] = data[1]
 	} else {
diff --git a/pkg/k8s.io/api/core/v1/types.go b/pkg/k8s.io/api/core/v1/types.go
index 39a675dae..6f20cd351 100644
--- a/pkg/k8s.io/api/core/v1/types.go
+++ b/pkg/k8s.io/api/core/v1/types.go
@@ -56,7 +56,12 @@ type VolumeSource struct {
 	// ConfigMap represents a configMap that should populate this volume
 	// +optional
 	ConfigMap *ConfigMapVolumeSource `json:"configMap,omitempty"`
-	Secret    *SecretVolumeSource
+	// Secret represents a secret that should be mounted as a volume
+	Secret *SecretVolumeSource `json:"secret,omitempty"`
+	// emptyDir represents a temporary directory that shares a pod's lifetime.
+	// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+	// +optional
+	EmptyDir *EmptyDirVolumeSource `json:"emptyDir,omitempty"`
 }
 
 // PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace.
@@ -1979,6 +1984,18 @@ type PodSpec struct {
 	// Default to false.
 	// +optional
 	SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty"`
+	// Use the host's user namespace.
+	// Optional: Default to true.
+	// If set to true or not present, the pod will be run in the host user namespace, useful
+	// for when the pod needs a feature only available to the host user namespace, such as
+	// loading a kernel module with CAP_SYS_MODULE.
+	// When set to false, a new userns is created for the pod. Setting false is useful for
+	// mitigating container breakout vulnerabilities even allowing users to run their
+	// containers as root without actually having root privileges on the host.
+	// This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+	// +k8s:conversion-gen=false
+	// +optional
+	HostUsers *bool `json:"hostUsers,omitempty"`
 }
 
 type UnsatisfiableConstraintAction string
diff --git a/pkg/machine/applehv/machine.go b/pkg/machine/applehv/machine.go
new file mode 100644
index 000000000..35a8e9851
--- /dev/null
+++ b/pkg/machine/applehv/machine.go
@@ -0,0 +1,70 @@
+//go:build arm64 && !windows && !linux
+// +build darwin
+
+package applehv
+
+import (
+	"time"
+
+	"github.com/containers/podman/v4/pkg/machine"
+)
+
+type Provider struct{}
+
+var (
+	hvProvider = &Provider{}
+	// vmtype refers to qemu (vs libvirt, krun, etc).
+	vmtype = "apple"
+)
+
+func GetVirtualizationProvider() machine.Provider {
+	return hvProvider
+}
+
+const (
+	// Some of this will need to change when we are closer to having
+	// working code.
+	VolumeTypeVirtfs     = "virtfs"
+	MountType9p          = "9p"
+	dockerSock           = "/var/run/docker.sock"
+	dockerConnectTimeout = 5 * time.Second
+	apiUpTimeout         = 20 * time.Second
+)
+
+type apiForwardingState int
+
+const (
+	noForwarding apiForwardingState = iota
+	claimUnsupported
+	notInstalled
+	machineLocal
+	dockerGlobal
+)
+
+func (p *Provider) NewMachine(opts machine.InitOptions) (machine.VM, error) {
+	return nil, machine.ErrNotImplemented
+}
+
+func (p *Provider) LoadVMByName(name string) (machine.VM, error) {
+	return nil, machine.ErrNotImplemented
+}
+
+func (p *Provider) List(opts machine.ListOptions) ([]*machine.ListResponse, error) {
+	return nil, machine.ErrNotImplemented
+}
+
+func (p *Provider) IsValidVMName(name string) (bool, error) {
+	return false, machine.ErrNotImplemented
+}
+
+func (p *Provider) CheckExclusiveActiveVM() (bool, string, error) {
+	return false, "", machine.ErrNotImplemented
+}
+
+func (p *Provider) RemoveAndCleanMachines() error {
+	return machine.ErrNotImplemented
+}
+
+func (p *Provider) VMType() string {
+	return vmtype
+}
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
index 253601dad..54aa9e1b7 100644
--- a/pkg/machine/config.go
+++ b/pkg/machine/config.go
@@ -66,6 +66,7 @@ var (
 	ErrVMAlreadyExists                           = errors.New("VM already exists")
 	ErrVMAlreadyRunning                          = errors.New("VM already running or starting")
 	ErrMultipleActiveVM                          = errors.New("only one VM can be active at a time")
+	ErrNotImplemented                            = errors.New("functionality not implemented")
 	ForwarderBinaryName                          = "gvproxy"
 )
 
@@ -174,7 +175,7 @@ func (rc RemoteConnectionType) MakeSSHURL(host, path, port, userName string) url
 	return uri
 }
 
-// GetCacheDir returns the dir where VM images are downladed into when pulled
+// GetCacheDir returns the dir where VM images are downloaded into when pulled
 func GetCacheDir(vmType string) (string, error) {
 	dataDir, err := GetDataDir(vmType)
 	if err != nil {
diff --git a/pkg/machine/e2e/basic_test.go b/pkg/machine/e2e/basic_test.go
index da0310485..fa1728770 100644
--- a/pkg/machine/e2e/basic_test.go
+++ b/pkg/machine/e2e/basic_test.go
@@ -1,6 +1,8 @@
 package e2e_test
 
 import (
+	"os"
+
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gexec"
@@ -20,6 +22,12 @@ var _ = Describe("run basic podman commands", func() {
 	})
 
 	It("Basic ops", func() {
+		// golangci-lint has trouble with actually skipping tests marked Skip
+		// so skip it on cirrus envs and where CIRRUS_CI isn't set.
+		if os.Getenv("CIRRUS_CI") != "false" {
+			Skip("FIXME: #15347 - ssh know hosts broken - fails on PR runs and on x86_64")
+		}
+
 		name := randomString()
 		i := new(initMachine)
 		session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath).withNow()).run()
diff --git a/pkg/machine/e2e/config_init_test.go b/pkg/machine/e2e/config_init_test.go
index d6c7990b0..305d101a3 100644
--- a/pkg/machine/e2e/config_init_test.go
+++ b/pkg/machine/e2e/config_init_test.go
@@ -9,6 +9,7 @@ type initMachine struct {
 	      --cpus uint              Number of CPUs (default 1)
 	      --disk-size uint         Disk size in GB (default 100)
 	      --ignition-path string   Path to ignition file
+	      --username string        Username of the remote user (default "core" for FCOS, "user" for Fedora)
 	      --image-path string      Path to qcow image (default "testing")
 	  -m, --memory uint            Memory in MB (default 2048)
 	      --now                    Start machine now
@@ -21,6 +22,7 @@ type initMachine struct {
 	cpus         *uint
 	diskSize     *uint
 	ignitionPath string
+	username     string
 	imagePath    string
 	memory       *uint
 	now          bool
@@ -42,6 +44,9 @@ func (i *initMachine) buildCmd(m *machineTestBuilder) []string {
 	if l := len(i.ignitionPath); l > 0 {
 		cmd = append(cmd, "--ignition-path", i.ignitionPath)
 	}
+	if l := len(i.username); l > 0 {
+		cmd = append(cmd, "--username", i.username)
+	}
 	if l := len(i.imagePath); l > 0 {
 		cmd = append(cmd, "--image-path", i.imagePath)
 	}
@@ -76,6 +81,11 @@ func (i *initMachine) withIgnitionPath(path string) *initMachine { //nolint:unus
 	return i
 }
 
+func (i *initMachine) withUsername(username string) *initMachine {
+	i.username = username
+	return i
+}
+
 func (i *initMachine) withImagePath(path string) *initMachine {
 	i.imagePath = path
 	return i
diff --git a/pkg/machine/e2e/init_test.go b/pkg/machine/e2e/init_test.go
index b246dc4da..c298d3b14 100644
--- a/pkg/machine/e2e/init_test.go
+++ b/pkg/machine/e2e/init_test.go
@@ -3,7 +3,7 @@ package e2e_test
 import (
 	"io/ioutil"
 	"os"
-	"runtime"
+	"strconv"
 	"time"
 
 	"github.com/containers/podman/v4/pkg/machine"
@@ -77,10 +77,30 @@ var _ = Describe("podman machine init", func() {
 		Expect(inspectAfter[0].State).To(Equal(machine.Running))
 	})
 
+	It("simple init with username", func() {
+		i := new(initMachine)
+		remoteUsername := "remoteuser"
+		session, err := mb.setCmd(i.withImagePath(mb.imagePath).withUsername(remoteUsername)).run()
+		Expect(err).To(BeNil())
+		Expect(session).To(Exit(0))
+
+		inspectBefore, ec, err := mb.toQemuInspectInfo()
+		Expect(err).To(BeNil())
+		Expect(ec).To(BeZero())
+
+		Expect(len(inspectBefore)).To(BeNumerically(">", 0))
+		testMachine := inspectBefore[0]
+		Expect(testMachine.Name).To(Equal(mb.names[0]))
+		Expect(testMachine.Resources.CPUs).To(Equal(uint64(1)))
+		Expect(testMachine.Resources.Memory).To(Equal(uint64(2048)))
+		Expect(testMachine.SSHConfig.RemoteUsername).To((Equal(remoteUsername)))
+
+	})
+
 	It("machine init with cpus, disk size, memory, timezone", func() {
 		name := randomString()
 		i := new(initMachine)
-		session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath).withCPUs(2).withDiskSize(102).withMemory(4000).withTimezone("Pacific/Honolulu")).run()
+		session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath).withCPUs(2).withDiskSize(102).withMemory(4096).withTimezone("Pacific/Honolulu")).run()
 		Expect(err).To(BeNil())
 		Expect(session).To(Exit(0))
 
@@ -102,18 +122,13 @@ var _ = Describe("podman machine init", func() {
 		Expect(diskSession.outputToString()).To(ContainSubstring("102 GiB"))
 
 		sshMemory := sshMachine{}
-		memorySession, err := mb.setName(name).setCmd(sshMemory.withSSHComand([]string{"cat", "/proc/meminfo", "|", "numfmt", "--field", "2", "--from-unit=Ki", "--to-unit=Mi", "|", "sed", "'s/ kB/M/g'", "|", "grep", "MemTotal"})).run()
+		memorySession, err := mb.setName(name).setCmd(sshMemory.withSSHComand([]string{"cat", "/proc/meminfo", "|", "grep", "-i", "'memtotal'", "|", "grep", "-o", "'[[:digit:]]*'"})).run()
 		Expect(err).To(BeNil())
 		Expect(memorySession).To(Exit(0))
-		switch runtime.GOOS {
-		// os's handle memory differently
-		case "linux":
-			Expect(memorySession.outputToString()).To(ContainSubstring("3822"))
-		case "darwin":
-			Expect(memorySession.outputToString()).To(ContainSubstring("3824"))
-		default:
-			//	add windows when testing on that platform
-		}
+		foundMemory, err := strconv.Atoi(memorySession.outputToString())
+		Expect(err).To(BeNil())
+		Expect(foundMemory).To(BeNumerically(">", 3800000))
+		Expect(foundMemory).To(BeNumerically("<", 4200000))
 
 		sshTimezone := sshMachine{}
 		timezoneSession, err := mb.setName(name).setCmd(sshTimezone.withSSHComand([]string{"date"})).run()
diff --git a/pkg/machine/e2e/inspect_test.go b/pkg/machine/e2e/inspect_test.go
index 0ab928205..fac9f7ebe 100644
--- a/pkg/machine/e2e/inspect_test.go
+++ b/pkg/machine/e2e/inspect_test.go
@@ -75,5 +75,13 @@ var _ = Describe("podman machine stop", func() {
 		Expect(err).To(BeNil())
 		Expect(inspectSession).To(Exit(0))
 		Expect(inspectSession.Bytes()).To(ContainSubstring(name))
+
+		// check invalid template returns error
+		inspect = new(inspectMachine)
+		inspect = inspect.withFormat("{{.Abcde}}")
+		inspectSession, err = mb.setName(name).setCmd(inspect).run()
+		Expect(err).To(BeNil())
+		Expect(inspectSession).To(Exit(125))
+		Expect(inspectSession.errorToString()).To(ContainSubstring("can't evaluate field Abcde in type machine.InspectInfo"))
 	})
 })
diff --git a/pkg/machine/e2e/set_test.go b/pkg/machine/e2e/set_test.go
index 4839e33da..a32bb72f2 100644
--- a/pkg/machine/e2e/set_test.go
+++ b/pkg/machine/e2e/set_test.go
@@ -1,7 +1,7 @@
 package e2e_test
 
 import (
-	"runtime"
+	"strconv"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -29,7 +29,7 @@ var _ = Describe("podman machine set", func() {
 		Expect(session).To(Exit(0))
 
 		set := setMachine{}
-		setSession, err := mb.setName(name).setCmd(set.withCPUs(2).withDiskSize(102).withMemory(4000)).run()
+		setSession, err := mb.setName(name).setCmd(set.withCPUs(2).withDiskSize(102).withMemory(4096)).run()
 		Expect(err).To(BeNil())
 		Expect(setSession).To(Exit(0))
 
@@ -56,18 +56,14 @@ var _ = Describe("podman machine set", func() {
 		Expect(diskSession.outputToString()).To(ContainSubstring("102 GiB"))
 
 		sshMemory := sshMachine{}
-		memorySession, err := mb.setName(name).setCmd(sshMemory.withSSHComand([]string{"cat", "/proc/meminfo", "|", "numfmt", "--field", "2", "--from-unit=Ki", "--to-unit=Mi", "|", "sed", "'s/ kB/M/g'", "|", "grep", "MemTotal"})).run()
+		memorySession, err := mb.setName(name).setCmd(sshMemory.withSSHComand([]string{"cat", "/proc/meminfo", "|", "grep", "-i", "'memtotal'", "|", "grep", "-o", "'[[:digit:]]*'"})).run()
 		Expect(err).To(BeNil())
 		Expect(memorySession).To(Exit(0))
-		switch runtime.GOOS {
-		// it seems macos and linux handle memory differently
-		case "linux":
-			Expect(memorySession.outputToString()).To(ContainSubstring("3822"))
-		case "darwin":
-			Expect(memorySession.outputToString()).To(ContainSubstring("3824"))
-		default:
-			// windows can go here if we ever run tests there
-		}
+		foundMemory, err := strconv.Atoi(memorySession.outputToString())
+		Expect(err).To(BeNil())
+		Expect(foundMemory).To(BeNumerically(">", 3800000))
+		Expect(foundMemory).To(BeNumerically("<", 4200000))
+
 		// Setting a running machine results in 125
 		runner, err := mb.setName(name).setCmd(set.withCPUs(4)).run()
 		Expect(err).To(BeNil())
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index f4602cc95..366d10499 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -561,7 +561,7 @@ func getCerts(certsDir string, isDir bool) []File {
 func prepareCertFile(path string, name string) (File, error) {
 	b, err := ioutil.ReadFile(path)
 	if err != nil {
-		logrus.Warnf("Unable to read cert file %s", err.Error())
+		logrus.Warnf("Unable to read cert file %v", err)
 		return File{}, err
 	}
 
diff --git a/pkg/machine/ignition_freebsd.go b/pkg/machine/ignition_freebsd.go
new file mode 100644
index 000000000..ddea40782
--- /dev/null
+++ b/pkg/machine/ignition_freebsd.go
@@ -0,0 +1,8 @@
+//go:build freebsd
+// +build freebsd
+
+package machine
+
+func getLocalTimeZone() (string, error) {
+	return "", nil
+}
diff --git a/pkg/machine/machine_windows.go b/pkg/machine/machine_windows.go
new file mode 100644
index 000000000..c414986cf
--- /dev/null
+++ b/pkg/machine/machine_windows.go
@@ -0,0 +1,20 @@
+//go:build windows
+// +build windows
+
+package machine
+
+import (
+	"syscall"
+)
+
+func GetProcessState(pid int) (active bool, exitCode int) {
+	const da = syscall.STANDARD_RIGHTS_READ | syscall.PROCESS_QUERY_INFORMATION | syscall.SYNCHRONIZE
+	handle, err := syscall.OpenProcess(da, false, uint32(pid))
+	if err != nil {
+		return false, int(syscall.ERROR_PROC_NOT_FOUND)
+	}
+
+	var code uint32
+	syscall.GetExitCodeProcess(handle, &code)
+	return code == 259, int(code)
+}
diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go
index 26b6adc67..22a1b4c0a 100644
--- a/pkg/machine/pull.go
+++ b/pkg/machine/pull.go
@@ -213,8 +213,8 @@ func decompressXZ(src string, output io.WriteCloser) error {
 	var read io.Reader
 	var cmd *exec.Cmd
 	// Prefer xz utils for fastest performance, fallback to go xi2 impl
-	if _, err := exec.LookPath("xzcat"); err == nil {
-		cmd = exec.Command("xzcat", "-k", src)
+	if _, err := exec.LookPath("xz"); err == nil {
+		cmd = exec.Command("xz", "-d", "-c", "-k", src)
 		read, err = cmd.StdoutPipe()
 		if err != nil {
 			return err
diff --git a/pkg/machine/qemu/claim_unsupported.go b/pkg/machine/qemu/claim_unsupported.go
index e0b3dd3d3..187ef9d69 100644
--- a/pkg/machine/qemu/claim_unsupported.go
+++ b/pkg/machine/qemu/claim_unsupported.go
@@ -1,5 +1,5 @@
-//go:build !darwin && !windows
-// +build !darwin,!windows
+//go:build !darwin
+// +build !darwin
 
 package qemu
 
diff --git a/pkg/machine/qemu/config.go b/pkg/machine/qemu/config.go
index bada1af9b..8081727f6 100644
--- a/pkg/machine/qemu/config.go
+++ b/pkg/machine/qemu/config.go
@@ -1,6 +1,3 @@
-//go:build (amd64 && !windows) || (arm64 && !windows)
-// +build amd64,!windows arm64,!windows
-
 package qemu
 
 import (
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 7974c261e..738cd74be 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -1,5 +1,5 @@
-//go:build (amd64 && !windows) || (arm64 && !windows)
-// +build amd64,!windows arm64,!windows
+//go:build amd64 || arm64
+// +build amd64 arm64
 
 package qemu
 
@@ -33,7 +33,6 @@ import (
 	"github.com/digitalocean/go-qemu/qmp"
 	"github.com/docker/go-units"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
 )
 
 var (
@@ -42,7 +41,7 @@ var (
 	vmtype = "qemu"
 )
 
-func GetQemuProvider() machine.Provider {
+func GetVirtualizationProvider() machine.Provider {
 	return qemuProvider
 }
 
@@ -125,7 +124,7 @@ func (p *Provider) NewMachine(opts machine.InitOptions) (machine.VM, error) {
 		return nil, err
 	}
 	vm.QMPMonitor = monitor
-	cmd = append(cmd, []string{"-qmp", monitor.Network + ":/" + monitor.Address.GetPath() + ",server=on,wait=off"}...)
+	cmd = append(cmd, []string{"-qmp", monitor.Network + ":" + monitor.Address.GetPath() + ",server=on,wait=off"}...)
 
 	// Add network
 	// Right now the mac address is hardcoded so that the host networking gives it a specific IP address.  This is
@@ -545,12 +544,12 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
 		return err
 	}
 	defer fd.Close()
-	dnr, err := os.OpenFile("/dev/null", os.O_RDONLY, 0755)
+	dnr, err := os.OpenFile(os.DevNull, os.O_RDONLY, 0755)
 	if err != nil {
 		return err
 	}
 	defer dnr.Close()
-	dnw, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755)
+	dnw, err := os.OpenFile(os.DevNull, os.O_WRONLY, 0755)
 	if err != nil {
 		return err
 	}
@@ -629,14 +628,9 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
 			break
 		}
 		// check if qemu is still alive
-		var status syscall.WaitStatus
-		pid, err := syscall.Wait4(cmd.Process.Pid, &status, syscall.WNOHANG, nil)
+		err := checkProcessStatus("qemu", cmd.Process.Pid, stderrBuf)
 		if err != nil {
-			return fmt.Errorf("failed to read qemu process status: %w", err)
-		}
-		if pid > 0 {
-			// child exited
-			return fmt.Errorf("qemu exited unexpectedly with exit code %d, stderr: %s", status.ExitStatus(), stderrBuf.String())
+			return err
 		}
 		time.Sleep(wait)
 		wait++
@@ -870,7 +864,7 @@ func NewQMPMonitor(network, name string, timeout time.Duration) (Monitor, error)
 	if err != nil {
 		return Monitor{}, err
 	}
-	if !rootless.IsRootless() {
+	if isRootful() {
 		rtDir = "/run"
 	}
 	rtDir = filepath.Join(rtDir, "podman")
@@ -1193,7 +1187,7 @@ func (p *Provider) IsValidVMName(name string) (bool, error) {
 func (p *Provider) CheckExclusiveActiveVM() (bool, string, error) {
 	vms, err := getVMInfos()
 	if err != nil {
-		return false, "", fmt.Errorf("error checking VM active: %w", err)
+		return false, "", fmt.Errorf("checking VM active: %w", err)
 	}
 	for _, vm := range vms {
 		if vm.Running || vm.Starting {
@@ -1216,11 +1210,11 @@ func (v *MachineVM) startHostNetworking() (string, apiForwardingState, error) {
 	}
 
 	attr := new(os.ProcAttr)
-	dnr, err := os.OpenFile("/dev/null", os.O_RDONLY, 0755)
+	dnr, err := os.OpenFile(os.DevNull, os.O_RDONLY, 0755)
 	if err != nil {
 		return "", noForwarding, err
 	}
-	dnw, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755)
+	dnw, err := os.OpenFile(os.DevNull, os.O_WRONLY, 0755)
 	if err != nil {
 		return "", noForwarding, err
 	}
@@ -1371,7 +1365,7 @@ func (v *MachineVM) setPIDSocket() error {
 	if err != nil {
 		return err
 	}
-	if !rootless.IsRootless() {
+	if isRootful() {
 		rtPath = "/run"
 	}
 	socketDir := filepath.Join(rtPath, "podman")
@@ -1397,7 +1391,7 @@ func (v *MachineVM) getSocketandPid() (string, string, error) {
 	if err != nil {
 		return "", "", err
 	}
-	if !rootless.IsRootless() {
+	if isRootful() {
 		rtPath = "/run"
 	}
 	socketDir := filepath.Join(rtPath, "podman")
@@ -1724,14 +1718,14 @@ func (p *Provider) RemoveAndCleanMachines() error {
 	return prevErr
 }
 
-func isProcessAlive(pid int) bool {
-	err := unix.Kill(pid, syscall.Signal(0))
-	if err == nil || err == unix.EPERM {
-		return true
-	}
-	return false
-}
-
 func (p *Provider) VMType() string {
 	return vmtype
 }
+
+func isRootful() bool {
+	// Rootless is not relevant on Windows. In the future rootless.IsRootless
+	// could be switched to return true on Windows, and other codepaths migrated
+	// for now will check additionally for valid os.Getuid
+
+	return !rootless.IsRootless() && os.Getuid() != -1
+}
diff --git a/pkg/machine/qemu/machine_unix.go b/pkg/machine/qemu/machine_unix.go
new file mode 100644
index 000000000..84ee191d1
--- /dev/null
+++ b/pkg/machine/qemu/machine_unix.go
@@ -0,0 +1,33 @@
+//go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd
+// +build darwin dragonfly freebsd linux netbsd openbsd
+
+package qemu
+
+import (
+	"bytes"
+	"fmt"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+func isProcessAlive(pid int) bool {
+	err := unix.Kill(pid, syscall.Signal(0))
+	if err == nil || err == unix.EPERM {
+		return true
+	}
+	return false
+}
+
+func checkProcessStatus(processHint string, pid int, stderrBuf *bytes.Buffer) error {
+	var status syscall.WaitStatus
+	pid, err := syscall.Wait4(pid, &status, syscall.WNOHANG, nil)
+	if err != nil {
+		return fmt.Errorf("failed to read qem%su process status: %w", processHint, err)
+	}
+	if pid > 0 {
+		// child exited
+		return fmt.Errorf("%s exited unexpectedly with exit code %d, stderr: %s", processHint, status.ExitStatus(), stderrBuf.String())
+	}
+	return nil
+}
diff --git a/pkg/machine/qemu/machine_unsupported.go b/pkg/machine/qemu/machine_unsupported.go
index 794e710f9..7a9a2531d 100644
--- a/pkg/machine/qemu/machine_unsupported.go
+++ b/pkg/machine/qemu/machine_unsupported.go
@@ -1,4 +1,4 @@
-//go:build (!amd64 && !arm64) || windows
-// +build !amd64,!arm64 windows
+//go:build (!amd64 && !arm64)
+// +build !amd64,!arm64
 
 package qemu
diff --git a/pkg/machine/qemu/machine_windows.go b/pkg/machine/qemu/machine_windows.go
new file mode 100644
index 000000000..6c63faf50
--- /dev/null
+++ b/pkg/machine/qemu/machine_windows.go
@@ -0,0 +1,27 @@
+package qemu
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/containers/podman/v4/pkg/machine"
+)
+
+func isProcessAlive(pid int) bool {
+	if checkProcessStatus("process", pid, nil) == nil {
+		return true
+	}
+	return false
+}
+
+func checkProcessStatus(processHint string, pid int, stderrBuf *bytes.Buffer) error {
+	active, exitCode := machine.GetProcessState(pid)
+	if !active {
+		if stderrBuf != nil {
+			return fmt.Errorf("%s exited unexpectedly, exit code: %d stderr: %s", processHint, exitCode, stderrBuf.String())
+		} else {
+			return fmt.Errorf("%s exited unexpectedly, exit code: %d", processHint, exitCode)
+		}
+	}
+	return nil
+}
diff --git a/pkg/machine/qemu/options_freebsd.go b/pkg/machine/qemu/options_freebsd.go
new file mode 100644
index 000000000..124358db8
--- /dev/null
+++ b/pkg/machine/qemu/options_freebsd.go
@@ -0,0 +1,13 @@
+package qemu
+
+import (
+	"os"
+)
+
+func getRuntimeDir() (string, error) {
+	tmpDir, ok := os.LookupEnv("TMPDIR")
+	if !ok {
+		tmpDir = "/tmp"
+	}
+	return tmpDir, nil
+}
diff --git a/pkg/machine/qemu/options_freebsd_amd64.go b/pkg/machine/qemu/options_freebsd_amd64.go
new file mode 100644
index 000000000..ff8d10db1
--- /dev/null
+++ b/pkg/machine/qemu/options_freebsd_amd64.go
@@ -0,0 +1,18 @@
+package qemu
+
+var (
+	QemuCommand = "qemu-system-x86_64"
+)
+
+func (v *MachineVM) addArchOptions() []string {
+	opts := []string{"-machine", "q35,accel=hvf:tcg", "-cpu", "host"}
+	return opts
+}
+
+func (v *MachineVM) prepare() error {
+	return nil
+}
+
+func (v *MachineVM) archRemovalFiles() []string {
+	return []string{}
+}
diff --git a/pkg/machine/qemu/options_windows.go b/pkg/machine/qemu/options_windows.go
new file mode 100644
index 000000000..69652ee39
--- /dev/null
+++ b/pkg/machine/qemu/options_windows.go
@@ -0,0 +1,13 @@
+package qemu
+
+import (
+	"os"
+)
+
+func getRuntimeDir() (string, error) {
+	tmpDir, ok := os.LookupEnv("TEMP")
+	if !ok {
+		tmpDir = os.Getenv("LOCALAPPDATA") + "\\Temp"
+	}
+	return tmpDir, nil
+}
diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go
index 189723ac7..44b82b823 100644
--- a/pkg/machine/wsl/machine.go
+++ b/pkg/machine/wsl/machine.go
@@ -44,7 +44,6 @@ const containersConf = `[containers]
 
 [engine]
 cgroup_manager = "cgroupfs"
-events_logger = "file"
 `
 
 const appendPort = `grep -q Port\ %d /etc/ssh/sshd_config || echo Port %d >> /etc/ssh/sshd_config`
@@ -56,7 +55,9 @@ rm -f /etc/systemd/system/getty.target.wants/getty@tty1.service
 rm -f /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
 rm -f /etc/systemd/system/dbus-org.freedesktop.resolve1.service
 ln -fs /dev/null /etc/systemd/system/console-getty.service
+ln -fs /dev/null /etc/systemd/system/systemd-oomd.socket
 mkdir -p /etc/systemd/system/systemd-sysusers.service.d/
+echo CREATE_MAIL_SPOOL=no >> /etc/default/useradd
 adduser -m [USER] -G wheel
 mkdir -p /home/[USER]/.config/systemd/[USER]/
 chown [USER]:[USER] /home/[USER]/.config
@@ -89,9 +90,18 @@ fi
 
 const enterns = "#!/bin/bash\n" + sysdpid + `
 if [ ! -z "$SYSDPID" ] && [ "$SYSDPID" != "1" ]; then
-	nsenter -m -p -t $SYSDPID "$@"
-fi
-`
+        NSENTER=("nsenter" "-m" "-p" "-t" "$SYSDPID" "--wd=$PWD")
+
+        if [ "$UID" != "0" ]; then
+                NSENTER=("sudo" "${NSENTER[@]}")
+                if [ "$#" != "0" ]; then
+                        NSENTER+=("sudo" "-u" "$USER")
+                else
+                        NSENTER+=("su" "-l" "$USER")
+                fi
+        fi
+        "${NSENTER[@]}" "$@"
+fi`
 
 const waitTerm = sysdpid + `
 if [ ! -z "$SYSDPID" ]; then
@@ -99,6 +109,10 @@ if [ ! -z "$SYSDPID" ]; then
 fi
 `
 
+const wslConf = `[user]
+default=[USER]
+`
+
 // WSL kernel does not have sg and crypto_user modules
 const overrideSysusers = `[Service]
 LoadCredential=
@@ -349,14 +363,6 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
 		return false, err
 	}
 
-	if err := v.writeConfig(); err != nil {
-		return false, err
-	}
-
-	if err := setupConnections(v, opts, sshDir); err != nil {
-		return false, err
-	}
-
 	dist, err := provisionWSLDist(v)
 	if err != nil {
 		return false, err
@@ -375,6 +381,17 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
 		return false, err
 	}
 
+	// Cycle so that user change goes into effect
+	_ = terminateDist(dist)
+
+	if err := v.writeConfig(); err != nil {
+		return false, err
+	}
+
+	if err := setupConnections(v, opts, sshDir); err != nil {
+		return false, err
+	}
+
 	return true, nil
 }
 
@@ -450,12 +467,12 @@ func provisionWSLDist(v *MachineVM) (string, error) {
 
 	dist := toDist(v.Name)
 	fmt.Println("Importing operating system into WSL (this may take a few minutes on a new WSL install)...")
-	if err = runCmdPassThrough("wsl", "--import", dist, distTarget, v.ImagePath); err != nil {
+	if err = runCmdPassThrough("wsl", "--import", dist, distTarget, v.ImagePath, "--version", "2"); err != nil {
 		return "", fmt.Errorf("the WSL import of guest OS failed: %w", err)
 	}
 
 	// Fixes newuidmap
-	if err = runCmdPassThrough("wsl", "-d", dist, "rpm", "-q", "--restore", "shadow-utils", "2>/dev/null"); err != nil {
+	if err = wslInvoke(dist, "rpm", "-q", "--restore", "shadow-utils", "2>/dev/null"); err != nil {
 		return "", fmt.Errorf("package permissions restore of shadow-utils on guest OS failed: %w", err)
 	}
 
@@ -463,7 +480,7 @@ func provisionWSLDist(v *MachineVM) (string, error) {
 	// operation when mount was not present on the initial start. Force a cycle so that it won't
 	// repeatedly complain.
 	if winVersionAtLeast(10, 0, 22000) {
-		if err := runCmdPassThrough("wsl", "--terminate", dist); err != nil {
+		if err := terminateDist(dist); err != nil {
 			logrus.Warnf("could not cycle WSL dist: %s", err.Error())
 		}
 	}
@@ -478,16 +495,16 @@ func createKeys(v *MachineVM, dist string, sshDir string) error {
 		return fmt.Errorf("could not create ssh directory: %w", err)
 	}
 
-	if err := runCmdPassThrough("wsl", "--terminate", dist); err != nil {
+	if err := terminateDist(dist); err != nil {
 		return fmt.Errorf("could not cycle WSL dist: %w", err)
 	}
 
-	key, err := machine.CreateSSHKeysPrefix(sshDir, v.Name, true, true, "wsl", "-d", dist)
+	key, err := wslCreateKeys(sshDir, v.Name, dist)
 	if err != nil {
 		return fmt.Errorf("could not create ssh keys: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", key+"\n", "-d", dist, "sh", "-c", "mkdir -p /root/.ssh;"+
+	if err := wslPipe(key+"\n", dist, "sh", "-c", "mkdir -p /root/.ssh;"+
 		"cat >> /root/.ssh/authorized_keys; chmod 600 /root/.ssh/authorized_keys"); err != nil {
 		return fmt.Errorf("could not create root authorized keys on guest OS: %w", err)
 	}
@@ -495,7 +512,7 @@ func createKeys(v *MachineVM, dist string, sshDir string) error {
 	userAuthCmd := withUser("mkdir -p /home/[USER]/.ssh;"+
 		"cat >> /home/[USER]/.ssh/authorized_keys; chown -R [USER]:[USER] /home/[USER]/.ssh;"+
 		"chmod 600 /home/[USER]/.ssh/authorized_keys", user)
-	if err := pipeCmdPassThrough("wsl", key+"\n", "-d", dist, "sh", "-c", userAuthCmd); err != nil {
+	if err := wslPipe(key+"\n", dist, "sh", "-c", userAuthCmd); err != nil {
 		return fmt.Errorf("could not create '%s' authorized keys on guest OS: %w", v.RemoteUsername, err)
 	}
 
@@ -504,25 +521,25 @@ func createKeys(v *MachineVM, dist string, sshDir string) error {
 
 func configureSystem(v *MachineVM, dist string) error {
 	user := v.RemoteUsername
-	if err := runCmdPassThrough("wsl", "-d", dist, "sh", "-c", fmt.Sprintf(appendPort, v.Port, v.Port)); err != nil {
+	if err := wslInvoke(dist, "sh", "-c", fmt.Sprintf(appendPort, v.Port, v.Port)); err != nil {
 		return fmt.Errorf("could not configure SSH port for guest OS: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", withUser(configServices, user), "-d", dist, "sh"); err != nil {
+	if err := wslPipe(withUser(configServices, user), dist, "sh"); err != nil {
 		return fmt.Errorf("could not configure systemd settings for guest OS: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", sudoers, "-d", dist, "sh", "-c", "cat >> /etc/sudoers"); err != nil {
+	if err := wslPipe(sudoers, dist, "sh", "-c", "cat >> /etc/sudoers"); err != nil {
 		return fmt.Errorf("could not add wheel to sudoers: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", overrideSysusers, "-d", dist, "sh", "-c",
+	if err := wslPipe(overrideSysusers, dist, "sh", "-c",
 		"cat > /etc/systemd/system/systemd-sysusers.service.d/override.conf"); err != nil {
 		return fmt.Errorf("could not generate systemd-sysusers override for guest OS: %w", err)
 	}
 
 	lingerCmd := withUser("cat > /home/[USER]/.config/systemd/[USER]/linger-example.service", user)
-	if err := pipeCmdPassThrough("wsl", lingerService, "-d", dist, "sh", "-c", lingerCmd); err != nil {
+	if err := wslPipe(lingerService, dist, "sh", "-c", lingerCmd); err != nil {
 		return fmt.Errorf("could not generate linger service for guest OS: %w", err)
 	}
 
@@ -530,24 +547,28 @@ func configureSystem(v *MachineVM, dist string) error {
 		return err
 	}
 
-	if err := pipeCmdPassThrough("wsl", withUser(lingerSetup, user), "-d", dist, "sh"); err != nil {
-		return fmt.Errorf("could not configure systemd settomgs for guest OS: %w", err)
+	if err := wslPipe(withUser(lingerSetup, user), dist, "sh"); err != nil {
+		return fmt.Errorf("could not configure systemd settings for guest OS: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", containersConf, "-d", dist, "sh", "-c", "cat > /etc/containers/containers.conf"); err != nil {
+	if err := wslPipe(containersConf, dist, "sh", "-c", "cat > /etc/containers/containers.conf"); err != nil {
 		return fmt.Errorf("could not create containers.conf for guest OS: %w", err)
 	}
 
-	if err := runCmdPassThrough("wsl", "-d", dist, "sh", "-c", "echo wsl > /etc/containers/podman-machine"); err != nil {
+	if err := wslInvoke(dist, "sh", "-c", "echo wsl > /etc/containers/podman-machine"); err != nil {
 		return fmt.Errorf("could not create podman-machine file for guest OS: %w", err)
 	}
 
+	if err := wslPipe(withUser(wslConf, user), dist, "sh", "-c", "cat > /etc/wsl.conf"); err != nil {
+		return fmt.Errorf("could not configure wsl config for guest OS: %w", err)
+	}
+
 	return nil
 }
 
 func configureProxy(dist string, useProxy bool) error {
 	if !useProxy {
-		_ = runCmdPassThrough("wsl", "-d", dist, "sh", "-c", clearProxySettings)
+		_ = wslInvoke(dist, "sh", "-c", clearProxySettings)
 		return nil
 	}
 	var content string
@@ -561,17 +582,17 @@ func configureProxy(dist string, useProxy bool) error {
 		}
 	}
 
-	if err := pipeCmdPassThrough("wsl", content, "-d", dist, "sh", "-c", proxyConfigAttempt); err != nil {
+	if err := wslPipe(content, dist, "sh", "-c", proxyConfigAttempt); err != nil {
 		const failMessage = "Failure creating proxy configuration"
 		if exitErr, isExit := err.(*exec.ExitError); isExit && exitErr.ExitCode() != 42 {
 			return fmt.Errorf("%v: %w", failMessage, err)
 		}
 
 		fmt.Println("Installing proxy support")
-		_ = pipeCmdPassThrough("wsl", proxyConfigSetup, "-d", dist, "sh", "-c",
+		_ = wslPipe(proxyConfigSetup, dist, "sh", "-c",
 			"cat > /usr/local/bin/proxyinit; chmod 755 /usr/local/bin/proxyinit")
 
-		if err = pipeCmdPassThrough("wsl", content, "-d", dist, "/usr/local/bin/proxyinit"); err != nil {
+		if err = wslPipe(content, dist, "/usr/local/bin/proxyinit"); err != nil {
 			return fmt.Errorf("%v: %w", failMessage, err)
 		}
 	}
@@ -581,7 +602,7 @@ func configureProxy(dist string, useProxy bool) error {
 
 func enableUserLinger(v *MachineVM, dist string) error {
 	lingerCmd := "mkdir -p /var/lib/systemd/linger; touch /var/lib/systemd/linger/" + v.RemoteUsername
-	if err := runCmdPassThrough("wsl", "-d", dist, "sh", "-c", lingerCmd); err != nil {
+	if err := wslInvoke(dist, "sh", "-c", lingerCmd); err != nil {
 		return fmt.Errorf("could not enable linger for remote user on guest OS: %w", err)
 	}
 
@@ -589,26 +610,26 @@ func enableUserLinger(v *MachineVM, dist string) error {
 }
 
 func installScripts(dist string) error {
-	if err := pipeCmdPassThrough("wsl", enterns, "-d", dist, "sh", "-c",
+	if err := wslPipe(enterns, dist, "sh", "-c",
 		"cat > /usr/local/bin/enterns; chmod 755 /usr/local/bin/enterns"); err != nil {
 		return fmt.Errorf("could not create enterns script for guest OS: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", profile, "-d", dist, "sh", "-c",
+	if err := wslPipe(profile, dist, "sh", "-c",
 		"cat > /etc/profile.d/enterns.sh"); err != nil {
 		return fmt.Errorf("could not create motd profile script for guest OS: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", wslmotd, "-d", dist, "sh", "-c", "cat > /etc/wslmotd"); err != nil {
+	if err := wslPipe(wslmotd, dist, "sh", "-c", "cat > /etc/wslmotd"); err != nil {
 		return fmt.Errorf("could not create a WSL MOTD for guest OS: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", bootstrap, "-d", dist, "sh", "-c",
+	if err := wslPipe(bootstrap, dist, "sh", "-c",
 		"cat > /root/bootstrap; chmod 755 /root/bootstrap"); err != nil {
 		return fmt.Errorf("could not create bootstrap script for guest OS: %w", err)
 	}
 
-	if err := pipeCmdPassThrough("wsl", proxyConfigSetup, "-d", dist, "sh", "-c",
+	if err := wslPipe(proxyConfigSetup, dist, "sh", "-c",
 		"cat > /usr/local/bin/proxyinit; chmod 755 /usr/local/bin/proxyinit"); err != nil {
 		return fmt.Errorf("could not create proxyinit script for guest OS: %w", err)
 	}
@@ -617,13 +638,13 @@ func installScripts(dist string) error {
 }
 
 func checkAndInstallWSL(opts machine.InitOptions) (bool, error) {
-	if isWSLInstalled() {
+	if IsWSLInstalled() {
 		return true, nil
 	}
 
 	admin := hasAdminRights()
 
-	if !isWSLFeatureEnabled() {
+	if !IsWSLFeatureEnabled() {
 		return false, attemptFeatureInstall(opts, admin)
 	}
 
@@ -844,6 +865,22 @@ func withUser(s string, user string) string {
 	return strings.ReplaceAll(s, "[USER]", user)
 }
 
+func wslInvoke(dist string, arg ...string) error {
+	newArgs := []string{"-u", "root", "-d", dist}
+	newArgs = append(newArgs, arg...)
+	return runCmdPassThrough("wsl", newArgs...)
+}
+
+func wslPipe(input string, dist string, arg ...string) error {
+	newArgs := []string{"-u", "root", "-d", dist}
+	newArgs = append(newArgs, arg...)
+	return pipeCmdPassThrough("wsl", input, newArgs...)
+}
+
+func wslCreateKeys(sshDir string, name string, dist string) (string, error) {
+	return machine.CreateSSHKeysPrefix(sshDir, name, true, true, "wsl", "-u", "root", "-d", dist)
+}
+
 func runCmdPassThrough(name string, arg ...string) error {
 	logrus.Debugf("Running command: %s %v", name, arg)
 	cmd := exec.Command(name, arg...)
@@ -902,7 +939,7 @@ func (v *MachineVM) Set(_ string, opts machine.SetOptions) ([]error, error) {
 	if opts.Rootful != nil && v.Rootful != *opts.Rootful {
 		err := v.setRootful(*opts.Rootful)
 		if err != nil {
-			setErrors = append(setErrors, fmt.Errorf("error setting rootful option: %w", err))
+			setErrors = append(setErrors, fmt.Errorf("setting rootful option: %w", err))
 		} else {
 			v.Rootful = *opts.Rootful
 		}
@@ -935,7 +972,7 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
 		return err
 	}
 
-	err := runCmdPassThrough("wsl", "-d", dist, "/root/bootstrap")
+	err := wslInvoke(dist, "/root/bootstrap")
 	if err != nil {
 		return fmt.Errorf("the WSL bootstrap script failed: %w", err)
 	}
@@ -1024,8 +1061,8 @@ func launchWinProxy(v *MachineVM) (bool, string, error) {
 		return globalName, "", err
 	}
 
-	return globalName, pipePrefix + waitPipe, waitPipeExists(waitPipe, 30, func() error {
-		active, exitCode := getProcessState(cmd.Process.Pid)
+	return globalName, pipePrefix + waitPipe, waitPipeExists(waitPipe, 80, func() error {
+		active, exitCode := machine.GetProcessState(cmd.Process.Pid)
 		if !active {
 			return fmt.Errorf("win-sshproxy.exe failed to start, exit code: %d (see windows event logs)", exitCode)
 		}
@@ -1062,15 +1099,16 @@ func waitPipeExists(pipeName string, retries int, checkFailure func() error) err
 		if fail := checkFailure(); fail != nil {
 			return fail
 		}
-		time.Sleep(100 * time.Millisecond)
+		time.Sleep(250 * time.Millisecond)
 	}
 
 	return err
 }
 
-func isWSLInstalled() bool {
-	cmd := exec.Command("wsl", "--status")
+func IsWSLInstalled() bool {
+	cmd := SilentExecCmd("wsl", "--status")
 	out, err := cmd.StdoutPipe()
+	cmd.Stderr = nil
 	if err != nil {
 		return false
 	}
@@ -1094,9 +1132,8 @@ func isWSLInstalled() bool {
 	return true
 }
 
-func isWSLFeatureEnabled() bool {
-	cmd := exec.Command("wsl", "--set-default-version", "2")
-	return cmd.Run() == nil
+func IsWSLFeatureEnabled() bool {
+	return SilentExec("wsl", "--set-default-version", "2") == nil
 }
 
 func isWSLRunning(dist string) (bool, error) {
@@ -1124,7 +1161,7 @@ func isWSLRunning(dist string) (bool, error) {
 }
 
 func isSystemdRunning(dist string) (bool, error) {
-	cmd := exec.Command("wsl", "-d", dist, "sh")
+	cmd := exec.Command("wsl", "-u", "root", "-d", dist, "sh")
 	cmd.Stdin = strings.NewReader(sysdpid + "\necho $SYSDPID\n")
 	out, err := cmd.StdoutPipe()
 	if err != nil {
@@ -1174,13 +1211,13 @@ func (v *MachineVM) Stop(name string, _ machine.StopOptions) error {
 		fmt.Fprintf(os.Stderr, "Could not stop API forwarding service (win-sshproxy.exe): %s\n", err.Error())
 	}
 
-	cmd := exec.Command("wsl", "-d", dist, "sh")
+	cmd := exec.Command("wsl", "-u", "root", "-d", dist, "sh")
 	cmd.Stdin = strings.NewReader(waitTerm)
 	if err = cmd.Start(); err != nil {
 		return fmt.Errorf("executing wait command: %w", err)
 	}
 
-	exitCmd := exec.Command("wsl", "-d", dist, "/usr/local/bin/enterns", "systemctl", "exit", "0")
+	exitCmd := exec.Command("wsl", "-u", "root", "-d", dist, "/usr/local/bin/enterns", "systemctl", "exit", "0")
 	if err = exitCmd.Run(); err != nil {
 		return fmt.Errorf("stopping sysd: %w", err)
 	}
@@ -1189,12 +1226,12 @@ func (v *MachineVM) Stop(name string, _ machine.StopOptions) error {
 		return err
 	}
 
-	cmd = exec.Command("wsl", "--terminate", dist)
-	if err = cmd.Run(); err != nil {
-		return err
-	}
+	return terminateDist(dist)
+}
 
-	return nil
+func terminateDist(dist string) error {
+	cmd := exec.Command("wsl", "--terminate", dist)
+	return cmd.Run()
 }
 
 func (v *MachineVM) State(bypass bool) (machine.Status, error) {
@@ -1438,7 +1475,7 @@ func getCPUs(vm *MachineVM) (uint64, error) {
 	if run, _ := isWSLRunning(dist); !run {
 		return 0, nil
 	}
-	cmd := exec.Command("wsl", "-d", dist, "nproc")
+	cmd := exec.Command("wsl", "-u", "root", "-d", dist, "nproc")
 	out, err := cmd.StdoutPipe()
 	if err != nil {
 		return 0, err
@@ -1462,7 +1499,7 @@ func getMem(vm *MachineVM) (uint64, error) {
 	if run, _ := isWSLRunning(dist); !run {
 		return 0, nil
 	}
-	cmd := exec.Command("wsl", "-d", dist, "cat", "/proc/meminfo")
+	cmd := exec.Command("wsl", "-u", "root", "-d", dist, "cat", "/proc/meminfo")
 	out, err := cmd.StdoutPipe()
 	if err != nil {
 		return 0, err
diff --git a/pkg/machine/wsl/util_windows.go b/pkg/machine/wsl/util_windows.go
index 43f54fdd4..67d1bfc5c 100644
--- a/pkg/machine/wsl/util_windows.go
+++ b/pkg/machine/wsl/util_windows.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"syscall"
@@ -262,36 +263,24 @@ func obtainShutdownPrivilege() error {
 
 	var hToken uintptr
 	if ret, _, err := OpenProcessToken.Call(uintptr(proc), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, uintptr(unsafe.Pointer(&hToken))); ret != 1 {
-		return fmt.Errorf("error opening process token: %w", err)
+		return fmt.Errorf("opening process token: %w", err)
 	}
 
 	var privs TokenPrivileges
 	if ret, _, err := LookupPrivilegeValue.Call(uintptr(0), uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(SeShutdownName))), uintptr(unsafe.Pointer(&(privs.privileges[0].luid)))); ret != 1 {
-		return fmt.Errorf("error looking up shutdown privilege: %w", err)
+		return fmt.Errorf("looking up shutdown privilege: %w", err)
 	}
 
 	privs.privilegeCount = 1
 	privs.privileges[0].attributes = SE_PRIVILEGE_ENABLED
 
 	if ret, _, err := AdjustTokenPrivileges.Call(hToken, 0, uintptr(unsafe.Pointer(&privs)), 0, uintptr(0), 0); ret != 1 {
-		return fmt.Errorf("error enabling shutdown privilege on token: %w", err)
+		return fmt.Errorf("enabling shutdown privilege on token: %w", err)
 	}
 
 	return nil
 }
 
-func getProcessState(pid int) (active bool, exitCode int) {
-	const da = syscall.STANDARD_RIGHTS_READ | syscall.PROCESS_QUERY_INFORMATION | syscall.SYNCHRONIZE
-	handle, err := syscall.OpenProcess(da, false, uint32(pid))
-	if err != nil {
-		return false, int(syscall.ERROR_PROC_NOT_FOUND)
-	}
-
-	var code uint32
-	syscall.GetExitCodeProcess(handle, &code)
-	return code == 259, int(code)
-}
-
 func addRunOnceRegistryEntry(command string) error {
 	k, _, err := registry.CreateKey(registry.CURRENT_USER, `Software\Microsoft\Windows\CurrentVersion\RunOnce`, registry.WRITE)
 	if err != nil {
@@ -355,3 +344,17 @@ func sendQuit(tid uint32) {
 	postMessage := user32.NewProc("PostThreadMessageW")
 	postMessage.Call(uintptr(tid), WM_QUIT, 0, 0)
 }
+
+func SilentExec(command string, args ...string) error {
+	cmd := exec.Command(command, args...)
+	cmd.SysProcAttr = &syscall.SysProcAttr{CreationFlags: 0x08000000}
+	cmd.Stdout = nil
+	cmd.Stderr = nil
+	return cmd.Run()
+}
+
+func SilentExecCmd(command string, args ...string) *exec.Cmd {
+	cmd := exec.Command(command, args...)
+	cmd.SysProcAttr = &syscall.SysProcAttr{CreationFlags: 0x08000000}
+	return cmd
+}
diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go
index 8eacb8da7..6dd576ea5 100644
--- a/pkg/namespaces/namespaces.go
+++ b/pkg/namespaces/namespaces.go
@@ -21,6 +21,14 @@ const (
 	slirpType     = "slirp4netns"
 )
 
+// KeepIDUserNsOptions defines how to keepIDmatically create a user namespace.
+type KeepIDUserNsOptions struct {
+	// UID is the target uid in the user namespace.
+	UID *uint32
+	// GID is the target uid in the user namespace.
+	GID *uint32
+}
+
 // CgroupMode represents cgroup mode in the container.
 type CgroupMode string
 
@@ -93,7 +101,8 @@ func (n UsernsMode) IsHost() bool {
 
 // IsKeepID indicates whether container uses a mapping where the (uid, gid) on the host is kept inside of the namespace.
 func (n UsernsMode) IsKeepID() bool {
-	return n == "keep-id"
+	parts := strings.Split(string(n), ":")
+	return parts[0] == "keep-id"
 }
 
 // IsNoMap indicates whether container uses a mapping where the (uid, gid) on the host is not present in the namespace.
@@ -154,6 +163,44 @@ func (n UsernsMode) GetAutoOptions() (*types.AutoUserNsOptions, error) {
 	return &options, nil
 }
 
+// GetKeepIDOptions returns a KeepIDUserNsOptions with the settings to keepIDmatically set up
+// a user namespace.
+func (n UsernsMode) GetKeepIDOptions() (*KeepIDUserNsOptions, error) {
+	parts := strings.SplitN(string(n), ":", 2)
+	if parts[0] != "keep-id" {
+		return nil, fmt.Errorf("wrong user namespace mode")
+	}
+	options := KeepIDUserNsOptions{}
+	if len(parts) == 1 {
+		return &options, nil
+	}
+	for _, o := range strings.Split(parts[1], ",") {
+		v := strings.SplitN(o, "=", 2)
+		if len(v) != 2 {
+			return nil, fmt.Errorf("invalid option specified: %q", o)
+		}
+		switch v[0] {
+		case "uid":
+			s, err := strconv.ParseUint(v[1], 10, 32)
+			if err != nil {
+				return nil, err
+			}
+			v := uint32(s)
+			options.UID = &v
+		case "gid":
+			s, err := strconv.ParseUint(v[1], 10, 32)
+			if err != nil {
+				return nil, err
+			}
+			v := uint32(s)
+			options.GID = &v
+		default:
+			return nil, fmt.Errorf("unknown option specified: %q", v[0])
+		}
+	}
+	return &options, nil
+}
+
 // IsPrivate indicates whether the container uses the a private userns.
 func (n UsernsMode) IsPrivate() bool {
 	return !(n.IsHost() || n.IsContainer())
diff --git a/pkg/parallel/parallel.go b/pkg/parallel/parallel.go
index 7209f8aca..990c365cc 100644
--- a/pkg/parallel/parallel.go
+++ b/pkg/parallel/parallel.go
@@ -60,7 +60,7 @@ func Enqueue(ctx context.Context, fn func() error) <-chan error {
 		defer close(retChan)
 
 		if err := jobControl.Acquire(ctx, 1); err != nil {
-			retChan <- fmt.Errorf("error acquiring job control semaphore: %w", err)
+			retChan <- fmt.Errorf("acquiring job control semaphore: %w", err)
 			return
 		}
 
diff --git a/pkg/ps/ps.go b/pkg/ps/ps.go
index 7fc01de31..37da0b110 100644
--- a/pkg/ps/ps.go
+++ b/pkg/ps/ps.go
@@ -283,7 +283,7 @@ func ListStorageContainer(rt *libpod.Runtime, ctr storage.Container) (entities.L
 
 	buildahCtr, err := rt.IsBuildahContainer(ctr.ID)
 	if err != nil {
-		return ps, fmt.Errorf("error determining buildah container for container %s: %w", ctr.ID, err)
+		return ps, fmt.Errorf("determining buildah container for container %s: %w", ctr.ID, err)
 	}
 
 	if buildahCtr {
@@ -312,7 +312,7 @@ func ListStorageContainer(rt *libpod.Runtime, ctr storage.Container) (entities.L
 func getNamespaceInfo(path string) (string, error) {
 	val, err := os.Readlink(path)
 	if err != nil {
-		return "", fmt.Errorf("error getting info from %q: %w", path, err)
+		return "", fmt.Errorf("getting info from %q: %w", path, err)
 	}
 	return getStrFromSquareBrackets(val), nil
 }
diff --git a/pkg/rctl/rctl.go b/pkg/rctl/rctl.go
new file mode 100644
index 000000000..135cc60cb
--- /dev/null
+++ b/pkg/rctl/rctl.go
@@ -0,0 +1,47 @@
+//go:build freebsd
+// +build freebsd
+
+package rctl
+
+// #include <sys/rctl.h>
+import "C"
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+	"strings"
+	"syscall"
+	"unsafe"
+
+	"github.com/sirupsen/logrus"
+)
+
+func GetRacct(filter string) (map[string]uint64, error) {
+	bp, err := syscall.ByteSliceFromString(filter)
+	if err != nil {
+		return nil, err
+	}
+	var buf [1024]byte
+	_, _, errno := syscall.Syscall6(syscall.SYS_RCTL_GET_RACCT,
+		uintptr(unsafe.Pointer(&bp[0])),
+		uintptr(len(bp)),
+		uintptr(unsafe.Pointer(&buf[0])),
+		uintptr(len(buf)), 0, 0)
+	if errno != 0 {
+		return nil, fmt.Errorf("error calling rctl_get_racct with filter %s: %v", errno)
+	}
+	len := bytes.IndexByte(buf[:], byte(0))
+	entries := strings.Split(string(buf[:len]), ",")
+	res := make(map[string]uint64)
+	for _, entry := range entries {
+		kv := strings.SplitN(entry, "=", 2)
+		key := kv[0]
+		val, err := strconv.ParseUint(kv[1], 10, 0)
+		if err != nil {
+			logrus.Warnf("unexpected rctl entry, ignoring: %s", entry)
+		}
+		res[key] = val
+	}
+	return res, nil
+}
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index b0012b32b..f3453320f 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -251,20 +251,22 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
 		return false, 0, nil
 	}
 
-	if mounts, err := pmount.GetMounts(); err == nil {
-		for _, m := range mounts {
-			if m.Mountpoint == "/" {
-				isShared := false
-				for _, o := range strings.Split(m.Optional, ",") {
-					if strings.HasPrefix(o, "shared:") {
-						isShared = true
-						break
+	if _, inContainer := os.LookupEnv("container"); !inContainer {
+		if mounts, err := pmount.GetMounts(); err == nil {
+			for _, m := range mounts {
+				if m.Mountpoint == "/" {
+					isShared := false
+					for _, o := range strings.Split(m.Optional, ",") {
+						if strings.HasPrefix(o, "shared:") {
+							isShared = true
+							break
+						}
 					}
+					if !isShared {
+						logrus.Warningf("%q is not a shared mount, this could cause issues or missing mounts with rootless containers", m.Mountpoint)
+					}
+					break
 				}
-				if !isShared {
-					logrus.Warningf("%q is not a shared mount, this could cause issues or missing mounts with rootless containers", m.Mountpoint)
-				}
-				break
 			}
 		}
 	}
@@ -399,12 +401,13 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
 		// Try to join it.
 		data, err := ioutil.ReadFile(pausePid)
 		if err == nil {
-			pid, err := strconv.ParseUint(string(data), 10, 0)
+			var pid uint64
+			pid, err = strconv.ParseUint(string(data), 10, 0)
 			if err == nil {
 				return joinUserAndMountNS(uint(pid), "")
 			}
 		}
-		return false, -1, errors.New("setting up the process")
+		return false, -1, fmt.Errorf("setting up the process: %w", err)
 	}
 
 	if b[0] != '0' {
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 63d94b6b3..064245602 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -67,9 +67,9 @@ func (s *SpecGenerator) Validate() error {
 	if len(s.ContainerBasicConfig.Systemd) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.Systemd), SystemDValues) {
 		return fmt.Errorf("--systemd values must be one of %q: %w", strings.Join(SystemDValues, ", "), ErrInvalidSpecConfig)
 	}
-	// sdnotify values must be container, conmon, or ignore
-	if len(s.ContainerBasicConfig.SdNotifyMode) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.SdNotifyMode), SdNotifyModeValues) {
-		return fmt.Errorf("--sdnotify values must be one of %q: %w", strings.Join(SdNotifyModeValues, ", "), ErrInvalidSpecConfig)
+
+	if err := define.ValidateSdNotifyMode(s.ContainerBasicConfig.SdNotifyMode); err != nil {
+		return err
 	}
 
 	//
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 8cfac924b..c18b5654a 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"strconv"
 	"strings"
 	"time"
 
@@ -17,9 +18,8 @@ import (
 	envLib "github.com/containers/podman/v4/pkg/env"
 	"github.com/containers/podman/v4/pkg/signal"
 	"github.com/containers/podman/v4/pkg/specgen"
-	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/openshift/imagebuilder"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
 )
 
 func getImageFromSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) (*libimage.Image, string, *libimage.ImageData, error) {
@@ -115,7 +115,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	// Get Default Environment from containers.conf
 	defaultEnvs, err := envLib.ParseSlice(rtc.GetDefaultEnvEx(s.EnvHost, s.HTTPProxy))
 	if err != nil {
-		return nil, fmt.Errorf("error parsing fields in containers.conf: %w", err)
+		return nil, fmt.Errorf("parsing fields in containers.conf: %w", err)
 	}
 	var envs map[string]string
 
@@ -130,6 +130,17 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 		defaultEnvs = envLib.Join(envLib.DefaultEnvVariables(), envLib.Join(defaultEnvs, envs))
 	}
 
+	for _, e := range s.EnvMerge {
+		processedWord, err := imagebuilder.ProcessWord(e, envLib.Slice(defaultEnvs))
+		if err != nil {
+			return nil, fmt.Errorf("unable to process variables for --env-merge %s: %w", e, err)
+		}
+		splitWord := strings.Split(processedWord, "=")
+		if _, ok := defaultEnvs[splitWord[0]]; ok {
+			defaultEnvs[splitWord[0]] = splitWord[1]
+		}
+	}
+
 	for _, e := range s.UnsetEnv {
 		delete(defaultEnvs, e)
 	}
@@ -139,10 +150,8 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	}
 	// First transform the os env into a map. We need it for the labels later in
 	// any case.
-	osEnv, err := envLib.ParseSlice(os.Environ())
-	if err != nil {
-		return nil, fmt.Errorf("error parsing host environment variables: %w", err)
-	}
+	osEnv := envLib.Map(os.Environ())
+
 	// Caller Specified defaults
 	if s.EnvHost {
 		defaultEnvs = envLib.Join(defaultEnvs, osEnv)
@@ -191,16 +200,24 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	// - "container" denotes the container should join the VM of the SandboxID
 	//   (the infra container)
 	if len(s.Pod) > 0 {
-		annotations[ann.SandboxID] = s.Pod
+		p, err := r.LookupPod(s.Pod)
+		if err != nil {
+			return nil, err
+		}
+		sandboxID := p.ID()
+		if p.HasInfraContainer() {
+			infra, err := p.InfraContainer()
+			if err != nil {
+				return nil, err
+			}
+			sandboxID = infra.ID()
+		}
+		annotations[ann.SandboxID] = sandboxID
 		annotations[ann.ContainerType] = ann.ContainerTypeContainer
 		// Check if this is an init-ctr and if so, check if
 		// the pod is running.  we do not want to add init-ctrs to
 		// a running pod because it creates confusion for us.
 		if len(s.InitContainerType) > 0 {
-			p, err := r.LookupPod(s.Pod)
-			if err != nil {
-				return nil, err
-			}
 			containerStatuses, err := p.Status()
 			if err != nil {
 				return nil, err
@@ -254,19 +271,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	}
 
 	// If caller did not specify Pids Limits load default
-	if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil {
-		if s.CgroupsMode != "disabled" {
-			limit := rtc.PidsLimit()
-			if limit != 0 {
-				if s.ResourceLimits == nil {
-					s.ResourceLimits = &spec.LinuxResources{}
-				}
-				s.ResourceLimits.Pids = &spec.LinuxPids{
-					Limit: limit,
-				}
-			}
-		}
-	}
+	s.InitResourceLimits(rtc)
 
 	if s.LogConfiguration == nil {
 		s.LogConfiguration = &specgen.LogConfig{}
@@ -338,9 +343,21 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s
 	conf.Systemd = tmpSystemd
 	conf.Mounts = tmpMounts
 
-	if conf.Spec != nil && conf.Spec.Linux != nil && conf.Spec.Linux.Resources != nil {
-		if specg.ResourceLimits == nil {
-			specg.ResourceLimits = conf.Spec.Linux.Resources
+	if conf.Spec != nil {
+		if conf.Spec.Linux != nil && conf.Spec.Linux.Resources != nil {
+			if specg.ResourceLimits == nil {
+				specg.ResourceLimits = conf.Spec.Linux.Resources
+			}
+		}
+		if conf.Spec.Process != nil && conf.Spec.Process.Env != nil {
+			env := make(map[string]string)
+			for _, entry := range conf.Spec.Process.Env {
+				split := strings.Split(entry, "=")
+				if len(split) == 2 {
+					env[split[0]] = split[1]
+				}
+			}
+			specg.Env = env
 		}
 	}
 
@@ -487,71 +504,40 @@ func mapSecurityConfig(c *libpod.ContainerConfig, s *specgen.SpecGenerator) {
 	s.HostUsers = c.HostUsers
 }
 
-// FinishThrottleDevices takes the temporary representation of the throttle
-// devices in the specgen and looks up the major and major minors. it then
-// sets the throttle devices proper in the specgen
-func FinishThrottleDevices(s *specgen.SpecGenerator) error {
-	if s.ResourceLimits == nil {
-		s.ResourceLimits = &spec.LinuxResources{}
-	}
-	if bps := s.ThrottleReadBpsDevice; len(bps) > 0 {
-		if s.ResourceLimits.BlockIO == nil {
-			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
-		}
-		for k, v := range bps {
-			statT := unix.Stat_t{}
-			if err := unix.Stat(k, &statT); err != nil {
-				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
-			}
-			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
-			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
-			if s.ResourceLimits.BlockIO == nil {
-				s.ResourceLimits.BlockIO = new(spec.LinuxBlockIO)
+// Check name looks for existing containers/pods with the same name, and modifies the given string until a new name is found
+func CheckName(rt *libpod.Runtime, n string, kind bool) string {
+	switch {
+	case strings.Contains(n, "-clone"):
+		ind := strings.Index(n, "-clone") + 6
+		num, err := strconv.Atoi(n[ind:])
+		if num == 0 && err != nil { // clone1 is hard to get with this logic, just check for it here.
+			if kind {
+				_, err = rt.LookupContainer(n + "1")
+			} else {
+				_, err = rt.LookupPod(n + "1")
 			}
-			s.ResourceLimits.BlockIO.ThrottleReadBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleReadBpsDevice, v)
-		}
-	}
-	if bps := s.ThrottleWriteBpsDevice; len(bps) > 0 {
-		if s.ResourceLimits.BlockIO == nil {
-			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
-		}
-		for k, v := range bps {
-			statT := unix.Stat_t{}
-			if err := unix.Stat(k, &statT); err != nil {
-				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
-			}
-			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
-			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
-			s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice, v)
-		}
-	}
-	if iops := s.ThrottleReadIOPSDevice; len(iops) > 0 {
-		if s.ResourceLimits.BlockIO == nil {
-			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
-		}
-		for k, v := range iops {
-			statT := unix.Stat_t{}
-			if err := unix.Stat(k, &statT); err != nil {
-				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
+
+			if err != nil {
+				n += "1"
+				break
 			}
-			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
-			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
-			s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice, v)
-		}
-	}
-	if iops := s.ThrottleWriteIOPSDevice; len(iops) > 0 {
-		if s.ResourceLimits.BlockIO == nil {
-			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
+		} else {
+			n = n[0:ind]
 		}
-		for k, v := range iops {
-			statT := unix.Stat_t{}
-			if err := unix.Stat(k, &statT); err != nil {
-				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
+		err = nil
+		count := num
+		for err == nil {
+			count++
+			tempN := n + strconv.Itoa(count)
+			if kind {
+				_, err = rt.LookupContainer(tempN)
+			} else {
+				_, err = rt.LookupPod(tempN)
 			}
-			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
-			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
-			s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice, v)
 		}
+		n += strconv.Itoa(count)
+	default:
+		n += "-clone"
 	}
-	return nil
+	return n
 }
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 8334d386f..6ef5ca79c 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -35,7 +36,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 	if s.Pod != "" {
 		pod, err = rt.LookupPod(s.Pod)
 		if err != nil {
-			return nil, nil, nil, fmt.Errorf("error retrieving pod %s: %w", s.Pod, err)
+			return nil, nil, nil, fmt.Errorf("retrieving pod %s: %w", s.Pod, err)
 		}
 		if pod.HasInfraContainer() {
 			infra, err = pod.InfraContainer()
@@ -55,7 +56,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		}
 	}
 
-	if err := FinishThrottleDevices(s); err != nil {
+	if err := specgen.FinishThrottleDevices(s); err != nil {
 		return nil, nil, nil, err
 	}
 
@@ -343,7 +344,7 @@ func createContainerOptions(rt *libpod.Runtime, s *specgen.SpecGenerator, pod *l
 		if s.StopSignal == nil {
 			stopSignal, err := util.ParseSignal("RTMIN+3")
 			if err != nil {
-				return nil, fmt.Errorf("error parsing systemd signal: %w", err)
+				return nil, fmt.Errorf("parsing systemd signal: %w", err)
 			}
 			s.StopSignal = &stopSignal
 		}
@@ -352,7 +353,13 @@ func createContainerOptions(rt *libpod.Runtime, s *specgen.SpecGenerator, pod *l
 	}
 	if len(s.SdNotifyMode) > 0 {
 		options = append(options, libpod.WithSdNotifyMode(s.SdNotifyMode))
+		if s.SdNotifyMode != define.SdNotifyModeIgnore {
+			if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
+				options = append(options, libpod.WithSdNotifySocket(notify))
+			}
+		}
 	}
+
 	if pod != nil {
 		logrus.Debugf("adding container to pod %s", pod.Name())
 		options = append(options, rt.WithPod(pod))
@@ -380,9 +387,10 @@ func createContainerOptions(rt *libpod.Runtime, s *specgen.SpecGenerator, pod *l
 		var vols []*libpod.ContainerNamedVolume
 		for _, v := range volumes {
 			vols = append(vols, &libpod.ContainerNamedVolume{
-				Name:    v.Name,
-				Dest:    v.Dest,
-				Options: v.Options,
+				Name:        v.Name,
+				Dest:        v.Dest,
+				Options:     v.Options,
+				IsAnonymous: v.IsAnonymous,
 			})
 		}
 		options = append(options, libpod.WithNamedVolumes(vols))
@@ -507,6 +515,10 @@ func createContainerOptions(rt *libpod.Runtime, s *specgen.SpecGenerator, pod *l
 		logrus.Debugf("New container has a health check")
 	}
 
+	if s.ContainerHealthCheckConfig.HealthCheckOnFailureAction != define.HealthCheckOnFailureActionNone {
+		options = append(options, libpod.WithHealthCheckOnFailureAction(s.ContainerHealthCheckConfig.HealthCheckOnFailureAction))
+	}
+
 	if len(s.Secrets) != 0 {
 		manager, err := rt.SecretsManager()
 		if err != nil {
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index e9abf419b..7d85fd2f3 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"math"
 	"net"
+	"os"
 	"regexp"
 	"runtime"
 	"strconv"
@@ -26,6 +27,7 @@ import (
 	"github.com/containers/podman/v4/pkg/k8s.io/apimachinery/pkg/api/resource"
 	"github.com/containers/podman/v4/pkg/specgen"
 	"github.com/containers/podman/v4/pkg/specgen/generate"
+	systemdDefine "github.com/containers/podman/v4/pkg/systemd/define"
 	"github.com/containers/podman/v4/pkg/util"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/go-units"
@@ -205,12 +207,9 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 	s.SeccompProfilePath = opts.SeccompPaths.FindForContainer(opts.Container.Name)
 
 	s.ResourceLimits = &spec.LinuxResources{}
-	milliCPU, err := quantityToInt64(opts.Container.Resources.Limits.Cpu())
-	if err != nil {
-		return nil, fmt.Errorf("failed to set CPU quota: %w", err)
-	}
+	milliCPU := opts.Container.Resources.Limits.Cpu().MilliValue()
 	if milliCPU > 0 {
-		period, quota := util.CoresToPeriodAndQuota(float64(milliCPU))
+		period, quota := util.CoresToPeriodAndQuota(float64(milliCPU) / 1000)
 		s.ResourceLimits.CPU = &spec.LinuxCPU{
 			Quota:  &quota,
 			Period: &period,
@@ -357,8 +356,11 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 			// a selinux mount option exists for it
 			for k, v := range opts.Annotations {
 				// Make sure the z/Z option is not already there (from editing the YAML)
-				if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !cutil.StringInSlice("z", options) && !cutil.StringInSlice("Z", options) {
-					options = append(options, v)
+				if k == define.BindMountPrefix {
+					lastIndex := strings.LastIndex(v, ":")
+					if v[:lastIndex] == volumeSource.Source && !cutil.StringInSlice("z", options) && !cutil.StringInSlice("Z", options) {
+						options = append(options, v[lastIndex+1:])
+					}
 				}
 			}
 			mount := spec.Mount{
@@ -406,8 +408,15 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 				Name:    volumeSource.Source,
 				Options: options,
 			}
-
 			s.Volumes = append(s.Volumes, &secretVolume)
+		case KubeVolumeTypeEmptyDir:
+			emptyDirVolume := specgen.NamedVolume{
+				Dest:        volume.MountPath,
+				Name:        volumeSource.Source,
+				Options:     options,
+				IsAnonymous: true,
+			}
+			s.Volumes = append(s.Volumes, &emptyDirVolume)
 		default:
 			return nil, errors.New("unsupported volume source type")
 		}
@@ -435,6 +444,12 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 		}
 	}
 
+	// Make sure the container runs in a systemd unit which is
+	// stored as a label at container creation.
+	if unit := os.Getenv(systemdDefine.EnvVariable); unit != "" {
+		s.Labels[systemdDefine.EnvVariable] = unit
+	}
+
 	return s, nil
 }
 
diff --git a/pkg/specgen/generate/kube/play_test.go b/pkg/specgen/generate/kube/play_test.go
index 470c0c39c..ec0dc4bcd 100644
--- a/pkg/specgen/generate/kube/play_test.go
+++ b/pkg/specgen/generate/kube/play_test.go
@@ -24,11 +24,15 @@ func createSecrets(t *testing.T, d string) *secrets.SecretsManager {
 		"path": d,
 	}
 
+	storeOpts := secrets.StoreOptions{
+		DriverOpts: driverOpts,
+	}
+
 	for _, s := range k8sSecrets {
 		data, err := json.Marshal(s.Data)
 		assert.NoError(t, err)
 
-		_, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, driverOpts, nil)
+		_, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, storeOpts)
 		assert.NoError(t, err)
 	}
 
diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go
index c12adadd8..2d8085020 100644
--- a/pkg/specgen/generate/kube/volume.go
+++ b/pkg/specgen/generate/kube/volume.go
@@ -32,6 +32,7 @@ const (
 	KubeVolumeTypeBlockDevice
 	KubeVolumeTypeCharDevice
 	KubeVolumeTypeSecret
+	KubeVolumeTypeEmptyDir
 )
 
 //nolint:revive
@@ -62,13 +63,13 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error)
 			}
 			// Label a newly created volume
 			if err := libpod.LabelVolumePath(hostPath.Path); err != nil {
-				return nil, fmt.Errorf("error giving %s a label: %w", hostPath.Path, err)
+				return nil, fmt.Errorf("giving %s a label: %w", hostPath.Path, err)
 			}
 		case v1.HostPathFileOrCreate:
 			if _, err := os.Stat(hostPath.Path); os.IsNotExist(err) {
 				f, err := os.OpenFile(hostPath.Path, os.O_RDONLY|os.O_CREATE, kubeFilePermission)
 				if err != nil {
-					return nil, fmt.Errorf("error creating HostPath: %w", err)
+					return nil, fmt.Errorf("creating HostPath: %w", err)
 				}
 				if err := f.Close(); err != nil {
 					logrus.Warnf("Error in closing newly created HostPath file: %v", err)
@@ -76,12 +77,12 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error)
 			}
 			// unconditionally label a newly created volume
 			if err := libpod.LabelVolumePath(hostPath.Path); err != nil {
-				return nil, fmt.Errorf("error giving %s a label: %w", hostPath.Path, err)
+				return nil, fmt.Errorf("giving %s a label: %w", hostPath.Path, err)
 			}
 		case v1.HostPathSocket:
 			st, err := os.Stat(hostPath.Path)
 			if err != nil {
-				return nil, fmt.Errorf("error checking HostPathSocket: %w", err)
+				return nil, fmt.Errorf("checking HostPathSocket: %w", err)
 			}
 			if st.Mode()&os.ModeSocket != os.ModeSocket {
 				return nil, fmt.Errorf("checking HostPathSocket: path %s is not a socket", hostPath.Path)
@@ -89,7 +90,7 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error)
 		case v1.HostPathBlockDev:
 			dev, err := os.Stat(hostPath.Path)
 			if err != nil {
-				return nil, fmt.Errorf("error checking HostPathBlockDevice: %w", err)
+				return nil, fmt.Errorf("checking HostPathBlockDevice: %w", err)
 			}
 			if dev.Mode()&os.ModeCharDevice == os.ModeCharDevice {
 				return nil, fmt.Errorf("checking HostPathDevice: path %s is not a block device", hostPath.Path)
@@ -101,7 +102,7 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error)
 		case v1.HostPathCharDev:
 			dev, err := os.Stat(hostPath.Path)
 			if err != nil {
-				return nil, fmt.Errorf("error checking HostPathCharDevice: %w", err)
+				return nil, fmt.Errorf("checking HostPathCharDevice: %w", err)
 			}
 			if dev.Mode()&os.ModeCharDevice != os.ModeCharDevice {
 				return nil, fmt.Errorf("checking HostPathCharDevice: path %s is not a character device", hostPath.Path)
@@ -121,7 +122,7 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error)
 	}
 
 	if err := parse.ValidateVolumeHostDir(hostPath.Path); err != nil {
-		return nil, fmt.Errorf("error in parsing HostPath in YAML: %w", err)
+		return nil, fmt.Errorf("in parsing HostPath in YAML: %w", err)
 	}
 
 	return &KubeVolume{
@@ -219,8 +220,13 @@ func VolumeFromConfigMap(configMapVolumeSource *v1.ConfigMapVolumeSource, config
 	return kv, nil
 }
 
+// Create a kubeVolume for an emptyDir volume
+func VolumeFromEmptyDir(emptyDirVolumeSource *v1.EmptyDirVolumeSource, name string) (*KubeVolume, error) {
+	return &KubeVolume{Type: KubeVolumeTypeEmptyDir, Source: name}, nil
+}
+
 // Create a KubeVolume from one of the supported VolumeSource
-func VolumeFromSource(volumeSource v1.VolumeSource, configMaps []v1.ConfigMap, secretsManager *secrets.SecretsManager) (*KubeVolume, error) {
+func VolumeFromSource(volumeSource v1.VolumeSource, configMaps []v1.ConfigMap, secretsManager *secrets.SecretsManager, volName string) (*KubeVolume, error) {
 	switch {
 	case volumeSource.HostPath != nil:
 		return VolumeFromHostPath(volumeSource.HostPath)
@@ -230,8 +236,10 @@ func VolumeFromSource(volumeSource v1.VolumeSource, configMaps []v1.ConfigMap, s
 		return VolumeFromConfigMap(volumeSource.ConfigMap, configMaps)
 	case volumeSource.Secret != nil:
 		return VolumeFromSecret(volumeSource.Secret, secretsManager)
+	case volumeSource.EmptyDir != nil:
+		return VolumeFromEmptyDir(volumeSource.EmptyDir, volName)
 	default:
-		return nil, errors.New("HostPath, ConfigMap, and PersistentVolumeClaim are currently the only supported VolumeSource")
+		return nil, errors.New("HostPath, ConfigMap, EmptyDir, and PersistentVolumeClaim are currently the only supported VolumeSource")
 	}
 }
 
@@ -240,7 +248,7 @@ func InitializeVolumes(specVolumes []v1.Volume, configMaps []v1.ConfigMap, secre
 	volumes := make(map[string]*KubeVolume)
 
 	for _, specVolume := range specVolumes {
-		volume, err := VolumeFromSource(specVolume.VolumeSource, configMaps, secretsManager)
+		volume, err := VolumeFromSource(specVolume.VolumeSource, configMaps, secretsManager, specVolume.Name)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create volume %q: %w", specVolume.Name, err)
 		}
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index f0d4e9153..9497894f3 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -3,7 +3,6 @@ package generate
 import (
 	"errors"
 	"fmt"
-	"os"
 	"strings"
 
 	"github.com/containers/common/libimage"
@@ -11,11 +10,11 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/namespaces"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/specgen"
 	"github.com/containers/podman/v4/pkg/util"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/sirupsen/logrus"
 )
 
@@ -113,12 +112,12 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 		if err != nil {
 			// This is likely to be of the fatal kind (pod was
 			// removed) so hard fail
-			return nil, fmt.Errorf("error looking up pod %s infra container: %w", pod.ID(), err)
+			return nil, fmt.Errorf("looking up pod %s infra container: %w", pod.ID(), err)
 		}
 		if infraID != "" {
 			ctr, err := rt.GetContainer(infraID)
 			if err != nil {
-				return nil, fmt.Errorf("error retrieving pod %s infra container %s: %w", pod.ID(), infraID, err)
+				return nil, fmt.Errorf("retrieving pod %s infra container %s: %w", pod.ID(), infraID, err)
 			}
 			infraCtr = ctr
 		}
@@ -136,7 +135,7 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 	case specgen.FromContainer:
 		pidCtr, err := rt.LookupContainer(s.PidNS.Value)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up container to share pid namespace with: %w", err)
+			return nil, fmt.Errorf("looking up container to share pid namespace with: %w", err)
 		}
 		toReturn = append(toReturn, libpod.WithPIDNSFrom(pidCtr))
 	}
@@ -155,7 +154,7 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 	case specgen.FromContainer:
 		ipcCtr, err := rt.LookupContainer(s.IpcNS.Value)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up container to share ipc namespace with: %w", err)
+			return nil, fmt.Errorf("looking up container to share ipc namespace with: %w", err)
 		}
 		if ipcCtr.ConfigNoCopy().NoShmShare {
 			return nil, fmt.Errorf("joining IPC of container %s is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)", ipcCtr.ID())
@@ -187,7 +186,7 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 	case specgen.FromContainer:
 		utsCtr, err := rt.LookupContainer(s.UtsNS.Value)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up container to share uts namespace with: %w", err)
+			return nil, fmt.Errorf("looking up container to share uts namespace with: %w", err)
 		}
 		toReturn = append(toReturn, libpod.WithUTSNSFrom(utsCtr))
 	}
@@ -198,12 +197,18 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 		if !rootless.IsRootless() {
 			return nil, errors.New("keep-id is only supported in rootless mode")
 		}
-		toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+		opts, err := namespaces.UsernsMode(s.UserNS.String()).GetKeepIDOptions()
+		if err != nil {
+			return nil, err
+		}
+		if opts.UID == nil && opts.GID == nil {
+			toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+		}
 
 		// If user is not overridden, set user in the container
 		// to user running Podman.
 		if s.User == "" {
-			_, uid, gid, err := util.GetKeepIDMapping()
+			_, uid, gid, err := util.GetKeepIDMapping(opts)
 			if err != nil {
 				return nil, err
 			}
@@ -222,7 +227,7 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 	case specgen.FromContainer:
 		userCtr, err := rt.LookupContainer(s.UserNS.Value)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up container to share user namespace with: %w", err)
+			return nil, fmt.Errorf("looking up container to share user namespace with: %w", err)
 		}
 		toReturn = append(toReturn, libpod.WithUserNSFrom(userCtr))
 	}
@@ -254,7 +259,7 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 	case specgen.FromContainer:
 		cgroupCtr, err := rt.LookupContainer(s.CgroupNS.Value)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up container to share cgroup namespace with: %w", err)
+			return nil, fmt.Errorf("looking up container to share cgroup namespace with: %w", err)
 		}
 		toReturn = append(toReturn, libpod.WithCgroupNSFrom(cgroupCtr))
 	}
@@ -282,7 +287,7 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 	case specgen.FromContainer:
 		netCtr, err := rt.LookupContainer(s.NetNS.Value)
 		if err != nil {
-			return nil, fmt.Errorf("error looking up container to share net namespace with: %w", err)
+			return nil, fmt.Errorf("looking up container to share net namespace with: %w", err)
 		}
 		toReturn = append(toReturn, libpod.WithNetNSFrom(netCtr))
 	case specgen.Slirp:
@@ -357,153 +362,6 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 	return toReturn, nil
 }
 
-func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt *libpod.Runtime, pod *libpod.Pod) error {
-	// PID
-	switch s.PidNS.NSMode {
-	case specgen.Path:
-		if _, err := os.Stat(s.PidNS.Value); err != nil {
-			return fmt.Errorf("cannot find specified PID namespace path: %w", err)
-		}
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), s.PidNS.Value); err != nil {
-			return err
-		}
-	case specgen.Host:
-		if err := g.RemoveLinuxNamespace(string(spec.PIDNamespace)); err != nil {
-			return err
-		}
-	case specgen.Private:
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), ""); err != nil {
-			return err
-		}
-	}
-
-	// IPC
-	switch s.IpcNS.NSMode {
-	case specgen.Path:
-		if _, err := os.Stat(s.IpcNS.Value); err != nil {
-			return fmt.Errorf("cannot find specified IPC namespace path: %w", err)
-		}
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), s.IpcNS.Value); err != nil {
-			return err
-		}
-	case specgen.Host:
-		if err := g.RemoveLinuxNamespace(string(spec.IPCNamespace)); err != nil {
-			return err
-		}
-	case specgen.Private:
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), ""); err != nil {
-			return err
-		}
-	}
-
-	// UTS
-	switch s.UtsNS.NSMode {
-	case specgen.Path:
-		if _, err := os.Stat(s.UtsNS.Value); err != nil {
-			return fmt.Errorf("cannot find specified UTS namespace path: %w", err)
-		}
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.UTSNamespace), s.UtsNS.Value); err != nil {
-			return err
-		}
-	case specgen.Host:
-		if err := g.RemoveLinuxNamespace(string(spec.UTSNamespace)); err != nil {
-			return err
-		}
-	case specgen.Private:
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.UTSNamespace), ""); err != nil {
-			return err
-		}
-	}
-
-	hostname := s.Hostname
-	if hostname == "" {
-		switch {
-		case s.UtsNS.NSMode == specgen.FromPod:
-			hostname = pod.Hostname()
-		case s.UtsNS.NSMode == specgen.FromContainer:
-			utsCtr, err := rt.LookupContainer(s.UtsNS.Value)
-			if err != nil {
-				return fmt.Errorf("error looking up container to share uts namespace with: %w", err)
-			}
-			hostname = utsCtr.Hostname()
-		case (s.NetNS.NSMode == specgen.Host && hostname == "") || s.UtsNS.NSMode == specgen.Host:
-			tmpHostname, err := os.Hostname()
-			if err != nil {
-				return fmt.Errorf("unable to retrieve hostname of the host: %w", err)
-			}
-			hostname = tmpHostname
-		default:
-			logrus.Debug("No hostname set; container's hostname will default to runtime default")
-		}
-	}
-
-	g.RemoveHostname()
-	if s.Hostname != "" || s.UtsNS.NSMode != specgen.Host {
-		// Set the hostname in the OCI configuration only if specified by
-		// the user or if we are creating a new UTS namespace.
-		// TODO: Should we be doing this for pod or container shared
-		// namespaces?
-		g.SetHostname(hostname)
-	}
-	if _, ok := s.Env["HOSTNAME"]; !ok && s.Hostname != "" {
-		g.AddProcessEnv("HOSTNAME", hostname)
-	}
-
-	// User
-	if _, err := specgen.SetupUserNS(s.IDMappings, s.UserNS, g); err != nil {
-		return err
-	}
-
-	// Cgroup
-	switch s.CgroupNS.NSMode {
-	case specgen.Path:
-		if _, err := os.Stat(s.CgroupNS.Value); err != nil {
-			return fmt.Errorf("cannot find specified cgroup namespace path: %w", err)
-		}
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), s.CgroupNS.Value); err != nil {
-			return err
-		}
-	case specgen.Host:
-		if err := g.RemoveLinuxNamespace(string(spec.CgroupNamespace)); err != nil {
-			return err
-		}
-	case specgen.Private:
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), ""); err != nil {
-			return err
-		}
-	}
-
-	// Net
-	switch s.NetNS.NSMode {
-	case specgen.Path:
-		if _, err := os.Stat(s.NetNS.Value); err != nil {
-			return fmt.Errorf("cannot find specified network namespace path: %w", err)
-		}
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), s.NetNS.Value); err != nil {
-			return err
-		}
-	case specgen.Host:
-		if err := g.RemoveLinuxNamespace(string(spec.NetworkNamespace)); err != nil {
-			return err
-		}
-	case specgen.Private, specgen.NoNetwork:
-		if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), ""); err != nil {
-			return err
-		}
-	}
-
-	if g.Config.Annotations == nil {
-		g.Config.Annotations = make(map[string]string)
-	}
-	if s.PublishExposedPorts {
-		g.Config.Annotations[define.InspectAnnotationPublishAll] = define.InspectResponseTrue
-	} else {
-		g.Config.Annotations[define.InspectAnnotationPublishAll] = define.InspectResponseFalse
-	}
-
-	return nil
-}
-
 // GetNamespaceOptions transforms a slice of kernel namespaces
 // into a slice of pod create options. Currently, not all
 // kernel namespaces are supported, and they will be returned in an error
diff --git a/pkg/specgen/generate/namespaces_freebsd.go b/pkg/specgen/generate/namespaces_freebsd.go
new file mode 100644
index 000000000..f4246de34
--- /dev/null
+++ b/pkg/specgen/generate/namespaces_freebsd.go
@@ -0,0 +1,51 @@
+package generate
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/sirupsen/logrus"
+)
+
+func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt *libpod.Runtime, pod *libpod.Pod) error {
+	// UTS
+
+	hostname := s.Hostname
+	if hostname == "" {
+		switch {
+		case s.UtsNS.NSMode == specgen.FromPod:
+			hostname = pod.Hostname()
+		case s.UtsNS.NSMode == specgen.FromContainer:
+			utsCtr, err := rt.LookupContainer(s.UtsNS.Value)
+			if err != nil {
+				return fmt.Errorf("looking up container to share uts namespace with: %w", err)
+			}
+			hostname = utsCtr.Hostname()
+		case (s.NetNS.NSMode == specgen.Host && hostname == "") || s.UtsNS.NSMode == specgen.Host:
+			tmpHostname, err := os.Hostname()
+			if err != nil {
+				return fmt.Errorf("unable to retrieve hostname of the host: %w", err)
+			}
+			hostname = tmpHostname
+		default:
+			logrus.Debug("No hostname set; container's hostname will default to runtime default")
+		}
+	}
+
+	g.RemoveHostname()
+	if s.Hostname != "" || s.UtsNS.NSMode != specgen.Host {
+		// Set the hostname in the OCI configuration only if specified by
+		// the user or if we are creating a new UTS namespace.
+		// TODO: Should we be doing this for pod or container shared
+		// namespaces?
+		g.SetHostname(hostname)
+	}
+	if _, ok := s.Env["HOSTNAME"]; !ok && s.Hostname != "" {
+		g.AddProcessEnv("HOSTNAME", hostname)
+	}
+
+	return nil
+}
diff --git a/pkg/specgen/generate/namespaces_linux.go b/pkg/specgen/generate/namespaces_linux.go
new file mode 100644
index 000000000..9fda000f9
--- /dev/null
+++ b/pkg/specgen/generate/namespaces_linux.go
@@ -0,0 +1,160 @@
+package generate
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/specgen"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/sirupsen/logrus"
+)
+
+func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt *libpod.Runtime, pod *libpod.Pod) error {
+	// PID
+	switch s.PidNS.NSMode {
+	case specgen.Path:
+		if _, err := os.Stat(s.PidNS.Value); err != nil {
+			return fmt.Errorf("cannot find specified PID namespace path: %w", err)
+		}
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), s.PidNS.Value); err != nil {
+			return err
+		}
+	case specgen.Host:
+		if err := g.RemoveLinuxNamespace(string(spec.PIDNamespace)); err != nil {
+			return err
+		}
+	case specgen.Private:
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), ""); err != nil {
+			return err
+		}
+	}
+
+	// IPC
+	switch s.IpcNS.NSMode {
+	case specgen.Path:
+		if _, err := os.Stat(s.IpcNS.Value); err != nil {
+			return fmt.Errorf("cannot find specified IPC namespace path: %w", err)
+		}
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), s.IpcNS.Value); err != nil {
+			return err
+		}
+	case specgen.Host:
+		if err := g.RemoveLinuxNamespace(string(spec.IPCNamespace)); err != nil {
+			return err
+		}
+	case specgen.Private:
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), ""); err != nil {
+			return err
+		}
+	}
+
+	// UTS
+	switch s.UtsNS.NSMode {
+	case specgen.Path:
+		if _, err := os.Stat(s.UtsNS.Value); err != nil {
+			return fmt.Errorf("cannot find specified UTS namespace path: %w", err)
+		}
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.UTSNamespace), s.UtsNS.Value); err != nil {
+			return err
+		}
+	case specgen.Host:
+		if err := g.RemoveLinuxNamespace(string(spec.UTSNamespace)); err != nil {
+			return err
+		}
+	case specgen.Private:
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.UTSNamespace), ""); err != nil {
+			return err
+		}
+	}
+
+	hostname := s.Hostname
+	if hostname == "" {
+		switch {
+		case s.UtsNS.NSMode == specgen.FromPod:
+			hostname = pod.Hostname()
+		case s.UtsNS.NSMode == specgen.FromContainer:
+			utsCtr, err := rt.LookupContainer(s.UtsNS.Value)
+			if err != nil {
+				return fmt.Errorf("looking up container to share uts namespace with: %w", err)
+			}
+			hostname = utsCtr.Hostname()
+		case (s.NetNS.NSMode == specgen.Host && hostname == "") || s.UtsNS.NSMode == specgen.Host:
+			tmpHostname, err := os.Hostname()
+			if err != nil {
+				return fmt.Errorf("unable to retrieve hostname of the host: %w", err)
+			}
+			hostname = tmpHostname
+		default:
+			logrus.Debug("No hostname set; container's hostname will default to runtime default")
+		}
+	}
+
+	g.RemoveHostname()
+	if s.Hostname != "" || s.UtsNS.NSMode != specgen.Host {
+		// Set the hostname in the OCI configuration only if specified by
+		// the user or if we are creating a new UTS namespace.
+		// TODO: Should we be doing this for pod or container shared
+		// namespaces?
+		g.SetHostname(hostname)
+	}
+	if _, ok := s.Env["HOSTNAME"]; !ok && s.Hostname != "" {
+		g.AddProcessEnv("HOSTNAME", hostname)
+	}
+
+	// User
+	if _, err := specgen.SetupUserNS(s.IDMappings, s.UserNS, g); err != nil {
+		return err
+	}
+
+	// Cgroup
+	switch s.CgroupNS.NSMode {
+	case specgen.Path:
+		if _, err := os.Stat(s.CgroupNS.Value); err != nil {
+			return fmt.Errorf("cannot find specified cgroup namespace path: %w", err)
+		}
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), s.CgroupNS.Value); err != nil {
+			return err
+		}
+	case specgen.Host:
+		if err := g.RemoveLinuxNamespace(string(spec.CgroupNamespace)); err != nil {
+			return err
+		}
+	case specgen.Private:
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), ""); err != nil {
+			return err
+		}
+	}
+
+	// Net
+	switch s.NetNS.NSMode {
+	case specgen.Path:
+		if _, err := os.Stat(s.NetNS.Value); err != nil {
+			return fmt.Errorf("cannot find specified network namespace path: %w", err)
+		}
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), s.NetNS.Value); err != nil {
+			return err
+		}
+	case specgen.Host:
+		if err := g.RemoveLinuxNamespace(string(spec.NetworkNamespace)); err != nil {
+			return err
+		}
+	case specgen.Private, specgen.NoNetwork:
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), ""); err != nil {
+			return err
+		}
+	}
+
+	if g.Config.Annotations == nil {
+		g.Config.Annotations = make(map[string]string)
+	}
+	if s.PublishExposedPorts {
+		g.Config.Annotations[define.InspectAnnotationPublishAll] = define.InspectResponseTrue
+	} else {
+		g.Config.Annotations[define.InspectAnnotationPublishAll] = define.InspectResponseFalse
+	}
+
+	return nil
+}
diff --git a/pkg/specgen/generate/namespaces_unsupported.go b/pkg/specgen/generate/namespaces_unsupported.go
new file mode 100644
index 000000000..c4a9c22d8
--- /dev/null
+++ b/pkg/specgen/generate/namespaces_unsupported.go
@@ -0,0 +1,16 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package generate
+
+import (
+	"errors"
+
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/opencontainers/runtime-tools/generate"
+)
+
+func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt *libpod.Runtime, pod *libpod.Pod) error {
+	return errors.New("unsupported specConfigureNamespaces")
+}
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index f59fe1011..3ac1a9b3f 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -1,37 +1,19 @@
 package generate
 
 import (
-	"context"
-	"encoding/json"
 	"fmt"
-	"path"
 	"strings"
 
 	"github.com/containers/common/libimage"
-	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/specgen"
-	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
-func setProcOpts(s *specgen.SpecGenerator, g *generate.Generator) {
-	if s.ProcOpts == nil {
-		return
-	}
-	for i := range g.Config.Mounts {
-		if g.Config.Mounts[i].Destination == "/proc" {
-			g.Config.Mounts[i].Options = s.ProcOpts
-			return
-		}
-	}
-}
-
 func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) {
 	var (
 		isRootless = rootless.IsRootless()
@@ -58,38 +40,38 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) {
 	// files and number of processes to the maximum they can be set to
 	// (without overriding a sysctl)
 	if !nofileSet {
-		max := define.RLimitDefaultValue
-		current := define.RLimitDefaultValue
+		max := rlimT(define.RLimitDefaultValue)
+		current := rlimT(define.RLimitDefaultValue)
 		if isRootless {
 			var rlimit unix.Rlimit
 			if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
 				logrus.Warnf("Failed to return RLIMIT_NOFILE ulimit %q", err)
 			}
-			if rlimit.Cur < current {
-				current = rlimit.Cur
+			if rlimT(rlimit.Cur) < current {
+				current = rlimT(rlimit.Cur)
 			}
-			if rlimit.Max < max {
-				max = rlimit.Max
+			if rlimT(rlimit.Max) < max {
+				max = rlimT(rlimit.Max)
 			}
 		}
-		g.AddProcessRlimits("RLIMIT_NOFILE", max, current)
+		g.AddProcessRlimits("RLIMIT_NOFILE", uint64(max), uint64(current))
 	}
 	if !nprocSet {
-		max := define.RLimitDefaultValue
-		current := define.RLimitDefaultValue
+		max := rlimT(define.RLimitDefaultValue)
+		current := rlimT(define.RLimitDefaultValue)
 		if isRootless {
 			var rlimit unix.Rlimit
 			if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
 				logrus.Warnf("Failed to return RLIMIT_NPROC ulimit %q", err)
 			}
-			if rlimit.Cur < current {
-				current = rlimit.Cur
+			if rlimT(rlimit.Cur) < current {
+				current = rlimT(rlimit.Cur)
 			}
-			if rlimit.Max < max {
-				max = rlimit.Max
+			if rlimT(rlimit.Max) < max {
+				max = rlimT(rlimit.Max)
 			}
 		}
-		g.AddProcessRlimits("RLIMIT_NPROC", max, current)
+		g.AddProcessRlimits("RLIMIT_NPROC", uint64(max), uint64(current))
 	}
 }
 
@@ -133,302 +115,3 @@ func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *c
 
 	return finalCommand, nil
 }
-
-// canMountSys is a best-effort heuristic to detect whether mounting a new sysfs is permitted in the container
-func canMountSys(isRootless, isNewUserns bool, s *specgen.SpecGenerator) bool {
-	if s.NetNS.IsHost() && (isRootless || isNewUserns) {
-		return false
-	}
-	if isNewUserns {
-		switch s.NetNS.NSMode {
-		case specgen.Slirp, specgen.Private, specgen.NoNetwork, specgen.Bridge:
-			return true
-		default:
-			return false
-		}
-	}
-	return true
-}
-
-func getCgroupPermissons(unmask []string) string {
-	ro := "ro"
-	rw := "rw"
-	cgroup := "/sys/fs/cgroup"
-
-	cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
-	if !cgroupv2 {
-		return ro
-	}
-
-	if unmask != nil && unmask[0] == "ALL" {
-		return rw
-	}
-
-	for _, p := range unmask {
-		if path.Clean(p) == cgroup {
-			return rw
-		}
-	}
-	return ro
-}
-
-// SpecGenToOCI returns the base configuration for the container.
-func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
-	cgroupPerm := getCgroupPermissons(s.Unmask)
-
-	g, err := generate.New("linux")
-	if err != nil {
-		return nil, err
-	}
-	// Remove the default /dev/shm mount to ensure we overwrite it
-	g.RemoveMount("/dev/shm")
-	g.HostSpecific = true
-	addCgroup := true
-
-	isRootless := rootless.IsRootless()
-	isNewUserns := s.UserNS.IsContainer() || s.UserNS.IsPath() || s.UserNS.IsPrivate()
-
-	canMountSys := canMountSys(isRootless, isNewUserns, s)
-
-	if s.Privileged && canMountSys {
-		cgroupPerm = "rw"
-		g.RemoveMount("/sys")
-		sysMnt := spec.Mount{
-			Destination: "/sys",
-			Type:        "sysfs",
-			Source:      "sysfs",
-			Options:     []string{"rprivate", "nosuid", "noexec", "nodev", "rw"},
-		}
-		g.AddMount(sysMnt)
-	}
-	if !canMountSys {
-		addCgroup = false
-		g.RemoveMount("/sys")
-		r := "ro"
-		if s.Privileged {
-			r = "rw"
-		}
-		sysMnt := spec.Mount{
-			Destination: "/sys",
-			Type:        "bind", // should we use a constant for this, like createconfig?
-			Source:      "/sys",
-			Options:     []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"},
-		}
-		g.AddMount(sysMnt)
-		if !s.Privileged && isRootless {
-			g.AddLinuxMaskedPaths("/sys/kernel")
-		}
-	}
-	gid5Available := true
-	if isRootless {
-		nGids, err := rootless.GetAvailableGids()
-		if err != nil {
-			return nil, err
-		}
-		gid5Available = nGids >= 5
-	}
-	// When using a different user namespace, check that the GID 5 is mapped inside
-	// the container.
-	if gid5Available && (s.IDMappings != nil && len(s.IDMappings.GIDMap) > 0) {
-		mappingFound := false
-		for _, r := range s.IDMappings.GIDMap {
-			if r.ContainerID <= 5 && 5 < r.ContainerID+r.Size {
-				mappingFound = true
-				break
-			}
-		}
-		if !mappingFound {
-			gid5Available = false
-		}
-	}
-	if !gid5Available {
-		// If we have no GID mappings, the gid=5 default option would fail, so drop it.
-		g.RemoveMount("/dev/pts")
-		devPts := spec.Mount{
-			Destination: "/dev/pts",
-			Type:        "devpts",
-			Source:      "devpts",
-			Options:     []string{"rprivate", "nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"},
-		}
-		g.AddMount(devPts)
-	}
-
-	inUserNS := isRootless || isNewUserns
-
-	if inUserNS && s.IpcNS.IsHost() {
-		g.RemoveMount("/dev/mqueue")
-		devMqueue := spec.Mount{
-			Destination: "/dev/mqueue",
-			Type:        "bind", // constant ?
-			Source:      "/dev/mqueue",
-			Options:     []string{"bind", "nosuid", "noexec", "nodev"},
-		}
-		g.AddMount(devMqueue)
-	}
-	if inUserNS && s.PidNS.IsHost() {
-		g.RemoveMount("/proc")
-		procMount := spec.Mount{
-			Destination: "/proc",
-			Type:        define.TypeBind,
-			Source:      "/proc",
-			Options:     []string{"rbind", "nosuid", "noexec", "nodev"},
-		}
-		g.AddMount(procMount)
-	}
-
-	if addCgroup {
-		cgroupMnt := spec.Mount{
-			Destination: "/sys/fs/cgroup",
-			Type:        "cgroup",
-			Source:      "cgroup",
-			Options:     []string{"rprivate", "nosuid", "noexec", "nodev", "relatime", cgroupPerm},
-		}
-		g.AddMount(cgroupMnt)
-	}
-
-	g.Config.Linux.Personality = s.Personality
-
-	g.SetProcessCwd(s.WorkDir)
-
-	g.SetProcessArgs(finalCmd)
-
-	g.SetProcessTerminal(s.Terminal)
-
-	for key, val := range s.Annotations {
-		g.AddAnnotation(key, val)
-	}
-
-	if s.ResourceLimits != nil {
-		out, err := json.Marshal(s.ResourceLimits)
-		if err != nil {
-			return nil, err
-		}
-		err = json.Unmarshal(out, g.Config.Linux.Resources)
-		if err != nil {
-			return nil, err
-		}
-		g.Config.Linux.Resources = s.ResourceLimits
-	}
-
-	weightDevices, err := WeightDevices(s.WeightDevice)
-	if err != nil {
-		return nil, err
-	}
-	if len(weightDevices) > 0 {
-		for _, dev := range weightDevices {
-			g.AddLinuxResourcesBlockIOWeightDevice(dev.Major, dev.Minor, *dev.Weight)
-		}
-	}
-
-	// Devices
-	// set the default rule at the beginning of device configuration
-	if !inUserNS && !s.Privileged {
-		g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm")
-	}
-
-	var userDevices []spec.LinuxDevice
-
-	if !s.Privileged {
-		// add default devices from containers.conf
-		for _, device := range rtc.Containers.Devices {
-			if err = DevicesFromPath(&g, device); err != nil {
-				return nil, err
-			}
-		}
-		if len(compatibleOptions.HostDeviceList) > 0 && len(s.Devices) == 0 {
-			userDevices = compatibleOptions.HostDeviceList
-		} else {
-			userDevices = s.Devices
-		}
-		// add default devices specified by caller
-		for _, device := range userDevices {
-			if err = DevicesFromPath(&g, device.Path); err != nil {
-				return nil, err
-			}
-		}
-	}
-	s.HostDeviceList = userDevices
-
-	// set the devices cgroup when not running in a user namespace
-	if !inUserNS && !s.Privileged {
-		for _, dev := range s.DeviceCgroupRule {
-			g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
-		}
-	}
-
-	BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), s.Mask, s.Unmask, &g)
-
-	g.ClearProcessEnv()
-	for name, val := range s.Env {
-		g.AddProcessEnv(name, val)
-	}
-
-	addRlimits(s, &g)
-
-	// NAMESPACES
-	if err := specConfigureNamespaces(s, &g, rt, pod); err != nil {
-		return nil, err
-	}
-	configSpec := g.Config
-
-	if err := securityConfigureGenerator(s, &g, newImage, rtc); err != nil {
-		return nil, err
-	}
-
-	// BIND MOUNTS
-	configSpec.Mounts = SupersedeUserMounts(mounts, configSpec.Mounts)
-	// Process mounts to ensure correct options
-	if err := InitFSMounts(configSpec.Mounts); err != nil {
-		return nil, err
-	}
-
-	// Add annotations
-	if configSpec.Annotations == nil {
-		configSpec.Annotations = make(map[string]string)
-	}
-
-	if s.Remove {
-		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseTrue
-	} else {
-		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseFalse
-	}
-
-	if len(s.VolumesFrom) > 0 {
-		configSpec.Annotations[define.InspectAnnotationVolumesFrom] = strings.Join(s.VolumesFrom, ",")
-	}
-
-	if s.Privileged {
-		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseTrue
-	} else {
-		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseFalse
-	}
-
-	if s.Init {
-		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseTrue
-	} else {
-		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseFalse
-	}
-
-	if s.OOMScoreAdj != nil {
-		g.SetProcessOOMScoreAdj(*s.OOMScoreAdj)
-	}
-	setProcOpts(s, &g)
-
-	return configSpec, nil
-}
-
-func WeightDevices(wtDevices map[string]spec.LinuxWeightDevice) ([]spec.LinuxWeightDevice, error) {
-	devs := []spec.LinuxWeightDevice{}
-	for k, v := range wtDevices {
-		statT := unix.Stat_t{}
-		if err := unix.Stat(k, &statT); err != nil {
-			return nil, fmt.Errorf("failed to inspect '%s' in --blkio-weight-device: %w", k, err)
-		}
-		dev := new(spec.LinuxWeightDevice)
-		dev.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
-		dev.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
-		dev.Weight = v.Weight
-		devs = append(devs, *dev)
-	}
-	return devs, nil
-}
diff --git a/pkg/specgen/generate/oci_freebsd.go b/pkg/specgen/generate/oci_freebsd.go
new file mode 100644
index 000000000..71c926fd2
--- /dev/null
+++ b/pkg/specgen/generate/oci_freebsd.go
@@ -0,0 +1,96 @@
+//go:build freebsd
+
+package generate
+
+import (
+	"context"
+	"strings"
+
+	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/specgen"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-tools/generate"
+)
+
+// SpecGenToOCI returns the base configuration for the container.
+func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
+	g, err := generate.New("freebsd")
+	if err != nil {
+		return nil, err
+	}
+
+	g.SetProcessCwd(s.WorkDir)
+
+	g.SetProcessArgs(finalCmd)
+
+	g.SetProcessTerminal(s.Terminal)
+
+	for key, val := range s.Annotations {
+		g.AddAnnotation(key, val)
+	}
+
+	g.ClearProcessEnv()
+	for name, val := range s.Env {
+		g.AddProcessEnv(name, val)
+	}
+
+	addRlimits(s, &g)
+
+	// NAMESPACES
+	if err := specConfigureNamespaces(s, &g, rt, pod); err != nil {
+		return nil, err
+	}
+	configSpec := g.Config
+
+	if err := securityConfigureGenerator(s, &g, newImage, rtc); err != nil {
+		return nil, err
+	}
+
+	// BIND MOUNTS
+	configSpec.Mounts = SupersedeUserMounts(mounts, configSpec.Mounts)
+	// Process mounts to ensure correct options
+	if err := InitFSMounts(configSpec.Mounts); err != nil {
+		return nil, err
+	}
+
+	// Add annotations
+	if configSpec.Annotations == nil {
+		configSpec.Annotations = make(map[string]string)
+	}
+
+	if s.Remove {
+		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseFalse
+	}
+
+	if len(s.VolumesFrom) > 0 {
+		configSpec.Annotations[define.InspectAnnotationVolumesFrom] = strings.Join(s.VolumesFrom, ",")
+	}
+
+	if s.Privileged {
+		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseFalse
+	}
+
+	if s.Init {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseFalse
+	}
+
+	if s.OOMScoreAdj != nil {
+		g.SetProcessOOMScoreAdj(*s.OOMScoreAdj)
+	}
+
+	return configSpec, nil
+}
+
+func WeightDevices(wtDevices map[string]spec.LinuxWeightDevice) ([]spec.LinuxWeightDevice, error) {
+	devs := []spec.LinuxWeightDevice{}
+	return devs, nil
+}
diff --git a/pkg/specgen/generate/oci_linux.go b/pkg/specgen/generate/oci_linux.go
new file mode 100644
index 000000000..341853de5
--- /dev/null
+++ b/pkg/specgen/generate/oci_linux.go
@@ -0,0 +1,331 @@
+package generate
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"path"
+	"strings"
+
+	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/cgroups"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/rootless"
+	"github.com/containers/podman/v4/pkg/specgen"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-tools/generate"
+	"golang.org/x/sys/unix"
+)
+
+func setProcOpts(s *specgen.SpecGenerator, g *generate.Generator) {
+	if s.ProcOpts == nil {
+		return
+	}
+	for i := range g.Config.Mounts {
+		if g.Config.Mounts[i].Destination == "/proc" {
+			g.Config.Mounts[i].Options = s.ProcOpts
+			return
+		}
+	}
+}
+
+// canMountSys is a best-effort heuristic to detect whether mounting a new sysfs is permitted in the container
+func canMountSys(isRootless, isNewUserns bool, s *specgen.SpecGenerator) bool {
+	if s.NetNS.IsHost() && (isRootless || isNewUserns) {
+		return false
+	}
+	if isNewUserns {
+		switch s.NetNS.NSMode {
+		case specgen.Slirp, specgen.Private, specgen.NoNetwork, specgen.Bridge:
+			return true
+		default:
+			return false
+		}
+	}
+	return true
+}
+
+func getCgroupPermissons(unmask []string) string {
+	ro := "ro"
+	rw := "rw"
+	cgroup := "/sys/fs/cgroup"
+
+	cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
+	if !cgroupv2 {
+		return ro
+	}
+
+	if unmask != nil && unmask[0] == "ALL" {
+		return rw
+	}
+
+	for _, p := range unmask {
+		if path.Clean(p) == cgroup {
+			return rw
+		}
+	}
+	return ro
+}
+
+// SpecGenToOCI returns the base configuration for the container.
+func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
+	cgroupPerm := getCgroupPermissons(s.Unmask)
+
+	g, err := generate.New("linux")
+	if err != nil {
+		return nil, err
+	}
+	// Remove the default /dev/shm mount to ensure we overwrite it
+	g.RemoveMount("/dev/shm")
+	g.HostSpecific = true
+	addCgroup := true
+
+	isRootless := rootless.IsRootless()
+	isNewUserns := s.UserNS.IsContainer() || s.UserNS.IsPath() || s.UserNS.IsPrivate()
+
+	canMountSys := canMountSys(isRootless, isNewUserns, s)
+
+	if s.Privileged && canMountSys {
+		cgroupPerm = "rw"
+		g.RemoveMount("/sys")
+		sysMnt := spec.Mount{
+			Destination: "/sys",
+			Type:        "sysfs",
+			Source:      "sysfs",
+			Options:     []string{"rprivate", "nosuid", "noexec", "nodev", "rw"},
+		}
+		g.AddMount(sysMnt)
+	}
+	if !canMountSys {
+		addCgroup = false
+		g.RemoveMount("/sys")
+		r := "ro"
+		if s.Privileged {
+			r = "rw"
+		}
+		sysMnt := spec.Mount{
+			Destination: "/sys",
+			Type:        "bind", // should we use a constant for this, like createconfig?
+			Source:      "/sys",
+			Options:     []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"},
+		}
+		g.AddMount(sysMnt)
+		if !s.Privileged && isRootless {
+			g.AddLinuxMaskedPaths("/sys/kernel")
+		}
+	}
+	gid5Available := true
+	if isRootless {
+		nGids, err := rootless.GetAvailableGids()
+		if err != nil {
+			return nil, err
+		}
+		gid5Available = nGids >= 5
+	}
+	// When using a different user namespace, check that the GID 5 is mapped inside
+	// the container.
+	if gid5Available && (s.IDMappings != nil && len(s.IDMappings.GIDMap) > 0) {
+		mappingFound := false
+		for _, r := range s.IDMappings.GIDMap {
+			if r.ContainerID <= 5 && 5 < r.ContainerID+r.Size {
+				mappingFound = true
+				break
+			}
+		}
+		if !mappingFound {
+			gid5Available = false
+		}
+	}
+	if !gid5Available {
+		// If we have no GID mappings, the gid=5 default option would fail, so drop it.
+		g.RemoveMount("/dev/pts")
+		devPts := spec.Mount{
+			Destination: "/dev/pts",
+			Type:        "devpts",
+			Source:      "devpts",
+			Options:     []string{"rprivate", "nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"},
+		}
+		g.AddMount(devPts)
+	}
+
+	inUserNS := isRootless || isNewUserns
+
+	if inUserNS && s.IpcNS.IsHost() {
+		g.RemoveMount("/dev/mqueue")
+		devMqueue := spec.Mount{
+			Destination: "/dev/mqueue",
+			Type:        "bind", // constant ?
+			Source:      "/dev/mqueue",
+			Options:     []string{"bind", "nosuid", "noexec", "nodev"},
+		}
+		g.AddMount(devMqueue)
+	}
+	if inUserNS && s.PidNS.IsHost() {
+		g.RemoveMount("/proc")
+		procMount := spec.Mount{
+			Destination: "/proc",
+			Type:        define.TypeBind,
+			Source:      "/proc",
+			Options:     []string{"rbind", "nosuid", "noexec", "nodev"},
+		}
+		g.AddMount(procMount)
+	}
+
+	if addCgroup {
+		cgroupMnt := spec.Mount{
+			Destination: "/sys/fs/cgroup",
+			Type:        "cgroup",
+			Source:      "cgroup",
+			Options:     []string{"rprivate", "nosuid", "noexec", "nodev", "relatime", cgroupPerm},
+		}
+		g.AddMount(cgroupMnt)
+	}
+
+	g.Config.Linux.Personality = s.Personality
+
+	g.SetProcessCwd(s.WorkDir)
+
+	g.SetProcessArgs(finalCmd)
+
+	g.SetProcessTerminal(s.Terminal)
+
+	for key, val := range s.Annotations {
+		g.AddAnnotation(key, val)
+	}
+
+	if s.ResourceLimits != nil {
+		out, err := json.Marshal(s.ResourceLimits)
+		if err != nil {
+			return nil, err
+		}
+		err = json.Unmarshal(out, g.Config.Linux.Resources)
+		if err != nil {
+			return nil, err
+		}
+		g.Config.Linux.Resources = s.ResourceLimits
+	}
+
+	weightDevices, err := WeightDevices(s.WeightDevice)
+	if err != nil {
+		return nil, err
+	}
+	if len(weightDevices) > 0 {
+		for _, dev := range weightDevices {
+			g.AddLinuxResourcesBlockIOWeightDevice(dev.Major, dev.Minor, *dev.Weight)
+		}
+	}
+
+	// Devices
+	// set the default rule at the beginning of device configuration
+	if !inUserNS && !s.Privileged {
+		g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm")
+	}
+
+	var userDevices []spec.LinuxDevice
+
+	if !s.Privileged {
+		// add default devices from containers.conf
+		for _, device := range rtc.Containers.Devices {
+			if err = DevicesFromPath(&g, device); err != nil {
+				return nil, err
+			}
+		}
+		if len(compatibleOptions.HostDeviceList) > 0 && len(s.Devices) == 0 {
+			userDevices = compatibleOptions.HostDeviceList
+		} else {
+			userDevices = s.Devices
+		}
+		// add default devices specified by caller
+		for _, device := range userDevices {
+			if err = DevicesFromPath(&g, device.Path); err != nil {
+				return nil, err
+			}
+		}
+	}
+	s.HostDeviceList = userDevices
+
+	// set the devices cgroup when not running in a user namespace
+	if !inUserNS && !s.Privileged {
+		for _, dev := range s.DeviceCgroupRule {
+			g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
+		}
+	}
+
+	BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), s.Mask, s.Unmask, &g)
+
+	g.ClearProcessEnv()
+	for name, val := range s.Env {
+		g.AddProcessEnv(name, val)
+	}
+
+	addRlimits(s, &g)
+
+	// NAMESPACES
+	if err := specConfigureNamespaces(s, &g, rt, pod); err != nil {
+		return nil, err
+	}
+	configSpec := g.Config
+
+	if err := securityConfigureGenerator(s, &g, newImage, rtc); err != nil {
+		return nil, err
+	}
+
+	// BIND MOUNTS
+	configSpec.Mounts = SupersedeUserMounts(mounts, configSpec.Mounts)
+	// Process mounts to ensure correct options
+	if err := InitFSMounts(configSpec.Mounts); err != nil {
+		return nil, err
+	}
+
+	// Add annotations
+	if configSpec.Annotations == nil {
+		configSpec.Annotations = make(map[string]string)
+	}
+
+	if s.Remove {
+		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseFalse
+	}
+
+	if len(s.VolumesFrom) > 0 {
+		configSpec.Annotations[define.InspectAnnotationVolumesFrom] = strings.Join(s.VolumesFrom, ",")
+	}
+
+	if s.Privileged {
+		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseFalse
+	}
+
+	if s.Init {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseFalse
+	}
+
+	if s.OOMScoreAdj != nil {
+		g.SetProcessOOMScoreAdj(*s.OOMScoreAdj)
+	}
+	setProcOpts(s, &g)
+
+	return configSpec, nil
+}
+
+func WeightDevices(wtDevices map[string]spec.LinuxWeightDevice) ([]spec.LinuxWeightDevice, error) {
+	devs := []spec.LinuxWeightDevice{}
+	for k, v := range wtDevices {
+		statT := unix.Stat_t{}
+		if err := unix.Stat(k, &statT); err != nil {
+			return nil, fmt.Errorf("failed to inspect '%s' in --blkio-weight-device: %w", k, err)
+		}
+		dev := new(spec.LinuxWeightDevice)
+		dev.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+		dev.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
+		dev.Weight = v.Weight
+		devs = append(devs, *dev)
+	}
+	return devs, nil
+}
diff --git a/pkg/specgen/generate/oci_unsupported.go b/pkg/specgen/generate/oci_unsupported.go
new file mode 100644
index 000000000..7e1b8c42c
--- /dev/null
+++ b/pkg/specgen/generate/oci_unsupported.go
@@ -0,0 +1,24 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package generate
+
+import (
+	"context"
+	"errors"
+
+	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/pkg/specgen"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// SpecGenToOCI returns the base configuration for the container.
+func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
+	return nil, errors.New("unsupported SpecGenToOCI")
+}
+
+func WeightDevices(wtDevices map[string]spec.LinuxWeightDevice) ([]spec.LinuxWeightDevice, error) {
+	return []spec.LinuxWeightDevice{}, errors.New("unsupported WeightDevices")
+}
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 4e6362c9b..14d390e49 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -2,6 +2,7 @@ package generate
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"net"
 	"os"
@@ -44,7 +45,7 @@ func MakePod(p *entities.PodSpec, rt *libpod.Runtime) (*libpod.Pod, error) {
 	}
 
 	if !p.PodSpecGen.NoInfra {
-		err := FinishThrottleDevices(p.PodSpecGen.InfraContainerSpec)
+		err := specgen.FinishThrottleDevices(p.PodSpecGen.InfraContainerSpec)
 		if err != nil {
 			return nil, err
 		}
@@ -52,17 +53,11 @@ func MakePod(p *entities.PodSpec, rt *libpod.Runtime) (*libpod.Pod, error) {
 			p.PodSpecGen.ResourceLimits.BlockIO = p.PodSpecGen.InfraContainerSpec.ResourceLimits.BlockIO
 		}
 
-		weightDevices, err := WeightDevices(p.PodSpecGen.InfraContainerSpec.WeightDevice)
+		err = specgen.WeightDevices(p.PodSpecGen.InfraContainerSpec)
 		if err != nil {
 			return nil, err
 		}
-
-		if p.PodSpecGen.ResourceLimits != nil && len(weightDevices) > 0 {
-			if p.PodSpecGen.ResourceLimits.BlockIO == nil {
-				p.PodSpecGen.ResourceLimits.BlockIO = &specs.LinuxBlockIO{}
-			}
-			p.PodSpecGen.ResourceLimits.BlockIO.WeightDevice = weightDevices
-		}
+		p.PodSpecGen.ResourceLimits = p.PodSpecGen.InfraContainerSpec.ResourceLimits
 	}
 
 	options, err := createPodOptions(&p.PodSpecGen)
@@ -327,6 +322,19 @@ func PodConfigToSpec(rt *libpod.Runtime, spec *specgen.PodSpecGenerator, infraOp
 		}
 
 		spec.InfraContainerSpec = infraSpec
+		matching, err := json.Marshal(infraSpec)
+		if err != nil {
+			return nil, err
+		}
+
+		// track name before unmarshal so we do not overwrite w/ infra
+		name := spec.Name
+		err = json.Unmarshal(matching, spec)
+		if err != nil {
+			return nil, err
+		}
+
+		spec.Name = name
 	}
 
 	// need to reset hostname, name etc of both pod and infra
diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go
index 572f256c1..8ad249409 100644
--- a/pkg/specgen/generate/ports.go
+++ b/pkg/specgen/generate/ports.go
@@ -354,7 +354,7 @@ func createPortMappings(s *specgen.SpecGenerator, imageData *libimage.ImageData)
 			}
 			protocols, err := checkProtocol(proto, false)
 			if err != nil {
-				return nil, nil, fmt.Errorf("error validating protocols for exposed port %d: %w", port, err)
+				return nil, nil, fmt.Errorf("validating protocols for exposed port %d: %w", port, err)
 			}
 			toExpose[port] = appendProtocolsNoDuplicates(toExpose[port], protocols)
 		}
diff --git a/pkg/specgen/generate/rlimit_int64.go b/pkg/specgen/generate/rlimit_int64.go
new file mode 100644
index 000000000..b4cce3453
--- /dev/null
+++ b/pkg/specgen/generate/rlimit_int64.go
@@ -0,0 +1,6 @@
+//go:build freebsd
+// +build freebsd
+
+package generate
+
+type rlimT int64
diff --git a/pkg/specgen/generate/rlimit_uint64.go b/pkg/specgen/generate/rlimit_uint64.go
new file mode 100644
index 000000000..d85f8dd2c
--- /dev/null
+++ b/pkg/specgen/generate/rlimit_uint64.go
@@ -0,0 +1,6 @@
+//go:build linux || darwin
+// +build linux darwin
+
+package generate
+
+type rlimT uint64
diff --git a/pkg/specgen/generate/security_freebsd.go b/pkg/specgen/generate/security_freebsd.go
new file mode 100644
index 000000000..5fd66c769
--- /dev/null
+++ b/pkg/specgen/generate/security_freebsd.go
@@ -0,0 +1,19 @@
+package generate
+
+import (
+	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/opencontainers/runtime-tools/generate"
+)
+
+// setLabelOpts sets the label options of the SecurityConfig according to the
+// input.
+func setLabelOpts(s *specgen.SpecGenerator, runtime *libpod.Runtime, pidConfig specgen.Namespace, ipcConfig specgen.Namespace) error {
+	return nil
+}
+
+func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error {
+	return nil
+}
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security_linux.go
index aacefcbac..aacefcbac 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security_linux.go
diff --git a/pkg/specgen/generate/security_unsupported.go b/pkg/specgen/generate/security_unsupported.go
new file mode 100644
index 000000000..d0f937e44
--- /dev/null
+++ b/pkg/specgen/generate/security_unsupported.go
@@ -0,0 +1,24 @@
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
+
+package generate
+
+import (
+	"errors"
+
+	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/opencontainers/runtime-tools/generate"
+)
+
+// setLabelOpts sets the label options of the SecurityConfig according to the
+// input.
+func setLabelOpts(s *specgen.SpecGenerator, runtime *libpod.Runtime, pidConfig specgen.Namespace, ipcConfig specgen.Namespace) error {
+	return errors.New("unsupported setLabelOpts")
+}
+
+func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error {
+	return errors.New("unsupported securityConfigureGenerator")
+}
diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go
index 867bb4b79..c3cd61b36 100644
--- a/pkg/specgen/generate/storage.go
+++ b/pkg/specgen/generate/storage.go
@@ -175,7 +175,7 @@ func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Ru
 		if mount.Type == define.TypeBind {
 			absSrc, err := filepath.Abs(mount.Source)
 			if err != nil {
-				return nil, nil, nil, fmt.Errorf("error getting absolute path of %s: %w", mount.Source, err)
+				return nil, nil, nil, fmt.Errorf("getting absolute path of %s: %w", mount.Source, err)
 			}
 			mount.Source = absSrc
 		}
@@ -208,7 +208,7 @@ func getImageVolumes(ctx context.Context, img *libimage.Image, s *specgen.SpecGe
 
 	inspect, err := img.Inspect(ctx, nil)
 	if err != nil {
-		return nil, nil, fmt.Errorf("error inspecting image to get image volumes: %w", err)
+		return nil, nil, fmt.Errorf("inspecting image to get image volumes: %w", err)
 	}
 	for volume := range inspect.Config.Volumes {
 		logrus.Debugf("Image has volume at %q", volume)
@@ -269,7 +269,7 @@ func getVolumesFrom(volumesFrom []string, runtime *libpod.Runtime) (map[string]s
 
 		ctr, err := runtime.LookupContainer(splitVol[0])
 		if err != nil {
-			return nil, nil, fmt.Errorf("error looking up container %q for volumes-from: %w", splitVol[0], err)
+			return nil, nil, fmt.Errorf("looking up container %q for volumes-from: %w", splitVol[0], err)
 		}
 
 		logrus.Debugf("Adding volumes from container %s", ctr.ID())
diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go
index 9c933d747..e9ebdfce3 100644
--- a/pkg/specgen/generate/validate.go
+++ b/pkg/specgen/generate/validate.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/common/pkg/sysinfo"
+	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/specgen"
 	"github.com/containers/podman/v4/utils"
 )
@@ -19,6 +20,11 @@ func verifyContainerResourcesCgroupV1(s *specgen.SpecGenerator) ([]string, error
 
 	sysInfo := sysinfo.New(true)
 
+	if s.ResourceLimits != nil && rootless.IsRootless() {
+		s.ResourceLimits = nil
+		warnings = append(warnings, "Resource limits are not supported and ignored on cgroups V1 rootless systems")
+	}
+
 	if s.ResourceLimits == nil {
 		return warnings, nil
 	}
@@ -76,7 +82,7 @@ func verifyContainerResourcesCgroupV1(s *specgen.SpecGenerator) ([]string, error
 		}
 	}
 
-	// CPU Checks
+	// CPU checks
 	if s.ResourceLimits.CPU != nil {
 		cpu := s.ResourceLimits.CPU
 		if cpu.Shares != nil && !sysInfo.CPUShares {
@@ -163,6 +169,7 @@ func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error
 		return warnings, nil
 	}
 
+	// Memory checks
 	if s.ResourceLimits.Memory != nil && s.ResourceLimits.Memory.Swap != nil {
 		own, err := utils.GetOwnCgroup()
 		if err != nil {
@@ -192,6 +199,19 @@ func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error
 			s.ResourceLimits.Memory.Swap = nil
 		}
 	}
+
+	// CPU checks
+	if s.ResourceLimits.CPU != nil {
+		cpu := s.ResourceLimits.CPU
+		if cpu.RealtimePeriod != nil {
+			warnings = append(warnings, "Realtime period not supported on cgroups V2 systems")
+			cpu.RealtimePeriod = nil
+		}
+		if cpu.RealtimeRuntime != nil {
+			warnings = append(warnings, "Realtime runtime not supported on cgroups V2 systems")
+			cpu.RealtimeRuntime = nil
+		}
+	}
 	return warnings, nil
 }
 
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index 03a2049f6..b6bbee868 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -11,6 +11,7 @@ import (
 	"github.com/containers/common/pkg/cgroups"
 	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/namespaces"
 	"github.com/containers/podman/v4/pkg/util"
 	"github.com/containers/storage"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -308,6 +309,14 @@ func ParseUserNamespace(ns string) (Namespace, error) {
 	case ns == "keep-id":
 		toReturn.NSMode = KeepID
 		return toReturn, nil
+	case strings.HasPrefix(ns, "keep-id:"):
+		split := strings.SplitN(ns, ":", 2)
+		if len(split) != 2 {
+			return toReturn, errors.New("invalid setting for keep-id: mode")
+		}
+		toReturn.NSMode = KeepID
+		toReturn.Value = split[1]
+		return toReturn, nil
 	case ns == "nomap":
 		toReturn.NSMode = NoMap
 		return toReturn, nil
@@ -490,13 +499,18 @@ func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *gene
 			return user, err
 		}
 	case KeepID:
-		mappings, uid, gid, err := util.GetKeepIDMapping()
+		opts, err := namespaces.UsernsMode(userns.String()).GetKeepIDOptions()
+		if err != nil {
+			return user, err
+		}
+		mappings, uid, gid, err := util.GetKeepIDMapping(opts)
 		if err != nil {
 			return user, err
 		}
 		idmappings = mappings
 		g.SetProcessUID(uint32(uid))
 		g.SetProcessGID(uint32(gid))
+		g.AddProcessAdditionalGid(uint32(gid))
 		user = fmt.Sprintf("%d:%d", uid, gid)
 		if err := privateUserNamespace(idmappings, g); err != nil {
 			return user, err
@@ -509,6 +523,7 @@ func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *gene
 		idmappings = mappings
 		g.SetProcessUID(uint32(uid))
 		g.SetProcessGID(uint32(gid))
+		g.AddProcessAdditionalGid(uint32(gid))
 		user = fmt.Sprintf("%d:%d", uid, gid)
 		if err := privateUserNamespace(idmappings, g); err != nil {
 			return user, err
diff --git a/pkg/specgen/resources_freebsd.go b/pkg/specgen/resources_freebsd.go
new file mode 100644
index 000000000..49e5976bb
--- /dev/null
+++ b/pkg/specgen/resources_freebsd.go
@@ -0,0 +1,8 @@
+package specgen
+
+import (
+	"github.com/containers/common/pkg/config"
+)
+
+func (s *SpecGenerator) InitResourceLimits(rtc *config.Config) {
+}
diff --git a/pkg/specgen/resources_linux.go b/pkg/specgen/resources_linux.go
new file mode 100644
index 000000000..ffa9e5786
--- /dev/null
+++ b/pkg/specgen/resources_linux.go
@@ -0,0 +1,22 @@
+package specgen
+
+import (
+	"github.com/containers/common/pkg/config"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (s *SpecGenerator) InitResourceLimits(rtc *config.Config) {
+	if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil {
+		if s.CgroupsMode != "disabled" {
+			limit := rtc.PidsLimit()
+			if limit != 0 {
+				if s.ResourceLimits == nil {
+					s.ResourceLimits = &spec.LinuxResources{}
+				}
+				s.ResourceLimits.Pids = &spec.LinuxPids{
+					Limit: limit,
+				}
+			}
+		}
+	}
+}
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index c31c3f035..34418c132 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -9,11 +9,13 @@ import (
 	"github.com/containers/common/libimage"
 	nettypes "github.com/containers/common/libnetwork/types"
 	"github.com/containers/image/v5/manifest"
+	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/storage/types"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-//  LogConfig describes the logging characteristics for a container
+// LogConfig describes the logging characteristics for a container
+// swagger:model LogConfigLibpod
 type LogConfig struct {
 	// LogDriver is the container's log driver.
 	// Optional.
@@ -203,6 +205,9 @@ type ContainerBasicConfig struct {
 	// The execution domain system allows Linux to provide limited support
 	// for binaries compiled under other UNIX-like operating systems.
 	Personality *spec.LinuxPersonality `json:"personality,omitempty"`
+	// EnvMerge takes the specified environment variables from image and preprocess them before injecting them into the
+	// container.
+	EnvMerge []string `json:"envmerge,omitempty"`
 	// UnsetEnv unsets the specified default environment variables from the image or from buildin or containers.conf
 	// Optional.
 	UnsetEnv []string `json:"unsetenv,omitempty"`
@@ -529,7 +534,8 @@ type ContainerResourceConfig struct {
 // ContainerHealthCheckConfig describes a container healthcheck with attributes
 // like command, retries, interval, start period, and timeout.
 type ContainerHealthCheckConfig struct {
-	HealthConfig *manifest.Schema2HealthConfig `json:"healthconfig,omitempty"`
+	HealthConfig               *manifest.Schema2HealthConfig     `json:"healthconfig,omitempty"`
+	HealthCheckOnFailureAction define.HealthCheckOnFailureAction `json:"health_check_on_failure_action,omitempty"`
 }
 
 // SpecGenerator creates an OCI spec and Libpod configuration options to create
diff --git a/pkg/specgen/utils.go b/pkg/specgen/utils.go
new file mode 100644
index 000000000..dc9127bb3
--- /dev/null
+++ b/pkg/specgen/utils.go
@@ -0,0 +1,14 @@
+//go:build !linux
+// +build !linux
+
+package specgen
+
+// FinishThrottleDevices cannot be called on non-linux OS' due to importing unix functions
+func FinishThrottleDevices(s *SpecGenerator) error {
+	return nil
+}
+
+// WeightDevices cannot be called on non-linux OS' due to importing unix functions
+func WeightDevices(s *SpecGenerator) error {
+	return nil
+}
diff --git a/pkg/specgen/utils_linux.go b/pkg/specgen/utils_linux.go
new file mode 100644
index 000000000..d8e4cbae3
--- /dev/null
+++ b/pkg/specgen/utils_linux.go
@@ -0,0 +1,103 @@
+//go:build linux
+// +build linux
+
+package specgen
+
+import (
+	"fmt"
+
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"golang.org/x/sys/unix"
+)
+
+// FinishThrottleDevices takes the temporary representation of the throttle
+// devices in the specgen and looks up the major and major minors. it then
+// sets the throttle devices proper in the specgen
+func FinishThrottleDevices(s *SpecGenerator) error {
+	if s.ResourceLimits == nil {
+		s.ResourceLimits = &spec.LinuxResources{}
+	}
+	if bps := s.ThrottleReadBpsDevice; len(bps) > 0 {
+		if s.ResourceLimits.BlockIO == nil {
+			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
+		}
+		for k, v := range bps {
+			statT := unix.Stat_t{}
+			if err := unix.Stat(k, &statT); err != nil {
+				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
+			}
+			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
+			if s.ResourceLimits.BlockIO == nil {
+				s.ResourceLimits.BlockIO = new(spec.LinuxBlockIO)
+			}
+			s.ResourceLimits.BlockIO.ThrottleReadBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleReadBpsDevice, v)
+		}
+	}
+	if bps := s.ThrottleWriteBpsDevice; len(bps) > 0 {
+		if s.ResourceLimits.BlockIO == nil {
+			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
+		}
+		for k, v := range bps {
+			statT := unix.Stat_t{}
+			if err := unix.Stat(k, &statT); err != nil {
+				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
+			}
+			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
+			s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice, v)
+		}
+	}
+	if iops := s.ThrottleReadIOPSDevice; len(iops) > 0 {
+		if s.ResourceLimits.BlockIO == nil {
+			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
+		}
+		for k, v := range iops {
+			statT := unix.Stat_t{}
+			if err := unix.Stat(k, &statT); err != nil {
+				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
+			}
+			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
+			s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice, v)
+		}
+	}
+	if iops := s.ThrottleWriteIOPSDevice; len(iops) > 0 {
+		if s.ResourceLimits.BlockIO == nil {
+			s.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
+		}
+		for k, v := range iops {
+			statT := unix.Stat_t{}
+			if err := unix.Stat(k, &statT); err != nil {
+				return fmt.Errorf("could not parse throttle device at %s: %w", k, err)
+			}
+			v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
+			s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice, v)
+		}
+	}
+	return nil
+}
+
+func WeightDevices(specgen *SpecGenerator) error {
+	devs := []spec.LinuxWeightDevice{}
+	if specgen.ResourceLimits == nil {
+		specgen.ResourceLimits = &spec.LinuxResources{}
+	}
+	for k, v := range specgen.WeightDevice {
+		statT := unix.Stat_t{}
+		if err := unix.Stat(k, &statT); err != nil {
+			return fmt.Errorf("failed to inspect '%s' in --blkio-weight-device: %w", k, err)
+		}
+		dev := new(spec.LinuxWeightDevice)
+		dev.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+		dev.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
+		dev.Weight = v.Weight
+		devs = append(devs, *dev)
+		if specgen.ResourceLimits.BlockIO == nil {
+			specgen.ResourceLimits.BlockIO = &spec.LinuxBlockIO{}
+		}
+		specgen.ResourceLimits.BlockIO.WeightDevice = devs
+	}
+	return nil
+}
diff --git a/pkg/specgen/volumes.go b/pkg/specgen/volumes.go
index 84de4fdd1..e71d14331 100644
--- a/pkg/specgen/volumes.go
+++ b/pkg/specgen/volumes.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/parse"
+	"github.com/containers/podman/v4/libpod/define"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
@@ -23,6 +24,9 @@ type NamedVolume struct {
 	Dest string
 	// Options are options that the named volume will be mounted with.
 	Options []string
+	// IsAnonymous sets the named volume as anonymous even if it has a name
+	// This is used for emptyDir volumes from a kube yaml
+	IsAnonymous bool
 }
 
 // OverlayVolume holds information about a overlay volume that will be mounted into
@@ -156,7 +160,7 @@ func GenVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*Na
 			} else {
 				newMount := spec.Mount{
 					Destination: dest,
-					Type:        "bind",
+					Type:        define.TypeBind,
 					Source:      src,
 					Options:     options,
 				}
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 7392e7b44..2695d8873 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -20,7 +20,6 @@ import (
 	"github.com/containers/podman/v4/pkg/specgen"
 	systemdDefine "github.com/containers/podman/v4/pkg/systemd/define"
 	"github.com/containers/podman/v4/pkg/util"
-	"github.com/docker/docker/opts"
 	"github.com/docker/go-units"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
@@ -266,6 +265,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 			Test: []string{"NONE"},
 		}
 	}
+
+	onFailureAction, err := define.ParseHealthCheckOnFailureAction(c.HealthOnFailure)
+	if err != nil {
+		return err
+	}
+	s.HealthCheckOnFailureAction = onFailureAction
+
 	if err := setNamespaces(s, c); err != nil {
 		return err
 	}
@@ -362,10 +368,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 
 	// First transform the os env into a map. We need it for the labels later in
 	// any case.
-	osEnv, err := envLib.ParseSlice(os.Environ())
-	if err != nil {
-		return fmt.Errorf("error parsing host environment variables: %w", err)
-	}
+	osEnv := envLib.Map(os.Environ())
 
 	if !s.EnvHost {
 		s.EnvHost = c.EnvHost
@@ -464,11 +467,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 
 	// SHM Size
 	if c.ShmSize != "" {
-		var m opts.MemBytes
-		if err := m.Set(c.ShmSize); err != nil {
+		val, err := units.RAMInBytes(c.ShmSize)
+
+		if err != nil {
 			return fmt.Errorf("unable to translate --shm-size: %w", err)
 		}
-		val := m.Value()
+
 		s.ShmSize = &val
 	}
 
@@ -510,44 +514,9 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 		s.ResourceLimits = &specs.LinuxResources{}
 	}
 
-	if s.ResourceLimits.Memory == nil || (len(c.Memory) != 0 || len(c.MemoryReservation) != 0 || len(c.MemorySwap) != 0 || c.MemorySwappiness != 0) {
-		s.ResourceLimits.Memory, err = getMemoryLimits(c)
-		if err != nil {
-			return err
-		}
-	}
-	if s.ResourceLimits.BlockIO == nil || (len(c.BlkIOWeight) != 0 || len(c.BlkIOWeightDevice) != 0 || len(c.DeviceReadBPs) != 0 || len(c.DeviceWriteBPs) != 0) {
-		s.ResourceLimits.BlockIO, err = getIOLimits(s, c)
-		if err != nil {
-			return err
-		}
-	}
-	if c.PIDsLimit != nil {
-		pids := specs.LinuxPids{
-			Limit: *c.PIDsLimit,
-		}
-
-		s.ResourceLimits.Pids = &pids
-	}
-
-	if s.ResourceLimits.CPU == nil || (c.CPUPeriod != 0 || c.CPUQuota != 0 || c.CPURTPeriod != 0 || c.CPURTRuntime != 0 || c.CPUS != 0 || len(c.CPUSetCPUs) != 0 || len(c.CPUSetMems) != 0 || c.CPUShares != 0) {
-		s.ResourceLimits.CPU = getCPULimits(c)
-	}
-
-	unifieds := make(map[string]string)
-	for _, unified := range c.CgroupConf {
-		splitUnified := strings.SplitN(unified, "=", 2)
-		if len(splitUnified) < 2 {
-			return errors.New("--cgroup-conf must be formatted KEY=VALUE")
-		}
-		unifieds[splitUnified[0]] = splitUnified[1]
-	}
-	if len(unifieds) > 0 {
-		s.ResourceLimits.Unified = unifieds
-	}
-
-	if s.ResourceLimits.CPU == nil && s.ResourceLimits.Pids == nil && s.ResourceLimits.BlockIO == nil && s.ResourceLimits.Memory == nil && s.ResourceLimits.Unified == nil {
-		s.ResourceLimits = nil
+	s.ResourceLimits, err = GetResources(s, c)
+	if err != nil {
+		return err
 	}
 
 	if s.LogConfiguration == nil {
@@ -793,7 +762,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 			}
 			retries, err := strconv.Atoi(splitRestart[1])
 			if err != nil {
-				return fmt.Errorf("error parsing restart policy retry count: %w", err)
+				return fmt.Errorf("parsing restart policy retry count: %w", err)
 			}
 			if retries < 0 {
 				return errors.New("must specify restart policy retry count as a number greater than 0")
@@ -839,6 +808,9 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	if !s.Volatile {
 		s.Volatile = c.Rm
 	}
+	if len(s.EnvMerge) == 0 || len(c.EnvMerge) != 0 {
+		s.EnvMerge = c.EnvMerge
+	}
 	if len(s.UnsetEnv) == 0 || len(c.UnsetEnv) != 0 {
 		s.UnsetEnv = c.UnsetEnv
 	}
@@ -1171,3 +1143,47 @@ func parseLinuxResourcesDeviceAccess(device string) (specs.LinuxDeviceCgroup, er
 		Access: access,
 	}, nil
 }
+
+func GetResources(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions) (*specs.LinuxResources, error) {
+	var err error
+	if s.ResourceLimits.Memory == nil || (len(c.Memory) != 0 || len(c.MemoryReservation) != 0 || len(c.MemorySwap) != 0 || c.MemorySwappiness != 0) {
+		s.ResourceLimits.Memory, err = getMemoryLimits(c)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if s.ResourceLimits.BlockIO == nil || (len(c.BlkIOWeight) != 0 || len(c.BlkIOWeightDevice) != 0 || len(c.DeviceReadBPs) != 0 || len(c.DeviceWriteBPs) != 0) {
+		s.ResourceLimits.BlockIO, err = getIOLimits(s, c)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if c.PIDsLimit != nil {
+		pids := specs.LinuxPids{
+			Limit: *c.PIDsLimit,
+		}
+
+		s.ResourceLimits.Pids = &pids
+	}
+
+	if s.ResourceLimits.CPU == nil || (c.CPUPeriod != 0 || c.CPUQuota != 0 || c.CPURTPeriod != 0 || c.CPURTRuntime != 0 || c.CPUS != 0 || len(c.CPUSetCPUs) != 0 || len(c.CPUSetMems) != 0 || c.CPUShares != 0) {
+		s.ResourceLimits.CPU = getCPULimits(c)
+	}
+
+	unifieds := make(map[string]string)
+	for _, unified := range c.CgroupConf {
+		splitUnified := strings.SplitN(unified, "=", 2)
+		if len(splitUnified) < 2 {
+			return nil, errors.New("--cgroup-conf must be formatted KEY=VALUE")
+		}
+		unifieds[splitUnified[0]] = splitUnified[1]
+	}
+	if len(unifieds) > 0 {
+		s.ResourceLimits.Unified = unifieds
+	}
+
+	if s.ResourceLimits.CPU == nil && s.ResourceLimits.Pids == nil && s.ResourceLimits.BlockIO == nil && s.ResourceLimits.Memory == nil && s.ResourceLimits.Unified == nil {
+		s.ResourceLimits = nil
+	}
+	return s.ResourceLimits, nil
+}
diff --git a/pkg/specgenutil/util.go b/pkg/specgenutil/util.go
index 66d148672..b14e2a032 100644
--- a/pkg/specgenutil/util.go
+++ b/pkg/specgenutil/util.go
@@ -20,7 +20,7 @@ import (
 func ReadPodIDFile(path string) (string, error) {
 	content, err := ioutil.ReadFile(path)
 	if err != nil {
-		return "", fmt.Errorf("error reading pod ID file: %w", err)
+		return "", fmt.Errorf("reading pod ID file: %w", err)
 	}
 	return strings.Split(string(content), "\n")[0], nil
 }
@@ -165,7 +165,7 @@ func parseSplitPort(hostIP, hostPort *string, ctrPort string, protocol *string)
 	}
 	ctrStart, ctrLen, err := parseAndValidateRange(ctrPort)
 	if err != nil {
-		return newPort, fmt.Errorf("error parsing container port: %w", err)
+		return newPort, fmt.Errorf("parsing container port: %w", err)
 	}
 	newPort.ContainerPort = ctrStart
 	newPort.Range = ctrLen
@@ -197,7 +197,7 @@ func parseSplitPort(hostIP, hostPort *string, ctrPort string, protocol *string)
 		} else {
 			hostStart, hostLen, err := parseAndValidateRange(*hostPort)
 			if err != nil {
-				return newPort, fmt.Errorf("error parsing host port: %w", err)
+				return newPort, fmt.Errorf("parsing host port: %w", err)
 			}
 			if hostLen != ctrLen {
 				return newPort, fmt.Errorf("host and container port ranges have different lengths: %d vs %d", hostLen, ctrLen)
diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go
index e9fffdca9..e6c5d8b97 100644
--- a/pkg/specgenutil/volumes.go
+++ b/pkg/specgenutil/volumes.go
@@ -125,7 +125,7 @@ func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bo
 		if mount.Type == define.TypeBind {
 			absSrc, err := specgen.ConvertWinMountPath(mount.Source)
 			if err != nil {
-				return nil, nil, nil, nil, fmt.Errorf("error getting absolute path of %s: %w", mount.Source, err)
+				return nil, nil, nil, nil, fmt.Errorf("getting absolute path of %s: %w", mount.Source, err)
 			}
 			mount.Source = absSrc
 		}
diff --git a/pkg/systemd/generate/common.go b/pkg/systemd/generate/common.go
index 60b0c4b52..b0a441d54 100644
--- a/pkg/systemd/generate/common.go
+++ b/pkg/systemd/generate/common.go
@@ -42,7 +42,7 @@ RequiresMountsFor={{{{.RunRoot}}}}
 // filterPodFlags removes --pod, --pod-id-file and --infra-conmon-pidfile from the specified command.
 // argCount is the number of last arguments which should not be filtered, e.g. the container entrypoint.
 func filterPodFlags(command []string, argCount int) []string {
-	processed := []string{}
+	processed := make([]string, 0, len(command))
 	for i := 0; i < len(command)-argCount; i++ {
 		s := command[i]
 		if s == "--pod" || s == "--pod-id-file" || s == "--infra-conmon-pidfile" {
@@ -63,7 +63,7 @@ func filterPodFlags(command []string, argCount int) []string {
 // filterCommonContainerFlags removes --sdnotify, --rm and --cgroups from the specified command.
 // argCount is the number of last arguments which should not be filtered, e.g. the container entrypoint.
 func filterCommonContainerFlags(command []string, argCount int) []string {
-	processed := []string{}
+	processed := make([]string, 0, len(command))
 	for i := 0; i < len(command)-argCount; i++ {
 		s := command[i]
 
@@ -71,7 +71,7 @@ func filterCommonContainerFlags(command []string, argCount int) []string {
 		case s == "--rm":
 			// Boolean flags support --flag and --flag={true,false}.
 			continue
-		case s == "--sdnotify", s == "--cgroups", s == "--cidfile", s == "--restart":
+		case s == "--cgroups", s == "--cidfile", s == "--restart":
 			i++
 			continue
 		case strings.HasPrefix(s, "--rm="),
@@ -111,6 +111,24 @@ func escapeSystemdArg(arg string) string {
 	return arg
 }
 
+func removeSdNotifyArg(args []string, argCount int) []string {
+	processed := make([]string, 0, len(args))
+	for i := 0; i < len(args)-argCount; i++ {
+		s := args[i]
+
+		switch {
+		case s == "--sdnotify":
+			i++
+			continue
+		case strings.HasPrefix(s, "--sdnotify="):
+			continue
+		}
+		processed = append(processed, s)
+	}
+	processed = append(processed, args[len(args)-argCount:]...)
+	return processed
+}
+
 func removeDetachArg(args []string, argCount int) []string {
 	// "--detach=false" could also be in the container entrypoint
 	// split them off so we do not remove it there
diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go
index 6596ef73b..8510cfd42 100644
--- a/pkg/systemd/generate/containers.go
+++ b/pkg/systemd/generate/containers.go
@@ -22,85 +22,40 @@ import (
 // containerInfo contains data required for generating a container's systemd
 // unit file.
 type containerInfo struct {
-	// ServiceName of the systemd service.
-	ServiceName string
-	// Name or ID of the container.
-	ContainerNameOrID string
-	// Type of the unit.
-	Type string
-	// NotifyAccess of the unit.
-	NotifyAccess string
-	// StopTimeout sets the timeout Podman waits before killing the container
-	// during service stop.
-	StopTimeout uint
-	// RestartPolicy of the systemd unit (e.g., no, on-failure, always).
-	RestartPolicy string
-	// Custom number of restart attempts.
-	StartLimitBurst string
-	// PIDFile of the service. Required for forking services. Must point to the
-	// PID of the associated conmon process.
-	PIDFile string
-	// ContainerIDFile to be used in the unit.
-	ContainerIDFile string
-	// GenerateTimestamp, if set the generated unit file has a time stamp.
-	GenerateTimestamp bool
-	// BoundToServices are the services this service binds to.  Note that this
-	// service runs after them.
-	BoundToServices []string
-	// PodmanVersion for the header. Will be set internally. Will be auto-filled
-	// if left empty.
-	PodmanVersion string
-	// Executable is the path to the podman executable. Will be auto-filled if
-	// left empty.
-	Executable string
-	// RootFlags contains the root flags which were used to create the container
-	// Only used with --new
-	RootFlags string
-	// TimeStamp at the time of creating the unit file. Will be set internally.
-	TimeStamp string
-	// CreateCommand is the full command plus arguments of the process the
-	// container has been created with.
-	CreateCommand []string
-	// containerEnv stores the container environment variables
-	containerEnv []string
-	// ExtraEnvs contains the container environment variables referenced
-	// by only the key in the container create command, e.g. --env FOO.
-	// This is only used with --new
-	ExtraEnvs []string
-	// EnvVariable is generate.EnvVariable and must not be set.
-	EnvVariable string
-	// ExecStartPre of the unit.
-	ExecStartPre string
-	// ExecStart of the unit.
-	ExecStart string
-	// TimeoutStartSec of the unit.
-	TimeoutStartSec uint
-	// TimeoutStopSec of the unit.
-	TimeoutStopSec uint
-	// ExecStop of the unit.
-	ExecStop string
-	// ExecStopPost of the unit.
-	ExecStopPost string
-	// Removes autogenerated by Podman and timestamp if set to true
-	GenerateNoHeader bool
-	// If not nil, the container is part of the pod.  We can use the
-	// podInfo to extract the relevant data.
-	Pod *podInfo
-	// Location of the GraphRoot for the container.  Required for ensuring the
-	// volume has finished mounting when coming online at boot.
-	GraphRoot string
-	// Location of the RunRoot for the container.  Required for ensuring the tmpfs
-	// or volume exists and is mounted when coming online at boot.
-	RunRoot string
-	// Add %i and %I to description and execute parts
-	IdentifySpecifier bool
-	// Wants are the list of services that this service is (weak) dependent on. This
-	// option does not influence the order in which services are started or stopped.
-	Wants []string
-	// After ordering dependencies between the list of services and this service.
-	After []string
-	// Similar to Wants, but declares a stronger requirement dependency.
-	Requires []string
+	ServiceName            string
+	ContainerNameOrID      string
+	Type                   string
+	NotifyAccess           string
+	StopTimeout            uint
+	RestartPolicy          string
+	StartLimitBurst        string
+	PIDFile                string
+	ContainerIDFile        string
+	GenerateTimestamp      bool
+	BoundToServices        []string
+	PodmanVersion          string
+	Executable             string
+	RootFlags              string
+	TimeStamp              string
+	CreateCommand          []string
+	containerEnv           []string
+	ExtraEnvs              []string
+	EnvVariable            string
+	AdditionalEnvVariables []string
+	ExecStartPre           string
+	ExecStart              string
+	TimeoutStartSec        uint
+	TimeoutStopSec         uint
+	ExecStop               string
+	ExecStopPost           string
+	GenerateNoHeader       bool
+	Pod                    *podInfo
+	GraphRoot              string
+	RunRoot                string
+	IdentifySpecifier      bool
+	Wants                  []string
+	After                  []string
+	Requires               []string
 }
 
 const containerTemplate = headerTemplate + `
@@ -127,6 +82,10 @@ Environment={{{{.EnvVariable}}}}=%n{{{{- if (eq .IdentifySpecifier true) }}}}-%i
 {{{{- if .ExtraEnvs}}}}
 Environment={{{{- range $index, $value := .ExtraEnvs -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}{{{{end}}}}
 {{{{- end}}}}
+{{{{- if .AdditionalEnvVariables}}}}
+{{{{- range $index, $value := .AdditionalEnvVariables -}}}}{{{{if $index}}}}{{{{end}}}}
+Environment={{{{ $value }}}}{{{{end}}}}
+{{{{- end}}}}
 Restart={{{{.RestartPolicy}}}}
 {{{{- if .StartLimitBurst}}}}
 StartLimitBurst={{{{.StartLimitBurst}}}}
@@ -189,6 +148,18 @@ func generateContainerInfo(ctr *libpod.Container, options entities.GenerateSyste
 		return nil, errors.New("conmon PID file path is empty, try to recreate the container with --conmon-pidfile flag")
 	}
 
+	// #15284: old units generated without --new can lead to issues on
+	// shutdown when the containers are created with a custom restart
+	// policy.
+	if !options.New {
+		switch config.RestartPolicy {
+		case libpodDefine.RestartPolicyNo, libpodDefine.RestartPolicyNone:
+			// All good
+		default:
+			logrus.Warnf("Container %s has restart policy %q which can lead to issues on shutdown: consider recreating the container without a restart policy and use systemd's restart mechanism instead", ctr.ID(), config.RestartPolicy)
+		}
+	}
+
 	createCommand := []string{}
 	if config.CreateCommand != nil {
 		createCommand = config.CreateCommand
@@ -211,19 +182,20 @@ func generateContainerInfo(ctr *libpod.Container, options entities.GenerateSyste
 	envs := config.Spec.Process.Env
 
 	info := containerInfo{
-		ServiceName:       serviceName,
-		ContainerNameOrID: nameOrID,
-		RestartPolicy:     define.DefaultRestartPolicy,
-		PIDFile:           conmonPidFile,
-		TimeoutStartSec:   startTimeout,
-		StopTimeout:       stopTimeout,
-		GenerateTimestamp: true,
-		CreateCommand:     createCommand,
-		RunRoot:           runRoot,
-		containerEnv:      envs,
-		Wants:             options.Wants,
-		After:             options.After,
-		Requires:          options.Requires,
+		ServiceName:            serviceName,
+		ContainerNameOrID:      nameOrID,
+		RestartPolicy:          define.DefaultRestartPolicy,
+		PIDFile:                conmonPidFile,
+		TimeoutStartSec:        startTimeout,
+		StopTimeout:            stopTimeout,
+		GenerateTimestamp:      true,
+		CreateCommand:          createCommand,
+		RunRoot:                runRoot,
+		containerEnv:           envs,
+		Wants:                  options.Wants,
+		After:                  options.After,
+		Requires:               options.Requires,
+		AdditionalEnvVariables: options.AdditionalEnvVariables,
 	}
 
 	return &info, nil
@@ -324,6 +296,9 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst
 	info.ExecStart = "{{{{.Executable}}}} start {{{{.ContainerNameOrID}}}}"
 	info.ExecStop = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}"
 	info.ExecStopPost = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}"
+	for i, env := range info.AdditionalEnvVariables {
+		info.AdditionalEnvVariables[i] = escapeSystemdArg(env)
+	}
 
 	// Assemble the ExecStart command when creating a new container.
 	//
@@ -378,6 +353,9 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst
 		fs.StringArrayP("env", "e", nil, "")
 		fs.String("sdnotify", "", "")
 		fs.String("restart", "", "")
+		// have to define extra -h flag to prevent help error when parsing -h hostname
+		// https://github.com/containers/podman/issues/15124
+		fs.StringP("help", "h", "", "")
 		if err := fs.Parse(remainingCmd); err != nil {
 			return "", fmt.Errorf("parsing remaining command-line arguments: %w", err)
 		}
@@ -403,8 +381,13 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst
 
 		// Default to --sdnotify=conmon unless already set by the
 		// container.
-		hasSdnotifyParam := fs.Lookup("sdnotify").Changed
-		if !hasSdnotifyParam {
+		sdnotifyFlag := fs.Lookup("sdnotify")
+		if !sdnotifyFlag.Changed {
+			startCommand = append(startCommand, "--sdnotify=conmon")
+		} else if sdnotifyFlag.Value.String() == libpodDefine.SdNotifyModeIgnore {
+			// If ignore is set force conmon otherwise the unit with Type=notify will fail.
+			logrus.Infof("Forcing --sdnotify=conmon for container %s", info.ContainerNameOrID)
+			remainingCmd = removeSdNotifyArg(remainingCmd, fs.NArg())
 			startCommand = append(startCommand, "--sdnotify=conmon")
 		}
 
@@ -520,7 +503,7 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst
 	// template execution.
 	templ, err := template.New("container_template").Delims("{{{{", "}}}}").Parse(containerTemplate)
 	if err != nil {
-		return "", fmt.Errorf("error parsing systemd service template: %w", err)
+		return "", fmt.Errorf("parsing systemd service template: %w", err)
 	}
 
 	var buf bytes.Buffer
@@ -531,7 +514,7 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst
 	// Now parse the generated template (i.e., buf) and execute it.
 	templ, err = template.New("container_template").Delims("{{{{", "}}}}").Parse(buf.String())
 	if err != nil {
-		return "", fmt.Errorf("error parsing systemd service template: %w", err)
+		return "", fmt.Errorf("parsing systemd service template: %w", err)
 	}
 
 	buf = bytes.Buffer{}
diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go
index 640aa298e..7f92e75b8 100644
--- a/pkg/systemd/generate/containers_test.go
+++ b/pkg/systemd/generate/containers_test.go
@@ -2,6 +2,7 @@ package generate
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/containers/podman/v4/pkg/domain/entities"
@@ -317,6 +318,39 @@ NotifyAccess=all
 WantedBy=default.target
 `
 
+	goodWithNameAndSdnotifyIgnore := `# jadda-jadda.service
+# autogenerated by Podman CI
+
+[Unit]
+Description=Podman jadda-jadda.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/run/containers/storage
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman container run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name jadda-jadda \
+	--hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space"
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
+`
+
 	goodWithExplicitShortDetachParam := `# jadda-jadda.service
 # autogenerated by Podman CI
 
@@ -750,6 +784,33 @@ NotifyAccess=all
 WantedBy=default.target
 `
 
+	goodEnvironment := `# container-foobar.service
+# autogenerated by Podman CI
+
+[Unit]
+Description=Podman container-foobar.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/run/containers/storage
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Environment=FOO=abc
+Environment="BAR=my test"
+Environment=USER=%%a
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart=/usr/bin/podman start foobar
+ExecStop=/usr/bin/podman stop -t 10 foobar
+ExecStopPost=/usr/bin/podman stop -t 10 foobar
+PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
+`
+
 	goodNewWithRestartPolicy := `# jadda-jadda.service
 # autogenerated by Podman CI
 
@@ -781,6 +842,37 @@ NotifyAccess=all
 WantedBy=default.target
 `
 
+	goodNewWithHostname := `# jadda-jadda.service
+# autogenerated by Podman CI
+
+[Unit]
+Description=Podman jadda-jadda.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/run/containers/storage
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	-d \
+	-h hostname awesome-image:latest
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
+`
+
 	templateGood := `# container-foo@.service
 # autogenerated by Podman CI
 
@@ -992,7 +1084,7 @@ WantedBy=default.target
 			false,
 			false,
 		},
-		{"good with name and sdnotify",
+		{"good with name and --sdnotify=container",
 			containerInfo{
 				Executable:        "/usr/bin/podman",
 				ServiceName:       "jadda-jadda",
@@ -1011,6 +1103,63 @@ WantedBy=default.target
 			false,
 			false,
 		},
+		{"good with name and --sdnotify container",
+			containerInfo{
+				Executable:        "/usr/bin/podman",
+				ServiceName:       "jadda-jadda",
+				ContainerNameOrID: "jadda-jadda",
+				PIDFile:           "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+				StopTimeout:       10,
+				PodmanVersion:     "CI",
+				CreateCommand:     []string{"I'll get stripped", "container", "run", "--sdnotify", "container", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN", "foo=arg \"with \" space"},
+				EnvVariable:       define.EnvVariable,
+				GraphRoot:         "/var/lib/containers/storage",
+				RunRoot:           "/var/run/containers/storage",
+			},
+			strings.ReplaceAll(goodWithNameAndSdnotify, "--sdnotify=container", "--sdnotify container"),
+			true,
+			false,
+			false,
+			false,
+		},
+		{"good with name and --sdnotify=ignore",
+			containerInfo{
+				Executable:        "/usr/bin/podman",
+				ServiceName:       "jadda-jadda",
+				ContainerNameOrID: "jadda-jadda",
+				PIDFile:           "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+				StopTimeout:       10,
+				PodmanVersion:     "CI",
+				CreateCommand:     []string{"I'll get stripped", "container", "run", "--sdnotify=ignore", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN", "foo=arg \"with \" space"},
+				EnvVariable:       define.EnvVariable,
+				GraphRoot:         "/var/lib/containers/storage",
+				RunRoot:           "/var/run/containers/storage",
+			},
+			goodWithNameAndSdnotifyIgnore,
+			true,
+			false,
+			false,
+			false,
+		},
+		{"good with name and --sdnotify ignore",
+			containerInfo{
+				Executable:        "/usr/bin/podman",
+				ServiceName:       "jadda-jadda",
+				ContainerNameOrID: "jadda-jadda",
+				PIDFile:           "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+				StopTimeout:       10,
+				PodmanVersion:     "CI",
+				CreateCommand:     []string{"I'll get stripped", "container", "run", "--sdnotify", "ignore", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN", "foo=arg \"with \" space"},
+				EnvVariable:       define.EnvVariable,
+				GraphRoot:         "/var/lib/containers/storage",
+				RunRoot:           "/var/run/containers/storage",
+			},
+			goodWithNameAndSdnotifyIgnore,
+			true,
+			false,
+			false,
+			false,
+		},
 		{"good with explicit short detach param",
 			containerInfo{
 				Executable:        "/usr/bin/podman",
@@ -1302,7 +1451,7 @@ WantedBy=default.target
 			false,
 			false,
 		},
-		{"good with environment variables",
+		{"good with container environment variables",
 			containerInfo{
 				Executable:        "/usr/bin/podman",
 				ServiceName:       "jadda-jadda",
@@ -1322,6 +1471,25 @@ WantedBy=default.target
 			false,
 			false,
 		},
+		{"good with systemd environment variables",
+			containerInfo{
+				Executable:             "/usr/bin/podman",
+				ServiceName:            "container-foobar",
+				ContainerNameOrID:      "foobar",
+				PIDFile:                "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+				StopTimeout:            10,
+				PodmanVersion:          "CI",
+				GraphRoot:              "/var/lib/containers/storage",
+				RunRoot:                "/var/run/containers/storage",
+				EnvVariable:            define.EnvVariable,
+				AdditionalEnvVariables: []string{"FOO=abc", "BAR=my test", "USER=%a"},
+			},
+			goodEnvironment,
+			false,
+			false,
+			false,
+			false,
+		},
 		{"good with restart policy",
 			containerInfo{
 				Executable:        "/usr/bin/podman",
@@ -1341,6 +1509,25 @@ WantedBy=default.target
 			false,
 			false,
 		},
+		{"good with -h hostname",
+			containerInfo{
+				Executable:        "/usr/bin/podman",
+				ServiceName:       "jadda-jadda",
+				ContainerNameOrID: "jadda-jadda",
+				PIDFile:           "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+				StopTimeout:       10,
+				PodmanVersion:     "CI",
+				GraphRoot:         "/var/lib/containers/storage",
+				RunRoot:           "/var/run/containers/storage",
+				CreateCommand:     []string{"I'll get stripped", "create", "-h", "hostname", "awesome-image:latest"},
+				EnvVariable:       define.EnvVariable,
+			},
+			goodNewWithHostname,
+			true,
+			false,
+			false,
+			false,
+		},
 		{"good template",
 			containerInfo{
 				Executable:        "/usr/bin/podman",
diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go
index 8640418a7..729a038a5 100644
--- a/pkg/systemd/generate/pods.go
+++ b/pkg/systemd/generate/pods.go
@@ -92,7 +92,7 @@ type podInfo struct {
 	Requires []string
 }
 
-const podTemplate = headerTemplate + `Requires={{{{- range $index, $value := .RequiredServices -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}.service{{{{end}}}}
+const podTemplate = headerTemplate + `Wants={{{{- range $index, $value := .RequiredServices -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}.service{{{{end}}}}
 Before={{{{- range $index, $value := .RequiredServices -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}.service{{{{end}}}}
 {{{{- if or .Wants .After .Requires }}}}
 
@@ -252,18 +252,19 @@ func generatePodInfo(pod *libpod.Pod, options entities.GenerateSystemdOptions) (
 		StopTimeout:       stopTimeout,
 		GenerateTimestamp: true,
 		CreateCommand:     createCommand,
+		RunRoot:           infraCtr.Runtime().RunRoot(),
 	}
 	return &info, nil
 }
 
-// Unless already specified, the pod's exit policy to "stop".
-func setPodExitPolicy(cmd []string) []string {
+// Determine whether the command array includes an exit-policy setting
+func hasPodExitPolicy(cmd []string) bool {
 	for _, arg := range cmd {
 		if strings.HasPrefix(arg, "--exit-policy=") || arg == "--exit-policy" {
-			return cmd
+			return true
 		}
 	}
-	return append(cmd, "--exit-policy=stop")
+	return false
 }
 
 // executePodTemplate executes the pod template on the specified podInfo.  Note
@@ -364,8 +365,10 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions)
 			podCreateArgs = append(podCreateArgs, "--replace")
 		}
 
+		if !hasPodExitPolicy(append(startCommand, podCreateArgs...)) {
+			startCommand = append(startCommand, "--exit-policy=stop")
+		}
 		startCommand = append(startCommand, podCreateArgs...)
-		startCommand = setPodExitPolicy(startCommand)
 		startCommand = escapeSystemdArguments(startCommand)
 
 		info.ExecStartPre1 = "/bin/rm -f {{{{.PIDFile}}}} {{{{.PodIDFile}}}}"
@@ -402,7 +405,7 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions)
 	// template execution.
 	templ, err := template.New("pod_template").Delims("{{{{", "}}}}").Parse(podTemplate)
 	if err != nil {
-		return "", fmt.Errorf("error parsing systemd service template: %w", err)
+		return "", fmt.Errorf("parsing systemd service template: %w", err)
 	}
 
 	var buf bytes.Buffer
@@ -413,7 +416,7 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions)
 	// Now parse the generated template (i.e., buf) and execute it.
 	templ, err = template.New("pod_template").Delims("{{{{", "}}}}").Parse(buf.String())
 	if err != nil {
-		return "", fmt.Errorf("error parsing systemd service template: %w", err)
+		return "", fmt.Errorf("parsing systemd service template: %w", err)
 	}
 
 	buf = bytes.Buffer{}
diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go
index 59f217256..000d73e9a 100644
--- a/pkg/systemd/generate/pods_test.go
+++ b/pkg/systemd/generate/pods_test.go
@@ -7,25 +7,26 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestSetPodExitPolicy(t *testing.T) {
+func TestHasPodExitPolicy(t *testing.T) {
 	tests := []struct {
-		input, expected []string
+		input    []string
+		expected bool
 	}{
 		{
 			[]string{"podman", "pod", "create"},
-			[]string{"podman", "pod", "create", "--exit-policy=stop"},
+			false,
 		},
 		{
 			[]string{"podman", "pod", "create", "--exit-policy=continue"},
-			[]string{"podman", "pod", "create", "--exit-policy=continue"},
+			true,
 		},
 		{
 			[]string{"podman", "pod", "create", "--exit-policy", "continue"},
-			[]string{"podman", "pod", "create", "--exit-policy", "continue"},
+			true,
 		},
 	}
 	for _, test := range tests {
-		assert.Equalf(t, test.expected, setPodExitPolicy(test.input), "%v", test.input)
+		assert.Equalf(t, test.expected, hasPodExitPolicy(test.input), "%v", test.input)
 	}
 }
 
@@ -70,7 +71,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 [Service]
@@ -98,7 +99,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 [Service]
@@ -124,7 +125,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 # User-defined dependencies
@@ -152,7 +153,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 # User-defined dependencies
@@ -180,7 +181,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 # User-defined dependencies
@@ -208,7 +209,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 # User-defined dependencies
@@ -229,6 +230,33 @@ Type=forking
 [Install]
 WantedBy=default.target
 `
+	podNoExplicitName := `# pod-123abc.service
+# autogenerated by Podman CI
+
+[Unit]
+Description=Podman pod-123abc.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/run/containers/storage
+Wants=
+Before=
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop foo
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
+PIDFile=%t/pod-123abc.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
+`
 
 	podGoodRestartSec := `# pod-123abc.service
 # autogenerated by Podman CI
@@ -239,7 +267,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 [Service]
@@ -266,7 +294,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 [Service]
@@ -274,7 +302,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace --exit-policy=stop
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace
 ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
@@ -294,7 +322,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 [Service]
@@ -302,7 +330,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace --exit-policy=stop
+ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace
 ExecStart=/usr/bin/podman --events-backend none --runroot /root pod start --pod-id-file %t/pod-123abc.pod-id
 ExecStop=/usr/bin/podman --events-backend none --runroot /root pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
 ExecStopPost=/usr/bin/podman --events-backend none --runroot /root pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
@@ -322,7 +350,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 [Service]
@@ -330,7 +358,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --replace --exit-policy=stop
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo --replace
 ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
@@ -350,7 +378,7 @@ Documentation=man:podman-generate-systemd(1)
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/var/run/containers/storage
-Requires=container-1.service container-2.service
+Wants=container-1.service container-2.service
 Before=container-1.service container-2.service
 
 [Service]
@@ -483,6 +511,23 @@ WantedBy=default.target
 			false,
 			false,
 		},
+		{"pod without --name",
+			podInfo{
+				Executable:    "/usr/bin/podman",
+				ServiceName:   "pod-123abc",
+				InfraNameOrID: "jadda-jadda-infra",
+				PIDFile:       "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+				StopTimeout:   10,
+				PodmanVersion: "CI",
+				GraphRoot:     "/var/lib/containers/storage",
+				RunRoot:       "/var/run/containers/storage",
+				CreateCommand: []string{"podman", "pod", "create", "foo"},
+			},
+			podNoExplicitName,
+			true,
+			false,
+			false,
+		},
 		{"pod restartSec",
 			podInfo{
 				Executable:       "/usr/bin/podman",
diff --git a/pkg/systemd/notifyproxy/notifyproxy.go b/pkg/systemd/notifyproxy/notifyproxy.go
new file mode 100644
index 000000000..1bfab9ca0
--- /dev/null
+++ b/pkg/systemd/notifyproxy/notifyproxy.go
@@ -0,0 +1,157 @@
+package notifyproxy
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/coreos/go-systemd/v22/daemon"
+	"github.com/sirupsen/logrus"
+)
+
+// SendMessage sends the specified message to the specified socket.
+// No message is sent if no socketPath is provided and the NOTIFY_SOCKET
+// variable is not set either.
+func SendMessage(socketPath string, message string) error {
+	if socketPath == "" {
+		socketPath, _ = os.LookupEnv("NOTIFY_SOCKET")
+		if socketPath == "" {
+			return nil
+		}
+	}
+	socketAddr := &net.UnixAddr{
+		Name: socketPath,
+		Net:  "unixgram",
+	}
+	conn, err := net.DialUnix(socketAddr.Net, nil, socketAddr)
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	_, err = conn.Write([]byte(message))
+	return err
+}
+
+// NotifyProxy can be used to proxy notify messages.
+type NotifyProxy struct {
+	connection *net.UnixConn
+	socketPath string
+	container  Container // optional
+}
+
+// New creates a NotifyProxy.  The specified temp directory can be left empty.
+func New(tmpDir string) (*NotifyProxy, error) {
+	tempFile, err := ioutil.TempFile(tmpDir, "-podman-notify-proxy.sock")
+	if err != nil {
+		return nil, err
+	}
+	defer tempFile.Close()
+
+	socketPath := tempFile.Name()
+	if err := syscall.Unlink(socketPath); err != nil { // Unlink the socket so we can bind it
+		return nil, err
+	}
+
+	socketAddr := &net.UnixAddr{
+		Name: socketPath,
+		Net:  "unixgram",
+	}
+	conn, err := net.ListenUnixgram(socketAddr.Net, socketAddr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &NotifyProxy{connection: conn, socketPath: socketPath}, nil
+}
+
+// SocketPath returns the path of the socket the proxy is listening on.
+func (p *NotifyProxy) SocketPath() string {
+	return p.socketPath
+}
+
+// close closes the listener and removes the socket.
+func (p *NotifyProxy) close() error {
+	defer os.Remove(p.socketPath)
+	return p.connection.Close()
+}
+
+// AddContainer associates a container with the proxy.
+func (p *NotifyProxy) AddContainer(container Container) {
+	p.container = container
+}
+
+// ErrNoReadyMessage is returned when we are waiting for the READY message of a
+// container that is not in the running state anymore.
+var ErrNoReadyMessage = errors.New("container stopped running before READY message was received")
+
+// Container avoids a circular dependency among this package and libpod.
+type Container interface {
+	State() (define.ContainerStatus, error)
+	ID() string
+}
+
+// WaitAndClose waits until receiving the `READY` notify message and close the
+// listener. Note that the this function must only be executed inside a systemd
+// service which will kill the process after a given timeout.
+// If the (optional) container stopped running before the `READY` is received,
+// the waiting gets canceled and ErrNoReadyMessage is returned.
+func (p *NotifyProxy) WaitAndClose() error {
+	defer func() {
+		if err := p.close(); err != nil {
+			logrus.Errorf("Closing notify proxy: %v", err)
+		}
+	}()
+
+	const bufferSize = 1024
+	sBuilder := strings.Builder{}
+	for {
+		// Set a read deadline of one second such that we achieve a
+		// non-blocking read and can check if the container has already
+		// stopped running; in that case no READY message will be send
+		// and we're done.
+		if err := p.connection.SetReadDeadline(time.Now().Add(time.Second)); err != nil {
+			return err
+		}
+
+		for {
+			buffer := make([]byte, bufferSize)
+			num, err := p.connection.Read(buffer)
+			if err != nil {
+				if !errors.Is(err, os.ErrDeadlineExceeded) && !errors.Is(err, io.EOF) {
+					return err
+				}
+			}
+			sBuilder.Write(buffer[:num])
+			if num != bufferSize || buffer[num-1] == '\n' {
+				break
+			}
+		}
+
+		for _, line := range strings.Split(sBuilder.String(), "\n") {
+			if line == daemon.SdNotifyReady {
+				return nil
+			}
+		}
+		sBuilder.Reset()
+
+		if p.container == nil {
+			continue
+		}
+
+		state, err := p.container.State()
+		if err != nil {
+			return err
+		}
+		if state != define.ContainerStateRunning {
+			return fmt.Errorf("%w: %s", ErrNoReadyMessage, p.container.ID())
+		}
+	}
+}
diff --git a/pkg/systemd/notifyproxy/notifyproxy_test.go b/pkg/systemd/notifyproxy/notifyproxy_test.go
new file mode 100644
index 000000000..066046cb8
--- /dev/null
+++ b/pkg/systemd/notifyproxy/notifyproxy_test.go
@@ -0,0 +1,58 @@
+package notifyproxy
+
+import (
+	"testing"
+	"time"
+
+	"github.com/coreos/go-systemd/v22/daemon"
+	"github.com/stretchr/testify/require"
+)
+
+// Helper function to send the specified message over the socket of the proxy.
+func sendMessage(t *testing.T, proxy *NotifyProxy, message string) {
+	err := SendMessage(proxy.SocketPath(), message)
+	require.NoError(t, err)
+}
+
+func TestNotifyProxy(t *testing.T) {
+	proxy, err := New("")
+	require.NoError(t, err)
+	require.FileExists(t, proxy.SocketPath())
+	require.NoError(t, proxy.close())
+	require.NoFileExists(t, proxy.SocketPath())
+}
+
+func TestWaitAndClose(t *testing.T) {
+	proxy, err := New("")
+	require.NoError(t, err)
+	require.FileExists(t, proxy.SocketPath())
+
+	ch := make(chan error)
+
+	go func() {
+		ch <- proxy.WaitAndClose()
+	}()
+
+	sendMessage(t, proxy, "foo\n")
+	time.Sleep(250 * time.Millisecond)
+	select {
+	case err := <-ch:
+		t.Fatalf("Should still be waiting but received %v", err)
+	default:
+	}
+
+	sendMessage(t, proxy, daemon.SdNotifyReady+"\nsomething else\n")
+	done := func() bool {
+		for i := 0; i < 10; i++ {
+			select {
+			case err := <-ch:
+				require.NoError(t, err, "Waiting should succeed")
+				return true
+			default:
+				time.Sleep(time.Duration(i*250) * time.Millisecond)
+			}
+		}
+		return false
+	}()
+	require.True(t, done, "READY MESSAGE SHOULD HAVE ARRIVED")
+}
diff --git a/pkg/terminal/util.go b/pkg/terminal/util.go
deleted file mode 100644
index 0f0968c30..000000000
--- a/pkg/terminal/util.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package terminal
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"sync"
-
-	"github.com/containers/storage/pkg/homedir"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/knownhosts"
-	"golang.org/x/term"
-)
-
-var (
-	passPhrase   []byte
-	phraseSync   sync.Once
-	password     []byte
-	passwordSync sync.Once
-)
-
-// ReadPassword prompts for a secret and returns value input by user from stdin
-// Unlike terminal.ReadPassword(), $(echo $SECRET | podman...) is supported.
-// Additionally, all input after `<secret>/n` is queued to podman command.
-func ReadPassword(prompt string) (pw []byte, err error) {
-	fd := int(os.Stdin.Fd())
-	if term.IsTerminal(fd) {
-		fmt.Fprint(os.Stderr, prompt)
-		pw, err = term.ReadPassword(fd)
-		fmt.Fprintln(os.Stderr)
-		return
-	}
-
-	var b [1]byte
-	for {
-		n, err := os.Stdin.Read(b[:])
-		// terminal.ReadPassword discards any '\r', so we do the same
-		if n > 0 && b[0] != '\r' {
-			if b[0] == '\n' {
-				return pw, nil
-			}
-			pw = append(pw, b[0])
-			// limit size, so that a wrong input won't fill up the memory
-			if len(pw) > 1024 {
-				err = errors.New("password too long, 1024 byte limit")
-			}
-		}
-		if err != nil {
-			// terminal.ReadPassword accepts EOF-terminated passwords
-			// if non-empty, so we do the same
-			if err == io.EOF && len(pw) > 0 {
-				err = nil
-			}
-			return pw, err
-		}
-	}
-}
-
-func PublicKey(path string, passphrase []byte) (ssh.Signer, error) {
-	key, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-
-	signer, err := ssh.ParsePrivateKey(key)
-	if err != nil {
-		if _, ok := err.(*ssh.PassphraseMissingError); !ok {
-			return nil, err
-		}
-		if len(passphrase) == 0 {
-			passphrase = ReadPassphrase()
-		}
-		return ssh.ParsePrivateKeyWithPassphrase(key, passphrase)
-	}
-	return signer, nil
-}
-
-func ReadPassphrase() []byte {
-	phraseSync.Do(func() {
-		secret, err := ReadPassword("Key Passphrase: ")
-		if err != nil {
-			secret = []byte{}
-		}
-		passPhrase = secret
-	})
-	return passPhrase
-}
-
-func ReadLogin() []byte {
-	passwordSync.Do(func() {
-		secret, err := ReadPassword("Login password: ")
-		if err != nil {
-			secret = []byte{}
-		}
-		password = secret
-	})
-	return password
-}
-
-func HostKey(host string) ssh.PublicKey {
-	// parse OpenSSH known_hosts file
-	// ssh or use ssh-keyscan to get initial key
-	knownHosts := filepath.Join(homedir.Get(), ".ssh", "known_hosts")
-	fd, err := os.Open(knownHosts)
-	if err != nil {
-		logrus.Error(err)
-		return nil
-	}
-
-	// support -H parameter for ssh-keyscan
-	hashhost := knownhosts.HashHostname(host)
-
-	scanner := bufio.NewScanner(fd)
-	for scanner.Scan() {
-		_, hosts, key, _, _, err := ssh.ParseKnownHosts(scanner.Bytes())
-		if err != nil {
-			logrus.Errorf("Failed to parse known_hosts: %s", scanner.Text())
-			continue
-		}
-
-		for _, h := range hosts {
-			if h == host || h == hashhost {
-				return key
-			}
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/trust/config.go b/pkg/trust/config.go
deleted file mode 100644
index 6186d4cbd..000000000
--- a/pkg/trust/config.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package trust
-
-// Policy describes a basic trust policy configuration
-type Policy struct {
-	Transport      string   `json:"transport"`
-	Name           string   `json:"name,omitempty"`
-	RepoName       string   `json:"repo_name,omitempty"`
-	Keys           []string `json:"keys,omitempty"`
-	SignatureStore string   `json:"sigstore,omitempty"`
-	Type           string   `json:"type"`
-	GPGId          string   `json:"gpg_id,omitempty"`
-}
diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go
new file mode 100644
index 000000000..d746e78cf
--- /dev/null
+++ b/pkg/trust/policy.go
@@ -0,0 +1,248 @@
+package trust
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/containers/image/v5/types"
+	"github.com/sirupsen/logrus"
+)
+
+// policyContent is the overall structure of a policy.json file (= c/image/v5/signature.Policy)
+type policyContent struct {
+	Default    []repoContent     `json:"default"`
+	Transports transportsContent `json:"transports,omitempty"`
+}
+
+// transportsContent contains policies for individual transports (= c/image/v5/signature.Policy.Transports)
+type transportsContent map[string]repoMap
+
+// repoMap maps a scope name to requirements that apply to that scope (= c/image/v5/signature.PolicyTransportScopes)
+type repoMap map[string][]repoContent
+
+// repoContent is a single policy requirement (one of possibly several for a scope), representing all of the individual alternatives in a single merged struct
+// (= c/image/v5/signature.{PolicyRequirement,pr*})
+type repoContent struct {
+	Type           string          `json:"type"`
+	KeyType        string          `json:"keyType,omitempty"`
+	KeyPath        string          `json:"keyPath,omitempty"`
+	KeyPaths       []string        `json:"keyPaths,omitempty"`
+	KeyData        string          `json:"keyData,omitempty"`
+	SignedIdentity json.RawMessage `json:"signedIdentity,omitempty"`
+}
+
+// genericPolicyContent is the overall structure of a policy.json file (= c/image/v5/signature.Policy), using generic data for individual requirements.
+type genericPolicyContent struct {
+	Default    json.RawMessage          `json:"default"`
+	Transports genericTransportsContent `json:"transports,omitempty"`
+}
+
+// genericTransportsContent contains policies for individual transports (= c/image/v5/signature.Policy.Transports), using generic data for individual requirements.
+type genericTransportsContent map[string]genericRepoMap
+
+// genericRepoMap maps a scope name to requirements that apply to that scope (= c/image/v5/signature.PolicyTransportScopes)
+type genericRepoMap map[string]json.RawMessage
+
+// DefaultPolicyPath returns a path to the default policy of the system.
+func DefaultPolicyPath(sys *types.SystemContext) string {
+	systemDefaultPolicyPath := "/etc/containers/policy.json"
+	if sys != nil {
+		if sys.SignaturePolicyPath != "" {
+			return sys.SignaturePolicyPath
+		}
+		if sys.RootForImplicitAbsolutePaths != "" {
+			return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath)
+		}
+	}
+	return systemDefaultPolicyPath
+}
+
+// gpgIDReader returns GPG key IDs of keys stored at the provided path.
+// It exists only for tests, production code should always use getGPGIdFromKeyPath.
+type gpgIDReader func(string) []string
+
+// createTmpFile creates a temp file under dir and writes the content into it
+func createTmpFile(dir, pattern string, content []byte) (string, error) {
+	tmpfile, err := ioutil.TempFile(dir, pattern)
+	if err != nil {
+		return "", err
+	}
+	defer tmpfile.Close()
+
+	if _, err := tmpfile.Write(content); err != nil {
+		return "", err
+	}
+	return tmpfile.Name(), nil
+}
+
+// getGPGIdFromKeyPath returns GPG key IDs of keys stored at the provided path.
+func getGPGIdFromKeyPath(path string) []string {
+	cmd := exec.Command("gpg2", "--with-colons", path)
+	results, err := cmd.Output()
+	if err != nil {
+		logrus.Errorf("Getting key identity: %s", err)
+		return nil
+	}
+	return parseUids(results)
+}
+
+// getGPGIdFromKeyData returns GPG key IDs of keys in the provided keyring.
+func getGPGIdFromKeyData(idReader gpgIDReader, key string) []string {
+	decodeKey, err := base64.StdEncoding.DecodeString(key)
+	if err != nil {
+		logrus.Errorf("%s, error decoding key data", err)
+		return nil
+	}
+	tmpfileName, err := createTmpFile("", "", decodeKey)
+	if err != nil {
+		logrus.Errorf("Creating key date temp file %s", err)
+	}
+	defer os.Remove(tmpfileName)
+	return idReader(tmpfileName)
+}
+
+func parseUids(colonDelimitKeys []byte) []string {
+	var parseduids []string
+	scanner := bufio.NewScanner(bytes.NewReader(colonDelimitKeys))
+	for scanner.Scan() {
+		line := scanner.Text()
+		if strings.HasPrefix(line, "uid:") || strings.HasPrefix(line, "pub:") {
+			uid := strings.Split(line, ":")[9]
+			if uid == "" {
+				continue
+			}
+			parseduid := uid
+			if strings.Contains(uid, "<") && strings.Contains(uid, ">") {
+				parseduid = strings.SplitN(strings.SplitAfterN(uid, "<", 2)[1], ">", 2)[0]
+			}
+			parseduids = append(parseduids, parseduid)
+		}
+	}
+	return parseduids
+}
+
+// getPolicy parses policy.json into policyContent.
+func getPolicy(policyPath string) (policyContent, error) {
+	var policyContentStruct policyContent
+	policyContent, err := ioutil.ReadFile(policyPath)
+	if err != nil {
+		return policyContentStruct, fmt.Errorf("unable to read policy file: %w", err)
+	}
+	if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
+		return policyContentStruct, fmt.Errorf("could not parse trust policies from %s: %w", policyPath, err)
+	}
+	return policyContentStruct, nil
+}
+
+var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "sigstoreSigned": "sigstoreSigned", "reject": "reject"}
+
+func trustTypeDescription(trustType string) string {
+	trustDescription, exist := typeDescription[trustType]
+	if !exist {
+		logrus.Warnf("Invalid trust type %s", trustType)
+	}
+	return trustDescription
+}
+
+// AddPolicyEntriesInput collects some parameters to AddPolicyEntries,
+// primarily so that the callers use named values instead of just strings in a sequence.
+type AddPolicyEntriesInput struct {
+	Scope       string // "default" or a docker/atomic scope name
+	Type        string
+	PubKeyFiles []string // For signature enforcement types, paths to public keys files (where the image needs to be signed by at least one key from _each_ of the files). File format depends on Type.
+}
+
+// AddPolicyEntries adds one or more policy entries necessary to implement AddPolicyEntriesInput.
+func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error {
+	var (
+		policyContentStruct genericPolicyContent
+		newReposContent     []repoContent
+	)
+	trustType := input.Type
+	if trustType == "accept" {
+		trustType = "insecureAcceptAnything"
+	}
+	pubkeysfile := input.PubKeyFiles
+
+	// The error messages in validation failures use input.Type instead of trustType to match the user’s input.
+	switch trustType {
+	case "insecureAcceptAnything", "reject":
+		if len(pubkeysfile) != 0 {
+			return fmt.Errorf("%d public keys unexpectedly provided for trust type %v", len(pubkeysfile), input.Type)
+		}
+		newReposContent = append(newReposContent, repoContent{Type: trustType})
+
+	case "signedBy":
+		if len(pubkeysfile) == 0 {
+			return errors.New("at least one public key must be defined for type 'signedBy'")
+		}
+		for _, filepath := range pubkeysfile {
+			newReposContent = append(newReposContent, repoContent{Type: trustType, KeyType: "GPGKeys", KeyPath: filepath})
+		}
+
+	case "sigstoreSigned":
+		if len(pubkeysfile) == 0 {
+			return errors.New("at least one public key must be defined for type 'sigstoreSigned'")
+		}
+		for _, filepath := range pubkeysfile {
+			newReposContent = append(newReposContent, repoContent{Type: trustType, KeyPath: filepath})
+		}
+
+	default:
+		return fmt.Errorf("unknown trust type %q", input.Type)
+	}
+	newReposJSON, err := json.Marshal(newReposContent)
+	if err != nil {
+		return err
+	}
+
+	_, err = os.Stat(policyPath)
+	if !os.IsNotExist(err) {
+		policyContent, err := ioutil.ReadFile(policyPath)
+		if err != nil {
+			return err
+		}
+		if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
+			return errors.New("could not read trust policies")
+		}
+	}
+	if input.Scope == "default" {
+		policyContentStruct.Default = json.RawMessage(newReposJSON)
+	} else {
+		if len(policyContentStruct.Default) == 0 {
+			return errors.New("default trust policy must be set")
+		}
+		registryExists := false
+		for transport, transportval := range policyContentStruct.Transports {
+			_, registryExists = transportval[input.Scope]
+			if registryExists {
+				policyContentStruct.Transports[transport][input.Scope] = json.RawMessage(newReposJSON)
+				break
+			}
+		}
+		if !registryExists {
+			if policyContentStruct.Transports == nil {
+				policyContentStruct.Transports = make(map[string]genericRepoMap)
+			}
+			if policyContentStruct.Transports["docker"] == nil {
+				policyContentStruct.Transports["docker"] = make(map[string]json.RawMessage)
+			}
+			policyContentStruct.Transports["docker"][input.Scope] = json.RawMessage(newReposJSON)
+		}
+	}
+
+	data, err := json.MarshalIndent(policyContentStruct, "", "    ")
+	if err != nil {
+		return fmt.Errorf("setting trust policy: %w", err)
+	}
+	return ioutil.WriteFile(policyPath, data, 0644)
+}
diff --git a/pkg/trust/policy_test.go b/pkg/trust/policy_test.go
new file mode 100644
index 000000000..3952b72c3
--- /dev/null
+++ b/pkg/trust/policy_test.go
@@ -0,0 +1,196 @@
+package trust
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/containers/image/v5/signature"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAddPolicyEntries(t *testing.T) {
+	tempDir := t.TempDir()
+	policyPath := filepath.Join(tempDir, "policy.json")
+
+	minimalPolicy := &signature.Policy{
+		Default: []signature.PolicyRequirement{
+			signature.NewPRInsecureAcceptAnything(),
+		},
+	}
+	minimalPolicyJSON, err := json.Marshal(minimalPolicy)
+	require.NoError(t, err)
+	err = os.WriteFile(policyPath, minimalPolicyJSON, 0600)
+	require.NoError(t, err)
+
+	// Invalid input:
+	for _, invalid := range []AddPolicyEntriesInput{
+		{
+			Scope:       "default",
+			Type:        "accept",
+			PubKeyFiles: []string{"/does-not-make-sense"},
+		},
+		{
+			Scope:       "default",
+			Type:        "insecureAcceptAnything",
+			PubKeyFiles: []string{"/does-not-make-sense"},
+		},
+		{
+			Scope:       "default",
+			Type:        "reject",
+			PubKeyFiles: []string{"/does-not-make-sense"},
+		},
+		{
+			Scope:       "default",
+			Type:        "signedBy",
+			PubKeyFiles: []string{}, // A key is missing
+		},
+		{
+			Scope:       "default",
+			Type:        "sigstoreSigned",
+			PubKeyFiles: []string{}, // A key is missing
+		},
+		{
+			Scope:       "default",
+			Type:        "this-is-unknown",
+			PubKeyFiles: []string{},
+		},
+	} {
+		err := AddPolicyEntries(policyPath, invalid)
+		assert.Error(t, err, "%#v", invalid)
+	}
+
+	err = AddPolicyEntries(policyPath, AddPolicyEntriesInput{
+		Scope: "default",
+		Type:  "reject",
+	})
+	assert.NoError(t, err)
+	err = AddPolicyEntries(policyPath, AddPolicyEntriesInput{
+		Scope: "quay.io/accepted",
+		Type:  "accept",
+	})
+	assert.NoError(t, err)
+	err = AddPolicyEntries(policyPath, AddPolicyEntriesInput{
+		Scope:       "quay.io/multi-signed",
+		Type:        "signedBy",
+		PubKeyFiles: []string{"/1.pub", "/2.pub"},
+	})
+	assert.NoError(t, err)
+	err = AddPolicyEntries(policyPath, AddPolicyEntriesInput{
+		Scope:       "quay.io/sigstore-signed",
+		Type:        "sigstoreSigned",
+		PubKeyFiles: []string{"/1.pub", "/2.pub"},
+	})
+	assert.NoError(t, err)
+
+	// Test that the outcome is consumable, and compare it with the expected values.
+	parsedPolicy, err := signature.NewPolicyFromFile(policyPath)
+	require.NoError(t, err)
+	assert.Equal(t, &signature.Policy{
+		Default: signature.PolicyRequirements{
+			signature.NewPRReject(),
+		},
+		Transports: map[string]signature.PolicyTransportScopes{
+			"docker": {
+				"quay.io/accepted": {
+					signature.NewPRInsecureAcceptAnything(),
+				},
+				"quay.io/multi-signed": {
+					xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+					xNewPRSignedByKeyPath(t, "/2.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				},
+				"quay.io/sigstore-signed": {
+					xNewPRSigstoreSignedKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+					xNewPRSigstoreSignedKeyPath(t, "/2.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				},
+			},
+		},
+	}, parsedPolicy)
+
+	// Test that completely unknown JSON is preserved
+	jsonWithUnknownData := `{
+    "default": [
+        {
+            "type": "this is unknown",
+			"unknown field": "should be preserved"
+        }
+    ],
+    "transports":
+        {
+            "docker-daemon":
+                {
+                    "": [{
+						"type":"this is unknown 2",
+						"unknown field 2": "should be preserved 2"
+						}]
+                }
+        }
+}`
+	err = os.WriteFile(policyPath, []byte(jsonWithUnknownData), 0600)
+	require.NoError(t, err)
+	err = AddPolicyEntries(policyPath, AddPolicyEntriesInput{
+		Scope:       "quay.io/innocuous",
+		Type:        "signedBy",
+		PubKeyFiles: []string{"/1.pub"},
+	})
+	require.NoError(t, err)
+	updatedJSONWithUnknownData, err := os.ReadFile(policyPath)
+	require.NoError(t, err)
+	// Decode updatedJSONWithUnknownData so that this test does not depend on details of the encoding.
+	// To reduce noise in the constants below:
+	type a = []interface{}
+	type m = map[string]interface{}
+	var parsedUpdatedJSON m
+	err = json.Unmarshal(updatedJSONWithUnknownData, &parsedUpdatedJSON)
+	require.NoError(t, err)
+	assert.Equal(t, m{
+		"default": a{
+			m{
+				"type":          "this is unknown",
+				"unknown field": "should be preserved",
+			},
+		},
+		"transports": m{
+			"docker-daemon": m{
+				"": a{
+					m{
+						"type":            "this is unknown 2",
+						"unknown field 2": "should be preserved 2",
+					},
+				},
+			},
+			"docker": m{
+				"quay.io/innocuous": a{
+					m{
+						"type":    "signedBy",
+						"keyType": "GPGKeys",
+						"keyPath": "/1.pub",
+					},
+				},
+			},
+		},
+	}, parsedUpdatedJSON)
+}
+
+// xNewPRSignedByKeyPath is a wrapper for NewPRSignedByKeyPath which must not fail.
+func xNewPRSignedByKeyPath(t *testing.T, keyPath string, signedIdentity signature.PolicyReferenceMatch) signature.PolicyRequirement {
+	pr, err := signature.NewPRSignedByKeyPath(signature.SBKeyTypeGPGKeys, keyPath, signedIdentity)
+	require.NoError(t, err)
+	return pr
+}
+
+// xNewPRSignedByKeyPaths is a wrapper for NewPRSignedByKeyPaths which must not fail.
+func xNewPRSignedByKeyPaths(t *testing.T, keyPaths []string, signedIdentity signature.PolicyReferenceMatch) signature.PolicyRequirement {
+	pr, err := signature.NewPRSignedByKeyPaths(signature.SBKeyTypeGPGKeys, keyPaths, signedIdentity)
+	require.NoError(t, err)
+	return pr
+}
+
+// xNewPRSigstoreSignedKeyPath is a wrapper for NewPRSigstoreSignedKeyPath which must not fail.
+func xNewPRSigstoreSignedKeyPath(t *testing.T, keyPath string, signedIdentity signature.PolicyReferenceMatch) signature.PolicyRequirement {
+	pr, err := signature.NewPRSigstoreSignedKeyPath(keyPath, signedIdentity)
+	require.NoError(t, err)
+	return pr
+}
diff --git a/pkg/trust/registries.go b/pkg/trust/registries.go
new file mode 100644
index 000000000..86d580059
--- /dev/null
+++ b/pkg/trust/registries.go
@@ -0,0 +1,126 @@
+package trust
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/containers/image/v5/types"
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/ghodss/yaml"
+)
+
+// registryConfiguration is one of the files in registriesDirPath configuring lookaside locations, or the result of merging them all.
+// NOTE: Keep this in sync with docs/registries.d.md!
+type registryConfiguration struct {
+	DefaultDocker *registryNamespace `json:"default-docker"`
+	// The key is a namespace, using fully-expanded Docker reference format or parent namespaces (per dockerReference.PolicyConfiguration*),
+	Docker map[string]registryNamespace `json:"docker"`
+}
+
+// registryNamespace defines lookaside locations for a single namespace.
+type registryNamespace struct {
+	Lookaside        string `json:"lookaside"`         // For reading, and if LookasideStaging is not present, for writing.
+	LookasideStaging string `json:"lookaside-staging"` // For writing only.
+	SigStore         string `json:"sigstore"`          // For reading, and if SigStoreStaging is not present, for writing.
+	SigStoreStaging  string `json:"sigstore-staging"`  // For writing only.
+}
+
+// systemRegistriesDirPath is the path to registries.d.
+const systemRegistriesDirPath = "/etc/containers/registries.d"
+
+// userRegistriesDir is the path to the per user registries.d.
+var userRegistriesDir = filepath.FromSlash(".config/containers/registries.d")
+
+// RegistriesDirPath returns a path to registries.d
+func RegistriesDirPath(sys *types.SystemContext) string {
+	if sys != nil && sys.RegistriesDirPath != "" {
+		return sys.RegistriesDirPath
+	}
+	userRegistriesDirPath := filepath.Join(homedir.Get(), userRegistriesDir)
+	if _, err := os.Stat(userRegistriesDirPath); err == nil {
+		return userRegistriesDirPath
+	}
+	if sys != nil && sys.RootForImplicitAbsolutePaths != "" {
+		return filepath.Join(sys.RootForImplicitAbsolutePaths, systemRegistriesDirPath)
+	}
+
+	return systemRegistriesDirPath
+}
+
+// loadAndMergeConfig loads registries.d configuration files in dirPath
+func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) {
+	mergedConfig := registryConfiguration{Docker: map[string]registryNamespace{}}
+	dockerDefaultMergedFrom := ""
+	nsMergedFrom := map[string]string{}
+
+	dir, err := os.Open(dirPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return &mergedConfig, nil
+		}
+		return nil, err
+	}
+	configNames, err := dir.Readdirnames(0)
+	if err != nil {
+		return nil, err
+	}
+	for _, configName := range configNames {
+		if !strings.HasSuffix(configName, ".yaml") {
+			continue
+		}
+		configPath := filepath.Join(dirPath, configName)
+		configBytes, err := ioutil.ReadFile(configPath)
+		if err != nil {
+			return nil, err
+		}
+		var config registryConfiguration
+		err = yaml.Unmarshal(configBytes, &config)
+		if err != nil {
+			return nil, fmt.Errorf("parsing %s: %w", configPath, err)
+		}
+		if config.DefaultDocker != nil {
+			if mergedConfig.DefaultDocker != nil {
+				return nil, fmt.Errorf(`error parsing signature storage configuration: "default-docker" defined both in "%s" and "%s"`,
+					dockerDefaultMergedFrom, configPath)
+			}
+			mergedConfig.DefaultDocker = config.DefaultDocker
+			dockerDefaultMergedFrom = configPath
+		}
+		for nsName, nsConfig := range config.Docker { // includes config.Docker == nil
+			if _, ok := mergedConfig.Docker[nsName]; ok {
+				return nil, fmt.Errorf(`error parsing signature storage configuration: "docker" namespace "%s" defined both in "%s" and "%s"`,
+					nsName, nsMergedFrom[nsName], configPath)
+			}
+			mergedConfig.Docker[nsName] = nsConfig
+			nsMergedFrom[nsName] = configPath
+		}
+	}
+	return &mergedConfig, nil
+}
+
+// registriesDConfigurationForScope returns registries.d configuration for the provided scope.
+// scope can be "" to return only the global default configuration entry.
+func registriesDConfigurationForScope(registryConfigs *registryConfiguration, scope string) *registryNamespace {
+	searchScope := scope
+	if searchScope != "" {
+		if !strings.Contains(searchScope, "/") {
+			val, exists := registryConfigs.Docker[searchScope]
+			if exists {
+				return &val
+			}
+		}
+		for range strings.Split(scope, "/") {
+			val, exists := registryConfigs.Docker[searchScope]
+			if exists {
+				return &val
+			}
+			if strings.Contains(searchScope, "/") {
+				searchScope = searchScope[:strings.LastIndex(searchScope, "/")]
+			}
+		}
+	}
+	return registryConfigs.DefaultDocker
+}
diff --git a/pkg/trust/testdata/default.yaml b/pkg/trust/testdata/default.yaml
new file mode 100644
index 000000000..31bcd35ef
--- /dev/null
+++ b/pkg/trust/testdata/default.yaml
@@ -0,0 +1,25 @@
+# This is a default registries.d configuration file.  You may
+# add to this file or create additional files in registries.d/.
+#
+# lookaside: indicates a location that is read and write
+# lookaside-staging: indicates a location that is only for write
+#
+# lookaside and lookaside-staging take a value of the following:
+#   lookaside:  {schema}://location
+#
+# For reading signatures, schema may be http, https, or file.
+# For writing signatures, schema may only be file.
+
+# This is the default signature write location for docker registries.
+default-docker:
+#  lookaside: file:///var/lib/containers/sigstore
+  lookaside-staging: file:///var/lib/containers/sigstore
+
+# The 'docker' indicator here is the start of the configuration
+# for docker registries.
+#
+# docker:
+#
+#   privateregistry.com:
+#    lookaside: http://privateregistry.com/sigstore/
+#    lookaside-staging: /mnt/nfs/privateregistry/sigstore
diff --git a/pkg/trust/testdata/quay.io.yaml b/pkg/trust/testdata/quay.io.yaml
new file mode 100644
index 000000000..80071596d
--- /dev/null
+++ b/pkg/trust/testdata/quay.io.yaml
@@ -0,0 +1,3 @@
+docker:
+     quay.io/multi-signed:
+         lookaside: https://quay.example.com/sigstore
diff --git a/pkg/trust/testdata/redhat.yaml b/pkg/trust/testdata/redhat.yaml
new file mode 100644
index 000000000..8e40a4174
--- /dev/null
+++ b/pkg/trust/testdata/redhat.yaml
@@ -0,0 +1,5 @@
+docker:
+     registry.redhat.io:
+         sigstore: https://registry.redhat.io/containers/sigstore
+     registry.access.redhat.com:
+         sigstore: https://registry.redhat.io/containers/sigstore
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 663a1b5e2..07d144bc1 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -1,243 +1,127 @@
 package trust
 
 import (
-	"bufio"
-	"bytes"
-	"encoding/base64"
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
+	"sort"
 	"strings"
-
-	"github.com/containers/image/v5/types"
-	"github.com/docker/docker/pkg/homedir"
-	"github.com/ghodss/yaml"
-	"github.com/sirupsen/logrus"
 )
 
-// PolicyContent struct for policy.json file
-type PolicyContent struct {
-	Default    []RepoContent     `json:"default"`
-	Transports TransportsContent `json:"transports,omitempty"`
-}
-
-// RepoContent struct used under each repo
-type RepoContent struct {
-	Type           string          `json:"type"`
-	KeyType        string          `json:"keyType,omitempty"`
-	KeyPath        string          `json:"keyPath,omitempty"`
-	KeyData        string          `json:"keyData,omitempty"`
-	SignedIdentity json.RawMessage `json:"signedIdentity,omitempty"`
-}
-
-// RepoMap map repo name to policycontent for each repo
-type RepoMap map[string][]RepoContent
-
-// TransportsContent struct for content under "transports"
-type TransportsContent map[string]RepoMap
-
-// RegistryConfiguration is one of the files in registriesDirPath configuring lookaside locations, or the result of merging them all.
-// NOTE: Keep this in sync with docs/registries.d.md!
-type RegistryConfiguration struct {
-	DefaultDocker *RegistryNamespace `json:"default-docker"`
-	// The key is a namespace, using fully-expanded Docker reference format or parent namespaces (per dockerReference.PolicyConfiguration*),
-	Docker map[string]RegistryNamespace `json:"docker"`
+// Policy describes a basic trust policy configuration
+type Policy struct {
+	Transport      string   `json:"transport"`
+	Name           string   `json:"name,omitempty"`
+	RepoName       string   `json:"repo_name,omitempty"`
+	Keys           []string `json:"keys,omitempty"`
+	SignatureStore string   `json:"sigstore,omitempty"`
+	Type           string   `json:"type"`
+	GPGId          string   `json:"gpg_id,omitempty"`
 }
 
-// RegistryNamespace defines lookaside locations for a single namespace.
-type RegistryNamespace struct {
-	SigStore        string `json:"sigstore"`         // For reading, and if SigStoreStaging is not present, for writing.
-	SigStoreStaging string `json:"sigstore-staging"` // For writing only.
+// PolicyDescription returns an user-focused description of the policy in policyPath and registries.d data from registriesDirPath.
+func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error) {
+	return policyDescriptionWithGPGIDReader(policyPath, registriesDirPath, getGPGIdFromKeyPath)
 }
 
-// ShowOutput keep the fields for image trust show command
-type ShowOutput struct {
-	Repo      string
-	Trusttype string
-	GPGid     string
-	Sigstore  string
-}
-
-// systemRegistriesDirPath is the path to registries.d.
-const systemRegistriesDirPath = "/etc/containers/registries.d"
-
-// userRegistriesDir is the path to the per user registries.d.
-var userRegistriesDir = filepath.FromSlash(".config/containers/registries.d")
-
-// DefaultPolicyPath returns a path to the default policy of the system.
-func DefaultPolicyPath(sys *types.SystemContext) string {
-	systemDefaultPolicyPath := "/etc/containers/policy.json"
-	if sys != nil {
-		if sys.SignaturePolicyPath != "" {
-			return sys.SignaturePolicyPath
-		}
-		if sys.RootForImplicitAbsolutePaths != "" {
-			return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath)
-		}
-	}
-	return systemDefaultPolicyPath
-}
-
-// RegistriesDirPath returns a path to registries.d
-func RegistriesDirPath(sys *types.SystemContext) string {
-	if sys != nil && sys.RegistriesDirPath != "" {
-		return sys.RegistriesDirPath
-	}
-	userRegistriesDirPath := filepath.Join(homedir.Get(), userRegistriesDir)
-	if _, err := os.Stat(userRegistriesDirPath); err == nil {
-		return userRegistriesDirPath
+// policyDescriptionWithGPGIDReader is PolicyDescription with a gpgIDReader parameter. It exists only to make testing easier.
+func policyDescriptionWithGPGIDReader(policyPath, registriesDirPath string, idReader gpgIDReader) ([]*Policy, error) {
+	policyContentStruct, err := getPolicy(policyPath)
+	if err != nil {
+		return nil, fmt.Errorf("could not read trust policies: %w", err)
 	}
-	if sys != nil && sys.RootForImplicitAbsolutePaths != "" {
-		return filepath.Join(sys.RootForImplicitAbsolutePaths, systemRegistriesDirPath)
+	res, err := getPolicyShowOutput(policyContentStruct, registriesDirPath, idReader)
+	if err != nil {
+		return nil, fmt.Errorf("could not show trust policies: %w", err)
 	}
-
-	return systemRegistriesDirPath
+	return res, nil
 }
 
-// LoadAndMergeConfig loads configuration files in dirPath
-func LoadAndMergeConfig(dirPath string) (*RegistryConfiguration, error) {
-	mergedConfig := RegistryConfiguration{Docker: map[string]RegistryNamespace{}}
-	dockerDefaultMergedFrom := ""
-	nsMergedFrom := map[string]string{}
+func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirPath string, idReader gpgIDReader) ([]*Policy, error) {
+	var output []*Policy
 
-	dir, err := os.Open(dirPath)
+	registryConfigs, err := loadAndMergeConfig(systemRegistriesDirPath)
 	if err != nil {
-		if os.IsNotExist(err) {
-			return &mergedConfig, nil
-		}
 		return nil, err
 	}
-	configNames, err := dir.Readdirnames(0)
-	if err != nil {
-		return nil, err
-	}
-	for _, configName := range configNames {
-		if !strings.HasSuffix(configName, ".yaml") {
-			continue
-		}
-		configPath := filepath.Join(dirPath, configName)
-		configBytes, err := ioutil.ReadFile(configPath)
-		if err != nil {
-			return nil, err
+
+	if len(policyContentStruct.Default) > 0 {
+		template := Policy{
+			Transport: "all",
+			Name:      "* (default)",
+			RepoName:  "default",
 		}
-		var config RegistryConfiguration
-		err = yaml.Unmarshal(configBytes, &config)
-		if err != nil {
-			return nil, fmt.Errorf("error parsing %s: %w", configPath, err)
+		output = append(output, descriptionsOfPolicyRequirements(policyContentStruct.Default, template, registryConfigs, "", idReader)...)
+	}
+	// FIXME: This should use x/exp/maps.Keys after we update to Go 1.18.
+	transports := []string{}
+	for t := range policyContentStruct.Transports {
+		transports = append(transports, t)
+	}
+	sort.Strings(transports)
+	for _, transport := range transports {
+		transval := policyContentStruct.Transports[transport]
+		if transport == "docker" {
+			transport = "repository"
 		}
-		if config.DefaultDocker != nil {
-			if mergedConfig.DefaultDocker != nil {
-				return nil, fmt.Errorf(`error parsing signature storage configuration: "default-docker" defined both in "%s" and "%s"`,
-					dockerDefaultMergedFrom, configPath)
-			}
-			mergedConfig.DefaultDocker = config.DefaultDocker
-			dockerDefaultMergedFrom = configPath
+
+		// FIXME: This should use x/exp/maps.Keys after we update to Go 1.18.
+		scopes := []string{}
+		for s := range transval {
+			scopes = append(scopes, s)
 		}
-		for nsName, nsConfig := range config.Docker { // includes config.Docker == nil
-			if _, ok := mergedConfig.Docker[nsName]; ok {
-				return nil, fmt.Errorf(`error parsing signature storage configuration: "docker" namespace "%s" defined both in "%s" and "%s"`,
-					nsName, nsMergedFrom[nsName], configPath)
+		sort.Strings(scopes)
+		for _, repo := range scopes {
+			repoval := transval[repo]
+			template := Policy{
+				Transport: transport,
+				Name:      repo,
+				RepoName:  repo,
 			}
-			mergedConfig.Docker[nsName] = nsConfig
-			nsMergedFrom[nsName] = configPath
+			output = append(output, descriptionsOfPolicyRequirements(repoval, template, registryConfigs, repo, idReader)...)
 		}
 	}
-	return &mergedConfig, nil
+	return output, nil
 }
 
-// HaveMatchRegistry checks if trust settings for the registry have been configured in yaml file
-func HaveMatchRegistry(key string, registryConfigs *RegistryConfiguration) *RegistryNamespace {
-	searchKey := key
-	if !strings.Contains(searchKey, "/") {
-		val, exists := registryConfigs.Docker[searchKey]
-		if exists {
-			return &val
-		}
-	}
-	for range strings.Split(key, "/") {
-		val, exists := registryConfigs.Docker[searchKey]
-		if exists {
-			return &val
-		}
-		if strings.Contains(searchKey, "/") {
-			searchKey = searchKey[:strings.LastIndex(searchKey, "/")]
+// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope (which may be "") in registryConfigs.
+func descriptionsOfPolicyRequirements(reqs []repoContent, template Policy, registryConfigs *registryConfiguration, scope string, idReader gpgIDReader) []*Policy {
+	res := []*Policy{}
+
+	var lookasidePath string
+	registryNamespace := registriesDConfigurationForScope(registryConfigs, scope)
+	if registryNamespace != nil {
+		if registryNamespace.Lookaside != "" {
+			lookasidePath = registryNamespace.Lookaside
+		} else { // incl. registryNamespace.SigStore == ""
+			lookasidePath = registryNamespace.SigStore
 		}
 	}
-	return registryConfigs.DefaultDocker
-}
-
-// CreateTmpFile creates a temp file under dir and writes the content into it
-func CreateTmpFile(dir, pattern string, content []byte) (string, error) {
-	tmpfile, err := ioutil.TempFile(dir, pattern)
-	if err != nil {
-		return "", err
-	}
-	defer tmpfile.Close()
-
-	if _, err := tmpfile.Write(content); err != nil {
-		return "", err
-	}
-	return tmpfile.Name(), nil
-}
-
-// GetGPGIdFromKeyPath return user keyring from key path
-func GetGPGIdFromKeyPath(path string) []string {
-	cmd := exec.Command("gpg2", "--with-colons", path)
-	results, err := cmd.Output()
-	if err != nil {
-		logrus.Errorf("Getting key identity: %s", err)
-		return nil
-	}
-	return parseUids(results)
-}
 
-// GetGPGIdFromKeyData return user keyring from keydata
-func GetGPGIdFromKeyData(key string) []string {
-	decodeKey, err := base64.StdEncoding.DecodeString(key)
-	if err != nil {
-		logrus.Errorf("%s, error decoding key data", err)
-		return nil
-	}
-	tmpfileName, err := CreateTmpFile("", "", decodeKey)
-	if err != nil {
-		logrus.Errorf("Creating key date temp file %s", err)
-	}
-	defer os.Remove(tmpfileName)
-	return GetGPGIdFromKeyPath(tmpfileName)
-}
+	for _, repoele := range reqs {
+		entry := template
+		entry.Type = trustTypeDescription(repoele.Type)
 
-func parseUids(colonDelimitKeys []byte) []string {
-	var parseduids []string
-	scanner := bufio.NewScanner(bytes.NewReader(colonDelimitKeys))
-	for scanner.Scan() {
-		line := scanner.Text()
-		if strings.HasPrefix(line, "uid:") || strings.HasPrefix(line, "pub:") {
-			uid := strings.Split(line, ":")[9]
-			if uid == "" {
-				continue
+		var gpgIDString string
+		switch repoele.Type {
+		case "signedBy":
+			uids := []string{}
+			if len(repoele.KeyPath) > 0 {
+				uids = append(uids, idReader(repoele.KeyPath)...)
 			}
-			parseduid := uid
-			if strings.Contains(uid, "<") && strings.Contains(uid, ">") {
-				parseduid = strings.SplitN(strings.SplitAfterN(uid, "<", 2)[1], ">", 2)[0]
+			for _, path := range repoele.KeyPaths {
+				uids = append(uids, idReader(path)...)
 			}
-			parseduids = append(parseduids, parseduid)
+			if len(repoele.KeyData) > 0 {
+				uids = append(uids, getGPGIdFromKeyData(idReader, repoele.KeyData)...)
+			}
+			gpgIDString = strings.Join(uids, ", ")
+
+		case "sigstoreSigned":
+			gpgIDString = "N/A" // We could potentially return key fingerprints here, but they would not be _GPG_ fingerprints.
 		}
+		entry.GPGId = gpgIDString
+		entry.SignatureStore = lookasidePath // We do this even for sigstoreSigned and things like type: reject, to show that the sigstore is being read.
+		res = append(res, &entry)
 	}
-	return parseduids
-}
 
-// GetPolicy parse policy.json into PolicyContent struct
-func GetPolicy(policyPath string) (PolicyContent, error) {
-	var policyContentStruct PolicyContent
-	policyContent, err := ioutil.ReadFile(policyPath)
-	if err != nil {
-		return policyContentStruct, fmt.Errorf("unable to read policy file: %w", err)
-	}
-	if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
-		return policyContentStruct, fmt.Errorf("could not parse trust policies from %s: %w", policyPath, err)
-	}
-	return policyContentStruct, nil
+	return res
 }
diff --git a/pkg/trust/trust_test.go b/pkg/trust/trust_test.go
new file mode 100644
index 000000000..22b780fc9
--- /dev/null
+++ b/pkg/trust/trust_test.go
@@ -0,0 +1,376 @@
+package trust
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/containers/image/v5/signature"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPolicyDescription(t *testing.T) {
+	tempDir := t.TempDir()
+	policyPath := filepath.Join(tempDir, "policy.json")
+
+	// Override getGPGIdFromKeyPath because we don't want to bother with (and spend the unit-test time on) generating valid GPG keys, and running the real GPG binary.
+	// Instead of reading the files at all, just expect file names like /id1,id2,...,idN.pub
+	idReader := func(keyPath string) []string {
+		require.True(t, strings.HasPrefix(keyPath, "/"))
+		require.True(t, strings.HasSuffix(keyPath, ".pub"))
+		return strings.Split(keyPath[1:len(keyPath)-4], ",")
+	}
+
+	for _, c := range []struct {
+		policy   *signature.Policy
+		expected []*Policy
+	}{
+		{
+			&signature.Policy{
+				Default: signature.PolicyRequirements{
+					signature.NewPRReject(),
+				},
+				Transports: map[string]signature.PolicyTransportScopes{
+					"docker": {
+						"quay.io/accepted": {
+							signature.NewPRInsecureAcceptAnything(),
+						},
+						"registry.redhat.io": {
+							xNewPRSignedByKeyPath(t, "/redhat.pub", signature.NewPRMMatchRepoDigestOrExact()),
+						},
+						"registry.access.redhat.com": {
+							xNewPRSignedByKeyPaths(t, []string{"/redhat.pub", "/redhat-beta.pub"}, signature.NewPRMMatchRepoDigestOrExact()),
+						},
+						"quay.io/multi-signed": {
+							xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+							xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()),
+						},
+						"quay.io/sigstore-signed": {
+							xNewPRSigstoreSignedKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+							xNewPRSigstoreSignedKeyPath(t, "/2.pub", signature.NewPRMMatchRepoDigestOrExact()),
+						},
+					},
+				},
+			},
+			[]*Policy{
+				{
+					Transport: "all",
+					Name:      "* (default)",
+					RepoName:  "default",
+					Type:      "reject",
+				},
+				{
+					Transport: "repository",
+					Name:      "quay.io/accepted",
+					RepoName:  "quay.io/accepted",
+					Type:      "accept",
+				},
+				{
+					Transport:      "repository",
+					Name:           "quay.io/multi-signed",
+					RepoName:       "quay.io/multi-signed",
+					Type:           "signed",
+					SignatureStore: "https://quay.example.com/sigstore",
+					GPGId:          "1",
+				},
+				{
+					Transport:      "repository",
+					Name:           "quay.io/multi-signed",
+					RepoName:       "quay.io/multi-signed",
+					Type:           "signed",
+					SignatureStore: "https://quay.example.com/sigstore",
+					GPGId:          "2, 3",
+				},
+				{
+					Transport:      "repository",
+					Name:           "quay.io/sigstore-signed",
+					RepoName:       "quay.io/sigstore-signed",
+					Type:           "sigstoreSigned",
+					SignatureStore: "",
+					GPGId:          "N/A",
+				},
+				{
+					Transport:      "repository",
+					Name:           "quay.io/sigstore-signed",
+					RepoName:       "quay.io/sigstore-signed",
+					Type:           "sigstoreSigned",
+					SignatureStore: "",
+					GPGId:          "N/A",
+				},
+				{
+					Transport:      "repository",
+					Name:           "registry.access.redhat.com",
+					RepoName:       "registry.access.redhat.com",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "redhat, redhat-beta",
+				}, {
+					Transport:      "repository",
+					Name:           "registry.redhat.io",
+					RepoName:       "registry.redhat.io",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "redhat",
+				},
+			},
+		},
+		{
+			&signature.Policy{
+				Default: signature.PolicyRequirements{
+					xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+					xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				},
+			},
+			[]*Policy{
+				{
+					Transport:      "all",
+					Name:           "* (default)",
+					RepoName:       "default",
+					Type:           "signed",
+					SignatureStore: "",
+					GPGId:          "1",
+				},
+				{
+					Transport:      "all",
+					Name:           "* (default)",
+					RepoName:       "default",
+					Type:           "signed",
+					SignatureStore: "",
+					GPGId:          "2, 3",
+				},
+			},
+		},
+	} {
+		policyJSON, err := json.Marshal(c.policy)
+		require.NoError(t, err)
+		err = os.WriteFile(policyPath, policyJSON, 0600)
+		require.NoError(t, err)
+
+		res, err := policyDescriptionWithGPGIDReader(policyPath, "./testdata", idReader)
+		require.NoError(t, err)
+		assert.Equal(t, c.expected, res)
+	}
+}
+
+func TestDescriptionsOfPolicyRequirements(t *testing.T) {
+	// Override getGPGIdFromKeyPath because we don't want to bother with (and spend the unit-test time on) generating valid GPG keys, and running the real GPG binary.
+	// Instead of reading the files at all, just expect file names like /id1,id2,...,idN.pub
+	idReader := func(keyPath string) []string {
+		require.True(t, strings.HasPrefix(keyPath, "/"))
+		require.True(t, strings.HasSuffix(keyPath, ".pub"))
+		return strings.Split(keyPath[1:len(keyPath)-4], ",")
+	}
+
+	template := Policy{
+		Transport: "transport",
+		Name:      "name",
+		RepoName:  "repoName",
+	}
+	registryConfigs, err := loadAndMergeConfig("./testdata")
+	require.NoError(t, err)
+
+	for _, c := range []struct {
+		scope    string
+		reqs     signature.PolicyRequirements
+		expected []*Policy
+	}{
+		{
+			"",
+			signature.PolicyRequirements{
+				signature.NewPRReject(),
+			},
+			[]*Policy{
+				{
+					Transport: "transport",
+					Name:      "name",
+					RepoName:  "repoName",
+					Type:      "reject",
+				},
+			},
+		},
+		{
+			"quay.io/accepted",
+			signature.PolicyRequirements{
+				signature.NewPRInsecureAcceptAnything(),
+			},
+			[]*Policy{
+				{
+					Transport: "transport",
+					Name:      "name",
+					RepoName:  "repoName",
+					Type:      "accept",
+				},
+			},
+		},
+		{
+			"registry.redhat.io",
+			signature.PolicyRequirements{
+				xNewPRSignedByKeyPath(t, "/redhat.pub", signature.NewPRMMatchRepoDigestOrExact()),
+			},
+			[]*Policy{
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "redhat",
+				},
+			},
+		},
+		{
+			"registry.access.redhat.com",
+			signature.PolicyRequirements{
+				xNewPRSignedByKeyPaths(t, []string{"/redhat.pub", "/redhat-beta.pub"}, signature.NewPRMMatchRepoDigestOrExact()),
+			},
+			[]*Policy{
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "redhat, redhat-beta",
+				},
+			},
+		},
+		{
+			"quay.io/multi-signed",
+			signature.PolicyRequirements{
+				xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()),
+			},
+			[]*Policy{
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://quay.example.com/sigstore",
+					GPGId:          "1",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://quay.example.com/sigstore",
+					GPGId:          "2, 3",
+				},
+			},
+		}, {
+			"quay.io/sigstore-signed",
+			signature.PolicyRequirements{
+				xNewPRSigstoreSignedKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				xNewPRSigstoreSignedKeyPath(t, "/2.pub", signature.NewPRMMatchRepoDigestOrExact()),
+			},
+			[]*Policy{
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "sigstoreSigned",
+					SignatureStore: "",
+					GPGId:          "N/A",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "sigstoreSigned",
+					SignatureStore: "",
+					GPGId:          "N/A",
+				},
+			},
+		},
+		{ // Multiple kinds of requirements are represented individually.
+			"registry.redhat.io",
+			signature.PolicyRequirements{
+				signature.NewPRReject(),
+				signature.NewPRInsecureAcceptAnything(),
+				xNewPRSignedByKeyPath(t, "/redhat.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				xNewPRSignedByKeyPaths(t, []string{"/redhat.pub", "/redhat-beta.pub"}, signature.NewPRMMatchRepoDigestOrExact()),
+				xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				xNewPRSigstoreSignedKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				xNewPRSigstoreSignedKeyPath(t, "/2.pub", signature.NewPRMMatchRepoDigestOrExact()),
+			},
+			[]*Policy{
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					Type:           "reject",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					Type:           "accept",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "redhat",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "redhat, redhat-beta",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "1",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "signed",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "2, 3",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "sigstoreSigned",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "N/A",
+				},
+				{
+					Transport:      "transport",
+					Name:           "name",
+					RepoName:       "repoName",
+					Type:           "sigstoreSigned",
+					SignatureStore: "https://registry.redhat.io/containers/sigstore",
+					GPGId:          "N/A",
+				},
+			},
+		},
+	} {
+		reqsJSON, err := json.Marshal(c.reqs)
+		require.NoError(t, err)
+		var parsedRegs []repoContent
+		err = json.Unmarshal(reqsJSON, &parsedRegs)
+		require.NoError(t, err)
+
+		res := descriptionsOfPolicyRequirements(parsedRegs, template, registryConfigs, c.scope, idReader)
+		assert.Equal(t, c.expected, res)
+	}
+}
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index 33c11d611..87e403986 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -342,7 +342,7 @@ func ParseSignal(rawSignal string) (syscall.Signal, error) {
 }
 
 // GetKeepIDMapping returns the mappings and the user to use when keep-id is used
-func GetKeepIDMapping() (*stypes.IDMappingOptions, int, int, error) {
+func GetKeepIDMapping(opts *namespaces.KeepIDUserNsOptions) (*stypes.IDMappingOptions, int, int, error) {
 	if !rootless.IsRootless() {
 		return nil, -1, -1, errors.New("keep-id is only supported in rootless mode")
 	}
@@ -359,6 +359,12 @@ func GetKeepIDMapping() (*stypes.IDMappingOptions, int, int, error) {
 
 	uid := rootless.GetRootlessUID()
 	gid := rootless.GetRootlessGID()
+	if opts.UID != nil {
+		uid = int(*opts.UID)
+	}
+	if opts.GID != nil {
+		gid = int(*opts.GID)
+	}
 
 	uids, gids, err := rootless.GetConfiguredMappings()
 	if err != nil {
diff --git a/pkg/util/utils_freebsd.go b/pkg/util/utils_freebsd.go
new file mode 100644
index 000000000..9b0d7c8c7
--- /dev/null
+++ b/pkg/util/utils_freebsd.go
@@ -0,0 +1,18 @@
+//go:build freebsd
+// +build freebsd
+
+package util
+
+import (
+	"errors"
+
+	"github.com/opencontainers/runtime-tools/generate"
+)
+
+func GetContainerPidInformationDescriptors() ([]string, error) {
+	return []string{}, errors.New("this function is not supported on freebsd")
+}
+
+func AddPrivilegedDevices(g *generate.Generator) error {
+	return nil
+}
diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
index e2d9e3e89..7b2d98666 100644
--- a/pkg/util/utils_linux.go
+++ b/pkg/util/utils_linux.go
@@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -119,7 +118,7 @@ func AddPrivilegedDevices(g *generate.Generator) error {
 
 // based on getDevices from runc (libcontainer/devices/devices.go)
 func getDevices(path string) ([]spec.LinuxDevice, error) {
-	files, err := ioutil.ReadDir(path)
+	files, err := os.ReadDir(path)
 	if err != nil {
 		if rootless.IsRootless() && os.IsPermission(err) {
 			return nil, nil
@@ -146,7 +145,7 @@ func getDevices(path string) ([]spec.LinuxDevice, error) {
 			}
 		case f.Name() == "console":
 			continue
-		case f.Mode()&os.ModeSymlink != 0:
+		case f.Type()&os.ModeSymlink != 0:
 			continue
 		}
 
diff --git a/pkg/util/utils_unsupported.go b/pkg/util/utils_unsupported.go
index 3a0f8646b..26fb7adf9 100644
--- a/pkg/util/utils_unsupported.go
+++ b/pkg/util/utils_unsupported.go
@@ -1,5 +1,5 @@
-//go:build darwin || windows
-// +build darwin windows
+//go:build darwin || windows || freebsd
+// +build darwin windows freebsd
 
 package util
 
diff --git a/podman.spec.rpkg b/podman.spec.rpkg
index 7068c9745..f970e5f25 100644
--- a/podman.spec.rpkg
+++ b/podman.spec.rpkg
@@ -5,6 +5,11 @@
 
 %global with_debug 1
 
+# _user_tmpfiles.d currently undefined on rhel
+%if 0%{?rhel}
+%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d
+%endif
+
 %if 0%{?with_debug}
 %global _find_debuginfo_dwz_opts %{nil}
 %global _dwz_low_mem_die_limit 0
@@ -59,6 +64,7 @@ BuildRequires: go-rpm-macros
 %endif
 %if 0%{?rhel} <= 8
 BuildRequires: pkgconfig(devmapper)
+BuildRequires: python3
 %endif
 BuildRequires: gpgme-devel
 BuildRequires: libassuan-devel
@@ -232,6 +238,7 @@ done
 %{_userunitdir}/%{name}-restart.service
 %{_userunitdir}/%{name}-kube@.service
 %{_tmpfilesdir}/%{name}.conf
+%{_user_tmpfilesdir}/%{name}-docker.conf
 %if 0%{?fedora} >= 36
 %{_modulesloaddir}/%{name}-iptables.conf
 %endif
diff --git a/test/README.md b/test/README.md
index 769bdbfd7..b44deadaf 100644
--- a/test/README.md
+++ b/test/README.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 # Test utils
 Test utils provide common functions and structs for testing. It includes two structs:
 * `PodmanTest`: Handle the *podman* command and other global resources like temporary
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index f03b95786..3ffc6f738 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -203,7 +203,7 @@ t POST "build?dockerfile=containerfile" $CONTAINERFILE_TAR application/json 200
 
 # Libpod: allow building from url: https://github.com/alpinelinux/docker-alpine.git and must ignore any provided tar
 t POST "libpod/build?remote=https%3A%2F%2Fgithub.com%2Falpinelinux%2Fdocker-alpine.git" $CONTAINERFILE_TAR 200 \
-  .stream~"STEP 1/5: FROM alpine:3.14"
+  .stream~"STEP 1/5: FROM alpine:"
 
 # Build api response header must contain Content-type: application/json
 t POST "build?dockerfile=containerfile" $CONTAINERFILE_TAR application/json 200
@@ -227,16 +227,36 @@ t GET libpod/images/quay.io/libpod/busybox:latest/exists  204
 
 CONTAINERFILE_WITH_ERR_TAR="${TMPD}/containerfile.tar"
 cat > $TMPD/containerfile << EOF
-FROM quay.io/fedora/fedora
+FROM $IMAGE
 RUN echo 'some error' >&2
 EOF
 tar --format=posix -C $TMPD -cvf ${CONTAINERFILE_WITH_ERR_TAR} containerfile &> /dev/null
-t POST "build?q=1&dockerfile=containerfile" $CONTAINERFILE_WITH_ERR_TAR 200
-response_output=$(cat "$WORKDIR/curl.result.out")
-if [[ ${response_output} == *"some error"* ]];then
-    _show_ok 0 "compat quiet build" "~ $response_output" "found output from stderr in API"
+t POST "/build?q=1&dockerfile=containerfile" $CONTAINERFILE_WITH_ERR_TAR 200
+if [[ $output == *"some error"* ]];then
+    _show_ok 0 "compat quiet build" "[should not contain 'some error']" "$output"
+else
+    _show_ok 1 "compat quiet build"
 fi
 
 cleanBuildTest
 
+# compat API vs libpod API event differences:
+# on image removal, libpod produces 'remove' events.
+# compat produces 'delete' events.
+podman image build -t test:test -<<EOF
+from $IMAGE
+EOF
+
+START=$(date +%s)
+
+t DELETE libpod/images/test:test 200
+# HACK HACK HACK There is a race around events being added to the journal
+# This sleep seems to avoid the race.
+# If it fails and begins to flake, investigate a retry loop.
+sleep 1
+t GET "libpod/events?stream=false&since=$START"  200  \
+  'select(.status | contains("remove")).Action=remove'
+t GET "events?stream=false&since=$START"  200  \
+  'select(.status | contains("delete")).Action=delete'
+
 # vim: filetype=sh
diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at
index 498d67569..eb58b8377 100644
--- a/test/apiv2/12-imagesMore.at
+++ b/test/apiv2/12-imagesMore.at
@@ -3,9 +3,6 @@
 # Tests for more image-related endpoints
 #
 
-red='\e[31m'
-nc='\e[0m'
-
 start_registry
 
 podman pull -q $IMAGE
@@ -63,7 +60,9 @@ podman pull -q $IMAGE
 
 # test podman image SCP
 # ssh needs to work so we can validate that the failure is past argument parsing
-podman system connection add --default test ssh://$USER@localhost/run/user/$UID/podman/podman.sock
+conn=apiv2test-temp-connection
+podman system connection add --default $conn \
+       ssh://$USER@localhost/run/user/$UID/podman/podman.sock
 # should fail but need to check the output...
 # status 125 here means that the save/load fails due to
 # cirrus weirdness with exec.Command. All of the args have been parsed successfully.
@@ -72,4 +71,7 @@ t POST "libpod/images/scp/$IMAGE?destination=QA::" 500 \
 t DELETE libpod/images/$IMAGE 200 \
   .ExitCode=0
 
+# Clean up
+podman system connection rm $conn
+
 stop_registry
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index a8d9baef3..cc238e27e 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -98,6 +98,12 @@ else
     fi
 fi
 
+# max_usage is not set for cgroupv2
+if have_cgroupsv2; then
+    t GET libpod/containers/stats?containers='[$cid]' 200 \
+    .memory_stats.max_usage=null
+fi
+
 t DELETE libpod/containers/$cid 200 .[0].Id=$cid
 
 # Issue #14676: make sure the stats show the memory limit specified for the container
@@ -111,6 +117,17 @@ if root; then
     podman rm -f $CTRNAME
 fi
 
+# Issue #15765: make sure the memory limit is capped
+if root; then
+    CTRNAME=ctr-with-limit
+    podman run --name $CTRNAME -d -m 512m -v /tmp:/tmp $IMAGE top
+
+    t GET libpod/containers/$CTRNAME/stats?stream=false 200 \
+    .memory_stats.limit!=18446744073709552000
+
+    podman rm -f $CTRNAME
+fi
+
 # Issue #6799: it should be possible to start a container, even w/o args.
 t POST libpod/containers/create?name=test_noargs Image=${IMAGE} 201 \
   .Id~[0-9a-f]\\{64\\}
@@ -309,7 +326,9 @@ t POST containers/create Image=${MultiTagName} 201 \
   .Id~[0-9a-f]\\{64\\}
 cid=$(jq -r '.Id' <<<"$output")
 t GET containers/$cid/json 200 \
-  .Image=${MultiTagName}
+  .Config.Image=${MultiTagName} \
+  .Image~sha256:[0-9a-f]\\{64\\}
+
 t DELETE containers/$cid 204
 t DELETE images/${MultiTagName} 200
 # vim: filetype=sh
@@ -527,3 +546,39 @@ t GET containers/status-test/json 200 .State.Status="stopping"
 
 sleep 3
 t GET containers/status-test/json 200 .State.Status="exited"
+
+# test podman generate spec as input for the api
+cname=specgen$(random_string 10)
+podman create --name=$cname $IMAGE
+
+TMPD=$(mktemp -d podman-apiv2-test.build.XXXXXXXX)
+
+podman generate spec -f ${TMPD}/myspec.json -c $cname
+
+# Create a container based on that spec
+t POST libpod/containers/create ${TMPD}/myspec.json 201 \
+  .Id~[0-9a-f]\\{64\\}
+
+# Verify
+t GET libpod/containers/$cname/json 200 \
+  .ImageName=$IMAGE \
+  .Name=$cname
+
+if root; then
+  podman run -dt --name=updateCtr alpine
+  echo '{"Memory":{"Limit":500000}, "CPU":{"Shares":123}}' >${TMPD}/update.json
+  t POST libpod/containers/updateCtr/update ${TMPD}/update.json 201
+
+  # Verify
+  echo '{ "AttachStdout":true,"Cmd":["cat","/sys/fs/cgroup/cpu.weight"]}' >${TMPD}/exec.json
+  t POST containers/updateCtr/exec ${TMPD}/exec.json 201 .Id~[0-9a-f]\\{64\\}
+  eid=$(jq -r '.Id' <<<"$output")
+  # 002 is the byte length
+  t POST exec/$eid/start 200 $'\001\0025'
+
+  podman rm -f updateCtr
+fi
+
+rm -rf $TMPD
+
+podman container rm -fa
diff --git a/test/apiv2/23-containersArchive.at b/test/apiv2/23-containersArchive.at
index c55164780..c1b936e3a 100644
--- a/test/apiv2/23-containersArchive.at
+++ b/test/apiv2/23-containersArchive.at
@@ -3,22 +3,31 @@
 # test more container-related endpoints
 #
 
-red='\e[31m'
-nc='\e[0m'
-
 podman pull $IMAGE &>/dev/null
 
 # Ensure clean slate
 podman rm -a -f &>/dev/null
 
-CTR="ArchiveTestingCtr"
+CTR="ArchiveTestingCtr$(random_string 5)"
 
 TMPD=$(mktemp -d podman-apiv2-test.archive.XXXXXXXX)
 HELLO_TAR="${TMPD}/hello.tar"
-echo "Hello" > $TMPD/hello.txt
+HELLO_S="Hello_$(random_string 8)"
+echo "$HELLO_S" > $TMPD/hello.txt
 tar --owner=1042 --group=1043 --format=posix -C $TMPD -cvf ${HELLO_TAR} hello.txt &> /dev/null
 
+# Start a container, and wait for it. (I know we don't actually do anything
+# if we time out. If we do, subsequent tests will fail. I just want to avoid
+# a race between container-start and tests-start)
 podman run -d --name "${CTR}" "${IMAGE}" top
+timeout=10
+while [[ $timeout -gt 0 ]]; do
+    if podman container exists "${CTR}"; then
+        break
+    fi
+    timeout=$((timeout - 1))
+    sleep 1
+done
 
 function cleanUpArchiveTest() {
     podman container stop "${CTR}" &> /dev/null
@@ -30,63 +39,47 @@ t HEAD "containers/nonExistentCtr/archive?path=%2F" 404
 t HEAD "containers/${CTR}/archive?path=%2Fnon%2Fexistent%2Fpath" 404
 t HEAD "containers/${CTR}/archive?path=%2Fetc%2Fpasswd" 200
 
-curl "http://$HOST:$PORT/containers/${CTR}/archive?path=%2Ftmp%2F" \
-  -X PUT \
-  -H "Content-Type: application/x-tar" \
-  --upload-file "${HELLO_TAR}" &> /dev/null
+# Send tarfile to container...
+t PUT "/containers/${CTR}/archive?path=%2Ftmp%2F" ${HELLO_TAR} 200 ''
 
-if ! podman exec -it "${CTR}" "grep" "Hello" "/tmp/hello.txt" &> /dev/null ; then
-  echo -e "${red}NOK: The hello.txt file has not been uploaded.${nc}"  1>&2;
-  cleanUpArchiveTest
-  exit 1
-fi
+# ...and 'exec cat file' to confirm that it got extracted into place.
+cat >$TMPD/exec.json <<EOF
+{ "AttachStdout":true,"Cmd":["cat","/tmp/hello.txt"]}
+EOF
+t POST containers/${CTR}/exec $TMPD/exec.json 201 .Id~[0-9a-f]\\{64\\}
+eid=$(jq -r '.Id' <<<"$output")
+# The 017 is the byte length
+t POST exec/$eid/start 200 $'\001\017'$HELLO_S
 
+# Now fetch hello.txt back as a tarfile
 t HEAD "containers/${CTR}/archive?path=%2Ftmp%2Fhello.txt" 200
+t GET  "containers/${CTR}/archive?path=%2Ftmp%2Fhello.txt" 200
 
-curl "http://$HOST:$PORT/containers/${CTR}/archive?path=%2Ftmp%2Fhello.txt" \
-  --dump-header "${TMPD}/headers.txt" \
-  -o "${TMPD}/body.tar" \
-  -X GET &> /dev/null
-
-PATH_STAT="$(grep X-Docker-Container-Path-Stat "${TMPD}/headers.txt" | cut -d " " -f 2 | base64 -d --ignore-garbage)"
-
-ARCHIVE_TEST_ERROR=""
+# Check important-looking header
+PATH_STAT="$(grep X-Docker-Container-Path-Stat "$WORKDIR/curl.headers.out" | cut -d " " -f 2 | base64 -d --ignore-garbage)"
 
-if [ "$(echo "${PATH_STAT}" | jq ".name")" != '"hello.txt"' ]; then
-  echo -e "${red}NOK: Wrong name in X-Docker-Container-Path-Stat header.${nc}"  1>&2;
-  ARCHIVE_TEST_ERROR="1"
-fi
+is "$(jq -r .name <<<$PATH_STAT)" "hello.txt" "Docker-Path-Stat .name"
+is "$(jq -r .size <<<$PATH_STAT)" "15"        "Docker-Path-Stat .size"
 
-if [ "$(echo "${PATH_STAT}" | jq ".size")" != "6" ]; then
-  echo -e "${red}NOK: Wrong size in X-Docker-Container-Path-Stat header.${nc}"  1>&2;
-  ARCHIVE_TEST_ERROR="1"
-fi
+# Check filename and its contents
+tar_tf=$(tar tf $WORKDIR/curl.result.out)
+is "$tar_tf" "hello.txt" "fetched tarball: file name"
 
-if ! tar -tf "${TMPD}/body.tar" | grep "hello.txt" &> /dev/null; then
-  echo -e "${red}NOK: Body doesn't contain expected file.${nc}"  1>&2;
-  ARCHIVE_TEST_ERROR="1"
-fi
+tar_contents=$(tar xf $WORKDIR/curl.result.out --to-stdout)
+is "$tar_contents" "$HELLO_S" "fetched tarball: file contents"
 
-if [ "$(tar -xf "${TMPD}/body.tar" hello.txt  --to-stdout)" != "Hello" ]; then
-  echo -e "${red}NOK: Content of file doesn't match.${nc}" 1>&2;
-  ARCHIVE_TEST_ERROR="1"
-fi
+# TODO: uid/gid should be also preserved on way back (GET request)
+# right now it ends up as 0/0 instead of 1042/1043
+tar_uidgid=$(tar tvf $WORKDIR/curl.result.out | awk '{print $2}')
+is "$tar_uidgid" "0/0" "fetched tarball: file uid/gid"
 
-# test if uid/gid was set correctly in the server
-uidngid=$($PODMAN_BIN --root $WORKDIR/server_root exec "${CTR}" stat -c "%u:%g" "/tmp/hello.txt")
-if [[ "${uidngid}" != "1042:1043" ]]; then
-  echo -e "${red}NOK: UID/GID of the file doesn't match.${nc}" 1>&2;
-  ARCHIVE_TEST_ERROR="1"
-fi
+# test if uid/gid was set correctly in the server. Again, via exec.
+cat >$TMPD/exec.json <<EOF
+{ "AttachStdout":true,"Cmd":["stat","-c","%u:%g","/tmp/hello.txt"]}
+EOF
 
-# TODO: uid/gid should be also preserved on way back (GET request)
-# right now it ends up as root:root instead of 1042:1043
-#if [[ "$(tar -tvf "${TMPD}/body.tar")" != *"1042/1043"* ]]; then
-#  echo -e "${red}NOK: UID/GID of the file doesn't match.${nc}" 1>&2;
-#  ARCHIVE_TEST_ERROR="1"
-#fi
+t POST containers/${CTR}/exec $TMPD/exec.json 201 .Id~[0-9a-f]\\{64\\}
+eid=$(jq -r '.Id' <<<"$output")
+t POST exec/$eid/start 200 $'\001\012'1042:1043
 
 cleanUpArchiveTest
-if [[ "${ARCHIVE_TEST_ERROR}" ]] ; then
-  exit 1;
-fi
diff --git a/test/apiv2/26-containersWait.at b/test/apiv2/26-containersWait.at
index 55bcd4592..41938d567 100644
--- a/test/apiv2/26-containersWait.at
+++ b/test/apiv2/26-containersWait.at
@@ -3,9 +3,6 @@
 # test more container-related endpoints
 #
 
-red='\e[31m'
-nc='\e[0m'
-
 podman pull "${IMAGE}" &>/dev/null
 
 # Ensure clean slate
@@ -21,29 +18,29 @@ t POST "containers/${CTR}/wait?condition=non-existent-cond" 400
 
 t POST "containers/${CTR}/wait?condition=not-running" 200
 
+# Test waiting for EXIT (need to start a background trigger first)
+(sleep 2;podman start "${CTR}") &
+child_pid=$!
+
+# This will block until the background job completes
 t POST "containers/${CTR}/wait?condition=next-exit" 200 \
   .StatusCode=0 \
-  .Error=null &
-child_pid=$!
-podman start "${CTR}"
+  .Error=null
 wait "${child_pid}"
 
-
-# check if headers are sent in advance before body
-WAIT_TEST_ERROR=""
-curl -I -X POST "http://$HOST:$PORT/containers/${CTR}/wait?condition=next-exit" &> "/dev/null" &
-child_pid=$!
-sleep 0.5
-if kill -2 "${child_pid}" 2> "/dev/null"; then
-  echo -e "${red}NOK: Failed to get response headers immediately.${nc}"  1>&2;
-  WAIT_TEST_ERROR="1"
+# Test that headers are sent before body. (We should actually never get a body)
+APIV2_TEST_EXPECT_TIMEOUT=2 t POST "containers/${CTR}/wait?condition=next-exit" 999
+like "$(<$WORKDIR/curl.headers.out)" ".*HTTP.* 200 OK.*" \
+     "Received headers from /wait"
+if [[ -e $WORKDIR/curl.result.out ]]; then
+    _show_ok 0 "UNEXPECTED: curl on /wait returned results"
 fi
 
-t POST "containers/${CTR}/wait?condition=removed" 200 &
+# Test waiting for REMOVE. Like above, start a background trigger.
+(sleep 2;podman container rm "${CTR}") &
 child_pid=$!
-podman container rm "${CTR}"
-wait "${child_pid}"
 
-if [[ "${WAIT_TEST_ERROR}" ]] ; then
-  exit 1;
-fi
+t POST "containers/${CTR}/wait?condition=removed" 200 \
+  .StatusCode=0 \
+  .Error=null
+wait "${child_pid}"
diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at
index 80724a8d9..0e0f1cb18 100644
--- a/test/apiv2/40-pods.at
+++ b/test/apiv2/40-pods.at
@@ -134,6 +134,20 @@ t GET libpod/pods/json?filters='{"label":["testl' 400 \
 t DELETE  libpod/pods/foo 200
 t DELETE "libpod/pods/foo (pod has already been deleted)" 404
 
-t_timeout 5 GET "libpod/pods/stats?stream=true&delay=1" 200
+# Expect this to time out
+APIV2_TEST_EXPECT_TIMEOUT=5 t GET "libpod/pods/stats?stream=true&delay=1" 999
+
+podman pod create --name=specgen
+
+TMPD=$(mktemp -d podman-apiv2-test.build.XXXXXXXX)
+
+podman generate spec -f ${TMPD}/myspec.json -c specgen
+
+t POST libpod/pods/create ${TMPD}/myspec.json 201 \
+  .Id~[0-9a-f]\\{64\\}
+
+rm -rf $TMPD
+
+podman pod rm -fa
 
 # vim: filetype=sh
diff --git a/test/apiv2/45-system.at b/test/apiv2/45-system.at
index 364b87c56..096df5516 100644
--- a/test/apiv2/45-system.at
+++ b/test/apiv2/45-system.at
@@ -25,6 +25,24 @@ t GET system/df 200 '.Volumes[0].Name=foo1'
 
 t GET libpod/system/df 200 '.Volumes[0].VolumeName=foo1'
 
+# Verify that no containers reference the volume
+t GET system/df 200 '.Volumes[0].UsageData.RefCount=0'
+
+# Make a container using the volume
+podman pull $IMAGE &>/dev/null
+t POST containers/create Image=$IMAGE Volumes='{"/test":{}}' HostConfig='{"Binds":["foo1:/test"]}' 201 \
+  .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+
+# Verify that one container references the volume
+t GET system/df 200 '.Volumes[0].UsageData.RefCount=1'
+
+# Remove the container
+t DELETE containers/$cid?v=true 204
+
+# Verify that no containers reference the volume
+t GET system/df 200 '.Volumes[0].UsageData.RefCount=0'
+
 # Create two more volumes to test pruneing
 t POST libpod/volumes/create \
   Name=foo2 \
diff --git a/test/apiv2/70-short-names.at b/test/apiv2/70-short-names.at
index bd7f8e7bd..952dd2ad1 100644
--- a/test/apiv2/70-short-names.at
+++ b/test/apiv2/70-short-names.at
@@ -9,7 +9,7 @@ t POST "images/create?fromImage=quay.io/libpod/alpine:latest" 200 .error~null .s
 # 14291 - let a short-name resolve to a *local* non Docker-Hub image.
 t POST containers/create Image=alpine 201 .Id~[0-9a-f]\\{64\\}
 cid=$(jq -r '.Id' <<<"$output")
-t GET containers/$cid/json 200 .Image="quay.io/libpod/alpine:latest"
+t GET containers/$cid/json 200 .Config.Image="quay.io/libpod/alpine:latest" .Image~sha256:[0-9a-f]\\{64\\}
 podman rm -f $cid
 
 ########## TAG
@@ -33,18 +33,8 @@ RUN  touch /foo
 EOF
     tar --format=posix -C $TMPD -cvf ${CONTAINERFILE_TAR} containerfile &> /dev/null
 
-    curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
-        -H "content-type: application/x-tar" \
-        --dump-header "${TMPD}/headers.txt" \
-        -o "${TMPD}/response.txt" \
-        "http://$HOST:$PORT/build?dockerfile=containerfile&t=$tag" &> /dev/null
-
-    if ! grep -q '200 OK' "${TMPD}/headers.txt"; then
-        cat "${TMPD}/headers.txt"
-        cat "${TMPD}/response.txt"
-        echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/x-tar)"
-        exit 1
-    fi
+    t POST "/build?dockerfile=containerfile&t=$tag" $CONTAINERFILE_TAR 200 \
+      .stream~".*Successfully tagged .*"
 
     rm -rf $TMPD
     t DELETE "images/$fqn" 200
diff --git a/test/apiv2/README.md b/test/apiv2/README.md
index 63d1f5b13..712124d1b 100644
--- a/test/apiv2/README.md
+++ b/test/apiv2/README.md
@@ -46,6 +46,9 @@ with POST parameters if present, and compares return status and
            |                     +----------- POST params
            +--------------------------------- note the missing slash
 
+Never, ever, ever, seriously _EVER_ `exit` from a test. Just don't.
+That skips cleanup, and leaves the system in a broken state.
+
 Notes:
 
 * If the endpoint has a leading slash (`/_ping`), `t` leaves it unchanged.
@@ -61,14 +64,19 @@ of POST parameters in the form 'key=value', separated by spaces:
 `t` will convert the param list to JSON form for passing to the server.
 A numeric status code terminates processing of POST parameters.
 ** As a special case, when one POST argument is a string ending in `.tar`,
-`t` will invoke `curl` with `--data-binary @PATH` and
-set `Content-type: application/x-tar`. This is useful for `build` endpoints.
+`.yaml`, or `.json`, `t` will invoke `curl` with `--data-binary @PATH` and
+set `Content-type` as appropriate. This is useful for `build` endpoints.
 (To override `Content-type`, simply pass along an extra string argument
 matching `application/*`):
       t POST myentrypoint /mytmpdir/myfile.tar application/foo 400
+** Like above, when using PUT, `t` does `--upload-time` instead of
+`--data-binary`
 
 * The final arguments are one or more expected string results. If an
 argument starts with a dot, `t` will invoke `jq` on the output to
 fetch that field, and will compare it to the right-hand side of
 the argument. If the separator is `=` (equals), `t` will require
 an exact match; if `~` (tilde), `t` will use `expr` to compare.
+
+* If your test expects `curl` to time out:
+     APIV2_TEST_EXPECT_TIMEOUT=5 t POST /foo 999
diff --git a/test/apiv2/python/rest_api/fixtures/api_testcase.py b/test/apiv2/python/rest_api/fixtures/api_testcase.py
index f47136555..edb34b31e 100644
--- a/test/apiv2/python/rest_api/fixtures/api_testcase.py
+++ b/test/apiv2/python/rest_api/fixtures/api_testcase.py
@@ -20,7 +20,7 @@ class APITestCase(unittest.TestCase):
 
         APITestCase.podman = Podman()
         APITestCase.service = APITestCase.podman.open(
-            "system", "service", "tcp:localhost:8080", "--time=0"
+            "system", "service", "tcp://localhost:8080", "--time=0"
         )
         # give the service some time to be ready...
         time.sleep(2)
diff --git a/test/apiv2/python/rest_api/test_v2_0_0_container.py b/test/apiv2/python/rest_api/test_v2_0_0_container.py
index a6cd93a1a..25596a9b7 100644
--- a/test/apiv2/python/rest_api/test_v2_0_0_container.py
+++ b/test/apiv2/python/rest_api/test_v2_0_0_container.py
@@ -359,8 +359,6 @@ class ContainerTestCase(APITestCase):
         self.assertEqual(2000, out["HostConfig"]["MemorySwap"])
         self.assertEqual(1000, out["HostConfig"]["Memory"])
 
-
-
 def execute_process(cmd):
     return subprocess.run(
                 cmd,
diff --git a/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py b/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py
index 905c29683..2274f25bf 100644
--- a/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py
+++ b/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py
@@ -63,7 +63,7 @@ class TestApi(unittest.TestCase):
                 podman(),
                 "system",
                 "service",
-                "tcp:localhost:8080",
+                "tcp://localhost:8080",
                 "--log-level=debug",
                 "--time=0",
             ],
diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2
index 0c3c6e672..8132e6432 100755
--- a/test/apiv2/test-apiv2
+++ b/test/apiv2/test-apiv2
@@ -23,8 +23,6 @@ REGISTRY_IMAGE="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/registry
 ###############################################################################
 # BEGIN setup
 
-USER=$PODMAN_ROOTLESS_USER
-UID=$PODMAN_ROOTLESS_UID
 TMPDIR=${TMPDIR:-/tmp}
 WORKDIR=$(mktemp --tmpdir -d $ME.tmp.XXXXXX)
 
@@ -56,9 +54,6 @@ fi
 # Path to podman binary
 PODMAN_BIN=${PODMAN:-${CONTAINERS_HELPER_BINARY_DIR}/podman}
 
-# Timeout for streamed responses
-CURL_TIMEOUT=0
-
 # Cleanup handlers
 clean_up_server() {
     if [ -n "$service_pid" ]; then
@@ -112,6 +107,22 @@ function is() {
     _show_ok 0 "$testname" "$expect" "$actual"
 }
 
+############
+#  is_not  #  Simple disequality
+############
+function is_not() {
+    local actual=$1
+    local expect_not=$2
+    local testname=$3
+
+    if [ "$actual" != "$expect_not" ]; then
+        # On success, include expected value; this helps readers understand
+        _show_ok 1 "$testname!=$expect"
+        return
+    fi
+    _show_ok 0 "$testname" "!= $expect" "$actual"
+}
+
 ##########
 #  like  #  Compare, but allowing patterns
 ##########
@@ -135,7 +146,8 @@ function like() {
 ##############
 function _show_ok() {
     local ok=$1
-    local testname=$2
+    # Exec tests include control characters; filter them out
+    local testname=$(tr -d \\012 <<<"$2"|cat -vT)
 
     # If output is a tty, colorize pass/fail
     local red=
@@ -220,21 +232,6 @@ function jsonify() {
 }
 
 #######
-#  t_timeout  #  Timeout wrapper for test helper
-#######
-function t_timeout() {
-    CURL_TIMEOUT=$1; shift
-    local min_runtime=$((CURL_TIMEOUT - 1))
-    start=`date +%s`
-    t $@
-    local end=`date +%s`
-    local runtime=$((end-start))
-    if ! [[ "$runtime" -ge "$min_runtime" ]]; then
-        die "Error: Streaming time should be greater or equal to '$min_runtime'"
-    fi
-}
-
-#######
 #  t  #  Main test helper
 #######
 function t() {
@@ -245,23 +242,28 @@ function t() {
 
     local testname="$method $path"
 
-    if [[ $CURL_TIMEOUT != 0 ]]; then
-        local c_timeout=$CURL_TIMEOUT
-        curl_args+=("-m $CURL_TIMEOUT")
-        CURL_TIMEOUT=0 # 'consume' timeout
-    fi
     # POST and PUT requests may be followed by one or more key=value pairs.
     # Slurp the command line until we see a 3-digit status code.
     if [[ $method = "POST" || $method == "PUT" || $method = "DELETE" ]]; then
         local -a post_args
+
+        if [[ $method = "POST" ]]; then
+            function _add_curl_args() { curl_args+=(--data-binary @$1); }
+        else
+            function _add_curl_args() { curl_args+=(--upload-file $1); }
+        fi
+
         for arg; do
             case "$arg" in
                 *=*)              post_args+=("$arg");
                                   shift;;
-                *.tar)            curl_args+=(--data-binary @$arg);
+                *.json)           _add_curl_args $arg;
+                                  content_type="application/json";
+                                  shift;;
+                *.tar)            _add_curl_args $arg;
                                   content_type="application/x-tar";
                                   shift;;
-                *.yaml)           curl_args+=(--data-binary @$arg);
+                *.yaml)           _add_curl_args $arg;
                                   shift;;
                 application/*)    content_type="$arg";
                                   shift;;
@@ -270,8 +272,8 @@ function t() {
             esac
         done
         if [[ -z "$curl_args" ]]; then
-            curl_args=(-d $(jsonify ${post_args[@]}))
-            testname="$testname [${curl_args[@]}]"
+            curl_args=(-d $(jsonify ${post_args[*]}))
+            testname="$testname [${curl_args[*]}]"
         fi
     fi
 
@@ -301,6 +303,11 @@ function t() {
         curl_args+=("--head")
     fi
 
+    # If this is set, we're *expecting* curl to time out
+    if [[ -n "$APIV2_TEST_EXPECT_TIMEOUT" ]]; then
+        curl_args+=("-m" $APIV2_TEST_EXPECT_TIMEOUT)
+    fi
+
     local expected_code=$1; shift
 
     # Log every action we do
@@ -316,9 +323,20 @@ function t() {
                     --write-out '%{http_code}^%{content_type}^%{time_total}' \
                     -o $WORKDIR/curl.result.out "$url"); rc=$?; } || :
 
+    # Special case: this means we *expect and want* a timeout
+    if [[ -n "$APIV2_TEST_EXPECT_TIMEOUT" ]]; then
+        # Hardcoded. See curl(1) for list of exit codes
+        if [[ $rc -eq 28 ]]; then
+            _show_ok 1 "$testname: curl timed out (expected)"
+        else
+            _show_ok 0 "$testname: expected curl to time out; it did not"
+        fi
+        return
+    fi
+
     # Any error from curl is instant bad news, from which we can't recover
-    if [[ $rc -ne 0 ]] && [[ $c_timeout -eq 0 ]]; then
-        die "curl failure ($rc) on $url - cannot continue"
+    if [[ $rc -ne 0 ]]; then
+        die "curl failure ($rc) on $url - cannot continue. args=${curl_args[*]}"
     fi
 
     # Show returned headers (without trailing ^M or empty lines) in log file.
@@ -366,7 +384,7 @@ function t() {
 
     # Special case: if response code does not match, dump the response body
     # and skip all further subtests.
-    if [[ $actual_code != $expected_code ]]; then
+    if [[ "$actual_code" != "$expected_code" ]]; then
         echo -e "#  response: $output"
         for i; do
             _show_ok skip "$testname: $i # skip - wrong return code"
@@ -375,7 +393,13 @@ function t() {
     fi
 
     for i; do
-        if expr "$i" : "[^=~]\+=.*" >/dev/null; then
+        if expr "$i" : '[^\!]\+\!=.\+' >/dev/null; then
+            # Disequality on json field
+            json_field=$(expr "$i" : '\([^!]*\)!')
+            expect_not=$(expr "$i" : '[^\!]*\!=\(.*\)')
+            actual=$(jq -r "$json_field" <<<"$output")
+            is_not "$actual" "$expect_not" "$testname : $json_field"
+        elif expr "$i" : "[^=~]\+=.*" >/dev/null; then
             # Exact match on json field
             json_field=$(expr "$i" : "\([^=]*\)=")
             expect=$(expr "$i" : '[^=]*=\(.*\)')
@@ -647,11 +671,11 @@ echo -e "collected ${#tests_to_run[@]} items\n"
 
 start_service
 
-for i in ${tests_to_run[@]}; do
+for i in "${tests_to_run[@]}"; do
     TEST_CONTEXT="[$(basename $i .at)]"
 
     # Clear output from 'podman' helper
-    >| $WORKDIR/output.log
+    truncate --size=0 $WORKDIR/output.log
 
     source $i
 done
diff --git a/test/buildah-bud/apply-podman-deltas b/test/buildah-bud/apply-podman-deltas
index 6578afc93..999f36bf9 100755
--- a/test/buildah-bud/apply-podman-deltas
+++ b/test/buildah-bud/apply-podman-deltas
@@ -152,6 +152,10 @@ errmsg "checking authfile: stat /tmp/nonexistent: no such file or directory" \
        "Error: checking authfile: stat /tmp/nonexistent: no such file or directory" \
        "bud with Containerfile should fail with nonexistent authfile"
 
+errmsg "cannot find Containerfile or Dockerfile" \
+       "no such file or directory" \
+       "bud-github-context-from-commit"
+
 ###############################################################################
 # BEGIN tests that don't make sense under podman due to fundamental differences
 
@@ -216,7 +220,10 @@ skip_if_remote "--output option not implemented in podman-remote" \
                "build with custom build output and output rootfs to tar" \
                "build with custom build output and output rootfs to tar by pipe" \
                "build with custom build output must fail for bad input" \
-               "build with custom build output and output rootfs to tar with no additional step"
+               "build with custom build output and output rootfs to tar with no additional step" \
+               "build with custom build output for single-stage-cached and output rootfs to directory" \
+               "build with custom build output for multi-stage-cached and output rootfs to directory" \
+               "build with custom build output for multi-stage and output rootfs to directory"
 
 # https://github.com/containers/podman/issues/14544
 skip_if_remote "logfile not implemented on remote" "bud-logfile-with-split-logfile-by-platform"
@@ -228,6 +235,10 @@ skip_if_remote "envariables do not automatically work with -remote." \
 skip_if_remote "FIXME FIXME FIXME: does this test make sense in remote?" \
                "build-test with OCI prestart hook"
 
+# 2022-08-17 buildah PR 4190
+skip_if_remote "Explicit request in buildah PR 4190 to skip this on remote" \
+               "build: test race in updating image name while performing parallel commits"
+
 ###############################################################################
 # BEGIN tests which are skipped due to actual podman or podman-remote bugs.
 
diff --git a/test/buildah-bud/buildah-tests.diff b/test/buildah-bud/buildah-tests.diff
index 399042240..bf119421e 100644
--- a/test/buildah-bud/buildah-tests.diff
+++ b/test/buildah-bud/buildah-tests.diff
@@ -1,4 +1,4 @@
-From 6508e3df2a129554fdf8336d8a6f0cdcc6fd4832 Mon Sep 17 00:00:00 2001
+From d22e44c8fb1c87afb90391188733f7ce8fea005d Mon Sep 17 00:00:00 2001
 From: Ed Santiago <santiago@redhat.com>
 Date: Tue, 9 Feb 2021 17:28:05 -0700
 Subject: [PATCH] tweaks for running buildah tests under podman
@@ -9,10 +9,10 @@ Signed-off-by: Ed Santiago <santiago@redhat.com>
  1 file changed, 67 insertions(+), 3 deletions(-)
 
 diff --git a/tests/helpers.bash b/tests/helpers.bash
-index e3087063..178a486e 100644
+index 8cb93c3a..72c1c797 100644
 --- a/tests/helpers.bash
 +++ b/tests/helpers.bash
-@@ -51,6 +51,23 @@ EOF
+@@ -52,6 +52,23 @@ EOF
      ROOTDIR_OPTS="--root ${TEST_SCRATCH_DIR}/root --runroot ${TEST_SCRATCH_DIR}/runroot --storage-driver ${STORAGE_DRIVER}"
      BUILDAH_REGISTRY_OPTS="--registries-conf ${TEST_SOURCES}/registries.conf --registries-conf-dir ${TEST_SCRATCH_DIR}/registries.d --short-name-alias-conf ${TEST_SCRATCH_DIR}/cache/shortnames.conf"
      PODMAN_REGISTRY_OPTS="--registries-conf ${TEST_SOURCES}/registries.conf"
@@ -36,7 +36,7 @@ index e3087063..178a486e 100644
  }
  
  function starthttpd() {
-@@ -94,6 +111,12 @@ function teardown_tests() {
+@@ -95,6 +112,12 @@ function teardown_tests() {
      stop_git_daemon
      stop_registry
  
@@ -49,7 +49,7 @@ index e3087063..178a486e 100644
      # Workaround for #1991 - buildah + overlayfs leaks mount points.
      # Many tests leave behind /var/tmp/.../root/overlay and sub-mounts;
      # let's find those and clean them up, otherwise 'rm -rf' fails.
-@@ -186,6 +209,10 @@ function podman() {
+@@ -187,6 +210,10 @@ function podman() {
      command ${PODMAN_BINARY:-podman} ${PODMAN_REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@"
  }
  
@@ -60,7 +60,7 @@ index e3087063..178a486e 100644
  # There are various scenarios where we would like to execute `tests` as rootless user, however certain commands like `buildah mount`
  # do not work in rootless session since a normal user cannot mount a filesystem unless they're in a user namespace along with its
  # own mount namespace. In order to run such specific commands from a rootless session we must perform `buildah unshare`.
-@@ -247,8 +274,36 @@ function run_buildah() {
+@@ -248,8 +275,36 @@ function run_buildah() {
          --retry)         retry=3;        shift;;  # retry network flakes
      esac
  
@@ -98,7 +98,7 @@ index e3087063..178a486e 100644
  
      # If session is rootless and `buildah mount` is invoked, perform unshare,
      # since normal user cannot mount a filesystem unless they're in a user namespace along with its own mount namespace.
-@@ -262,8 +317,8 @@ function run_buildah() {
+@@ -263,8 +318,8 @@ function run_buildah() {
          retry=$(( retry - 1 ))
  
          # stdout is only emitted upon error; this echo is to help a debugger
@@ -109,7 +109,7 @@ index e3087063..178a486e 100644
          # without "quotes", multiple lines are glommed together into one
          if [ -n "$output" ]; then
              echo "$output"
-@@ -595,6 +650,15 @@ function skip_if_no_docker() {
+@@ -596,6 +651,15 @@ function skip_if_no_docker() {
    fi
  }
  
@@ -126,5 +126,5 @@ index e3087063..178a486e 100644
    daemondir=${TEST_SCRATCH_DIR}/git-daemon
    mkdir -p ${daemondir}/repo
 -- 
-2.35.3
+2.36.1
 
diff --git a/test/buildah-bud/make-new-buildah-diffs b/test/buildah-bud/make-new-buildah-diffs
index 3d0a77008..f6404fa51 100644
--- a/test/buildah-bud/make-new-buildah-diffs
+++ b/test/buildah-bud/make-new-buildah-diffs
@@ -17,7 +17,7 @@ if [[ ! $whereami =~ test-buildah-v ]]; then
 fi
 
 # FIXME: check that git repo is buildah
-git remote -v | grep -q [BUILDAHREPO] \
+git remote -v | grep -q '[BUILDAHREPO]' \
     || die "This does not look like a buildah repo (git remote -v)"
 
 # We could do the commit automatically, but it's prudent to require human
diff --git a/test/compose/test-compose b/test/compose/test-compose
index 99d063c25..fe2da9532 100755
--- a/test/compose/test-compose
+++ b/test/compose/test-compose
@@ -64,7 +64,7 @@ function is() {
     local expect=$2
     local testname=$3
 
-    if [[ $actual = $expect ]]; then
+    if [[ "$actual" = "$expect" ]]; then
         # On success, include expected value; this helps readers understand
         _show_ok 1 "$testname=$expect"
         return
@@ -303,12 +303,12 @@ n_tests=0
 # We aren't really TAP 13; this helps logformatter recognize our output as BATS
 echo "TAP version 13"
 
-for t in ${tests_to_run[@]}; do
+for t in "${tests_to_run[@]}"; do
     testdir="$(dirname $t)"
     testname="$(basename $testdir)"
 
     if [ -e $test_dir/SKIP ]; then
-        local reason="$(<$test_dir/SKIP)"
+        reason="$(<$test_dir/SKIP)"
         if [ -n "$reason" ]; then
             reason=" - $reason"
         fi
diff --git a/test/e2e/benchmarks_test.go b/test/e2e/benchmarks_test.go
index 4be048de2..d1332665a 100644
--- a/test/e2e/benchmarks_test.go
+++ b/test/e2e/benchmarks_test.go
@@ -99,7 +99,7 @@ var _ = Describe("Podman Benchmark Suite", func() {
 	}
 
 	totalMemoryInKb := func() (total uint64) {
-		files, err := ioutil.ReadDir(timedir)
+		files, err := os.ReadDir(timedir)
 		if err != nil {
 			Fail(fmt.Sprintf("Error reading timing dir: %v", err))
 		}
diff --git a/test/e2e/build/Containerfile.userns-auto b/test/e2e/build/Containerfile.userns-auto
new file mode 100644
index 000000000..921610982
--- /dev/null
+++ b/test/e2e/build/Containerfile.userns-auto
@@ -0,0 +1,2 @@
+FROM alpine
+RUN cat /proc/self/uid_map
diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go
index 8f5e1a0b6..a33936549 100644
--- a/test/e2e/checkpoint_test.go
+++ b/test/e2e/checkpoint_test.go
@@ -95,13 +95,15 @@ var _ = Describe("Podman checkpoint", func() {
 	It("podman checkpoint bogus container", func() {
 		session := podmanTest.Podman([]string{"container", "checkpoint", "foobar"})
 		session.WaitWithDefaultTimeout()
-		Expect(session).To(ExitWithError())
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("no such container"))
 	})
 
 	It("podman restore bogus container", func() {
 		session := podmanTest.Podman([]string{"container", "restore", "foobar"})
 		session.WaitWithDefaultTimeout()
-		Expect(session).To(ExitWithError())
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("no such container or image"))
 	})
 
 	It("podman checkpoint a running container by id", func() {
@@ -132,6 +134,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(Equal(cid))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited"))
 
@@ -156,6 +159,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(Equal(cid))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up"))
 
@@ -214,6 +218,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(Equal("test_name"))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited"))
 
@@ -221,6 +226,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(Equal("test_name"))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up"))
 
@@ -298,6 +304,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(Equal("second"))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
 
 		ps := podmanTest.Podman([]string{"ps", "-q", "--no-trunc"})
@@ -310,6 +317,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(Equal("second"))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(2))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up"))
 		Expect(podmanTest.GetContainerStatus()).To(Not(ContainSubstring("Exited")))
@@ -325,16 +333,20 @@ var _ = Describe("Podman checkpoint", func() {
 		session1 := podmanTest.Podman(localRunString)
 		session1.WaitWithDefaultTimeout()
 		Expect(session1).Should(Exit(0))
+		cid1 := session1.OutputToString()
 
 		localRunString = getRunString([]string{"--name", "second", ALPINE, "top"})
 		session2 := podmanTest.Podman(localRunString)
 		session2.WaitWithDefaultTimeout()
 		Expect(session2).Should(Exit(0))
+		cid2 := session2.OutputToString()
 
 		result := podmanTest.Podman([]string{"container", "checkpoint", "-a"})
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid1))
+		Expect(result.OutputToString()).To(ContainSubstring(cid2))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 
 		ps := podmanTest.Podman([]string{"ps", "-q", "--no-trunc"})
@@ -347,6 +359,8 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid1))
+		Expect(result.OutputToString()).To(ContainSubstring(cid2))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(2))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up"))
 		Expect(podmanTest.GetContainerStatus()).To(Not(ContainSubstring("Exited")))
@@ -573,6 +587,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -592,6 +607,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -611,6 +627,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -630,6 +647,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -647,6 +665,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("not supported"))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 
@@ -692,6 +711,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -742,6 +762,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -784,6 +805,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -822,6 +844,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -872,6 +895,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -942,6 +966,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointFileName})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -993,9 +1018,6 @@ var _ = Describe("Podman checkpoint", func() {
 		if !criu.MemTrack() {
 			Skip("system (architecture/kernel/CRIU) does not support memory tracking")
 		}
-		if !strings.Contains(podmanTest.OCIRuntime, "runc") {
-			Skip("Test only works on runc 1.0-rc3 or higher.")
-		}
 		localRunString := getRunString([]string{ALPINE, "top"})
 		session := podmanTest.Podman(localRunString)
 		session.WaitWithDefaultTimeout()
@@ -1029,9 +1051,6 @@ var _ = Describe("Podman checkpoint", func() {
 		if !criu.MemTrack() {
 			Skip("system (architecture/kernel/CRIU) does not support memory tracking")
 		}
-		if !strings.Contains(podmanTest.OCIRuntime, "runc") {
-			Skip("Test only works on runc 1.0-rc3 or higher.")
-		}
 		localRunString := getRunString([]string{ALPINE, "top"})
 		session := podmanTest.Podman(localRunString)
 		session.WaitWithDefaultTimeout()
@@ -1051,6 +1070,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited"))
 
@@ -1097,6 +1117,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -1311,6 +1332,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -1642,6 +1664,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
@@ -1796,6 +1819,7 @@ var _ = Describe("Podman checkpoint", func() {
 		// As the container has been started with '--rm' it will be completely
 		// cleaned up after checkpointing.
 		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(cid))
 		fixmeFixme14653(podmanTest, cid)
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
diff --git a/test/e2e/cleanup_test.go b/test/e2e/cleanup_test.go
new file mode 100644
index 000000000..f15f9bd5a
--- /dev/null
+++ b/test/e2e/cleanup_test.go
@@ -0,0 +1,128 @@
+package integration
+
+import (
+	"os"
+
+	. "github.com/containers/podman/v4/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gexec"
+)
+
+var _ = Describe("Podman container cleanup", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		SkipIfRemote("podman container cleanup is not supported in remote")
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+
+	})
+
+	It("podman cleanup bogus container", func() {
+		session := podmanTest.Podman([]string{"container", "cleanup", "foobar"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("no such container"))
+	})
+
+	It("podman cleanup container by id", func() {
+		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
+		session = podmanTest.Podman([]string{"container", "cleanup", cid})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(cid))
+	})
+
+	It("podman cleanup container by short id", func() {
+		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
+		shortID := cid[0:10]
+		session = podmanTest.Podman([]string{"container", "cleanup", shortID})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(shortID))
+	})
+
+	It("podman cleanup container by name", func() {
+		session := podmanTest.Podman([]string{"create", "--name", "foo", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		session = podmanTest.Podman([]string{"container", "cleanup", "foo"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal("foo"))
+	})
+
+	It("podman cleanup all containers", func() {
+		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"container", "cleanup", "--all"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(cid))
+	})
+
+	It("podman cleanup latest container", func() {
+		SkipIfRemote("--latest flag n/a")
+		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"create", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"container", "cleanup", "--latest"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(cid))
+	})
+
+	It("podman cleanup running container", func() {
+		session := podmanTest.RunTopContainer("running")
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		session = podmanTest.Podman([]string{"container", "cleanup", "running"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("container state improper"))
+	})
+
+	It("podman cleanup paused container", func() {
+		SkipIfRootlessCgroupsV1("Pause is not supported in cgroups v1")
+		session := podmanTest.RunTopContainer("paused")
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		session = podmanTest.Podman([]string{"pause", "paused"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		session = podmanTest.Podman([]string{"container", "cleanup", "paused"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("container state improper"))
+	})
+})
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 2d7c47a7f..690e2f22c 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -306,7 +306,7 @@ func PodmanTestCreateUtil(tempDir string, remote bool) *PodmanTestIntegration {
 		// happens. So, use a podman-%s.sock-lock empty file as a marker.
 		tries := 0
 		for {
-			uuid := stringid.GenerateNonCryptoID()
+			uuid := stringid.GenerateRandomID()
 			lockPath := fmt.Sprintf("%s-%s.sock-lock", pathPrefix, uuid)
 			lockFile, err := os.OpenFile(lockPath, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0700)
 			if err == nil {
@@ -571,7 +571,7 @@ func (s *PodmanSessionIntegration) InspectContainerToJSON() []define.InspectCont
 func (s *PodmanSessionIntegration) InspectPodToJSON() define.InspectPodData {
 	var i define.InspectPodData
 	err := jsoniter.Unmarshal(s.Out.Contents(), &i)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	return i
 }
 
@@ -894,7 +894,7 @@ func generateNetworkConfig(p *PodmanTestIntegration) (string, string) {
 		conf string
 	)
 	// generate a random name to prevent conflicts with other tests
-	name := "net" + stringid.GenerateNonCryptoID()
+	name := "net" + stringid.GenerateRandomID()
 	if p.NetworkBackend != Netavark {
 		path = filepath.Join(p.NetworkConfigDir, fmt.Sprintf("%s.conflist", name))
 		conf = fmt.Sprintf(`{
@@ -1030,7 +1030,7 @@ func ncz(port int) bool {
 }
 
 func createNetworkName(name string) string {
-	return name + stringid.GenerateNonCryptoID()[:10]
+	return name + stringid.GenerateRandomID()[:10]
 }
 
 var IPRegex = `(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}`
diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf
index c33f32ab4..94bb316b1 100644
--- a/test/e2e/config/containers.conf
+++ b/test/e2e/config/containers.conf
@@ -61,6 +61,8 @@ no_hosts=true
 network_cmd_options=["allow_host_loopback=true"]
 service_timeout=1234
 
+volume_plugin_timeout = 15
+
 # We need to ensure each test runs on a separate plugin instance...
 # For now, let's just make a bunch of plugin paths and have each test use one.
 [engine.volume_plugins]
diff --git a/test/e2e/config_amd64.go b/test/e2e/config_amd64.go
index f32542df8..ba7940d57 100644
--- a/test/e2e/config_amd64.go
+++ b/test/e2e/config_amd64.go
@@ -8,7 +8,7 @@ var (
 	CACHE_IMAGES             = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, LABELS_IMAGE, HEALTHCHECK_IMAGE, UBI_INIT, UBI_MINIMAL, fedoraToolbox} //nolint:revive,stylecheck
 	NGINX_IMAGE              = "quay.io/libpod/alpine_nginx:latest"                                                                                                                              //nolint:revive,stylecheck
 	BB_GLIBC                 = "docker.io/library/busybox:glibc"                                                                                                                                 //nolint:revive,stylecheck
-	REGISTRY_IMAGE           = "quay.io/libpod/registry:2.6"                                                                                                                                     //nolint:revive,stylecheck
+	REGISTRY_IMAGE           = "quay.io/libpod/registry:2.8"                                                                                                                                     //nolint:revive,stylecheck
 	LABELS_IMAGE             = "quay.io/libpod/alpine_labels:latest"                                                                                                                             //nolint:revive,stylecheck
 	UBI_MINIMAL              = "registry.access.redhat.com/ubi8-minimal"                                                                                                                         //nolint:revive,stylecheck
 	UBI_INIT                 = "registry.access.redhat.com/ubi8-init"                                                                                                                            //nolint:revive,stylecheck
diff --git a/test/e2e/config_arm64.go b/test/e2e/config_arm64.go
index c1e0afc47..32ed2f90d 100644
--- a/test/e2e/config_arm64.go
+++ b/test/e2e/config_arm64.go
@@ -8,7 +8,7 @@ var (
 	CACHE_IMAGES             = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, LABELS_IMAGE, HEALTHCHECK_IMAGE, UBI_INIT, UBI_MINIMAL, fedoraToolbox} //nolint:revive,stylecheck
 	NGINX_IMAGE              = "quay.io/lsm5/alpine_nginx-aarch64:latest"                                                                                                                        //nolint:revive,stylecheck
 	BB_GLIBC                 = "docker.io/library/busybox:glibc"                                                                                                                                 //nolint:revive,stylecheck
-	REGISTRY_IMAGE           = "quay.io/libpod/registry:2.6"                                                                                                                                     //nolint:revive,stylecheck
+	REGISTRY_IMAGE           = "quay.io/libpod/registry:2.8"                                                                                                                                     //nolint:revive,stylecheck
 	LABELS_IMAGE             = "quay.io/libpod/alpine_labels:latest"                                                                                                                             //nolint:revive,stylecheck
 	UBI_MINIMAL              = "registry.access.redhat.com/ubi8-minimal"                                                                                                                         //nolint:revive,stylecheck
 	UBI_INIT                 = "registry.access.redhat.com/ubi8-init"                                                                                                                            //nolint:revive,stylecheck
diff --git a/test/e2e/container_clone_test.go b/test/e2e/container_clone_test.go
index 94ccd6ffe..1ba5de1a3 100644
--- a/test/e2e/container_clone_test.go
+++ b/test/e2e/container_clone_test.go
@@ -87,6 +87,7 @@ var _ = Describe("Podman container clone", func() {
 	})
 
 	It("podman container clone resource limits override", func() {
+		SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
 		create := podmanTest.Podman([]string{"create", "--cpus=5", ALPINE})
 		create.WaitWithDefaultTimeout()
 		Expect(create).To(Exit(0))
@@ -292,4 +293,20 @@ var _ = Describe("Podman container clone", func() {
 		Expect(ok).To(BeTrue())
 
 	})
+
+	It("podman container clone env test", func() {
+		session := podmanTest.Podman([]string{"run", "--name", "env_ctr", "-e", "ENV_TEST=123", ALPINE, "printenv", "ENV_TEST"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"container", "clone", "env_ctr"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"start", "-a", "env_ctr-clone"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("123"))
+
+	})
 })
diff --git a/test/e2e/container_create_volume_test.go b/test/e2e/container_create_volume_test.go
index 6d9f13694..3c54691aa 100644
--- a/test/e2e/container_create_volume_test.go
+++ b/test/e2e/container_create_volume_test.go
@@ -58,7 +58,7 @@ func checkDataVolumeContainer(pTest *PodmanTestIntegration, image, cont, dest, d
 	Expect(volList.OutputToStringArray()[0]).To(Equal(mntName))
 
 	// Check the mount source directory
-	files, err := ioutil.ReadDir(mntSource)
+	files, err := os.ReadDir(mntSource)
 	Expect(err).To(BeNil())
 
 	if data == "" {
diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
index 32deb04a8..f7ddfe50c 100644
--- a/test/e2e/create_staticmac_test.go
+++ b/test/e2e/create_staticmac_test.go
@@ -48,7 +48,7 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 	})
 
 	It("Podman run --mac-address with custom network", func() {
-		net := "n1" + stringid.GenerateNonCryptoID()
+		net := "n1" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index 9679aad24..d5920dc3e 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -438,6 +438,7 @@ var _ = Describe("Podman create", func() {
 	})
 
 	It("podman create with -m 1000000 sets swap to 2000000", func() {
+		SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
 		numMem := 1000000
 		ctrName := "testCtr"
 		session := podmanTest.Podman([]string{"create", "-t", "-m", fmt.Sprintf("%db", numMem), "--name", ctrName, ALPINE, "/bin/sh"})
@@ -452,6 +453,7 @@ var _ = Describe("Podman create", func() {
 	})
 
 	It("podman create --cpus 5 sets nanocpus", func() {
+		SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
 		numCpus := 5
 		nanoCPUs := numCpus * 1000000000
 		ctrName := "testCtr"
@@ -593,7 +595,7 @@ var _ = Describe("Podman create", func() {
 		pod.WaitWithDefaultTimeout()
 		Expect(pod).Should(Exit(0))
 
-		netName := "pod" + stringid.GenerateNonCryptoID()
+		netName := "pod" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
diff --git a/test/e2e/diff_test.go b/test/e2e/diff_test.go
index a1f57f41b..c7f235e29 100644
--- a/test/e2e/diff_test.go
+++ b/test/e2e/diff_test.go
@@ -93,9 +93,9 @@ var _ = Describe("Podman diff", func() {
 	})
 
 	It("podman image diff", func() {
-		file1 := "/" + stringid.GenerateNonCryptoID()
-		file2 := "/" + stringid.GenerateNonCryptoID()
-		file3 := "/" + stringid.GenerateNonCryptoID()
+		file1 := "/" + stringid.GenerateRandomID()
+		file2 := "/" + stringid.GenerateRandomID()
+		file3 := "/" + stringid.GenerateRandomID()
 
 		// Create container image with the files
 		containerfile := fmt.Sprintf(`
@@ -152,8 +152,8 @@ RUN echo test
 	})
 
 	It("podman diff container and image with same name", func() {
-		imagefile := "/" + stringid.GenerateNonCryptoID()
-		confile := "/" + stringid.GenerateNonCryptoID()
+		imagefile := "/" + stringid.GenerateRandomID()
+		confile := "/" + stringid.GenerateRandomID()
 
 		// Create container image with the files
 		containerfile := fmt.Sprintf(`
diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go
index 528fa143d..bba42c3f4 100644
--- a/test/e2e/events_test.go
+++ b/test/e2e/events_test.go
@@ -42,10 +42,7 @@ var _ = Describe("Podman events", func() {
 	// Perhaps a future version of this test would put events in a go func and send output back over a channel
 	// while events occur.
 
-	// These tests are only known to work on Fedora ATM.  Other distributions
-	// will be skipped.
 	It("podman events", func() {
-		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
 		result := podmanTest.Podman([]string{"events", "--stream=false"})
@@ -54,7 +51,6 @@ var _ = Describe("Podman events", func() {
 	})
 
 	It("podman events with an event filter", func() {
-		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
 		result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "event=start"})
@@ -81,7 +77,6 @@ var _ = Describe("Podman events", func() {
 	})
 
 	It("podman events with a type and filter container=id", func() {
-		SkipIfNotFedora()
 		_, ec, cid := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
 		result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "type=pod", "--filter", fmt.Sprintf("container=%s", cid)})
@@ -91,7 +86,6 @@ var _ = Describe("Podman events", func() {
 	})
 
 	It("podman events with a type", func() {
-		SkipIfNotFedora()
 		setup := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:foobarpod", ALPINE, "top"})
 		setup.WaitWithDefaultTimeout()
 		stop := podmanTest.Podman([]string{"pod", "stop", "foobarpod"})
@@ -110,7 +104,6 @@ var _ = Describe("Podman events", func() {
 	})
 
 	It("podman events --since", func() {
-		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
 		result := podmanTest.Podman([]string{"events", "--stream=false", "--since", "1m"})
@@ -119,7 +112,6 @@ var _ = Describe("Podman events", func() {
 	})
 
 	It("podman events --until", func() {
-		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
 		result := podmanTest.Podman([]string{"events", "--stream=false", "--until", "1h"})
@@ -128,7 +120,6 @@ var _ = Describe("Podman events", func() {
 	})
 
 	It("podman events format", func() {
-		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
 
@@ -153,12 +144,19 @@ var _ = Describe("Podman events", func() {
 		event = events.Event{}
 		err = json.Unmarshal([]byte(jsonArr[0]), &event)
 		Expect(err).ToNot(HaveOccurred())
+
+		test = podmanTest.Podman([]string{"events", "--stream=false", "--filter=type=container", "--format", "ID: {{.ID}}"})
+		test.WaitWithDefaultTimeout()
+		Expect(test).To(Exit(0))
+		arr := test.OutputToStringArray()
+		Expect(len(arr)).To(BeNumerically(">", 1))
+		Expect(arr[0]).To(MatchRegexp("ID: [a-fA-F0-9]{64}"))
 	})
 
 	It("podman events --until future", func() {
-		name1 := stringid.GenerateNonCryptoID()
-		name2 := stringid.GenerateNonCryptoID()
-		name3 := stringid.GenerateNonCryptoID()
+		name1 := stringid.GenerateRandomID()
+		name2 := stringid.GenerateRandomID()
+		name3 := stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"create", "--name", name1, ALPINE})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 845aa60ce..d8308aeea 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -3,6 +3,7 @@ package integration
 import (
 	"io/ioutil"
 	"os"
+	"os/user"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -58,7 +59,7 @@ var _ = Describe("Podman generate kube", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", "top"})
+		kube := podmanTest.Podman([]string{"kube", "generate", "top"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -71,6 +72,10 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(pod.Spec.Containers[0]).To(HaveField("WorkingDir", ""))
 		Expect(pod.Spec.Containers[0].Env).To(BeNil())
 		Expect(pod).To(HaveField("Name", "top-pod"))
+		enableServiceLinks := false
+		Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+		automountServiceAccountToken := false
+		Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
 
 		numContainers := 0
 		for range pod.Spec.Containers {
@@ -115,7 +120,7 @@ var _ = Describe("Podman generate kube", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", "test"})
+		kube := podmanTest.Podman([]string{"kube", "generate", "test"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -130,7 +135,7 @@ var _ = Describe("Podman generate kube", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", "-s", "test-ctr"})
+		kube := podmanTest.Podman([]string{"kube", "generate", "-s", "test-ctr"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -165,6 +170,10 @@ var _ = Describe("Podman generate kube", func() {
 		err := yaml.Unmarshal(kube.Out.Contents(), pod)
 		Expect(err).To(BeNil())
 		Expect(pod.Spec).To(HaveField("HostNetwork", false))
+		enableServiceLinks := false
+		Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+		automountServiceAccountToken := false
+		Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
 
 		numContainers := 0
 		for range pod.Spec.Containers {
@@ -182,7 +191,7 @@ var _ = Describe("Podman generate kube", func() {
 		pod2.WaitWithDefaultTimeout()
 		Expect(pod2).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", "pod1", "pod2"})
+		kube := podmanTest.Podman([]string{"kube", "generate", "pod1", "pod2"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -203,7 +212,7 @@ var _ = Describe("Podman generate kube", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", "toppod"})
+		kube := podmanTest.Podman([]string{"kube", "generate", "toppod"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -262,6 +271,39 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(numContainers).To(Equal(1))
 	})
 
+	It("podman generate kube on pod with user namespace", func() {
+		u, err := user.Current()
+		Expect(err).To(BeNil())
+		name := u.Name
+		if name == "root" {
+			name = "containers"
+		}
+		content, err := ioutil.ReadFile("/etc/subuid")
+		if err != nil {
+			Skip("cannot read /etc/subuid")
+		}
+		if !strings.Contains(string(content), name) {
+			Skip("cannot find mappings for the current user")
+		}
+		podSession := podmanTest.Podman([]string{"pod", "create", "--name", "testPod", "--userns=auto"})
+		podSession.WaitWithDefaultTimeout()
+		Expect(podSession).Should(Exit(0))
+
+		session := podmanTest.Podman([]string{"create", "--name", "topcontainer", "--pod", "testPod", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		kube := podmanTest.Podman([]string{"generate", "kube", "testPod"})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		pod := new(v1.Pod)
+		err = yaml.Unmarshal(kube.Out.Contents(), pod)
+		Expect(err).To(BeNil())
+		expected := false
+		Expect(pod.Spec).To(HaveField("HostUsers", &expected))
+	})
+
 	It("podman generate kube on pod with host network", func() {
 		podSession := podmanTest.Podman([]string{"pod", "create", "--name", "testHostNetwork", "--network", "host"})
 		podSession.WaitWithDefaultTimeout()
@@ -398,7 +440,7 @@ var _ = Describe("Podman generate kube", func() {
 		ctr2Session.WaitWithDefaultTimeout()
 		Expect(ctr2Session).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", podName})
+		kube := podmanTest.Podman([]string{"kube", "generate", podName})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -490,17 +532,18 @@ var _ = Describe("Podman generate kube", func() {
 	})
 
 	It("podman generate kube on pod with memory limit", func() {
+		SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
 		podName := "testMemoryLimit"
 		podSession := podmanTest.Podman([]string{"pod", "create", "--name", podName})
 		podSession.WaitWithDefaultTimeout()
 		Expect(podSession).Should(Exit(0))
 
 		ctr1Name := "ctr1"
-		ctr1Session := podmanTest.Podman([]string{"create", "--name", ctr1Name, "--pod", podName, "--memory", "10Mi", ALPINE, "top"})
+		ctr1Session := podmanTest.Podman([]string{"create", "--name", ctr1Name, "--pod", podName, "--memory", "10M", ALPINE, "top"})
 		ctr1Session.WaitWithDefaultTimeout()
 		Expect(ctr1Session).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", podName})
+		kube := podmanTest.Podman([]string{"kube", "generate", podName})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -515,6 +558,7 @@ var _ = Describe("Podman generate kube", func() {
 	})
 
 	It("podman generate kube on pod with cpu limit", func() {
+		SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
 		podName := "testCpuLimit"
 		podSession := podmanTest.Podman([]string{"pod", "create", "--name", podName})
 		podSession.WaitWithDefaultTimeout()
@@ -548,6 +592,11 @@ var _ = Describe("Podman generate kube", func() {
 
 	It("podman generate kube on pod with ports", func() {
 		podName := "test"
+
+		lock4 := GetPortLock("4000")
+		defer lock4.Unlock()
+		lock5 := GetPortLock("5000")
+		defer lock5.Unlock()
 		podSession := podmanTest.Podman([]string{"pod", "create", "--name", podName, "-p", "4000:4000", "-p", "5000:5000"})
 		podSession.WaitWithDefaultTimeout()
 		Expect(podSession).Should(Exit(0))
@@ -562,7 +611,7 @@ var _ = Describe("Podman generate kube", func() {
 		ctr2Session.WaitWithDefaultTimeout()
 		Expect(ctr2Session).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", podName})
+		kube := podmanTest.Podman([]string{"kube", "generate", podName})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -665,7 +714,7 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(inspect.OutputToString()).To(ContainSubstring("100:200"))
 
 		outputFile := filepath.Join(podmanTest.RunRoot, "pod.yaml")
-		kube := podmanTest.Podman([]string{"generate", "kube", "-f", outputFile, podName})
+		kube := podmanTest.Podman([]string{"kube", "generate", "-f", outputFile, podName})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -708,7 +757,7 @@ var _ = Describe("Podman generate kube", func() {
 		pod := new(v1.Pod)
 		err = yaml.Unmarshal(b, pod)
 		Expect(err).To(BeNil())
-		Expect(pod.Annotations).To(HaveKeyWithValue(define.BindMountPrefix+vol1, HaveSuffix("z")))
+		Expect(pod.Annotations).To(HaveKeyWithValue(define.BindMountPrefix, vol1+":"+"z"))
 
 		rm := podmanTest.Podman([]string{"pod", "rm", "-t", "0", "-f", "test1"})
 		rm.WaitWithDefaultTimeout()
@@ -788,7 +837,7 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(session).Should(Exit(0))
 
 		outputFile := filepath.Join(podmanTest.RunRoot, "pod.yaml")
-		kube := podmanTest.Podman([]string{"generate", "kube", podName, "-f", outputFile})
+		kube := podmanTest.Podman([]string{"kube", "generate", podName, "-f", outputFile})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -857,7 +906,7 @@ var _ = Describe("Podman generate kube", func() {
 		pod2.WaitWithDefaultTimeout()
 		Expect(pod2).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", "top1", "top2"})
+		kube := podmanTest.Podman([]string{"kube", "generate", "top1", "top2"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).To(ExitWithError())
 	})
@@ -911,7 +960,7 @@ var _ = Describe("Podman generate kube", func() {
 		top.WaitWithDefaultTimeout()
 		Expect(top).Should(Exit(0))
 
-		kube := podmanTest.Podman([]string{"generate", "kube", "pod1"})
+		kube := podmanTest.Podman([]string{"kube", "generate", "pod1"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -973,7 +1022,7 @@ var _ = Describe("Podman generate kube", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		kube = podmanTest.Podman([]string{"generate", "kube", "test1"})
+		kube = podmanTest.Podman([]string{"kube", "generate", "test1"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -1026,7 +1075,7 @@ ENTRYPOINT ["sleep"]`
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		kube = podmanTest.Podman([]string{"generate", "kube", "testpod-2"})
+		kube = podmanTest.Podman([]string{"kube", "generate", "testpod-2"})
 		kube.WaitWithDefaultTimeout()
 		Expect(kube).Should(Exit(0))
 
@@ -1228,4 +1277,27 @@ USER test1`
 
 		Expect(pod.Spec.Containers[0].Env).To(HaveLen(2))
 	})
+
+	It("podman generate kube omit secret if empty", func() {
+		dir, err := os.MkdirTemp(tempdir, "podman")
+		Expect(err).Should(BeNil())
+
+		defer os.RemoveAll(dir)
+
+		podCreate := podmanTest.Podman([]string{"run", "-d", "--pod", "new:" + "noSecretsPod", "--name", "noSecretsCtr", "--volume", dir + ":/foobar", ALPINE})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+
+		kube := podmanTest.Podman([]string{"generate", "kube", "noSecretsPod"})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		Expect(kube.OutputToString()).ShouldNot(ContainSubstring("secret"))
+
+		pod := new(v1.Pod)
+		err = yaml.Unmarshal(kube.Out.Contents(), pod)
+		Expect(err).To(BeNil())
+
+		Expect(pod.Spec.Volumes[0].Secret).To(BeNil())
+	})
 })
diff --git a/test/e2e/generate_spec_test.go b/test/e2e/generate_spec_test.go
new file mode 100644
index 000000000..9188b5222
--- /dev/null
+++ b/test/e2e/generate_spec_test.go
@@ -0,0 +1,82 @@
+package integration
+
+import (
+	"os"
+	"path/filepath"
+
+	. "github.com/containers/podman/v4/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gexec"
+)
+
+var _ = Describe("Podman generate spec", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		SkipIfRemote("podman generate spec is not supported on the remote client")
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+
+	})
+
+	It("podman generate spec bogus should fail", func() {
+		session := podmanTest.Podman([]string{"generate", "spec", "foobar"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitWithError())
+	})
+
+	It("podman generate spec basic usage", func() {
+		SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
+		session := podmanTest.Podman([]string{"create", "--cpus", "5", "--name", "specgen", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"generate", "spec", "--compact", "specgen"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+	})
+
+	It("podman generate spec file", func() {
+		SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
+		session := podmanTest.Podman([]string{"create", "--cpus", "5", "--name", "specgen", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"generate", "spec", "--filename", filepath.Join(tempdir, "out.json"), "specgen"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		path := filepath.Join(tempdir, "out.json")
+
+		exec := SystemExec("cat", []string{path})
+		exec.WaitWithDefaultTimeout()
+		Expect(exec.OutputToString()).Should(ContainSubstring("specgen-clone"))
+		Expect(exec.OutputToString()).Should(ContainSubstring("500000"))
+
+	})
+
+	It("generate spec pod", func() {
+		session := podmanTest.Podman([]string{"pod", "create", "--cpus", "5", "--name", "podspecgen"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"generate", "spec", "--compact", "podspecgen"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+	})
+})
diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go
index 45a2f1f86..347440faf 100644
--- a/test/e2e/generate_systemd_test.go
+++ b/test/e2e/generate_systemd_test.go
@@ -3,6 +3,7 @@ package integration
 import (
 	"io/ioutil"
 	"os"
+	"strings"
 
 	. "github.com/containers/podman/v4/test/utils"
 	. "github.com/onsi/ginkgo"
@@ -220,19 +221,20 @@ var _ = Describe("Podman generate systemd", func() {
 		Expect(session).Should(Exit(0))
 
 		// Grepping the output (in addition to unit tests)
-		Expect(session.OutputToString()).To(ContainSubstring("# pod-foo.service"))
-		Expect(session.OutputToString()).To(ContainSubstring("Requires=container-foo-1.service container-foo-2.service"))
-		Expect(session.OutputToString()).To(ContainSubstring("# container-foo-1.service"))
-		Expect(session.OutputToString()).To(ContainSubstring(" start foo-1"))
-		Expect(session.OutputToString()).To(ContainSubstring("-infra")) // infra container
-		Expect(session.OutputToString()).To(ContainSubstring("# container-foo-2.service"))
-		Expect(session.OutputToString()).To(ContainSubstring(" stop -t 42 foo-2"))
-		Expect(session.OutputToString()).To(ContainSubstring("BindsTo=pod-foo.service"))
-		Expect(session.OutputToString()).To(ContainSubstring("PIDFile="))
-		Expect(session.OutputToString()).To(ContainSubstring("/userdata/conmon.pid"))
-
+		output := session.OutputToString()
+		Expect(output).To(ContainSubstring("# pod-foo.service"))
+		Expect(output).To(ContainSubstring("Wants=container-foo-1.service container-foo-2.service"))
+		Expect(output).To(ContainSubstring("# container-foo-1.service"))
+		Expect(output).To(ContainSubstring(" start foo-1"))
+		Expect(output).To(ContainSubstring("-infra")) // infra container
+		Expect(output).To(ContainSubstring("# container-foo-2.service"))
+		Expect(output).To(ContainSubstring(" stop -t 42 foo-2"))
+		Expect(output).To(ContainSubstring("BindsTo=pod-foo.service"))
+		Expect(output).To(ContainSubstring("PIDFile="))
+		Expect(output).To(ContainSubstring("/userdata/conmon.pid"))
+		Expect(strings.Count(output, "RequiresMountsFor="+podmanTest.RunRoot)).To(Equal(3))
 		// The podman commands in the unit should not contain the root flags
-		Expect(session.OutputToString()).ToNot(ContainSubstring(" --runroot"))
+		Expect(output).ToNot(ContainSubstring(" --runroot"))
 	})
 
 	It("podman generate systemd pod --name --files", func() {
@@ -468,7 +470,7 @@ var _ = Describe("Podman generate systemd", func() {
 
 		// Grepping the output (in addition to unit tests)
 		Expect(session.OutputToString()).To(ContainSubstring("# p-foo.service"))
-		Expect(session.OutputToString()).To(ContainSubstring("Requires=container-foo-1.service container-foo-2.service"))
+		Expect(session.OutputToString()).To(ContainSubstring("Wants=container-foo-1.service container-foo-2.service"))
 		Expect(session.OutputToString()).To(ContainSubstring("# container-foo-1.service"))
 		Expect(session.OutputToString()).To(ContainSubstring("BindsTo=p-foo.service"))
 	})
@@ -492,7 +494,7 @@ var _ = Describe("Podman generate systemd", func() {
 
 		// Grepping the output (in addition to unit tests)
 		Expect(session.OutputToString()).To(ContainSubstring("# p_foo.service"))
-		Expect(session.OutputToString()).To(ContainSubstring("Requires=con_foo-1.service con_foo-2.service"))
+		Expect(session.OutputToString()).To(ContainSubstring("Wants=con_foo-1.service con_foo-2.service"))
 		Expect(session.OutputToString()).To(ContainSubstring("# con_foo-1.service"))
 		Expect(session.OutputToString()).To(ContainSubstring("# con_foo-2.service"))
 		Expect(session.OutputToString()).To(ContainSubstring("BindsTo=p_foo.service"))
@@ -518,7 +520,7 @@ var _ = Describe("Podman generate systemd", func() {
 
 		// Grepping the output (in addition to unit tests)
 		Expect(session1.OutputToString()).To(ContainSubstring("# foo.service"))
-		Expect(session1.OutputToString()).To(ContainSubstring("Requires=container-foo-1.service container-foo-2.service"))
+		Expect(session1.OutputToString()).To(ContainSubstring("Wants=container-foo-1.service container-foo-2.service"))
 		Expect(session1.OutputToString()).To(ContainSubstring("# container-foo-1.service"))
 		Expect(session1.OutputToString()).To(ContainSubstring("BindsTo=foo.service"))
 
@@ -529,7 +531,7 @@ var _ = Describe("Podman generate systemd", func() {
 
 		// Grepping the output (in addition to unit tests)
 		Expect(session2.OutputToString()).To(ContainSubstring("# foo.service"))
-		Expect(session2.OutputToString()).To(ContainSubstring("Requires=foo-1.service foo-2.service"))
+		Expect(session2.OutputToString()).To(ContainSubstring("Wants=foo-1.service foo-2.service"))
 		Expect(session2.OutputToString()).To(ContainSubstring("# foo-1.service"))
 		Expect(session2.OutputToString()).To(ContainSubstring("# foo-2.service"))
 		Expect(session2.OutputToString()).To(ContainSubstring("BindsTo=foo.service"))
@@ -560,9 +562,9 @@ var _ = Describe("Podman generate systemd", func() {
 
 		// Grepping the output (in addition to unit tests)
 		Expect(session.OutputToString()).To(ContainSubstring("# pod-foo.service"))
-		Expect(session.OutputToString()).To(ContainSubstring("Requires=container-foo-1.service container-foo-2.service"))
+		Expect(session.OutputToString()).To(ContainSubstring("Wants=container-foo-1.service container-foo-2.service"))
 		Expect(session.OutputToString()).To(ContainSubstring("BindsTo=pod-foo.service"))
-		Expect(session.OutputToString()).To(ContainSubstring("pod create --infra-conmon-pidfile %t/pod-foo.pid --pod-id-file %t/pod-foo.pod-id --name foo"))
+		Expect(session.OutputToString()).To(ContainSubstring("pod create --infra-conmon-pidfile %t/pod-foo.pid --pod-id-file %t/pod-foo.pod-id --exit-policy=stop --name foo"))
 		Expect(session.OutputToString()).To(ContainSubstring("ExecStartPre=/bin/rm -f %t/pod-foo.pid %t/pod-foo.pod-id"))
 		Expect(session.OutputToString()).To(ContainSubstring("pod stop --ignore --pod-id-file %t/pod-foo.pod-id -t 10"))
 		Expect(session.OutputToString()).To(ContainSubstring("pod rm --ignore -f --pod-id-file %t/pod-foo.pod-id"))
@@ -600,4 +602,75 @@ var _ = Describe("Podman generate systemd", func() {
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToString()).To(ContainSubstring(" --label key={{someval}}"))
 	})
+
+	It("podman generate systemd --env", func() {
+		session := podmanTest.RunTopContainer("test")
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "foo=bar", "-e", "hoge=fuga", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("Environment=foo=bar"))
+		Expect(session.OutputToString()).To(ContainSubstring("Environment=hoge=fuga"))
+
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "=bar", "-e", "hoge=fuga", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("invalid environment variable"))
+
+		// Use -e/--env option with --new option
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "foo=bar", "-e", "hoge=fuga", "--new", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("Environment=foo=bar"))
+		Expect(session.OutputToString()).To(ContainSubstring("Environment=hoge=fuga"))
+
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "foo=bar", "-e", "=fuga", "--new", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("invalid environment variable"))
+
+		// Escape systemd arguments
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "BAR=my test", "-e", "USER=%a", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("\"BAR=my test\""))
+		Expect(session.OutputToString()).To(ContainSubstring("USER=%%a"))
+
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "BAR=my test", "-e", "USER=%a", "--new", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("\"BAR=my test\""))
+		Expect(session.OutputToString()).To(ContainSubstring("USER=%%a"))
+
+		// Specify the environment variables without a value
+		os.Setenv("FOO1", "BAR1")
+		os.Setenv("FOO2", "BAR2")
+		os.Setenv("FOO3", "BAR3")
+		defer os.Unsetenv("FOO1")
+		defer os.Unsetenv("FOO2")
+		defer os.Unsetenv("FOO3")
+
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "FOO1", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("BAR1"))
+		Expect(session.OutputToString()).NotTo(ContainSubstring("BAR2"))
+		Expect(session.OutputToString()).NotTo(ContainSubstring("BAR3"))
+
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "FOO*", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("BAR1"))
+		Expect(session.OutputToString()).To(ContainSubstring("BAR2"))
+		Expect(session.OutputToString()).To(ContainSubstring("BAR3"))
+
+		session = podmanTest.Podman([]string{"generate", "systemd", "--env", "FOO*", "--new", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("BAR1"))
+		Expect(session.OutputToString()).To(ContainSubstring("BAR2"))
+		Expect(session.OutputToString()).To(ContainSubstring("BAR3"))
+	})
 })
diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go
index fd4e763f9..969f83b19 100644
--- a/test/e2e/healthcheck_run_test.go
+++ b/test/e2e/healthcheck_run_test.go
@@ -317,6 +317,12 @@ HEALTHCHECK CMD ls -l / 2>&1`, ALPINE)
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
+		// Check if image inspect contains CMD-SHELL generated by healthcheck.
+		session = podmanTest.Podman([]string{"image", "inspect", "--format", "{{.Config.Healthcheck}}", "test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("CMD-SHELL"))
+
 		run := podmanTest.Podman([]string{"run", "-dt", "--name", "hctest", "test", "ls"})
 		run.WaitWithDefaultTimeout()
 		Expect(run).Should(Exit(0))
diff --git a/test/e2e/image_scp_test.go b/test/e2e/image_scp_test.go
index 77fe810bd..2c275d974 100644
--- a/test/e2e/image_scp_test.go
+++ b/test/e2e/image_scp_test.go
@@ -3,9 +3,11 @@ package integration
 import (
 	"io/ioutil"
 	"os"
+	"path/filepath"
 
 	"github.com/containers/common/pkg/config"
 	. "github.com/containers/podman/v4/test/utils"
+	"github.com/containers/storage/pkg/homedir"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gexec"
@@ -56,6 +58,9 @@ var _ = Describe("podman image scp", func() {
 	})
 
 	It("podman image scp with proper connection", func() {
+		if _, err := os.Stat(filepath.Join(homedir.Get(), ".ssh", "known_hosts")); err != nil {
+			Skip("known_hosts does not exist or is not accessible")
+		}
 		cmd := []string{"system", "connection", "add",
 			"--default",
 			"QA",
diff --git a/test/e2e/image_sign_test.go b/test/e2e/image_sign_test.go
index 3c819a7d2..5568acc01 100644
--- a/test/e2e/image_sign_test.go
+++ b/test/e2e/image_sign_test.go
@@ -1,7 +1,6 @@
 package integration
 
 import (
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -69,7 +68,7 @@ var _ = Describe("Podman image sign", func() {
 		session := podmanTest.Podman([]string{"image", "sign", "--all", "--directory", sigDir, "--sign-by", "foo@bar.com", "docker://library/alpine"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		fInfos, err := ioutil.ReadDir(filepath.Join(sigDir, "library"))
+		fInfos, err := os.ReadDir(filepath.Join(sigDir, "library"))
 		Expect(err).To(BeNil())
 		Expect(len(fInfos)).To(BeNumerically(">", 1), "len(fInfos)")
 	})
diff --git a/test/e2e/init_test.go b/test/e2e/init_test.go
index ccc102fa3..25b9e079a 100644
--- a/test/e2e/init_test.go
+++ b/test/e2e/init_test.go
@@ -52,6 +52,7 @@ var _ = Describe("Podman init", func() {
 		init := podmanTest.Podman([]string{"init", cid})
 		init.WaitWithDefaultTimeout()
 		Expect(init).Should(Exit(0))
+		Expect(init.OutputToString()).To(Equal(cid))
 		result := podmanTest.Podman([]string{"inspect", cid})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
@@ -67,6 +68,7 @@ var _ = Describe("Podman init", func() {
 		init := podmanTest.Podman([]string{"init", name})
 		init.WaitWithDefaultTimeout()
 		Expect(init).Should(Exit(0))
+		Expect(init.OutputToString()).To(Equal(name))
 		result := podmanTest.Podman([]string{"inspect", name})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
@@ -79,9 +81,11 @@ var _ = Describe("Podman init", func() {
 		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
 		init := podmanTest.Podman([]string{"init", "--latest"})
 		init.WaitWithDefaultTimeout()
 		Expect(init).Should(Exit(0))
+		Expect(init.OutputToString()).To(Equal(cid))
 		result := podmanTest.Podman([]string{"inspect", "--latest"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
@@ -93,15 +97,21 @@ var _ = Describe("Podman init", func() {
 		session := podmanTest.Podman([]string{"create", "--name", "test1", ALPINE, "ls"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
 		session2 := podmanTest.Podman([]string{"create", "--name", "test2", ALPINE, "ls"})
 		session2.WaitWithDefaultTimeout()
 		Expect(session2).Should(Exit(0))
+		cid2 := session2.OutputToString()
 		session3 := podmanTest.Podman([]string{"run", "--name", "test3", "-d", ALPINE, "top"})
 		session3.WaitWithDefaultTimeout()
 		Expect(session3).Should(Exit(0))
+		cid3 := session3.OutputToString()
 		init := podmanTest.Podman([]string{"init", "--all"})
 		init.WaitWithDefaultTimeout()
 		Expect(init).Should(Exit(0))
+		Expect(init.OutputToString()).To(ContainSubstring(cid))
+		Expect(init.OutputToString()).To(ContainSubstring(cid2))
+		Expect(init.OutputToString()).To(ContainSubstring(cid3))
 		result := podmanTest.Podman([]string{"inspect", "test1"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go
index 3ae130c6d..60c53e27e 100644
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@@ -52,15 +52,15 @@ var _ = Describe("Podman login and logout", func() {
 			}
 		}
 
-		session := podmanTest.Podman([]string{"run", "--entrypoint", "htpasswd", "registry:2.6", "-Bbn", "podmantest", "test"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
+		htpasswd := SystemExec("htpasswd", []string{"-Bbn", "podmantest", "test"})
+		htpasswd.WaitWithDefaultTimeout()
+		Expect(htpasswd).Should(Exit(0))
 
 		f, err := os.Create(filepath.Join(authPath, "htpasswd"))
 		Expect(err).ToNot(HaveOccurred())
 		defer f.Close()
 
-		_, err = f.WriteString(session.OutputToString())
+		_, err = f.WriteString(htpasswd.OutputToString())
 		Expect(err).ToNot(HaveOccurred())
 		err = f.Sync()
 		Expect(err).ToNot(HaveOccurred())
@@ -80,12 +80,12 @@ var _ = Describe("Podman login and logout", func() {
 		setup := SystemExec("cp", []string{filepath.Join(certPath, "domain.crt"), filepath.Join(certDirPath, "ca.crt")})
 		setup.WaitWithDefaultTimeout()
 
-		session = podmanTest.Podman([]string{"run", "-d", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"),
+		session := podmanTest.Podman([]string{"run", "-d", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"),
 			"-e", strings.Join([]string{"REGISTRY_HTTP_ADDR=0.0.0.0", strconv.Itoa(port)}, ":"), "--name", "registry", "-v",
 			strings.Join([]string{authPath, "/auth:Z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
 			"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
 			"-v", strings.Join([]string{certPath, "/certs:Z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
-			"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
+			"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", REGISTRY_IMAGE})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
@@ -249,7 +249,7 @@ var _ = Describe("Podman login and logout", func() {
 			strings.Join([]string{authPath, "/auth:z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
 			"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
 			"-v", strings.Join([]string{certPath, "/certs:z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
-			"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
+			"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", REGISTRY_IMAGE})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
diff --git a/test/e2e/logs_test.go b/test/e2e/logs_test.go
index 14dd6b6b8..c680cae2a 100644
--- a/test/e2e/logs_test.go
+++ b/test/e2e/logs_test.go
@@ -376,7 +376,7 @@ var _ = Describe("Podman logs", func() {
 			skipIfJournaldInContainer()
 
 			cname := "log-test"
-			content := stringid.GenerateNonCryptoID()
+			content := stringid.GenerateRandomID()
 			// use printf to print no extra newline
 			logc := podmanTest.Podman([]string{"run", "--log-driver", log, "--name", cname, ALPINE, "printf", content})
 			logc.WaitWithDefaultTimeout()
diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go
index 893210a1f..e38499257 100644
--- a/test/e2e/manifest_test.go
+++ b/test/e2e/manifest_test.go
@@ -46,9 +46,23 @@ var _ = Describe("Podman manifest", func() {
 		processTestResult(f)
 	})
 	It("create w/o image", func() {
-		session := podmanTest.Podman([]string{"manifest", "create", "foo"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
+		for _, amend := range []string{"--amend", "-a"} {
+			session := podmanTest.Podman([]string{"manifest", "create", "foo"})
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(0))
+
+			session = podmanTest.Podman([]string{"manifest", "create", "foo"})
+			session.WaitWithDefaultTimeout()
+			Expect(session).To(ExitWithError())
+
+			session = podmanTest.Podman([]string{"manifest", "create", amend, "foo"})
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(0))
+
+			session = podmanTest.Podman([]string{"manifest", "rm", "foo"})
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(0))
+		}
 	})
 
 	It("create w/ image", func() {
@@ -173,13 +187,15 @@ var _ = Describe("Podman manifest", func() {
 		session = podmanTest.Podman([]string{"manifest", "add", "foo", imageListInstance})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		session = podmanTest.Podman([]string{"manifest", "annotate", "--arch", "bar", "foo", imageListARM64InstanceDigest})
+		session = podmanTest.Podman([]string{"manifest", "annotate", "--annotation", "hello=world", "--arch", "bar", "foo", imageListARM64InstanceDigest})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		session = podmanTest.Podman([]string{"manifest", "inspect", "foo"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToString()).To(ContainSubstring(`"architecture": "bar"`))
+		// Check added annotation
+		Expect(session.OutputToString()).To(ContainSubstring(`"hello": "world"`))
 	})
 
 	It("remove digest", func() {
@@ -316,7 +332,7 @@ var _ = Describe("Podman manifest", func() {
 
 		blobsDir := filepath.Join(dest, "blobs", "sha256")
 
-		blobs, err := ioutil.ReadDir(blobsDir)
+		blobs, err := os.ReadDir(blobsDir)
 		Expect(err).To(BeNil())
 
 		for _, f := range blobs {
@@ -334,6 +350,33 @@ var _ = Describe("Podman manifest", func() {
 		Expect(foundZstdFile).To(BeTrue())
 	})
 
+	It("push progress", func() {
+		SkipIfRemote("manifest push to dir not supported in remote mode")
+
+		session := podmanTest.Podman([]string{"manifest", "create", "foo", imageList})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		dest := filepath.Join(podmanTest.TempDir, "pushed")
+		err := os.MkdirAll(dest, os.ModePerm)
+		Expect(err).To(BeNil())
+		defer func() {
+			os.RemoveAll(dest)
+		}()
+
+		session = podmanTest.Podman([]string{"push", "foo", "-q", "dir:" + dest})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.ErrorToString()).To(BeEmpty())
+
+		session = podmanTest.Podman([]string{"push", "foo", "dir:" + dest})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		output := session.ErrorToString()
+		Expect(output).To(ContainSubstring("Writing manifest list to image destination"))
+		Expect(output).To(ContainSubstring("Storing list signatures"))
+	})
+
 	It("authenticated push", func() {
 		registryOptions := &podmanRegistry.Options{
 			Image: "docker-archive:" + imageTarPath(REGISTRY_IMAGE),
@@ -377,6 +420,11 @@ var _ = Describe("Podman manifest", func() {
 		push = podmanTest.Podman([]string{"manifest", "push", "--tls-verify=false", "--creds=" + registry.User + ":" + registry.Password, "foo", "localhost:" + registry.Port + "/credstest"})
 		push.WaitWithDefaultTimeout()
 		Expect(push).Should(Exit(0))
+		output := push.ErrorToString()
+		Expect(output).To(ContainSubstring("Copying blob "))
+		Expect(output).To(ContainSubstring("Copying config "))
+		Expect(output).To(ContainSubstring("Writing manifest to image destination"))
+		Expect(output).To(ContainSubstring("Storing signatures"))
 
 		push = podmanTest.Podman([]string{"manifest", "push", "--tls-verify=false", "--creds=podmantest:wrongpasswd", "foo", "localhost:" + registry.Port + "/credstest"})
 		push.WaitWithDefaultTimeout()
diff --git a/test/e2e/mount_rootless_test.go b/test/e2e/mount_rootless_test.go
index 994a5899b..b0452deda 100644
--- a/test/e2e/mount_rootless_test.go
+++ b/test/e2e/mount_rootless_test.go
@@ -52,9 +52,16 @@ var _ = Describe("Podman mount", func() {
 		Expect(setup).Should(Exit(0))
 		cid := setup.OutputToString()
 
-		session := podmanTest.Podman([]string{"unshare", PODMAN_BINARY, "mount", cid})
+		// command: podman <options> unshare podman <options> mount cid
+		args := []string{"unshare", podmanTest.PodmanBinary}
+		opts := podmanTest.PodmanMakeOptions([]string{"mount", cid}, false, false)
+		args = append(args, opts...)
+
+		// container root file system location is /tmp/... because "--root /tmp/..."
+		session := podmanTest.Podman(args)
 		session.WaitWithDefaultTimeout()
-		Expect(setup).Should(Exit(0))
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("/tmp"))
 	})
 
 	It("podman image mount", func() {
@@ -71,8 +78,15 @@ var _ = Describe("Podman mount", func() {
 		setup.WaitWithDefaultTimeout()
 		Expect(setup).Should(Exit(0))
 
-		session := podmanTest.Podman([]string{"unshare", PODMAN_BINARY, "image", "mount", ALPINE})
+		// command: podman <options> unshare podman <options> image mount ALPINE
+		args := []string{"unshare", podmanTest.PodmanBinary}
+		opts := podmanTest.PodmanMakeOptions([]string{"image", "mount", ALPINE}, false, false)
+		args = append(args, opts...)
+
+		// image location is /tmp/... because "--root /tmp/..."
+		session := podmanTest.Podman(args)
 		session.WaitWithDefaultTimeout()
-		Expect(setup).Should(Exit(0))
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("/tmp"))
 	})
 })
diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go
index ece1b519d..6e6a7fb39 100644
--- a/test/e2e/network_connect_disconnect_test.go
+++ b/test/e2e/network_connect_disconnect_test.go
@@ -41,7 +41,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("bad container name in network disconnect should result in error", func() {
-		netName := "aliasTest" + stringid.GenerateNonCryptoID()
+		netName := "aliasTest" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -53,7 +53,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("network disconnect with net mode slirp4netns should result in error", func() {
-		netName := "slirp" + stringid.GenerateNonCryptoID()
+		netName := "slirp" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -72,7 +72,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 
 	It("podman network disconnect", func() {
 		SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1")
-		netName := "aliasTest" + stringid.GenerateNonCryptoID()
+		netName := "aliasTest" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -128,7 +128,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("bad container name in network connect should result in error", func() {
-		netName := "aliasTest" + stringid.GenerateNonCryptoID()
+		netName := "aliasTest" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -140,7 +140,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("network connect with net mode slirp4netns should result in error", func() {
-		netName := "slirp" + stringid.GenerateNonCryptoID()
+		netName := "slirp" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -157,8 +157,8 @@ var _ = Describe("Podman network connect and disconnect", func() {
 		Expect(con.ErrorToString()).To(ContainSubstring(`"slirp4netns" is not supported: invalid network mode`))
 	})
 
-	It("podman connect on a container that already is connected to the network should error", func() {
-		netName := "aliasTest" + stringid.GenerateNonCryptoID()
+	It("podman connect on a container that already is connected to the network should error after init", func() {
+		netName := "aliasTest" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -177,12 +177,20 @@ var _ = Describe("Podman network connect and disconnect", func() {
 
 		con := podmanTest.Podman([]string{"network", "connect", netName, "test"})
 		con.WaitWithDefaultTimeout()
-		Expect(con).Should(ExitWithError())
+		Expect(con).Should(Exit(0))
+
+		init := podmanTest.Podman([]string{"init", "test"})
+		init.WaitWithDefaultTimeout()
+		Expect(init).Should(Exit(0))
+
+		con2 := podmanTest.Podman([]string{"network", "connect", netName, "test"})
+		con2.WaitWithDefaultTimeout()
+		Expect(con2).Should(ExitWithError())
 	})
 
 	It("podman network connect", func() {
 		SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1")
-		netName := "aliasTest" + stringid.GenerateNonCryptoID()
+		netName := "aliasTest" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -198,7 +206,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 		Expect(exec).Should(Exit(0))
 
 		// Create a second network
-		newNetName := "aliasTest" + stringid.GenerateNonCryptoID()
+		newNetName := "aliasTest" + stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", newNetName, "--subnet", "10.11.100.0/24"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -256,13 +264,13 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("podman network connect when not running", func() {
-		netName1 := "connect1" + stringid.GenerateNonCryptoID()
+		netName1 := "connect1" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName1})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		defer podmanTest.removeNetwork(netName1)
 
-		netName2 := "connect2" + stringid.GenerateNonCryptoID()
+		netName2 := "connect2" + stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", netName2})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -295,7 +303,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("podman network connect and run with network ID", func() {
-		netName := "ID" + stringid.GenerateNonCryptoID()
+		netName := "ID" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -315,7 +323,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 		Expect(exec).Should(Exit(0))
 
 		// Create a second network
-		newNetName := "ID2" + stringid.GenerateNonCryptoID()
+		newNetName := "ID2" + stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", newNetName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -342,13 +350,13 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("podman network disconnect when not running", func() {
-		netName1 := "aliasTest" + stringid.GenerateNonCryptoID()
+		netName1 := "aliasTest" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName1})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		defer podmanTest.removeNetwork(netName1)
 
-		netName2 := "aliasTest" + stringid.GenerateNonCryptoID()
+		netName2 := "aliasTest" + stringid.GenerateRandomID()
 		session2 := podmanTest.Podman([]string{"network", "create", netName2})
 		session2.WaitWithDefaultTimeout()
 		Expect(session2).Should(Exit(0))
@@ -387,7 +395,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("podman network disconnect and run with network ID", func() {
-		netName := "aliasTest" + stringid.GenerateNonCryptoID()
+		netName := "aliasTest" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
index 69966b07e..f7855581b 100644
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -41,7 +41,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with name and subnet", func() {
-		netName := "subnet-" + stringid.GenerateNonCryptoID()
+		netName := "subnet-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ip-range", "10.11.12.0/26", netName})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName)
@@ -84,7 +84,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with name and IPv6 subnet", func() {
-		netName := "ipv6-" + stringid.GenerateNonCryptoID()
+		netName := "ipv6-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:1:2:3:4::/64", netName})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName)
@@ -123,7 +123,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with name and IPv6 flag (dual-stack)", func() {
-		netName := "dual-" + stringid.GenerateNonCryptoID()
+		netName := "dual-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:3:2::/64", "--ipv6", netName})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName)
@@ -156,7 +156,7 @@ var _ = Describe("Podman network create", func() {
 
 		// create a second network to check the auto assigned ipv4 subnet does not overlap
 		// https://github.com/containers/podman/issues/11032
-		netName2 := "dual-" + stringid.GenerateNonCryptoID()
+		netName2 := "dual-" + stringid.GenerateRandomID()
 		nc = podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:10:3:2::/64", "--ipv6", netName2})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName2)
@@ -204,13 +204,13 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with invalid subnet", func() {
-		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", stringid.GenerateNonCryptoID()})
+		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", stringid.GenerateRandomID()})
 		nc.WaitWithDefaultTimeout()
 		Expect(nc).To(ExitWithError())
 	})
 
 	It("podman network create with ipv4 subnet and ipv6 flag", func() {
-		name := stringid.GenerateNonCryptoID()
+		name := stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ipv6", name})
 		nc.WaitWithDefaultTimeout()
 		Expect(nc).To(Exit(0))
@@ -224,7 +224,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with empty subnet and ipv6 flag", func() {
-		name := stringid.GenerateNonCryptoID()
+		name := stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--ipv6", name})
 		nc.WaitWithDefaultTimeout()
 		Expect(nc).To(Exit(0))
@@ -238,19 +238,19 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with invalid IP", func() {
-		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", stringid.GenerateNonCryptoID()})
+		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", stringid.GenerateRandomID()})
 		nc.WaitWithDefaultTimeout()
 		Expect(nc).To(ExitWithError())
 	})
 
 	It("podman network create with invalid gateway for subnet", func() {
-		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--gateway", "192.168.1.1", stringid.GenerateNonCryptoID()})
+		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--gateway", "192.168.1.1", stringid.GenerateRandomID()})
 		nc.WaitWithDefaultTimeout()
 		Expect(nc).To(ExitWithError())
 	})
 
 	It("podman network create two networks with same name should fail", func() {
-		netName := "same-" + stringid.GenerateNonCryptoID()
+		netName := "same-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", netName})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName)
@@ -262,13 +262,13 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create two networks with same subnet should fail", func() {
-		netName1 := "sub1-" + stringid.GenerateNonCryptoID()
+		netName1 := "sub1-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", netName1})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName1)
 		Expect(nc).Should(Exit(0))
 
-		netName2 := "sub2-" + stringid.GenerateNonCryptoID()
+		netName2 := "sub2-" + stringid.GenerateRandomID()
 		ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", netName2})
 		ncFail.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName2)
@@ -276,13 +276,13 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create two IPv6 networks with same subnet should fail", func() {
-		netName1 := "subipv61-" + stringid.GenerateNonCryptoID()
+		netName1 := "subipv61-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", netName1})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName1)
 		Expect(nc).Should(Exit(0))
 
-		netName2 := "subipv62-" + stringid.GenerateNonCryptoID()
+		netName2 := "subipv62-" + stringid.GenerateRandomID()
 		ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", netName2})
 		ncFail.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName2)
@@ -296,7 +296,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with mtu option", func() {
-		net := "mtu-test" + stringid.GenerateNonCryptoID()
+		net := "mtu-test" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--opt", "mtu=9000", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -309,7 +309,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with vlan option", func() {
-		net := "vlan-test" + stringid.GenerateNonCryptoID()
+		net := "vlan-test" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--opt", "vlan=9", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -322,7 +322,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with invalid option", func() {
-		net := "invalid-test" + stringid.GenerateNonCryptoID()
+		net := "invalid-test" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--opt", "foo=bar", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -331,7 +331,7 @@ var _ = Describe("Podman network create", func() {
 
 	It("podman CNI network create with internal should not have dnsname", func() {
 		SkipIfNetavark(podmanTest)
-		net := "internal-test" + stringid.GenerateNonCryptoID()
+		net := "internal-test" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -349,7 +349,7 @@ var _ = Describe("Podman network create", func() {
 
 	It("podman Netavark network create with internal should have dnsname", func() {
 		SkipIfCNI(podmanTest)
-		net := "internal-test" + stringid.GenerateNonCryptoID()
+		net := "internal-test" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -375,7 +375,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with multiple subnets", func() {
-		name := "subnets-" + stringid.GenerateNonCryptoID()
+		name := "subnets-" + stringid.GenerateRandomID()
 		subnet1 := "10.10.0.0/24"
 		subnet2 := "10.10.1.0/24"
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", subnet1, "--subnet", subnet2, name})
@@ -393,7 +393,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with multiple subnets dual stack", func() {
-		name := "subnets-" + stringid.GenerateNonCryptoID()
+		name := "subnets-" + stringid.GenerateRandomID()
 		subnet1 := "10.10.2.0/24"
 		subnet2 := "fd52:2a5a:747e:3acd::/64"
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", subnet1, "--subnet", subnet2, name})
@@ -411,7 +411,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create with multiple subnets dual stack with gateway and range", func() {
-		name := "subnets-" + stringid.GenerateNonCryptoID()
+		name := "subnets-" + stringid.GenerateRandomID()
 		subnet1 := "10.10.3.0/24"
 		gw1 := "10.10.3.10"
 		range1 := "10.10.3.0/26"
@@ -436,7 +436,7 @@ var _ = Describe("Podman network create", func() {
 	})
 
 	It("podman network create invalid options with multiple subnets", func() {
-		name := "subnets-" + stringid.GenerateNonCryptoID()
+		name := "subnets-" + stringid.GenerateRandomID()
 		subnet1 := "10.10.3.0/24"
 		gw1 := "10.10.3.10"
 		gw2 := "fd52:2a5a:747e:3acf::10"
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index d4f60d3e4..b2f50ca55 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -113,7 +113,7 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman network list --filter labels", func() {
-		net1 := "labelnet" + stringid.GenerateNonCryptoID()
+		net1 := "labelnet" + stringid.GenerateRandomID()
 		label1 := "testlabel1=abc"
 		label2 := "abcdef"
 		session := podmanTest.Podman([]string{"network", "create", "--label", label1, net1})
@@ -121,7 +121,7 @@ var _ = Describe("Podman network", func() {
 		defer podmanTest.removeNetwork(net1)
 		Expect(session).Should(Exit(0))
 
-		net2 := "labelnet" + stringid.GenerateNonCryptoID()
+		net2 := "labelnet" + stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", "--label", label1, "--label", label2, net2})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net2)
@@ -141,7 +141,7 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman network list --filter invalid value", func() {
-		net := "net" + stringid.GenerateNonCryptoID()
+		net := "net" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -294,7 +294,7 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman inspect container single CNI network", func() {
-		netName := "net-" + stringid.GenerateNonCryptoID()
+		netName := "net-" + stringid.GenerateRandomID()
 		network := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.50.0/24", netName})
 		network.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName)
@@ -324,13 +324,13 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman inspect container two CNI networks (container not running)", func() {
-		netName1 := "net1-" + stringid.GenerateNonCryptoID()
+		netName1 := "net1-" + stringid.GenerateRandomID()
 		network1 := podmanTest.Podman([]string{"network", "create", netName1})
 		network1.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName1)
 		Expect(network1).Should(Exit(0))
 
-		netName2 := "net2-" + stringid.GenerateNonCryptoID()
+		netName2 := "net2-" + stringid.GenerateRandomID()
 		network2 := podmanTest.Podman([]string{"network", "create", netName2})
 		network2.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName2)
@@ -361,13 +361,13 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman inspect container two CNI networks", func() {
-		netName1 := "net1-" + stringid.GenerateNonCryptoID()
+		netName1 := "net1-" + stringid.GenerateRandomID()
 		network1 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.0/25", netName1})
 		network1.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName1)
 		Expect(network1).Should(Exit(0))
 
-		netName2 := "net2-" + stringid.GenerateNonCryptoID()
+		netName2 := "net2-" + stringid.GenerateRandomID()
 		network2 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.128/26", netName2})
 		network2.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName2)
@@ -403,7 +403,7 @@ var _ = Describe("Podman network", func() {
 
 	It("podman network remove after disconnect when container initially created with the network", func() {
 		container := "test"
-		network := "foo" + stringid.GenerateNonCryptoID()
+		network := "foo" + stringid.GenerateRandomID()
 
 		session := podmanTest.Podman([]string{"network", "create", network})
 		session.WaitWithDefaultTimeout()
@@ -430,7 +430,7 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman network remove --force with pod", func() {
-		netName := "net-" + stringid.GenerateNonCryptoID()
+		netName := "net-" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName)
@@ -466,13 +466,13 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman network remove with two networks", func() {
-		netName1 := "net1-" + stringid.GenerateNonCryptoID()
+		netName1 := "net1-" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", netName1})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName1)
 		Expect(session).Should(Exit(0))
 
-		netName2 := "net2-" + stringid.GenerateNonCryptoID()
+		netName2 := "net2-" + stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", netName2})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(netName2)
@@ -591,7 +591,7 @@ var _ = Describe("Podman network", func() {
 	It("podman network create/remove macvlan", func() {
 		// Netavark currently does not do dhcp so the this test fails
 		SkipIfNetavark(podmanTest)
-		net := "macvlan" + stringid.GenerateNonCryptoID()
+		net := "macvlan" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--macvlan", "lo", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -605,7 +605,7 @@ var _ = Describe("Podman network", func() {
 	It("podman network create/remove macvlan as driver (-d) no device name", func() {
 		// Netavark currently does not do dhcp so the this test fails
 		SkipIfNetavark(podmanTest)
-		net := "macvlan" + stringid.GenerateNonCryptoID()
+		net := "macvlan" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "-d", "macvlan", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -632,7 +632,7 @@ var _ = Describe("Podman network", func() {
 	It("podman network create/remove macvlan as driver (-d) with device name", func() {
 		// Netavark currently does not do dhcp so the this test fails
 		SkipIfNetavark(podmanTest)
-		net := "macvlan" + stringid.GenerateNonCryptoID()
+		net := "macvlan" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "-d", "macvlan", "-o", "parent=lo", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -659,7 +659,7 @@ var _ = Describe("Podman network", func() {
 	})
 
 	It("podman network exists", func() {
-		net := "net" + stringid.GenerateNonCryptoID()
+		net := "net" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -669,13 +669,13 @@ var _ = Describe("Podman network", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		session = podmanTest.Podman([]string{"network", "exists", stringid.GenerateNonCryptoID()})
+		session = podmanTest.Podman([]string{"network", "exists", stringid.GenerateRandomID()})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(1))
 	})
 
 	It("podman network create macvlan with network info and options", func() {
-		net := "macvlan" + stringid.GenerateNonCryptoID()
+		net := "macvlan" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "-d", "macvlan", "-o", "parent=lo", "-o", "mtu=1500", "--gateway", "192.168.1.254", "--subnet", "192.168.1.0/24", net})
 		nc.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -711,7 +711,7 @@ var _ = Describe("Podman network", func() {
 		if IsRemote() {
 			podmanTest.RestartRemoteService()
 		}
-		net1 := "macvlan" + stringid.GenerateNonCryptoID() + "net1"
+		net1 := "macvlan" + stringid.GenerateRandomID() + "net1"
 
 		nc := podmanTest.Podman([]string{"network", "create", net1})
 		nc.WaitWithDefaultTimeout()
@@ -764,7 +764,7 @@ var _ = Describe("Podman network", func() {
 		// Run a container on one of them
 		// Network Prune
 		// Check that one has been pruned, other remains
-		net := "macvlan" + stringid.GenerateNonCryptoID()
+		net := "macvlan" + stringid.GenerateRandomID()
 		net1 := net + "1"
 		net2 := net + "2"
 		nc := podmanTest.Podman([]string{"network", "create", net1})
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 1b4eefd45..26460c937 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -380,6 +380,9 @@ spec:
   restartPolicy: {{ .RestartPolicy }}
   hostname: {{ .Hostname }}
   hostNetwork: {{ .HostNetwork }}
+{{ if .HostUsers }}
+  hostUsers: {{ .HostUsers }}
+{{ end }}
   hostAliases:
 {{ range .HostAliases }}
   - hostnames:
@@ -509,6 +512,9 @@ spec:
   volumes:
   {{ range . }}
   - name: {{ .Name }}
+    {{- if (eq .VolumeType "EmptyDir") }}
+    emptyDir: {}
+    {{- end }}
     {{- if (eq .VolumeType "HostPath") }}
     hostPath:
       path: {{ .HostPath.Path }}
@@ -841,6 +847,7 @@ type Pod struct {
 	RestartPolicy   string
 	Hostname        string
 	HostNetwork     bool
+	HostUsers       *bool
 	HostAliases     []HostAlias
 	Ctrs            []*Ctr
 	InitCtrs        []*Ctr
@@ -965,6 +972,12 @@ func withHostNetwork() podOption {
 	}
 }
 
+func withHostUsers(val bool) podOption {
+	return func(pod *Pod) {
+		pod.HostUsers = &val
+	}
+}
+
 // Deployment describes the options a kube yaml can be configured at deployment level
 type Deployment struct {
 	Name        string
@@ -1242,12 +1255,15 @@ type ConfigMap struct {
 	Optional bool
 }
 
+type EmptyDir struct{}
+
 type Volume struct {
 	VolumeType string
 	Name       string
 	HostPath
 	PersistentVolumeClaim
 	ConfigMap
+	EmptyDir
 }
 
 // getHostPathVolume takes a type and a location for a HostPath
@@ -1289,6 +1305,14 @@ func getConfigMapVolume(vName string, items []map[string]string, optional bool)
 	}
 }
 
+func getEmptyDirVolume() *Volume {
+	return &Volume{
+		VolumeType: "EmptyDir",
+		Name:       defaultVolName,
+		EmptyDir:   EmptyDir{},
+	}
+}
+
 type Env struct {
 	Name      string
 	Value     string
@@ -2409,7 +2433,7 @@ spec:
 		err := generateKubeYaml("deployment", deployment, kubeYaml)
 		Expect(err).To(BeNil())
 
-		net := "playkube" + stringid.GenerateNonCryptoID()
+		net := "playkube" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.31.0/24", net})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -2451,8 +2475,8 @@ spec:
 		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())
 
-		net1 := "net1" + stringid.GenerateNonCryptoID()
-		net2 := "net2" + stringid.GenerateNonCryptoID()
+		net1 := "net1" + stringid.GenerateRandomID()
+		net2 := "net2" + stringid.GenerateRandomID()
 
 		net := podmanTest.Podman([]string{"network", "create", "--subnet", "10.0.11.0/24", net1})
 		net.WaitWithDefaultTimeout()
@@ -2482,7 +2506,7 @@ spec:
 
 	It("podman play kube test with network portbindings", func() {
 		ip := "127.0.0.100"
-		port := "5000"
+		port := "8087"
 		ctr := getCtr(withHostIP(ip, port), withImage(BB))
 
 		pod := getPod(withCtr(ctr))
@@ -2496,7 +2520,7 @@ spec:
 		inspect := podmanTest.Podman([]string{"port", getCtrNameInPod(pod)})
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect).Should(Exit(0))
-		Expect(inspect.OutputToString()).To(Equal("5000/tcp -> 127.0.0.100:5000"))
+		Expect(inspect.OutputToString()).To(Equal("8087/tcp -> 127.0.0.100:8087"))
 	})
 
 	It("podman play kube test with nonexistent empty HostPath type volume", func() {
@@ -2762,6 +2786,43 @@ VOLUME %s`, ALPINE, hostPathDir+"/")
 		Expect(kube).Should(Exit(0))
 	})
 
+	It("podman play kube with emptyDir volume", func() {
+		podName := "test-pod"
+		ctrName1 := "vol-test-ctr"
+		ctrName2 := "vol-test-ctr-2"
+		ctr1 := getCtr(withVolumeMount("/test-emptydir", false), withImage(BB), withName(ctrName1))
+		ctr2 := getCtr(withVolumeMount("/test-emptydir-2", false), withImage(BB), withName(ctrName2))
+		pod := getPod(withPodName(podName), withVolume(getEmptyDirVolume()), withCtr(ctr1), withCtr(ctr2))
+		err = generateKubeYaml("pod", pod, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		emptyDirCheck1 := podmanTest.Podman([]string{"exec", podName + "-" + ctrName1, "ls", "/test-emptydir"})
+		emptyDirCheck1.WaitWithDefaultTimeout()
+		Expect(emptyDirCheck1).Should(Exit(0))
+
+		emptyDirCheck2 := podmanTest.Podman([]string{"exec", podName + "-" + ctrName2, "ls", "/test-emptydir-2"})
+		emptyDirCheck2.WaitWithDefaultTimeout()
+		Expect(emptyDirCheck2).Should(Exit(0))
+
+		volList1 := podmanTest.Podman([]string{"volume", "ls", "-q"})
+		volList1.WaitWithDefaultTimeout()
+		Expect(volList1).Should(Exit(0))
+		Expect(volList1.OutputToString()).To(Equal(defaultVolName))
+
+		remove := podmanTest.Podman([]string{"pod", "rm", "-f", podName})
+		remove.WaitWithDefaultTimeout()
+		Expect(remove).Should(Exit(0))
+
+		volList2 := podmanTest.Podman([]string{"volume", "ls", "-q"})
+		volList2.WaitWithDefaultTimeout()
+		Expect(volList2).Should(Exit(0))
+		Expect(volList2.OutputToString()).To(Equal(""))
+	})
+
 	It("podman play kube applies labels to pods", func() {
 		var numReplicas int32 = 5
 		expectedLabelKey := "key1"
@@ -3732,8 +3793,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q
 		Expect((inspect.InspectContainerToJSON()[0]).HostConfig.LogConfig.Tag).To(Equal("{{.ImageName}}"))
 	})
 
-	// Check that --userns=auto creates a user namespace
-	It("podman play kube --userns=auto", func() {
+	It("podman play kube using a user namespace", func() {
 		u, err := user.Current()
 		Expect(err).To(BeNil())
 		name := u.Name
@@ -3780,6 +3840,26 @@ ENV OPENJ9_JAVA_OPTIONS=%q
 		usernsInCtr.WaitWithDefaultTimeout()
 		Expect(usernsInCtr).Should(Exit(0))
 		Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig))))
+
+		// Now try with hostUsers in the pod spec
+		for _, hostUsers := range []bool{true, false} {
+			pod = getPod(withHostUsers(hostUsers))
+			err = generateKubeYaml("pod", pod, kubeYaml)
+			Expect(err).To(BeNil())
+
+			kube = podmanTest.PodmanNoCache([]string{"play", "kube", "--replace", kubeYaml})
+			kube.WaitWithDefaultTimeout()
+			Expect(kube).Should(Exit(0))
+
+			usernsInCtr = podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "cat", "/proc/self/uid_map"})
+			usernsInCtr.WaitWithDefaultTimeout()
+			Expect(usernsInCtr).Should(Exit(0))
+			if hostUsers {
+				Expect(string(usernsInCtr.Out.Contents())).To(Equal(string(initialUsernsConfig)))
+			} else {
+				Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig))))
+			}
+		}
 	})
 
 	// Check the block devices are exposed inside container
diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go
index 351317cc5..cefdee40a 100644
--- a/test/e2e/pod_inspect_test.go
+++ b/test/e2e/pod_inspect_test.go
@@ -118,4 +118,21 @@ var _ = Describe("Podman pod inspect", func() {
 
 		Expect(inspectOut.OutputToString()).To(ContainSubstring(macAddr))
 	})
+
+	It("podman inspect two pods", func() {
+		_, ec, podid1 := podmanTest.CreatePod(nil)
+		Expect(ec).To(Equal(0))
+
+		_, ec, podid2 := podmanTest.CreatePod(nil)
+		Expect(ec).To(Equal(0))
+
+		inspect := podmanTest.Podman([]string{"pod", "inspect", podid1, podid2})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect).Should(Exit(0))
+		Expect(inspect.OutputToString()).To(BeValidJSON())
+		podData := inspect.InspectPodArrToJSON()
+		Expect(podData).To(HaveLen(2))
+		Expect(podData[0]).To(HaveField("ID", podid1))
+		Expect(podData[1]).To(HaveField("ID", podid2))
+	})
 })
diff --git a/test/e2e/pod_ps_test.go b/test/e2e/pod_ps_test.go
index 97ca5ff94..20335f322 100644
--- a/test/e2e/pod_ps_test.go
+++ b/test/e2e/pod_ps_test.go
@@ -294,7 +294,7 @@ var _ = Describe("Podman ps", func() {
 	})
 
 	It("podman pod ps filter network", func() {
-		net := stringid.GenerateNonCryptoID()
+		net := stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -333,12 +333,12 @@ var _ = Describe("Podman ps", func() {
 			Expect(session.OutputToString()).To(Equal("podman"))
 		}
 
-		net1 := stringid.GenerateNonCryptoID()
+		net1 := stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", net1})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		defer podmanTest.removeNetwork(net1)
-		net2 := stringid.GenerateNonCryptoID()
+		net2 := stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", net2})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
diff --git a/test/e2e/pod_rm_test.go b/test/e2e/pod_rm_test.go
index a5eab7eed..364ef54d5 100644
--- a/test/e2e/pod_rm_test.go
+++ b/test/e2e/pod_rm_test.go
@@ -318,4 +318,31 @@ var _ = Describe("Podman pod rm", func() {
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
 	})
+
+	It("podman pod rm pod with infra container and running container", func() {
+		podName := "testPod"
+		ctrName := "testCtr"
+
+		ctrAndPod := podmanTest.Podman([]string{"run", "-d", "--pod", fmt.Sprintf("new:%s", podName), "--name", ctrName, ALPINE, "top"})
+		ctrAndPod.WaitWithDefaultTimeout()
+		Expect(ctrAndPod).Should(Exit(0))
+
+		removePod := podmanTest.Podman([]string{"pod", "rm", "-a"})
+		removePod.WaitWithDefaultTimeout()
+		Expect(removePod).Should(Not(Exit(0)))
+
+		ps := podmanTest.Podman([]string{"pod", "ps"})
+		ps.WaitWithDefaultTimeout()
+		Expect(ps).Should(Exit(0))
+		Expect(ps.OutputToString()).To(ContainSubstring(podName))
+
+		removePodForce := podmanTest.Podman([]string{"pod", "rm", "-af"})
+		removePodForce.WaitWithDefaultTimeout()
+		Expect(removePodForce).Should(Exit(0))
+
+		ps2 := podmanTest.Podman([]string{"pod", "ps"})
+		ps2.WaitWithDefaultTimeout()
+		Expect(ps2).Should(Exit(0))
+		Expect(ps2.OutputToString()).To(Not(ContainSubstring(podName)))
+	})
 })
diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go
index 1100a5d90..cc037545c 100644
--- a/test/e2e/ps_test.go
+++ b/test/e2e/ps_test.go
@@ -817,7 +817,7 @@ var _ = Describe("Podman ps", func() {
 	})
 
 	It("podman ps filter network", func() {
-		net := stringid.GenerateNonCryptoID()
+		net := stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -860,12 +860,12 @@ var _ = Describe("Podman ps", func() {
 			Expect(actual).To(Equal("podman"))
 		}
 
-		net1 := stringid.GenerateNonCryptoID()
+		net1 := stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", net1})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		defer podmanTest.removeNetwork(net1)
-		net2 := stringid.GenerateNonCryptoID()
+		net2 := stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"network", "create", net2})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go
index 12f14fdc8..ba717f393 100644
--- a/test/e2e/pull_test.go
+++ b/test/e2e/pull_test.go
@@ -545,4 +545,18 @@ var _ = Describe("Podman pull", func() {
 		Expect(data[0]).To(HaveField("Os", runtime.GOOS))
 		Expect(data[0]).To(HaveField("Architecture", "arm64"))
 	})
+
+	It("podman pull progress", func() {
+		session := podmanTest.Podman([]string{"pull", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		output := session.ErrorToString()
+		Expect(output).To(ContainSubstring("Getting image source signatures"))
+		Expect(output).To(ContainSubstring("Copying blob "))
+
+		session = podmanTest.Podman([]string{"pull", "-q", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.ErrorToString()).To(BeEmpty())
+	})
 })
diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go
index f2a103f6b..a73b7c87b 100644
--- a/test/e2e/push_test.go
+++ b/test/e2e/push_test.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 
@@ -77,7 +78,7 @@ var _ = Describe("Podman push", func() {
 
 		blobsDir := filepath.Join(bbdir, "blobs/sha256")
 
-		blobs, err := ioutil.ReadDir(blobsDir)
+		blobs, err := os.ReadDir(blobsDir)
 		Expect(err).To(BeNil())
 
 		for _, f := range blobs {
@@ -136,6 +137,45 @@ var _ = Describe("Podman push", func() {
 			Expect(fi.Name()).To(Equal("digestfile.txt"))
 			Expect(push2).Should(Exit(0))
 		}
+
+		if !IsRemote() { // Remote does not support signing
+			By("pushing and pulling with sigstore signatures")
+			// Ideally, this should set SystemContext.RegistriesDirPath, but Podman currently doesn’t
+			// expose that as an option. So, for now, modify /etc/directly, and skip testing sigstore if
+			// we don’t have permission to do so.
+			systemRegistriesDAddition := "/etc/containers/registries.d/podman-test-only-temporary-addition.yaml"
+			cmd := exec.Command("cp", "testdata/sigstore-registries.d-fragment.yaml", systemRegistriesDAddition)
+			output, err := cmd.CombinedOutput()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Skipping sigstore tests because /etc/containers/registries.d isn’t writable: %s", string(output))
+			} else {
+				defer func() {
+					err := os.Remove(systemRegistriesDAddition)
+					Expect(err).ToNot(HaveOccurred())
+				}()
+
+				// Verify that the policy rejects unsigned images
+				push := podmanTest.Podman([]string{"push", "-q", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/sigstore-signed"})
+				push.WaitWithDefaultTimeout()
+				Expect(push).Should(Exit(0))
+				Expect(len(push.ErrorToString())).To(Equal(0))
+
+				pull := podmanTest.Podman([]string{"pull", "-q", "--tls-verify=false", "--signature-policy", "sign/policy.json", "localhost:5000/sigstore-signed"})
+				pull.WaitWithDefaultTimeout()
+				Expect(pull).To(ExitWithError())
+				Expect(pull.ErrorToString()).To(ContainSubstring("A signature was required, but no signature exists"))
+
+				// Sign an image, and verify it is accepted.
+				push = podmanTest.Podman([]string{"push", "-q", "--tls-verify=false", "--remove-signatures", "--sign-by-sigstore-private-key", "testdata/sigstore-key.key", "--sign-passphrase-file", "testdata/sigstore-key.key.pass", ALPINE, "localhost:5000/sigstore-signed"})
+				push.WaitWithDefaultTimeout()
+				Expect(push).Should(Exit(0))
+				Expect(len(push.ErrorToString())).To(Equal(0))
+
+				pull = podmanTest.Podman([]string{"pull", "-q", "--tls-verify=false", "--signature-policy", "sign/policy.json", "localhost:5000/sigstore-signed"})
+				pull.WaitWithDefaultTimeout()
+				Expect(pull).Should(Exit(0))
+			}
+		}
 	})
 
 	It("podman push to local registry with authorization", func() {
@@ -167,20 +207,20 @@ var _ = Describe("Podman push", func() {
 		}
 		lock := GetPortLock("5000")
 		defer lock.Unlock()
-		session := podmanTest.Podman([]string{"run", "--entrypoint", "htpasswd", REGISTRY_IMAGE, "-Bbn", "podmantest", "test"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
+		htpasswd := SystemExec("htpasswd", []string{"-Bbn", "podmantest", "test"})
+		htpasswd.WaitWithDefaultTimeout()
+		Expect(htpasswd).Should(Exit(0))
 
 		f, err := os.Create(filepath.Join(authPath, "htpasswd"))
 		Expect(err).ToNot(HaveOccurred())
 		defer f.Close()
 
-		_, err = f.WriteString(session.OutputToString())
+		_, err = f.WriteString(htpasswd.OutputToString())
 		Expect(err).ToNot(HaveOccurred())
 		err = f.Sync()
 		Expect(err).ToNot(HaveOccurred())
 
-		session = podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry", "-v",
+		session := podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry", "-v",
 			strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
 			"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
 			"-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
diff --git a/test/e2e/restart_test.go b/test/e2e/restart_test.go
index b3052623b..9df884292 100644
--- a/test/e2e/restart_test.go
+++ b/test/e2e/restart_test.go
@@ -1,6 +1,8 @@
 package integration
 
 import (
+	"fmt"
+	"io/ioutil"
 	"os"
 	"time"
 
@@ -33,13 +35,13 @@ var _ = Describe("Podman restart", func() {
 
 	})
 
-	It("Podman restart bogus container", func() {
+	It("podman restart bogus container", func() {
 		session := podmanTest.Podman([]string{"start", "123"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(125))
 	})
 
-	It("Podman restart stopped container by name", func() {
+	It("podman restart stopped container by name", func() {
 		_, exitCode, _ := podmanTest.RunLsContainer("test1")
 		Expect(exitCode).To(Equal(0))
 		startTime := podmanTest.Podman([]string{"inspect", "--format='{{.State.StartedAt}}'", "test1"})
@@ -53,7 +55,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToString()).To(Not(Equal(startTime.OutputToString())))
 	})
 
-	It("Podman restart stopped container by ID", func() {
+	It("podman restart stopped container by ID", func() {
 		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -73,7 +75,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToString()).To(Not(Equal(startTime.OutputToString())))
 	})
 
-	It("Podman restart running container", func() {
+	It("podman restart running container", func() {
 		_ = podmanTest.RunTopContainer("test1")
 		ok := WaitForContainer(podmanTest)
 		Expect(ok).To(BeTrue())
@@ -88,7 +90,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToString()).To(Not(Equal(startTime.OutputToString())))
 	})
 
-	It("Podman container restart running container", func() {
+	It("podman container restart running container", func() {
 		_ = podmanTest.RunTopContainer("test1")
 		ok := WaitForContainer(podmanTest)
 		Expect(ok).To(BeTrue())
@@ -103,7 +105,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToString()).To(Not(Equal(startTime.OutputToString())))
 	})
 
-	It("Podman restart multiple containers", func() {
+	It("podman restart multiple containers", func() {
 		_, exitCode, _ := podmanTest.RunLsContainer("test1")
 		Expect(exitCode).To(Equal(0))
 
@@ -121,7 +123,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToStringArray()[1]).To(Not(Equal(startTime.OutputToStringArray()[1])))
 	})
 
-	It("Podman restart the latest container", func() {
+	It("podman restart the latest container", func() {
 		_, exitCode, _ := podmanTest.RunLsContainer("test1")
 		Expect(exitCode).To(Equal(0))
 
@@ -144,7 +146,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToStringArray()[1]).To(Not(Equal(startTime.OutputToStringArray()[1])))
 	})
 
-	It("Podman restart non-stop container with short timeout", func() {
+	It("podman restart non-stop container with short timeout", func() {
 		session := podmanTest.Podman([]string{"run", "-d", "--name", "test1", "--env", "STOPSIGNAL=SIGKILL", ALPINE, "sleep", "999"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -157,7 +159,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(timeSince).To(BeNumerically(">", 2*time.Second))
 	})
 
-	It("Podman restart --all", func() {
+	It("podman restart --all", func() {
 		_, exitCode, _ := podmanTest.RunLsContainer("test1")
 		Expect(exitCode).To(Equal(0))
 
@@ -177,7 +179,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToStringArray()[1]).To(Not(Equal(startTime.OutputToStringArray()[1])))
 	})
 
-	It("Podman restart --all --running", func() {
+	It("podman restart --all --running", func() {
 		_, exitCode, _ := podmanTest.RunLsContainer("test1")
 		Expect(exitCode).To(Equal(0))
 
@@ -197,7 +199,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(restartTime.OutputToStringArray()[1]).To(Not(Equal(startTime.OutputToStringArray()[1])))
 	})
 
-	It("Podman restart a container in a pod and hosts should not duplicated", func() {
+	It("podman restart a container in a pod and hosts should not duplicated", func() {
 		// Fixes: https://github.com/containers/podman/issues/8921
 
 		_, ec, _ := podmanTest.CreatePod(map[string][]string{"--name": {"foobar99"}})
@@ -226,7 +228,7 @@ var _ = Describe("Podman restart", func() {
 		Expect(beforeRestart.OutputToString()).To(Equal(afterRestart.OutputToString()))
 	})
 
-	It("podman restart --all", func() {
+	It("podman restart all stopped containers with --all", func() {
 		session := podmanTest.RunTopContainer("")
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -247,4 +249,113 @@ var _ = Describe("Podman restart", func() {
 		Expect(session).Should(Exit(0))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(2))
 	})
+
+	It("podman restart --cidfile", func() {
+		tmpDir, err := ioutil.TempDir("", "")
+		Expect(err).To(BeNil())
+		tmpFile := tmpDir + "cid"
+
+		defer os.RemoveAll(tmpDir)
+
+		session := podmanTest.Podman([]string{"create", "--cidfile", tmpFile, ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid := session.OutputToStringArray()[0]
+
+		session = podmanTest.Podman([]string{"start", cid})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		result := podmanTest.Podman([]string{"restart", "--cidfile", tmpFile})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+		output := result.OutputToString()
+		Expect(output).To(ContainSubstring(cid))
+	})
+
+	It("podman restart multiple --cidfile", func() {
+		tmpDir, err := ioutil.TempDir("", "")
+		Expect(err).To(BeNil())
+		tmpFile1 := tmpDir + "cid-1"
+		tmpFile2 := tmpDir + "cid-2"
+
+		defer os.RemoveAll(tmpDir)
+
+		session := podmanTest.Podman([]string{"run", "--cidfile", tmpFile1, "-d", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid1 := session.OutputToStringArray()[0]
+		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
+
+		session = podmanTest.Podman([]string{"run", "--cidfile", tmpFile2, "-d", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid2 := session.OutputToStringArray()[0]
+		Expect(podmanTest.NumberOfContainers()).To(Equal(2))
+
+		result := podmanTest.Podman([]string{"restart", "--cidfile", tmpFile1, "--cidfile", tmpFile2})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+		output := result.OutputToString()
+		Expect(output).To(ContainSubstring(cid1))
+		Expect(output).To(ContainSubstring(cid2))
+		Expect(podmanTest.NumberOfContainers()).To(Equal(2))
+	})
+
+	It("podman restart invalid --latest and --cidfile and --all", func() {
+		SkipIfRemote("--latest flag n/a")
+		result := podmanTest.Podman([]string{"restart", "--cidfile", "foobar", "--latest"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together"))
+		result = podmanTest.Podman([]string{"restart", "--cidfile", "foobar", "--all"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together"))
+		result = podmanTest.Podman([]string{"restart", "--cidfile", "foobar", "--all", "--latest"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together"))
+		result = podmanTest.Podman([]string{"restart", "--latest", "--all"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together"))
+	})
+
+	It("podman pause --filter", func() {
+		session1 := podmanTest.RunTopContainer("")
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid1 := session1.OutputToString()
+
+		session1 = podmanTest.RunTopContainer("")
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid2 := session1.OutputToString()
+
+		session1 = podmanTest.RunTopContainer("")
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid3 := session1.OutputToString()
+		shortCid3 := cid3[0:5]
+
+		session1 = podmanTest.Podman([]string{"restart", cid1, "-f", "status=test"})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(125))
+
+		session1 = podmanTest.Podman([]string{"restart", "-a", "--filter", fmt.Sprintf("id=%swrongid", shortCid3)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(HaveLen(0))
+
+		session1 = podmanTest.Podman([]string{"restart", "-a", "--filter", fmt.Sprintf("id=%s", shortCid3)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(BeEquivalentTo(cid3))
+
+		session1 = podmanTest.Podman([]string{"restart", "-f", fmt.Sprintf("id=%s", cid2)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(BeEquivalentTo(cid2))
+	})
 })
diff --git a/test/e2e/rm_test.go b/test/e2e/rm_test.go
index 7dbe5fed8..e76451824 100644
--- a/test/e2e/rm_test.go
+++ b/test/e2e/rm_test.go
@@ -1,6 +1,7 @@
 package integration
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 
@@ -51,6 +52,7 @@ var _ = Describe("Podman rm", func() {
 		result := podmanTest.Podman([]string{"rm", cid})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(2))
+		Expect(result.ErrorToString()).To(ContainSubstring("containers cannot be removed without force"))
 	})
 
 	It("podman rm created container", func() {
@@ -140,11 +142,9 @@ var _ = Describe("Podman rm", func() {
 		output := result.OutputToString()
 		Expect(output).To(ContainSubstring(cid))
 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
-
 	})
 
 	It("podman rm --cidfile", func() {
-
 		tmpDir, err := ioutil.TempDir("", "")
 		Expect(err).To(BeNil())
 		tmpFile := tmpDir + "cid"
@@ -166,7 +166,6 @@ var _ = Describe("Podman rm", func() {
 	})
 
 	It("podman rm multiple --cidfile", func() {
-
 		tmpDir, err := ioutil.TempDir("", "")
 		Expect(err).To(BeNil())
 		tmpFile1 := tmpDir + "cid-1"
@@ -201,18 +200,22 @@ var _ = Describe("Podman rm", func() {
 		result := podmanTest.Podman([]string{"rm", "--cidfile", "foobar", "--latest"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("--all, --latest, and --cidfile cannot be used together"))
 
 		result = podmanTest.Podman([]string{"rm", "--cidfile", "foobar", "--all"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("--all, --latest, and --cidfile cannot be used together"))
 
 		result = podmanTest.Podman([]string{"rm", "--cidfile", "foobar", "--all", "--latest"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("--all, --latest, and --cidfile cannot be used together"))
 
 		result = podmanTest.Podman([]string{"rm", "--latest", "--all"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(125))
+		Expect(result.ErrorToString()).To(ContainSubstring("--all and --latest cannot be used together"))
 	})
 
 	It("podman rm --all", func() {
@@ -242,10 +245,17 @@ var _ = Describe("Podman rm", func() {
 		session = podmanTest.Podman([]string{"rm", "bogus", cid})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(1))
+		Expect(session.ErrorToString()).To(ContainSubstring("\"bogus\" found: no such container"))
+		if IsRemote() {
+			Expect(session.OutputToString()).To(BeEquivalentTo(cid))
+		}
 
 		session = podmanTest.Podman([]string{"rm", "--ignore", "bogus", cid})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		if !IsRemote() {
+			Expect(session.OutputToString()).To(BeEquivalentTo(cid))
+		}
 		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
 	})
 
@@ -253,6 +263,7 @@ var _ = Describe("Podman rm", func() {
 		session := podmanTest.Podman([]string{"rm", "bogus"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(1))
+		Expect(session.ErrorToString()).To(ContainSubstring("\"bogus\" found: no such container"))
 	})
 
 	It("podman rm bogus container and a running container", func() {
@@ -263,10 +274,12 @@ var _ = Describe("Podman rm", func() {
 		session = podmanTest.Podman([]string{"rm", "bogus", "test1"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(1))
+		Expect(session.ErrorToString()).To(ContainSubstring("\"bogus\" found: no such container"))
 
 		session = podmanTest.Podman([]string{"rm", "test1", "bogus"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(1))
+		Expect(session.ErrorToString()).To(ContainSubstring("\"bogus\" found: no such container"))
 	})
 
 	It("podman rm --ignore bogus container and a running container", func() {
@@ -274,12 +287,52 @@ var _ = Describe("Podman rm", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		session = podmanTest.Podman([]string{"rm", "-t", "0", "--force", "--ignore", "bogus", "test1"})
+		session = podmanTest.Podman([]string{"rm", "--ignore", "test1", "bogus"})
 		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
+		Expect(session).Should(Exit(2))
+		Expect(session.ErrorToString()).To(ContainSubstring("containers cannot be removed without force"))
 
-		session = podmanTest.Podman([]string{"rm", "--ignore", "test1", "bogus"})
+		session = podmanTest.Podman([]string{"rm", "-t", "0", "--force", "--ignore", "bogus", "test1"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(BeEquivalentTo("test1"))
+	})
+
+	It("podman rm --filter", func() {
+		session1 := podmanTest.RunTopContainer("test1")
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid1 := session1.OutputToString()
+
+		session1 = podmanTest.RunTopContainer("test2")
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid2 := session1.OutputToString()
+
+		session1 = podmanTest.RunTopContainer("test3")
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid3 := session1.OutputToString()
+		shortCid3 := cid3[0:5]
+
+		session1 = podmanTest.Podman([]string{"rm", cid1, "-f", "--filter", "status=running"})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(125))
+		Expect(session1.ErrorToString()).To(ContainSubstring("--filter takes no arguments"))
+
+		session1 = podmanTest.Podman([]string{"rm", "-a", "-f", "--filter", fmt.Sprintf("id=%swrongid", shortCid3)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(HaveLen(0))
+
+		session1 = podmanTest.Podman([]string{"rm", "-a", "-f", "--filter", fmt.Sprintf("id=%s", shortCid3)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(BeEquivalentTo(cid3))
+
+		session1 = podmanTest.Podman([]string{"rm", "-f", "--filter", fmt.Sprintf("id=%s", cid2)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(BeEquivalentTo(cid2))
 	})
 })
diff --git a/test/e2e/rmi_test.go b/test/e2e/rmi_test.go
index d1a0cd6f5..f87f65c34 100644
--- a/test/e2e/rmi_test.go
+++ b/test/e2e/rmi_test.go
@@ -307,4 +307,82 @@ RUN touch %s`, CIRROS_IMAGE, imageName)
 		}
 		wg.Wait()
 	})
+
+	It("podman rmi --no-prune with dangling parents", func() {
+		podmanTest.AddImageToRWStore(ALPINE)
+		session := podmanTest.Podman([]string{"create", "--name", "c_test1", ALPINE, "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"commit", "-q", "c_test1", "test1"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"create", "--name", "c_test2", "test1", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"commit", "-q", "c_test2", "test2"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		imageID2 := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"create", "--name", "c_test3", "test2", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"commit", "-q", "c_test3", "test3"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		imageID3 := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"untag", "test2"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"untag", "test1"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"rmi", "-f", "--no-prune", "test3"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring(imageID3))
+		Expect(session.OutputToString()).NotTo(ContainSubstring(imageID2))
+	})
+
+	It("podman rmi --no-prune with undangling parents", func() {
+		podmanTest.AddImageToRWStore(ALPINE)
+		session := podmanTest.Podman([]string{"create", "--name", "c_test1", ALPINE, "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"commit", "-q", "c_test1", "test1"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"create", "--name", "c_test2", "test1", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"commit", "-q", "c_test2", "test2"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		imageID2 := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"create", "--name", "c_test3", "test2", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{"commit", "-q", "c_test3", "test3"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		imageID3 := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"rmi", "-f", "--no-prune", "test3"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring(imageID3))
+		Expect(session.OutputToString()).NotTo(ContainSubstring(imageID2))
+	})
 })
diff --git a/test/e2e/run_cleanup_test.go b/test/e2e/run_cleanup_test.go
index ea2caf907..5aa81140d 100644
--- a/test/e2e/run_cleanup_test.go
+++ b/test/e2e/run_cleanup_test.go
@@ -36,7 +36,7 @@ var _ = Describe("Podman run exit", func() {
 
 	It("podman run -d mount cleanup test", func() {
 		SkipIfRemote("podman-remote does not support mount")
-		SkipIfRootless("TODO rootless podman mount requires podman unshare first")
+		SkipIfRootless("rootless podman mount requires podman unshare first")
 
 		result := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"})
 		result.WaitWithDefaultTimeout()
@@ -69,6 +69,49 @@ var _ = Describe("Podman run exit", func() {
 		pmount.WaitWithDefaultTimeout()
 		Expect(pmount).Should(Exit(0))
 		Expect(pmount.OutputToString()).NotTo(ContainSubstring(cid))
+	})
+
+	It("podman run -d mount cleanup rootless test", func() {
+		SkipIfRemote("podman-remote does not support mount")
+		SkipIfNotRootless("Use unshare in rootless only")
+
+		result := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"})
+		result.WaitWithDefaultTimeout()
+		cid := result.OutputToString()
+		Expect(result).Should(Exit(0))
+
+		mount := podmanTest.Podman([]string{"unshare", "mount"})
+		mount.WaitWithDefaultTimeout()
+		Expect(mount).Should(Exit(0))
+		Expect(mount.OutputToString()).To(ContainSubstring(cid))
+
+		// command: podman <options> unshare podman <options> image mount ALPINE
+		args := []string{"unshare", podmanTest.PodmanBinary}
+		opts := podmanTest.PodmanMakeOptions([]string{"mount", "--no-trunc"}, false, false)
+		args = append(args, opts...)
+
+		pmount := podmanTest.Podman(args)
+		pmount.WaitWithDefaultTimeout()
+		Expect(pmount).Should(Exit(0))
+		Expect(pmount.OutputToString()).To(ContainSubstring(cid))
 
+		stop := podmanTest.Podman([]string{"stop", cid})
+		stop.WaitWithDefaultTimeout()
+		Expect(stop).Should(Exit(0))
+
+		// We have to force cleanup so the unmount happens
+		podmanCleanupSession := podmanTest.Podman([]string{"container", "cleanup", cid})
+		podmanCleanupSession.WaitWithDefaultTimeout()
+		Expect(podmanCleanupSession).Should(Exit(0))
+
+		mount = podmanTest.Podman([]string{"unshare", "mount"})
+		mount.WaitWithDefaultTimeout()
+		Expect(mount).Should(Exit(0))
+		Expect(mount.OutputToString()).NotTo(ContainSubstring(cid))
+
+		pmount = podmanTest.Podman(args)
+		pmount.WaitWithDefaultTimeout()
+		Expect(pmount).Should(Exit(0))
+		Expect(pmount.OutputToString()).NotTo(ContainSubstring(cid))
 	})
 })
diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go
index e57eb3b26..19bb735ff 100644
--- a/test/e2e/run_cpu_test.go
+++ b/test/e2e/run_cpu_test.go
@@ -138,4 +138,20 @@ var _ = Describe("Podman run cpu", func() {
 		result.WaitWithDefaultTimeout()
 		Expect(result).To(ExitWithError())
 	})
+
+	It("podman run invalid cpu-rt-period with cgroupsv2", func() {
+		SkipIfCgroupV1("testing options that only work in cgroup v2")
+		result := podmanTest.Podman([]string{"run", "--rm", "--cpu-rt-period=5000", ALPINE, "ls"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+		Expect(result.ErrorToString()).To(ContainSubstring("Realtime period not supported on cgroups V2 systems"))
+	})
+
+	It("podman run invalid cpu-rt-runtime with cgroupsv2", func() {
+		SkipIfCgroupV1("testing options that only work in cgroup v2")
+		result := podmanTest.Podman([]string{"run", "--rm", "--cpu-rt-runtime=5000", ALPINE, "ls"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+		Expect(result.ErrorToString()).To(ContainSubstring("Realtime runtime not supported on cgroups V2 systems"))
+	})
 })
diff --git a/test/e2e/run_env_test.go b/test/e2e/run_env_test.go
index bab52efc5..2b2d67f57 100644
--- a/test/e2e/run_env_test.go
+++ b/test/e2e/run_env_test.go
@@ -58,6 +58,13 @@ var _ = Describe("Podman run", func() {
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToString()).To(ContainSubstring("/bin"))
 
+		// Verify environ keys with spaces do not blow up podman command
+		os.Setenv("FOO BAR", "BAZ")
+		session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		os.Unsetenv("FOO BAR")
+
 		os.Setenv("FOO", "BAR")
 		session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO", ALPINE, "printenv", "FOO"})
 		session.WaitWithDefaultTimeout()
@@ -82,6 +89,17 @@ var _ = Describe("Podman run", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("HOSTNAME"))
 	})
 
+	It("podman run with --env-merge", func() {
+		dockerfile := `FROM quay.io/libpod/alpine:latest
+ENV hello=world
+`
+		podmanTest.BuildImage(dockerfile, "test", "false")
+		session := podmanTest.Podman([]string{"run", "--rm", "--env-merge", "hello=${hello}-earth", "test", "env"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("world-earth"))
+	})
+
 	It("podman run --env-host environment test", func() {
 		env := append(os.Environ(), "FOO=BAR")
 		session := podmanTest.PodmanAsUser([]string{"run", "--rm", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env)
diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go
index 083020f08..3f611040b 100644
--- a/test/e2e/run_memory_test.go
+++ b/test/e2e/run_memory_test.go
@@ -66,6 +66,24 @@ var _ = Describe("Podman run memory", func() {
 		Expect(session.OutputToString()).To(Equal("41943040"))
 	})
 
+	It("podman run memory-swap test", func() {
+		var (
+			session *PodmanSessionIntegration
+			expect  string
+		)
+
+		if CGROUPSV2 {
+			session = podmanTest.Podman([]string{"run", "--memory=20m", "--memory-swap=30M", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.swap.max"})
+			expect = "10485760"
+		} else {
+			session = podmanTest.Podman([]string{"run", "--memory=20m", "--memory-swap=30M", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"})
+			expect = "31457280"
+		}
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(expect))
+	})
+
 	for _, limit := range []string{"0", "15", "100"} {
 		limit := limit // Keep this value in a proper scope
 		testName := fmt.Sprintf("podman run memory-swappiness test(%s)", limit)
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 1ad78c950..78e4a62c0 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -869,7 +869,7 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 	})
 
 	It("podman run in custom CNI network with --static-ip", func() {
-		netName := stringid.GenerateNonCryptoID()
+		netName := stringid.GenerateRandomID()
 		ipAddr := "10.25.30.128"
 		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
 		create.WaitWithDefaultTimeout()
@@ -884,7 +884,7 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 
 	It("podman CNI network works across user ns", func() {
 		SkipIfNetavark(podmanTest)
-		netName := stringid.GenerateNonCryptoID()
+		netName := stringid.GenerateRandomID()
 		create := podmanTest.Podman([]string{"network", "create", netName})
 		create.WaitWithDefaultTimeout()
 		Expect(create).Should(Exit(0))
@@ -933,7 +933,7 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 	})
 
 	It("podman run with new:pod and static-ip", func() {
-		netName := stringid.GenerateNonCryptoID()
+		netName := stringid.GenerateRandomID()
 		ipAddr := "10.25.40.128"
 		podname := "testpod"
 		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.40.0/24", netName})
@@ -1121,7 +1121,7 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 
 	// see https://github.com/containers/podman/issues/12972
 	It("podman run check network-alias works on networks without dns", func() {
-		net := "dns" + stringid.GenerateNonCryptoID()
+		net := "dns" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", "--disable-dns", net})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
@@ -1135,7 +1135,7 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 	It("podman run with ipam none driver", func() {
 		// Test fails, issue #13931
 		SkipIfNetavark(podmanTest)
-		net := "ipam" + stringid.GenerateNonCryptoID()
+		net := "ipam" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"network", "create", "--ipam-driver=none", net})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go
index 8207f6d0b..057fbf775 100644
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@@ -66,7 +66,7 @@ var _ = Describe("Podman run with --ip flag", func() {
 	})
 
 	It("Podman run with specified static IPv6 has correct IP", func() {
-		netName := "ipv6-" + stringid.GenerateNonCryptoID()
+		netName := "ipv6-" + stringid.GenerateRandomID()
 		ipv6 := "fd46:db93:aa76:ac37::10"
 		net := podmanTest.Podman([]string{"network", "create", "--subnet", "fd46:db93:aa76:ac37::/64", netName})
 		net.WaitWithDefaultTimeout()
@@ -105,6 +105,13 @@ var _ = Describe("Podman run with --ip flag", func() {
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
 
+		// We need to set "no_proxy" in proxy environment
+		if env, found := os.LookupEnv("no_proxy"); found {
+			defer os.Setenv("no_proxy", env)
+		} else {
+			defer os.Unsetenv("no_proxy")
+		}
+		os.Setenv("no_proxy", ip)
 		for retries := 20; retries > 0; retries-- {
 			response, err := http.Get(fmt.Sprintf("http://%s", ip))
 			if err == nil && response.StatusCode == http.StatusOK {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index c7a0b3f2b..3fbdd4339 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -222,7 +222,7 @@ var _ = Describe("Podman run", func() {
 	It("podman run a container with a --rootfs", func() {
 		rootfs := filepath.Join(tempdir, "rootfs")
 		uls := filepath.Join("/", "usr", "local", "share")
-		uniqueString := stringid.GenerateNonCryptoID()
+		uniqueString := stringid.GenerateRandomID()
 		testFilePath := filepath.Join(uls, uniqueString)
 		tarball := filepath.Join(tempdir, "rootfs.tar")
 
@@ -848,7 +848,7 @@ USER bin`, BB)
 		err = ioutil.WriteFile(hookJSONPath, []byte(hookJSON), 0644)
 		Expect(err).ToNot(HaveOccurred())
 
-		random := stringid.GenerateNonCryptoID()
+		random := stringid.GenerateRandomID()
 
 		hookScript := fmt.Sprintf(`#!/bin/sh
 echo -n %s >%s
@@ -945,7 +945,7 @@ echo -n %s >%s
 		session := podmanTest.Podman([]string{"run", "--rm", "--user=1234", ALPINE, "id"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("uid=1234(1234) gid=0(root)"))
+		Expect(session.OutputToString()).To(Equal("uid=1234(1234) gid=0(root) groups=0(root)"))
 	})
 
 	It("podman run with user (integer, in /etc/passwd)", func() {
@@ -966,14 +966,14 @@ echo -n %s >%s
 		session := podmanTest.Podman([]string{"run", "--rm", "--user=mail:21", ALPINE, "id"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp)"))
+		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp) groups=21(ftp)"))
 	})
 
 	It("podman run with user:group (integer:groupname)", func() {
 		session := podmanTest.Podman([]string{"run", "--rm", "--user=8:ftp", ALPINE, "id"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp)"))
+		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp) groups=21(ftp)"))
 	})
 
 	It("podman run with user, verify caps dropped", func() {
@@ -984,6 +984,14 @@ echo -n %s >%s
 		Expect("0000000000000000").To(Equal(capEff[1]))
 	})
 
+	It("podman run with user, verify group added", func() {
+		session := podmanTest.Podman([]string{"run", "--rm", "--user=1000:1000", ALPINE, "grep", "Groups:", "/proc/self/status"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		groups := strings.Split(session.OutputToString(), " ")[1]
+		Expect("1000").To(Equal(groups))
+	})
+
 	It("podman run with attach stdin outputs container ID", func() {
 		session := podmanTest.Podman([]string{"run", "--attach", "stdin", ALPINE, "printenv"})
 		session.WaitWithDefaultTimeout()
@@ -1235,9 +1243,8 @@ USER mail`, BB)
 	})
 
 	It("podman run --mount type=bind,bind-nonrecursive", func() {
-		// crun: mount `/` to `/host`: Invalid argument
-		SkipIfRootless("FIXME: rootless users are not allowed to mount bind-nonrecursive (Could this be a Kernel bug?")
-		session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,slave,src=/,target=/host", fedoraMinimal, "findmnt", "-nR", "/host"})
+		SkipIfRootless("FIXME: rootless users are not allowed to mount bind-nonrecursive")
+		session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,private,src=/sys,target=/host-sys", fedoraMinimal, "findmnt", "-nR", "/host-sys"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToStringArray()).To(HaveLen(1))
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index 613727118..016f67bf6 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	. "github.com/containers/podman/v4/test/utils"
+	"github.com/containers/storage"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gexec"
@@ -42,6 +43,33 @@ var _ = Describe("Podman UserNS support", func() {
 
 	})
 
+	// Note: Lot of tests for build with --userns=auto are already there in buildah
+	// but they are skipped in podman CI because bud tests are executed in rootfull
+	// environment ( where mappings for the `containers` user is not present in /etc/subuid )
+	// causing them to skip hence this is a redundant test for sanity to make sure
+	// we don't break this feature for podman-remote.
+	It("podman build with --userns=auto", func() {
+		u, err := user.Current()
+		Expect(err).To(BeNil())
+		name := u.Name
+		if name == "root" {
+			name = "containers"
+		}
+		content, err := ioutil.ReadFile("/etc/subuid")
+		if err != nil {
+			Skip("cannot read /etc/subuid")
+		}
+		if !strings.Contains(string(content), name) {
+			Skip("cannot find mappings for the current user")
+		}
+		session := podmanTest.Podman([]string{"build", "-f", "build/Containerfile.userns-auto", "-t", "test", "--userns=auto"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		// `1024` is the default size or length of the range of user IDs
+		// that is mapped between the two user namespaces by --userns=auto.
+		Expect(session.OutputToString()).To(ContainSubstring(fmt.Sprintf("%d", storage.AutoUserNsMinSize)))
+	})
+
 	It("podman uidmapping and gidmapping", func() {
 		session := podmanTest.Podman([]string{"run", "--uidmap=0:100:5000", "--gidmap=0:200:5000", "alpine", "echo", "hello"})
 		session.WaitWithDefaultTimeout()
@@ -85,6 +113,16 @@ var _ = Describe("Podman UserNS support", func() {
 		Expect(session).Should(Exit(0))
 		uid := fmt.Sprintf("%d", os.Geteuid())
 		Expect(session.OutputToString()).To(ContainSubstring(uid))
+
+		session = podmanTest.Podman([]string{"run", "--userns=keep-id:uid=10,gid=12", "alpine", "sh", "-c", "echo $(id -u):$(id -g)"})
+		session.WaitWithDefaultTimeout()
+		if os.Geteuid() == 0 {
+			Expect(session).Should(Exit(125))
+			return
+		}
+
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("10:12"))
 	})
 
 	It("podman --userns=keep-id check passwd", func() {
@@ -157,6 +195,8 @@ var _ = Describe("Podman UserNS support", func() {
 			session.WaitWithDefaultTimeout()
 			Expect(session).Should(Exit(0))
 			l := session.OutputToString()
+			// `1024` is the default size or length of the range of user IDs
+			// that is mapped between the two user namespaces by --userns=auto.
 			Expect(l).To(ContainSubstring("1024"))
 			m[l] = l
 		}
@@ -307,6 +347,30 @@ var _ = Describe("Podman UserNS support", func() {
 		}
 
 	})
+
+	It("podman --userns= conflicts with ui[dg]map and sub[ug]idname", func() {
+		session := podmanTest.Podman([]string{"run", "--userns=host", "--uidmap=0:1:500", "alpine", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("--userns and --uidmap/--gidmap/--subuidname/--subgidname are mutually exclusive"))
+
+		session = podmanTest.Podman([]string{"run", "--userns=host", "--gidmap=0:200:5000", "alpine", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(125))
+		Expect(session.ErrorToString()).To(ContainSubstring("--userns and --uidmap/--gidmap/--subuidname/--subgidname are mutually exclusive"))
+
+		// with sub[ug]idname we don't check for the error output since the error message could be different, depending on the
+		// system configuration since the specified user could not be defined and cause a different earlier error.
+		// In any case, make sure the command doesn't succeed.
+		session = podmanTest.Podman([]string{"run", "--userns=private", "--subuidname=containers", "alpine", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Not(Exit(0)))
+
+		session = podmanTest.Podman([]string{"run", "--userns=private", "--subgidname=containers", "alpine", "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Not(Exit(0)))
+	})
+
 	It("podman PODMAN_USERNS", func() {
 		SkipIfNotRootless("keep-id only works in rootless mode")
 
diff --git a/test/e2e/run_working_dir_test.go b/test/e2e/run_working_dir_test.go
index ff91a420f..84792481f 100644
--- a/test/e2e/run_working_dir_test.go
+++ b/test/e2e/run_working_dir_test.go
@@ -46,6 +46,15 @@ var _ = Describe("Podman run", func() {
 		Expect(session).Should(Exit(126))
 	})
 
+	It("podman run a container using a --workdir under a bind mount", func() {
+		volume, err := CreateTempDirInTempDir()
+		Expect(err).To(BeNil())
+
+		session := podmanTest.Podman([]string{"run", "--volume", fmt.Sprintf("%s:/var_ovl/:O", volume), "--workdir", "/var_ovl/log", ALPINE, "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+	})
+
 	It("podman run a container on an image with a workdir", func() {
 		dockerfile := fmt.Sprintf(`FROM %s
 RUN  mkdir -p /home/foobar /etc/foobar; chown bin:bin /etc/foobar
diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go
index 94c363dd4..afb723a63 100644
--- a/test/e2e/save_test.go
+++ b/test/e2e/save_test.go
@@ -153,6 +153,9 @@ var _ = Describe("Podman save", func() {
 		defer os.Setenv("GNUPGHOME", origGNUPGHOME)
 
 		port := 5000
+		portlock := GetPortLock(strconv.Itoa(port))
+		defer portlock.Unlock()
+
 		session := podmanTest.Podman([]string{"run", "-d", "--name", "registry", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"), REGISTRY_IMAGE})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
diff --git a/test/e2e/secret_test.go b/test/e2e/secret_test.go
index ed328d84a..902f422bd 100644
--- a/test/e2e/secret_test.go
+++ b/test/e2e/secret_test.go
@@ -40,7 +40,7 @@ var _ = Describe("Podman secret", func() {
 		err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
 		Expect(err).To(BeNil())
 
-		session := podmanTest.Podman([]string{"secret", "create", "--driver-opts", "opt1=val", "a", secretFilePath})
+		session := podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val", "a", secretFilePath})
 		session.WaitWithDefaultTimeout()
 		secrID := session.OutputToString()
 		Expect(session).Should(Exit(0))
@@ -49,7 +49,7 @@ var _ = Describe("Podman secret", func() {
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect).Should(Exit(0))
 		Expect(inspect.OutputToString()).To(Equal(secrID))
-		inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Driver.Options}}", secrID})
+		inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", secrID})
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect).Should(Exit(0))
 		Expect(inspect.OutputToString()).To(ContainSubstring("opt1:val"))
@@ -145,6 +145,36 @@ var _ = Describe("Podman secret", func() {
 
 	})
 
+	It("podman secret ls --quiet", func() {
+		secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+		err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+		Expect(err).To(BeNil())
+
+		secretName := "a"
+
+		session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		secretID := session.OutputToString()
+
+		list := podmanTest.Podman([]string{"secret", "ls", "-q"})
+		list.WaitWithDefaultTimeout()
+		Expect(list).Should(Exit(0))
+		Expect(list.OutputToString()).To(Equal(secretID))
+
+		list = podmanTest.Podman([]string{"secret", "ls", "--quiet"})
+		list.WaitWithDefaultTimeout()
+		Expect(list).Should(Exit(0))
+		Expect(list.OutputToString()).To(Equal(secretID))
+
+		// Prefer format over quiet
+		list = podmanTest.Podman([]string{"secret", "ls", "-q", "--format", "{{.Name}}"})
+		list.WaitWithDefaultTimeout()
+		Expect(list).Should(Exit(0))
+		Expect(list.OutputToString()).To(Equal(secretName))
+
+	})
+
 	It("podman secret ls with filters", func() {
 		secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
 		err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
@@ -170,27 +200,33 @@ var _ = Describe("Podman secret", func() {
 		list := podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1)})
 		list.WaitWithDefaultTimeout()
 		Expect(list).Should(Exit(0))
-		Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secret1))
+		Expect(list.OutputToStringArray()).To(HaveLen(2))
+		Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret1))
 
 		list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret2)})
 		list.WaitWithDefaultTimeout()
 		Expect(list).Should(Exit(0))
-		Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secret2))
+		Expect(list.OutputToStringArray()).To(HaveLen(2))
+		Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret2))
 
 		list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID1)})
 		list.WaitWithDefaultTimeout()
 		Expect(list).Should(Exit(0))
-		Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secrID1))
+		Expect(list.OutputToStringArray()).To(HaveLen(2))
+		Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID1))
 
 		list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID2)})
 		list.WaitWithDefaultTimeout()
 		Expect(list).Should(Exit(0))
-		Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secrID2))
+		Expect(list.OutputToStringArray()).To(HaveLen(2))
+		Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID2))
 
 		list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s,name=%s", secret1, secret2)})
 		list.WaitWithDefaultTimeout()
 		Expect(list).Should(Exit(0))
-		Expect(list.OutputToStringArray()).To(HaveLen(3), ContainSubstring(secret1), ContainSubstring(secret2))
+		Expect(list.OutputToStringArray()).To(HaveLen(3))
+		Expect(list.OutputToString()).To(ContainSubstring(secret1))
+		Expect(list.OutputToString()).To(ContainSubstring(secret2))
 	})
 
 	It("podman secret ls with Go template", func() {
diff --git a/test/e2e/sign/key.gpg b/test/e2e/sign/key.gpg
index 32968fc04..725bdfb7d 100644
--- a/test/e2e/sign/key.gpg
+++ b/test/e2e/sign/key.gpg
diff --git a/test/e2e/sign/policy.json b/test/e2e/sign/policy.json
index ab01137bf..812c14989 100644
--- a/test/e2e/sign/policy.json
+++ b/test/e2e/sign/policy.json
@@ -12,6 +12,12 @@
                     "keyType": "GPGKeys",
                     "keyPath": "/tmp/key.gpg"
                 }
+            ],
+            "localhost:5000/sigstore-signed": [
+                {
+                    "type": "sigstoreSigned",
+                    "keyPath": "testdata/sigstore-key.pub"
+                }
             ]
         }
     }
diff --git a/test/e2e/sign/secret-key.asc b/test/e2e/sign/secret-key.asc
index 23c0d05c3..f018a3ce5 100644
--- a/test/e2e/sign/secret-key.asc
+++ b/test/e2e/sign/secret-key.asc
diff --git a/test/e2e/start_test.go b/test/e2e/start_test.go
index 73af9d12c..f3e8cc015 100644
--- a/test/e2e/start_test.go
+++ b/test/e2e/start_test.go
@@ -1,6 +1,7 @@
 package integration
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 	"strconv"
@@ -99,23 +100,6 @@ var _ = Describe("Podman start", func() {
 		Expect(session.OutputToString()).To(Equal(shortID))
 	})
 
-	It("podman container start single container by short id", func() {
-		session := podmanTest.Podman([]string{"container", "create", ALPINE, "ls"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
-		cid := session.OutputToString()
-		shortID := cid[0:10]
-		session = podmanTest.Podman([]string{"container", "start", shortID})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal(shortID))
-
-		session = podmanTest.Podman([]string{"stop", shortID})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal(shortID))
-	})
-
 	It("podman start single container by name", func() {
 		name := "foobar99"
 		session := podmanTest.Podman([]string{"create", "--name", name, ALPINE, "ls"})
@@ -124,9 +108,6 @@ var _ = Describe("Podman start", func() {
 		session = podmanTest.Podman([]string{"start", name})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		if podmanTest.RemoteTest {
-			Skip("Container-start name check doesn't work on remote client. It always returns the full ID.")
-		}
 		Expect(session.OutputToString()).To(Equal(name))
 	})
 
@@ -231,4 +212,42 @@ var _ = Describe("Podman start", func() {
 		_, err = strconv.Atoi(containerPID) // Make sure it's a proper integer
 		Expect(err).To(BeNil())
 	})
+
+	It("podman start container --filter", func() {
+		session1 := podmanTest.Podman([]string{"container", "create", ALPINE})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid1 := session1.OutputToString()
+
+		session1 = podmanTest.Podman([]string{"container", "create", ALPINE})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid2 := session1.OutputToString()
+
+		session1 = podmanTest.Podman([]string{"container", "create", ALPINE})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		cid3 := session1.OutputToString()
+		shortCid3 := cid3[0:5]
+
+		session1 = podmanTest.Podman([]string{"start", cid1, "-f", "status=running"})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(HaveLen(0))
+
+		session1 = podmanTest.Podman([]string{"start", "--all", "--filter", fmt.Sprintf("id=%swrongid", shortCid3)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(HaveLen(0))
+
+		session1 = podmanTest.Podman([]string{"start", "--all", "--filter", fmt.Sprintf("id=%s", shortCid3)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(BeEquivalentTo(cid3))
+
+		session1 = podmanTest.Podman([]string{"start", "-f", fmt.Sprintf("id=%s", cid2)})
+		session1.WaitWithDefaultTimeout()
+		Expect(session1).Should(Exit(0))
+		Expect(session1.OutputToString()).To(BeEquivalentTo(cid2))
+	})
 })
diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go
index 3000a819f..981c00316 100644
--- a/test/e2e/stats_test.go
+++ b/test/e2e/stats_test.go
@@ -79,9 +79,10 @@ var _ = Describe("Podman stats", func() {
 		session := podmanTest.RunTopContainer("")
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		session = podmanTest.Podman([]string{"stats", "--all", "--no-stream", "--format", "\"{{.ID}}\""})
+		session = podmanTest.Podman([]string{"stats", "--all", "--no-trunc", "--no-stream", "--format", "\"{{.ID}}\""})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		Expect(len(session.OutputToStringArray()[0])).Should(BeEquivalentTo(66))
 	})
 
 	It("podman stats with GO template", func() {
diff --git a/test/e2e/stop_test.go b/test/e2e/stop_test.go
index 7a258466a..23abb6d92 100644
--- a/test/e2e/stop_test.go
+++ b/test/e2e/stop_test.go
@@ -69,6 +69,19 @@ var _ = Describe("Podman stop", func() {
 		Expect(strings.TrimSpace(finalCtrs.OutputToString())).To(Equal(""))
 	})
 
+	It("podman stop single container by short id", func() {
+		session := podmanTest.RunTopContainer("test1")
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
+		shortID := cid[0:10]
+
+		session = podmanTest.Podman([]string{"stop", shortID})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(shortID))
+	})
+
 	It("podman stop container by name", func() {
 		session := podmanTest.RunTopContainer("test1")
 		session.WaitWithDefaultTimeout()
@@ -198,9 +211,13 @@ var _ = Describe("Podman stop", func() {
 		session := podmanTest.RunTopContainer("test1")
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
+
 		session = podmanTest.Podman([]string{"stop", "-l", "-t", "1"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(cid))
+
 		finalCtrs := podmanTest.Podman([]string{"ps", "-q"})
 		finalCtrs.WaitWithDefaultTimeout()
 		Expect(finalCtrs).Should(Exit(0))
diff --git a/test/e2e/testdata/sigstore-key.key b/test/e2e/testdata/sigstore-key.key
new file mode 100644
index 000000000..c4eed76a8
--- /dev/null
+++ b/test/e2e/testdata/sigstore-key.key
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED COSIGN PRIVATE KEY-----
+eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6
+OCwicCI6MX0sInNhbHQiOiI2ckxVcEl1M1pTallrY3dua1pNVktuTHNDUjRENTJv
+Y3J5Wmh2anZ4L1VrPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94
+Iiwibm9uY2UiOiJMTVpkeTNBL285NS9SektUZGR3RURhODJTVThVcDdlKyJ9LCJj
+aXBoZXJ0ZXh0IjoiNkkzUlRCc1IwRXpHZWs0SE5LazlVdlpyMEp6Y1Bxemw0ZkEr
+SitJdHlCc0RBSkcyNmhESnFLUDFuQkJTUE5XdHpJRzJUVzQ5Z2hObEJmQy9qYVNk
+eFo2QmhXYk9ldlY0MDB4WjVNZ1oyVHdGSnJxaE9HK0JMdmNvanVkc2tOUFpJTlpE
+LytFZVBIYTRlRVJPTWhnSWlTRC9BYTd3eitlc2trVjkrN216Y3N2RVRiTTJTZGd6
+L3daMUtqV3FlOUc2MWlXSTJPSm1rRlhxQWc9PSJ9
+-----END ENCRYPTED COSIGN PRIVATE KEY-----
diff --git a/test/e2e/testdata/sigstore-key.key.pass b/test/e2e/testdata/sigstore-key.key.pass
new file mode 100644
index 000000000..beb5c7687
--- /dev/null
+++ b/test/e2e/testdata/sigstore-key.key.pass
@@ -0,0 +1 @@
+sigstore pass
diff --git a/test/e2e/testdata/sigstore-key.pub b/test/e2e/testdata/sigstore-key.pub
new file mode 100644
index 000000000..1f470f72b
--- /dev/null
+++ b/test/e2e/testdata/sigstore-key.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX/AWbBiFPuAU5+ys+Ce8YFPhTr1a
+nM7A8h6NrQi6w8w8/4dJCzlGH4SN+P93nopATs6jDXs4Lpc2/tiA1SBmzA==
+-----END PUBLIC KEY-----
diff --git a/test/e2e/testdata/sigstore-registries.d-fragment.yaml b/test/e2e/testdata/sigstore-registries.d-fragment.yaml
new file mode 100644
index 000000000..d79f4c935
--- /dev/null
+++ b/test/e2e/testdata/sigstore-registries.d-fragment.yaml
@@ -0,0 +1,3 @@
+docker:
+  localhost:5000/sigstore-signed:
+    use-sigstore-attachments: true
diff --git a/test/e2e/top_test.go b/test/e2e/top_test.go
index 66bb887dc..5f51742d1 100644
--- a/test/e2e/top_test.go
+++ b/test/e2e/top_test.go
@@ -133,4 +133,15 @@ var _ = Describe("Podman top", func() {
 		Expect(result).Should(Exit(125))
 	})
 
+	It("podman top on privileged container", func() {
+		session := podmanTest.Podman([]string{"run", "--privileged", "-d", ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		cid := session.OutputToString()
+
+		result := podmanTest.Podman([]string{"top", cid, "capeff"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+		Expect(result.OutputToStringArray()).To(Equal([]string{"EFFECTIVE CAPS", "full"}))
+	})
 })
diff --git a/test/e2e/update_test.go b/test/e2e/update_test.go
new file mode 100644
index 000000000..97dadd04c
--- /dev/null
+++ b/test/e2e/update_test.go
@@ -0,0 +1,200 @@
+package integration
+
+import (
+	"github.com/containers/common/pkg/cgroupv2"
+	. "github.com/containers/podman/v4/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gexec"
+)
+
+var _ = Describe("Podman update", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		tempdir, err = CreateTempDirInTempDir()
+		Expect(err).To(BeNil())
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+
+	})
+
+	It("podman update container all options v1", func() {
+		SkipIfCgroupV2("testing flags that only work in cgroup v1")
+		SkipIfRootless("many of these handlers are not enabled while rootless in CI")
+		session := podmanTest.Podman([]string{"run", "-dt", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		ctrID := session.OutputToString()
+
+		commonArgs := []string{
+			"update",
+			"--cpus", "5",
+			"--cpuset-cpus", "0",
+			"--cpu-shares", "123",
+			"--cpuset-mems", "0",
+			"--memory", "1G",
+			"--memory-swap", "2G",
+			"--memory-reservation", "2G",
+			"--memory-swappiness", "50", ctrID}
+
+		session = podmanTest.Podman(commonArgs)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		// checking cpu quota from --cpus
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("500000"))
+
+		// checking cpuset-cpus
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpuset/cpuset.cpus"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(Equal("0"))
+
+		// checking cpuset-mems
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpuset/cpuset.mems"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(Equal("0"))
+
+		// checking memory limit
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("1073741824"))
+
+		// checking memory-swap
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("2147483648"))
+
+		// checking cpu-shares
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpu/cpu.shares"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("123"))
+
+	})
+
+	It("podman update container all options v2", func() {
+		SkipIfCgroupV1("testing flags that only work in cgroup v2")
+		SkipIfRootless("many of these handlers are not enabled while rootless in CI")
+		session := podmanTest.Podman([]string{"run", "-dt", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		ctrID := session.OutputToString()
+
+		commonArgs := []string{
+			"update",
+			"--cpus", "5",
+			"--cpuset-cpus", "0",
+			"--cpu-shares", "123",
+			"--cpuset-mems", "0",
+			"--memory", "1G",
+			"--memory-swap", "2G",
+			"--memory-reservation", "2G",
+			"--blkio-weight", "123",
+			"--device-read-bps", "/dev/zero:10mb",
+			"--device-write-bps", "/dev/zero:10mb",
+			"--device-read-iops", "/dev/zero:1000",
+			"--device-write-iops", "/dev/zero:1000",
+			ctrID}
+
+		session = podmanTest.Podman(commonArgs)
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		ctrID = session.OutputToString()
+
+		// checking cpu quota and period
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpu.max"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("500000"))
+
+		// checking blkio weight
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/io.bfq.weight"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("123"))
+
+		// checking device-read/write-bps/iops
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/io.max"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("rbps=10485760 wbps=10485760 riops=1000 wiops=1000"))
+
+		// checking cpuset-cpus
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpuset.cpus"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(Equal("0"))
+
+		// checking cpuset-mems
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpuset.mems"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(Equal("0"))
+
+		// checking memory limit
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/memory.max"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("1073741824"))
+
+		// checking memory-swap
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/memory.swap.max"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("1073741824"))
+
+		// checking cpu-shares
+		session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpu.weight"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("5"))
+	})
+
+	It("podman update keep original resources if not overridden", func() {
+		SkipIfRootless("many of these handlers are not enabled while rootless in CI")
+		session := podmanTest.Podman([]string{"run", "-dt", "--cpus", "5", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		session = podmanTest.Podman([]string{
+			"update",
+			"--memory", "1G",
+			session.OutputToString(),
+		})
+
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		ctrID := session.OutputToString()
+
+		if v2, _ := cgroupv2.Enabled(); v2 {
+			session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpu.max"})
+		} else {
+			session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"})
+		}
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).Should(ContainSubstring("500000"))
+	})
+})
diff --git a/test/e2e/volume_create_test.go b/test/e2e/volume_create_test.go
index 7a975f6a5..499283cab 100644
--- a/test/e2e/volume_create_test.go
+++ b/test/e2e/volume_create_test.go
@@ -162,19 +162,4 @@ var _ = Describe("Podman volume create", func() {
 		Expect(inspectOpts).Should(Exit(0))
 		Expect(inspectOpts.OutputToString()).To(Equal(optionStrFormatExpect))
 	})
-
-	It("podman create volume with o=timeout", func() {
-		volName := "testVol"
-		timeout := 10
-		timeoutStr := "10"
-		session := podmanTest.Podman([]string{"volume", "create", "--opt", fmt.Sprintf("o=timeout=%d", timeout), volName})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
-
-		inspectTimeout := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{ .Timeout }}", volName})
-		inspectTimeout.WaitWithDefaultTimeout()
-		Expect(inspectTimeout).Should(Exit(0))
-		Expect(inspectTimeout.OutputToString()).To(Equal(timeoutStr))
-
-	})
 })
diff --git a/test/e2e/volume_exists_test.go b/test/e2e/volume_exists_test.go
index 0de574968..0a550bfcb 100644
--- a/test/e2e/volume_exists_test.go
+++ b/test/e2e/volume_exists_test.go
@@ -34,7 +34,7 @@ var _ = Describe("Podman volume exists", func() {
 	})
 
 	It("podman volume exists", func() {
-		vol := "vol" + stringid.GenerateNonCryptoID()
+		vol := "vol" + stringid.GenerateRandomID()
 		session := podmanTest.Podman([]string{"volume", "create", vol})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -43,7 +43,7 @@ var _ = Describe("Podman volume exists", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		session = podmanTest.Podman([]string{"volume", "exists", stringid.GenerateNonCryptoID()})
+		session = podmanTest.Podman([]string{"volume", "exists", stringid.GenerateRandomID()})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(1))
 	})
diff --git a/test/e2e/volume_ls_test.go b/test/e2e/volume_ls_test.go
index dcfb13f4e..24ea50b26 100644
--- a/test/e2e/volume_ls_test.go
+++ b/test/e2e/volume_ls_test.go
@@ -75,7 +75,10 @@ var _ = Describe("Podman volume ls", func() {
 		session.WaitWithDefaultTimeout()
 
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToStringArray()).To(HaveLen(1), session.OutputToString())
+		arr := session.OutputToStringArray()
+		Expect(arr).To(HaveLen(2))
+		Expect(arr[0]).To(ContainSubstring("NAME"))
+		Expect(arr[1]).To(ContainSubstring("myvol"))
 	})
 
 	It("podman ls volume with --filter flag", func() {
diff --git a/test/e2e/volume_plugin_test.go b/test/e2e/volume_plugin_test.go
index b585f8dd8..33cdcce5b 100644
--- a/test/e2e/volume_plugin_test.go
+++ b/test/e2e/volume_plugin_test.go
@@ -212,19 +212,19 @@ testvol5 = "/run/docker/plugins/testvol5.sock"`), 0o644)
 		plugin.WaitWithDefaultTimeout()
 		Expect(plugin).Should(Exit(0))
 
-		localvol := "local-" + stringid.GenerateNonCryptoID()
+		localvol := "local-" + stringid.GenerateRandomID()
 		// create local volume
 		session := podmanTest.Podman([]string{"volume", "create", localvol})
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(Exit(0))
 
-		vol1 := "vol1-" + stringid.GenerateNonCryptoID()
+		vol1 := "vol1-" + stringid.GenerateRandomID()
 		session = podmanTest.Podman([]string{"volume", "create", "--driver", pluginName, vol1})
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(Exit(0))
 
 		// now create volume in plugin without podman
-		vol2 := "vol2-" + stringid.GenerateNonCryptoID()
+		vol2 := "vol2-" + stringid.GenerateRandomID()
 		plugin = podmanTest.Podman([]string{"exec", ctrName, "/usr/local/bin/testvol", "--sock-name", pluginName, "create", vol2})
 		plugin.WaitWithDefaultTimeout()
 		Expect(plugin).Should(Exit(0))
@@ -256,4 +256,38 @@ Removed:
 		Expect(session.OutputToStringArray()).To(ContainElements(localvol, vol2))
 		Expect(session.ErrorToString()).To(Equal("")) // make no errors are shown
 	})
+
+	It("volume driver timeouts test", func() {
+		podmanTest.AddImageToRWStore(volumeTest)
+
+		pluginStatePath := filepath.Join(podmanTest.TempDir, "volumes")
+		err := os.Mkdir(pluginStatePath, 0755)
+		Expect(err).ToNot(HaveOccurred())
+
+		// Keep this distinct within tests to avoid multiple tests using the same plugin.
+		pluginName := "testvol6"
+		plugin := podmanTest.Podman([]string{"run", "--security-opt", "label=disable", "-v", "/run/docker/plugins:/run/docker/plugins", "-v", fmt.Sprintf("%v:%v", pluginStatePath, pluginStatePath), "-d", volumeTest, "--sock-name", pluginName, "--path", pluginStatePath})
+		plugin.WaitWithDefaultTimeout()
+		Expect(plugin).Should(Exit(0))
+
+		volName := "testVolume1"
+		create := podmanTest.Podman([]string{"volume", "create", "--driver", pluginName, volName})
+		create.WaitWithDefaultTimeout()
+		Expect(create).Should(Exit(0))
+
+		volInspect := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{ .Timeout }}", volName})
+		volInspect.WaitWithDefaultTimeout()
+		Expect(volInspect).Should(Exit(0))
+		Expect(volInspect.OutputToString()).To(ContainSubstring("15"))
+
+		volName2 := "testVolume2"
+		create2 := podmanTest.Podman([]string{"volume", "create", "--driver", pluginName, "--opt", "o=timeout=3", volName2})
+		create2.WaitWithDefaultTimeout()
+		Expect(create2).Should(Exit(0))
+
+		volInspect2 := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{ .Timeout }}", volName2})
+		volInspect2.WaitWithDefaultTimeout()
+		Expect(volInspect2).Should(Exit(0))
+		Expect(volInspect2.OutputToString()).To(ContainSubstring("3"))
+	})
 })
diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats
index cf37fc07c..378edc013 100644
--- a/test/system/001-basic.bats
+++ b/test/system/001-basic.bats
@@ -29,6 +29,12 @@ function setup() {
     local built=$(expr "$output" : ".*Built: \+\(.*\)" | head -n1)
     local built_t=$(date --date="$built" +%s)
     assert "$built_t" -gt 1546300800 "Preposterous 'Built' time in podman version"
+
+    run_podman -v
+    is "$output" "podman.*version \+"               "'Version line' in output"
+
+    run_podman --config foobar version
+    is "$output" ".*The --config flag is ignored by Podman. Exists for Docker compatibility\+"		  "verify warning for --config option"
 }
 
 @test "podman info" {
@@ -182,14 +188,79 @@ See 'podman version --help'" "podman version --remote"
 @test "podman --log-level recognizes log levels" {
     run_podman 1 --log-level=telepathic info
     is "$output" 'Log Level "telepathic" is not supported.*'
+
     run_podman --log-level=trace   info
+    if ! is_remote; then
+        # podman-remote does not do any trace logging
+        assert "$output" =~ " level=trace " "log-level=trace"
+    fi
+    assert "$output" =~ " level=debug " "log-level=trace includes debug"
+    assert "$output" =~ " level=info "  "log-level=trace includes info"
+    assert "$output" !~ " level=warn"   "log-level=trace does not show warn"
+
     run_podman --log-level=debug   info
+    assert "$output" !~ " level=trace " "log-level=debug does not show trace"
+    assert "$output" =~ " level=debug " "log-level=debug"
+    assert "$output" =~ " level=info "  "log-level=debug includes info"
+    assert "$output" !~ " level=warn"   "log-level=debug does not show warn"
+
     run_podman --log-level=info    info
+    assert "$output" !~ " level=trace " "log-level=info does not show trace"
+    assert "$output" !~ " level=debug " "log-level=info does not show debug"
+    assert "$output" =~ " level=info "  "log-level=info"
+
     run_podman --log-level=warn    info
+    assert "$output" !~ " level=" "log-level=warn shows no logs at all"
+
+    # Force a warning (local podman only; podman-remote doesn't check versions)
+    if ! is_remote; then
+        run_podman --log-level=warn --storage-opt=mount_program=/bin/false info
+        assert "$output" =~ " level=warning msg=\"Failed to retrieve " \
+               "log-level=warn"
+
+        # confirm that default level is "warn", by invoking without --log-level
+        run_podman --storage-opt=mount_program=/bin/false info
+        assert "$output" =~ " level=warning msg=\"Failed to retrieve " \
+               "default log level includes warning messages"
+    fi
+
     run_podman --log-level=warning info
+    assert "$output" !~ " level=" "log-level=warning shows no logs at all"
+
     run_podman --log-level=error   info
-    run_podman --log-level=fatal   info
-    run_podman --log-level=panic   info
+    assert "$output" !~ " level=" "log-level=error shows no logs at all"
+
+    # error, fatal, panic:
+    if is_remote; then
+        # podman-remote does not grok --runtime; all we can do is test parsing
+        for level in error fatal panic; do
+            run_podman --log-level=$level info
+            assert "$output" !~ " level=" \
+                   "log-level=$level shows no logs at all"
+        done
+    else
+        # local podman only
+        run_podman --log-level=error --storage-opt=mount_program=/bin/false --runtime=/bin/false info
+        assert "$output" =~ " level=error msg=\"Getting info on OCI runtime " \
+               "log-level=error shows "
+        assert "$output" !~ " level=warn" \
+               "log-level=error does not show warnings"
+
+        run_podman --log-level=fatal --storage-opt=mount_program=/bin/false --runtime=/bin/false info
+        assert "$output" !~ " level=" "log-level=fatal shows no logs at all"
+
+        run_podman --log-level=panic --storage-opt=mount_program=/bin/false --runtime=/bin/false info
+        assert "$output" !~ " level=" "log-level=panic shows no logs at all"
+    fi
+
+    # docker compat
+    run_podman --debug   info
+    assert "$output" =~ " level=debug " "podman --debug gives debug output"
+    run_podman -D        info
+    assert "$output" =~ " level=debug " "podman -D gives debug output"
+
+    run_podman 1 --debug --log-level=panic info
+    is "$output" "Setting --log-level and --debug is not allowed"
 }
 
 # vim: filetype=sh
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index aa390f236..16ee681a3 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -259,8 +259,8 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z
 
     run_podman 2 rmi -a
     is "$output" "Error: 2 errors occurred:
-.** image used by .*: image is in use by a container
-.** image used by .*: image is in use by a container"
+.** image used by .*: image is in use by a container: consider listing external containers and force-removing image
+.** image used by .*: image is in use by a container: consider listing external containers and force-removing image"
 
     run_podman rmi -af
     is "$output" "Untagged: $IMAGE
@@ -292,7 +292,7 @@ Deleted: $pauseID" "infra images gets removed as well"
     pauseID=$output
 
     run_podman 2 rmi $pauseImage
-    is "$output" "Error: image used by .* image is in use by a container"
+    is "$output" "Error: image used by .* image is in use by a container: consider listing external containers and force-removing image"
 
     run_podman rmi -f $pauseImage
     is "$output" "Untagged: $pauseImage
diff --git a/test/system/015-help.bats b/test/system/015-help.bats
index dd5a7ed44..927645f29 100644
--- a/test/system/015-help.bats
+++ b/test/system/015-help.bats
@@ -121,7 +121,7 @@ function check_help() {
             # Exceptions: these commands don't work rootless
             if is_rootless; then
                 # "pause is not supported for rootless containers"
-                if [ "$cmd" = "pause" -o "$cmd" = "unpause" ]; then
+                if [[ "$cmd" = "pause" ]] || [[ "$cmd" = "unpause" ]]; then
                     continue
                 fi
                 # "network rm" too
@@ -162,17 +162,17 @@ function check_help() {
 
     # Any command that takes subcommands, prints its help and errors if called
     # without one.
-    dprint "podman $@"
+    dprint "podman $*"
     run_podman '?' "$@"
     is "$status" 125 "'podman $*' without any subcommand - exit status"
-    is "$output" ".*Usage:.*Error: missing command '.*$@ COMMAND'" \
+    is "$output" ".*Usage:.*Error: missing command '.*$* COMMAND'" \
        "'podman $*' without any subcommand - expected error message"
 
     # Assume that 'NoSuchCommand' is not a command
-    dprint "podman $@ NoSuchCommand"
+    dprint "podman $* NoSuchCommand"
     run_podman '?' "$@" NoSuchCommand
     is "$status" 125 "'podman $* NoSuchCommand' - exit status"
-    is "$output" "Error: unrecognized command .*$@ NoSuchCommand" \
+    is "$output" "Error: unrecognized command .*$* NoSuchCommand" \
        "'podman $* NoSuchCommand' - expected error message"
 
     # This can happen if the output of --help changes, such as between
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 908c169ee..b1ce91d14 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -56,7 +56,12 @@ echo $rand        |   0 | $rand
 
 @test "podman run --memory=0 runtime option" {
     run_podman run --memory=0 --rm $IMAGE echo hello
-    is "$output" "hello" "failed to run when --memory is set to 0"
+    if is_rootless && ! is_cgroupsv2; then
+        is "${lines[0]}" "Resource limits are not supported and ignored on cgroups V1 rootless systems" "--memory is not supported"
+        is "${lines[1]}" "hello" "--memory is ignored"
+    else
+        is "$output" "hello" "failed to run when --memory is set to 0"
+    fi
 }
 
 # 'run --preserve-fds' passes a number of additional file descriptors into the container
@@ -418,7 +423,7 @@ json-file | f
 
     # Invalid log-driver argument
     run_podman 125 run --log-driver=InvalidDriver $IMAGE true
-    is "$output" "Error: error running container create option: invalid log driver: invalid argument" \
+    is "$output" "Error: running container create option: invalid log driver: invalid argument" \
        "--log-driver InvalidDriver"
 }
 
diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
index 6b8d5fbc5..6e84e10fc 100644
--- a/test/system/035-logs.bats
+++ b/test/system/035-logs.bats
@@ -36,13 +36,28 @@ function _log_test_tail() {
     run_podman run -d --log-driver=$driver $IMAGE sh -c "echo test1; echo test2"
     cid="$output"
 
-    run_podman logs --tail 1 $cid
-    is "$output" "test2"  "logs should only show last line"
+    run_podman wait $cid
+    run_podman logs --tail 1 --timestamps $cid
+    log1="$output"
+    assert "$log1" =~ "^[0-9-]+T[0-9:.]+([\+-][0-9:]+|Z) test2" \
+           "logs should only show last line"
+
+    # Sigh. I hate doing this, but podman-remote --timestamp only has 1-second
+    # resolution (regular podman has sub-second). For the timestamps-differ
+    # check below, we need to force a different second.
+    if is_remote; then
+        sleep 2
+    fi
 
     run_podman restart $cid
+    run_podman wait $cid
+
+    run_podman logs -t --tail 1 $cid
+    log2="$output"
+    assert "$log2" =~ "^[0-9-]+T[0-9:.]+([\+-][0-9:]+|Z) test2" \
+           "logs, after restart, shows only last line"
 
-    run_podman logs --tail 1 $cid
-    is "$output" "test2"  "logs should only show last line after restart"
+    assert "$log2" != "$log1" "log timestamps should differ"
 
     run_podman rm $cid
 }
diff --git a/test/system/045-start.bats b/test/system/045-start.bats
index ad8483bba..773a0acd2 100644
--- a/test/system/045-start.bats
+++ b/test/system/045-start.bats
@@ -40,6 +40,8 @@ load helpers
 @test "podman start --filter - start only containers that match the filter" {
     run_podman run -d $IMAGE /bin/true
     cid="$output"
+    run_podman wait $cid
+
     run_podman start --filter restart-policy=always $cid
     is "$output" "" "CID of restart-policy=always container"
 
@@ -66,4 +68,20 @@ load helpers
     is "$output" "$cid_exited_0"
 }
 
+@test "podman start print IDs or raw input" {
+    # start --all must print the IDs
+    run_podman create $IMAGE top
+    ctrID="$output"
+    run_podman start --all
+    is "$output" "$ctrID"
+
+    # start $input must print $input
+    cname=$(random_string)
+    run_podman create --name $cname $IMAGE top
+    run_podman start $cname
+    is "$output" $cname
+
+    run_podman rm -t 0 -f $ctrID $cname
+}
+
 # vim: filetype=sh
diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats
index 39002512b..a21a036c2 100644
--- a/test/system/050-stop.bats
+++ b/test/system/050-stop.bats
@@ -59,6 +59,22 @@ load helpers
     is "${lines[3]}" "c4--Created.*" "ps -a, created container (unaffected)"
 }
 
+@test "podman stop print IDs or raw input" {
+    # stop -a must print the IDs
+    run_podman run -d $IMAGE top
+    ctrID="$output"
+    run_podman stop --all
+    is "$output" "$ctrID"
+
+    # stop $input must print $input
+    cname=$(random_string)
+    run_podman run -d --name $cname $IMAGE top
+    run_podman stop $cname
+    is "$output" $cname
+
+    run_podman rm -t 0 -f $ctrID $cname
+}
+
 # #9051 : podman stop --ignore was not working with podman-remote
 @test "podman stop --ignore" {
     name=thiscontainerdoesnotexist
diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats
index dcd679a1f..613c60c96 100644
--- a/test/system/055-rm.bats
+++ b/test/system/055-rm.bats
@@ -18,6 +18,7 @@ load helpers
 
     # Remove container; now 'inspect' should fail
     run_podman rm $rand
+    is "$output" "$rand" "display raw input"
     run_podman 125 inspect $rand
 }
 
diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats
index 8f5abd228..c8ad8468c 100644
--- a/test/system/065-cp.bats
+++ b/test/system/065-cp.bats
@@ -436,7 +436,7 @@ load helpers
         run_podman cp cpcontainer:$src $destdir$dest
         is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description"
         is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description"
-        rm -rf $destdir/*
+        rm -rf ${destdir:?}/*
     done < <(parse_table "$tests")
     run_podman kill cpcontainer
     run_podman rm -t 0 -f cpcontainer
@@ -456,7 +456,7 @@ load helpers
         run_podman cp cpcontainer:$src $destdir$dest
         is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description"
         is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description"
-        rm -rf $destdir/*
+        rm -rf ${destdir:?}/*
     done < <(parse_table "$tests")
 
     touch $destdir/testfile
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 9fddbaa21..87979483e 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -541,7 +541,7 @@ Labels.$label_name | $label_value
          this-file-does-not-match-anything-in-ignore-file
          comment
     )
-    for f in ${files[@]}; do
+    for f in "${files[@]}"; do
         # The magic '##-' strips off the '-' prefix
         echo "$f" > $tmpdir/${f##-}
     done
diff --git a/test/system/090-events.bats b/test/system/090-events.bats
index ceb53ae73..90b9b3b9c 100644
--- a/test/system/090-events.bats
+++ b/test/system/090-events.bats
@@ -22,24 +22,25 @@ load helpers
 
     # Now filter just by container name, no label
     run_podman events --filter type=container --filter container=$cname --filter event=start --stream=false
-    is "$output" "$expect" "filtering just by label"
+    is "$output" "$expect" "filtering just by container"
 }
 
 @test "truncate events" {
     cname=test-$(random_string 30 | tr A-Z a-z)
-    labelname=$(random_string 10)
-    labelvalue=$(random_string 15)
 
     run_podman run -d --name=$cname --rm $IMAGE echo hi
     id="$output"
 
-    expect="$id"
     run_podman events --filter container=$cname --filter event=start --stream=false
     is "$output" ".* $id " "filtering by container name full id"
 
-    truncID=$(expr substr "$id" 1 12)
+    truncID=${id:0:12}
     run_podman events --filter container=$cname --filter event=start --stream=false --no-trunc=false
     is "$output" ".* $truncID " "filtering by container name trunc id"
+
+    # --no-trunc does not affect --format; we always get the full ID
+    run_podman events --filter container=$cname --filter event=died --stream=false --format='{{.ID}}--{{.Image}}' --no-trunc=false
+    assert "$output" = "${id}--${IMAGE}"
 }
 
 @test "image events" {
@@ -64,7 +65,8 @@ load helpers
     run_podman --events-backend=file tag $IMAGE $tag
     run_podman --events-backend=file untag $IMAGE $tag
     run_podman --events-backend=file tag $IMAGE $tag
-    run_podman --events-backend=file rmi $tag
+    run_podman --events-backend=file rmi -f $imageID
+    run_podman --events-backend=file load -i $tarball
 
     run_podman --events-backend=file events --stream=false --filter type=image --since $t0
     is "$output" ".*image push $imageID dir:$pushedDir
@@ -74,8 +76,29 @@ load helpers
 .*image tag $imageID $tag
 .*image untag $imageID $tag:latest
 .*image tag $imageID $tag
-.*image remove $imageID $tag.*" \
+.*image untag $imageID $IMAGE
+.*image untag $imageID $tag:latest
+.*image remove $imageID $imageID" \
        "podman events"
+
+    # With --format we can check the _exact_ output, not just substrings
+    local -a expect=("push--dir:$pushedDir"
+                     "save--$tarball"
+                     "loadfromarchive--$tarball"
+                     "pull--docker-archive:$tarball"
+                     "tag--$tag"
+                     "untag--$tag:latest"
+                     "tag--$tag"
+                     "untag--$IMAGE"
+                     "untag--$tag:latest"
+                     "remove--$imageID"
+                     "loadfromarchive--$tarball"
+                    )
+    run_podman --events-backend=file events --stream=false --filter type=image --since $t0 --format '{{.Status}}--{{.Name}}'
+    for i in $(seq 0 ${#expect[@]}); do
+        assert "${lines[$i]}" = "${expect[$i]}" "events, line $i"
+    done
+    assert "${#lines[@]}" = "${#expect[@]}" "Total lines of output"
 }
 
 function _events_disjunctive_filters() {
@@ -109,7 +132,8 @@ function _events_disjunctive_filters() {
     is "$output" "hi" "Should support events-backend=file"
 
     run_podman 125 --events-backend=file logs --follow test
-    is "$output" "Error: using --follow with the journald --log-driver but without the journald --events-backend (file) is not supported" "Should fail with reasonable error message when events-backend and events-logger do not match"
+    is "$output" "Error: using --follow with the journald --log-driver but without the journald --events-backend (file) is not supported" \
+       "Should fail with reasonable error message when events-backend and events-logger do not match"
 
 }
 
@@ -134,7 +158,7 @@ function _populate_events_file() {
     local events_file=$1
     truncate --size=0 $events_file
     for i in {0..99}; do
-    printf '{"Name":"busybox","Status":"pull","Time":"2022-04-06T11:26:42.7236679%02d+02:00","Type":"image","Attributes":null}\n' $i >> $events_file
+        printf '{"Name":"busybox","Status":"pull","Time":"2022-04-06T11:26:42.7236679%02d+02:00","Type":"image","Attributes":null}\n' $i >> $events_file
     done
 }
 
@@ -146,7 +170,6 @@ function _populate_events_file() {
 
     # Config without a limit
     eventsFile=$PODMAN_TMPDIR/events.txt
-    _populate_events_file $eventsFile
     containersConf=$PODMAN_TMPDIR/containers.conf
     cat >$containersConf <<EOF
 [engine]
@@ -154,6 +177,11 @@ events_logger="file"
 events_logfile_path="$eventsFile"
 EOF
 
+    # Check that a non existing event file does not cause a hang (#15688)
+    CONTAINERS_CONF=$containersConf run_podman events --stream=false
+
+    _populate_events_file $eventsFile
+
     # Create events *without* a limit and make sure that it has not been
     # rotated/truncated.
     contentBefore=$(head -n100 $eventsFile)
@@ -190,6 +218,34 @@ EOF
     # Make sure that `podman events` can read the file, and that it returns the
     # same amount of events.  We checked the contents before.
     CONTAINERS_CONF=$containersConf run_podman events --stream=false --since="2022-03-06T11:26:42.723667984+02:00"
-    is "$(wc -l <$eventsFile)" "$(wc -l <<<$output)" "all events are returned"
+    assert "${#lines[@]}" = 51 "Number of events returned"
     is "${lines[-2]}" ".* log-rotation $eventsFile"
 }
+
+# Prior to #15633, container labels would not appear in 'die' log events
+@test "events - labels included in container die" {
+    skip_if_remote "remote does not support --events-backend"
+    local cname=c$(random_string 15)
+    local lname=l$(random_string 10)
+    local lvalue="v$(random_string 10) $(random_string 5)"
+
+    run_podman 17 --events-backend=file run --rm \
+               --name=$cname \
+               --label=$lname="$lvalue" \
+               $IMAGE sh -c 'exit 17'
+    run_podman --events-backend=file events \
+               --filter=container=$cname \
+               --filter=status=died \
+               --stream=false \
+               --format="{{.Attributes.$lname}}"
+    assert "$output" = "$lvalue" "podman-events output includes container label"
+}
+
+@test "events - backend none should error" {
+    skip_if_remote "remote does not support --events-backend"
+
+    run_podman 125 --events-backend none events
+    is "$output" "Error: cannot read events with the \"none\" backend" "correct error message"
+    run_podman 125 --events-backend none events --stream=false
+    is "$output" "Error: cannot read events with the \"none\" backend" "correct error message"
+}
diff --git a/test/system/150-login.bats b/test/system/150-login.bats
index b57bb44ab..b85007f0b 100644
--- a/test/system/150-login.bats
+++ b/test/system/150-login.bats
@@ -122,7 +122,7 @@ function setup() {
                --password-stdin \
                $registry <<< "x${PODMAN_LOGIN_PASS}"
     is "$output" \
-       "Error: error logging into \"$registry\": invalid username/password" \
+       "Error: logging into \"$registry\": invalid username/password" \
        'output from podman login'
 }
 
diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats
index 6829c6a78..08baaf468 100644
--- a/test/system/160-volumes.bats
+++ b/test/system/160-volumes.bats
@@ -315,11 +315,11 @@ EOF
 
     # List available volumes for pruning after using 1,2,3
     run_podman volume prune <<< N
-    is "$(echo $(sort <<<${lines[@]:1:3}))" "${v[4]} ${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use, lists 4,5,6"
+    is "$(echo $(sort <<<${lines[*]:1:3}))" "${v[4]} ${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use, lists 4,5,6"
 
     # List available volumes for pruning after using 1,2,3 and filtering; see #8913
     run_podman volume prune --filter label=mylabel <<< N
-    is "$(echo $(sort <<<${lines[@]:1:2}))" "${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use and 4 filtered out, lists 5,6"
+    is "$(echo $(sort <<<${lines[*]:1:2}))" "${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use and 4 filtered out, lists 5,6"
 
     # prune should remove v4
     run_podman volume prune --force
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index cbbd62ffb..9bbd56fef 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -61,7 +61,7 @@ function teardown() {
 
 
 @test "podman pod create - custom infra image" {
-    skip_if_remote "CONTAINERS_CONF only effects server side"
+    skip_if_remote "CONTAINERS_CONF only affects server side"
     image="i.do/not/exist:image"
     tmpdir=$PODMAN_TMPDIR/pod-test
     mkdir -p $tmpdir
@@ -435,7 +435,7 @@ EOF
     run_podman pod rm $podID
 
     run_podman 125 pod create --exit-policy invalid
-    is "$output" "Error: .*error running pod create option: invalid pod exit policy: \"invalid\"" "invalid exit policy"
+    is "$output" "Error: .*running pod create option: invalid pod exit policy: \"invalid\"" "invalid exit policy"
 
     # Test exit-policy behaviour
     run_podman pod create --exit-policy continue
@@ -478,10 +478,10 @@ spec:
 }
 
 @test "pod resource limits" {
-    # FIXME: #15074 - possible flake on aarch64
     skip_if_remote "resource limits only implemented on non-remote"
     skip_if_rootless "resource limits only work with root"
     skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2"
+    skip_if_aarch64 "FIXME: #15074 - flakes often on aarch64"
 
     # create loopback device
     lofile=${PODMAN_TMPDIR}/disk.img
@@ -492,30 +492,24 @@ spec:
     lomajmin=$(losetup -l --noheadings --output MAJ:MIN $LOOPDEVICE | tr -d ' ')
     run grep -w bfq /sys/block/$(basename ${LOOPDEVICE})/queue/scheduler
     if [ $status -ne 0 ]; then
+        losetup -d $LOOPDEVICE
+        LOOPDEVICE=
         skip "BFQ scheduler is not supported on the system"
-        if [ -f ${lofile} ]; then
-            run_podman '?' rm -t 0 --all --force --ignore
-
-            while read path dev; do
-                if [[ "$path" == "$lofile" ]]; then
-                    losetup -d $dev
-                fi
-            done < <(losetup -l --noheadings --output BACK-FILE,NAME)
-            rm ${lofile}
-        fi
     fi
     echo bfq > /sys/block/$(basename ${LOOPDEVICE})/queue/scheduler
 
+    # FIXME: #15464: blkio-weight-device not working
     expected_limits="
 cpu.max         | 500000 100000
 memory.max      | 5242880
 memory.swap.max | 1068498944
+io.bfq.weight   | default 50
 io.max          | $lomajmin rbps=1048576 wbps=1048576 riops=max wiops=max
 "
 
     for cgm in systemd cgroupfs; do
         local name=resources-$cgm
-        run_podman --cgroup-manager=$cgm pod create --name=$name --cpus=5 --memory=5m --memory-swap=1g --cpu-shares=1000 --cpuset-cpus=0 --cpuset-mems=0 --device-read-bps=${LOOPDEVICE}:1mb --device-write-bps=${LOOPDEVICE}:1mb --blkio-weight-device=${LOOPDEVICE}:123 --blkio-weight=50
+        run_podman --cgroup-manager=$cgm pod create --name=$name --cpus=5 --memory=5m --memory-swap=1g --cpu-shares=1000 --cpuset-cpus=0 --cpuset-mems=0 --device-read-bps=${LOOPDEVICE}:1mb --device-write-bps=${LOOPDEVICE}:1mb --blkio-weight=50
         run_podman --cgroup-manager=$cgm pod start $name
         run_podman pod inspect --format '{{.CgroupPath}}' $name
         local cgroup_path="$output"
diff --git a/test/system/220-healthcheck.bats b/test/system/220-healthcheck.bats
index c502ad669..a1b24d293 100644
--- a/test/system/220-healthcheck.bats
+++ b/test/system/220-healthcheck.bats
@@ -20,44 +20,8 @@ function _check_health {
     done
 }
 
-
 @test "podman healthcheck" {
-    # Create an image with a healthcheck script; said script will
-    # pass until the file /uh-oh gets created (by us, via exec)
-    cat >${PODMAN_TMPDIR}/healthcheck <<EOF
-#!/bin/sh
-
-if test -e /uh-oh; then
-    echo "Uh-oh on stdout!"
-    echo "Uh-oh on stderr!" >&2
-    exit 1
-else
-    echo "Life is Good on stdout"
-    echo "Life is Good on stderr" >&2
-    exit 0
-fi
-EOF
-
-    cat >${PODMAN_TMPDIR}/entrypoint <<EOF
-#!/bin/sh
-
-while :; do
-    sleep 1
-done
-EOF
-
-    cat >${PODMAN_TMPDIR}/Containerfile <<EOF
-FROM $IMAGE
-
-COPY healthcheck /healthcheck
-COPY entrypoint  /entrypoint
-
-RUN  chmod 755 /healthcheck /entrypoint
-
-CMD ["/entrypoint"]
-EOF
-
-    run_podman build -t healthcheck_i ${PODMAN_TMPDIR}
+    _build_health_check_image healthcheck_i
 
     # Run that healthcheck image.
     run_podman run -d --name healthcheck_c \
@@ -66,6 +30,9 @@ EOF
                --health-retries 3          \
                healthcheck_i
 
+    run_podman inspect healthcheck_c --format "{{.Config.HealthcheckOnFailureAction}}"
+    is "$output" "none" "default on-failure action is none"
+
     # We can't check for 'starting' because a 1-second interval is too
     # short; it could run healthcheck before we get to our first check.
     #
@@ -109,4 +76,57 @@ Log[-1].Output   | \"Uh-oh on stdout!\\\nUh-oh on stderr!\"
     run_podman rmi   healthcheck_i
 }
 
+@test "podman healthcheck --health-on-failure" {
+    run_podman 125 create --health-on-failure=kill $IMAGE
+    is "$output" "Error: cannot set on-failure action to kill without a health check"
+
+    ctr="healthcheck_c"
+    img="healthcheck_i"
+
+    for policy in none kill restart stop;do
+	if [[ $policy == "none" ]];then
+	    # Do not remove the /uh-oh file for `none` as we want to
+	    # demonstrate that no action was taken
+            _build_health_check_image $img
+        else
+            _build_health_check_image $img cleanfile
+        fi
+
+        # Run that healthcheck image.
+        run_podman run -d --name $ctr      \
+               --health-cmd /healthcheck   \
+               --health-on-failure=$policy \
+               $img
+
+        # healthcheck should succeed
+        run_podman healthcheck run $ctr
+
+        # Now cause the healthcheck to fail
+        run_podman exec $ctr touch /uh-oh
+
+        # healthcheck should now fail, with exit status 1 and 'unhealthy' output
+        run_podman 1 healthcheck run $ctr
+        is "$output" "unhealthy" "output from 'podman healthcheck run'"
+
+        run_podman inspect $ctr --format "{{.State.Status}} {{.Config.HealthcheckOnFailureAction}}"
+	if [[ $policy == "restart" ]];then
+	    # Container has been restarted and health check works again
+            is "$output" "running $policy" "container has been restarted"
+            run_podman healthcheck run $ctr
+        elif [[ $policy == "none" ]];then
+            # Container is still running and health check still broken
+            is "$output" "running $policy" "container continued running"
+            run_podman 1 healthcheck run $ctr
+            is "$output" "unhealthy" "output from 'podman healthcheck run'"
+	else
+	    # kill and stop yield the container into a non-running state
+            is "$output" ".* $policy" "container was stopped/killed"
+            assert "$output" != "running $policy"
+        fi
+
+        run_podman rm -f -t0 $ctr
+        run_podman rmi -f $img
+    done
+}
+
 # vim: filetype=sh
diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats
index 9a91501dd..ddec3a492 100644
--- a/test/system/250-systemd.bats
+++ b/test/system/250-systemd.bats
@@ -33,7 +33,10 @@ function teardown() {
 
 # Helper to start a systemd service running a container
 function service_setup() {
-    run_podman generate systemd --new $cname
+    run_podman generate systemd \
+               -e http_proxy -e https_proxy -e no_proxy \
+               -e HTTP_PROXY -e HTTPS_PROXY -e NO_PROXY \
+               --new $cname
     echo "$output" > "$UNIT_FILE"
     run_podman rm $cname
 
@@ -73,6 +76,18 @@ function service_cleanup() {
 # These tests can fail in dev. environment because of SELinux.
 # quick fix: chcon -t container_runtime_exec_t ./bin/podman
 @test "podman generate - systemd - basic" {
+    # Flakes with "ActiveState=failed (expected =inactive)"
+    if is_ubuntu; then
+        skip "FIXME: 2022-09-01: requires conmon-2.1.4, ubuntu has 2.1.3"
+    fi
+
+    # Warn when a custom restart policy is used without --new (see #15284)
+    run_podman create --restart=always $IMAGE
+    cid="$output"
+    run_podman generate systemd $cid
+    is "$output" ".*Container $cid has restart policy .*always.* which can lead to issues on shutdown.*" "generate systemd emits warning"
+    run_podman rm -f $cid
+
     cname=$(random_string)
     # See #7407 for --pull=always.
     run_podman create --pull=always --name $cname --label "io.containers.autoupdate=registry" $IMAGE \
@@ -295,25 +310,68 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
     run_podman network rm -f $netname
 }
 
-@test "podman-kube@.service template" {
-    # If running from a podman source directory, build and use the source
-    # version of the play-kube-@ unit file
-    unit_name="podman-kube@.service"
-    unit_file="contrib/systemd/system/${unit_name}"
-    if [[ -e ${unit_file}.in ]]; then
-        echo "# [Building & using $unit_name from source]" >&3
-        # Force regenerating unit file (existing one may have /usr/bin path)
-        rm -f $unit_file
-        BINDIR=$(dirname $PODMAN) make $unit_file
-        cp $unit_file $UNIT_DIR/$unit_name
-    fi
+@test "podman create --health-on-failure=kill" {
+    img="healthcheck_i"
+    _build_health_check_image $img
+
+    cname=$(random_string)
+    run_podman create --name $cname      \
+               --health-cmd /healthcheck \
+               --health-on-failure=kill  \
+               --restart=on-failure      \
+               $img
+
+    # run container in systemd unit
+    service_setup
+
+    run_podman container inspect $cname --format "{{.ID}}"
+    oldID="$output"
+
+    run_podman healthcheck run $cname
+
+    # Now cause the healthcheck to fail
+    run_podman exec $cname touch /uh-oh
 
+    # healthcheck should now fail, with exit status 1 and 'unhealthy' output
+    run_podman 1 healthcheck run $cname
+    is "$output" "unhealthy" "output from 'podman healthcheck run'"
+
+    # What is expected to happen now:
+    #  1) The container gets killed as the health check has failed
+    #  2) Systemd restarts the service as the restart policy is set to "on-failure"
+    #  3) The /uh-oh file is gone and $cname has another ID
+
+    # Wait at most 10 seconds for the service to be restarted
+    local timeout=10
+    while [[ $timeout -gt 1 ]]; do
+        run_podman '?' container inspect $cname
+        if [[ $status == 0 ]]; then
+            if [[ "$output" != "$oldID" ]]; then
+                break
+            fi
+        fi
+        sleep 1
+        let timeout=$timeout-1
+    done
+
+    run_podman healthcheck run $cname
+
+    # stop systemd container
+    service_cleanup
+    run_podman rmi -f $img
+}
+
+@test "podman-kube@.service template" {
+    install_kube_template
     # Create the YAMl file
     yaml_source="$PODMAN_TMPDIR/test.yaml"
     cat >$yaml_source <<EOF
 apiVersion: v1
 kind: Pod
 metadata:
+  annotations:
+      io.containers.autoupdate: "local"
+      io.containers.autoupdate/b: "registry"
   labels:
     app: test
   name: test_pod
@@ -322,8 +380,11 @@ spec:
   - command:
     - top
     image: $IMAGE
-    name: test
-    resources: {}
+    name: a
+  - command:
+    - top
+    image: $IMAGE
+    name: b
 EOF
 
     # Dispatch the YAML file
@@ -344,6 +405,12 @@ EOF
     run_podman 125 container rm $service_container
     is "$output" "Error: container .* is the service container of pod(s) .* and cannot be removed without removing the pod(s)"
 
+    # Add a simple `auto-update --dry-run` test here to avoid too much redundancy
+    # with 255-auto-update.bats
+    run_podman auto-update --dry-run --format "{{.Unit}},{{.Container}},{{.Image}},{{.Updated}},{{.Policy}}"
+    is "$output" ".*$service_name,.* (test_pod-a),$IMAGE,false,local.*" "global auto-update policy gets applied"
+    is "$output" ".*$service_name,.* (test_pod-b),$IMAGE,false,registry.*" "container-specified auto-update policy gets applied"
+
     # Kill the pod and make sure the service is not running.
     # The restart policy is set to "never" since there is no
     # design yet for propagating exit codes up to the service
diff --git a/test/system/255-auto-update.bats b/test/system/255-auto-update.bats
index 6cee939fb..76f6b02e8 100644
--- a/test/system/255-auto-update.bats
+++ b/test/system/255-auto-update.bats
@@ -115,6 +115,7 @@ function _confirm_update() {
     # Image has already been pulled, so this shouldn't take too long
     local timeout=5
     while [[ $timeout -gt 0 ]]; do
+        sleep 1
         run_podman '?' inspect --format "{{.Image}}" $cname
         if [[ $status != 0 ]]; then
             if [[ $output =~ (no such object|does not exist in database): ]]; then
@@ -126,7 +127,7 @@ function _confirm_update() {
         elif [[ $output != $old_iid ]]; then
             return
         fi
-        sleep 1
+        timeout=$((timeout - 1))
     done
 
     die "Timed out waiting for $cname to update; old IID=$old_iid"
@@ -234,6 +235,8 @@ function _confirm_update() {
     _confirm_update $cname $ori_image
 }
 
+# This test can fail in dev. environment because of SELinux.
+# quick fix: chcon -t container_runtime_exec_t ./bin/podman
 @test "podman auto-update - label io.containers.autoupdate=local with rollback" {
     # sdnotify fails with runc 1.0.0-3-dev2 on Ubuntu. Let's just
     # assume that we work only with crun, nothing else.
@@ -264,8 +267,6 @@ EOF
 
     # Generate a healthy image that will run correctly.
     run_podman build -t quay.io/libpod/$image -f $dockerfile1
-    podman image inspect --format "{{.ID}}" $image
-    oldID="$output"
 
     generate_service $image local /runme --sdnotify=container noTag
     _wait_service_ready container-$cname.service
@@ -275,7 +276,7 @@ EOF
 
     # Generate an unhealthy image that will fail.
     run_podman build -t quay.io/libpod/$image -f $dockerfile2
-    podman image inspect --format "{{.ID}}" $image
+    run_podman image inspect --format "{{.ID}}" $image
     newID="$output"
 
     run_podman auto-update --dry-run --format "{{.Unit}},{{.Image}},{{.Updated}},{{.Policy}}"
@@ -373,6 +374,12 @@ After=network-online.target
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/podman auto-update
+Environment="http_proxy=${http_proxy}"
+Environment="HTTP_PROXY=${HTTP_PROXY}"
+Environment="https_proxy=${https_proxy}"
+Environment="HTTPS_PROXY=${HTTPS_PROXY}"
+Environment="no_proxy=${no_proxy}"
+Environment="NO_PROXY=${NO_PROXY}"
 
 [Install]
 WantedBy=default.target
@@ -407,4 +414,97 @@ EOF
     _confirm_update $cname $ori_image
 }
 
+@test "podman-kube@.service template with rollback" {
+    # sdnotify fails with runc 1.0.0-3-dev2 on Ubuntu. Let's just
+    # assume that we work only with crun, nothing else.
+    # [copied from 260-sdnotify.bats]
+    runtime=$(podman_runtime)
+    if [[ "$runtime" != "crun" ]]; then
+        skip "this test only works with crun, not $runtime"
+    fi
+
+    install_kube_template
+
+    dockerfile1=$PODMAN_TMPDIR/Dockerfile.1
+    cat >$dockerfile1 <<EOF
+FROM quay.io/libpod/fedora:31
+RUN echo -e "#!/bin/sh\n\
+printenv NOTIFY_SOCKET; echo READY; systemd-notify --ready;\n\
+trap 'echo Received SIGTERM, finishing; exit' SIGTERM; echo WAITING; while :; do sleep 0.1; done" \
+>> /runme
+RUN chmod +x /runme
+EOF
+
+    dockerfile2=$PODMAN_TMPDIR/Dockerfile.2
+    cat >$dockerfile2 <<EOF
+FROM quay.io/libpod/fedora:31
+RUN echo -e "#!/bin/sh\n\
+exit 1" >> /runme
+RUN chmod +x /runme
+EOF
+    local_image=localhost/image:$(random_string 10)
+
+    # Generate a healthy image that will run correctly.
+    run_podman build -t $local_image -f $dockerfile1
+    run_podman image inspect --format "{{.ID}}" $local_image
+    oldID="$output"
+
+    # Create the YAMl file
+    yaml_source="$PODMAN_TMPDIR/test.yaml"
+    cat >$yaml_source <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+      io.containers.autoupdate: "registry"
+      io.containers.autoupdate/b: "local"
+      io.containers.sdnotify/b: "container"
+  labels:
+    app: test
+  name: test_pod
+spec:
+  containers:
+  - command:
+    - top
+    image: $IMAGE
+    name: a
+  - command:
+    - /runme
+    image: $local_image
+    name: b
+EOF
+
+    # Dispatch the YAML file
+    service_name="podman-kube@$(systemd-escape $yaml_source).service"
+    systemctl start $service_name
+    systemctl is-active $service_name
+
+    # Make sure the containers are properly configured
+    run_podman auto-update --dry-run --format "{{.Unit}},{{.Container}},{{.Image}},{{.Updated}},{{.Policy}}"
+    is "$output" ".*$service_name,.* (test_pod-a),$IMAGE,false,registry.*" "global auto-update policy gets applied"
+    is "$output" ".*$service_name,.* (test_pod-b),$local_image,false,local.*" "container-specified auto-update policy gets applied"
+
+    # Generate a broken image that will fail.
+    run_podman build -t $local_image -f $dockerfile2
+    run_podman image inspect --format "{{.ID}}" $local_image
+    newID="$output"
+
+    assert "$oldID" != "$newID" "broken image really is a new one"
+
+    # Make sure container b sees the new image
+    run_podman auto-update --dry-run --format "{{.Unit}},{{.Container}},{{.Image}},{{.Updated}},{{.Policy}}"
+    is "$output" ".*$service_name,.* (test_pod-a),$IMAGE,false,registry.*" "global auto-update policy gets applied"
+    is "$output" ".*$service_name,.* (test_pod-b),$local_image,pending,local.*" "container b sees the new image"
+
+    # Now update and check for the rollback
+    run_podman auto-update --format "{{.Unit}},{{.Container}},{{.Image}},{{.Updated}},{{.Policy}}"
+    is "$output" ".*$service_name,.* (test_pod-a),$IMAGE,rolled back,registry.*" "container a was rolled back as the update of b failed"
+    is "$output" ".*$service_name,.* (test_pod-b),$local_image,rolled back,local.*" "container b was rolled back as its update has failed"
+
+    # Clean up
+    systemctl stop $service_name
+    run_podman rmi -f $(pause_image) $local_image $newID $oldID
+    rm -f $UNIT_DIR/$unit_name
+}
+
 # vim: filetype=sh
diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats
index cd7b1262a..6c3ef7f3f 100644
--- a/test/system/260-sdnotify.bats
+++ b/test/system/260-sdnotify.bats
@@ -88,7 +88,13 @@ function _assert_mainpid_is_conmon() {
     export NOTIFY_SOCKET=$PODMAN_TMPDIR/ignore.sock
     _start_socat
 
-    run_podman 1 run --rm --sdnotify=ignore $IMAGE printenv NOTIFY_SOCKET
+    run_podman create --rm --sdnotify=ignore $IMAGE printenv NOTIFY_SOCKET
+    cid="$output"
+
+    run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}"
+    is "$output" "ignore " "NOTIFY_SOCKET is not set with 'ignore' mode"
+
+    run_podman 1 start --attach $cid
     is "$output" "" "\$NOTIFY_SOCKET in container"
 
     is "$(< $_SOCAT_LOG)" "" "nothing received on socket"
@@ -106,6 +112,9 @@ function _assert_mainpid_is_conmon() {
     cid="$output"
     wait_for_ready $cid
 
+    run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}"
+    is "$output" "conmon $NOTIFY_SOCKET"
+
     run_podman container inspect sdnotify_conmon_c --format "{{.State.ConmonPid}}"
     mainPID="$output"
 
@@ -113,6 +122,7 @@ function _assert_mainpid_is_conmon() {
     is "$output" "READY" "\$NOTIFY_SOCKET in container"
 
     # The 'echo's help us debug failed runs
+    wait_for_file $_SOCAT_LOG
     run cat $_SOCAT_LOG
     echo "socat log:"
     echo "$output"
@@ -132,7 +142,7 @@ READY=1" "sdnotify sent MAINPID and READY"
 # These tests can fail in dev. environment because of SELinux.
 # quick fix: chcon -t container_runtime_exec_t ./bin/podman
 @test "sdnotify : container" {
-    skip_if_aarch64 "FIXME: #15074 - fails on aarch64 non-remote"
+    skip_if_aarch64 "FIXME: #15277 sdnotify doesn't work on aarch64"
     # Sigh... we need to pull a humongous image because it has systemd-notify.
     # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this
     # caused CI to hang. That's why we explicitly require fedora:31)
@@ -147,13 +157,18 @@ READY=1" "sdnotify sent MAINPID and READY"
     _start_socat
 
     run_podman run -d --sdnotify=container $_FEDORA \
-               sh -c 'printenv NOTIFY_SOCKET;echo READY;systemd-notify --ready;while ! test -f /stop;do sleep 0.1;done'
+               sh -c 'printenv NOTIFY_SOCKET; echo READY; while ! test -f /stop;do sleep 0.1;done;systemd-notify --ready'
     cid="$output"
     wait_for_ready $cid
 
+    run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}"
+    is "$output" "container $NOTIFY_SOCKET"
+
     run_podman logs $cid
     is "${lines[0]}" "/run/notify/notify.sock" "NOTIFY_SOCKET is passed to container"
 
+    run_podman container inspect $cid --format "{{.State.ConmonPid}}"
+    mainPID="$output"
     # With container, READY=1 isn't necessarily the last message received;
     # just look for it anywhere in received messages
     run cat $_SOCAT_LOG
@@ -161,19 +176,25 @@ READY=1" "sdnotify sent MAINPID and READY"
     echo "socat log:"
     echo "$output"
 
-    is "$output" ".*READY=1" "received READY=1 through notify socket"
-
-    _assert_mainpid_is_conmon "$output"
+    is "$output" "MAINPID=$mainPID" "Container is not ready yet, so we only know the main PID"
 
     # Done. Stop container, clean up.
     run_podman exec $cid touch /stop
     run_podman wait $cid
+
+    wait_for_file $_SOCAT_LOG
+    run cat $_SOCAT_LOG
+    echo "socat log:"
+    echo "$output"
+    is "$output" "MAINPID=$mainPID
+READY=1"
+
     run_podman rm $cid
     run_podman rmi $_FEDORA
     _stop_socat
 }
 
-@test "sdnotify : play kube" {
+@test "sdnotify : play kube - no policies" {
     # Create the YAMl file
     yaml_source="$PODMAN_TMPDIR/test.yaml"
     cat >$yaml_source <<EOF
@@ -202,8 +223,15 @@ EOF
     _start_socat
 
     run_podman play kube --service-container=true $yaml_source
+
+    # Make sure the containers have the correct policy.
+    run_podman container inspect test_pod-test $service_container --format "{{.Config.SdNotifyMode}}"
+    is "$output" "ignore
+ignore"
+
     run_podman container inspect $service_container --format "{{.State.ConmonPid}}"
     mainPID="$output"
+    wait_for_file $_SOCAT_LOG
     # The 'echo's help us debug failed runs
     run cat $_SOCAT_LOG
     echo "socat log:"
@@ -216,9 +244,116 @@ READY=1" "sdnotify sent MAINPID and READY"
 
     # Clean up pod and pause image
     run_podman play kube --down $PODMAN_TMPDIR/test.yaml
-    run_podman version --format "{{.Server.Version}}-{{.Server.Built}}"
-    podman rmi -f localhost/podman-pause:$output
+    run_podman rmi $(pause_image)
 }
 
+@test "sdnotify : play kube - with policies" {
+    skip_if_aarch64 "FIXME: #15277 sdnotify doesn't work on aarch64"
+
+    # Sigh... we need to pull a humongous image because it has systemd-notify.
+    # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this
+    # caused CI to hang. That's why we explicitly require fedora:31)
+    # FIXME: is there a smaller image we could use?
+    local _FEDORA="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/fedora:31"
+    # Pull that image. Retry in case of flakes.
+    run_podman pull $_FEDORA || \
+        run_podman pull $_FEDORA || \
+        run_podman pull $_FEDORA
+
+    # Create the YAMl file
+    yaml_source="$PODMAN_TMPDIR/test.yaml"
+    cat >$yaml_source <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: test
+  name: test_pod
+  annotations:
+    io.containers.sdnotify:   "container"
+    io.containers.sdnotify/b: "conmon"
+spec:
+  containers:
+  - command:
+    - /bin/sh
+    - -c
+    - 'printenv NOTIFY_SOCKET; echo READY; while ! test -f /stop;do sleep 0.1;done;systemd-notify --ready'
+    image: $_FEDORA
+    name: a
+  - command:
+    - /bin/sh
+    - -c
+    - 'echo READY; top'
+    image: $IMAGE
+    name: b
+EOF
+    container_a="test_pod-a"
+    container_b="test_pod-b"
+
+    # The name of the service container is predictable: the first 12 characters
+    # of the hash of the YAML file followed by the "-service" suffix
+    yaml_sha=$(sha256sum $yaml_source)
+    service_container="${yaml_sha:0:12}-service"
+
+    export NOTIFY_SOCKET=$PODMAN_TMPDIR/conmon.sock
+    _start_socat
+
+    # Run `play kube` in the background as it will wait for all containers to
+    # send the READY=1 message.
+    timeout --foreground -v --kill=10 60 \
+        $PODMAN play kube --service-container=true $yaml_source &>/dev/null &
+
+    # Wait for both containers to be running
+    for i in $(seq 1 20); do
+        run_podman "?" container wait $container_a $container_b --condition="running"
+        if [[ $status == 0 ]]; then
+            break
+        fi
+        sleep 0.5
+        # Just for debugging
+        run_podman ps -a
+    done
+    if [[ $status != 0 ]]; then
+        die "container $container_a and/or $container_b did not start"
+    fi
+
+    # Make sure the containers have the correct policy
+    run_podman container inspect $container_a $container_b $service_container --format "{{.Config.SdNotifyMode}}"
+    is "$output" "container
+conmon
+ignore"
+
+    is "$(< $_SOCAT_LOG)" "" "nothing received on socket"
+
+    # Make sure the container received a "proxy" socket and is not using the
+    # one of `kube play`
+    run_podman container inspect $container_a --format "{{.Config.SdNotifySocket}}"
+    assert "$output" != $NOTIFY_SOCKET
+
+    run_podman logs $container_a
+    is "${lines[0]}" "/run/notify/notify.sock" "NOTIFY_SOCKET is passed to container"
+
+    # Instruct the container to send the READY
+    run_podman exec $container_a /bin/touch /stop
+
+    run_podman container inspect $service_container --format "{{.State.ConmonPid}}"
+    main_pid="$output"
+
+    run_podman container wait $container_a
+    wait_for_file $_SOCAT_LOG
+    # The 'echo's help us debug failed runs
+    run cat $_SOCAT_LOG
+    echo "socat log:"
+    echo "$output"
+
+    is "$output" "MAINPID=$main_pid
+READY=1" "sdnotify sent MAINPID and READY"
+
+    _stop_socat
+
+    # Clean up pod and pause image
+    run_podman play kube --down $yaml_source
+    run_podman rmi $_FEDORA $(pause_image)
+}
 
 # vim: filetype=sh
diff --git a/test/system/272-system-connection.bats b/test/system/272-system-connection.bats
index e9e9a01ea..e937a7273 100644
--- a/test/system/272-system-connection.bats
+++ b/test/system/272-system-connection.bats
@@ -95,12 +95,12 @@ $c2[ ]\+tcp://localhost:54321[ ]\+true" \
     # we need for the server.
     ${PODMAN%%-remote*} --root ${PODMAN_TMPDIR}/root \
                         --runroot ${PODMAN_TMPDIR}/runroot \
-                        system service -t 99 tcp:localhost:$_SERVICE_PORT &
+                        system service -t 99 tcp://localhost:$_SERVICE_PORT &
     _SERVICE_PID=$!
     wait_for_port localhost $_SERVICE_PORT
 
     _run_podman_remote info --format '{{.Host.RemoteSocket.Path}}'
-    is "$output" "tcp:localhost:$_SERVICE_PORT" \
+    is "$output" "tcp://localhost:$_SERVICE_PORT" \
        "podman info works, and talks to the correct server"
 
     _run_podman_remote info --format '{{.Store.GraphRoot}}'
diff --git a/test/system/280-update.bats b/test/system/280-update.bats
new file mode 100644
index 000000000..c7037c286
--- /dev/null
+++ b/test/system/280-update.bats
@@ -0,0 +1,130 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# Tests for podman update
+#
+
+load helpers
+
+LOOPDEVICE=
+
+function teardown() {
+    if [[ -n "$LOOPDEVICE" ]]; then
+        losetup -d $LOOPDEVICE
+        LOOPDEVICE=
+    fi
+    basic_teardown
+}
+
+
+@test "podman update - test all options" {
+
+    local cgv=1
+    if is_cgroupsv2; then
+        cgv=2;
+    fi
+
+    # Need a block device for blkio-weight-device testing
+    local pass_loop_device=
+    if ! is_rootless; then
+        if is_cgroupsv2; then
+            lofile=${PODMAN_TMPDIR}/disk.img
+            fallocate -l 1k  ${lofile}
+            LOOPDEVICE=$(losetup --show -f $lofile)
+            pass_loop_device="--device $LOOPDEVICE"
+
+            # Get maj:min (tr needed because losetup seems to use %2d)
+            lomajmin=$(losetup -l --noheadings --output MAJ:MIN $LOOPDEVICE | tr -d ' ')
+        fi
+    fi
+
+    # Shortcuts to make the table narrower
+    local -a gig=(0 1073741824 2147483648 3221225472)
+    local devicemax="1:5 rbps=10485760 wbps=31457280 riops=2000 wiops=4000"
+    local mm=memory/memory
+
+    # Format:
+    #   --<option> = <value>  | rootless? | check: cgroups v1            | check: cgroups v2
+    #
+    # Requires very wide window to read. Sorry.
+    #
+    # FIXMEs:
+    #  cpu-rt-period  (cgv1 only, on cpu/cpu.rt_period_us) works on RHEL8 but not on Ubuntu
+    #  cpu-rt-runtime (cgv1 only, on cpu/cpu.rt_runtime_us) fails: error setting cgroup config for procHooks ...
+    tests="
+cpu-shares          =            512 | - | cpu/cpu.shares       = 512              | cpu.weight      = 20
+cpus                =              5 | - | cpu/cpu.cfs_quota_us = 500000           | cpu.max         = 500000 100000
+cpuset-cpus         =              0 | - | cpuset/cpuset.cpus   = 0                | cpuset.cpus     = 0
+cpuset-mems         =              0 | - | cpuset/cpuset.mems   = 0                | cpuset.mems     = 0
+
+memory              =             1G | 2 | $mm.limit_in_bytes       = ${gig[1]}    | memory.max      = ${gig[1]}
+memory-swap         =             3G | 2 | $mm.memsw.limit_in_bytes = ${gig[3]}    | memory.swap.max = ${gig[2]}
+memory-reservation  =           400M | 2 | $mm.soft_limit_in_bytes  = 419430400    | memory.low      = 419430400
+
+blkio-weight        =            321 | - | -                                       | io.bfq.weight   = default 321 $lomajmin 98
+blkio-weight-device = $LOOPDEVICE:98 | - | -                                       | io.bfq.weight   = default 321 $lomajmin 98
+
+device-read-bps     = /dev/zero:10mb | - | -                                       | io.max          = $devicemax
+device-read-iops    = /dev/zero:2000 | - | -                                       | io.max          = $devicemax
+device-write-bps    = /dev/zero:30mb | - | -                                       | io.max          = $devicemax
+device-write-iops   = /dev/zero:4000 | - | -                                       | io.max          = $devicemax
+"
+
+    # Run a container
+    run_podman run ${pass_loop_device} -d $IMAGE sleep infinity
+    cid="$output"
+
+    # Pass 1: read the table above, gather up the options applicable
+    # to this test environment (root/rootless, cgroups v1/v2)
+    local -a opts
+    local -A check
+    while read opt works_rootless cgv1 cgv2; do
+        if is_rootless; then
+            local skipping="skipping --$opt : does not work rootless"
+            if [[ $works_rootless = '-' ]]; then
+                echo "[ $skipping ]"
+                continue
+            fi
+            if [[ ! $works_rootless =~ $cgv ]]; then
+                echo "[ $skipping on cgroups v$cgv ]"
+                continue
+            fi
+        fi
+
+        tuple=$cgv1
+        if is_cgroupsv2; then
+            tuple=$cgv2
+        fi
+        if [[ $tuple = '-' ]]; then
+            echo "[ skipping --$opt : N/A on cgroups v$cgv ]"
+            continue
+        fi
+
+        # OK: setting is applicable. Preserve it. (First removing whitespace)
+        opt=${opt// /}
+        opts+=("--$opt")
+        check["--$opt"]=$tuple
+    done < <(parse_table "$tests")
+
+    # Now do the update in one fell swoop
+    run_podman update "${opts[@]}" $cid
+
+    # ...and check one by one
+    for opt in "${opts[@]}"; do
+        read path op expect <<<"${check[$opt]}"
+        run_podman exec $cid cat /sys/fs/cgroup/$path
+
+        # Magic echo of unquoted-output converts newlines to spaces;
+        # important for otherwise multiline blkio file.
+        updated="$(echo $output)"
+        assert "$updated" $op "$expect" "$opt ($path)"
+    done
+
+    # Clean up
+    run_podman rm -f -t0 $cid
+    if [[ -n "$LOOPDEVICE" ]]; then
+        losetup -d $LOOPDEVICE
+        LOOPDEVICE=
+    fi
+}
+
+# vim: filetype=sh
diff --git a/test/system/320-system-df.bats b/test/system/320-system-df.bats
index 217357b37..35e121c62 100644
--- a/test/system/320-system-df.bats
+++ b/test/system/320-system-df.bats
@@ -27,7 +27,7 @@ function teardown() {
     run_podman system df --format '{{ .Type }}:{{ .Total }}:{{ .Active }}'
     is "${lines[0]}" "Images:1:1"        "system df : Images line"
     is "${lines[1]}" "Containers:2:1"    "system df : Containers line"
-    is "${lines[2]}" "Local Volumes:2:1" "system df : Volumes line"
+    is "${lines[2]}" "Local Volumes:2:2" "system df : Volumes line"
 
     # Try -v. (Grrr. No way to specify individual formats)
     #
diff --git a/test/system/330-corrupt-images.bats b/test/system/330-corrupt-images.bats
index 7f2b81835..2f0fd753c 100644
--- a/test/system/330-corrupt-images.bats
+++ b/test/system/330-corrupt-images.bats
@@ -74,7 +74,7 @@ function _corrupt_image_test() {
         # Corruptify, and confirm that 'podman images' throws an error
         rm -v ${PODMAN_CORRUPT_TEST_WORKDIR}/root/*-images/$id/${rm_path}
         run_podman 125 images
-        is "$output" "Error: error retrieving label for image \"$id\": you may need to remove the image to resolve the error.*"
+        is "$output" "Error: retrieving label for image \"$id\": you may need to remove the image to resolve the error.*"
 
         # Run the requested command. Confirm it succeeds, with suitable warnings
         run_podman $*
diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats
index 0d6be2d60..d70c95973 100644
--- a/test/system/400-unprivileged-access.bats
+++ b/test/system/400-unprivileged-access.bats
@@ -119,7 +119,7 @@ EOF
 
     # Some of the above may not exist on our host. Find only the ones that do.
     local -a subset=()
-    for mp in ${mps[@]}; do
+    for mp in "${mps[@]}"; do
         if [ -e $mp ]; then
             subset+=($mp)
         fi
@@ -128,7 +128,7 @@ EOF
     # Run 'stat' on all the files, plus /dev/null. Get path, file type,
     # number of links, major, and minor (see below for why). Do it all
     # in one go, to avoid multiple podman-runs
-    run_podman '?' run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]}
+    run_podman '?' run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null "${subset[@]}"
     assert $status -le 1 "stat exit status: expected 0 or 1"
 
     local devnull=
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index 082482c7a..cc86f282a 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -212,7 +212,7 @@ function check_label() {
 	# https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e
 	#   from failed to set /proc/self/attr/keycreate on procfs
 	#   to   write /proc/self/attr/keycreate: invalid argument
-	runc) expect="OCI runtime error: .*: \(failed to set|write\) /proc/self/attr/keycreate" ;;
+	runc) expect="OCI runtime error: .*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;;
 	*)    skip "Unknown runtime '$runtime'";;
     esac
 
diff --git a/test/system/420-cgroups.bats b/test/system/420-cgroups.bats
index 025a20012..3269f666c 100644
--- a/test/system/420-cgroups.bats
+++ b/test/system/420-cgroups.bats
@@ -19,6 +19,8 @@ load helpers
     esac
 
     run_podman --cgroup-manager=$other run --name myc $IMAGE true
+    assert "$output" = "" "run true, with cgroup-manager=$other, is silent"
+
     run_podman container inspect --format '{{.HostConfig.CgroupManager}}' myc
     is "$output" "$other" "podman preserved .HostConfig.CgroupManager"
 
@@ -29,7 +31,8 @@ load helpers
 
     # Restart the container, without --cgroup-manager option (ie use default)
     # Prior to #7970, this would fail with an OCI runtime error
-    run_podman start myc
+    run_podman start -a myc
+    assert "$output" = "" "restarted container emits no output"
 
     run_podman rm myc
 }
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index b9a173c2a..862bc285c 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -61,9 +61,9 @@ load helpers
     is "$output" "$random_2" "curl 127.0.0.1:/index2.txt"
 
     # Verify http contents: wget from a second container
-    run_podman run --rm --net=host $IMAGE wget -qO - $SERVER/index.txt
+    run_podman run --rm --net=host --http-proxy=false $IMAGE wget -qO - $SERVER/index.txt
     is "$output" "$random_1" "podman wget /index.txt"
-    run_podman run --rm --net=host $IMAGE wget -qO - $SERVER/index2.txt
+    run_podman run --rm --net=host --http-proxy=false $IMAGE wget -qO - $SERVER/index2.txt
     is "$output" "$random_2" "podman wget /index2.txt"
 
     # Tests #4889 - two-argument form of "podman ports" was broken
@@ -767,4 +767,14 @@ EOF
     is "$output" "" "Should print no output"
 }
 
+@test "podman network rm --dns-option " {
+    dns_opt=dns$(random_string)
+    run_podman run --rm --dns-opt=${dns_opt} $IMAGE cat /etc/resolv.conf
+    is "$output" ".*options ${dns_opt}" "--dns-opt was added"
+
+    dns_opt=dns$(random_string)
+    run_podman run --rm --dns-option=${dns_opt} $IMAGE cat /etc/resolv.conf
+    is "$output" ".*options ${dns_opt}" "--dns-option was added"
+}
+
 # vim: filetype=sh
diff --git a/test/system/520-checkpoint.bats b/test/system/520-checkpoint.bats
index 7c8fc143a..73fa5d4c4 100644
--- a/test/system/520-checkpoint.bats
+++ b/test/system/520-checkpoint.bats
@@ -101,6 +101,25 @@ function teardown() {
     run_podman rm -t 0 -f $cid
 }
 
+@test "podman checkpoint/restore print IDs or raw input" {
+    # checkpoint/restore -a must print the IDs
+    run_podman run -d $IMAGE top
+    ctrID="$output"
+    run_podman container checkpoint -a
+    is "$output" "$ctrID"
+    run_podman container restore -a
+    is "$output" "$ctrID"
+
+    # checkpoint/restore $input must print $input
+    cname=$(random_string)
+    run_podman run -d --name $cname $IMAGE top
+    run_podman container checkpoint $cname
+    is "$output" $cname
+    run_podman container restore $cname
+    is "$output" $cname
+
+    run_podman rm -t 0 -f $ctrID $cname
+}
 
 @test "podman checkpoint --export, with volumes" {
     skip_if_remote "Test uses --root/--runroot, which are N/A over remote"
diff --git a/test/system/610-format.bats b/test/system/610-format.bats
new file mode 100644
index 000000000..8f74634d1
--- /dev/null
+++ b/test/system/610-format.bats
@@ -0,0 +1,184 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# PR #15673: For all commands that accept --format '{{.GoTemplate}}',
+# invoke with --format '{{"\n"}}' and make sure they don't choke.
+#
+
+load helpers
+
+function teardown() {
+    # In case test fails: standard teardown does not wipe machines or secrets
+    run_podman '?' machine rm -f mymachine
+    run_podman '?' secret rm mysecret
+
+    basic_teardown
+}
+
+# Most commands can't just be run with --format; they need an argument or
+# option. This table defines what those are.
+#
+# FIXME: once you've finished fixing them all, remove the SKIPs (just
+# remove the entire lines, except for pod-inspect, just remove the SKIP
+# but leave "mypod")
+extra_args_table="
+history           | $IMAGE
+image history     | $IMAGE
+image inspect     | $IMAGE
+container inspect | mycontainer
+
+volume inspect    | -a
+secret inspect    | mysecret
+network inspect   | podman
+ps                | -a
+
+image search      | $IMAGE
+search            | $IMAGE
+
+pod inspect       | mypod
+
+events            | --stream=false --events-backend=file
+"
+
+# podman machine is finicky. Assume we can't run it, but see below for more.
+can_run_podman_machine=
+
+# podman stats, too
+can_run_stats=
+
+# Main test loop. Recursively runs 'podman [subcommand] help', looks for:
+#    > '[command]', which indicates, recurse; or
+#    > '--format', in which case we
+#      > check autocompletion, look for Go templates, in which case we
+#        > run the command with --format '{{"\n"}}' and make sure it passes
+function check_subcommand() {
+    for cmd in $(_podman_commands "$@"); do
+        # Special case: 'podman machine' can only be run under ideal conditions
+        if [[ "$cmd" = "machine" ]] && [[ -z "$can_run_podman_machine" ]]; then
+            continue
+        fi
+        if [[ "$cmd" = "stats" ]] && [[ -z "$can_run_stats" ]]; then
+            continue
+        fi
+
+        # Human-readable podman command string, with multiple spaces collapsed
+        command_string="podman $* $cmd"
+        command_string=${command_string//  / }  # 'podman  x' -> 'podman x'
+
+        # Run --help, decide if this is a subcommand with subcommands
+        run_podman "$@" $cmd --help
+        local full_help="$output"
+
+        # The line immediately after 'Usage:' gives us a 1-line synopsis
+        usage=$(echo "$full_help" | grep -A1 '^Usage:' | tail -1)
+        assert "$usage" != "" "podman $cmd: no Usage message found"
+
+        # Strip off the leading command string; we no longer need it
+        usage=$(sed -e "s/^  $command_string \?//" <<<"$usage")
+
+        # If usage ends in '[command]', recurse into subcommands
+        if expr "$usage" : '\[command\]' >/dev/null; then
+            # (except for 'podman help', which is a special case)
+            if [[ $cmd != "help" ]]; then
+                check_subcommand "$@" $cmd
+            fi
+            continue
+        fi
+
+        # Not a subcommand-subcommand. Look for --format option
+        if [[ ! "$output" =~ "--format" ]]; then
+            continue
+        fi
+
+        # Have --format. Make sure it's a Go-template option, not like --push
+        run_podman __completeNoDesc "$@" "$cmd" --format '{{.'
+        if [[ ! "$output" =~ \{\{\.[A-Z] ]]; then
+            continue
+        fi
+
+        # Got one.
+        dprint "$command_string has --format"
+
+        # Whatever is needed to make a runnable command
+        local extra=${extra_args[$command_string]}
+        if [[ -n "$extra" ]]; then
+            # Cross off our list
+            unset extra_args["$command_string"]
+        fi
+
+        # This is what does the work. We run with '?' so we can offer
+        # better error messages than just "exited with error status".
+        run_podman '?' "$@" "$cmd" $extra --format '{{"\n"}}'
+
+        # Output must always be empty.
+        #
+        #  - If you see "unterminated quoted string" here, there's a
+        #    regression, and you need to fix --format (see PR #15673)
+        #
+        #  - If you see any other error, it probably means that someone
+        #    added a new podman subcommand that supports --format but
+        #    needs some sort of option or argument to actually run.
+        #    See 'extra_args_table' at the top of this script.
+        #
+        assert "$output" = "" "$command_string --format '{{\"\n\"}}'"
+
+        # *Now* check exit status. This should never, ever, ever trigger!
+        # If it does, it means the podman command failed without an err msg!
+        assert "$status" = "0" \
+               "$command_string --format '{{\"\n\"}}' failed with no output!"
+    done
+}
+
+# Test entry point
+@test "check Go template formatting" {
+    skip_if_remote
+
+    # Setup: some commands need a container, pod, secret, ...
+    run_podman run -d --name mycontainer $IMAGE top
+    run_podman pod create mypod
+    run_podman secret create mysecret /etc/hosts
+
+    # ...or machine. But podman machine is ultra-finicky, it fails as root
+    # or if qemu is missing. Instead of checking for all the possible ways
+    # to skip it, just try running init. If it works, we can test it.
+    run_podman '?' machine init --image-path=/dev/null mymachine
+    if [[ $status -eq 0 ]]; then
+        can_run_podman_machine=true
+        extra_args_table+="
+machine inspect   | mymachine
+"
+    fi
+
+    # Similarly, 'stats' cannot run rootless under cgroups v1
+    if ! is_rootless || is_cgroupsv2; then
+        can_run_stats=true
+        extra_args_table+="
+container stats   | --no-stream
+pod stats         | --no-stream
+stats             | --no-stream
+"
+    fi
+
+    # Convert the table at top to an associative array, keyed on subcommand
+    declare -A extra_args
+    while read subcommand extra; do
+        extra_args["podman $subcommand"]=$extra
+    done < <(parse_table "$extra_args_table")
+
+    # Run the test
+    check_subcommand
+
+    # Clean up
+    run_podman pod rm mypod
+    run_podman rmi $(pause_image)
+    run_podman rm -f -t0 mycontainer
+    run_podman secret rm mysecret
+    run_podman '?' machine rm -f mymachine
+
+    # Make sure there are no leftover commands in our table - this would
+    # indicate a typo in the table, or a flaw in our logic such that
+    # we're not actually recursing.
+    local leftovers="${!extra_args[@]}"
+    assert "$leftovers" = "" "Did not find (or test) subcommands:"
+}
+
+# vim: filetype=sh
diff --git a/test/system/700-play.bats b/test/system/700-play.bats
index 72602a9e6..bad9544ff 100644
--- a/test/system/700-play.bats
+++ b/test/system/700-play.bats
@@ -182,8 +182,11 @@ EOF
     run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID
     is "$output" "none" "network mode none is set for the container"
 
-    run_podman stop -a -t 0
-    run_podman pod rm -t 0 -f test_pod
+    run_podman kube down - < $PODMAN_TMPDIR/test.yaml
+    run_podman 125 inspect test_pod-test
+    is "$output" ".*Error: inspecting object: no such object: \"test_pod-test\""
+    run_podman pod rm -a
+    run_podman rm -a
 }
 
 @test "podman play with user from image" {
@@ -325,7 +328,6 @@ spec:
     - name: TERM
       value: xterm
     - name: container
-
       value: podman
     image: quay.io/libpod/userimage
     name: test
@@ -353,6 +355,34 @@ status: {}
     run_podman inspect --format "{{.HostConfig.LogConfig.Type}}" test_pod-test
     is "$output" "$default_driver" "play kube uses default log driver"
 
-    run_podman stop -a -t 0
-    run_podman pod rm -t 0 -f test_pod
+    run_podman kube down $PODMAN_TMPDIR/test.yaml
+    run_podman 125 inspect test_pod-test
+    is "$output" ".*Error: inspecting object: no such object: \"test_pod-test\""
+    run_podman pod rm -a
+    run_podman rm -a
+}
+
+@test "podman kube play - URL" {
+    TESTDIR=$PODMAN_TMPDIR/testdir
+    mkdir -p $TESTDIR
+    echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
+
+    HOST_PORT=$(random_free_port)
+    SERVER=http://127.0.0.1:$HOST_PORT
+
+    run_podman run -d --name myyaml -p "$HOST_PORT:80" \
+    -v $PODMAN_TMPDIR/test.yaml:/var/www/testpod.yaml:Z \
+    -w /var/www \
+    $IMAGE /bin/busybox-extras httpd -f -p 80
+
+    run_podman kube play $SERVER/testpod.yaml
+    run_podman inspect test_pod-test --format "{{.State.Running}}"
+    is "$output" "true"
+    run_podman kube down $SERVER/testpod.yaml
+    run_podman 125 inspect test_pod-test
+    is "$output" ".*Error: inspecting object: no such object: \"test_pod-test\""
+
+    run_podman pod rm -a -f
+    run_podman rm -a -f
+    run_podman rm -f -t0 myyaml
 }
diff --git a/test/system/710-kube.bats b/test/system/710-kube.bats
new file mode 100644
index 000000000..97a640e3f
--- /dev/null
+++ b/test/system/710-kube.bats
@@ -0,0 +1,160 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# Test podman kube generate
+#
+
+load helpers
+
+# standard capability drop list
+capabilities='{"drop":["CAP_MKNOD","CAP_NET_RAW","CAP_AUDIT_WRITE"]}'
+
+# Warning that is emitted once on containers, multiple times on pods
+kubernetes_63='Truncation Annotation: .* Kubernetes only allows 63 characters'
+
+# filter: convert yaml to json, because bash+yaml=madness
+function yaml2json() {
+    egrep -v "$kubernetes_63" | python3 -c 'import yaml
+import json
+import sys
+json.dump(yaml.safe_load(sys.stdin), sys.stdout)'
+}
+
+###############################################################################
+# BEGIN tests
+
+@test "podman kube generate - usage message" {
+    run_podman kube generate --help
+    is "$output" ".*podman.* kube generate \[options\] {CONTAINER...|POD...|VOLUME...}"
+    run_podman generate kube --help
+    is "$output" ".*podman.* generate kube \[options\] {CONTAINER...|POD...|VOLUME...}"
+}
+
+@test "podman kube generate - container" {
+    cname=c$(random_string 15)
+    run_podman container create --name $cname $IMAGE top
+    run_podman kube generate $cname
+
+    # Convert yaml to json, and dump to stdout (to help in case of errors)
+    json=$(yaml2json <<<"$output")
+    jq . <<<"$json"
+
+    # What we expect to see. This is by necessity an incomplete list.
+    # For instance, it does not include org.opencontainers.image.base.*
+    # because sometimes we get that, sometimes we don't. No clue why.
+    #
+    # And, unfortunately, if new fields are added to the YAML, we won't
+    # test those unless a developer remembers to add them here.
+    #
+    # Reasons for doing it this way, instead of straight-comparing yaml:
+    #   1) the arbitrariness of the org.opencontainers.image.base annotations
+    #   2) YAML order is nondeterministic, so on a pod with two containers
+    #      (as in the pod test below) we cannot rely on cname1/cname2.
+    expect="
+apiVersion | =  | v1
+kind       | =  | Pod
+
+metadata.annotations.\"io.kubernetes.cri-o.TTY/$cname\"           | =  | false
+metadata.annotations.\"io.podman.annotations.autoremove/$cname\"  | =  | FALSE
+metadata.annotations.\"io.podman.annotations.init/$cname\"        | =  | FALSE
+metadata.annotations.\"io.podman.annotations.privileged/$cname\"  | =  | FALSE
+metadata.annotations.\"io.podman.annotations.publish-all/$cname\" | =  | FALSE
+
+metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
+metadata.labels.app        | =  | ${cname}-pod
+metadata.name              | =  | ${cname}-pod
+
+spec.containers[0].command       | =  | [\"top\"]
+spec.containers[0].image         | =  | $IMAGE
+spec.containers[0].name          | =  | $cname
+
+spec.containers[0].securityContext.capabilities  | =  | $capabilities
+
+status                           | =  | null
+"
+
+    # Parse and check all those
+    while read key op expect; do
+        actual=$(jq -r -c ".$key" <<<"$json")
+        assert "$actual" $op "$expect" ".$key"
+    done < <(parse_table "$expect")
+
+    run_podman rm $cname
+}
+
+@test "podman kube generate - pod" {
+    local pname=p$(random_string 15)
+    local cname1=c1$(random_string 15)
+    local cname2=c2$(random_string 15)
+
+    run_podman pod create --name $pname --publish 9999:8888
+
+    # Needs at least one container. Error is slightly different between
+    # regular and remote podman:
+    #   regular: Error: pod ... only has...
+    #   remote:  Error: generating YAML: pod ... only has...
+    run_podman 125 kube generate $pname
+    assert "$output" =~ "Error: .* only has an infra container"
+
+    run_podman container create --name $cname1 --pod $pname $IMAGE top
+    run_podman container create --name $cname2 --pod $pname $IMAGE bottom
+    run_podman kube generate $pname
+
+    json=$(yaml2json <<<"$output")
+    jq . <<<"$json"
+
+    # See container test above for description of this table
+    expect="
+apiVersion | =  | v1
+kind       | =  | Pod
+
+metadata.annotations.\"io.kubernetes.cri-o.ContainerType/$cname1\" | =  | container
+metadata.annotations.\"io.kubernetes.cri-o.ContainerType/$cname2\" | =  | container
+metadata.annotations.\"io.kubernetes.cri-o.SandboxID/$cname1\"     | =~ | [0-9a-f]\\{56\\}
+metadata.annotations.\"io.kubernetes.cri-o.SandboxID/$cname2\"     | =~ | [0-9a-f]\\{56\\}
+metadata.annotations.\"io.kubernetes.cri-o.TTY/$cname1\"           | =  | false
+metadata.annotations.\"io.kubernetes.cri-o.TTY/$cname2\"           | =  | false
+metadata.annotations.\"io.podman.annotations.autoremove/$cname1\"  | =  | FALSE
+metadata.annotations.\"io.podman.annotations.autoremove/$cname2\"  | =  | FALSE
+metadata.annotations.\"io.podman.annotations.init/$cname1\"        | =  | FALSE
+metadata.annotations.\"io.podman.annotations.init/$cname2\"        | =  | FALSE
+metadata.annotations.\"io.podman.annotations.privileged/$cname1\"  | =  | FALSE
+metadata.annotations.\"io.podman.annotations.privileged/$cname2\"  | =  | FALSE
+metadata.annotations.\"io.podman.annotations.publish-all/$cname1\" | =  | FALSE
+metadata.annotations.\"io.podman.annotations.publish-all/$cname2\" | =  | FALSE
+
+metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
+metadata.labels.app        | =  | ${pname}
+metadata.name              | =  | ${pname}
+
+spec.hostname                              | =  | $pname
+spec.restartPolicy                         | =  | Never
+
+spec.containers[0].command                 | =  | [\"top\"]
+spec.containers[0].image                   | =  | $IMAGE
+spec.containers[0].name                    | =  | $cname1
+spec.containers[0].ports[0].containerPort  | =  | 8888
+spec.containers[0].ports[0].hostPort       | =  | 9999
+spec.containers[0].resources               | =  | {}
+
+spec.containers[1].command                 | =  | [\"bottom\"]
+spec.containers[1].image                   | =  | $IMAGE
+spec.containers[1].name                    | =  | $cname2
+spec.containers[1].ports                   | =  | null
+spec.containers[1].resources               | =  | {}
+
+spec.containers[0].securityContext.capabilities  | =  | $capabilities
+
+status  | =  | {}
+"
+
+    while read key op expect; do
+        actual=$(jq -r -c ".$key" <<<"$json")
+        assert "$actual" $op "$expect" ".$key"
+    done < <(parse_table "$expect")
+
+    run_podman rm $cname1 $cname2
+    run_podman pod rm $pname
+    run_podman rmi $(pause_image)
+}
+
+# vim: filetype=sh
diff --git a/test/system/900-ssh.bats b/test/system/900-ssh.bats
new file mode 100644
index 000000000..4f1682d48
--- /dev/null
+++ b/test/system/900-ssh.bats
@@ -0,0 +1,61 @@
+#!/usr/bin/env bats
+#
+# Simplest set of podman tests. If any of these fail, we have serious problems.
+#
+
+load helpers
+
+# Override standard setup! We don't yet trust podman-images or podman-rm
+function setup() {
+    if ! is_remote; then
+        skip "only applicable on podman-remote"
+    fi
+
+    basic_setup
+}
+
+function teardown() {
+    if ! is_remote; then
+        return
+    fi
+
+    # In case test function failed to clean up
+    if [[ -n $_SERVICE_PID ]]; then
+        run kill $_SERVICE_PID
+    fi
+
+    # see test/system/272-system-connection.bats for why this is needed
+    mount \
+        | grep $PODMAN_TMPDIR \
+        | awk '{print $3}' \
+        | xargs -l1 --no-run-if-empty umount
+
+    run_podman system connection rm --all
+
+    basic_teardown
+}
+
+function _run_podman_remote() {
+    PODMAN=${PODMAN%%--url*} run_podman "$@"
+}
+
+@test "podman --ssh test" {
+    skip_if_no_ssh "cannot run these tests without an ssh binary"
+    # Start server
+    _SERVICE_PORT=$(random_free_port 63000-64999)
+
+    ${PODMAN%%-remote*} --root ${PODMAN_TMPDIR}/root \
+                        --runroot ${PODMAN_TMPDIR}/runroot \
+                        system service -t 99 tcp://localhost:$_SERVICE_PORT &
+    _SERVICE_PID=$!
+    wait_for_port localhost $_SERVICE_PORT
+
+    notme=${PODMAN_ROOTLESS_USER}
+
+    uid=$(id -u $notme)
+
+    run_podman 125 --ssh=native system connection add testing ssh://$notme@localhost:22/run/user/$uid/podman/podman.sock
+    is "$output" "Error: exit status 255"
+
+    # need to figure out how to podman remote test with the new ssh
+}
diff --git a/test/system/TODO.md b/test/system/TODO.md
index e47292f26..55e7601d1 100644
--- a/test/system/TODO.md
+++ b/test/system/TODO.md
@@ -1,4 +1,4 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # Overview
 
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 19bc6547c..4bc1ba78c 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -36,20 +36,6 @@ fi
 # That way individual tests can override with their own setup/teardown,
 # while retaining the ability to include these if they so desire.
 
-# Some CI systems set this to runc, overriding the default crun.
-if [[ -n $OCI_RUNTIME ]]; then
-    if [[ -z $CONTAINERS_CONF ]]; then
-        # FIXME: BATS provides no mechanism for end-of-run cleanup[1]; how
-        # can we avoid leaving this file behind when we finish?
-        #   [1] https://github.com/bats-core/bats-core/issues/39
-        export CONTAINERS_CONF=$(mktemp --tmpdir=${BATS_TMPDIR:-/tmp} podman-bats-XXXXXXX.containers.conf)
-        cat >$CONTAINERS_CONF <<EOF
-[engine]
-runtime="$OCI_RUNTIME"
-EOF
-    fi
-fi
-
 # Setup helper: establish a test environment with exactly the images needed
 function basic_setup() {
     # Clean up all containers
@@ -191,6 +177,15 @@ function run_podman() {
     # without "quotes", multiple lines are glommed together into one
     if [ -n "$output" ]; then
         echo "$output"
+
+        # FIXME FIXME FIXME: instrumenting to track down #15488. Please
+        # remove once that's fixed. We include the args because, remember,
+        # bats only shows output on error; it's possible that the first
+        # instance of the metacopy warning happens in a test that doesn't
+        # check output, hence doesn't fail.
+        if [[ "$output" =~ Ignoring.global.metacopy.option ]]; then
+            echo "# YO! metacopy warning triggered by: podman $*" >&3
+        fi
     fi
     if [ "$status" -ne 0 ]; then
         echo -n "[ rc=$status ";
@@ -342,11 +337,32 @@ function wait_for_port() {
     die "Timed out waiting for $host:$port"
 }
 
+###################
+#  wait_for_file  #  Returns once file is available on host
+###################
+function wait_for_file() {
+    local file=$1                       # The path to the file
+    local _timeout=${2:-5}              # Optional; default 5 seconds
+
+    # Wait
+    while [ $_timeout -gt 0 ]; do
+        test -e $file && return
+        sleep 1
+        _timeout=$(( $_timeout - 1 ))
+    done
+
+    die "Timed out waiting for $file"
+}
+
 # END   podman helpers
 ###############################################################################
 # BEGIN miscellaneous tools
 
 # Shortcuts for common needs:
+function no_ssh() {
+    [ "$(man ssh)" -ne 0 ]
+}
+
 function is_ubuntu() {
     grep -qiw ubuntu /etc/os-release
 }
@@ -470,6 +486,17 @@ function _add_label_if_missing() {
 }
 
 ######################
+#  skip_if_no_ssh #  ...with an optional message
+######################
+function skip_if_no_ssh() {
+    if no_ssh; then
+        local msg=$(_add_label_if_missing "$1" "ssh")
+        skip "${msg:-not applicable with no ssh binary}"
+    fi
+}
+
+
+######################
 #  skip_if_rootless  #  ...with an optional message
 ######################
 function skip_if_rootless() {
@@ -876,5 +903,59 @@ function _podman_commands() {
     awk '/^Available Commands:/{ok=1;next}/^Options:/{ok=0}ok { print $1 }' <<<"$output" | grep .
 }
 
+###############################
+#  _build_health_check_image  #  Builds a container image with a configured health check
+###############################
+#
+# The health check will fail once the /uh-oh file exists.
+#
+# First argument is the desired name of the image
+# Second argument, if present and non-null, forces removal of the /uh-oh file once the check failed; this way the container can be restarted
+#
+
+function _build_health_check_image {
+    local imagename="$1"
+    local cleanfile=""
+
+    if [[ ! -z "$2" ]]; then
+        cleanfile="rm -f /uh-oh"
+    fi
+    # Create an image with a healthcheck script; said script will
+    # pass until the file /uh-oh gets created (by us, via exec)
+    cat >${PODMAN_TMPDIR}/healthcheck <<EOF
+#!/bin/sh
+
+if test -e /uh-oh; then
+    echo "Uh-oh on stdout!"
+    echo "Uh-oh on stderr!" >&2
+    ${cleanfile}
+    exit 1
+else
+    echo "Life is Good on stdout"
+    echo "Life is Good on stderr" >&2
+    exit 0
+fi
+EOF
+
+    cat >${PODMAN_TMPDIR}/entrypoint <<EOF
+#!/bin/sh
+
+trap 'echo Received SIGTERM, finishing; exit' SIGTERM; echo WAITING; while :; do sleep 0.1; done
+EOF
+
+    cat >${PODMAN_TMPDIR}/Containerfile <<EOF
+FROM $IMAGE
+
+COPY healthcheck /healthcheck
+COPY entrypoint  /entrypoint
+
+RUN  chmod 755 /healthcheck /entrypoint
+
+CMD ["/entrypoint"]
+EOF
+
+    run_podman build -t $imagename ${PODMAN_TMPDIR}
+}
+
 # END   miscellaneous tools
 ###############################################################################
diff --git a/test/system/helpers.systemd.bash b/test/system/helpers.systemd.bash
index d9abc087d..afbab6e08 100644
--- a/test/system/helpers.systemd.bash
+++ b/test/system/helpers.systemd.bash
@@ -32,3 +32,17 @@ journalctl() {
 systemd-run() {
     command systemd-run $_DASHUSER "$@";
 }
+
+install_kube_template() {
+    # If running from a podman source directory, build and use the source
+    # version of the play-kube-@ unit file
+    unit_name="podman-kube@.service"
+    unit_file="contrib/systemd/system/${unit_name}"
+    if [[ -e ${unit_file}.in ]]; then
+        echo "# [Building & using $unit_name from source]" >&3
+        # Force regenerating unit file (existing one may have /usr/bin path)
+        rm -f $unit_file
+        BINDIR=$(dirname $PODMAN) make $unit_file
+        cp $unit_file $UNIT_DIR/$unit_name
+    fi
+}
diff --git a/test/testvol/main.go b/test/testvol/main.go
index dd4ba642d..ab26e2df0 100644
--- a/test/testvol/main.go
+++ b/test/testvol/main.go
@@ -80,7 +80,7 @@ func startServer(socketPath string) error {
 	if config.path == "" {
 		path, err := ioutil.TempDir("", "test_volume_plugin")
 		if err != nil {
-			return fmt.Errorf("error getting directory for plugin: %w", err)
+			return fmt.Errorf("getting directory for plugin: %w", err)
 		}
 		config.path = path
 	} else {
@@ -98,7 +98,7 @@ func startServer(socketPath string) error {
 
 	server := volume.NewHandler(handle)
 	if err := server.ServeUnix(socketPath, 0); err != nil {
-		return fmt.Errorf("error starting server: %w", err)
+		return fmt.Errorf("starting server: %w", err)
 	}
 	return nil
 }
@@ -161,7 +161,7 @@ func (d *DirDriver) Create(opts *volume.CreateRequest) error {
 
 	volPath := filepath.Join(d.volumesPath, opts.Name)
 	if err := os.Mkdir(volPath, 0755); err != nil {
-		return fmt.Errorf("error making volume directory: %w", err)
+		return fmt.Errorf("making volume directory: %w", err)
 	}
 	newVol.path = volPath
 
@@ -240,7 +240,7 @@ func (d *DirDriver) Remove(req *volume.RemoveRequest) error {
 	delete(d.volumes, req.Name)
 
 	if err := os.RemoveAll(vol.path); err != nil {
-		return fmt.Errorf("error removing mountpoint of volume %s: %w", req.Name, err)
+		return fmt.Errorf("removing mountpoint of volume %s: %w", req.Name, err)
 	}
 
 	logrus.Debugf("Removed volume %s", req.Name)
diff --git a/test/testvol/util.go b/test/testvol/util.go
index b50bb3afb..b4961e097 100644
--- a/test/testvol/util.go
+++ b/test/testvol/util.go
@@ -25,5 +25,5 @@ func getPluginName(pathOrName string) string {
 func getPlugin(sockNameOrPath string) (*plugin.VolumePlugin, error) {
 	path := getSocketPath(sockNameOrPath)
 	name := getPluginName(sockNameOrPath)
-	return plugin.GetVolumePlugin(name, path, 0)
+	return plugin.GetVolumePlugin(name, path, nil, nil)
 }
diff --git a/test/upgrade/test-upgrade.bats b/test/upgrade/test-upgrade.bats
index 5efe05d49..dca97e324 100644
--- a/test/upgrade/test-upgrade.bats
+++ b/test/upgrade/test-upgrade.bats
@@ -345,10 +345,10 @@ failed    | exited     | 17
 
 @test "rm a stopped container" {
     run_podman rm myfailedcontainer
-    is "$output" "[0-9a-f]\\{64\\}" "podman rm myfailedcontainer"
+    is "$output" "myfailedcontainer" "podman rm myfailedcontainer"
 
     run_podman rm mydonecontainer
-    is "$output" "[0-9a-f]\\{64\\}" "podman rm mydonecontainer"
+    is "$output" "mydonecontainer" "podman rm mydonecontainer"
 }
 
 
diff --git a/test/utils/utils.go b/test/utils/utils.go
index 9c2a63c81..19b287ae1 100644
--- a/test/utils/utils.go
+++ b/test/utils/utils.go
@@ -225,7 +225,7 @@ func (p *PodmanTest) WaitContainerReady(id string, expStr string, timeout int, s
 			return false
 		}
 
-		if strings.Contains(s.OutputToString(), expStr) {
+		if strings.Contains(s.OutputToString(), expStr) || strings.Contains(s.ErrorToString(), expStr) {
 			return true
 		}
 		time.Sleep(time.Duration(step) * time.Second)
diff --git a/transfer.md b/transfer.md
index 765094dc9..c755a761f 100644
--- a/transfer.md
+++ b/transfer.md
@@ -1,4 +1,4 @@
-![PODMAN logo](logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 # Podman Usage Transfer
 
 This document outlines useful information for ops and dev transfer as it relates to infrastructure that utilizes `Podman`.
diff --git a/troubleshooting.md b/troubleshooting.md
index 1fa044fe9..d1b19b293 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -1,4 +1,4 @@
-![PODMAN logo](logo/podman-logo-source.svg)
+![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
 
 # Troubleshooting
 
@@ -409,7 +409,7 @@ Copying blob f7277927d38a done
 Copying config 5e13f8dd4c done
 Writing manifest to image destination
 Storing signatures
-Error: error creating build container: Error committing the finished image: error adding layer with blob "sha256:8d3eac894db4dc4154377ad28643dfe6625ff0e54bcfa63e0d04921f1a8ef7f8": Error processing tar file(exit status 1): operation not permitted
+Error: creating build container: Error committing the finished image: error adding layer with blob "sha256:8d3eac894db4dc4154377ad28643dfe6625ff0e54bcfa63e0d04921f1a8ef7f8": Error processing tar file(exit status 1): operation not permitted
 $ podman build .
 ERRO[0014] Error while applying layer: ApplyLayer exit status 1 stdout:  stderr: open /root/.bash_logout: permission denied
 error creating build container: Error committing the finished image: error adding layer with blob "sha256:a02a4930cb5d36f3290eb84f4bfa30668ef2e9fe3a1fb73ec015fc58b9958b17": ApplyLayer exit status 1 stdout:  stderr: open /root/.bash_logout: permission denied
@@ -678,23 +678,28 @@ $ podman run --rootfs /path/to/rootfs:O ....
 Modifications to the mount point are destroyed when the container
 finishes executing, similar to a tmpfs mount point being unmounted.
 
-### 26) Running containers with CPU limits fails with a permissions error
+### 26) Running containers with resource limits fails with a permissions error
 
-On some systemd-based systems, non-root users do not have CPU limit delegation
-permissions. This causes setting CPU limits to fail.
+On some systemd-based systems, non-root users do not have resource limit delegation
+permissions. This causes setting resource limits to fail.
 
 #### Symptom
 
-Running a container with a CPU limit options such as `--cpus`, `--cpu-period`,
-or `--cpu-quota` will fail with an error similar to the following:
+Running a container with a resource limit options will fail with an error similar to the following:
 
-    Error: opening file `cpu.max` for writing: Permission denied: OCI runtime permission denied error
+`--cpus`, `--cpu-period`, `--cpu-quota`, `--cpu-shares`:
 
-This means that CPU limit delegation is not enabled for the current user.
+    Error: OCI runtime error: crun: the requested cgroup controller `cpu` is not available
+
+`--cpuset-cpus`, `--cpuset-mems`:
+
+    Error: OCI runtime error: crun: the requested cgroup controller `cpuset` is not available
+
+This means that resource limit delegation is not enabled for the current user.
 
 #### Solution
 
-You can verify whether CPU limit delegation is enabled by running the following command:
+You can verify whether resource limit delegation is enabled by running the following command:
 
 ```console
 $ cat "/sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers"
@@ -704,27 +709,27 @@ Example output might be:
 
     memory pids
 
-In the above example, `cpu` is not listed, which means the current user does
-not have permission to set CPU limits.
+In the above example, `cpu` and `cpuset` are not listed, which means the current user does
+not have permission to set CPU or CPUSET limits.
 
-If you want to enable CPU limit delegation for all users, you can create the
+If you want to enable CPU or CPUSET limit delegation for all users, you can create the
 file `/etc/systemd/system/user@.service.d/delegate.conf` with the contents:
 
 ```ini
 [Service]
-Delegate=memory pids cpu io
+Delegate=memory pids cpu cpuset
 ```
 
-After logging out and logging back in, you should have permission to set CPU
-limits.
+After logging out and logging back in, you should have permission to set
+CPU and CPUSET limits.
 
-### 26) `exec container process '/bin/sh': Exec format error` (or another binary than `bin/sh`)
+### 27) `exec container process '/bin/sh': Exec format error` (or another binary than `bin/sh`)
 
 This can happen when running a container from an image for another architecture than the one you are running on.
 
 For example, if a remote repository only has, and thus send you, a `linux/arm64` _OS/ARCH_ but you run on `linux/amd64` (as happened in https://github.com/openMF/community-app/issues/3323 due to https://github.com/timbru31/docker-ruby-node/issues/564).
 
-### 27) `Error: failed to create sshClient: Connection to bastion host (ssh://user@host:22/run/user/.../podman/podman.sock) failed.: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain`
+### 28) `Error: failed to create sshClient: Connection to bastion host (ssh://user@host:22/run/user/.../podman/podman.sock) failed.: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain`
 
 In some situations where the client is not on the same machine as where the podman daemon is running the client key could be using a cipher not supported by the host. This indicates an issue with one's SSH config. Until remedied using podman over ssh
 with a pre-shared key will be impossible.
@@ -761,7 +766,7 @@ And now this should work:
 $ podman-remote info
 ```
 
-### 28) Rootless CNI networking fails in RHEL with Podman v2.2.1 to v3.0.1.
+### 29) Rootless CNI networking fails in RHEL with Podman v2.2.1 to v3.0.1.
 
 A failure is encountered when trying to use networking on a rootless
 container in Podman v2.2.1 through v3.0.1 on RHEL.  This error does not
@@ -780,7 +785,7 @@ instructions for building the Infra container image can be found for
 v2.2.1 [here](https://github.com/containers/podman/tree/v2.2.1-rhel/contrib/rootless-cni-infra),
 and for v3.0.1 [here](https://github.com/containers/podman/tree/v3.0.1-rhel/contrib/rootless-cni-infra).
 
-### 29) Container related firewall rules are lost after reloading firewalld
+### 30) Container related firewall rules are lost after reloading firewalld
 Container network can't be reached after `firewall-cmd --reload` and `systemctl restart firewalld` Running `podman network reload` will fix it but it has to be done manually.
 
 #### Symptom
@@ -918,7 +923,7 @@ if __name__ == "__main__":
     signal_listener()
 ```
 
-### 30) Podman run fails with `ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user` or `Error: error creating tmpdir: mkdir /run/user/1000: permission denied`.
+### 31) Podman run fails with `ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user` or `Error: creating tmpdir: mkdir /run/user/1000: permission denied`.
 
 A failure is encountered when performing `podman run` with a warning `XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.`
 
@@ -933,7 +938,7 @@ ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current u
 ```
 ```console
 # su - user1 -c 'podman images'
-Error: error creating tmpdir: mkdir /run/user/1000: permission denied
+Error: creating tmpdir: mkdir /run/user/1000: permission denied
 ```
 
 #### Solution
@@ -960,7 +965,7 @@ Alternatives:
 
 * Before invoking Podman command create a valid login session for your rootless user using `loginctl enable-linger <username>`
 
-### 31) 127.0.0.1:7777 port already bound
+### 32) 127.0.0.1:7777 port already bound
 
 After deleting a VM on macOS, the initialization of subsequent VMs fails.
 
@@ -972,7 +977,7 @@ After deleting a client VM on macOS via `podman machine stop` && `podman machine
 
 You will need to remove the hanging gv-proxy process bound to the port in question. For example, if the port mentioned in the error message is 127.0.0.1:7777, you can use the command `kill -9 $(lsof -i:7777)` in order to identify and remove the hanging process which prevents you from starting a new VM on that default port.
 
-### 32) The sshd process fails to run inside of the container.
+### 33) The sshd process fails to run inside of the container.
 
 #### Symptom
 
@@ -991,7 +996,7 @@ then using podman -remote to start the container or simply by running
 something like `systemd-run podman run ...`.  In this case the
 container will only need `CAP_AUDIT_WRITE`.
 
-### 33) Container creates a file that is not owned by the user's regular UID
+### 34) Container creates a file that is not owned by the user's regular UID
 
 After running a container with rootless Podman, the non-root user sees a numerical UID and GID instead of a username and groupname.
 
@@ -1106,7 +1111,7 @@ Another variant of the same problem could occur when using
 in some way (e.g by creating them themselves, or switching the effective UID to
 a rootless user and then creates files).
 
-### 34) Passed-in devices or files can't be accessed in rootless container (UID/GID mapping problem)
+### 35) Passed-in devices or files can't be accessed in rootless container (UID/GID mapping problem)
 
 As a non-root user you have access rights to devices, files and directories that you
 want to pass into a rootless container with `--device=...`, `--volume=...` or `--mount=..`.
@@ -1203,7 +1208,7 @@ can sometimes be an alternative solution, but it forces the regular
 user's host UID to be mapped to the same UID inside the container
 so it provides less flexibility than using `--uidmap` and `--gidmap`.
 
-### 35) Images in the additional stores can be deleted even if there are containers using them
+### 36) Images in the additional stores can be deleted even if there are containers using them
 
 When an image in an additional store is used, it is not locked thus it
 can be deleted even if there are containers using it.
@@ -1218,7 +1223,7 @@ It is the user responsibility to make sure images in an additional
 store are not deleted while being used by containers in another
 store.
 
-### 36) Syncing bugfixes for podman-remote or setups using Podman API
+### 37) Syncing bugfixes for podman-remote or setups using Podman API
 
 After upgrading Podman to a newer version an issue with the earlier version of Podman still presents itself while using podman-remote.
 
@@ -1232,7 +1237,7 @@ When upgrading Podman to a particular version for the required fixes, users ofte
 
 Example: If a particular bug was fixed in `v4.1.0` then the Podman client must have version `v4.1.0` as well the Podman server must have version `v4.1.0`.
 
-### 37) Unexpected carriage returns are outputted on the terminal
+### 38) Unexpected carriage returns are outputted on the terminal
 
 When using the __--tty__ (__-t__) flag, unexpected carriage returns are outputted on the terminal.
 
diff --git a/utils/utils.go b/utils/utils.go
index aa1c6a958..4d41ce5f8 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -128,7 +128,7 @@ func moveProcessPIDFileToScope(pidPath, slice, scope string) error {
 		if os.IsNotExist(err) {
 			return nil
 		}
-		return fmt.Errorf("cannot read pid file %s: %w", pidPath, err)
+		return fmt.Errorf("cannot read pid file: %w", err)
 	}
 	pid, err := strconv.ParseUint(string(data), 10, 0)
 	if err != nil {
diff --git a/utils/utils_freebsd.go b/utils/utils_freebsd.go
new file mode 100644
index 000000000..d239e9a5d
--- /dev/null
+++ b/utils/utils_freebsd.go
@@ -0,0 +1,22 @@
+//go:build freebsd
+// +build freebsd
+
+package utils
+
+import "errors"
+
+func RunUnderSystemdScope(pid int, slice string, unitName string) error {
+	return errors.New("not implemented for freebsd")
+}
+
+func MoveUnderCgroupSubtree(subtree string) error {
+	return errors.New("not implemented for freebsd")
+}
+
+func GetOwnCgroup() (string, error) {
+	return "", errors.New("not implemented for freebsd")
+}
+
+func GetCgroupProcess(pid int) (string, error) {
+	return "", errors.New("not implemented for freebsd")
+}
diff --git a/vendor/github.com/Azure/go-ansiterm/go.mod b/vendor/github.com/Azure/go-ansiterm/go.mod
deleted file mode 100644
index 965cb8120..000000000
--- a/vendor/github.com/Azure/go-ansiterm/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/Azure/go-ansiterm
-
-go 1.16
-
-require golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
diff --git a/vendor/github.com/Azure/go-ansiterm/go.sum b/vendor/github.com/Azure/go-ansiterm/go.sum
deleted file mode 100644
index 9f05d9d3e..000000000
--- a/vendor/github.com/Azure/go-ansiterm/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/vendor/github.com/BurntSushi/toml/go.mod b/vendor/github.com/BurntSushi/toml/go.mod
deleted file mode 100644
index 82989481d..000000000
--- a/vendor/github.com/BurntSushi/toml/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/BurntSushi/toml
-
-go 1.16
diff --git a/vendor/github.com/Microsoft/go-winio/go.mod b/vendor/github.com/Microsoft/go-winio/go.mod
deleted file mode 100644
index f39a608da..000000000
--- a/vendor/github.com/Microsoft/go-winio/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module github.com/Microsoft/go-winio
-
-go 1.13
-
-require (
-	github.com/sirupsen/logrus v1.7.0
-	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
-)
diff --git a/vendor/github.com/Microsoft/go-winio/go.sum b/vendor/github.com/Microsoft/go-winio/go.sum
deleted file mode 100644
index 9bdcd9cfd..000000000
--- a/vendor/github.com/Microsoft/go-winio/go.sum
+++ /dev/null
@@ -1,11 +0,0 @@
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/Microsoft/hcsshim/go.mod b/vendor/github.com/Microsoft/hcsshim/go.mod
deleted file mode 100644
index 9c60dd302..000000000
--- a/vendor/github.com/Microsoft/hcsshim/go.mod
+++ /dev/null
@@ -1,39 +0,0 @@
-module github.com/Microsoft/hcsshim
-
-go 1.13
-
-require (
-	github.com/BurntSushi/toml v0.3.1
-	github.com/Microsoft/go-winio v0.4.17
-	github.com/cenkalti/backoff/v4 v4.1.1
-	github.com/containerd/cgroups v1.0.1
-	github.com/containerd/console v1.0.2
-	github.com/containerd/containerd v1.5.7
-	github.com/containerd/go-runc v1.0.0
-	github.com/containerd/ttrpc v1.1.0
-	github.com/containerd/typeurl v1.0.2
-	github.com/gogo/protobuf v1.3.2
-	github.com/golang/mock v1.6.0
-	github.com/google/go-cmp v0.5.6
-	github.com/google/go-containerregistry v0.5.1
-	github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3
-	github.com/mattn/go-shellwords v1.0.6
-	github.com/opencontainers/runc v1.0.2
-	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
-	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.8.1
-	github.com/urfave/cli v1.22.2
-	github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
-	github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
-	go.etcd.io/bbolt v1.3.6
-	go.opencensus.io v0.22.3
-	golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e
-	google.golang.org/grpc v1.40.0
-)
-
-replace (
-	google.golang.org/genproto => google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
-	google.golang.org/grpc => google.golang.org/grpc v1.27.1
-)
diff --git a/vendor/github.com/Microsoft/hcsshim/go.sum b/vendor/github.com/Microsoft/hcsshim/go.sum
deleted file mode 100644
index 93c37657f..000000000
--- a/vendor/github.com/Microsoft/hcsshim/go.sum
+++ /dev/null
@@ -1,993 +0,0 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17 h1:iT12IBVClFevaf8PuVyi3UmZOVh4OqnaLxDTW2O6j3w=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/cenkalti/backoff/v4 v4.1.1 h1:G2HAfAmvm/GcKan2oOQpBXOd2tT2G57ZnZGWa1PxPBQ=
-github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1 h1:iJnMvco9XGvKUvNQkv88bE4uJXxRQH18efbKo9w5vHQ=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2 h1:Pi6D+aZXM+oUw1czuKgH5IJ+y0jhYcwBJfx5/Ghn9dE=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7 h1:rQyoYtj4KddB3bxG6SAqd4+08gePNyJjRqvOIfV3rkM=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0 h1:6PirWBr9/L7GDamKr+XM0IeUFXu5mf3M/BPpH9gaLBU=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0 h1:oU+lLv1ULm5taqgV/CJivypVODI4SUz1znWjv3nNYS0=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1 h1:5e7heayhB7CcgdTkqfZqrNaNv15gABwr3Q2jBTbLlt4=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0 h1:GbtyLRxb0gOLR0TYQWt3O6B0NvT8tMdorEHqIQo/lWI=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017 h1:2HQmlpI3yI9deH18Q6xiSOIjXD4sLI55Y/gfpa8/558=
-github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7 h1:Cvj7S8I4Xpx78KAl6TwTmMHuHlZ/0SM60NUneGJQ7IE=
-github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
-github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4 h1:9349emZab16e7zQvpmsbtjc18ykshndd8y2PG3sgJbA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-containerregistry v0.5.1 h1:/+mFTs4AlwsJ/mJe8NDtKb7BxLtbZFpcn8vDsneEkwQ=
-github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3 h1:jUp75lepDg0phMUJBCmvaeFDldD2N3S1lBuPwUTszio=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.6 h1:9Jok5pILi5S1MnDirGVTufYGtksUs/V2BWUP3ZkeUUI=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1 h1:1O+1cHA1aujwEwwVMa2Xm2l+gIpUHyd3+D+d7LZh1kM=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2 h1:opHZMaswlyxz1OuGpBE53Dwe4/xF7EZTY0A2L/FpCOg=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 h1:cPXZWzzG0NllBLdjWoD1nDfaqu98YMv+OneaKc8sPOA=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63 h1:YzfoEYWbODU5Fbt37+h7X16BWQbad7Q4S6gclTKFXM8=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
index 3d640ac7b..5d6acd69e 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
@@ -57,7 +57,7 @@ func pollIOCP(ctx context.Context, iocpHandle windows.Handle) {
 				}).Warn("failed to parse job object message")
 				continue
 			}
-			if err := msq.Write(notification); err == queue.ErrQueueClosed {
+			if err := msq.Enqueue(notification); err == queue.ErrQueueClosed {
 				// Write will only return an error when the queue is closed.
 				// The only time a queue would ever be closed is when we call `Close` on
 				// the job it belongs to which also removes it from the jobMap, so something
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
index 9c2726416..c9fdd921a 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
@@ -68,6 +68,9 @@ type Options struct {
 	// `UseNTVariant` specifies if we should use the `Nt` variant of Open/CreateJobObject.
 	// Defaults to false.
 	UseNTVariant bool
+	// `IOTracking` enables tracking I/O statistics on the job object. More specifically this
+	// calls SetInformationJobObject with the JobObjectIoAttribution class.
+	EnableIOTracking bool
 }
 
 // Create creates a job object.
@@ -134,6 +137,12 @@ func Create(ctx context.Context, options *Options) (_ *JobObject, err error) {
 		job.mq = mq
 	}
 
+	if options.EnableIOTracking {
+		if err := enableIOTracking(jobHandle); err != nil {
+			return nil, err
+		}
+	}
+
 	return job, nil
 }
 
@@ -235,7 +244,7 @@ func (job *JobObject) PollNotification() (interface{}, error) {
 	if job.mq == nil {
 		return nil, ErrNotRegistered
 	}
-	return job.mq.ReadOrWait()
+	return job.mq.Dequeue()
 }
 
 // UpdateProcThreadAttribute updates the passed in ProcThreadAttributeList to contain what is necessary to
@@ -330,7 +339,7 @@ func (job *JobObject) Pids() ([]uint32, error) {
 	err := winapi.QueryInformationJobObject(
 		job.handle,
 		winapi.JobObjectBasicProcessIdList,
-		uintptr(unsafe.Pointer(&info)),
+		unsafe.Pointer(&info),
 		uint32(unsafe.Sizeof(info)),
 		nil,
 	)
@@ -356,7 +365,7 @@ func (job *JobObject) Pids() ([]uint32, error) {
 	if err = winapi.QueryInformationJobObject(
 		job.handle,
 		winapi.JobObjectBasicProcessIdList,
-		uintptr(unsafe.Pointer(&buf[0])),
+		unsafe.Pointer(&buf[0]),
 		uint32(len(buf)),
 		nil,
 	); err != nil {
@@ -384,7 +393,7 @@ func (job *JobObject) QueryMemoryStats() (*winapi.JOBOBJECT_MEMORY_USAGE_INFORMA
 	if err := winapi.QueryInformationJobObject(
 		job.handle,
 		winapi.JobObjectMemoryUsageInformation,
-		uintptr(unsafe.Pointer(&info)),
+		unsafe.Pointer(&info),
 		uint32(unsafe.Sizeof(info)),
 		nil,
 	); err != nil {
@@ -406,7 +415,7 @@ func (job *JobObject) QueryProcessorStats() (*winapi.JOBOBJECT_BASIC_ACCOUNTING_
 	if err := winapi.QueryInformationJobObject(
 		job.handle,
 		winapi.JobObjectBasicAccountingInformation,
-		uintptr(unsafe.Pointer(&info)),
+		unsafe.Pointer(&info),
 		uint32(unsafe.Sizeof(info)),
 		nil,
 	); err != nil {
@@ -415,7 +424,9 @@ func (job *JobObject) QueryProcessorStats() (*winapi.JOBOBJECT_BASIC_ACCOUNTING_
 	return &info, nil
 }
 
-// QueryStorageStats gets the storage (I/O) stats for the job object.
+// QueryStorageStats gets the storage (I/O) stats for the job object. This call will error
+// if either `EnableIOTracking` wasn't set to true on creation of the job, or SetIOTracking()
+// hasn't been called since creation of the job.
 func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION, error) {
 	job.handleLock.RLock()
 	defer job.handleLock.RUnlock()
@@ -430,7 +441,7 @@ func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFO
 	if err := winapi.QueryInformationJobObject(
 		job.handle,
 		winapi.JobObjectIoAttribution,
-		uintptr(unsafe.Pointer(&info)),
+		unsafe.Pointer(&info),
 		uint32(unsafe.Sizeof(info)),
 		nil,
 	); err != nil {
@@ -476,7 +487,7 @@ func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {
 		status := winapi.NtQueryInformationProcess(
 			h,
 			winapi.ProcessVmCounters,
-			uintptr(unsafe.Pointer(&vmCounters)),
+			unsafe.Pointer(&vmCounters),
 			uint32(unsafe.Sizeof(vmCounters)),
 			nil,
 		)
@@ -497,3 +508,31 @@ func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {
 
 	return jobWorkingSetSize, nil
 }
+
+// SetIOTracking enables IO tracking for processes in the job object.
+// This enables use of the QueryStorageStats method.
+func (job *JobObject) SetIOTracking() error {
+	job.handleLock.RLock()
+	defer job.handleLock.RUnlock()
+
+	if job.handle == 0 {
+		return ErrAlreadyClosed
+	}
+
+	return enableIOTracking(job.handle)
+}
+
+func enableIOTracking(job windows.Handle) error {
+	info := winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION{
+		ControlFlags: winapi.JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE,
+	}
+	if _, err := windows.SetInformationJobObject(
+		job,
+		winapi.JobObjectIoAttribution,
+		uintptr(unsafe.Pointer(&info)),
+		uint32(unsafe.Sizeof(info)),
+	); err != nil {
+		return fmt.Errorf("failed to enable IO tracking on job object: %w", err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
index 4be297788..4efde292c 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
@@ -202,7 +202,7 @@ func (job *JobObject) getExtendedInformation() (*windows.JOBOBJECT_EXTENDED_LIMI
 	if err := winapi.QueryInformationJobObject(
 		job.handle,
 		windows.JobObjectExtendedLimitInformation,
-		uintptr(unsafe.Pointer(&info)),
+		unsafe.Pointer(&info),
 		uint32(unsafe.Sizeof(info)),
 		nil,
 	); err != nil {
@@ -224,7 +224,7 @@ func (job *JobObject) getCPURateControlInformation() (*winapi.JOBOBJECT_CPU_RATE
 	if err := winapi.QueryInformationJobObject(
 		job.handle,
 		windows.JobObjectCpuRateControlInformation,
-		uintptr(unsafe.Pointer(&info)),
+		unsafe.Pointer(&info),
 		uint32(unsafe.Sizeof(info)),
 		nil,
 	); err != nil {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
index e177c9a62..4eb9bb9f1 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
@@ -5,10 +5,7 @@ import (
 	"sync"
 )
 
-var (
-	ErrQueueClosed = errors.New("the queue is closed for reading and writing")
-	ErrQueueEmpty  = errors.New("the queue is empty")
-)
+var ErrQueueClosed = errors.New("the queue is closed for reading and writing")
 
 // MessageQueue represents a threadsafe message queue to be used to retrieve or
 // write messages to.
@@ -29,8 +26,8 @@ func NewMessageQueue() *MessageQueue {
 	}
 }
 
-// Write writes `msg` to the queue.
-func (mq *MessageQueue) Write(msg interface{}) error {
+// Enqueue writes `msg` to the queue.
+func (mq *MessageQueue) Enqueue(msg interface{}) error {
 	mq.m.Lock()
 	defer mq.m.Unlock()
 
@@ -43,55 +40,37 @@ func (mq *MessageQueue) Write(msg interface{}) error {
 	return nil
 }
 
-// Read will read a value from the queue if available, otherwise return an error.
-func (mq *MessageQueue) Read() (interface{}, error) {
+// Dequeue will read a value from the queue and remove it. If the queue
+// is empty, this will block until the queue is closed or a value gets enqueued.
+func (mq *MessageQueue) Dequeue() (interface{}, error) {
 	mq.m.Lock()
 	defer mq.m.Unlock()
-	if mq.closed {
-		return nil, ErrQueueClosed
-	}
-	if mq.isEmpty() {
-		return nil, ErrQueueEmpty
+
+	for !mq.closed && mq.size() == 0 {
+		mq.c.Wait()
 	}
-	val := mq.messages[0]
-	mq.messages[0] = nil
-	mq.messages = mq.messages[1:]
-	return val, nil
-}
 
-// ReadOrWait will read a value from the queue if available, else it will wait for a
-// value to become available. This will block forever if nothing gets written or until
-// the queue gets closed.
-func (mq *MessageQueue) ReadOrWait() (interface{}, error) {
-	mq.m.Lock()
+	// We got woken up, check if it's because the queue got closed.
 	if mq.closed {
-		mq.m.Unlock()
 		return nil, ErrQueueClosed
 	}
-	if mq.isEmpty() {
-		for !mq.closed && mq.isEmpty() {
-			mq.c.Wait()
-		}
-		mq.m.Unlock()
-		return mq.Read()
-	}
+
 	val := mq.messages[0]
 	mq.messages[0] = nil
 	mq.messages = mq.messages[1:]
-	mq.m.Unlock()
 	return val, nil
 }
 
-// IsEmpty returns if the queue is empty
-func (mq *MessageQueue) IsEmpty() bool {
+// Size returns the size of the queue.
+func (mq *MessageQueue) Size() int {
 	mq.m.RLock()
 	defer mq.m.RUnlock()
-	return len(mq.messages) == 0
+	return mq.size()
 }
 
-// Nonexported empty check that doesn't lock so we can call this in Read and Write.
-func (mq *MessageQueue) isEmpty() bool {
-	return len(mq.messages) == 0
+// Nonexported size check to check if the queue is empty inside already locked functions.
+func (mq *MessageQueue) size() int {
+	return len(mq.messages)
 }
 
 // Close closes the queue for future writes or reads. Any attempts to read or write from the
@@ -99,13 +78,15 @@ func (mq *MessageQueue) isEmpty() bool {
 func (mq *MessageQueue) Close() {
 	mq.m.Lock()
 	defer mq.m.Unlock()
-	// Already closed
+
+	// Already closed, noop
 	if mq.closed {
 		return
 	}
+
 	mq.messages = nil
 	mq.closed = true
-	// If there's anybody currently waiting on a value from ReadOrWait, we need to
+	// If there's anybody currently waiting on a value from Dequeue, we need to
 	// broadcast so the read(s) can return ErrQueueClosed.
 	mq.c.Broadcast()
 }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
index 479649db3..7eb13f8f0 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
@@ -175,7 +175,7 @@ type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct {
 //		LPDWORD            lpReturnLength
 // );
 //
-//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
+//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
 
 // HANDLE OpenJobObjectW(
 //		DWORD   dwDesiredAccess,
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
index 5f9e03fd2..222529f43 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
@@ -18,7 +18,7 @@ const ProcessVmCounters = 3
 // 	[out, optional] PULONG           ReturnLength
 // );
 //
-//sys NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo uintptr, processInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQueryInformationProcess
+//sys NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQueryInformationProcess
 
 // typedef struct _VM_COUNTERS_EX
 // {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
index 327f57d7c..78fe01a4b 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
@@ -12,7 +12,8 @@ const STATUS_INFO_LENGTH_MISMATCH = 0xC0000004
 // 	ULONG                    SystemInformationLength,
 // 	PULONG                   ReturnLength
 // );
-//sys NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
+//
+//sys NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
 
 type SYSTEM_PROCESS_INFORMATION struct {
 	NextEntryOffset              uint32         // ULONG
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
index 39fb3e1ad..1f16cf0b8 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
@@ -100,7 +100,7 @@ func resizePseudoConsole(hPc windows.Handle, size uint32) (hr error) {
 	return
 }
 
-func NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) {
+func NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) {
 	r0, _, _ := syscall.Syscall6(procNtQuerySystemInformation.Addr(), 4, uintptr(systemInfoClass), uintptr(systemInformation), uintptr(systemInfoLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
 	status = uint32(r0)
 	return
@@ -152,7 +152,7 @@ func IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result
 	return
 }
 
-func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
+func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
 	r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(jobHandle), uintptr(infoClass), uintptr(jobObjectInfo), uintptr(jobObjectInformationLength), uintptr(unsafe.Pointer(lpReturnLength)), 0)
 	if r1 == 0 {
 		if e1 != 0 {
@@ -244,7 +244,7 @@ func LocalFree(ptr uintptr) {
 	return
 }
 
-func NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo uintptr, processInfoLength uint32, returnLength *uint32) (status uint32) {
+func NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) {
 	r0, _, _ := syscall.Syscall6(procNtQueryInformationProcess.Addr(), 5, uintptr(processHandle), uintptr(processInfoClass), uintptr(processInfo), uintptr(processInfoLength), uintptr(unsafe.Pointer(returnLength)), 0)
 	status = uint32(r0)
 	return
diff --git a/vendor/github.com/VividCortex/ewma/go.mod b/vendor/github.com/VividCortex/ewma/go.mod
deleted file mode 100644
index e481e3dfb..000000000
--- a/vendor/github.com/VividCortex/ewma/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/VividCortex/ewma
-
-go 1.12
diff --git a/vendor/github.com/beorn7/perks/LICENSE b/vendor/github.com/beorn7/perks/LICENSE
deleted file mode 100644
index 339177be6..000000000
--- a/vendor/github.com/beorn7/perks/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-Copyright (C) 2013 Blake Mizerany
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/beorn7/perks/quantile/exampledata.txt b/vendor/github.com/beorn7/perks/quantile/exampledata.txt
deleted file mode 100644
index 1602287d7..000000000
--- a/vendor/github.com/beorn7/perks/quantile/exampledata.txt
+++ /dev/null
@@ -1,2388 +0,0 @@
-8
-5
-26
-12
-5
-235
-13
-6
-28
-30
-3
-3
-3
-3
-5
-2
-33
-7
-2
-4
-7
-12
-14
-5
-8
-3
-10
-4
-5
-3
-6
-6
-209
-20
-3
-10
-14
-3
-4
-6
-8
-5
-11
-7
-3
-2
-3
-3
-212
-5
-222
-4
-10
-10
-5
-6
-3
-8
-3
-10
-254
-220
-2
-3
-5
-24
-5
-4
-222
-7
-3
-3
-223
-8
-15
-12
-14
-14
-3
-2
-2
-3
-13
-3
-11
-4
-4
-6
-5
-7
-13
-5
-3
-5
-2
-5
-3
-5
-2
-7
-15
-17
-14
-3
-6
-6
-3
-17
-5
-4
-7
-6
-4
-4
-8
-6
-8
-3
-9
-3
-6
-3
-4
-5
-3
-3
-660
-4
-6
-10
-3
-6
-3
-2
-5
-13
-2
-4
-4
-10
-4
-8
-4
-3
-7
-9
-9
-3
-10
-37
-3
-13
-4
-12
-3
-6
-10
-8
-5
-21
-2
-3
-8
-3
-2
-3
-3
-4
-12
-2
-4
-8
-8
-4
-3
-2
-20
-1
-6
-32
-2
-11
-6
-18
-3
-8
-11
-3
-212
-3
-4
-2
-6
-7
-12
-11
-3
-2
-16
-10
-6
-4
-6
-3
-2
-7
-3
-2
-2
-2
-2
-5
-6
-4
-3
-10
-3
-4
-6
-5
-3
-4
-4
-5
-6
-4
-3
-4
-4
-5
-7
-5
-5
-3
-2
-7
-2
-4
-12
-4
-5
-6
-2
-4
-4
-8
-4
-15
-13
-7
-16
-5
-3
-23
-5
-5
-7
-3
-2
-9
-8
-7
-5
-8
-11
-4
-10
-76
-4
-47
-4
-3
-2
-7
-4
-2
-3
-37
-10
-4
-2
-20
-5
-4
-4
-10
-10
-4
-3
-7
-23
-240
-7
-13
-5
-5
-3
-3
-2
-5
-4
-2
-8
-7
-19
-2
-23
-8
-7
-2
-5
-3
-8
-3
-8
-13
-5
-5
-5
-2
-3
-23
-4
-9
-8
-4
-3
-3
-5
-220
-2
-3
-4
-6
-14
-3
-53
-6
-2
-5
-18
-6
-3
-219
-6
-5
-2
-5
-3
-6
-5
-15
-4
-3
-17
-3
-2
-4
-7
-2
-3
-3
-4
-4
-3
-2
-664
-6
-3
-23
-5
-5
-16
-5
-8
-2
-4
-2
-24
-12
-3
-2
-3
-5
-8
-3
-5
-4
-3
-14
-3
-5
-8
-2
-3
-7
-9
-4
-2
-3
-6
-8
-4
-3
-4
-6
-5
-3
-3
-6
-3
-19
-4
-4
-6
-3
-6
-3
-5
-22
-5
-4
-4
-3
-8
-11
-4
-9
-7
-6
-13
-4
-4
-4
-6
-17
-9
-3
-3
-3
-4
-3
-221
-5
-11
-3
-4
-2
-12
-6
-3
-5
-7
-5
-7
-4
-9
-7
-14
-37
-19
-217
-16
-3
-5
-2
-2
-7
-19
-7
-6
-7
-4
-24
-5
-11
-4
-7
-7
-9
-13
-3
-4
-3
-6
-28
-4
-4
-5
-5
-2
-5
-6
-4
-4
-6
-10
-5
-4
-3
-2
-3
-3
-6
-5
-5
-4
-3
-2
-3
-7
-4
-6
-18
-16
-8
-16
-4
-5
-8
-6
-9
-13
-1545
-6
-215
-6
-5
-6
-3
-45
-31
-5
-2
-2
-4
-3
-3
-2
-5
-4
-3
-5
-7
-7
-4
-5
-8
-5
-4
-749
-2
-31
-9
-11
-2
-11
-5
-4
-4
-7
-9
-11
-4
-5
-4
-7
-3
-4
-6
-2
-15
-3
-4
-3
-4
-3
-5
-2
-13
-5
-5
-3
-3
-23
-4
-4
-5
-7
-4
-13
-2
-4
-3
-4
-2
-6
-2
-7
-3
-5
-5
-3
-29
-5
-4
-4
-3
-10
-2
-3
-79
-16
-6
-6
-7
-7
-3
-5
-5
-7
-4
-3
-7
-9
-5
-6
-5
-9
-6
-3
-6
-4
-17
-2
-10
-9
-3
-6
-2
-3
-21
-22
-5
-11
-4
-2
-17
-2
-224
-2
-14
-3
-4
-4
-2
-4
-4
-4
-4
-5
-3
-4
-4
-10
-2
-6
-3
-3
-5
-7
-2
-7
-5
-6
-3
-218
-2
-2
-5
-2
-6
-3
-5
-222
-14
-6
-33
-3
-2
-5
-3
-3
-3
-9
-5
-3
-3
-2
-7
-4
-3
-4
-3
-5
-6
-5
-26
-4
-13
-9
-7
-3
-221
-3
-3
-4
-4
-4
-4
-2
-18
-5
-3
-7
-9
-6
-8
-3
-10
-3
-11
-9
-5
-4
-17
-5
-5
-6
-6
-3
-2
-4
-12
-17
-6
-7
-218
-4
-2
-4
-10
-3
-5
-15
-3
-9
-4
-3
-3
-6
-29
-3
-3
-4
-5
-5
-3
-8
-5
-6
-6
-7
-5
-3
-5
-3
-29
-2
-31
-5
-15
-24
-16
-5
-207
-4
-3
-3
-2
-15
-4
-4
-13
-5
-5
-4
-6
-10
-2
-7
-8
-4
-6
-20
-5
-3
-4
-3
-12
-12
-5
-17
-7
-3
-3
-3
-6
-10
-3
-5
-25
-80
-4
-9
-3
-2
-11
-3
-3
-2
-3
-8
-7
-5
-5
-19
-5
-3
-3
-12
-11
-2
-6
-5
-5
-5
-3
-3
-3
-4
-209
-14
-3
-2
-5
-19
-4
-4
-3
-4
-14
-5
-6
-4
-13
-9
-7
-4
-7
-10
-2
-9
-5
-7
-2
-8
-4
-6
-5
-5
-222
-8
-7
-12
-5
-216
-3
-4
-4
-6
-3
-14
-8
-7
-13
-4
-3
-3
-3
-3
-17
-5
-4
-3
-33
-6
-6
-33
-7
-5
-3
-8
-7
-5
-2
-9
-4
-2
-233
-24
-7
-4
-8
-10
-3
-4
-15
-2
-16
-3
-3
-13
-12
-7
-5
-4
-207
-4
-2
-4
-27
-15
-2
-5
-2
-25
-6
-5
-5
-6
-13
-6
-18
-6
-4
-12
-225
-10
-7
-5
-2
-2
-11
-4
-14
-21
-8
-10
-3
-5
-4
-232
-2
-5
-5
-3
-7
-17
-11
-6
-6
-23
-4
-6
-3
-5
-4
-2
-17
-3
-6
-5
-8
-3
-2
-2
-14
-9
-4
-4
-2
-5
-5
-3
-7
-6
-12
-6
-10
-3
-6
-2
-2
-19
-5
-4
-4
-9
-2
-4
-13
-3
-5
-6
-3
-6
-5
-4
-9
-6
-3
-5
-7
-3
-6
-6
-4
-3
-10
-6
-3
-221
-3
-5
-3
-6
-4
-8
-5
-3
-6
-4
-4
-2
-54
-5
-6
-11
-3
-3
-4
-4
-4
-3
-7
-3
-11
-11
-7
-10
-6
-13
-223
-213
-15
-231
-7
-3
-7
-228
-2
-3
-4
-4
-5
-6
-7
-4
-13
-3
-4
-5
-3
-6
-4
-6
-7
-2
-4
-3
-4
-3
-3
-6
-3
-7
-3
-5
-18
-5
-6
-8
-10
-3
-3
-3
-2
-4
-2
-4
-4
-5
-6
-6
-4
-10
-13
-3
-12
-5
-12
-16
-8
-4
-19
-11
-2
-4
-5
-6
-8
-5
-6
-4
-18
-10
-4
-2
-216
-6
-6
-6
-2
-4
-12
-8
-3
-11
-5
-6
-14
-5
-3
-13
-4
-5
-4
-5
-3
-28
-6
-3
-7
-219
-3
-9
-7
-3
-10
-6
-3
-4
-19
-5
-7
-11
-6
-15
-19
-4
-13
-11
-3
-7
-5
-10
-2
-8
-11
-2
-6
-4
-6
-24
-6
-3
-3
-3
-3
-6
-18
-4
-11
-4
-2
-5
-10
-8
-3
-9
-5
-3
-4
-5
-6
-2
-5
-7
-4
-4
-14
-6
-4
-4
-5
-5
-7
-2
-4
-3
-7
-3
-3
-6
-4
-5
-4
-4
-4
-3
-3
-3
-3
-8
-14
-2
-3
-5
-3
-2
-4
-5
-3
-7
-3
-3
-18
-3
-4
-4
-5
-7
-3
-3
-3
-13
-5
-4
-8
-211
-5
-5
-3
-5
-2
-5
-4
-2
-655
-6
-3
-5
-11
-2
-5
-3
-12
-9
-15
-11
-5
-12
-217
-2
-6
-17
-3
-3
-207
-5
-5
-4
-5
-9
-3
-2
-8
-5
-4
-3
-2
-5
-12
-4
-14
-5
-4
-2
-13
-5
-8
-4
-225
-4
-3
-4
-5
-4
-3
-3
-6
-23
-9
-2
-6
-7
-233
-4
-4
-6
-18
-3
-4
-6
-3
-4
-4
-2
-3
-7
-4
-13
-227
-4
-3
-5
-4
-2
-12
-9
-17
-3
-7
-14
-6
-4
-5
-21
-4
-8
-9
-2
-9
-25
-16
-3
-6
-4
-7
-8
-5
-2
-3
-5
-4
-3
-3
-5
-3
-3
-3
-2
-3
-19
-2
-4
-3
-4
-2
-3
-4
-4
-2
-4
-3
-3
-3
-2
-6
-3
-17
-5
-6
-4
-3
-13
-5
-3
-3
-3
-4
-9
-4
-2
-14
-12
-4
-5
-24
-4
-3
-37
-12
-11
-21
-3
-4
-3
-13
-4
-2
-3
-15
-4
-11
-4
-4
-3
-8
-3
-4
-4
-12
-8
-5
-3
-3
-4
-2
-220
-3
-5
-223
-3
-3
-3
-10
-3
-15
-4
-241
-9
-7
-3
-6
-6
-23
-4
-13
-7
-3
-4
-7
-4
-9
-3
-3
-4
-10
-5
-5
-1
-5
-24
-2
-4
-5
-5
-6
-14
-3
-8
-2
-3
-5
-13
-13
-3
-5
-2
-3
-15
-3
-4
-2
-10
-4
-4
-4
-5
-5
-3
-5
-3
-4
-7
-4
-27
-3
-6
-4
-15
-3
-5
-6
-6
-5
-4
-8
-3
-9
-2
-6
-3
-4
-3
-7
-4
-18
-3
-11
-3
-3
-8
-9
-7
-24
-3
-219
-7
-10
-4
-5
-9
-12
-2
-5
-4
-4
-4
-3
-3
-19
-5
-8
-16
-8
-6
-22
-3
-23
-3
-242
-9
-4
-3
-3
-5
-7
-3
-3
-5
-8
-3
-7
-5
-14
-8
-10
-3
-4
-3
-7
-4
-6
-7
-4
-10
-4
-3
-11
-3
-7
-10
-3
-13
-6
-8
-12
-10
-5
-7
-9
-3
-4
-7
-7
-10
-8
-30
-9
-19
-4
-3
-19
-15
-4
-13
-3
-215
-223
-4
-7
-4
-8
-17
-16
-3
-7
-6
-5
-5
-4
-12
-3
-7
-4
-4
-13
-4
-5
-2
-5
-6
-5
-6
-6
-7
-10
-18
-23
-9
-3
-3
-6
-5
-2
-4
-2
-7
-3
-3
-2
-5
-5
-14
-10
-224
-6
-3
-4
-3
-7
-5
-9
-3
-6
-4
-2
-5
-11
-4
-3
-3
-2
-8
-4
-7
-4
-10
-7
-3
-3
-18
-18
-17
-3
-3
-3
-4
-5
-3
-3
-4
-12
-7
-3
-11
-13
-5
-4
-7
-13
-5
-4
-11
-3
-12
-3
-6
-4
-4
-21
-4
-6
-9
-5
-3
-10
-8
-4
-6
-4
-4
-6
-5
-4
-8
-6
-4
-6
-4
-4
-5
-9
-6
-3
-4
-2
-9
-3
-18
-2
-4
-3
-13
-3
-6
-6
-8
-7
-9
-3
-2
-16
-3
-4
-6
-3
-2
-33
-22
-14
-4
-9
-12
-4
-5
-6
-3
-23
-9
-4
-3
-5
-5
-3
-4
-5
-3
-5
-3
-10
-4
-5
-5
-8
-4
-4
-6
-8
-5
-4
-3
-4
-6
-3
-3
-3
-5
-9
-12
-6
-5
-9
-3
-5
-3
-2
-2
-2
-18
-3
-2
-21
-2
-5
-4
-6
-4
-5
-10
-3
-9
-3
-2
-10
-7
-3
-6
-6
-4
-4
-8
-12
-7
-3
-7
-3
-3
-9
-3
-4
-5
-4
-4
-5
-5
-10
-15
-4
-4
-14
-6
-227
-3
-14
-5
-216
-22
-5
-4
-2
-2
-6
-3
-4
-2
-9
-9
-4
-3
-28
-13
-11
-4
-5
-3
-3
-2
-3
-3
-5
-3
-4
-3
-5
-23
-26
-3
-4
-5
-6
-4
-6
-3
-5
-5
-3
-4
-3
-2
-2
-2
-7
-14
-3
-6
-7
-17
-2
-2
-15
-14
-16
-4
-6
-7
-13
-6
-4
-5
-6
-16
-3
-3
-28
-3
-6
-15
-3
-9
-2
-4
-6
-3
-3
-22
-4
-12
-6
-7
-2
-5
-4
-10
-3
-16
-6
-9
-2
-5
-12
-7
-5
-5
-5
-5
-2
-11
-9
-17
-4
-3
-11
-7
-3
-5
-15
-4
-3
-4
-211
-8
-7
-5
-4
-7
-6
-7
-6
-3
-6
-5
-6
-5
-3
-4
-4
-26
-4
-6
-10
-4
-4
-3
-2
-3
-3
-4
-5
-9
-3
-9
-4
-4
-5
-5
-8
-2
-4
-2
-3
-8
-4
-11
-19
-5
-8
-6
-3
-5
-6
-12
-3
-2
-4
-16
-12
-3
-4
-4
-8
-6
-5
-6
-6
-219
-8
-222
-6
-16
-3
-13
-19
-5
-4
-3
-11
-6
-10
-4
-7
-7
-12
-5
-3
-3
-5
-6
-10
-3
-8
-2
-5
-4
-7
-2
-4
-4
-2
-12
-9
-6
-4
-2
-40
-2
-4
-10
-4
-223
-4
-2
-20
-6
-7
-24
-5
-4
-5
-2
-20
-16
-6
-5
-13
-2
-3
-3
-19
-3
-2
-4
-5
-6
-7
-11
-12
-5
-6
-7
-7
-3
-5
-3
-5
-3
-14
-3
-4
-4
-2
-11
-1
-7
-3
-9
-6
-11
-12
-5
-8
-6
-221
-4
-2
-12
-4
-3
-15
-4
-5
-226
-7
-218
-7
-5
-4
-5
-18
-4
-5
-9
-4
-4
-2
-9
-18
-18
-9
-5
-6
-6
-3
-3
-7
-3
-5
-4
-4
-4
-12
-3
-6
-31
-5
-4
-7
-3
-6
-5
-6
-5
-11
-2
-2
-11
-11
-6
-7
-5
-8
-7
-10
-5
-23
-7
-4
-3
-5
-34
-2
-5
-23
-7
-3
-6
-8
-4
-4
-4
-2
-5
-3
-8
-5
-4
-8
-25
-2
-3
-17
-8
-3
-4
-8
-7
-3
-15
-6
-5
-7
-21
-9
-5
-6
-6
-5
-3
-2
-3
-10
-3
-6
-3
-14
-7
-4
-4
-8
-7
-8
-2
-6
-12
-4
-213
-6
-5
-21
-8
-2
-5
-23
-3
-11
-2
-3
-6
-25
-2
-3
-6
-7
-6
-6
-4
-4
-6
-3
-17
-9
-7
-6
-4
-3
-10
-7
-2
-3
-3
-3
-11
-8
-3
-7
-6
-4
-14
-36
-3
-4
-3
-3
-22
-13
-21
-4
-2
-7
-4
-4
-17
-15
-3
-7
-11
-2
-4
-7
-6
-209
-6
-3
-2
-2
-24
-4
-9
-4
-3
-3
-3
-29
-2
-2
-4
-3
-3
-5
-4
-6
-3
-3
-2
-4
diff --git a/vendor/github.com/beorn7/perks/quantile/stream.go b/vendor/github.com/beorn7/perks/quantile/stream.go
deleted file mode 100644
index d7d14f8eb..000000000
--- a/vendor/github.com/beorn7/perks/quantile/stream.go
+++ /dev/null
@@ -1,316 +0,0 @@
-// Package quantile computes approximate quantiles over an unbounded data
-// stream within low memory and CPU bounds.
-//
-// A small amount of accuracy is traded to achieve the above properties.
-//
-// Multiple streams can be merged before calling Query to generate a single set
-// of results. This is meaningful when the streams represent the same type of
-// data. See Merge and Samples.
-//
-// For more detailed information about the algorithm used, see:
-//
-// Effective Computation of Biased Quantiles over Data Streams
-//
-// http://www.cs.rutgers.edu/~muthu/bquant.pdf
-package quantile
-
-import (
-	"math"
-	"sort"
-)
-
-// Sample holds an observed value and meta information for compression. JSON
-// tags have been added for convenience.
-type Sample struct {
-	Value float64 `json:",string"`
-	Width float64 `json:",string"`
-	Delta float64 `json:",string"`
-}
-
-// Samples represents a slice of samples. It implements sort.Interface.
-type Samples []Sample
-
-func (a Samples) Len() int           { return len(a) }
-func (a Samples) Less(i, j int) bool { return a[i].Value < a[j].Value }
-func (a Samples) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-
-type invariant func(s *stream, r float64) float64
-
-// NewLowBiased returns an initialized Stream for low-biased quantiles
-// (e.g. 0.01, 0.1, 0.5) where the needed quantiles are not known a priori, but
-// error guarantees can still be given even for the lower ranks of the data
-// distribution.
-//
-// The provided epsilon is a relative error, i.e. the true quantile of a value
-// returned by a query is guaranteed to be within (1±Epsilon)*Quantile.
-//
-// See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error
-// properties.
-func NewLowBiased(epsilon float64) *Stream {
-	Æ’ := func(s *stream, r float64) float64 {
-		return 2 * epsilon * r
-	}
-	return newStream(Æ’)
-}
-
-// NewHighBiased returns an initialized Stream for high-biased quantiles
-// (e.g. 0.01, 0.1, 0.5) where the needed quantiles are not known a priori, but
-// error guarantees can still be given even for the higher ranks of the data
-// distribution.
-//
-// The provided epsilon is a relative error, i.e. the true quantile of a value
-// returned by a query is guaranteed to be within 1-(1±Epsilon)*(1-Quantile).
-//
-// See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error
-// properties.
-func NewHighBiased(epsilon float64) *Stream {
-	Æ’ := func(s *stream, r float64) float64 {
-		return 2 * epsilon * (s.n - r)
-	}
-	return newStream(Æ’)
-}
-
-// NewTargeted returns an initialized Stream concerned with a particular set of
-// quantile values that are supplied a priori. Knowing these a priori reduces
-// space and computation time. The targets map maps the desired quantiles to
-// their absolute errors, i.e. the true quantile of a value returned by a query
-// is guaranteed to be within (Quantile±Epsilon).
-//
-// See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error properties.
-func NewTargeted(targetMap map[float64]float64) *Stream {
-	// Convert map to slice to avoid slow iterations on a map.
-	// Æ’ is called on the hot path, so converting the map to a slice
-	// beforehand results in significant CPU savings.
-	targets := targetMapToSlice(targetMap)
-
-	Æ’ := func(s *stream, r float64) float64 {
-		var m = math.MaxFloat64
-		var f float64
-		for _, t := range targets {
-			if t.quantile*s.n <= r {
-				f = (2 * t.epsilon * r) / t.quantile
-			} else {
-				f = (2 * t.epsilon * (s.n - r)) / (1 - t.quantile)
-			}
-			if f < m {
-				m = f
-			}
-		}
-		return m
-	}
-	return newStream(Æ’)
-}
-
-type target struct {
-	quantile float64
-	epsilon  float64
-}
-
-func targetMapToSlice(targetMap map[float64]float64) []target {
-	targets := make([]target, 0, len(targetMap))
-
-	for quantile, epsilon := range targetMap {
-		t := target{
-			quantile: quantile,
-			epsilon:  epsilon,
-		}
-		targets = append(targets, t)
-	}
-
-	return targets
-}
-
-// Stream computes quantiles for a stream of float64s. It is not thread-safe by
-// design. Take care when using across multiple goroutines.
-type Stream struct {
-	*stream
-	b      Samples
-	sorted bool
-}
-
-func newStream(Æ’ invariant) *Stream {
-	x := &stream{Æ’: Æ’}
-	return &Stream{x, make(Samples, 0, 500), true}
-}
-
-// Insert inserts v into the stream.
-func (s *Stream) Insert(v float64) {
-	s.insert(Sample{Value: v, Width: 1})
-}
-
-func (s *Stream) insert(sample Sample) {
-	s.b = append(s.b, sample)
-	s.sorted = false
-	if len(s.b) == cap(s.b) {
-		s.flush()
-	}
-}
-
-// Query returns the computed qth percentiles value. If s was created with
-// NewTargeted, and q is not in the set of quantiles provided a priori, Query
-// will return an unspecified result.
-func (s *Stream) Query(q float64) float64 {
-	if !s.flushed() {
-		// Fast path when there hasn't been enough data for a flush;
-		// this also yields better accuracy for small sets of data.
-		l := len(s.b)
-		if l == 0 {
-			return 0
-		}
-		i := int(math.Ceil(float64(l) * q))
-		if i > 0 {
-			i -= 1
-		}
-		s.maybeSort()
-		return s.b[i].Value
-	}
-	s.flush()
-	return s.stream.query(q)
-}
-
-// Merge merges samples into the underlying streams samples. This is handy when
-// merging multiple streams from separate threads, database shards, etc.
-//
-// ATTENTION: This method is broken and does not yield correct results. The
-// underlying algorithm is not capable of merging streams correctly.
-func (s *Stream) Merge(samples Samples) {
-	sort.Sort(samples)
-	s.stream.merge(samples)
-}
-
-// Reset reinitializes and clears the list reusing the samples buffer memory.
-func (s *Stream) Reset() {
-	s.stream.reset()
-	s.b = s.b[:0]
-}
-
-// Samples returns stream samples held by s.
-func (s *Stream) Samples() Samples {
-	if !s.flushed() {
-		return s.b
-	}
-	s.flush()
-	return s.stream.samples()
-}
-
-// Count returns the total number of samples observed in the stream
-// since initialization.
-func (s *Stream) Count() int {
-	return len(s.b) + s.stream.count()
-}
-
-func (s *Stream) flush() {
-	s.maybeSort()
-	s.stream.merge(s.b)
-	s.b = s.b[:0]
-}
-
-func (s *Stream) maybeSort() {
-	if !s.sorted {
-		s.sorted = true
-		sort.Sort(s.b)
-	}
-}
-
-func (s *Stream) flushed() bool {
-	return len(s.stream.l) > 0
-}
-
-type stream struct {
-	n float64
-	l []Sample
-	Æ’ invariant
-}
-
-func (s *stream) reset() {
-	s.l = s.l[:0]
-	s.n = 0
-}
-
-func (s *stream) insert(v float64) {
-	s.merge(Samples{{v, 1, 0}})
-}
-
-func (s *stream) merge(samples Samples) {
-	// TODO(beorn7): This tries to merge not only individual samples, but
-	// whole summaries. The paper doesn't mention merging summaries at
-	// all. Unittests show that the merging is inaccurate. Find out how to
-	// do merges properly.
-	var r float64
-	i := 0
-	for _, sample := range samples {
-		for ; i < len(s.l); i++ {
-			c := s.l[i]
-			if c.Value > sample.Value {
-				// Insert at position i.
-				s.l = append(s.l, Sample{})
-				copy(s.l[i+1:], s.l[i:])
-				s.l[i] = Sample{
-					sample.Value,
-					sample.Width,
-					math.Max(sample.Delta, math.Floor(s.Æ’(s, r))-1),
-					// TODO(beorn7): How to calculate delta correctly?
-				}
-				i++
-				goto inserted
-			}
-			r += c.Width
-		}
-		s.l = append(s.l, Sample{sample.Value, sample.Width, 0})
-		i++
-	inserted:
-		s.n += sample.Width
-		r += sample.Width
-	}
-	s.compress()
-}
-
-func (s *stream) count() int {
-	return int(s.n)
-}
-
-func (s *stream) query(q float64) float64 {
-	t := math.Ceil(q * s.n)
-	t += math.Ceil(s.Æ’(s, t) / 2)
-	p := s.l[0]
-	var r float64
-	for _, c := range s.l[1:] {
-		r += p.Width
-		if r+c.Width+c.Delta > t {
-			return p.Value
-		}
-		p = c
-	}
-	return p.Value
-}
-
-func (s *stream) compress() {
-	if len(s.l) < 2 {
-		return
-	}
-	x := s.l[len(s.l)-1]
-	xi := len(s.l) - 1
-	r := s.n - 1 - x.Width
-
-	for i := len(s.l) - 2; i >= 0; i-- {
-		c := s.l[i]
-		if c.Width+x.Width+x.Delta <= s.Æ’(s, r) {
-			x.Width += c.Width
-			s.l[xi] = x
-			// Remove element at i.
-			copy(s.l[i:], s.l[i+1:])
-			s.l = s.l[:len(s.l)-1]
-			xi -= 1
-		} else {
-			x = c
-			xi = i
-		}
-		r -= c.Width
-	}
-}
-
-func (s *stream) samples() Samples {
-	samples := make(Samples, len(s.l))
-	copy(samples, s.l)
-	return samples
-}
diff --git a/vendor/github.com/blang/semver/v4/go.mod b/vendor/github.com/blang/semver/v4/go.mod
deleted file mode 100644
index 06d262218..000000000
--- a/vendor/github.com/blang/semver/v4/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/blang/semver/v4
-
-go 1.14
diff --git a/vendor/github.com/buger/goterm/go.mod b/vendor/github.com/buger/goterm/go.mod
deleted file mode 100644
index 47f0e68b9..000000000
--- a/vendor/github.com/buger/goterm/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/buger/goterm
-
-go 1.15
-
-require golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54
diff --git a/vendor/github.com/buger/goterm/go.sum b/vendor/github.com/buger/goterm/go.sum
deleted file mode 100644
index a9c9b7f42..000000000
--- a/vendor/github.com/buger/goterm/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54 h1:rF3Ohx8DRyl8h2zw9qojyLHLhrJpEMgyPOImREEryf0=
-golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/cespare/xxhash/v2/LICENSE.txt b/vendor/github.com/cespare/xxhash/v2/LICENSE.txt
deleted file mode 100644
index 24b53065f..000000000
--- a/vendor/github.com/cespare/xxhash/v2/LICENSE.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-Copyright (c) 2016 Caleb Spare
-
-MIT License
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/cespare/xxhash/v2/README.md b/vendor/github.com/cespare/xxhash/v2/README.md
deleted file mode 100644
index 792b4a60b..000000000
--- a/vendor/github.com/cespare/xxhash/v2/README.md
+++ /dev/null
@@ -1,69 +0,0 @@
-# xxhash
-
-[![Go Reference](https://pkg.go.dev/badge/github.com/cespare/xxhash/v2.svg)](https://pkg.go.dev/github.com/cespare/xxhash/v2)
-[![Test](https://github.com/cespare/xxhash/actions/workflows/test.yml/badge.svg)](https://github.com/cespare/xxhash/actions/workflows/test.yml)
-
-xxhash is a Go implementation of the 64-bit
-[xxHash](http://cyan4973.github.io/xxHash/) algorithm, XXH64. This is a
-high-quality hashing algorithm that is much faster than anything in the Go
-standard library.
-
-This package provides a straightforward API:
-
-```
-func Sum64(b []byte) uint64
-func Sum64String(s string) uint64
-type Digest struct{ ... }
-    func New() *Digest
-```
-
-The `Digest` type implements hash.Hash64. Its key methods are:
-
-```
-func (*Digest) Write([]byte) (int, error)
-func (*Digest) WriteString(string) (int, error)
-func (*Digest) Sum64() uint64
-```
-
-This implementation provides a fast pure-Go implementation and an even faster
-assembly implementation for amd64.
-
-## Compatibility
-
-This package is in a module and the latest code is in version 2 of the module.
-You need a version of Go with at least "minimal module compatibility" to use
-github.com/cespare/xxhash/v2:
-
-* 1.9.7+ for Go 1.9
-* 1.10.3+ for Go 1.10
-* Go 1.11 or later
-
-I recommend using the latest release of Go.
-
-## Benchmarks
-
-Here are some quick benchmarks comparing the pure-Go and assembly
-implementations of Sum64.
-
-| input size | purego | asm |
-| --- | --- | --- |
-| 5 B   |  979.66 MB/s |  1291.17 MB/s  |
-| 100 B | 7475.26 MB/s | 7973.40 MB/s  |
-| 4 KB  | 17573.46 MB/s | 17602.65 MB/s |
-| 10 MB | 17131.46 MB/s | 17142.16 MB/s |
-
-These numbers were generated on Ubuntu 18.04 with an Intel i7-8700K CPU using
-the following commands under Go 1.11.2:
-
-```
-$ go test -tags purego -benchtime 10s -bench '/xxhash,direct,bytes'
-$ go test -benchtime 10s -bench '/xxhash,direct,bytes'
-```
-
-## Projects using this package
-
-- [InfluxDB](https://github.com/influxdata/influxdb)
-- [Prometheus](https://github.com/prometheus/prometheus)
-- [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics)
-- [FreeCache](https://github.com/coocood/freecache)
-- [FastCache](https://github.com/VictoriaMetrics/fastcache)
diff --git a/vendor/github.com/cespare/xxhash/v2/go.mod b/vendor/github.com/cespare/xxhash/v2/go.mod
deleted file mode 100644
index 49f67608b..000000000
--- a/vendor/github.com/cespare/xxhash/v2/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/cespare/xxhash/v2
-
-go 1.11
diff --git a/vendor/github.com/cespare/xxhash/v2/go.sum b/vendor/github.com/cespare/xxhash/v2/go.sum
deleted file mode 100644
index e69de29bb..000000000
--- a/vendor/github.com/cespare/xxhash/v2/go.sum
+++ /dev/null
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash.go b/vendor/github.com/cespare/xxhash/v2/xxhash.go
deleted file mode 100644
index 15c835d54..000000000
--- a/vendor/github.com/cespare/xxhash/v2/xxhash.go
+++ /dev/null
@@ -1,235 +0,0 @@
-// Package xxhash implements the 64-bit variant of xxHash (XXH64) as described
-// at http://cyan4973.github.io/xxHash/.
-package xxhash
-
-import (
-	"encoding/binary"
-	"errors"
-	"math/bits"
-)
-
-const (
-	prime1 uint64 = 11400714785074694791
-	prime2 uint64 = 14029467366897019727
-	prime3 uint64 = 1609587929392839161
-	prime4 uint64 = 9650029242287828579
-	prime5 uint64 = 2870177450012600261
-)
-
-// NOTE(caleb): I'm using both consts and vars of the primes. Using consts where
-// possible in the Go code is worth a small (but measurable) performance boost
-// by avoiding some MOVQs. Vars are needed for the asm and also are useful for
-// convenience in the Go code in a few places where we need to intentionally
-// avoid constant arithmetic (e.g., v1 := prime1 + prime2 fails because the
-// result overflows a uint64).
-var (
-	prime1v = prime1
-	prime2v = prime2
-	prime3v = prime3
-	prime4v = prime4
-	prime5v = prime5
-)
-
-// Digest implements hash.Hash64.
-type Digest struct {
-	v1    uint64
-	v2    uint64
-	v3    uint64
-	v4    uint64
-	total uint64
-	mem   [32]byte
-	n     int // how much of mem is used
-}
-
-// New creates a new Digest that computes the 64-bit xxHash algorithm.
-func New() *Digest {
-	var d Digest
-	d.Reset()
-	return &d
-}
-
-// Reset clears the Digest's state so that it can be reused.
-func (d *Digest) Reset() {
-	d.v1 = prime1v + prime2
-	d.v2 = prime2
-	d.v3 = 0
-	d.v4 = -prime1v
-	d.total = 0
-	d.n = 0
-}
-
-// Size always returns 8 bytes.
-func (d *Digest) Size() int { return 8 }
-
-// BlockSize always returns 32 bytes.
-func (d *Digest) BlockSize() int { return 32 }
-
-// Write adds more data to d. It always returns len(b), nil.
-func (d *Digest) Write(b []byte) (n int, err error) {
-	n = len(b)
-	d.total += uint64(n)
-
-	if d.n+n < 32 {
-		// This new data doesn't even fill the current block.
-		copy(d.mem[d.n:], b)
-		d.n += n
-		return
-	}
-
-	if d.n > 0 {
-		// Finish off the partial block.
-		copy(d.mem[d.n:], b)
-		d.v1 = round(d.v1, u64(d.mem[0:8]))
-		d.v2 = round(d.v2, u64(d.mem[8:16]))
-		d.v3 = round(d.v3, u64(d.mem[16:24]))
-		d.v4 = round(d.v4, u64(d.mem[24:32]))
-		b = b[32-d.n:]
-		d.n = 0
-	}
-
-	if len(b) >= 32 {
-		// One or more full blocks left.
-		nw := writeBlocks(d, b)
-		b = b[nw:]
-	}
-
-	// Store any remaining partial block.
-	copy(d.mem[:], b)
-	d.n = len(b)
-
-	return
-}
-
-// Sum appends the current hash to b and returns the resulting slice.
-func (d *Digest) Sum(b []byte) []byte {
-	s := d.Sum64()
-	return append(
-		b,
-		byte(s>>56),
-		byte(s>>48),
-		byte(s>>40),
-		byte(s>>32),
-		byte(s>>24),
-		byte(s>>16),
-		byte(s>>8),
-		byte(s),
-	)
-}
-
-// Sum64 returns the current hash.
-func (d *Digest) Sum64() uint64 {
-	var h uint64
-
-	if d.total >= 32 {
-		v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4
-		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4)
-		h = mergeRound(h, v1)
-		h = mergeRound(h, v2)
-		h = mergeRound(h, v3)
-		h = mergeRound(h, v4)
-	} else {
-		h = d.v3 + prime5
-	}
-
-	h += d.total
-
-	i, end := 0, d.n
-	for ; i+8 <= end; i += 8 {
-		k1 := round(0, u64(d.mem[i:i+8]))
-		h ^= k1
-		h = rol27(h)*prime1 + prime4
-	}
-	if i+4 <= end {
-		h ^= uint64(u32(d.mem[i:i+4])) * prime1
-		h = rol23(h)*prime2 + prime3
-		i += 4
-	}
-	for i < end {
-		h ^= uint64(d.mem[i]) * prime5
-		h = rol11(h) * prime1
-		i++
-	}
-
-	h ^= h >> 33
-	h *= prime2
-	h ^= h >> 29
-	h *= prime3
-	h ^= h >> 32
-
-	return h
-}
-
-const (
-	magic         = "xxh\x06"
-	marshaledSize = len(magic) + 8*5 + 32
-)
-
-// MarshalBinary implements the encoding.BinaryMarshaler interface.
-func (d *Digest) MarshalBinary() ([]byte, error) {
-	b := make([]byte, 0, marshaledSize)
-	b = append(b, magic...)
-	b = appendUint64(b, d.v1)
-	b = appendUint64(b, d.v2)
-	b = appendUint64(b, d.v3)
-	b = appendUint64(b, d.v4)
-	b = appendUint64(b, d.total)
-	b = append(b, d.mem[:d.n]...)
-	b = b[:len(b)+len(d.mem)-d.n]
-	return b, nil
-}
-
-// UnmarshalBinary implements the encoding.BinaryUnmarshaler interface.
-func (d *Digest) UnmarshalBinary(b []byte) error {
-	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
-		return errors.New("xxhash: invalid hash state identifier")
-	}
-	if len(b) != marshaledSize {
-		return errors.New("xxhash: invalid hash state size")
-	}
-	b = b[len(magic):]
-	b, d.v1 = consumeUint64(b)
-	b, d.v2 = consumeUint64(b)
-	b, d.v3 = consumeUint64(b)
-	b, d.v4 = consumeUint64(b)
-	b, d.total = consumeUint64(b)
-	copy(d.mem[:], b)
-	d.n = int(d.total % uint64(len(d.mem)))
-	return nil
-}
-
-func appendUint64(b []byte, x uint64) []byte {
-	var a [8]byte
-	binary.LittleEndian.PutUint64(a[:], x)
-	return append(b, a[:]...)
-}
-
-func consumeUint64(b []byte) ([]byte, uint64) {
-	x := u64(b)
-	return b[8:], x
-}
-
-func u64(b []byte) uint64 { return binary.LittleEndian.Uint64(b) }
-func u32(b []byte) uint32 { return binary.LittleEndian.Uint32(b) }
-
-func round(acc, input uint64) uint64 {
-	acc += input * prime2
-	acc = rol31(acc)
-	acc *= prime1
-	return acc
-}
-
-func mergeRound(acc, val uint64) uint64 {
-	val = round(0, val)
-	acc ^= val
-	acc = acc*prime1 + prime4
-	return acc
-}
-
-func rol1(x uint64) uint64  { return bits.RotateLeft64(x, 1) }
-func rol7(x uint64) uint64  { return bits.RotateLeft64(x, 7) }
-func rol11(x uint64) uint64 { return bits.RotateLeft64(x, 11) }
-func rol12(x uint64) uint64 { return bits.RotateLeft64(x, 12) }
-func rol18(x uint64) uint64 { return bits.RotateLeft64(x, 18) }
-func rol23(x uint64) uint64 { return bits.RotateLeft64(x, 23) }
-func rol27(x uint64) uint64 { return bits.RotateLeft64(x, 27) }
-func rol31(x uint64) uint64 { return bits.RotateLeft64(x, 31) }
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go b/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go
deleted file mode 100644
index ad14b807f..000000000
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build !appengine
-// +build gc
-// +build !purego
-
-package xxhash
-
-// Sum64 computes the 64-bit xxHash digest of b.
-//
-//go:noescape
-func Sum64(b []byte) uint64
-
-//go:noescape
-func writeBlocks(d *Digest, b []byte) int
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s b/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
deleted file mode 100644
index be8db5bf7..000000000
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
+++ /dev/null
@@ -1,215 +0,0 @@
-// +build !appengine
-// +build gc
-// +build !purego
-
-#include "textflag.h"
-
-// Register allocation:
-// AX	h
-// SI	pointer to advance through b
-// DX	n
-// BX	loop end
-// R8	v1, k1
-// R9	v2
-// R10	v3
-// R11	v4
-// R12	tmp
-// R13	prime1v
-// R14	prime2v
-// DI	prime4v
-
-// round reads from and advances the buffer pointer in SI.
-// It assumes that R13 has prime1v and R14 has prime2v.
-#define round(r) \
-	MOVQ  (SI), R12 \
-	ADDQ  $8, SI    \
-	IMULQ R14, R12  \
-	ADDQ  R12, r    \
-	ROLQ  $31, r    \
-	IMULQ R13, r
-
-// mergeRound applies a merge round on the two registers acc and val.
-// It assumes that R13 has prime1v, R14 has prime2v, and DI has prime4v.
-#define mergeRound(acc, val) \
-	IMULQ R14, val \
-	ROLQ  $31, val \
-	IMULQ R13, val \
-	XORQ  val, acc \
-	IMULQ R13, acc \
-	ADDQ  DI, acc
-
-// func Sum64(b []byte) uint64
-TEXT ·Sum64(SB), NOSPLIT, $0-32
-	// Load fixed primes.
-	MOVQ ·prime1v(SB), R13
-	MOVQ ·prime2v(SB), R14
-	MOVQ ·prime4v(SB), DI
-
-	// Load slice.
-	MOVQ b_base+0(FP), SI
-	MOVQ b_len+8(FP), DX
-	LEAQ (SI)(DX*1), BX
-
-	// The first loop limit will be len(b)-32.
-	SUBQ $32, BX
-
-	// Check whether we have at least one block.
-	CMPQ DX, $32
-	JLT  noBlocks
-
-	// Set up initial state (v1, v2, v3, v4).
-	MOVQ R13, R8
-	ADDQ R14, R8
-	MOVQ R14, R9
-	XORQ R10, R10
-	XORQ R11, R11
-	SUBQ R13, R11
-
-	// Loop until SI > BX.
-blockLoop:
-	round(R8)
-	round(R9)
-	round(R10)
-	round(R11)
-
-	CMPQ SI, BX
-	JLE  blockLoop
-
-	MOVQ R8, AX
-	ROLQ $1, AX
-	MOVQ R9, R12
-	ROLQ $7, R12
-	ADDQ R12, AX
-	MOVQ R10, R12
-	ROLQ $12, R12
-	ADDQ R12, AX
-	MOVQ R11, R12
-	ROLQ $18, R12
-	ADDQ R12, AX
-
-	mergeRound(AX, R8)
-	mergeRound(AX, R9)
-	mergeRound(AX, R10)
-	mergeRound(AX, R11)
-
-	JMP afterBlocks
-
-noBlocks:
-	MOVQ ·prime5v(SB), AX
-
-afterBlocks:
-	ADDQ DX, AX
-
-	// Right now BX has len(b)-32, and we want to loop until SI > len(b)-8.
-	ADDQ $24, BX
-
-	CMPQ SI, BX
-	JG   fourByte
-
-wordLoop:
-	// Calculate k1.
-	MOVQ  (SI), R8
-	ADDQ  $8, SI
-	IMULQ R14, R8
-	ROLQ  $31, R8
-	IMULQ R13, R8
-
-	XORQ  R8, AX
-	ROLQ  $27, AX
-	IMULQ R13, AX
-	ADDQ  DI, AX
-
-	CMPQ SI, BX
-	JLE  wordLoop
-
-fourByte:
-	ADDQ $4, BX
-	CMPQ SI, BX
-	JG   singles
-
-	MOVL  (SI), R8
-	ADDQ  $4, SI
-	IMULQ R13, R8
-	XORQ  R8, AX
-
-	ROLQ  $23, AX
-	IMULQ R14, AX
-	ADDQ  ·prime3v(SB), AX
-
-singles:
-	ADDQ $4, BX
-	CMPQ SI, BX
-	JGE  finalize
-
-singlesLoop:
-	MOVBQZX (SI), R12
-	ADDQ    $1, SI
-	IMULQ   ·prime5v(SB), R12
-	XORQ    R12, AX
-
-	ROLQ  $11, AX
-	IMULQ R13, AX
-
-	CMPQ SI, BX
-	JL   singlesLoop
-
-finalize:
-	MOVQ  AX, R12
-	SHRQ  $33, R12
-	XORQ  R12, AX
-	IMULQ R14, AX
-	MOVQ  AX, R12
-	SHRQ  $29, R12
-	XORQ  R12, AX
-	IMULQ ·prime3v(SB), AX
-	MOVQ  AX, R12
-	SHRQ  $32, R12
-	XORQ  R12, AX
-
-	MOVQ AX, ret+24(FP)
-	RET
-
-// writeBlocks uses the same registers as above except that it uses AX to store
-// the d pointer.
-
-// func writeBlocks(d *Digest, b []byte) int
-TEXT ·writeBlocks(SB), NOSPLIT, $0-40
-	// Load fixed primes needed for round.
-	MOVQ ·prime1v(SB), R13
-	MOVQ ·prime2v(SB), R14
-
-	// Load slice.
-	MOVQ b_base+8(FP), SI
-	MOVQ b_len+16(FP), DX
-	LEAQ (SI)(DX*1), BX
-	SUBQ $32, BX
-
-	// Load vN from d.
-	MOVQ d+0(FP), AX
-	MOVQ 0(AX), R8   // v1
-	MOVQ 8(AX), R9   // v2
-	MOVQ 16(AX), R10 // v3
-	MOVQ 24(AX), R11 // v4
-
-	// We don't need to check the loop condition here; this function is
-	// always called with at least one block of data to process.
-blockLoop:
-	round(R8)
-	round(R9)
-	round(R10)
-	round(R11)
-
-	CMPQ SI, BX
-	JLE  blockLoop
-
-	// Copy vN back to d.
-	MOVQ R8, 0(AX)
-	MOVQ R9, 8(AX)
-	MOVQ R10, 16(AX)
-	MOVQ R11, 24(AX)
-
-	// The number of bytes written is SI minus the old base pointer.
-	SUBQ b_base+8(FP), SI
-	MOVQ SI, ret+32(FP)
-
-	RET
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_other.go b/vendor/github.com/cespare/xxhash/v2/xxhash_other.go
deleted file mode 100644
index 4a5a82160..000000000
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_other.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// +build !amd64 appengine !gc purego
-
-package xxhash
-
-// Sum64 computes the 64-bit xxHash digest of b.
-func Sum64(b []byte) uint64 {
-	// A simpler version would be
-	//   d := New()
-	//   d.Write(b)
-	//   return d.Sum64()
-	// but this is faster, particularly for small inputs.
-
-	n := len(b)
-	var h uint64
-
-	if n >= 32 {
-		v1 := prime1v + prime2
-		v2 := prime2
-		v3 := uint64(0)
-		v4 := -prime1v
-		for len(b) >= 32 {
-			v1 = round(v1, u64(b[0:8:len(b)]))
-			v2 = round(v2, u64(b[8:16:len(b)]))
-			v3 = round(v3, u64(b[16:24:len(b)]))
-			v4 = round(v4, u64(b[24:32:len(b)]))
-			b = b[32:len(b):len(b)]
-		}
-		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4)
-		h = mergeRound(h, v1)
-		h = mergeRound(h, v2)
-		h = mergeRound(h, v3)
-		h = mergeRound(h, v4)
-	} else {
-		h = prime5
-	}
-
-	h += uint64(n)
-
-	i, end := 0, len(b)
-	for ; i+8 <= end; i += 8 {
-		k1 := round(0, u64(b[i:i+8:len(b)]))
-		h ^= k1
-		h = rol27(h)*prime1 + prime4
-	}
-	if i+4 <= end {
-		h ^= uint64(u32(b[i:i+4:len(b)])) * prime1
-		h = rol23(h)*prime2 + prime3
-		i += 4
-	}
-	for ; i < end; i++ {
-		h ^= uint64(b[i]) * prime5
-		h = rol11(h) * prime1
-	}
-
-	h ^= h >> 33
-	h *= prime2
-	h ^= h >> 29
-	h *= prime3
-	h ^= h >> 32
-
-	return h
-}
-
-func writeBlocks(d *Digest, b []byte) int {
-	v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4
-	n := len(b)
-	for len(b) >= 32 {
-		v1 = round(v1, u64(b[0:8:len(b)]))
-		v2 = round(v2, u64(b[8:16:len(b)]))
-		v3 = round(v3, u64(b[16:24:len(b)]))
-		v4 = round(v4, u64(b[24:32:len(b)]))
-		b = b[32:len(b):len(b)]
-	}
-	d.v1, d.v2, d.v3, d.v4 = v1, v2, v3, v4
-	return n - len(b)
-}
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go b/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
deleted file mode 100644
index fc9bea7a3..000000000
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// +build appengine
-
-// This file contains the safe implementations of otherwise unsafe-using code.
-
-package xxhash
-
-// Sum64String computes the 64-bit xxHash digest of s.
-func Sum64String(s string) uint64 {
-	return Sum64([]byte(s))
-}
-
-// WriteString adds more data to d. It always returns len(s), nil.
-func (d *Digest) WriteString(s string) (n int, err error) {
-	return d.Write([]byte(s))
-}
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go b/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
deleted file mode 100644
index 376e0ca2e..000000000
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// +build !appengine
-
-// This file encapsulates usage of unsafe.
-// xxhash_safe.go contains the safe implementations.
-
-package xxhash
-
-import (
-	"unsafe"
-)
-
-// In the future it's possible that compiler optimizations will make these
-// XxxString functions unnecessary by realizing that calls such as
-// Sum64([]byte(s)) don't need to copy s. See https://golang.org/issue/2205.
-// If that happens, even if we keep these functions they can be replaced with
-// the trivial safe code.
-
-// NOTE: The usual way of doing an unsafe string-to-[]byte conversion is:
-//
-//   var b []byte
-//   bh := (*reflect.SliceHeader)(unsafe.Pointer(&b))
-//   bh.Data = (*reflect.StringHeader)(unsafe.Pointer(&s)).Data
-//   bh.Len = len(s)
-//   bh.Cap = len(s)
-//
-// Unfortunately, as of Go 1.15.3 the inliner's cost model assigns a high enough
-// weight to this sequence of expressions that any function that uses it will
-// not be inlined. Instead, the functions below use a different unsafe
-// conversion designed to minimize the inliner weight and allow both to be
-// inlined. There is also a test (TestInlining) which verifies that these are
-// inlined.
-//
-// See https://github.com/golang/go/issues/42739 for discussion.
-
-// Sum64String computes the 64-bit xxHash digest of s.
-// It may be faster than Sum64([]byte(s)) by avoiding a copy.
-func Sum64String(s string) uint64 {
-	b := *(*[]byte)(unsafe.Pointer(&sliceHeader{s, len(s)}))
-	return Sum64(b)
-}
-
-// WriteString adds more data to d. It always returns len(s), nil.
-// It may be faster than Write([]byte(s)) by avoiding a copy.
-func (d *Digest) WriteString(s string) (n int, err error) {
-	d.Write(*(*[]byte)(unsafe.Pointer(&sliceHeader{s, len(s)})))
-	// d.Write always returns len(s), nil.
-	// Ignoring the return output and returning these fixed values buys a
-	// savings of 6 in the inliner's cost model.
-	return len(s), nil
-}
-
-// sliceHeader is similar to reflect.SliceHeader, but it assumes that the layout
-// of the first two words is the same as the layout of a string.
-type sliceHeader struct {
-	s   string
-	cap int
-}
diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/go.mod b/vendor/github.com/checkpoint-restore/go-criu/v5/go.mod
deleted file mode 100644
index cf4fea9f0..000000000
--- a/vendor/github.com/checkpoint-restore/go-criu/v5/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module github.com/checkpoint-restore/go-criu/v5
-
-go 1.13
-
-require (
-	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
-	google.golang.org/protobuf v1.27.1
-)
diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/go.sum b/vendor/github.com/checkpoint-restore/go-criu/v5/go.sum
deleted file mode 100644
index 789fdcb11..000000000
--- a/vendor/github.com/checkpoint-restore/go-criu/v5/go.sum
+++ /dev/null
@@ -1,10 +0,0 @@
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
diff --git a/vendor/github.com/chzyer/readline/README.md b/vendor/github.com/chzyer/readline/README.md
index fab974b7f..4b0a5ff58 100644
--- a/vendor/github.com/chzyer/readline/README.md
+++ b/vendor/github.com/chzyer/readline/README.md
@@ -11,7 +11,7 @@
 <img src="https://raw.githubusercontent.com/chzyer/readline/assets/logo_f.png" />
 </p>
 
-A powerful readline library in `Linux` `macOS` `Windows` `Solaris`
+A powerful readline library in `Linux` `macOS` `Windows` `Solaris` `AIX`
 
 ## Guide
 
diff --git a/vendor/github.com/chzyer/readline/operation.go b/vendor/github.com/chzyer/readline/operation.go
index 4c31624f8..b60939a91 100644
--- a/vendor/github.com/chzyer/readline/operation.go
+++ b/vendor/github.com/chzyer/readline/operation.go
@@ -109,10 +109,12 @@ func (o *Operation) ioloop() {
 		keepInSearchMode := false
 		keepInCompleteMode := false
 		r := o.t.ReadRune()
+
 		if o.GetConfig().FuncFilterInputRune != nil {
 			var process bool
 			r, process = o.GetConfig().FuncFilterInputRune(r)
 			if !process {
+				o.t.KickRead()
 				o.buf.Refresh(nil) // to refresh the line
 				continue           // ignore this rune
 			}
@@ -434,6 +436,10 @@ func (o *Operation) Slice() ([]byte, error) {
 }
 
 func (o *Operation) Close() {
+	select {
+	case o.errchan <- io.EOF:
+	default:
+	}
 	o.history.Close()
 }
 
diff --git a/vendor/github.com/chzyer/readline/readline.go b/vendor/github.com/chzyer/readline/readline.go
index 0e7aca06d..63b917101 100644
--- a/vendor/github.com/chzyer/readline/readline.go
+++ b/vendor/github.com/chzyer/readline/readline.go
@@ -17,7 +17,9 @@
 //
 package readline
 
-import "io"
+import (
+	"io"
+)
 
 type Instance struct {
 	Config    *Config
@@ -270,14 +272,24 @@ func (i *Instance) ReadSlice() ([]byte, error) {
 }
 
 // we must make sure that call Close() before process exit.
+// if there has a pending reading operation, that reading will be interrupted.
+// so you can capture the signal and call Instance.Close(), it's thread-safe.
 func (i *Instance) Close() error {
+	i.Config.Stdin.Close()
+	i.Operation.Close()
 	if err := i.Terminal.Close(); err != nil {
 		return err
 	}
-	i.Config.Stdin.Close()
-	i.Operation.Close()
 	return nil
 }
+
+// call CaptureExitSignal when you want readline exit gracefully.
+func (i *Instance) CaptureExitSignal() {
+	CaptureExitSignal(func() {
+		i.Close()
+	})
+}
+
 func (i *Instance) Clean() {
 	i.Operation.Clean()
 }
diff --git a/vendor/github.com/chzyer/readline/runebuf.go b/vendor/github.com/chzyer/readline/runebuf.go
index 81d2da50c..d95df1e36 100644
--- a/vendor/github.com/chzyer/readline/runebuf.go
+++ b/vendor/github.com/chzyer/readline/runebuf.go
@@ -35,7 +35,7 @@ type RuneBuffer struct {
 	sync.Mutex
 }
 
-func (r* RuneBuffer) pushKill(text []rune) {
+func (r *RuneBuffer) pushKill(text []rune) {
 	r.lastKill = append([]rune{}, text...)
 }
 
@@ -221,7 +221,7 @@ func (r *RuneBuffer) DeleteWord() {
 	}
 	for i := init + 1; i < len(r.buf); i++ {
 		if !IsWordBreak(r.buf[i]) && IsWordBreak(r.buf[i-1]) {
-			r.pushKill(r.buf[r.idx:i-1])
+			r.pushKill(r.buf[r.idx : i-1])
 			r.Refresh(func() {
 				r.buf = append(r.buf[:r.idx], r.buf[i-1:]...)
 			})
@@ -350,7 +350,7 @@ func (r *RuneBuffer) Yank() {
 		return
 	}
 	r.Refresh(func() {
-		buf := make([]rune, 0, len(r.buf) + len(r.lastKill))
+		buf := make([]rune, 0, len(r.buf)+len(r.lastKill))
 		buf = append(buf, r.buf[:r.idx]...)
 		buf = append(buf, r.lastKill...)
 		buf = append(buf, r.buf[r.idx:]...)
diff --git a/vendor/github.com/chzyer/readline/term.go b/vendor/github.com/chzyer/readline/term.go
index 133993ca8..ea5db9346 100644
--- a/vendor/github.com/chzyer/readline/term.go
+++ b/vendor/github.com/chzyer/readline/term.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux,!appengine netbsd openbsd solaris
+// +build aix darwin dragonfly freebsd linux,!appengine netbsd openbsd os400 solaris
 
 // Package terminal provides support functions for dealing with terminals, as
 // commonly found on UNIX systems.
diff --git a/vendor/github.com/chzyer/readline/term_solaris.go b/vendor/github.com/chzyer/readline/term_nosyscall6.go
index 4c27273c7..df9233937 100644
--- a/vendor/github.com/chzyer/readline/term_solaris.go
+++ b/vendor/github.com/chzyer/readline/term_nosyscall6.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build solaris
+// +build aix os400 solaris
 
 package readline
 
diff --git a/vendor/github.com/chzyer/readline/terminal.go b/vendor/github.com/chzyer/readline/terminal.go
index 1078631c1..38413d0cf 100644
--- a/vendor/github.com/chzyer/readline/terminal.go
+++ b/vendor/github.com/chzyer/readline/terminal.go
@@ -125,6 +125,7 @@ func (t *Terminal) ioloop() {
 	var (
 		isEscape       bool
 		isEscapeEx     bool
+		isEscapeSS3    bool
 		expectNextChar bool
 	)
 
@@ -152,9 +153,15 @@ func (t *Terminal) ioloop() {
 		if isEscape {
 			isEscape = false
 			if r == CharEscapeEx {
+				// ^][
 				expectNextChar = true
 				isEscapeEx = true
 				continue
+			} else if r == CharO {
+				// ^]O
+				expectNextChar = true
+				isEscapeSS3 = true
+				continue
 			}
 			r = escapeKey(r, buf)
 		} else if isEscapeEx {
@@ -177,6 +184,15 @@ func (t *Terminal) ioloop() {
 				expectNextChar = true
 				continue
 			}
+		} else if isEscapeSS3 {
+			isEscapeSS3 = false
+			if key := readEscKey(r, buf); key != nil {
+				r = escapeSS3Key(key)
+			}
+			if r == 0 {
+				expectNextChar = true
+				continue
+			}
 		}
 
 		expectNextChar = true
diff --git a/vendor/github.com/chzyer/readline/utils.go b/vendor/github.com/chzyer/readline/utils.go
index af4e00521..0706dd4ec 100644
--- a/vendor/github.com/chzyer/readline/utils.go
+++ b/vendor/github.com/chzyer/readline/utils.go
@@ -6,9 +6,11 @@ import (
 	"container/list"
 	"fmt"
 	"os"
+	"os/signal"
 	"strconv"
 	"strings"
 	"sync"
+	"syscall"
 	"time"
 	"unicode"
 )
@@ -41,6 +43,7 @@ const (
 	CharCtrlY     = 25
 	CharCtrlZ     = 26
 	CharEsc       = 27
+	CharO         = 79
 	CharEscapeEx  = 91
 	CharBackspace = 127
 )
@@ -121,6 +124,27 @@ func escapeExKey(key *escapeKeyPair) rune {
 	return r
 }
 
+// translate EscOX SS3 codes for up/down/etc.
+func escapeSS3Key(key *escapeKeyPair) rune {
+	var r rune
+	switch key.typ {
+	case 'D':
+		r = CharBackward
+	case 'C':
+		r = CharForward
+	case 'A':
+		r = CharPrev
+	case 'B':
+		r = CharNext
+	case 'H':
+		r = CharLineStart
+	case 'F':
+		r = CharLineEnd
+	default:
+	}
+	return r
+}
+
 type escapeKeyPair struct {
 	attr string
 	typ  rune
@@ -275,3 +299,13 @@ func Debug(o ...interface{}) {
 	fmt.Fprintln(f, o...)
 	f.Close()
 }
+
+func CaptureExitSignal(f func()) {
+	cSignal := make(chan os.Signal, 1)
+	signal.Notify(cSignal, os.Interrupt, syscall.SIGTERM)
+	go func() {
+		for range cSignal {
+			f()
+		}
+	}()
+}
diff --git a/vendor/github.com/chzyer/readline/utils_unix.go b/vendor/github.com/chzyer/readline/utils_unix.go
index f88dac97b..fc4949232 100644
--- a/vendor/github.com/chzyer/readline/utils_unix.go
+++ b/vendor/github.com/chzyer/readline/utils_unix.go
@@ -1,4 +1,4 @@
-// +build darwin dragonfly freebsd linux,!appengine netbsd openbsd solaris
+// +build aix darwin dragonfly freebsd linux,!appengine netbsd openbsd os400 solaris
 
 package readline
 
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go
index 5c3f803f4..d653ac387 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go
@@ -22,6 +22,8 @@ import (
 	"strings"
 	"sync"
 
+	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"github.com/fsnotify/fsnotify"
 	"github.com/hashicorp/go-multierror"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
@@ -33,30 +35,46 @@ type Option func(*Cache) error
 // Cache stores CDI Specs loaded from Spec directories.
 type Cache struct {
 	sync.Mutex
-	specDirs []string
-	specs    map[string][]*Spec
-	devices  map[string]*Device
-	errors   map[string][]error
+	specDirs  []string
+	specs     map[string][]*Spec
+	devices   map[string]*Device
+	errors    map[string][]error
+	dirErrors map[string]error
+
+	autoRefresh bool
+	watch       *watch
+}
+
+// WithAutoRefresh returns an option to control automatic Cache refresh.
+// By default auto-refresh is enabled, the list of Spec directories are
+// monitored and the Cache is automatically refreshed whenever a change
+// is detected. This option can be used to disable this behavior when a
+// manually refreshed mode is preferable.
+func WithAutoRefresh(autoRefresh bool) Option {
+	return func(c *Cache) error {
+		c.autoRefresh = autoRefresh
+		return nil
+	}
 }
 
 // NewCache creates a new CDI Cache. The cache is populated from a set
 // of CDI Spec directories. These can be specified using a WithSpecDirs
 // option. The default set of directories is exposed in DefaultSpecDirs.
 func NewCache(options ...Option) (*Cache, error) {
-	c := &Cache{}
-
-	if err := c.Configure(options...); err != nil {
-		return nil, err
-	}
-	if len(c.specDirs) == 0 {
-		c.Configure(WithSpecDirs(DefaultSpecDirs...))
+	c := &Cache{
+		autoRefresh: true,
+		watch:       &watch{},
 	}
 
-	return c, c.Refresh()
+	WithSpecDirs(DefaultSpecDirs...)(c)
+	c.Lock()
+	defer c.Unlock()
+
+	return c, c.configure(options...)
 }
 
-// Configure applies options to the cache. Updates the cache if options have
-// changed.
+// Configure applies options to the Cache. Updates and refreshes the
+// Cache if options have changed.
 func (c *Cache) Configure(options ...Option) error {
 	if len(options) == 0 {
 		return nil
@@ -65,17 +83,54 @@ func (c *Cache) Configure(options ...Option) error {
 	c.Lock()
 	defer c.Unlock()
 
+	return c.configure(options...)
+}
+
+// Configure the Cache. Start/stop CDI Spec directory watch, refresh
+// the Cache if necessary.
+func (c *Cache) configure(options ...Option) error {
+	var err error
+
 	for _, o := range options {
-		if err := o(c); err != nil {
+		if err = o(c); err != nil {
 			return errors.Wrapf(err, "failed to apply cache options")
 		}
 	}
 
+	c.dirErrors = make(map[string]error)
+
+	c.watch.stop()
+	if c.autoRefresh {
+		c.watch.setup(c.specDirs, c.dirErrors)
+		c.watch.start(&c.Mutex, c.refresh, c.dirErrors)
+	}
+	c.refresh()
+
 	return nil
 }
 
 // Refresh rescans the CDI Spec directories and refreshes the Cache.
+// In manual refresh mode the cache is always refreshed. In auto-
+// refresh mode the cache is only refreshed if it is out of date.
 func (c *Cache) Refresh() error {
+	c.Lock()
+	defer c.Unlock()
+
+	// force a refresh in manual mode
+	if refreshed, err := c.refreshIfRequired(!c.autoRefresh); refreshed {
+		return err
+	}
+
+	// collect and return cached errors, much like refresh() does it
+	var result error
+	for _, err := range c.errors {
+		result = multierror.Append(result, err...)
+	}
+	return result
+}
+
+// Refresh the Cache by rescanning CDI Spec directories and files.
+func (c *Cache) refresh() error {
 	var (
 		specs      = map[string][]*Spec{}
 		devices    = map[string]*Device{}
@@ -135,9 +190,6 @@ func (c *Cache) Refresh() error {
 		delete(devices, conflict)
 	}
 
-	c.Lock()
-	defer c.Unlock()
-
 	c.specs = specs
 	c.devices = devices
 	c.errors = specErrors
@@ -149,6 +201,17 @@ func (c *Cache) Refresh() error {
 	return nil
 }
 
+// RefreshIfRequired triggers a refresh if necessary.
+func (c *Cache) refreshIfRequired(force bool) (bool, error) {
+	// We need to refresh if
+	// - it's forced by an explicitly call to Refresh() in manual mode
+	// - a missing Spec dir appears (added to watch) in auto-refresh mode
+	if force || (c.autoRefresh && c.watch.update(c.dirErrors)) {
+		return true, c.refresh()
+	}
+	return false, nil
+}
+
 // InjectDevices injects the given qualified devices to an OCI Spec. It
 // returns any unresolvable devices and an error if injection fails for
 // any of the devices.
@@ -162,6 +225,8 @@ func (c *Cache) InjectDevices(ociSpec *oci.Spec, devices ...string) ([]string, e
 	c.Lock()
 	defer c.Unlock()
 
+	c.refreshIfRequired(false)
+
 	edits := &ContainerEdits{}
 	specs := map[*Spec]struct{}{}
 
@@ -190,11 +255,46 @@ func (c *Cache) InjectDevices(ociSpec *oci.Spec, devices ...string) ([]string, e
 	return nil, nil
 }
 
+// WriteSpec writes a Spec file with the given content. Priority is used
+// as an index into the list of Spec directories to pick a directory for
+// the file, adjusting for any under- or overflows. If name has a "json"
+// or "yaml" extension it choses the encoding. Otherwise JSON encoding
+// is used with a "json" extension.
+func (c *Cache) WriteSpec(raw *cdi.Spec, name string) error {
+	var (
+		specDir string
+		path    string
+		prio    int
+		spec    *Spec
+		err     error
+	)
+
+	if len(c.specDirs) == 0 {
+		return errors.New("no Spec directories to write to")
+	}
+
+	prio = len(c.specDirs) - 1
+	specDir = c.specDirs[prio]
+	path = filepath.Join(specDir, name)
+	if ext := filepath.Ext(path); ext != ".json" && ext != ".yaml" {
+		path += ".json"
+	}
+
+	spec, err = NewSpec(raw, path, prio)
+	if err != nil {
+		return err
+	}
+
+	return spec.Write(true)
+}
+
 // GetDevice returns the cached device for the given qualified name.
 func (c *Cache) GetDevice(device string) *Device {
 	c.Lock()
 	defer c.Unlock()
 
+	c.refreshIfRequired(false)
+
 	return c.devices[device]
 }
 
@@ -205,6 +305,8 @@ func (c *Cache) ListDevices() []string {
 	c.Lock()
 	defer c.Unlock()
 
+	c.refreshIfRequired(false)
+
 	for name := range c.devices {
 		devices = append(devices, name)
 	}
@@ -220,6 +322,8 @@ func (c *Cache) ListVendors() []string {
 	c.Lock()
 	defer c.Unlock()
 
+	c.refreshIfRequired(false)
+
 	for vendor := range c.specs {
 		vendors = append(vendors, vendor)
 	}
@@ -238,6 +342,8 @@ func (c *Cache) ListClasses() []string {
 	c.Lock()
 	defer c.Unlock()
 
+	c.refreshIfRequired(false)
+
 	for _, specs := range c.specs {
 		for _, spec := range specs {
 			cmap[spec.GetClass()] = struct{}{}
@@ -256,6 +362,8 @@ func (c *Cache) GetVendorSpecs(vendor string) []*Spec {
 	c.Lock()
 	defer c.Unlock()
 
+	c.refreshIfRequired(false)
+
 	return c.specs[vendor]
 }
 
@@ -268,12 +376,158 @@ func (c *Cache) GetSpecErrors(spec *Spec) []error {
 // GetErrors returns all errors encountered during the last
 // cache refresh.
 func (c *Cache) GetErrors() map[string][]error {
-	return c.errors
+	c.Lock()
+	defer c.Unlock()
+
+	errors := map[string][]error{}
+	for path, errs := range c.errors {
+		errors[path] = errs
+	}
+	for path, err := range c.dirErrors {
+		errors[path] = []error{err}
+	}
+
+	return errors
 }
 
 // GetSpecDirectories returns the CDI Spec directories currently in use.
 func (c *Cache) GetSpecDirectories() []string {
+	c.Lock()
+	defer c.Unlock()
+
 	dirs := make([]string, len(c.specDirs))
 	copy(dirs, c.specDirs)
 	return dirs
 }
+
+// GetSpecDirErrors returns any errors related to configured Spec directories.
+func (c *Cache) GetSpecDirErrors() map[string]error {
+	if c.dirErrors == nil {
+		return nil
+	}
+
+	c.Lock()
+	defer c.Unlock()
+
+	errors := make(map[string]error)
+	for dir, err := range c.dirErrors {
+		errors[dir] = err
+	}
+	return errors
+}
+
+// Our fsnotify helper wrapper.
+type watch struct {
+	watcher *fsnotify.Watcher
+	tracked map[string]bool
+}
+
+// Setup monitoring for the given Spec directories.
+func (w *watch) setup(dirs []string, dirErrors map[string]error) {
+	var (
+		dir string
+		err error
+	)
+	w.tracked = make(map[string]bool)
+	for _, dir = range dirs {
+		w.tracked[dir] = false
+	}
+
+	w.watcher, err = fsnotify.NewWatcher()
+	if err != nil {
+		for _, dir := range dirs {
+			dirErrors[dir] = errors.Wrap(err, "failed to create watcher")
+		}
+		return
+	}
+
+	w.update(dirErrors)
+}
+
+// Start watching Spec directories for relevant changes.
+func (w *watch) start(m *sync.Mutex, refresh func() error, dirErrors map[string]error) {
+	go w.watch(w.watcher, m, refresh, dirErrors)
+}
+
+// Stop watching directories.
+func (w *watch) stop() {
+	if w.watcher == nil {
+		return
+	}
+
+	w.watcher.Close()
+	w.tracked = nil
+}
+
+// Watch Spec directory changes, triggering a refresh if necessary.
+func (w *watch) watch(fsw *fsnotify.Watcher, m *sync.Mutex, refresh func() error, dirErrors map[string]error) {
+	watch := fsw
+	if watch == nil {
+		return
+	}
+	for {
+		select {
+		case event, ok := <-watch.Events:
+			if !ok {
+				return
+			}
+
+			if (event.Op & (fsnotify.Rename | fsnotify.Remove | fsnotify.Write)) == 0 {
+				continue
+			}
+			if event.Op == fsnotify.Write {
+				if ext := filepath.Ext(event.Name); ext != ".json" && ext != ".yaml" {
+					continue
+				}
+			}
+
+			m.Lock()
+			if event.Op == fsnotify.Remove && w.tracked[event.Name] {
+				w.update(dirErrors, event.Name)
+			} else {
+				w.update(dirErrors)
+			}
+			refresh()
+			m.Unlock()
+
+		case _, ok := <-watch.Errors:
+			if !ok {
+				return
+			}
+		}
+	}
+}
+
+// Update watch with pending/missing or removed directories.
+func (w *watch) update(dirErrors map[string]error, removed ...string) bool {
+	var (
+		dir    string
+		ok     bool
+		err    error
+		update bool
+	)
+
+	for dir, ok = range w.tracked {
+		if ok {
+			continue
+		}
+
+		err = w.watcher.Add(dir)
+		if err == nil {
+			w.tracked[dir] = true
+			delete(dirErrors, dir)
+			update = true
+		} else {
+			w.tracked[dir] = false
+			dirErrors[dir] = errors.Wrap(err, "failed to monitor for changes")
+		}
+	}
+
+	for _, dir = range removed {
+		w.tracked[dir] = false
+		dirErrors[dir] = errors.New("directory removed")
+		update = true
+	}
+
+	return update
+}
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits.go
index 80d88b118..1295f75e9 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits.go
@@ -85,11 +85,13 @@ func (e *ContainerEdits) Apply(spec *oci.Spec) error {
 	}
 
 	for _, d := range e.DeviceNodes {
-		dev := d.ToOCI()
-		if err := fillMissingInfo(&dev); err != nil {
+		dn := DeviceNode{d}
+
+		err := dn.fillMissingInfo()
+		if err != nil {
 			return err
 		}
-
+		dev := d.ToOCI()
 		if dev.UID == nil && spec.Process != nil {
 			if uid := spec.Process.User.UID; uid > 0 {
 				dev.UID = &uid
@@ -288,26 +290,31 @@ func ensureOCIHooks(spec *oci.Spec) {
 }
 
 // fillMissingInfo fills in missing mandatory attributes from the host device.
-func fillMissingInfo(dev *oci.LinuxDevice) error {
-	if dev.Type != "" && (dev.Major != 0 || dev.Type == "p") {
+func (d *DeviceNode) fillMissingInfo() error {
+	if d.HostPath == "" {
+		d.HostPath = d.Path
+	}
+
+	if d.Type != "" && (d.Major != 0 || d.Type == "p") {
 		return nil
 	}
-	hostDev, err := runc.DeviceFromPath(dev.Path, "rwm")
+
+	hostDev, err := runc.DeviceFromPath(d.HostPath, "rwm")
 	if err != nil {
-		return errors.Wrapf(err, "failed to stat CDI host device %q", dev.Path)
+		return errors.Wrapf(err, "failed to stat CDI host device %q", d.HostPath)
 	}
 
-	if dev.Type == "" {
-		dev.Type = string(hostDev.Type)
+	if d.Type == "" {
+		d.Type = string(hostDev.Type)
 	} else {
-		if dev.Type != string(hostDev.Type) {
-			return errors.Errorf("CDI device %q, host type mismatch (%s, %s)",
-				dev.Path, dev.Type, string(hostDev.Type))
+		if d.Type != string(hostDev.Type) {
+			return errors.Errorf("CDI device (%q, %q), host type mismatch (%s, %s)",
+				d.Path, d.HostPath, d.Type, string(hostDev.Type))
 		}
 	}
-	if dev.Major == 0 && dev.Type != "p" {
-		dev.Major = hostDev.Major
-		dev.Minor = hostDev.Minor
+	if d.Major == 0 && d.Type != "p" {
+		d.Major = hostDev.Major
+		d.Minor = hostDev.Minor
 	}
 
 	return nil
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go
index a9017259c..847e51254 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go
@@ -67,6 +67,21 @@
 //
 // Cache Refresh
 //
+// By default the CDI Spec cache monitors the configured Spec directories
+// and automatically refreshes itself when necessary. This behavior can be
+// disabled using the WithAutoRefresh(false) option.
+//
+// Failure to set up monitoring for a Spec directory causes the directory to
+// get ignored and an error to be recorded among the Spec directory errors.
+// These errors can be queried using the GetSpecDirErrors() function. If the
+// error condition is transient, for instance a missing directory which later
+// gets created, the corresponding error will be removed once the condition
+// is over.
+//
+// With auto-refresh enabled injecting any CDI devices can be done without
+// an explicit call to Refresh(), using a code snippet similar to the
+// following:
+//
 // In a runtime implementation one typically wants to make sure the
 // CDI Spec cache is up to date before performing device injection.
 // A code snippet similar to the following accmplishes that:
@@ -146,5 +161,5 @@
 // schema names which switch the used schema to the in-repo validation
 // schema embedded into the binary or the now default no-op schema
 // correspondingly. Other names are interpreted as the path to the actual
-/// validation schema to load and use.
+// validation schema to load and use.
 package cdi
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/qualified-device.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/qualified-device.go
index 54f19143c..ccfab7094 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/qualified-device.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/qualified-device.go
@@ -130,7 +130,7 @@ func ValidateVendorName(vendor string) error {
 		}
 	}
 	if !isAlphaNumeric(rune(vendor[len(vendor)-1])) {
-		return errors.Errorf("invalid vendor %q, should end with letter", vendor)
+		return errors.Errorf("invalid vendor %q, should end with a letter or digit", vendor)
 	}
 
 	return nil
@@ -158,7 +158,7 @@ func ValidateClassName(class string) error {
 		}
 	}
 	if !isAlphaNumeric(rune(class[len(class)-1])) {
-		return errors.Errorf("invalid class %q, should end with letter", class)
+		return errors.Errorf("invalid class %q, should end with a letter or digit", class)
 	}
 	return nil
 }
@@ -172,8 +172,11 @@ func ValidateDeviceName(name string) error {
 	if name == "" {
 		return errors.Errorf("invalid (empty) device name")
 	}
-	if !isLetter(rune(name[0])) {
-		return errors.Errorf("invalid name %q, should start with letter", name)
+	if !isAlphaNumeric(rune(name[0])) {
+		return errors.Errorf("invalid class %q, should start with a letter or digit", name)
+	}
+	if len(name) == 1 {
+		return nil
 	}
 	for _, c := range string(name[1 : len(name)-1]) {
 		switch {
@@ -185,7 +188,7 @@ func ValidateDeviceName(name string) error {
 		}
 	}
 	if !isAlphaNumeric(rune(name[len(name)-1])) {
-		return errors.Errorf("invalid name %q, should start with letter", name)
+		return errors.Errorf("invalid name %q, should end with a letter or digit", name)
 	}
 	return nil
 }
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/registry.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/registry.go
index fa6e0af69..d5bd54b0b 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/registry.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/registry.go
@@ -19,6 +19,7 @@ package cdi
 import (
 	"sync"
 
+	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -40,6 +41,8 @@ type Registry interface {
 // RegistryRefresher is the registry interface for refreshing the
 // cache of CDI Specs and devices.
 //
+// Configure reconfigures the registry with the given options.
+//
 // Refresh rescans all CDI Spec directories and updates the
 // state of the cache to reflect any changes. It returns any
 // errors encountered during the refresh.
@@ -50,10 +53,15 @@ type Registry interface {
 // GetSpecDirectories returns the set up CDI Spec directories
 // currently in use. The directories are returned in the scan
 // order of Refresh().
+//
+// GetSpecDirErrors returns any errors related to the configured
+// Spec directories.
 type RegistryRefresher interface {
+	Configure(...Option) error
 	Refresh() error
 	GetErrors() map[string][]error
 	GetSpecDirectories() []string
+	GetSpecDirErrors() map[string]error
 }
 
 // RegistryResolver is the registry interface for injecting CDI
@@ -90,11 +98,15 @@ type RegistryDeviceDB interface {
 //
 // GetSpecErrors returns any errors for the Spec encountered during
 // the last cache refresh.
+//
+// WriteSpec writes the Spec with the given content and name to the
+// last Spec directory.
 type RegistrySpecDB interface {
 	ListVendors() []string
 	ListClasses() []string
 	GetVendorSpecs(vendor string) []*Spec
 	GetSpecErrors(*Spec) []error
+	WriteSpec(raw *cdi.Spec, name string) error
 }
 
 type registry struct {
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec-dirs.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec-dirs.go
index ad017fec7..f339349bb 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec-dirs.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec-dirs.go
@@ -17,10 +17,10 @@
 package cdi
 
 import (
+	"errors"
+	"io/fs"
 	"os"
 	"path/filepath"
-
-	"github.com/pkg/errors"
 )
 
 const (
@@ -45,10 +45,11 @@ var (
 // WithSpecDirs returns an option to override the CDI Spec directories.
 func WithSpecDirs(dirs ...string) Option {
 	return func(c *Cache) error {
-		c.specDirs = make([]string, len(dirs))
+		specDirs := make([]string, len(dirs))
 		for i, dir := range dirs {
-			c.specDirs[i] = filepath.Clean(dir)
+			specDirs[i] = filepath.Clean(dir)
 		}
+		c.specDirs = specDirs
 		return nil
 	}
 }
@@ -78,6 +79,9 @@ func scanSpecDirs(dirs []string, scanFn scanSpecFunc) error {
 		err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 			// for initial stat failure Walk calls us with nil info
 			if info == nil {
+				if errors.Is(err, fs.ErrNotExist) {
+					return nil
+				}
 				return err
 			}
 			// first call from Walk is for dir itself, others we skip
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go
index 46fca2dac..9a5d451c9 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go
@@ -17,6 +17,7 @@
 package cdi
 
 import (
+	"encoding/json"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -35,6 +36,7 @@ var (
 		"0.2.0": {},
 		"0.3.0": {},
 		"0.4.0": {},
+		"0.5.0": {},
 	}
 
 	// Externally set CDI Spec validation function.
@@ -68,7 +70,7 @@ func ReadSpec(path string, priority int) (*Spec, error) {
 		return nil, errors.Wrapf(err, "failed to read CDI Spec %q", path)
 	}
 
-	raw, err := parseSpec(data)
+	raw, err := ParseSpec(data)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to parse CDI Spec %q", path)
 	}
@@ -109,6 +111,56 @@ func NewSpec(raw *cdi.Spec, path string, priority int) (*Spec, error) {
 	return spec, nil
 }
 
+// Write the CDI Spec to the file associated with it during instantiation
+// by NewSpec() or ReadSpec().
+func (s *Spec) Write(overwrite bool) error {
+	var (
+		data []byte
+		dir  string
+		tmp  *os.File
+		err  error
+	)
+
+	err = validateSpec(s.Spec)
+	if err != nil {
+		return err
+	}
+
+	if filepath.Ext(s.path) == ".yaml" {
+		data, err = yaml.Marshal(s.Spec)
+	} else {
+		data, err = json.Marshal(s.Spec)
+	}
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal Spec file")
+	}
+
+	dir = filepath.Dir(s.path)
+	err = os.MkdirAll(dir, 0o755)
+	if err != nil {
+		return errors.Wrap(err, "failed to create Spec dir")
+	}
+
+	tmp, err = os.CreateTemp(dir, "spec.*.tmp")
+	if err != nil {
+		return errors.Wrap(err, "failed to create Spec file")
+	}
+	_, err = tmp.Write(data)
+	tmp.Close()
+	if err != nil {
+		return errors.Wrap(err, "failed to write Spec file")
+	}
+
+	err = renameIn(dir, filepath.Base(tmp.Name()), filepath.Base(s.path), overwrite)
+
+	if err != nil {
+		os.Remove(tmp.Name())
+		err = errors.Wrap(err, "failed to write Spec file")
+	}
+
+	return err
+}
+
 // GetVendor returns the vendor of this Spec.
 func (s *Spec) GetVendor() string {
 	return s.vendor
@@ -183,8 +235,8 @@ func validateVersion(version string) error {
 	return nil
 }
 
-// Parse raw CDI Spec file data.
-func parseSpec(data []byte) (*cdi.Spec, error) {
+// ParseSpec parses CDI Spec data into a raw CDI Spec.
+func ParseSpec(data []byte) (*cdi.Spec, error) {
 	var raw *cdi.Spec
 	err := yaml.UnmarshalStrict(data, &raw)
 	if err != nil {
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec_linux.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec_linux.go
new file mode 100644
index 000000000..cca825c60
--- /dev/null
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec_linux.go
@@ -0,0 +1,48 @@
+/*
+   Copyright © 2022 The CDI Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package cdi
+
+import (
+	"os"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+// Rename src to dst, both relative to the directory dir. If dst already exists
+// refuse renaming with an error unless overwrite is explicitly asked for.
+func renameIn(dir, src, dst string, overwrite bool) error {
+	var flags uint
+
+	dirf, err := os.Open(dir)
+	if err != nil {
+		return errors.Wrap(err, "rename failed")
+	}
+	defer dirf.Close()
+
+	if !overwrite {
+		flags = unix.RENAME_NOREPLACE
+	}
+
+	dirFd := int(dirf.Fd())
+	err = unix.Renameat2(dirFd, src, dirFd, dst, flags)
+	if err != nil {
+		return errors.Wrap(err, "rename failed")
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec_other.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec_other.go
new file mode 100644
index 000000000..285e04e27
--- /dev/null
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec_other.go
@@ -0,0 +1,39 @@
+//go:build !linux
+// +build !linux
+
+/*
+   Copyright © 2022 The CDI Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package cdi
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// Rename src to dst, both relative to the directory dir. If dst already exists
+// refuse renaming with an error unless overwrite is explicitly asked for.
+func renameIn(dir, src, dst string, overwrite bool) error {
+	src = filepath.Join(dir, src)
+	dst = filepath.Join(dir, dst)
+
+	_, err := os.Stat(dst)
+	if err == nil && !overwrite {
+		return os.ErrExist
+	}
+
+	return os.Rename(src, dst)
+}
diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/specs-go/config.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/specs-go/config.go
index e16174f9d..3fa2e814b 100644
--- a/vendor/github.com/container-orchestrated-devices/container-device-interface/specs-go/config.go
+++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/specs-go/config.go
@@ -3,7 +3,7 @@ package specs
 import "os"
 
 // CurrentVersion is the current version of the Spec.
-const CurrentVersion = "0.4.0"
+const CurrentVersion = "0.5.0"
 
 // Spec is the base configuration for CDI
 type Spec struct {
@@ -31,6 +31,7 @@ type ContainerEdits struct {
 // DeviceNode represents a device node that needs to be added to the OCI spec.
 type DeviceNode struct {
 	Path        string       `json:"path"`
+	HostPath    string       `json:"hostPath,omitempty"`
 	Type        string       `json:"type,omitempty"`
 	Major       int64        `json:"major,omitempty"`
 	Minor       int64        `json:"minor,omitempty"`
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/go.mod b/vendor/github.com/containerd/stargz-snapshotter/estargz/go.mod
deleted file mode 100644
index ca1383823..000000000
--- a/vendor/github.com/containerd/stargz-snapshotter/estargz/go.mod
+++ /dev/null
@@ -1,10 +0,0 @@
-module github.com/containerd/stargz-snapshotter/estargz
-
-go 1.16
-
-require (
-	github.com/klauspost/compress v1.15.7
-	github.com/opencontainers/go-digest v1.0.0
-	github.com/vbatts/tar-split v0.11.2
-	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
-)
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/go.sum b/vendor/github.com/containerd/stargz-snapshotter/estargz/go.sum
deleted file mode 100644
index 493da9356..000000000
--- a/vendor/github.com/containerd/stargz-snapshotter/estargz/go.sum
+++ /dev/null
@@ -1,20 +0,0 @@
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/klauspost/compress v1.15.7 h1:7cgTQxJCU/vy+oP/E3B9RGbQTgbiVzIJWIKOLoAsPok=
-github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a h1:DcqTD9SDLc+1P/r1EmRBwnVsrOwW+kk2vWf9n+1sGhs=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml
index 70b59782a..114ee03ce 100644
--- a/vendor/github.com/containers/buildah/.cirrus.yml
+++ b/vendor/github.com/containers/buildah/.cirrus.yml
@@ -28,12 +28,12 @@ env:
     # GCE project where images live
     IMAGE_PROJECT: "libpod-218412"
     FEDORA_NAME: "fedora-36"
-    PRIOR_FEDORA_NAME: "fedora-35"
+    #PRIOR_FEDORA_NAME: "fedora-35"
     UBUNTU_NAME: "ubuntu-2204"
 
-    IMAGE_SUFFIX: "c6193881921355776"
+    IMAGE_SUFFIX: "c5124654741323776"
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
-    PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
+    #PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
     UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
 
     IN_PODMAN_IMAGE: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
@@ -66,15 +66,15 @@ meta_task:
     alias: meta
 
     container:
-        image: "quay.io/libpod/imgts:${IMAGE_SUFFIX}"  # see contrib/imgts
+        image: "quay.io/libpod/imgts:latest"
         cpu: 1
         memory: 1
 
     env:
         # Space-separated list of images used by this repository state
+        # TODO: Re-add ${PRIOR_FEDORA_CACHE_IMAGE_NAME} when place back in use
         IMGNAMES: |-
             ${FEDORA_CACHE_IMAGE_NAME}
-            ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
             ${UBUNTU_CACHE_IMAGE_NAME}
             build-push-${IMAGE_SUFFIX}
         BUILDID: "${CIRRUS_BUILD_ID}"
@@ -215,10 +215,10 @@ integration_task:
             DISTRO_NV: "${FEDORA_NAME}"
             IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
             STORAGE_DRIVER: 'vfs'
-        - env:
-            DISTRO_NV: "${PRIOR_FEDORA_NAME}"
-            IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
-            STORAGE_DRIVER: 'vfs'
+        # - env:
+        #     DISTRO_NV: "${PRIOR_FEDORA_NAME}"
+        #     IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
+        #     STORAGE_DRIVER: 'vfs'
         - env:
             DISTRO_NV: "${UBUNTU_NAME}"
             IMAGE_NAME: "${UBUNTU_CACHE_IMAGE_NAME}"
@@ -228,10 +228,10 @@ integration_task:
             DISTRO_NV: "${FEDORA_NAME}"
             IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
             STORAGE_DRIVER: 'overlay'
-        - env:
-            DISTRO_NV: "${PRIOR_FEDORA_NAME}"
-            IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
-            STORAGE_DRIVER: 'overlay'
+        # - env:
+        #     DISTRO_NV: "${PRIOR_FEDORA_NAME}"
+        #     IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
+        #     STORAGE_DRIVER: 'overlay'
         - env:
             DISTRO_NV: "${UBUNTU_NAME}"
             IMAGE_NAME: "${UBUNTU_CACHE_IMAGE_NAME}"
@@ -272,11 +272,11 @@ integration_rootless_task:
             IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
             STORAGE_DRIVER: 'overlay'
             PRIV_NAME: rootless
-        - env:
-            DISTRO_NV: "${PRIOR_FEDORA_NAME}"
-            IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
-            STORAGE_DRIVER: 'overlay'
-            PRIV_NAME: rootless
+        # - env:
+        #     DISTRO_NV: "${PRIOR_FEDORA_NAME}"
+        #     IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
+        #     STORAGE_DRIVER: 'overlay'
+        #     PRIV_NAME: rootless
         - env:
             DISTRO_NV: "${UBUNTU_NAME}"
             IMAGE_NAME: "${UBUNTU_CACHE_IMAGE_NAME}"
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 46e5dc9d6..667d5f81f 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,6 +2,36 @@
 
 # Changelog
 
+## v1.27.0 (2022-08-01)
+
+    build: support filtering cache by duration using `--cache-ttl`.
+    build: support building from commit when using git repo as build context.
+    build: clean up git repos correctly when using subdirs.
+    build: add support for distributing cache to remote sources using `--cache-to` and `--cache-from`.
+    imagebuildah: optimize cache hits for `COPY` and `ADD` instructions.
+    build: support OCI hooks for ephemeral build containers.
+    build: add support for `--userns=auto`.
+    copier: add NoOverwriteNonDirDir option .
+    add initial support for building images using Buildah on FreeBSD.
+    multistage: this now skips the computing of unwanted stages to improve performance.
+    multiarch: support splitting build logs for `--platform` using `--logsplit`.
+    build: add support for building images where the base image has no history.
+    commit: allow disabling image history with `--omit-history`.
+    build: add support for renaming a device in rootless setups.
+    build: now supports additionalBuildContext in builds via the `--build-context` option.
+    build: `--output` produces artifacts even if the build container is not committed.
+    build: now accepts `-cpp-flag`, allowing users to pass in CPP flags when processing a Containerfile with C Preprocessor-like syntax.
+    build: now accepts a branch and a subdirectory when the build context is a git repository.
+    build: output now shows a progress bar while pushing and pulling images
+    build: now errors out if the path to Containerfile is a directory.
+    build: support building container images on environments that are rootless and without any valid login sessions.
+    fix: `--output` now generates artifacts even if the entire build is cached.
+    fix: `--output` generates artifacts only for the target stage in multi-stage builds.
+    fix,add: now fails on a bad HTTP response instead of writing to container
+    fix,squash: never use build cache when computing the last step of the last stage
+    fix,build,run: allow reusing secret more than once in different RUN steps
+    fix: compatibility with Docker build by making its --label and --annotate options set empty labels and annotations when given a name but no `=` or label value.
+
 ## v1.26.0 (2022-05-04)
 
     imagebuildah,build: move deepcopy of args before we spawn goroutine
diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile
index b40462eea..7c7bf1596 100644
--- a/vendor/github.com/containers/buildah/Makefile
+++ b/vendor/github.com/containers/buildah/Makefile
@@ -14,10 +14,8 @@ BUILDAH := buildah
 GO := go
 GO_LDFLAGS := $(shell if $(GO) version|grep -q gccgo; then echo "-gccgoflags"; else echo "-ldflags"; fi)
 GO_GCFLAGS := $(shell if $(GO) version|grep -q gccgo; then echo "-gccgoflags"; else echo "-gcflags"; fi)
-GO110 := 1.10
-GOVERSION := $(findstring $(GO110),$(shell go version))
 # test for go module support
-ifeq ($(shell go help mod >/dev/null 2>&1 && echo true), true)
+ifeq ($(shell $(GO) help mod >/dev/null 2>&1 && echo true), true)
 export GO_BUILD=GO111MODULE=on $(GO) build -mod=vendor
 export GO_TEST=GO111MODULE=on $(GO) test -mod=vendor
 else
@@ -31,9 +29,12 @@ GIT_COMMIT ?= $(if $(shell git status --porcelain --untracked-files=no),${COMMIT
 SOURCE_DATE_EPOCH ?= $(if $(shell date +%s),$(shell date +%s),$(error "date failed"))
 STATIC_STORAGETAGS = "containers_image_openpgp exclude_graphdriver_devicemapper $(STORAGE_TAGS)"
 
-CNI_COMMIT := $(shell sed -n 's;\tgithub.com/containernetworking/cni \([^ \n]*\).*$\;\1;p' go.mod)
-#RUNC_COMMIT := $(shell sed -n 's;\tgithub.com/opencontainers/runc \([^ \n]*\).*$\;\1;p' go.mod)
-RUNC_COMMIT := v1.0.0-rc8
+# we get GNU make 3.x in MacOS build envs, which wants # to be escaped in
+# strings, while the 4.x we have on Linux doesn't. this is the documented
+# workaround
+COMMENT := \#
+CNI_COMMIT := $(shell sed -n 's;^$(COMMENT) github.com/containernetworking/cni \([^ \n]*\).*$$;\1;p' vendor/modules.txt)
+RUNC_COMMIT := $(shell sed -n 's;^$(COMMENT) github.com/opencontainers/runc \([^ \n]*\).*$$;\1;p' vendor/modules.txt)
 LIBSECCOMP_COMMIT := release-2.3
 
 EXTRA_LDFLAGS ?=
@@ -50,7 +51,7 @@ endif
 #     Note: Uses the -N -l go compiler options to disable compiler optimizations
 #           and inlining. Using these build options allows you to subsequently
 #           use source debugging tools like delve.
-all: bin/buildah bin/imgtype bin/copy docs
+all: bin/buildah bin/imgtype bin/copy bin/tutorial docs
 
 # Update nix/nixpkgs.json its latest stable commit
 .PHONY: nixpkgs
@@ -74,7 +75,8 @@ bin/buildah: $(SOURCES) cmd/buildah/*.go
 .PHONY: buildah
 buildah: bin/buildah
 
-ALL_CROSS_TARGETS := $(addprefix bin/buildah.,$(subst /,.,$(shell $(GO) tool dist list)))
+# TODO: remove `grep -v loong64` from `ALL_CROSS_TARGETS` once go.etcd.io/bbolt 1.3.7 is out.
+ALL_CROSS_TARGETS := $(addprefix bin/buildah.,$(subst /,.,$(shell $(GO) tool dist list | grep -v loong64)))
 LINUX_CROSS_TARGETS := $(filter bin/buildah.linux.%,$(ALL_CROSS_TARGETS))
 DARWIN_CROSS_TARGETS := $(filter bin/buildah.darwin.%,$(ALL_CROSS_TARGETS))
 WINDOWS_CROSS_TARGETS := $(addsuffix .exe,$(filter bin/buildah.windows.%,$(ALL_CROSS_TARGETS)))
@@ -92,6 +94,9 @@ bin/imgtype: $(SOURCES) tests/imgtype/imgtype.go
 bin/copy: $(SOURCES) tests/copy/copy.go
 	$(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/copy/copy.go
 
+bin/tutorial: $(SOURCES) tests/tutorial/tutorial.go
+	$(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/tutorial/tutorial.go
+
 .PHONY: clean
 clean:
 	$(RM) -r bin tests/testreport/testreport
@@ -108,7 +113,7 @@ gopath:
 	test $(shell pwd) = $(shell cd ../../../../src/github.com/containers/buildah ; pwd)
 
 codespell:
-	codespell -S Makefile,build,buildah,buildah.spec,imgtype,copy,AUTHORS,bin,vendor,.git,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L uint,iff,od,ERRO -w
+	codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L uint,iff,od,ERRO -w
 
 .PHONY: validate
 validate: install.tools
diff --git a/vendor/github.com/containers/buildah/bind/mount.go b/vendor/github.com/containers/buildah/bind/mount.go
index 8e5ad458c..212be3ca8 100644
--- a/vendor/github.com/containers/buildah/bind/mount.go
+++ b/vendor/github.com/containers/buildah/bind/mount.go
@@ -150,7 +150,7 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
 		// Check if the source is a directory or something else.
 		info, err := os.Stat(spec.Mounts[i].Source)
 		if err != nil {
-			if os.IsNotExist(err) {
+			if errors.Is(err, os.ErrNotExist) {
 				logrus.Warnf("couldn't find %q on host to bind mount into container", spec.Mounts[i].Source)
 				continue
 			}
@@ -269,7 +269,7 @@ func UnmountMountpoints(mountpoint string, mountpointsToRemove []string) error {
 		mount := getMountByID(id)
 		// check if this mountpoint is mounted
 		if err := unix.Lstat(mount.Mountpoint, &st); err != nil {
-			if os.IsNotExist(err) {
+			if errors.Is(err, os.ErrNotExist) {
 				logrus.Debugf("mountpoint %q is not present(?), skipping", mount.Mountpoint)
 				continue
 			}
diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go
index 5e6397f7f..41f1ba311 100644
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@@ -3,6 +3,7 @@ package buildah
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -445,7 +446,7 @@ func OpenBuilderByPath(store storage.Store, path string) (*Builder, error) {
 		}
 		buildstate, err := ioutil.ReadFile(filepath.Join(cdir, stateFile))
 		if err != nil {
-			if os.IsNotExist(err) {
+			if errors.Is(err, os.ErrNotExist) {
 				logrus.Debugf("error reading %q: %v, ignoring container %q", filepath.Join(cdir, stateFile), err, container.ID)
 				continue
 			}
@@ -482,7 +483,7 @@ func OpenAllBuilders(store storage.Store) (builders []*Builder, err error) {
 		}
 		buildstate, err := ioutil.ReadFile(filepath.Join(cdir, stateFile))
 		if err != nil {
-			if os.IsNotExist(err) {
+			if errors.Is(err, os.ErrNotExist) {
 				logrus.Debugf("error reading %q: %v, ignoring container %q", filepath.Join(cdir, stateFile), err, container.ID)
 				continue
 			}
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index a8a010bcd..a6fa96acf 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,3 +1,32 @@
+- Changelog for v1.27.0 (2022-08-01)
+  * build: support filtering cache by duration using `--cache-ttl`.
+  * build: support building from commit when using git repo as build context.
+  * build: clean up git repos correctly when using subdirs.
+  * build: add support for distributing cache to remote sources using `--cache-to` and `--cache-from`.
+  * imagebuildah: optimize cache hits for `COPY` and `ADD` instructions.
+  * build: support OCI hooks for ephemeral build containers.
+  * build: add support for `--userns=auto`.
+  * copier: add NoOverwriteNonDirDir option .
+  * add initial support for building images using Buildah on FreeBSD.
+  * multistage: this now skips the computing of unwanted stages to improve performance.
+  * multiarch: support splitting build logs for `--platform` using `--logsplit`.
+  * build: add support for building images where the base image has no history.
+  * commit: allow disabling image history with `--omit-history`.
+  * build: add support for renaming a device in rootless setups.
+  * build: now supports additionalBuildContext in builds via the `--build-context` option.
+  * build: `--output` produces artifacts even if the build container is not committed.
+  * build: now accepts `-cpp-flag`, allowing users to pass in CPP flags when processing a Containerfile with C Preprocessor-like syntax.
+  * build: now accepts a branch and a subdirectory when the build context is a git repository.
+  * build: output now shows a progress bar while pushing and pulling images
+  * build: now errors out if the path to Containerfile is a directory.
+  * build: support building container images on environments that are rootless and without any valid login sessions.
+  * fix: `--output` now generates artifacts even if the entire build is cached.
+  * fix: `--output` generates artifacts only for the target stage in multi-stage builds.
+  * fix,add: now fails on a bad HTTP response instead of writing to container
+  * fix,squash: never use build cache when computing the last step of the last stage
+  * fix,build,run: allow reusing secret more than once in different RUN steps
+  * fix: compatibility with Docker build by making its --label and --annotate options set empty labels and annotations when given a name but no `=` or label value.
+
 - Changelog for v1.26.0 (2022-05-04)
   * imagebuildah,build: move deepcopy of args before we spawn goroutine
   * Vendor in containers/storage v1.40.2
diff --git a/vendor/github.com/containers/buildah/chroot/pty_posix.go b/vendor/github.com/containers/buildah/chroot/pty_posix.go
new file mode 100644
index 000000000..97c1b6589
--- /dev/null
+++ b/vendor/github.com/containers/buildah/chroot/pty_posix.go
@@ -0,0 +1,64 @@
+//go:build freebsd && cgo
+// +build freebsd,cgo
+
+package chroot
+
+// #include <fcntl.h>
+// #include <stdlib.h>
+import "C"
+
+import (
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+func openpt() (int, error) {
+	fd, err := C.posix_openpt(C.O_RDWR)
+	if err != nil {
+		return -1, err
+	}
+	if _, err := C.grantpt(fd); err != nil {
+		return -1, err
+	}
+	return int(fd), nil
+}
+
+func ptsname(fd int) (string, error) {
+	path, err := C.ptsname(C.int(fd))
+	if err != nil {
+		return "", err
+	}
+	return C.GoString(path), nil
+}
+
+func unlockpt(fd int) error {
+	if _, err := C.unlockpt(C.int(fd)); err != nil {
+		return err
+	}
+	return nil
+}
+
+func getPtyDescriptors() (int, int, error) {
+	// Create a pseudo-terminal and open the control side
+	controlFd, err := openpt()
+	if err != nil {
+		logrus.Errorf("error opening PTY control side using posix_openpt: %v", err)
+		return -1, -1, err
+	}
+	if err = unlockpt(controlFd); err != nil {
+		logrus.Errorf("error unlocking PTY: %v", err)
+		return -1, -1, err
+	}
+	// Get a handle for the other end.
+	ptyName, err := ptsname(controlFd)
+	if err != nil {
+		logrus.Errorf("error getting PTY name: %v", err)
+		return -1, -1, err
+	}
+	ptyFd, err := unix.Open(ptyName, unix.O_RDWR, 0)
+	if err != nil {
+		logrus.Errorf("error opening PTY: %v", err)
+		return -1, -1, err
+	}
+	return controlFd, ptyFd, nil
+}
diff --git a/vendor/github.com/containers/buildah/chroot/pty_ptmx.go b/vendor/github.com/containers/buildah/chroot/pty_ptmx.go
new file mode 100644
index 000000000..e613c7571
--- /dev/null
+++ b/vendor/github.com/containers/buildah/chroot/pty_ptmx.go
@@ -0,0 +1,47 @@
+//go:build linux
+// +build linux
+
+package chroot
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// Open a PTY using the /dev/ptmx device. The main advantage of using
+// this instead of posix_openpt is that it avoids cgo.
+func getPtyDescriptors() (int, int, error) {
+	// Create a pseudo-terminal -- open a copy of the master side.
+	controlFd, err := unix.Open("/dev/ptmx", os.O_RDWR, 0600)
+	if err != nil {
+		return -1, -1, fmt.Errorf("error opening PTY master using /dev/ptmx: %v", err)
+	}
+	// Set the kernel's lock to "unlocked".
+	locked := 0
+	if result, _, err := unix.Syscall(unix.SYS_IOCTL, uintptr(controlFd), unix.TIOCSPTLCK, uintptr(unsafe.Pointer(&locked))); int(result) == -1 {
+		return -1, -1, fmt.Errorf("error unlocking PTY descriptor: %v", err)
+	}
+	// Get a handle for the other end.
+	ptyFd, _, err := unix.Syscall(unix.SYS_IOCTL, uintptr(controlFd), unix.TIOCGPTPEER, unix.O_RDWR|unix.O_NOCTTY)
+	if int(ptyFd) == -1 {
+		if errno, isErrno := err.(syscall.Errno); !isErrno || (errno != syscall.EINVAL && errno != syscall.ENOTTY) {
+			return -1, -1, fmt.Errorf("error getting PTY descriptor: %v", err)
+		}
+		// EINVAL means the kernel's too old to understand TIOCGPTPEER.  Try TIOCGPTN.
+		ptyN, err := unix.IoctlGetInt(controlFd, unix.TIOCGPTN)
+		if err != nil {
+			return -1, -1, fmt.Errorf("error getting PTY number: %v", err)
+		}
+		ptyName := fmt.Sprintf("/dev/pts/%d", ptyN)
+		fd, err := unix.Open(ptyName, unix.O_RDWR|unix.O_NOCTTY, 0620)
+		if err != nil {
+			return -1, -1, fmt.Errorf("error opening PTY %q: %v", ptyName, err)
+		}
+		ptyFd = uintptr(fd)
+	}
+	return controlFd, int(ptyFd), nil
+}
diff --git a/vendor/github.com/containers/buildah/chroot/pty_unsupported.go b/vendor/github.com/containers/buildah/chroot/pty_unsupported.go
new file mode 100644
index 000000000..55ea597e3
--- /dev/null
+++ b/vendor/github.com/containers/buildah/chroot/pty_unsupported.go
@@ -0,0 +1,13 @@
+//go:build !linux && !(freebsd && cgo)
+// +build !linux
+// +build !freebsd !cgo
+
+package chroot
+
+import (
+	"errors"
+)
+
+func getPtyDescriptors() (int, int, error) {
+	return -1, -1, errors.New("getPtyDescriptors not supported on this platform")
+}
diff --git a/vendor/github.com/containers/buildah/chroot/run.go b/vendor/github.com/containers/buildah/chroot/run.go
deleted file mode 100644
index 809a70131..000000000
--- a/vendor/github.com/containers/buildah/chroot/run.go
+++ /dev/null
@@ -1,1474 +0,0 @@
-//go:build linux
-// +build linux
-
-package chroot
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"os/signal"
-	"path/filepath"
-	"runtime"
-	"strconv"
-	"strings"
-	"sync"
-	"syscall"
-	"time"
-	"unsafe"
-
-	"github.com/containers/buildah/bind"
-	"github.com/containers/buildah/copier"
-	"github.com/containers/buildah/util"
-	"github.com/containers/storage/pkg/ioutils"
-	"github.com/containers/storage/pkg/mount"
-	"github.com/containers/storage/pkg/reexec"
-	"github.com/containers/storage/pkg/unshare"
-	"github.com/opencontainers/runc/libcontainer/apparmor"
-	"github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/sirupsen/logrus"
-	"github.com/syndtr/gocapability/capability"
-	"golang.org/x/sys/unix"
-	"golang.org/x/term"
-)
-
-const (
-	// runUsingChrootCommand is a command we use as a key for reexec
-	runUsingChrootCommand = "buildah-chroot-runtime"
-	// runUsingChrootExec is a command we use as a key for reexec
-	runUsingChrootExecCommand = "buildah-chroot-exec"
-)
-
-var (
-	rlimitsMap = map[string]int{
-		"RLIMIT_AS":         unix.RLIMIT_AS,
-		"RLIMIT_CORE":       unix.RLIMIT_CORE,
-		"RLIMIT_CPU":        unix.RLIMIT_CPU,
-		"RLIMIT_DATA":       unix.RLIMIT_DATA,
-		"RLIMIT_FSIZE":      unix.RLIMIT_FSIZE,
-		"RLIMIT_LOCKS":      unix.RLIMIT_LOCKS,
-		"RLIMIT_MEMLOCK":    unix.RLIMIT_MEMLOCK,
-		"RLIMIT_MSGQUEUE":   unix.RLIMIT_MSGQUEUE,
-		"RLIMIT_NICE":       unix.RLIMIT_NICE,
-		"RLIMIT_NOFILE":     unix.RLIMIT_NOFILE,
-		"RLIMIT_NPROC":      unix.RLIMIT_NPROC,
-		"RLIMIT_RSS":        unix.RLIMIT_RSS,
-		"RLIMIT_RTPRIO":     unix.RLIMIT_RTPRIO,
-		"RLIMIT_RTTIME":     unix.RLIMIT_RTTIME,
-		"RLIMIT_SIGPENDING": unix.RLIMIT_SIGPENDING,
-		"RLIMIT_STACK":      unix.RLIMIT_STACK,
-	}
-	rlimitsReverseMap = map[int]string{}
-)
-
-func init() {
-	reexec.Register(runUsingChrootCommand, runUsingChrootMain)
-	reexec.Register(runUsingChrootExecCommand, runUsingChrootExecMain)
-	for limitName, limitNumber := range rlimitsMap {
-		rlimitsReverseMap[limitNumber] = limitName
-	}
-}
-
-type runUsingChrootSubprocOptions struct {
-	Spec        *specs.Spec
-	BundlePath  string
-	UIDMappings []syscall.SysProcIDMap
-	GIDMappings []syscall.SysProcIDMap
-}
-
-type runUsingChrootExecSubprocOptions struct {
-	Spec       *specs.Spec
-	BundlePath string
-}
-
-// RunUsingChroot runs a chrooted process, using some of the settings from the
-// passed-in spec, and using the specified bundlePath to hold temporary files,
-// directories, and mountpoints.
-func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reader, stdout, stderr io.Writer) (err error) {
-	var confwg sync.WaitGroup
-	var homeFound bool
-	for _, env := range spec.Process.Env {
-		if strings.HasPrefix(env, "HOME=") {
-			homeFound = true
-			break
-		}
-	}
-	if !homeFound {
-		spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
-	}
-	runtime.LockOSThread()
-	defer runtime.UnlockOSThread()
-
-	// Write the runtime configuration, mainly for debugging.
-	specbytes, err := json.Marshal(spec)
-	if err != nil {
-		return err
-	}
-	if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, "config.json"), specbytes, 0600); err != nil {
-		return fmt.Errorf("error storing runtime configuration: %w", err)
-	}
-	logrus.Debugf("config = %v", string(specbytes))
-
-	// Default to using stdin/stdout/stderr if we weren't passed objects to use.
-	if stdin == nil {
-		stdin = os.Stdin
-	}
-	if stdout == nil {
-		stdout = os.Stdout
-	}
-	if stderr == nil {
-		stderr = os.Stderr
-	}
-
-	// Create a pipe for passing configuration down to the next process.
-	preader, pwriter, err := os.Pipe()
-	if err != nil {
-		return fmt.Errorf("error creating configuration pipe: %w", err)
-	}
-	config, conferr := json.Marshal(runUsingChrootSubprocOptions{
-		Spec:       spec,
-		BundlePath: bundlePath,
-	})
-	if conferr != nil {
-		return fmt.Errorf("error encoding configuration for %q: %w", runUsingChrootCommand, conferr)
-	}
-
-	// Set our terminal's mode to raw, to pass handling of special
-	// terminal input to the terminal in the container.
-	if spec.Process.Terminal && term.IsTerminal(unix.Stdin) {
-		state, err := term.MakeRaw(unix.Stdin)
-		if err != nil {
-			logrus.Warnf("error setting terminal state: %v", err)
-		} else {
-			defer func() {
-				if err = term.Restore(unix.Stdin, state); err != nil {
-					logrus.Errorf("unable to restore terminal state: %v", err)
-				}
-			}()
-		}
-	}
-
-	// Raise any resource limits that are higher than they are now, before
-	// we drop any more privileges.
-	if err = setRlimits(spec, false, true); err != nil {
-		return err
-	}
-
-	// Start the grandparent subprocess.
-	cmd := unshare.Command(runUsingChrootCommand)
-	setPdeathsig(cmd.Cmd)
-	cmd.Stdin, cmd.Stdout, cmd.Stderr = stdin, stdout, stderr
-	cmd.Dir = "/"
-	cmd.Env = []string{fmt.Sprintf("LOGLEVEL=%d", logrus.GetLevel())}
-
-	interrupted := make(chan os.Signal, 100)
-	cmd.Hook = func(int) error {
-		signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
-		go func() {
-			for receivedSignal := range interrupted {
-				if err := cmd.Process.Signal(receivedSignal); err != nil {
-					logrus.Infof("%v while attempting to forward %v to child process", err, receivedSignal)
-				}
-			}
-		}()
-		return nil
-	}
-
-	logrus.Debugf("Running %#v in %#v", cmd.Cmd, cmd)
-	confwg.Add(1)
-	go func() {
-		_, conferr = io.Copy(pwriter, bytes.NewReader(config))
-		pwriter.Close()
-		confwg.Done()
-	}()
-	cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
-	err = cmd.Run()
-	confwg.Wait()
-	signal.Stop(interrupted)
-	close(interrupted)
-	if err == nil {
-		return conferr
-	}
-	return err
-}
-
-// main() for grandparent subprocess.  Its main job is to shuttle stdio back
-// and forth, managing a pseudo-terminal if we want one, for our child, the
-// parent subprocess.
-func runUsingChrootMain() {
-	var options runUsingChrootSubprocOptions
-
-	runtime.LockOSThread()
-
-	// Set logging.
-	if level := os.Getenv("LOGLEVEL"); level != "" {
-		if ll, err := strconv.Atoi(level); err == nil {
-			logrus.SetLevel(logrus.Level(ll))
-		}
-		os.Unsetenv("LOGLEVEL")
-	}
-
-	// Unpack our configuration.
-	confPipe := os.NewFile(3, "confpipe")
-	if confPipe == nil {
-		fmt.Fprintf(os.Stderr, "error reading options pipe\n")
-		os.Exit(1)
-	}
-	defer confPipe.Close()
-	if err := json.NewDecoder(confPipe).Decode(&options); err != nil {
-		fmt.Fprintf(os.Stderr, "error decoding options: %v\n", err)
-		os.Exit(1)
-	}
-
-	if options.Spec == nil || options.Spec.Process == nil {
-		fmt.Fprintf(os.Stderr, "invalid options spec in runUsingChrootMain\n")
-		os.Exit(1)
-	}
-
-	// Prepare to shuttle stdio back and forth.
-	rootUID32, rootGID32, err := util.GetHostRootIDs(options.Spec)
-	if err != nil {
-		logrus.Errorf("error determining ownership for container stdio")
-		os.Exit(1)
-	}
-	rootUID := int(rootUID32)
-	rootGID := int(rootGID32)
-	relays := make(map[int]int)
-	closeOnceRunning := []*os.File{}
-	var ctty *os.File
-	var stdin io.Reader
-	var stdinCopy io.WriteCloser
-	var stdout io.Writer
-	var stderr io.Writer
-	fdDesc := make(map[int]string)
-	if options.Spec.Process.Terminal {
-		// Create a pseudo-terminal -- open a copy of the master side.
-		ptyMasterFd, err := unix.Open("/dev/ptmx", os.O_RDWR, 0600)
-		if err != nil {
-			logrus.Errorf("error opening PTY master using /dev/ptmx: %v", err)
-			os.Exit(1)
-		}
-		// Set the kernel's lock to "unlocked".
-		locked := 0
-		if result, _, err := unix.Syscall(unix.SYS_IOCTL, uintptr(ptyMasterFd), unix.TIOCSPTLCK, uintptr(unsafe.Pointer(&locked))); int(result) == -1 {
-			logrus.Errorf("error unlocking PTY descriptor: %v", err)
-			os.Exit(1)
-		}
-		// Get a handle for the other end.
-		ptyFd, _, err := unix.Syscall(unix.SYS_IOCTL, uintptr(ptyMasterFd), unix.TIOCGPTPEER, unix.O_RDWR|unix.O_NOCTTY)
-		if int(ptyFd) == -1 {
-			if errno, isErrno := err.(syscall.Errno); !isErrno || (errno != syscall.EINVAL && errno != syscall.ENOTTY) {
-				logrus.Errorf("error getting PTY descriptor: %v", err)
-				os.Exit(1)
-			}
-			// EINVAL means the kernel's too old to understand TIOCGPTPEER.  Try TIOCGPTN.
-			ptyN, err := unix.IoctlGetInt(ptyMasterFd, unix.TIOCGPTN)
-			if err != nil {
-				logrus.Errorf("error getting PTY number: %v", err)
-				os.Exit(1)
-			}
-			ptyName := fmt.Sprintf("/dev/pts/%d", ptyN)
-			fd, err := unix.Open(ptyName, unix.O_RDWR|unix.O_NOCTTY, 0620)
-			if err != nil {
-				logrus.Errorf("error opening PTY %q: %v", ptyName, err)
-				os.Exit(1)
-			}
-			ptyFd = uintptr(fd)
-		}
-		// Make notes about what's going where.
-		relays[ptyMasterFd] = unix.Stdout
-		relays[unix.Stdin] = ptyMasterFd
-		fdDesc[ptyMasterFd] = "container terminal"
-		fdDesc[unix.Stdin] = "stdin"
-		fdDesc[unix.Stdout] = "stdout"
-		winsize := &unix.Winsize{}
-		// Set the pseudoterminal's size to the configured size, or our own.
-		if options.Spec.Process.ConsoleSize != nil {
-			// Use configured sizes.
-			winsize.Row = uint16(options.Spec.Process.ConsoleSize.Height)
-			winsize.Col = uint16(options.Spec.Process.ConsoleSize.Width)
-		} else {
-			if term.IsTerminal(unix.Stdin) {
-				// Use the size of our terminal.
-				winsize, err = unix.IoctlGetWinsize(unix.Stdin, unix.TIOCGWINSZ)
-				if err != nil {
-					logrus.Debugf("error reading current terminal's size")
-					winsize.Row = 0
-					winsize.Col = 0
-				}
-			}
-		}
-		if winsize.Row != 0 && winsize.Col != 0 {
-			if err = unix.IoctlSetWinsize(int(ptyFd), unix.TIOCSWINSZ, winsize); err != nil {
-				logrus.Warnf("error setting terminal size for pty")
-			}
-			// FIXME - if we're connected to a terminal, we should
-			// be passing the updated terminal size down when we
-			// receive a SIGWINCH.
-		}
-		// Open an *os.File object that we can pass to our child.
-		ctty = os.NewFile(ptyFd, "/dev/tty")
-		// Set ownership for the PTY.
-		if err = ctty.Chown(rootUID, rootGID); err != nil {
-			var cttyInfo unix.Stat_t
-			err2 := unix.Fstat(int(ptyFd), &cttyInfo)
-			from := ""
-			op := "setting"
-			if err2 == nil {
-				op = "changing"
-				from = fmt.Sprintf("from %d/%d ", cttyInfo.Uid, cttyInfo.Gid)
-			}
-			logrus.Warnf("error %s ownership of container PTY %sto %d/%d: %v", op, from, rootUID, rootGID, err)
-		}
-		// Set permissions on the PTY.
-		if err = ctty.Chmod(0620); err != nil {
-			logrus.Errorf("error setting permissions of container PTY: %v", err)
-			os.Exit(1)
-		}
-		// Make a note that our child (the parent subprocess) should
-		// have the PTY connected to its stdio, and that we should
-		// close it once it's running.
-		stdin = ctty
-		stdout = ctty
-		stderr = ctty
-		closeOnceRunning = append(closeOnceRunning, ctty)
-	} else {
-		// Create pipes for stdio.
-		stdinRead, stdinWrite, err := os.Pipe()
-		if err != nil {
-			logrus.Errorf("error opening pipe for stdin: %v", err)
-		}
-		stdoutRead, stdoutWrite, err := os.Pipe()
-		if err != nil {
-			logrus.Errorf("error opening pipe for stdout: %v", err)
-		}
-		stderrRead, stderrWrite, err := os.Pipe()
-		if err != nil {
-			logrus.Errorf("error opening pipe for stderr: %v", err)
-		}
-		// Make notes about what's going where.
-		relays[unix.Stdin] = int(stdinWrite.Fd())
-		relays[int(stdoutRead.Fd())] = unix.Stdout
-		relays[int(stderrRead.Fd())] = unix.Stderr
-		fdDesc[int(stdinWrite.Fd())] = "container stdin pipe"
-		fdDesc[int(stdoutRead.Fd())] = "container stdout pipe"
-		fdDesc[int(stderrRead.Fd())] = "container stderr pipe"
-		fdDesc[unix.Stdin] = "stdin"
-		fdDesc[unix.Stdout] = "stdout"
-		fdDesc[unix.Stderr] = "stderr"
-		// Set ownership for the pipes.
-		if err = stdinRead.Chown(rootUID, rootGID); err != nil {
-			logrus.Errorf("error setting ownership of container stdin pipe: %v", err)
-			os.Exit(1)
-		}
-		if err = stdoutWrite.Chown(rootUID, rootGID); err != nil {
-			logrus.Errorf("error setting ownership of container stdout pipe: %v", err)
-			os.Exit(1)
-		}
-		if err = stderrWrite.Chown(rootUID, rootGID); err != nil {
-			logrus.Errorf("error setting ownership of container stderr pipe: %v", err)
-			os.Exit(1)
-		}
-		// Make a note that our child (the parent subprocess) should
-		// have the pipes connected to its stdio, and that we should
-		// close its ends of them once it's running.
-		stdin = stdinRead
-		stdout = stdoutWrite
-		stderr = stderrWrite
-		closeOnceRunning = append(closeOnceRunning, stdinRead, stdoutWrite, stderrWrite)
-		stdinCopy = stdinWrite
-		defer stdoutRead.Close()
-		defer stderrRead.Close()
-	}
-	for readFd, writeFd := range relays {
-		if err := unix.SetNonblock(readFd, true); err != nil {
-			logrus.Errorf("error setting descriptor %d (%s) non-blocking: %v", readFd, fdDesc[readFd], err)
-			return
-		}
-		if err := unix.SetNonblock(writeFd, false); err != nil {
-			logrus.Errorf("error setting descriptor %d (%s) blocking: %v", relays[writeFd], fdDesc[writeFd], err)
-			return
-		}
-	}
-	if err := unix.SetNonblock(relays[unix.Stdin], true); err != nil {
-		logrus.Errorf("error setting %d to nonblocking: %v", relays[unix.Stdin], err)
-	}
-	go func() {
-		buffers := make(map[int]*bytes.Buffer)
-		for _, writeFd := range relays {
-			buffers[writeFd] = new(bytes.Buffer)
-		}
-		pollTimeout := -1
-		stdinClose := false
-		for len(relays) > 0 {
-			fds := make([]unix.PollFd, 0, len(relays))
-			for fd := range relays {
-				fds = append(fds, unix.PollFd{Fd: int32(fd), Events: unix.POLLIN | unix.POLLHUP})
-			}
-			_, err := unix.Poll(fds, pollTimeout)
-			if !util.LogIfNotRetryable(err, fmt.Sprintf("poll: %v", err)) {
-				return
-			}
-			removeFds := make(map[int]struct{})
-			for _, rfd := range fds {
-				if rfd.Revents&unix.POLLHUP == unix.POLLHUP {
-					removeFds[int(rfd.Fd)] = struct{}{}
-				}
-				if rfd.Revents&unix.POLLNVAL == unix.POLLNVAL {
-					logrus.Debugf("error polling descriptor %s: closed?", fdDesc[int(rfd.Fd)])
-					removeFds[int(rfd.Fd)] = struct{}{}
-				}
-				if rfd.Revents&unix.POLLIN == 0 {
-					if stdinClose && stdinCopy == nil {
-						continue
-					}
-					continue
-				}
-				b := make([]byte, 8192)
-				nread, err := unix.Read(int(rfd.Fd), b)
-				util.LogIfNotRetryable(err, fmt.Sprintf("read %s: %v", fdDesc[int(rfd.Fd)], err))
-				if nread > 0 {
-					if wfd, ok := relays[int(rfd.Fd)]; ok {
-						nwritten, err := buffers[wfd].Write(b[:nread])
-						if err != nil {
-							logrus.Debugf("buffer: %v", err)
-							continue
-						}
-						if nwritten != nread {
-							logrus.Debugf("buffer: expected to buffer %d bytes, wrote %d", nread, nwritten)
-							continue
-						}
-					}
-					// If this is the last of the data we'll be able to read
-					// from this descriptor, read as much as there is to read.
-					for rfd.Revents&unix.POLLHUP == unix.POLLHUP {
-						nr, err := unix.Read(int(rfd.Fd), b)
-						util.LogIfUnexpectedWhileDraining(err, fmt.Sprintf("read %s: %v", fdDesc[int(rfd.Fd)], err))
-						if nr <= 0 {
-							break
-						}
-						if wfd, ok := relays[int(rfd.Fd)]; ok {
-							nwritten, err := buffers[wfd].Write(b[:nr])
-							if err != nil {
-								logrus.Debugf("buffer: %v", err)
-								break
-							}
-							if nwritten != nr {
-								logrus.Debugf("buffer: expected to buffer %d bytes, wrote %d", nr, nwritten)
-								break
-							}
-						}
-					}
-				}
-				if nread == 0 {
-					removeFds[int(rfd.Fd)] = struct{}{}
-				}
-			}
-			pollTimeout = -1
-			for wfd, buffer := range buffers {
-				if buffer.Len() > 0 {
-					nwritten, err := unix.Write(wfd, buffer.Bytes())
-					util.LogIfNotRetryable(err, fmt.Sprintf("write %s: %v", fdDesc[wfd], err))
-					if nwritten >= 0 {
-						_ = buffer.Next(nwritten)
-					}
-				}
-				if buffer.Len() > 0 {
-					pollTimeout = 100
-				}
-				if wfd == relays[unix.Stdin] && stdinClose && buffer.Len() == 0 {
-					stdinCopy.Close()
-					delete(relays, unix.Stdin)
-				}
-			}
-			for rfd := range removeFds {
-				if rfd == unix.Stdin {
-					buffer, found := buffers[relays[unix.Stdin]]
-					if found && buffer.Len() > 0 {
-						stdinClose = true
-						continue
-					}
-				}
-				if !options.Spec.Process.Terminal && rfd == unix.Stdin {
-					stdinCopy.Close()
-				}
-				delete(relays, rfd)
-			}
-		}
-	}()
-
-	// Set up mounts and namespaces, and run the parent subprocess.
-	status, err := runUsingChroot(options.Spec, options.BundlePath, ctty, stdin, stdout, stderr, closeOnceRunning)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "error running subprocess: %v\n", err)
-		os.Exit(1)
-	}
-
-	// Pass the process's exit status back to the caller by exiting with the same status.
-	if status.Exited() {
-		if status.ExitStatus() != 0 {
-			fmt.Fprintf(os.Stderr, "subprocess exited with status %d\n", status.ExitStatus())
-		}
-		os.Exit(status.ExitStatus())
-	} else if status.Signaled() {
-		fmt.Fprintf(os.Stderr, "subprocess exited on %s\n", status.Signal())
-		os.Exit(1)
-	}
-}
-
-// runUsingChroot, still in the grandparent process, sets up various bind
-// mounts and then runs the parent process in its own user namespace with the
-// necessary ID mappings.
-func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io.Reader, stdout, stderr io.Writer, closeOnceRunning []*os.File) (wstatus unix.WaitStatus, err error) {
-	var confwg sync.WaitGroup
-
-	// Create a new mount namespace for ourselves and bind mount everything to a new location.
-	undoIntermediates, err := bind.SetupIntermediateMountNamespace(spec, bundlePath)
-	if err != nil {
-		return 1, err
-	}
-	defer func() {
-		if undoErr := undoIntermediates(); undoErr != nil {
-			logrus.Debugf("error cleaning up intermediate mount NS: %v", err)
-		}
-	}()
-
-	// Bind mount in our filesystems.
-	undoChroots, err := setupChrootBindMounts(spec, bundlePath)
-	if err != nil {
-		return 1, err
-	}
-	defer func() {
-		if undoErr := undoChroots(); undoErr != nil {
-			logrus.Debugf("error cleaning up intermediate chroot bind mounts: %v", err)
-		}
-	}()
-
-	// Create a pipe for passing configuration down to the next process.
-	preader, pwriter, err := os.Pipe()
-	if err != nil {
-		return 1, fmt.Errorf("error creating configuration pipe: %w", err)
-	}
-	config, conferr := json.Marshal(runUsingChrootExecSubprocOptions{
-		Spec:       spec,
-		BundlePath: bundlePath,
-	})
-	if conferr != nil {
-		fmt.Fprintf(os.Stderr, "error re-encoding configuration for %q", runUsingChrootExecCommand)
-		os.Exit(1)
-	}
-
-	// Apologize for the namespace configuration that we're about to ignore.
-	logNamespaceDiagnostics(spec)
-
-	// If we have configured ID mappings, set them here so that they can apply to the child.
-	hostUidmap, hostGidmap, err := unshare.GetHostIDMappings("")
-	if err != nil {
-		return 1, err
-	}
-	uidmap, gidmap := spec.Linux.UIDMappings, spec.Linux.GIDMappings
-	if len(uidmap) == 0 {
-		// No UID mappings are configured for the container.  Borrow our parent's mappings.
-		uidmap = append([]specs.LinuxIDMapping{}, hostUidmap...)
-		for i := range uidmap {
-			uidmap[i].HostID = uidmap[i].ContainerID
-		}
-	}
-	if len(gidmap) == 0 {
-		// No GID mappings are configured for the container.  Borrow our parent's mappings.
-		gidmap = append([]specs.LinuxIDMapping{}, hostGidmap...)
-		for i := range gidmap {
-			gidmap[i].HostID = gidmap[i].ContainerID
-		}
-	}
-
-	// Start the parent subprocess.
-	cmd := unshare.Command(append([]string{runUsingChrootExecCommand}, spec.Process.Args...)...)
-	setPdeathsig(cmd.Cmd)
-	cmd.Stdin, cmd.Stdout, cmd.Stderr = stdin, stdout, stderr
-	cmd.Dir = "/"
-	cmd.Env = []string{fmt.Sprintf("LOGLEVEL=%d", logrus.GetLevel())}
-	cmd.UnshareFlags = syscall.CLONE_NEWUTS | syscall.CLONE_NEWNS
-	requestedUserNS := false
-	for _, ns := range spec.Linux.Namespaces {
-		if ns.Type == specs.UserNamespace {
-			requestedUserNS = true
-		}
-	}
-	if len(spec.Linux.UIDMappings) > 0 || len(spec.Linux.GIDMappings) > 0 || requestedUserNS {
-		cmd.UnshareFlags = cmd.UnshareFlags | syscall.CLONE_NEWUSER
-		cmd.UidMappings = uidmap
-		cmd.GidMappings = gidmap
-		cmd.GidMappingsEnableSetgroups = true
-	}
-	if ctty != nil {
-		cmd.Setsid = true
-		cmd.Ctty = ctty
-	}
-	cmd.OOMScoreAdj = spec.Process.OOMScoreAdj
-	cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
-	interrupted := make(chan os.Signal, 100)
-	cmd.Hook = func(int) error {
-		for _, f := range closeOnceRunning {
-			f.Close()
-		}
-		signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
-		go func() {
-			for receivedSignal := range interrupted {
-				if err := cmd.Process.Signal(receivedSignal); err != nil {
-					logrus.Infof("%v while attempting to forward %v to child process", err, receivedSignal)
-				}
-			}
-		}()
-		return nil
-	}
-
-	logrus.Debugf("Running %#v in %#v", cmd.Cmd, cmd)
-	confwg.Add(1)
-	go func() {
-		_, conferr = io.Copy(pwriter, bytes.NewReader(config))
-		pwriter.Close()
-		confwg.Done()
-	}()
-	err = cmd.Run()
-	confwg.Wait()
-	signal.Stop(interrupted)
-	close(interrupted)
-	if err != nil {
-		if exitError, ok := err.(*exec.ExitError); ok {
-			if waitStatus, ok := exitError.ProcessState.Sys().(syscall.WaitStatus); ok {
-				if waitStatus.Exited() {
-					if waitStatus.ExitStatus() != 0 {
-						fmt.Fprintf(os.Stderr, "subprocess exited with status %d\n", waitStatus.ExitStatus())
-					}
-					os.Exit(waitStatus.ExitStatus())
-				} else if waitStatus.Signaled() {
-					fmt.Fprintf(os.Stderr, "subprocess exited on %s\n", waitStatus.Signal())
-					os.Exit(1)
-				}
-			}
-		}
-		fmt.Fprintf(os.Stderr, "process exited with error: %v", err)
-		os.Exit(1)
-	}
-
-	return 0, nil
-}
-
-// main() for parent subprocess.  Its main job is to try to make our
-// environment look like the one described by the runtime configuration blob,
-// and then launch the intended command as a child.
-func runUsingChrootExecMain() {
-	args := os.Args[1:]
-	var options runUsingChrootExecSubprocOptions
-	var err error
-
-	runtime.LockOSThread()
-
-	// Set logging.
-	if level := os.Getenv("LOGLEVEL"); level != "" {
-		if ll, err := strconv.Atoi(level); err == nil {
-			logrus.SetLevel(logrus.Level(ll))
-		}
-		os.Unsetenv("LOGLEVEL")
-	}
-
-	// Unpack our configuration.
-	confPipe := os.NewFile(3, "confpipe")
-	if confPipe == nil {
-		fmt.Fprintf(os.Stderr, "error reading options pipe\n")
-		os.Exit(1)
-	}
-	defer confPipe.Close()
-	if err := json.NewDecoder(confPipe).Decode(&options); err != nil {
-		fmt.Fprintf(os.Stderr, "error decoding options: %v\n", err)
-		os.Exit(1)
-	}
-
-	// Set the hostname.  We're already in a distinct UTS namespace and are admins in the user
-	// namespace which created it, so we shouldn't get a permissions error, but seccomp policy
-	// might deny our attempt to call sethostname() anyway, so log a debug message for that.
-	if options.Spec == nil || options.Spec.Process == nil {
-		fmt.Fprintf(os.Stderr, "invalid options spec passed in\n")
-		os.Exit(1)
-	}
-
-	if options.Spec.Hostname != "" {
-		if err := unix.Sethostname([]byte(options.Spec.Hostname)); err != nil {
-			logrus.Debugf("failed to set hostname %q for process: %v", options.Spec.Hostname, err)
-		}
-	}
-
-	// Try to chroot into the root.  Do this before we potentially block the syscall via the
-	// seccomp profile.
-	var oldst, newst unix.Stat_t
-	if err := unix.Stat(options.Spec.Root.Path, &oldst); err != nil {
-		fmt.Fprintf(os.Stderr, "error stat()ing intended root directory %q: %v\n", options.Spec.Root.Path, err)
-		os.Exit(1)
-	}
-	if err := unix.Chdir(options.Spec.Root.Path); err != nil {
-		fmt.Fprintf(os.Stderr, "error chdir()ing to intended root directory %q: %v\n", options.Spec.Root.Path, err)
-		os.Exit(1)
-	}
-	if err := unix.Chroot(options.Spec.Root.Path); err != nil {
-		fmt.Fprintf(os.Stderr, "error chroot()ing into directory %q: %v\n", options.Spec.Root.Path, err)
-		os.Exit(1)
-	}
-	if err := unix.Stat("/", &newst); err != nil {
-		fmt.Fprintf(os.Stderr, "error stat()ing current root directory: %v\n", err)
-		os.Exit(1)
-	}
-	if oldst.Dev != newst.Dev || oldst.Ino != newst.Ino {
-		fmt.Fprintf(os.Stderr, "unknown error chroot()ing into directory %q: %v\n", options.Spec.Root.Path, err)
-		os.Exit(1)
-	}
-	logrus.Debugf("chrooted into %q", options.Spec.Root.Path)
-
-	// not doing because it's still shared: creating devices
-	// not doing because it's not applicable: setting annotations
-	// not doing because it's still shared: setting sysctl settings
-	// not doing because cgroupfs is read only: configuring control groups
-	// -> this means we can use the freezer to make sure there aren't any lingering processes
-	// -> this means we ignore cgroups-based controls
-	// not doing because we don't set any in the config: running hooks
-	// not doing because we don't set it in the config: setting rootfs read-only
-	// not doing because we don't set it in the config: setting rootfs propagation
-	logrus.Debugf("setting apparmor profile")
-	if err = setApparmorProfile(options.Spec); err != nil {
-		fmt.Fprintf(os.Stderr, "error setting apparmor profile for process: %v\n", err)
-		os.Exit(1)
-	}
-	if err = setSelinuxLabel(options.Spec); err != nil {
-		fmt.Fprintf(os.Stderr, "error setting SELinux label for process: %v\n", err)
-		os.Exit(1)
-	}
-
-	logrus.Debugf("setting resource limits")
-	if err = setRlimits(options.Spec, false, false); err != nil {
-		fmt.Fprintf(os.Stderr, "error setting process resource limits for process: %v\n", err)
-		os.Exit(1)
-	}
-
-	// Try to change to the directory.
-	cwd := options.Spec.Process.Cwd
-	if !filepath.IsAbs(cwd) {
-		cwd = "/" + cwd
-	}
-	cwd = filepath.Clean(cwd)
-	if err := unix.Chdir("/"); err != nil {
-		fmt.Fprintf(os.Stderr, "error chdir()ing into new root directory %q: %v\n", options.Spec.Root.Path, err)
-		os.Exit(1)
-	}
-	if err := unix.Chdir(cwd); err != nil {
-		fmt.Fprintf(os.Stderr, "error chdir()ing into directory %q under root %q: %v\n", cwd, options.Spec.Root.Path, err)
-		os.Exit(1)
-	}
-	logrus.Debugf("changed working directory to %q", cwd)
-
-	// Drop privileges.
-	user := options.Spec.Process.User
-	if len(user.AdditionalGids) > 0 {
-		gids := make([]int, len(user.AdditionalGids))
-		for i := range user.AdditionalGids {
-			gids[i] = int(user.AdditionalGids[i])
-		}
-		logrus.Debugf("setting supplemental groups")
-		if err = syscall.Setgroups(gids); err != nil {
-			fmt.Fprintf(os.Stderr, "error setting supplemental groups list: %v", err)
-			os.Exit(1)
-		}
-	} else {
-		setgroups, _ := ioutil.ReadFile("/proc/self/setgroups")
-		if strings.Trim(string(setgroups), "\n") != "deny" {
-			logrus.Debugf("clearing supplemental groups")
-			if err = syscall.Setgroups([]int{}); err != nil {
-				fmt.Fprintf(os.Stderr, "error clearing supplemental groups list: %v", err)
-				os.Exit(1)
-			}
-		}
-	}
-
-	logrus.Debugf("setting gid")
-	if err = syscall.Setresgid(int(user.GID), int(user.GID), int(user.GID)); err != nil {
-		fmt.Fprintf(os.Stderr, "error setting GID: %v", err)
-		os.Exit(1)
-	}
-
-	if err = setSeccomp(options.Spec); err != nil {
-		fmt.Fprintf(os.Stderr, "error setting seccomp filter for process: %v\n", err)
-		os.Exit(1)
-	}
-
-	logrus.Debugf("setting capabilities")
-	var keepCaps []string
-	if user.UID != 0 {
-		keepCaps = []string{"CAP_SETUID"}
-	}
-	if err := setCapabilities(options.Spec, keepCaps...); err != nil {
-		fmt.Fprintf(os.Stderr, "error setting capabilities for process: %v\n", err)
-		os.Exit(1)
-	}
-
-	logrus.Debugf("setting uid")
-	if err = syscall.Setresuid(int(user.UID), int(user.UID), int(user.UID)); err != nil {
-		fmt.Fprintf(os.Stderr, "error setting UID: %v", err)
-		os.Exit(1)
-	}
-
-	// Actually run the specified command.
-	cmd := exec.Command(args[0], args[1:]...)
-	setPdeathsig(cmd)
-	cmd.Env = options.Spec.Process.Env
-	cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
-	cmd.Dir = cwd
-	logrus.Debugf("Running %#v (PATH = %q)", cmd, os.Getenv("PATH"))
-	interrupted := make(chan os.Signal, 100)
-	if err = cmd.Start(); err != nil {
-		fmt.Fprintf(os.Stderr, "process failed to start with error: %v", err)
-	}
-	go func() {
-		for range interrupted {
-			if err := cmd.Process.Signal(syscall.SIGKILL); err != nil {
-				logrus.Infof("%v while attempting to send SIGKILL to child process", err)
-			}
-		}
-	}()
-	signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
-	err = cmd.Wait()
-	signal.Stop(interrupted)
-	close(interrupted)
-	if err != nil {
-		if exitError, ok := err.(*exec.ExitError); ok {
-			if waitStatus, ok := exitError.ProcessState.Sys().(syscall.WaitStatus); ok {
-				if waitStatus.Exited() {
-					if waitStatus.ExitStatus() != 0 {
-						fmt.Fprintf(os.Stderr, "subprocess exited with status %d\n", waitStatus.ExitStatus())
-					}
-					os.Exit(waitStatus.ExitStatus())
-				} else if waitStatus.Signaled() {
-					fmt.Fprintf(os.Stderr, "subprocess exited on %s\n", waitStatus.Signal())
-					os.Exit(1)
-				}
-			}
-		}
-		fmt.Fprintf(os.Stderr, "process exited with error: %v", err)
-		os.Exit(1)
-	}
-}
-
-// logNamespaceDiagnostics knows which namespaces we want to create.
-// Output debug messages when that differs from what we're being asked to do.
-func logNamespaceDiagnostics(spec *specs.Spec) {
-	sawMountNS := false
-	sawUTSNS := false
-	for _, ns := range spec.Linux.Namespaces {
-		switch ns.Type {
-		case specs.CgroupNamespace:
-			if ns.Path != "" {
-				logrus.Debugf("unable to join cgroup namespace, sorry about that")
-			} else {
-				logrus.Debugf("unable to create cgroup namespace, sorry about that")
-			}
-		case specs.IPCNamespace:
-			if ns.Path != "" {
-				logrus.Debugf("unable to join IPC namespace, sorry about that")
-			} else {
-				logrus.Debugf("unable to create IPC namespace, sorry about that")
-			}
-		case specs.MountNamespace:
-			if ns.Path != "" {
-				logrus.Debugf("unable to join mount namespace %q, creating a new one", ns.Path)
-			}
-			sawMountNS = true
-		case specs.NetworkNamespace:
-			if ns.Path != "" {
-				logrus.Debugf("unable to join network namespace, sorry about that")
-			} else {
-				logrus.Debugf("unable to create network namespace, sorry about that")
-			}
-		case specs.PIDNamespace:
-			if ns.Path != "" {
-				logrus.Debugf("unable to join PID namespace, sorry about that")
-			} else {
-				logrus.Debugf("unable to create PID namespace, sorry about that")
-			}
-		case specs.UserNamespace:
-			if ns.Path != "" {
-				logrus.Debugf("unable to join user namespace, sorry about that")
-			}
-		case specs.UTSNamespace:
-			if ns.Path != "" {
-				logrus.Debugf("unable to join UTS namespace %q, creating a new one", ns.Path)
-			}
-			sawUTSNS = true
-		}
-	}
-	if !sawMountNS {
-		logrus.Debugf("mount namespace not requested, but creating a new one anyway")
-	}
-	if !sawUTSNS {
-		logrus.Debugf("UTS namespace not requested, but creating a new one anyway")
-	}
-}
-
-// setApparmorProfile sets the apparmor profile for ourselves, and hopefully any child processes that we'll start.
-func setApparmorProfile(spec *specs.Spec) error {
-	if !apparmor.IsEnabled() || spec.Process.ApparmorProfile == "" {
-		return nil
-	}
-	if err := apparmor.ApplyProfile(spec.Process.ApparmorProfile); err != nil {
-		return fmt.Errorf("error setting apparmor profile to %q: %w", spec.Process.ApparmorProfile, err)
-	}
-	return nil
-}
-
-// setCapabilities sets capabilities for ourselves, to be more or less inherited by any processes that we'll start.
-func setCapabilities(spec *specs.Spec, keepCaps ...string) error {
-	currentCaps, err := capability.NewPid2(0)
-	if err != nil {
-		return fmt.Errorf("error reading capabilities of current process: %w", err)
-	}
-	if err := currentCaps.Load(); err != nil {
-		return fmt.Errorf("error loading capabilities: %w", err)
-	}
-	caps, err := capability.NewPid2(0)
-	if err != nil {
-		return fmt.Errorf("error reading capabilities of current process: %w", err)
-	}
-	capMap := map[capability.CapType][]string{
-		capability.BOUNDING:    spec.Process.Capabilities.Bounding,
-		capability.EFFECTIVE:   spec.Process.Capabilities.Effective,
-		capability.INHERITABLE: []string{},
-		capability.PERMITTED:   spec.Process.Capabilities.Permitted,
-		capability.AMBIENT:     spec.Process.Capabilities.Ambient,
-	}
-	knownCaps := capability.List()
-	noCap := capability.Cap(-1)
-	for capType, capList := range capMap {
-		for _, capToSet := range capList {
-			cap := noCap
-			for _, c := range knownCaps {
-				if strings.EqualFold("CAP_"+c.String(), capToSet) {
-					cap = c
-					break
-				}
-			}
-			if cap == noCap {
-				return fmt.Errorf("error mapping capability %q to a number", capToSet)
-			}
-			caps.Set(capType, cap)
-		}
-		for _, capToSet := range keepCaps {
-			cap := noCap
-			for _, c := range knownCaps {
-				if strings.EqualFold("CAP_"+c.String(), capToSet) {
-					cap = c
-					break
-				}
-			}
-			if cap == noCap {
-				return fmt.Errorf("error mapping capability %q to a number", capToSet)
-			}
-			if currentCaps.Get(capType, cap) {
-				caps.Set(capType, cap)
-			}
-		}
-	}
-	if err = caps.Apply(capability.CAPS | capability.BOUNDS | capability.AMBS); err != nil {
-		return fmt.Errorf("error setting capabilities: %w", err)
-	}
-	return nil
-}
-
-// parses the resource limits for ourselves and any processes that
-// we'll start into a format that's more in line with the kernel APIs
-func parseRlimits(spec *specs.Spec) (map[int]unix.Rlimit, error) {
-	if spec.Process == nil {
-		return nil, nil
-	}
-	parsed := make(map[int]unix.Rlimit)
-	for _, limit := range spec.Process.Rlimits {
-		resource, recognized := rlimitsMap[strings.ToUpper(limit.Type)]
-		if !recognized {
-			return nil, fmt.Errorf("error parsing limit type %q", limit.Type)
-		}
-		parsed[resource] = unix.Rlimit{Cur: limit.Soft, Max: limit.Hard}
-	}
-	return parsed, nil
-}
-
-// setRlimits sets any resource limits that we want to apply to processes that
-// we'll start.
-func setRlimits(spec *specs.Spec, onlyLower, onlyRaise bool) error {
-	limits, err := parseRlimits(spec)
-	if err != nil {
-		return err
-	}
-	for resource, desired := range limits {
-		var current unix.Rlimit
-		if err := unix.Getrlimit(resource, &current); err != nil {
-			return fmt.Errorf("error reading %q limit: %w", rlimitsReverseMap[resource], err)
-		}
-		if desired.Max > current.Max && onlyLower {
-			// this would raise a hard limit, and we're only here to lower them
-			continue
-		}
-		if desired.Max < current.Max && onlyRaise {
-			// this would lower a hard limit, and we're only here to raise them
-			continue
-		}
-		if err := unix.Setrlimit(resource, &desired); err != nil {
-			return fmt.Errorf("error setting %q limit to soft=%d,hard=%d (was soft=%d,hard=%d): %w", rlimitsReverseMap[resource], desired.Cur, desired.Max, current.Cur, current.Max, err)
-		}
-	}
-	return nil
-}
-
-func makeReadOnly(mntpoint string, flags uintptr) error {
-	var fs unix.Statfs_t
-	// Make sure it's read-only.
-	if err := unix.Statfs(mntpoint, &fs); err != nil {
-		return fmt.Errorf("error checking if directory %q was bound read-only: %w", mntpoint, err)
-	}
-	if fs.Flags&unix.ST_RDONLY == 0 {
-		if err := unix.Mount(mntpoint, mntpoint, "bind", flags|unix.MS_REMOUNT, ""); err != nil {
-			return fmt.Errorf("error remounting %s in mount namespace read-only: %w", mntpoint, err)
-		}
-	}
-	return nil
-}
-
-func isDevNull(dev os.FileInfo) bool {
-	if dev.Mode()&os.ModeCharDevice != 0 {
-		stat, _ := dev.Sys().(*syscall.Stat_t)
-		nullStat := syscall.Stat_t{}
-		if err := syscall.Stat(os.DevNull, &nullStat); err != nil {
-			logrus.Warnf("unable to stat /dev/null: %v", err)
-			return false
-		}
-		if stat.Rdev == nullStat.Rdev {
-			return true
-		}
-	}
-	return false
-}
-
-// setupChrootBindMounts actually bind mounts things under the rootfs, and returns a
-// callback that will clean up its work.
-func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func() error, err error) {
-	var fs unix.Statfs_t
-	undoBinds = func() error {
-		if err2 := unix.Unmount(spec.Root.Path, unix.MNT_DETACH); err2 != nil {
-			retries := 0
-			for (err2 == unix.EBUSY || err2 == unix.EAGAIN) && retries < 50 {
-				time.Sleep(50 * time.Millisecond)
-				err2 = unix.Unmount(spec.Root.Path, unix.MNT_DETACH)
-				retries++
-			}
-			if err2 != nil {
-				logrus.Warnf("pkg/chroot: error unmounting %q (retried %d times): %v", spec.Root.Path, retries, err2)
-				if err == nil {
-					err = err2
-				}
-			}
-		}
-		return err
-	}
-
-	// Now bind mount all of those things to be under the rootfs's location in this
-	// mount namespace.
-	commonFlags := uintptr(unix.MS_BIND | unix.MS_REC | unix.MS_PRIVATE)
-	bindFlags := commonFlags | unix.MS_NODEV
-	devFlags := commonFlags | unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_RDONLY
-	procFlags := devFlags | unix.MS_NODEV
-	sysFlags := devFlags | unix.MS_NODEV
-
-	// Bind /dev read-only.
-	subDev := filepath.Join(spec.Root.Path, "/dev")
-	if err := unix.Mount("/dev", subDev, "bind", devFlags, ""); err != nil {
-		if os.IsNotExist(err) {
-			err = os.Mkdir(subDev, 0755)
-			if err == nil {
-				err = unix.Mount("/dev", subDev, "bind", devFlags, "")
-			}
-		}
-		if err != nil {
-			return undoBinds, fmt.Errorf("error bind mounting /dev from host into mount namespace: %w", err)
-		}
-	}
-	// Make sure it's read-only.
-	if err = unix.Statfs(subDev, &fs); err != nil {
-		return undoBinds, fmt.Errorf("error checking if directory %q was bound read-only: %w", subDev, err)
-	}
-	if fs.Flags&unix.ST_RDONLY == 0 {
-		if err := unix.Mount(subDev, subDev, "bind", devFlags|unix.MS_REMOUNT, ""); err != nil {
-			return undoBinds, fmt.Errorf("error remounting /dev in mount namespace read-only: %w", err)
-		}
-	}
-	logrus.Debugf("bind mounted %q to %q", "/dev", filepath.Join(spec.Root.Path, "/dev"))
-
-	// Bind /proc read-only.
-	subProc := filepath.Join(spec.Root.Path, "/proc")
-	if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
-		if os.IsNotExist(err) {
-			err = os.Mkdir(subProc, 0755)
-			if err == nil {
-				err = unix.Mount("/proc", subProc, "bind", procFlags, "")
-			}
-		}
-		if err != nil {
-			return undoBinds, fmt.Errorf("error bind mounting /proc from host into mount namespace: %w", err)
-		}
-	}
-	logrus.Debugf("bind mounted %q to %q", "/proc", filepath.Join(spec.Root.Path, "/proc"))
-
-	// Bind /sys read-only.
-	subSys := filepath.Join(spec.Root.Path, "/sys")
-	if err := unix.Mount("/sys", subSys, "bind", sysFlags, ""); err != nil {
-		if os.IsNotExist(err) {
-			err = os.Mkdir(subSys, 0755)
-			if err == nil {
-				err = unix.Mount("/sys", subSys, "bind", sysFlags, "")
-			}
-		}
-		if err != nil {
-			return undoBinds, fmt.Errorf("error bind mounting /sys from host into mount namespace: %w", err)
-		}
-	}
-	if err := makeReadOnly(subSys, sysFlags); err != nil {
-		return undoBinds, err
-	}
-
-	mnts, _ := mount.GetMounts()
-	for _, m := range mnts {
-		if !strings.HasPrefix(m.Mountpoint, "/sys/") &&
-			m.Mountpoint != "/sys" {
-			continue
-		}
-		subSys := filepath.Join(spec.Root.Path, m.Mountpoint)
-		if err := unix.Mount(m.Mountpoint, subSys, "bind", sysFlags, ""); err != nil {
-			msg := fmt.Sprintf("could not bind mount %q, skipping: %v", m.Mountpoint, err)
-			if strings.HasPrefix(m.Mountpoint, "/sys") {
-				logrus.Infof(msg)
-			} else {
-				logrus.Warningf(msg)
-			}
-			continue
-		}
-		if err := makeReadOnly(subSys, sysFlags); err != nil {
-			return undoBinds, err
-		}
-	}
-	logrus.Debugf("bind mounted %q to %q", "/sys", filepath.Join(spec.Root.Path, "/sys"))
-
-	// Bind mount in everything we've been asked to mount.
-	for _, m := range spec.Mounts {
-		// Skip anything that we just mounted.
-		switch m.Destination {
-		case "/dev", "/proc", "/sys":
-			logrus.Debugf("already bind mounted %q on %q", m.Destination, filepath.Join(spec.Root.Path, m.Destination))
-			continue
-		default:
-			if strings.HasPrefix(m.Destination, "/dev/") {
-				continue
-			}
-			if strings.HasPrefix(m.Destination, "/proc/") {
-				continue
-			}
-			if strings.HasPrefix(m.Destination, "/sys/") {
-				continue
-			}
-		}
-		// Skip anything that isn't a bind or tmpfs mount.
-		if m.Type != "bind" && m.Type != "tmpfs" && m.Type != "overlay" {
-			logrus.Debugf("skipping mount of type %q on %q", m.Type, m.Destination)
-			continue
-		}
-		// If the target is there, we can just mount it.
-		var srcinfo os.FileInfo
-		switch m.Type {
-		case "bind":
-			srcinfo, err = os.Stat(m.Source)
-			if err != nil {
-				return undoBinds, fmt.Errorf("error examining %q for mounting in mount namespace: %w", m.Source, err)
-			}
-		case "overlay":
-			fallthrough
-		case "tmpfs":
-			srcinfo, err = os.Stat("/")
-			if err != nil {
-				return undoBinds, fmt.Errorf("error examining / to use as a template for a %s: %w", m.Type, err)
-			}
-		}
-		target := filepath.Join(spec.Root.Path, m.Destination)
-		// Check if target is a symlink
-		stat, err := os.Lstat(target)
-		// If target is a symlink, follow the link and ensure the destination exists
-		if err == nil && stat != nil && (stat.Mode()&os.ModeSymlink != 0) {
-			target, err = copier.Eval(spec.Root.Path, m.Destination, copier.EvalOptions{})
-			if err != nil {
-				return nil, fmt.Errorf("evaluating symlink %q: %w", target, err)
-			}
-			// Stat the destination of the evaluated symlink
-			_, err = os.Stat(target)
-		}
-		if err != nil {
-			// If the target can't be stat()ted, check the error.
-			if !os.IsNotExist(err) {
-				return undoBinds, fmt.Errorf("error examining %q for mounting in mount namespace: %w", target, err)
-			}
-			// The target isn't there yet, so create it.
-			if srcinfo.IsDir() {
-				if err = os.MkdirAll(target, 0755); err != nil {
-					return undoBinds, fmt.Errorf("error creating mountpoint %q in mount namespace: %w", target, err)
-				}
-			} else {
-				if err = os.MkdirAll(filepath.Dir(target), 0755); err != nil {
-					return undoBinds, fmt.Errorf("error ensuring parent of mountpoint %q (%q) is present in mount namespace: %w", target, filepath.Dir(target), err)
-				}
-				var file *os.File
-				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0755); err != nil {
-					return undoBinds, fmt.Errorf("error creating mountpoint %q in mount namespace: %w", target, err)
-				}
-				file.Close()
-			}
-		}
-		requestFlags := bindFlags
-		expectedFlags := uintptr(0)
-		for _, option := range m.Options {
-			switch option {
-			case "nodev":
-				requestFlags |= unix.MS_NODEV
-				expectedFlags |= unix.ST_NODEV
-			case "dev":
-				requestFlags &= ^uintptr(unix.MS_NODEV)
-				expectedFlags &= ^uintptr(unix.ST_NODEV)
-			case "noexec":
-				requestFlags |= unix.MS_NOEXEC
-				expectedFlags |= unix.ST_NOEXEC
-			case "exec":
-				requestFlags &= ^uintptr(unix.MS_NOEXEC)
-				expectedFlags &= ^uintptr(unix.ST_NOEXEC)
-			case "nosuid":
-				requestFlags |= unix.MS_NOSUID
-				expectedFlags |= unix.ST_NOSUID
-			case "suid":
-				requestFlags &= ^uintptr(unix.MS_NOSUID)
-				expectedFlags &= ^uintptr(unix.ST_NOSUID)
-			case "ro":
-				requestFlags |= unix.MS_RDONLY
-				expectedFlags |= unix.ST_RDONLY
-			case "rw":
-				requestFlags &= ^uintptr(unix.MS_RDONLY)
-				expectedFlags &= ^uintptr(unix.ST_RDONLY)
-			}
-		}
-		switch m.Type {
-		case "bind":
-			// Do the bind mount.
-			logrus.Debugf("bind mounting %q on %q", m.Destination, filepath.Join(spec.Root.Path, m.Destination))
-			if err := unix.Mount(m.Source, target, "", requestFlags, ""); err != nil {
-				return undoBinds, fmt.Errorf("error bind mounting %q from host to %q in mount namespace (%q): %w", m.Source, m.Destination, target, err)
-			}
-			logrus.Debugf("bind mounted %q to %q", m.Source, target)
-		case "tmpfs":
-			// Mount a tmpfs.
-			if err := mount.Mount(m.Source, target, m.Type, strings.Join(append(m.Options, "private"), ",")); err != nil {
-				return undoBinds, fmt.Errorf("error mounting tmpfs to %q in mount namespace (%q, %q): %w", m.Destination, target, strings.Join(m.Options, ","), err)
-			}
-			logrus.Debugf("mounted a tmpfs to %q", target)
-		case "overlay":
-			// Mount a overlay.
-			if err := mount.Mount(m.Source, target, m.Type, strings.Join(append(m.Options, "private"), ",")); err != nil {
-				return undoBinds, fmt.Errorf("error mounting overlay to %q in mount namespace (%q, %q): %w", m.Destination, target, strings.Join(m.Options, ","), err)
-			}
-			logrus.Debugf("mounted a overlay to %q", target)
-		}
-		if err = unix.Statfs(target, &fs); err != nil {
-			return undoBinds, fmt.Errorf("error checking if directory %q was bound read-only: %w", target, err)
-		}
-		if uintptr(fs.Flags)&expectedFlags != expectedFlags {
-			if err := unix.Mount(target, target, "bind", requestFlags|unix.MS_REMOUNT, ""); err != nil {
-				return undoBinds, fmt.Errorf("error remounting %q in mount namespace with expected flags: %w", target, err)
-			}
-		}
-	}
-
-	// Set up any read-only paths that we need to.  If we're running inside
-	// of a container, some of these locations will already be read-only.
-	for _, roPath := range spec.Linux.ReadonlyPaths {
-		r := filepath.Join(spec.Root.Path, roPath)
-		target, err := filepath.EvalSymlinks(r)
-		if err != nil {
-			if os.IsNotExist(err) {
-				// No target, no problem.
-				continue
-			}
-			return undoBinds, fmt.Errorf("error checking %q for symlinks before marking it read-only: %w", r, err)
-		}
-		// Check if the location is already read-only.
-		var fs unix.Statfs_t
-		if err = unix.Statfs(target, &fs); err != nil {
-			if os.IsNotExist(err) {
-				// No target, no problem.
-				continue
-			}
-			return undoBinds, fmt.Errorf("error checking if directory %q is already read-only: %w", target, err)
-		}
-		if fs.Flags&unix.ST_RDONLY != 0 {
-			continue
-		}
-		// Mount the location over itself, so that we can remount it as read-only.
-		roFlags := uintptr(unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_RDONLY)
-		if err := unix.Mount(target, target, "", roFlags|unix.MS_BIND|unix.MS_REC, ""); err != nil {
-			if os.IsNotExist(err) {
-				// No target, no problem.
-				continue
-			}
-			return undoBinds, fmt.Errorf("error bind mounting %q onto itself in preparation for making it read-only: %w", target, err)
-		}
-		// Remount the location read-only.
-		if err = unix.Statfs(target, &fs); err != nil {
-			return undoBinds, fmt.Errorf("error checking if directory %q was bound read-only: %w", target, err)
-		}
-		if fs.Flags&unix.ST_RDONLY == 0 {
-			if err := unix.Mount(target, target, "", roFlags|unix.MS_BIND|unix.MS_REMOUNT, ""); err != nil {
-				return undoBinds, fmt.Errorf("error remounting %q in mount namespace read-only: %w", target, err)
-			}
-		}
-		// Check again.
-		if err = unix.Statfs(target, &fs); err != nil {
-			return undoBinds, fmt.Errorf("error checking if directory %q was remounted read-only: %w", target, err)
-		}
-		if fs.Flags&unix.ST_RDONLY == 0 {
-			return undoBinds, fmt.Errorf("error verifying that %q in mount namespace was remounted read-only: %w", target, err)
-		}
-	}
-
-	// Create an empty directory for to use for masking directories.
-	roEmptyDir := filepath.Join(bundlePath, "empty")
-	if len(spec.Linux.MaskedPaths) > 0 {
-		if err := os.Mkdir(roEmptyDir, 0700); err != nil {
-			return undoBinds, fmt.Errorf("error creating empty directory %q: %w", roEmptyDir, err)
-		}
-	}
-
-	// Set up any masked paths that we need to.  If we're running inside of
-	// a container, some of these locations will already be read-only tmpfs
-	// filesystems or bind mounted to os.DevNull.  If we're not running
-	// inside of a container, and nobody else has done that, we'll do it.
-	for _, masked := range spec.Linux.MaskedPaths {
-		t := filepath.Join(spec.Root.Path, masked)
-		target, err := filepath.EvalSymlinks(t)
-		if err != nil {
-			target = t
-		}
-		// Get some info about the target.
-		targetinfo, err := os.Stat(target)
-		if err != nil {
-			if os.IsNotExist(err) {
-				// No target, no problem.
-				continue
-			}
-			return undoBinds, fmt.Errorf("error examining %q for masking in mount namespace: %w", target, err)
-		}
-		if targetinfo.IsDir() {
-			// The target's a directory.  Check if it's a read-only filesystem.
-			var statfs unix.Statfs_t
-			if err = unix.Statfs(target, &statfs); err != nil {
-				return undoBinds, fmt.Errorf("error checking if directory %q is a mountpoint: %w", target, err)
-			}
-			isReadOnly := statfs.Flags&unix.MS_RDONLY != 0
-			// Check if any of the IDs we're mapping could read it.
-			var stat unix.Stat_t
-			if err = unix.Stat(target, &stat); err != nil {
-				return undoBinds, fmt.Errorf("error checking permissions on directory %q: %w", target, err)
-			}
-			isAccessible := false
-			if stat.Mode&unix.S_IROTH|unix.S_IXOTH != 0 {
-				isAccessible = true
-			}
-			if !isAccessible && stat.Mode&unix.S_IROTH|unix.S_IXOTH != 0 {
-				if len(spec.Linux.GIDMappings) > 0 {
-					for _, mapping := range spec.Linux.GIDMappings {
-						if stat.Gid >= mapping.ContainerID && stat.Gid < mapping.ContainerID+mapping.Size {
-							isAccessible = true
-							break
-						}
-					}
-				}
-			}
-			if !isAccessible && stat.Mode&unix.S_IRUSR|unix.S_IXUSR != 0 {
-				if len(spec.Linux.UIDMappings) > 0 {
-					for _, mapping := range spec.Linux.UIDMappings {
-						if stat.Uid >= mapping.ContainerID && stat.Uid < mapping.ContainerID+mapping.Size {
-							isAccessible = true
-							break
-						}
-					}
-				}
-			}
-			// Check if it's empty.
-			hasContent := false
-			directory, err := os.Open(target)
-			if err != nil {
-				if !os.IsPermission(err) {
-					return undoBinds, fmt.Errorf("error opening directory %q: %w", target, err)
-				}
-			} else {
-				names, err := directory.Readdirnames(0)
-				directory.Close()
-				if err != nil {
-					return undoBinds, fmt.Errorf("error reading contents of directory %q: %w", target, err)
-				}
-				hasContent = false
-				for _, name := range names {
-					switch name {
-					case ".", "..":
-						continue
-					default:
-						hasContent = true
-					}
-					if hasContent {
-						break
-					}
-				}
-			}
-			// The target's a directory, so read-only bind mount an empty directory on it.
-			roFlags := uintptr(syscall.MS_BIND | syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY)
-			if !isReadOnly || (hasContent && isAccessible) {
-				if err = unix.Mount(roEmptyDir, target, "bind", roFlags, ""); err != nil {
-					return undoBinds, fmt.Errorf("error masking directory %q in mount namespace: %w", target, err)
-				}
-				if err = unix.Statfs(target, &fs); err != nil {
-					return undoBinds, fmt.Errorf("error checking if directory %q was mounted read-only in mount namespace: %w", target, err)
-				}
-				if fs.Flags&unix.ST_RDONLY == 0 {
-					if err = unix.Mount(target, target, "", roFlags|syscall.MS_REMOUNT, ""); err != nil {
-						return undoBinds, fmt.Errorf("error making sure directory %q in mount namespace is read only: %w", target, err)
-					}
-				}
-			}
-		} else {
-			// If the target's is not a directory or os.DevNull, bind mount os.DevNull over it.
-			if !isDevNull(targetinfo) {
-				if err = unix.Mount(os.DevNull, target, "", uintptr(syscall.MS_BIND|syscall.MS_RDONLY|syscall.MS_PRIVATE), ""); err != nil {
-					return undoBinds, fmt.Errorf("error masking non-directory %q in mount namespace: %w", target, err)
-				}
-			}
-		}
-	}
-	return undoBinds, nil
-}
-
-// setPdeathsig sets a parent-death signal for the process
-func setPdeathsig(cmd *exec.Cmd) {
-	if cmd.SysProcAttr == nil {
-		cmd.SysProcAttr = &syscall.SysProcAttr{}
-	}
-	cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
-}
diff --git a/vendor/github.com/containers/buildah/chroot/run_common.go b/vendor/github.com/containers/buildah/chroot/run_common.go
new file mode 100644
index 000000000..34952e59f
--- /dev/null
+++ b/vendor/github.com/containers/buildah/chroot/run_common.go
@@ -0,0 +1,828 @@
+//go:build linux || freebsd
+// +build linux freebsd
+
+package chroot
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"os/signal"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+
+	"github.com/containers/buildah/bind"
+	"github.com/containers/buildah/util"
+	"github.com/containers/storage/pkg/ioutils"
+	"github.com/containers/storage/pkg/reexec"
+	"github.com/containers/storage/pkg/unshare"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+	"golang.org/x/term"
+)
+
+const (
+	// runUsingChrootCommand is a command we use as a key for reexec
+	runUsingChrootCommand = "buildah-chroot-runtime"
+	// runUsingChrootExec is a command we use as a key for reexec
+	runUsingChrootExecCommand = "buildah-chroot-exec"
+)
+
+func init() {
+	reexec.Register(runUsingChrootCommand, runUsingChrootMain)
+	reexec.Register(runUsingChrootExecCommand, runUsingChrootExecMain)
+	for limitName, limitNumber := range rlimitsMap {
+		rlimitsReverseMap[limitNumber] = limitName
+	}
+}
+
+type runUsingChrootExecSubprocOptions struct {
+	Spec       *specs.Spec
+	BundlePath string
+}
+
+// RunUsingChroot runs a chrooted process, using some of the settings from the
+// passed-in spec, and using the specified bundlePath to hold temporary files,
+// directories, and mountpoints.
+func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reader, stdout, stderr io.Writer) (err error) {
+	var confwg sync.WaitGroup
+	var homeFound bool
+	for _, env := range spec.Process.Env {
+		if strings.HasPrefix(env, "HOME=") {
+			homeFound = true
+			break
+		}
+	}
+	if !homeFound {
+		spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
+	}
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	// Write the runtime configuration, mainly for debugging.
+	specbytes, err := json.Marshal(spec)
+	if err != nil {
+		return err
+	}
+	if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, "config.json"), specbytes, 0600); err != nil {
+		return fmt.Errorf("error storing runtime configuration: %w", err)
+	}
+	logrus.Debugf("config = %v", string(specbytes))
+
+	// Default to using stdin/stdout/stderr if we weren't passed objects to use.
+	if stdin == nil {
+		stdin = os.Stdin
+	}
+	if stdout == nil {
+		stdout = os.Stdout
+	}
+	if stderr == nil {
+		stderr = os.Stderr
+	}
+
+	// Create a pipe for passing configuration down to the next process.
+	preader, pwriter, err := os.Pipe()
+	if err != nil {
+		return fmt.Errorf("error creating configuration pipe: %w", err)
+	}
+	config, conferr := json.Marshal(runUsingChrootSubprocOptions{
+		Spec:       spec,
+		BundlePath: bundlePath,
+	})
+	if conferr != nil {
+		return fmt.Errorf("error encoding configuration for %q: %w", runUsingChrootCommand, conferr)
+	}
+
+	// Set our terminal's mode to raw, to pass handling of special
+	// terminal input to the terminal in the container.
+	if spec.Process.Terminal && term.IsTerminal(unix.Stdin) {
+		state, err := term.MakeRaw(unix.Stdin)
+		if err != nil {
+			logrus.Warnf("error setting terminal state: %v", err)
+		} else {
+			defer func() {
+				if err = term.Restore(unix.Stdin, state); err != nil {
+					logrus.Errorf("unable to restore terminal state: %v", err)
+				}
+			}()
+		}
+	}
+
+	// Raise any resource limits that are higher than they are now, before
+	// we drop any more privileges.
+	if err = setRlimits(spec, false, true); err != nil {
+		return err
+	}
+
+	// Start the grandparent subprocess.
+	cmd := unshare.Command(runUsingChrootCommand)
+	setPdeathsig(cmd.Cmd)
+	cmd.Stdin, cmd.Stdout, cmd.Stderr = stdin, stdout, stderr
+	cmd.Dir = "/"
+	cmd.Env = []string{fmt.Sprintf("LOGLEVEL=%d", logrus.GetLevel())}
+
+	interrupted := make(chan os.Signal, 100)
+	cmd.Hook = func(int) error {
+		signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
+		go func() {
+			for receivedSignal := range interrupted {
+				if err := cmd.Process.Signal(receivedSignal); err != nil {
+					logrus.Infof("%v while attempting to forward %v to child process", err, receivedSignal)
+				}
+			}
+		}()
+		return nil
+	}
+
+	logrus.Debugf("Running %#v in %#v", cmd.Cmd, cmd)
+	confwg.Add(1)
+	go func() {
+		_, conferr = io.Copy(pwriter, bytes.NewReader(config))
+		pwriter.Close()
+		confwg.Done()
+	}()
+	cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
+	err = cmd.Run()
+	confwg.Wait()
+	signal.Stop(interrupted)
+	close(interrupted)
+	if err == nil {
+		return conferr
+	}
+	return err
+}
+
+// main() for grandparent subprocess.  Its main job is to shuttle stdio back
+// and forth, managing a pseudo-terminal if we want one, for our child, the
+// parent subprocess.
+func runUsingChrootMain() {
+	var options runUsingChrootSubprocOptions
+
+	runtime.LockOSThread()
+
+	// Set logging.
+	if level := os.Getenv("LOGLEVEL"); level != "" {
+		if ll, err := strconv.Atoi(level); err == nil {
+			logrus.SetLevel(logrus.Level(ll))
+		}
+		os.Unsetenv("LOGLEVEL")
+	}
+
+	// Unpack our configuration.
+	confPipe := os.NewFile(3, "confpipe")
+	if confPipe == nil {
+		fmt.Fprintf(os.Stderr, "error reading options pipe\n")
+		os.Exit(1)
+	}
+	defer confPipe.Close()
+	if err := json.NewDecoder(confPipe).Decode(&options); err != nil {
+		fmt.Fprintf(os.Stderr, "error decoding options: %v\n", err)
+		os.Exit(1)
+	}
+
+	if options.Spec == nil || options.Spec.Process == nil {
+		fmt.Fprintf(os.Stderr, "invalid options spec in runUsingChrootMain\n")
+		os.Exit(1)
+	}
+
+	// Prepare to shuttle stdio back and forth.
+	rootUID32, rootGID32, err := util.GetHostRootIDs(options.Spec)
+	if err != nil {
+		logrus.Errorf("error determining ownership for container stdio")
+		os.Exit(1)
+	}
+	rootUID := int(rootUID32)
+	rootGID := int(rootGID32)
+	relays := make(map[int]int)
+	closeOnceRunning := []*os.File{}
+	var ctty *os.File
+	var stdin io.Reader
+	var stdinCopy io.WriteCloser
+	var stdout io.Writer
+	var stderr io.Writer
+	fdDesc := make(map[int]string)
+	if options.Spec.Process.Terminal {
+		ptyMasterFd, ptyFd, err := getPtyDescriptors()
+		if err != nil {
+			logrus.Errorf("error opening PTY descriptors: %v", err)
+			os.Exit(1)
+		}
+		// Make notes about what's going where.
+		relays[ptyMasterFd] = unix.Stdout
+		relays[unix.Stdin] = ptyMasterFd
+		fdDesc[ptyMasterFd] = "container terminal"
+		fdDesc[unix.Stdin] = "stdin"
+		fdDesc[unix.Stdout] = "stdout"
+		winsize := &unix.Winsize{}
+		// Set the pseudoterminal's size to the configured size, or our own.
+		if options.Spec.Process.ConsoleSize != nil {
+			// Use configured sizes.
+			winsize.Row = uint16(options.Spec.Process.ConsoleSize.Height)
+			winsize.Col = uint16(options.Spec.Process.ConsoleSize.Width)
+		} else {
+			if term.IsTerminal(unix.Stdin) {
+				// Use the size of our terminal.
+				winsize, err = unix.IoctlGetWinsize(unix.Stdin, unix.TIOCGWINSZ)
+				if err != nil {
+					logrus.Debugf("error reading current terminal's size")
+					winsize.Row = 0
+					winsize.Col = 0
+				}
+			}
+		}
+		if winsize.Row != 0 && winsize.Col != 0 {
+			if err = unix.IoctlSetWinsize(ptyFd, unix.TIOCSWINSZ, winsize); err != nil {
+				logrus.Warnf("error setting terminal size for pty")
+			}
+			// FIXME - if we're connected to a terminal, we should
+			// be passing the updated terminal size down when we
+			// receive a SIGWINCH.
+		}
+		// Open an *os.File object that we can pass to our child.
+		ctty = os.NewFile(uintptr(ptyFd), "/dev/tty")
+		// Set ownership for the PTY.
+		if err = ctty.Chown(rootUID, rootGID); err != nil {
+			var cttyInfo unix.Stat_t
+			err2 := unix.Fstat(ptyFd, &cttyInfo)
+			from := ""
+			op := "setting"
+			if err2 == nil {
+				op = "changing"
+				from = fmt.Sprintf("from %d/%d ", cttyInfo.Uid, cttyInfo.Gid)
+			}
+			logrus.Warnf("error %s ownership of container PTY %sto %d/%d: %v", op, from, rootUID, rootGID, err)
+		}
+		// Set permissions on the PTY.
+		if err = ctty.Chmod(0620); err != nil {
+			logrus.Errorf("error setting permissions of container PTY: %v", err)
+			os.Exit(1)
+		}
+		// Make a note that our child (the parent subprocess) should
+		// have the PTY connected to its stdio, and that we should
+		// close it once it's running.
+		stdin = ctty
+		stdout = ctty
+		stderr = ctty
+		closeOnceRunning = append(closeOnceRunning, ctty)
+	} else {
+		// Create pipes for stdio.
+		stdinRead, stdinWrite, err := os.Pipe()
+		if err != nil {
+			logrus.Errorf("error opening pipe for stdin: %v", err)
+		}
+		stdoutRead, stdoutWrite, err := os.Pipe()
+		if err != nil {
+			logrus.Errorf("error opening pipe for stdout: %v", err)
+		}
+		stderrRead, stderrWrite, err := os.Pipe()
+		if err != nil {
+			logrus.Errorf("error opening pipe for stderr: %v", err)
+		}
+		// Make notes about what's going where.
+		relays[unix.Stdin] = int(stdinWrite.Fd())
+		relays[int(stdoutRead.Fd())] = unix.Stdout
+		relays[int(stderrRead.Fd())] = unix.Stderr
+		fdDesc[int(stdinWrite.Fd())] = "container stdin pipe"
+		fdDesc[int(stdoutRead.Fd())] = "container stdout pipe"
+		fdDesc[int(stderrRead.Fd())] = "container stderr pipe"
+		fdDesc[unix.Stdin] = "stdin"
+		fdDesc[unix.Stdout] = "stdout"
+		fdDesc[unix.Stderr] = "stderr"
+		// Set ownership for the pipes.
+		if err = stdinRead.Chown(rootUID, rootGID); err != nil {
+			logrus.Errorf("error setting ownership of container stdin pipe: %v", err)
+			os.Exit(1)
+		}
+		if err = stdoutWrite.Chown(rootUID, rootGID); err != nil {
+			logrus.Errorf("error setting ownership of container stdout pipe: %v", err)
+			os.Exit(1)
+		}
+		if err = stderrWrite.Chown(rootUID, rootGID); err != nil {
+			logrus.Errorf("error setting ownership of container stderr pipe: %v", err)
+			os.Exit(1)
+		}
+		// Make a note that our child (the parent subprocess) should
+		// have the pipes connected to its stdio, and that we should
+		// close its ends of them once it's running.
+		stdin = stdinRead
+		stdout = stdoutWrite
+		stderr = stderrWrite
+		closeOnceRunning = append(closeOnceRunning, stdinRead, stdoutWrite, stderrWrite)
+		stdinCopy = stdinWrite
+		defer stdoutRead.Close()
+		defer stderrRead.Close()
+	}
+	for readFd, writeFd := range relays {
+		if err := unix.SetNonblock(readFd, true); err != nil {
+			logrus.Errorf("error setting descriptor %d (%s) non-blocking: %v", readFd, fdDesc[readFd], err)
+			return
+		}
+		if err := unix.SetNonblock(writeFd, false); err != nil {
+			logrus.Errorf("error setting descriptor %d (%s) blocking: %v", relays[writeFd], fdDesc[writeFd], err)
+			return
+		}
+	}
+	if err := unix.SetNonblock(relays[unix.Stdin], true); err != nil {
+		logrus.Errorf("error setting %d to nonblocking: %v", relays[unix.Stdin], err)
+	}
+	go func() {
+		buffers := make(map[int]*bytes.Buffer)
+		for _, writeFd := range relays {
+			buffers[writeFd] = new(bytes.Buffer)
+		}
+		pollTimeout := -1
+		stdinClose := false
+		for len(relays) > 0 {
+			fds := make([]unix.PollFd, 0, len(relays))
+			for fd := range relays {
+				fds = append(fds, unix.PollFd{Fd: int32(fd), Events: unix.POLLIN | unix.POLLHUP})
+			}
+			_, err := unix.Poll(fds, pollTimeout)
+			if !util.LogIfNotRetryable(err, fmt.Sprintf("poll: %v", err)) {
+				return
+			}
+			removeFds := make(map[int]struct{})
+			for _, rfd := range fds {
+				if rfd.Revents&unix.POLLHUP == unix.POLLHUP {
+					removeFds[int(rfd.Fd)] = struct{}{}
+				}
+				if rfd.Revents&unix.POLLNVAL == unix.POLLNVAL {
+					logrus.Debugf("error polling descriptor %s: closed?", fdDesc[int(rfd.Fd)])
+					removeFds[int(rfd.Fd)] = struct{}{}
+				}
+				if rfd.Revents&unix.POLLIN == 0 {
+					if stdinClose && stdinCopy == nil {
+						continue
+					}
+					continue
+				}
+				b := make([]byte, 8192)
+				nread, err := unix.Read(int(rfd.Fd), b)
+				util.LogIfNotRetryable(err, fmt.Sprintf("read %s: %v", fdDesc[int(rfd.Fd)], err))
+				if nread > 0 {
+					if wfd, ok := relays[int(rfd.Fd)]; ok {
+						nwritten, err := buffers[wfd].Write(b[:nread])
+						if err != nil {
+							logrus.Debugf("buffer: %v", err)
+							continue
+						}
+						if nwritten != nread {
+							logrus.Debugf("buffer: expected to buffer %d bytes, wrote %d", nread, nwritten)
+							continue
+						}
+					}
+					// If this is the last of the data we'll be able to read
+					// from this descriptor, read as much as there is to read.
+					for rfd.Revents&unix.POLLHUP == unix.POLLHUP {
+						nr, err := unix.Read(int(rfd.Fd), b)
+						util.LogIfUnexpectedWhileDraining(err, fmt.Sprintf("read %s: %v", fdDesc[int(rfd.Fd)], err))
+						if nr <= 0 {
+							break
+						}
+						if wfd, ok := relays[int(rfd.Fd)]; ok {
+							nwritten, err := buffers[wfd].Write(b[:nr])
+							if err != nil {
+								logrus.Debugf("buffer: %v", err)
+								break
+							}
+							if nwritten != nr {
+								logrus.Debugf("buffer: expected to buffer %d bytes, wrote %d", nr, nwritten)
+								break
+							}
+						}
+					}
+				}
+				if nread == 0 {
+					removeFds[int(rfd.Fd)] = struct{}{}
+				}
+			}
+			pollTimeout = -1
+			for wfd, buffer := range buffers {
+				if buffer.Len() > 0 {
+					nwritten, err := unix.Write(wfd, buffer.Bytes())
+					util.LogIfNotRetryable(err, fmt.Sprintf("write %s: %v", fdDesc[wfd], err))
+					if nwritten >= 0 {
+						_ = buffer.Next(nwritten)
+					}
+				}
+				if buffer.Len() > 0 {
+					pollTimeout = 100
+				}
+				if wfd == relays[unix.Stdin] && stdinClose && buffer.Len() == 0 {
+					stdinCopy.Close()
+					delete(relays, unix.Stdin)
+				}
+			}
+			for rfd := range removeFds {
+				if rfd == unix.Stdin {
+					buffer, found := buffers[relays[unix.Stdin]]
+					if found && buffer.Len() > 0 {
+						stdinClose = true
+						continue
+					}
+				}
+				if !options.Spec.Process.Terminal && rfd == unix.Stdin {
+					stdinCopy.Close()
+				}
+				delete(relays, rfd)
+			}
+		}
+	}()
+
+	// Set up mounts and namespaces, and run the parent subprocess.
+	status, err := runUsingChroot(options.Spec, options.BundlePath, ctty, stdin, stdout, stderr, closeOnceRunning)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "error running subprocess: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Pass the process's exit status back to the caller by exiting with the same status.
+	if status.Exited() {
+		if status.ExitStatus() != 0 {
+			fmt.Fprintf(os.Stderr, "subprocess exited with status %d\n", status.ExitStatus())
+		}
+		os.Exit(status.ExitStatus())
+	} else if status.Signaled() {
+		fmt.Fprintf(os.Stderr, "subprocess exited on %s\n", status.Signal())
+		os.Exit(1)
+	}
+}
+
+// runUsingChroot, still in the grandparent process, sets up various bind
+// mounts and then runs the parent process in its own user namespace with the
+// necessary ID mappings.
+func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io.Reader, stdout, stderr io.Writer, closeOnceRunning []*os.File) (wstatus unix.WaitStatus, err error) {
+	var confwg sync.WaitGroup
+
+	// Create a new mount namespace for ourselves and bind mount everything to a new location.
+	undoIntermediates, err := bind.SetupIntermediateMountNamespace(spec, bundlePath)
+	if err != nil {
+		return 1, err
+	}
+	defer func() {
+		if undoErr := undoIntermediates(); undoErr != nil {
+			logrus.Debugf("error cleaning up intermediate mount NS: %v", err)
+		}
+	}()
+
+	// Bind mount in our filesystems.
+	undoChroots, err := setupChrootBindMounts(spec, bundlePath)
+	if err != nil {
+		return 1, err
+	}
+	defer func() {
+		if undoErr := undoChroots(); undoErr != nil {
+			logrus.Debugf("error cleaning up intermediate chroot bind mounts: %v", err)
+		}
+	}()
+
+	// Create a pipe for passing configuration down to the next process.
+	preader, pwriter, err := os.Pipe()
+	if err != nil {
+		return 1, fmt.Errorf("error creating configuration pipe: %w", err)
+	}
+	config, conferr := json.Marshal(runUsingChrootExecSubprocOptions{
+		Spec:       spec,
+		BundlePath: bundlePath,
+	})
+	if conferr != nil {
+		fmt.Fprintf(os.Stderr, "error re-encoding configuration for %q", runUsingChrootExecCommand)
+		os.Exit(1)
+	}
+
+	// Apologize for the namespace configuration that we're about to ignore.
+	logNamespaceDiagnostics(spec)
+
+	// Start the parent subprocess.
+	cmd := unshare.Command(append([]string{runUsingChrootExecCommand}, spec.Process.Args...)...)
+	setPdeathsig(cmd.Cmd)
+	cmd.Stdin, cmd.Stdout, cmd.Stderr = stdin, stdout, stderr
+	cmd.Dir = "/"
+	cmd.Env = []string{fmt.Sprintf("LOGLEVEL=%d", logrus.GetLevel())}
+	if ctty != nil {
+		cmd.Setsid = true
+		cmd.Ctty = ctty
+	}
+	cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
+	if err := setPlatformUnshareOptions(spec, cmd); err != nil {
+		return 1, fmt.Errorf("error setting platform unshare options: %w", err)
+
+	}
+	interrupted := make(chan os.Signal, 100)
+	cmd.Hook = func(int) error {
+		for _, f := range closeOnceRunning {
+			f.Close()
+		}
+		signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
+		go func() {
+			for receivedSignal := range interrupted {
+				if err := cmd.Process.Signal(receivedSignal); err != nil {
+					logrus.Infof("%v while attempting to forward %v to child process", err, receivedSignal)
+				}
+			}
+		}()
+		return nil
+	}
+
+	logrus.Debugf("Running %#v in %#v", cmd.Cmd, cmd)
+	confwg.Add(1)
+	go func() {
+		_, conferr = io.Copy(pwriter, bytes.NewReader(config))
+		pwriter.Close()
+		confwg.Done()
+	}()
+	err = cmd.Run()
+	confwg.Wait()
+	signal.Stop(interrupted)
+	close(interrupted)
+	if err != nil {
+		if exitError, ok := err.(*exec.ExitError); ok {
+			if waitStatus, ok := exitError.ProcessState.Sys().(syscall.WaitStatus); ok {
+				if waitStatus.Exited() {
+					if waitStatus.ExitStatus() != 0 {
+						fmt.Fprintf(os.Stderr, "subprocess exited with status %d\n", waitStatus.ExitStatus())
+					}
+					os.Exit(waitStatus.ExitStatus())
+				} else if waitStatus.Signaled() {
+					fmt.Fprintf(os.Stderr, "subprocess exited on %s\n", waitStatus.Signal())
+					os.Exit(1)
+				}
+			}
+		}
+		fmt.Fprintf(os.Stderr, "process exited with error: %v", err)
+		os.Exit(1)
+	}
+
+	return 0, nil
+}
+
+// main() for parent subprocess.  Its main job is to try to make our
+// environment look like the one described by the runtime configuration blob,
+// and then launch the intended command as a child.
+func runUsingChrootExecMain() {
+	args := os.Args[1:]
+	var options runUsingChrootExecSubprocOptions
+	var err error
+
+	runtime.LockOSThread()
+
+	// Set logging.
+	if level := os.Getenv("LOGLEVEL"); level != "" {
+		if ll, err := strconv.Atoi(level); err == nil {
+			logrus.SetLevel(logrus.Level(ll))
+		}
+		os.Unsetenv("LOGLEVEL")
+	}
+
+	// Unpack our configuration.
+	confPipe := os.NewFile(3, "confpipe")
+	if confPipe == nil {
+		fmt.Fprintf(os.Stderr, "error reading options pipe\n")
+		os.Exit(1)
+	}
+	defer confPipe.Close()
+	if err := json.NewDecoder(confPipe).Decode(&options); err != nil {
+		fmt.Fprintf(os.Stderr, "error decoding options: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Set the hostname.  We're already in a distinct UTS namespace and are admins in the user
+	// namespace which created it, so we shouldn't get a permissions error, but seccomp policy
+	// might deny our attempt to call sethostname() anyway, so log a debug message for that.
+	if options.Spec == nil || options.Spec.Process == nil {
+		fmt.Fprintf(os.Stderr, "invalid options spec passed in\n")
+		os.Exit(1)
+	}
+
+	if options.Spec.Hostname != "" {
+		setContainerHostname(options.Spec.Hostname)
+	}
+
+	// Try to chroot into the root.  Do this before we potentially
+	// block the syscall via the seccomp profile. Allow the
+	// platform to override this - on FreeBSD, we use a simple
+	// jail to set the hostname in the container
+	if err := createPlatformContainer(options); err != nil {
+		var oldst, newst unix.Stat_t
+		if err := unix.Stat(options.Spec.Root.Path, &oldst); err != nil {
+			fmt.Fprintf(os.Stderr, "error stat()ing intended root directory %q: %v\n", options.Spec.Root.Path, err)
+			os.Exit(1)
+		}
+		if err := unix.Chdir(options.Spec.Root.Path); err != nil {
+			fmt.Fprintf(os.Stderr, "error chdir()ing to intended root directory %q: %v\n", options.Spec.Root.Path, err)
+			os.Exit(1)
+		}
+		if err := unix.Chroot(options.Spec.Root.Path); err != nil {
+			fmt.Fprintf(os.Stderr, "error chroot()ing into directory %q: %v\n", options.Spec.Root.Path, err)
+			os.Exit(1)
+		}
+		if err := unix.Stat("/", &newst); err != nil {
+			fmt.Fprintf(os.Stderr, "error stat()ing current root directory: %v\n", err)
+			os.Exit(1)
+		}
+		if oldst.Dev != newst.Dev || oldst.Ino != newst.Ino {
+			fmt.Fprintf(os.Stderr, "unknown error chroot()ing into directory %q: %v\n", options.Spec.Root.Path, err)
+			os.Exit(1)
+		}
+		logrus.Debugf("chrooted into %q", options.Spec.Root.Path)
+	}
+
+	// not doing because it's still shared: creating devices
+	// not doing because it's not applicable: setting annotations
+	// not doing because it's still shared: setting sysctl settings
+	// not doing because cgroupfs is read only: configuring control groups
+	// -> this means we can use the freezer to make sure there aren't any lingering processes
+	// -> this means we ignore cgroups-based controls
+	// not doing because we don't set any in the config: running hooks
+	// not doing because we don't set it in the config: setting rootfs read-only
+	// not doing because we don't set it in the config: setting rootfs propagation
+	logrus.Debugf("setting apparmor profile")
+	if err = setApparmorProfile(options.Spec); err != nil {
+		fmt.Fprintf(os.Stderr, "error setting apparmor profile for process: %v\n", err)
+		os.Exit(1)
+	}
+	if err = setSelinuxLabel(options.Spec); err != nil {
+		fmt.Fprintf(os.Stderr, "error setting SELinux label for process: %v\n", err)
+		os.Exit(1)
+	}
+
+	logrus.Debugf("setting resource limits")
+	if err = setRlimits(options.Spec, false, false); err != nil {
+		fmt.Fprintf(os.Stderr, "error setting process resource limits for process: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Try to change to the directory.
+	cwd := options.Spec.Process.Cwd
+	if !filepath.IsAbs(cwd) {
+		cwd = "/" + cwd
+	}
+	cwd = filepath.Clean(cwd)
+	if err := unix.Chdir("/"); err != nil {
+		fmt.Fprintf(os.Stderr, "error chdir()ing into new root directory %q: %v\n", options.Spec.Root.Path, err)
+		os.Exit(1)
+	}
+	if err := unix.Chdir(cwd); err != nil {
+		fmt.Fprintf(os.Stderr, "error chdir()ing into directory %q under root %q: %v\n", cwd, options.Spec.Root.Path, err)
+		os.Exit(1)
+	}
+	logrus.Debugf("changed working directory to %q", cwd)
+
+	// Drop privileges.
+	user := options.Spec.Process.User
+	if len(user.AdditionalGids) > 0 {
+		gids := make([]int, len(user.AdditionalGids))
+		for i := range user.AdditionalGids {
+			gids[i] = int(user.AdditionalGids[i])
+		}
+		logrus.Debugf("setting supplemental groups")
+		if err = syscall.Setgroups(gids); err != nil {
+			fmt.Fprintf(os.Stderr, "error setting supplemental groups list: %v", err)
+			os.Exit(1)
+		}
+	} else {
+		setgroups, _ := ioutil.ReadFile("/proc/self/setgroups")
+		if strings.Trim(string(setgroups), "\n") != "deny" {
+			logrus.Debugf("clearing supplemental groups")
+			if err = syscall.Setgroups([]int{}); err != nil {
+				fmt.Fprintf(os.Stderr, "error clearing supplemental groups list: %v", err)
+				os.Exit(1)
+			}
+		}
+	}
+
+	logrus.Debugf("setting gid")
+	if err = unix.Setresgid(int(user.GID), int(user.GID), int(user.GID)); err != nil {
+		fmt.Fprintf(os.Stderr, "error setting GID: %v", err)
+		os.Exit(1)
+	}
+
+	if err = setSeccomp(options.Spec); err != nil {
+		fmt.Fprintf(os.Stderr, "error setting seccomp filter for process: %v\n", err)
+		os.Exit(1)
+	}
+
+	logrus.Debugf("setting capabilities")
+	var keepCaps []string
+	if user.UID != 0 {
+		keepCaps = []string{"CAP_SETUID"}
+	}
+	if err := setCapabilities(options.Spec, keepCaps...); err != nil {
+		fmt.Fprintf(os.Stderr, "error setting capabilities for process: %v\n", err)
+		os.Exit(1)
+	}
+
+	logrus.Debugf("setting uid")
+	if err = unix.Setresuid(int(user.UID), int(user.UID), int(user.UID)); err != nil {
+		fmt.Fprintf(os.Stderr, "error setting UID: %v", err)
+		os.Exit(1)
+	}
+
+	// Actually run the specified command.
+	cmd := exec.Command(args[0], args[1:]...)
+	setPdeathsig(cmd)
+	cmd.Env = options.Spec.Process.Env
+	cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
+	cmd.Dir = cwd
+	logrus.Debugf("Running %#v (PATH = %q)", cmd, os.Getenv("PATH"))
+	interrupted := make(chan os.Signal, 100)
+	if err = cmd.Start(); err != nil {
+		fmt.Fprintf(os.Stderr, "process failed to start with error: %v", err)
+	}
+	go func() {
+		for range interrupted {
+			if err := cmd.Process.Signal(syscall.SIGKILL); err != nil {
+				logrus.Infof("%v while attempting to send SIGKILL to child process", err)
+			}
+		}
+	}()
+	signal.Notify(interrupted, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
+	err = cmd.Wait()
+	signal.Stop(interrupted)
+	close(interrupted)
+	if err != nil {
+		if exitError, ok := err.(*exec.ExitError); ok {
+			if waitStatus, ok := exitError.ProcessState.Sys().(syscall.WaitStatus); ok {
+				if waitStatus.Exited() {
+					if waitStatus.ExitStatus() != 0 {
+						fmt.Fprintf(os.Stderr, "subprocess exited with status %d\n", waitStatus.ExitStatus())
+					}
+					os.Exit(waitStatus.ExitStatus())
+				} else if waitStatus.Signaled() {
+					fmt.Fprintf(os.Stderr, "subprocess exited on %s\n", waitStatus.Signal())
+					os.Exit(1)
+				}
+			}
+		}
+		fmt.Fprintf(os.Stderr, "process exited with error: %v", err)
+		os.Exit(1)
+	}
+}
+
+// parses the resource limits for ourselves and any processes that
+// we'll start into a format that's more in line with the kernel APIs
+func parseRlimits(spec *specs.Spec) (map[int]unix.Rlimit, error) {
+	if spec.Process == nil {
+		return nil, nil
+	}
+	parsed := make(map[int]unix.Rlimit)
+	for _, limit := range spec.Process.Rlimits {
+		resource, recognized := rlimitsMap[strings.ToUpper(limit.Type)]
+		if !recognized {
+			return nil, fmt.Errorf("error parsing limit type %q", limit.Type)
+		}
+		parsed[resource] = makeRlimit(limit)
+	}
+	return parsed, nil
+}
+
+// setRlimits sets any resource limits that we want to apply to processes that
+// we'll start.
+func setRlimits(spec *specs.Spec, onlyLower, onlyRaise bool) error {
+	limits, err := parseRlimits(spec)
+	if err != nil {
+		return err
+	}
+	for resource, desired := range limits {
+		var current unix.Rlimit
+		if err := unix.Getrlimit(resource, &current); err != nil {
+			return fmt.Errorf("error reading %q limit: %w", rlimitsReverseMap[resource], err)
+		}
+		if desired.Max > current.Max && onlyLower {
+			// this would raise a hard limit, and we're only here to lower them
+			continue
+		}
+		if desired.Max < current.Max && onlyRaise {
+			// this would lower a hard limit, and we're only here to raise them
+			continue
+		}
+		if err := unix.Setrlimit(resource, &desired); err != nil {
+			return fmt.Errorf("error setting %q limit to soft=%d,hard=%d (was soft=%d,hard=%d): %w", rlimitsReverseMap[resource], desired.Cur, desired.Max, current.Cur, current.Max, err)
+		}
+	}
+	return nil
+}
+
+func isDevNull(dev os.FileInfo) bool {
+	if dev.Mode()&os.ModeCharDevice != 0 {
+		stat, _ := dev.Sys().(*syscall.Stat_t)
+		nullStat := syscall.Stat_t{}
+		if err := syscall.Stat(os.DevNull, &nullStat); err != nil {
+			logrus.Warnf("unable to stat /dev/null: %v", err)
+			return false
+		}
+		if stat.Rdev == nullStat.Rdev {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/containers/buildah/chroot/run_freebsd.go b/vendor/github.com/containers/buildah/chroot/run_freebsd.go
new file mode 100644
index 000000000..239322f56
--- /dev/null
+++ b/vendor/github.com/containers/buildah/chroot/run_freebsd.go
@@ -0,0 +1,269 @@
+//go:build freebsd
+// +build freebsd
+
+package chroot
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"syscall"
+
+	"github.com/containers/buildah/pkg/jail"
+	"github.com/containers/storage/pkg/mount"
+	"github.com/containers/storage/pkg/unshare"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+var (
+	rlimitsMap = map[string]int{
+		"RLIMIT_AS":      unix.RLIMIT_AS,
+		"RLIMIT_CORE":    unix.RLIMIT_CORE,
+		"RLIMIT_CPU":     unix.RLIMIT_CPU,
+		"RLIMIT_DATA":    unix.RLIMIT_DATA,
+		"RLIMIT_FSIZE":   unix.RLIMIT_FSIZE,
+		"RLIMIT_MEMLOCK": unix.RLIMIT_MEMLOCK,
+		"RLIMIT_NOFILE":  unix.RLIMIT_NOFILE,
+		"RLIMIT_NPROC":   unix.RLIMIT_NPROC,
+		"RLIMIT_RSS":     unix.RLIMIT_RSS,
+		"RLIMIT_STACK":   unix.RLIMIT_STACK,
+	}
+	rlimitsReverseMap = map[int]string{}
+)
+
+type runUsingChrootSubprocOptions struct {
+	Spec       *specs.Spec
+	BundlePath string
+}
+
+func setPlatformUnshareOptions(spec *specs.Spec, cmd *unshare.Cmd) error {
+	return nil
+}
+
+func setContainerHostname(name string) {
+	// On FreeBSD, we have to set this later when we create the
+	// jail below in createPlatformContainer
+}
+
+func setSelinuxLabel(spec *specs.Spec) error {
+	// Ignore this on FreeBSD
+	return nil
+}
+
+func setApparmorProfile(spec *specs.Spec) error {
+	// FreeBSD doesn't have apparmor`
+	return nil
+}
+
+func setCapabilities(spec *specs.Spec, keepCaps ...string) error {
+	// FreeBSD capabilities are nothing like Linux
+	return nil
+}
+
+func makeRlimit(limit specs.POSIXRlimit) unix.Rlimit {
+	return unix.Rlimit{Cur: int64(limit.Soft), Max: int64(limit.Hard)}
+}
+
+func createPlatformContainer(options runUsingChrootExecSubprocOptions) error {
+	path := options.Spec.Root.Path
+	jconf := jail.NewConfig()
+	jconf.Set("name", filepath.Base(path)+"-chroot")
+	jconf.Set("host.hostname", options.Spec.Hostname)
+	jconf.Set("persist", false)
+	jconf.Set("path", path)
+	jconf.Set("ip4", jail.INHERIT)
+	jconf.Set("ip6", jail.INHERIT)
+	jconf.Set("allow.raw_sockets", true)
+	jconf.Set("enforce_statfs", 1)
+	_, err := jail.CreateAndAttach(jconf)
+	if err != nil {
+		return fmt.Errorf("error creating jail: %w", err)
+	}
+	return nil
+}
+
+// logNamespaceDiagnostics knows which namespaces we want to create.
+// Output debug messages when that differs from what we're being asked to do.
+func logNamespaceDiagnostics(spec *specs.Spec) {
+	// Nothing here for FreeBSD
+}
+
+func makeReadOnly(mntpoint string, flags uintptr) error {
+	var fs unix.Statfs_t
+	// Make sure it's read-only.
+	if err := unix.Statfs(mntpoint, &fs); err != nil {
+		return fmt.Errorf("error checking if directory %q was bound read-only: %w", mntpoint, err)
+	}
+	return nil
+}
+
+func saveDir(spec *specs.Spec, path string) string {
+	id := filepath.Base(spec.Root.Path)
+	return filepath.Join(filepath.Dir(path), ".save-"+id)
+}
+
+func copyFile(source, dest string) error {
+	in, err := os.Open(source)
+	if err != nil {
+		return err
+	}
+	defer in.Close()
+
+	out, err := os.Create(dest)
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+
+	_, err = io.Copy(out, in)
+	if err != nil {
+		return err
+	}
+	return out.Close()
+}
+
+type rename struct {
+	from, to string
+}
+
+// setupChrootBindMounts actually bind mounts things under the rootfs, and returns a
+// callback that will clean up its work.
+func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func() error, err error) {
+	renames := []rename{}
+	unmounts := []string{}
+	removes := []string{}
+	undoBinds = func() error {
+		for _, r := range renames {
+			if err2 := os.Rename(r.to, r.from); err2 != nil {
+				logrus.Warnf("pkg/chroot: error renaming %q to %q: %v", r.to, r.from, err2)
+				if err == nil {
+					err = err2
+				}
+			}
+		}
+		for _, path := range unmounts {
+			if err2 := mount.Unmount(path); err2 != nil {
+				logrus.Warnf("pkg/chroot: error unmounting %q: %v", spec.Root.Path, err2)
+				if err == nil {
+					err = err2
+				}
+			}
+		}
+		for _, path := range removes {
+			if err2 := os.Remove(path); err2 != nil {
+				logrus.Warnf("pkg/chroot: error removing %q: %v", path, err2)
+				if err == nil {
+					err = err2
+				}
+			}
+		}
+		return err
+	}
+
+	// Now mount all of those things to be under the rootfs's location in this
+	// mount namespace.
+	for _, m := range spec.Mounts {
+		// If the target is there, we can just mount it.
+		var srcinfo os.FileInfo
+		switch m.Type {
+		case "nullfs":
+			srcinfo, err = os.Stat(m.Source)
+			if err != nil {
+				return undoBinds, fmt.Errorf("error examining %q for mounting in mount namespace: %w", m.Source, err)
+			}
+		}
+		target := filepath.Join(spec.Root.Path, m.Destination)
+		if _, err := os.Stat(target); err != nil {
+			// If the target can't be stat()ted, check the error.
+			if !os.IsNotExist(err) {
+				return undoBinds, fmt.Errorf("error examining %q for mounting in mount namespace: %w", target, err)
+			}
+			// The target isn't there yet, so create it, and make a
+			// note to remove it later.
+			// XXX: This was copied from the linux version which supports bind mounting files.
+			// Leaving it here since I plan to add this to FreeBSD's nullfs.
+			if m.Type != "nullfs" || srcinfo.IsDir() {
+				if err = os.MkdirAll(target, 0111); err != nil {
+					return undoBinds, fmt.Errorf("error creating mountpoint %q in mount namespace: %w", target, err)
+				}
+				removes = append(removes, target)
+			} else {
+				if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
+					return undoBinds, fmt.Errorf("error ensuring parent of mountpoint %q (%q) is present in mount namespace: %w", target, filepath.Dir(target), err)
+				}
+				// Don't do this until we can support file mounts in nullfs
+				/*var file *os.File
+				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil {
+					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
+				}
+				file.Close()
+				removes = append(removes, target)*/
+			}
+		}
+		logrus.Debugf("mount: %v", m)
+		switch m.Type {
+		case "nullfs":
+			// Do the bind mount.
+			if !srcinfo.IsDir() {
+				logrus.Debugf("emulating file mount %q on %q", m.Source, target)
+				_, err := os.Stat(target)
+				if err == nil {
+					save := saveDir(spec, target)
+					if _, err := os.Stat(save); err != nil {
+						if os.IsNotExist(err) {
+							err = os.MkdirAll(save, 0111)
+						}
+						if err != nil {
+							return undoBinds, fmt.Errorf("error creating file mount save directory %q: %w", save, err)
+						}
+						removes = append(removes, save)
+					}
+					savePath := filepath.Join(save, filepath.Base(target))
+					if _, err := os.Stat(target); err == nil {
+						logrus.Debugf("moving %q to %q", target, savePath)
+						if err := os.Rename(target, savePath); err != nil {
+							return undoBinds, fmt.Errorf("error moving %q to %q: %w", target, savePath, err)
+						}
+						renames = append(renames, rename{
+							from: target,
+							to:   savePath,
+						})
+					}
+				} else {
+					removes = append(removes, target)
+				}
+				if err := copyFile(m.Source, target); err != nil {
+					return undoBinds, fmt.Errorf("error copying %q to %q: %w", m.Source, target, err)
+				}
+			} else {
+				logrus.Debugf("bind mounting %q on %q", m.Destination, filepath.Join(spec.Root.Path, m.Destination))
+				if err := mount.Mount(m.Source, target, "nullfs", strings.Join(m.Options, ",")); err != nil {
+					return undoBinds, fmt.Errorf("error bind mounting %q from host to %q in mount namespace (%q): %w", m.Source, m.Destination, target, err)
+				}
+				logrus.Debugf("bind mounted %q to %q", m.Source, target)
+				unmounts = append(unmounts, target)
+			}
+		case "devfs", "fdescfs", "tmpfs":
+			// Mount /dev, /dev/fd.
+			if err := mount.Mount(m.Source, target, m.Type, strings.Join(m.Options, ",")); err != nil {
+				return undoBinds, fmt.Errorf("error mounting %q to %q in mount namespace (%q, %q): %w", m.Type, m.Destination, target, strings.Join(m.Options, ","), err)
+			}
+			logrus.Debugf("mounted a %q to %q", m.Type, target)
+			unmounts = append(unmounts, target)
+		}
+	}
+	return undoBinds, nil
+}
+
+// setPdeathsig sets a parent-death signal for the process
+func setPdeathsig(cmd *exec.Cmd) {
+	if cmd.SysProcAttr == nil {
+		cmd.SysProcAttr = &syscall.SysProcAttr{}
+	}
+	cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
+}
diff --git a/vendor/github.com/containers/buildah/chroot/run_linux.go b/vendor/github.com/containers/buildah/chroot/run_linux.go
new file mode 100644
index 000000000..7e1dcca14
--- /dev/null
+++ b/vendor/github.com/containers/buildah/chroot/run_linux.go
@@ -0,0 +1,660 @@
+//go:build linux
+// +build linux
+
+package chroot
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/containers/buildah/copier"
+	"github.com/containers/storage/pkg/mount"
+	"github.com/containers/storage/pkg/unshare"
+	"github.com/opencontainers/runc/libcontainer/apparmor"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/sirupsen/logrus"
+	"github.com/syndtr/gocapability/capability"
+	"golang.org/x/sys/unix"
+)
+
+var (
+	rlimitsMap = map[string]int{
+		"RLIMIT_AS":         unix.RLIMIT_AS,
+		"RLIMIT_CORE":       unix.RLIMIT_CORE,
+		"RLIMIT_CPU":        unix.RLIMIT_CPU,
+		"RLIMIT_DATA":       unix.RLIMIT_DATA,
+		"RLIMIT_FSIZE":      unix.RLIMIT_FSIZE,
+		"RLIMIT_LOCKS":      unix.RLIMIT_LOCKS,
+		"RLIMIT_MEMLOCK":    unix.RLIMIT_MEMLOCK,
+		"RLIMIT_MSGQUEUE":   unix.RLIMIT_MSGQUEUE,
+		"RLIMIT_NICE":       unix.RLIMIT_NICE,
+		"RLIMIT_NOFILE":     unix.RLIMIT_NOFILE,
+		"RLIMIT_NPROC":      unix.RLIMIT_NPROC,
+		"RLIMIT_RSS":        unix.RLIMIT_RSS,
+		"RLIMIT_RTPRIO":     unix.RLIMIT_RTPRIO,
+		"RLIMIT_RTTIME":     unix.RLIMIT_RTTIME,
+		"RLIMIT_SIGPENDING": unix.RLIMIT_SIGPENDING,
+		"RLIMIT_STACK":      unix.RLIMIT_STACK,
+	}
+	rlimitsReverseMap = map[int]string{}
+)
+
+type runUsingChrootSubprocOptions struct {
+	Spec        *specs.Spec
+	BundlePath  string
+	UIDMappings []syscall.SysProcIDMap
+	GIDMappings []syscall.SysProcIDMap
+}
+
+func setPlatformUnshareOptions(spec *specs.Spec, cmd *unshare.Cmd) error {
+	// If we have configured ID mappings, set them here so that they can apply to the child.
+	hostUidmap, hostGidmap, err := unshare.GetHostIDMappings("")
+	if err != nil {
+		return err
+	}
+	uidmap, gidmap := spec.Linux.UIDMappings, spec.Linux.GIDMappings
+	if len(uidmap) == 0 {
+		// No UID mappings are configured for the container.  Borrow our parent's mappings.
+		uidmap = append([]specs.LinuxIDMapping{}, hostUidmap...)
+		for i := range uidmap {
+			uidmap[i].HostID = uidmap[i].ContainerID
+		}
+	}
+	if len(gidmap) == 0 {
+		// No GID mappings are configured for the container.  Borrow our parent's mappings.
+		gidmap = append([]specs.LinuxIDMapping{}, hostGidmap...)
+		for i := range gidmap {
+			gidmap[i].HostID = gidmap[i].ContainerID
+		}
+	}
+
+	cmd.UnshareFlags = syscall.CLONE_NEWUTS | syscall.CLONE_NEWNS
+	requestedUserNS := false
+	for _, ns := range spec.Linux.Namespaces {
+		if ns.Type == specs.UserNamespace {
+			requestedUserNS = true
+		}
+	}
+	if len(spec.Linux.UIDMappings) > 0 || len(spec.Linux.GIDMappings) > 0 || requestedUserNS {
+		cmd.UnshareFlags = cmd.UnshareFlags | syscall.CLONE_NEWUSER
+		cmd.UidMappings = uidmap
+		cmd.GidMappings = gidmap
+		cmd.GidMappingsEnableSetgroups = true
+	}
+	cmd.OOMScoreAdj = spec.Process.OOMScoreAdj
+	return nil
+}
+
+func setContainerHostname(name string) {
+	if err := unix.Sethostname([]byte(name)); err != nil {
+		logrus.Debugf("failed to set hostname %q for process: %v", name, err)
+	}
+}
+
+// logNamespaceDiagnostics knows which namespaces we want to create.
+// Output debug messages when that differs from what we're being asked to do.
+func logNamespaceDiagnostics(spec *specs.Spec) {
+	sawMountNS := false
+	sawUTSNS := false
+	for _, ns := range spec.Linux.Namespaces {
+		switch ns.Type {
+		case specs.CgroupNamespace:
+			if ns.Path != "" {
+				logrus.Debugf("unable to join cgroup namespace, sorry about that")
+			} else {
+				logrus.Debugf("unable to create cgroup namespace, sorry about that")
+			}
+		case specs.IPCNamespace:
+			if ns.Path != "" {
+				logrus.Debugf("unable to join IPC namespace, sorry about that")
+			} else {
+				logrus.Debugf("unable to create IPC namespace, sorry about that")
+			}
+		case specs.MountNamespace:
+			if ns.Path != "" {
+				logrus.Debugf("unable to join mount namespace %q, creating a new one", ns.Path)
+			}
+			sawMountNS = true
+		case specs.NetworkNamespace:
+			if ns.Path != "" {
+				logrus.Debugf("unable to join network namespace, sorry about that")
+			} else {
+				logrus.Debugf("unable to create network namespace, sorry about that")
+			}
+		case specs.PIDNamespace:
+			if ns.Path != "" {
+				logrus.Debugf("unable to join PID namespace, sorry about that")
+			} else {
+				logrus.Debugf("unable to create PID namespace, sorry about that")
+			}
+		case specs.UserNamespace:
+			if ns.Path != "" {
+				logrus.Debugf("unable to join user namespace, sorry about that")
+			}
+		case specs.UTSNamespace:
+			if ns.Path != "" {
+				logrus.Debugf("unable to join UTS namespace %q, creating a new one", ns.Path)
+			}
+			sawUTSNS = true
+		}
+	}
+	if !sawMountNS {
+		logrus.Debugf("mount namespace not requested, but creating a new one anyway")
+	}
+	if !sawUTSNS {
+		logrus.Debugf("UTS namespace not requested, but creating a new one anyway")
+	}
+}
+
+// setApparmorProfile sets the apparmor profile for ourselves, and hopefully any child processes that we'll start.
+func setApparmorProfile(spec *specs.Spec) error {
+	if !apparmor.IsEnabled() || spec.Process.ApparmorProfile == "" {
+		return nil
+	}
+	if err := apparmor.ApplyProfile(spec.Process.ApparmorProfile); err != nil {
+		return fmt.Errorf("error setting apparmor profile to %q: %w", spec.Process.ApparmorProfile, err)
+	}
+	return nil
+}
+
+// setCapabilities sets capabilities for ourselves, to be more or less inherited by any processes that we'll start.
+func setCapabilities(spec *specs.Spec, keepCaps ...string) error {
+	currentCaps, err := capability.NewPid2(0)
+	if err != nil {
+		return fmt.Errorf("error reading capabilities of current process: %w", err)
+	}
+	if err := currentCaps.Load(); err != nil {
+		return fmt.Errorf("error loading capabilities: %w", err)
+	}
+	caps, err := capability.NewPid2(0)
+	if err != nil {
+		return fmt.Errorf("error reading capabilities of current process: %w", err)
+	}
+	capMap := map[capability.CapType][]string{
+		capability.BOUNDING:    spec.Process.Capabilities.Bounding,
+		capability.EFFECTIVE:   spec.Process.Capabilities.Effective,
+		capability.INHERITABLE: []string{},
+		capability.PERMITTED:   spec.Process.Capabilities.Permitted,
+		capability.AMBIENT:     spec.Process.Capabilities.Ambient,
+	}
+	knownCaps := capability.List()
+	noCap := capability.Cap(-1)
+	for capType, capList := range capMap {
+		for _, capToSet := range capList {
+			cap := noCap
+			for _, c := range knownCaps {
+				if strings.EqualFold("CAP_"+c.String(), capToSet) {
+					cap = c
+					break
+				}
+			}
+			if cap == noCap {
+				return fmt.Errorf("error mapping capability %q to a number", capToSet)
+			}
+			caps.Set(capType, cap)
+		}
+		for _, capToSet := range keepCaps {
+			cap := noCap
+			for _, c := range knownCaps {
+				if strings.EqualFold("CAP_"+c.String(), capToSet) {
+					cap = c
+					break
+				}
+			}
+			if cap == noCap {
+				return fmt.Errorf("error mapping capability %q to a number", capToSet)
+			}
+			if currentCaps.Get(capType, cap) {
+				caps.Set(capType, cap)
+			}
+		}
+	}
+	if err = caps.Apply(capability.CAPS | capability.BOUNDS | capability.AMBS); err != nil {
+		return fmt.Errorf("error setting capabilities: %w", err)
+	}
+	return nil
+}
+
+func makeRlimit(limit specs.POSIXRlimit) unix.Rlimit {
+	return unix.Rlimit{Cur: limit.Soft, Max: limit.Hard}
+}
+
+func createPlatformContainer(options runUsingChrootExecSubprocOptions) error {
+	return errors.New("unsupported createPlatformContainer")
+}
+
+func makeReadOnly(mntpoint string, flags uintptr) error {
+	var fs unix.Statfs_t
+	// Make sure it's read-only.
+	if err := unix.Statfs(mntpoint, &fs); err != nil {
+		return fmt.Errorf("error checking if directory %q was bound read-only: %w", mntpoint, err)
+	}
+	if fs.Flags&unix.ST_RDONLY == 0 {
+		if err := unix.Mount(mntpoint, mntpoint, "bind", flags|unix.MS_REMOUNT, ""); err != nil {
+			return fmt.Errorf("error remounting %s in mount namespace read-only: %w", mntpoint, err)
+		}
+	}
+	return nil
+}
+
+// setupChrootBindMounts actually bind mounts things under the rootfs, and returns a
+// callback that will clean up its work.
+func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func() error, err error) {
+	var fs unix.Statfs_t
+	undoBinds = func() error {
+		if err2 := unix.Unmount(spec.Root.Path, unix.MNT_DETACH); err2 != nil {
+			retries := 0
+			for (err2 == unix.EBUSY || err2 == unix.EAGAIN) && retries < 50 {
+				time.Sleep(50 * time.Millisecond)
+				err2 = unix.Unmount(spec.Root.Path, unix.MNT_DETACH)
+				retries++
+			}
+			if err2 != nil {
+				logrus.Warnf("pkg/chroot: error unmounting %q (retried %d times): %v", spec.Root.Path, retries, err2)
+				if err == nil {
+					err = err2
+				}
+			}
+		}
+		return err
+	}
+
+	// Now bind mount all of those things to be under the rootfs's location in this
+	// mount namespace.
+	commonFlags := uintptr(unix.MS_BIND | unix.MS_REC | unix.MS_PRIVATE)
+	bindFlags := commonFlags | unix.MS_NODEV
+	devFlags := commonFlags | unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_RDONLY
+	procFlags := devFlags | unix.MS_NODEV
+	sysFlags := devFlags | unix.MS_NODEV
+
+	// Bind /dev read-only.
+	subDev := filepath.Join(spec.Root.Path, "/dev")
+	if err := unix.Mount("/dev", subDev, "bind", devFlags, ""); err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			err = os.Mkdir(subDev, 0755)
+			if err == nil {
+				err = unix.Mount("/dev", subDev, "bind", devFlags, "")
+			}
+		}
+		if err != nil {
+			return undoBinds, fmt.Errorf("error bind mounting /dev from host into mount namespace: %w", err)
+		}
+	}
+	// Make sure it's read-only.
+	if err = unix.Statfs(subDev, &fs); err != nil {
+		return undoBinds, fmt.Errorf("error checking if directory %q was bound read-only: %w", subDev, err)
+	}
+	if fs.Flags&unix.ST_RDONLY == 0 {
+		if err := unix.Mount(subDev, subDev, "bind", devFlags|unix.MS_REMOUNT, ""); err != nil {
+			return undoBinds, fmt.Errorf("error remounting /dev in mount namespace read-only: %w", err)
+		}
+	}
+	logrus.Debugf("bind mounted %q to %q", "/dev", filepath.Join(spec.Root.Path, "/dev"))
+
+	// Bind /proc read-only.
+	subProc := filepath.Join(spec.Root.Path, "/proc")
+	if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			err = os.Mkdir(subProc, 0755)
+			if err == nil {
+				err = unix.Mount("/proc", subProc, "bind", procFlags, "")
+			}
+		}
+		if err != nil {
+			return undoBinds, fmt.Errorf("error bind mounting /proc from host into mount namespace: %w", err)
+		}
+	}
+	logrus.Debugf("bind mounted %q to %q", "/proc", filepath.Join(spec.Root.Path, "/proc"))
+
+	// Bind /sys read-only.
+	subSys := filepath.Join(spec.Root.Path, "/sys")
+	if err := unix.Mount("/sys", subSys, "bind", sysFlags, ""); err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			err = os.Mkdir(subSys, 0755)
+			if err == nil {
+				err = unix.Mount("/sys", subSys, "bind", sysFlags, "")
+			}
+		}
+		if err != nil {
+			return undoBinds, fmt.Errorf("error bind mounting /sys from host into mount namespace: %w", err)
+		}
+	}
+	if err := makeReadOnly(subSys, sysFlags); err != nil {
+		return undoBinds, err
+	}
+
+	mnts, _ := mount.GetMounts()
+	for _, m := range mnts {
+		if !strings.HasPrefix(m.Mountpoint, "/sys/") &&
+			m.Mountpoint != "/sys" {
+			continue
+		}
+		subSys := filepath.Join(spec.Root.Path, m.Mountpoint)
+		if err := unix.Mount(m.Mountpoint, subSys, "bind", sysFlags, ""); err != nil {
+			msg := fmt.Sprintf("could not bind mount %q, skipping: %v", m.Mountpoint, err)
+			if strings.HasPrefix(m.Mountpoint, "/sys") {
+				logrus.Infof(msg)
+			} else {
+				logrus.Warningf(msg)
+			}
+			continue
+		}
+		if err := makeReadOnly(subSys, sysFlags); err != nil {
+			return undoBinds, err
+		}
+	}
+	logrus.Debugf("bind mounted %q to %q", "/sys", filepath.Join(spec.Root.Path, "/sys"))
+
+	// Bind mount in everything we've been asked to mount.
+	for _, m := range spec.Mounts {
+		// Skip anything that we just mounted.
+		switch m.Destination {
+		case "/dev", "/proc", "/sys":
+			logrus.Debugf("already bind mounted %q on %q", m.Destination, filepath.Join(spec.Root.Path, m.Destination))
+			continue
+		default:
+			if strings.HasPrefix(m.Destination, "/dev/") {
+				continue
+			}
+			if strings.HasPrefix(m.Destination, "/proc/") {
+				continue
+			}
+			if strings.HasPrefix(m.Destination, "/sys/") {
+				continue
+			}
+		}
+		// Skip anything that isn't a bind or tmpfs mount.
+		if m.Type != "bind" && m.Type != "tmpfs" && m.Type != "overlay" {
+			logrus.Debugf("skipping mount of type %q on %q", m.Type, m.Destination)
+			continue
+		}
+		// If the target is there, we can just mount it.
+		var srcinfo os.FileInfo
+		switch m.Type {
+		case "bind":
+			srcinfo, err = os.Stat(m.Source)
+			if err != nil {
+				return undoBinds, fmt.Errorf("error examining %q for mounting in mount namespace: %w", m.Source, err)
+			}
+		case "overlay":
+			fallthrough
+		case "tmpfs":
+			srcinfo, err = os.Stat("/")
+			if err != nil {
+				return undoBinds, fmt.Errorf("error examining / to use as a template for a %s: %w", m.Type, err)
+			}
+		}
+		target := filepath.Join(spec.Root.Path, m.Destination)
+		// Check if target is a symlink
+		stat, err := os.Lstat(target)
+		// If target is a symlink, follow the link and ensure the destination exists
+		if err == nil && stat != nil && (stat.Mode()&os.ModeSymlink != 0) {
+			target, err = copier.Eval(spec.Root.Path, m.Destination, copier.EvalOptions{})
+			if err != nil {
+				return nil, fmt.Errorf("evaluating symlink %q: %w", target, err)
+			}
+			// Stat the destination of the evaluated symlink
+			_, err = os.Stat(target)
+		}
+		if err != nil {
+			// If the target can't be stat()ted, check the error.
+			if !errors.Is(err, os.ErrNotExist) {
+				return undoBinds, fmt.Errorf("error examining %q for mounting in mount namespace: %w", target, err)
+			}
+			// The target isn't there yet, so create it.
+			if srcinfo.IsDir() {
+				if err = os.MkdirAll(target, 0755); err != nil {
+					return undoBinds, fmt.Errorf("error creating mountpoint %q in mount namespace: %w", target, err)
+				}
+			} else {
+				if err = os.MkdirAll(filepath.Dir(target), 0755); err != nil {
+					return undoBinds, fmt.Errorf("error ensuring parent of mountpoint %q (%q) is present in mount namespace: %w", target, filepath.Dir(target), err)
+				}
+				var file *os.File
+				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0755); err != nil {
+					return undoBinds, fmt.Errorf("error creating mountpoint %q in mount namespace: %w", target, err)
+				}
+				file.Close()
+			}
+		}
+		requestFlags := bindFlags
+		expectedFlags := uintptr(0)
+		for _, option := range m.Options {
+			switch option {
+			case "nodev":
+				requestFlags |= unix.MS_NODEV
+				expectedFlags |= unix.ST_NODEV
+			case "dev":
+				requestFlags &= ^uintptr(unix.MS_NODEV)
+				expectedFlags &= ^uintptr(unix.ST_NODEV)
+			case "noexec":
+				requestFlags |= unix.MS_NOEXEC
+				expectedFlags |= unix.ST_NOEXEC
+			case "exec":
+				requestFlags &= ^uintptr(unix.MS_NOEXEC)
+				expectedFlags &= ^uintptr(unix.ST_NOEXEC)
+			case "nosuid":
+				requestFlags |= unix.MS_NOSUID
+				expectedFlags |= unix.ST_NOSUID
+			case "suid":
+				requestFlags &= ^uintptr(unix.MS_NOSUID)
+				expectedFlags &= ^uintptr(unix.ST_NOSUID)
+			case "ro":
+				requestFlags |= unix.MS_RDONLY
+				expectedFlags |= unix.ST_RDONLY
+			case "rw":
+				requestFlags &= ^uintptr(unix.MS_RDONLY)
+				expectedFlags &= ^uintptr(unix.ST_RDONLY)
+			}
+		}
+		switch m.Type {
+		case "bind":
+			// Do the bind mount.
+			logrus.Debugf("bind mounting %q on %q", m.Destination, filepath.Join(spec.Root.Path, m.Destination))
+			if err := unix.Mount(m.Source, target, "", requestFlags, ""); err != nil {
+				return undoBinds, fmt.Errorf("error bind mounting %q from host to %q in mount namespace (%q): %w", m.Source, m.Destination, target, err)
+			}
+			logrus.Debugf("bind mounted %q to %q", m.Source, target)
+		case "tmpfs":
+			// Mount a tmpfs.
+			if err := mount.Mount(m.Source, target, m.Type, strings.Join(append(m.Options, "private"), ",")); err != nil {
+				return undoBinds, fmt.Errorf("error mounting tmpfs to %q in mount namespace (%q, %q): %w", m.Destination, target, strings.Join(m.Options, ","), err)
+			}
+			logrus.Debugf("mounted a tmpfs to %q", target)
+		case "overlay":
+			// Mount a overlay.
+			if err := mount.Mount(m.Source, target, m.Type, strings.Join(append(m.Options, "private"), ",")); err != nil {
+				return undoBinds, fmt.Errorf("error mounting overlay to %q in mount namespace (%q, %q): %w", m.Destination, target, strings.Join(m.Options, ","), err)
+			}
+			logrus.Debugf("mounted a overlay to %q", target)
+		}
+		if err = unix.Statfs(target, &fs); err != nil {
+			return undoBinds, fmt.Errorf("error checking if directory %q was bound read-only: %w", target, err)
+		}
+		if uintptr(fs.Flags)&expectedFlags != expectedFlags {
+			if err := unix.Mount(target, target, "bind", requestFlags|unix.MS_REMOUNT, ""); err != nil {
+				return undoBinds, fmt.Errorf("error remounting %q in mount namespace with expected flags: %w", target, err)
+			}
+		}
+	}
+
+	// Set up any read-only paths that we need to.  If we're running inside
+	// of a container, some of these locations will already be read-only.
+	for _, roPath := range spec.Linux.ReadonlyPaths {
+		r := filepath.Join(spec.Root.Path, roPath)
+		target, err := filepath.EvalSymlinks(r)
+		if err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				// No target, no problem.
+				continue
+			}
+			return undoBinds, fmt.Errorf("error checking %q for symlinks before marking it read-only: %w", r, err)
+		}
+		// Check if the location is already read-only.
+		var fs unix.Statfs_t
+		if err = unix.Statfs(target, &fs); err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				// No target, no problem.
+				continue
+			}
+			return undoBinds, fmt.Errorf("error checking if directory %q is already read-only: %w", target, err)
+		}
+		if fs.Flags&unix.ST_RDONLY != 0 {
+			continue
+		}
+		// Mount the location over itself, so that we can remount it as read-only.
+		roFlags := uintptr(unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_RDONLY)
+		if err := unix.Mount(target, target, "", roFlags|unix.MS_BIND|unix.MS_REC, ""); err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				// No target, no problem.
+				continue
+			}
+			return undoBinds, fmt.Errorf("error bind mounting %q onto itself in preparation for making it read-only: %w", target, err)
+		}
+		// Remount the location read-only.
+		if err = unix.Statfs(target, &fs); err != nil {
+			return undoBinds, fmt.Errorf("error checking if directory %q was bound read-only: %w", target, err)
+		}
+		if fs.Flags&unix.ST_RDONLY == 0 {
+			if err := unix.Mount(target, target, "", roFlags|unix.MS_BIND|unix.MS_REMOUNT, ""); err != nil {
+				return undoBinds, fmt.Errorf("error remounting %q in mount namespace read-only: %w", target, err)
+			}
+		}
+		// Check again.
+		if err = unix.Statfs(target, &fs); err != nil {
+			return undoBinds, fmt.Errorf("error checking if directory %q was remounted read-only: %w", target, err)
+		}
+		if fs.Flags&unix.ST_RDONLY == 0 {
+			return undoBinds, fmt.Errorf("error verifying that %q in mount namespace was remounted read-only: %w", target, err)
+		}
+	}
+
+	// Create an empty directory for to use for masking directories.
+	roEmptyDir := filepath.Join(bundlePath, "empty")
+	if len(spec.Linux.MaskedPaths) > 0 {
+		if err := os.Mkdir(roEmptyDir, 0700); err != nil {
+			return undoBinds, fmt.Errorf("error creating empty directory %q: %w", roEmptyDir, err)
+		}
+	}
+
+	// Set up any masked paths that we need to.  If we're running inside of
+	// a container, some of these locations will already be read-only tmpfs
+	// filesystems or bind mounted to os.DevNull.  If we're not running
+	// inside of a container, and nobody else has done that, we'll do it.
+	for _, masked := range spec.Linux.MaskedPaths {
+		t := filepath.Join(spec.Root.Path, masked)
+		target, err := filepath.EvalSymlinks(t)
+		if err != nil {
+			target = t
+		}
+		// Get some info about the target.
+		targetinfo, err := os.Stat(target)
+		if err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				// No target, no problem.
+				continue
+			}
+			return undoBinds, fmt.Errorf("error examining %q for masking in mount namespace: %w", target, err)
+		}
+		if targetinfo.IsDir() {
+			// The target's a directory.  Check if it's a read-only filesystem.
+			var statfs unix.Statfs_t
+			if err = unix.Statfs(target, &statfs); err != nil {
+				return undoBinds, fmt.Errorf("error checking if directory %q is a mountpoint: %w", target, err)
+			}
+			isReadOnly := statfs.Flags&unix.MS_RDONLY != 0
+			// Check if any of the IDs we're mapping could read it.
+			var stat unix.Stat_t
+			if err = unix.Stat(target, &stat); err != nil {
+				return undoBinds, fmt.Errorf("error checking permissions on directory %q: %w", target, err)
+			}
+			isAccessible := false
+			if stat.Mode&unix.S_IROTH|unix.S_IXOTH != 0 {
+				isAccessible = true
+			}
+			if !isAccessible && stat.Mode&unix.S_IROTH|unix.S_IXOTH != 0 {
+				if len(spec.Linux.GIDMappings) > 0 {
+					for _, mapping := range spec.Linux.GIDMappings {
+						if stat.Gid >= mapping.ContainerID && stat.Gid < mapping.ContainerID+mapping.Size {
+							isAccessible = true
+							break
+						}
+					}
+				}
+			}
+			if !isAccessible && stat.Mode&unix.S_IRUSR|unix.S_IXUSR != 0 {
+				if len(spec.Linux.UIDMappings) > 0 {
+					for _, mapping := range spec.Linux.UIDMappings {
+						if stat.Uid >= mapping.ContainerID && stat.Uid < mapping.ContainerID+mapping.Size {
+							isAccessible = true
+							break
+						}
+					}
+				}
+			}
+			// Check if it's empty.
+			hasContent := false
+			directory, err := os.Open(target)
+			if err != nil {
+				if !os.IsPermission(err) {
+					return undoBinds, fmt.Errorf("error opening directory %q: %w", target, err)
+				}
+			} else {
+				names, err := directory.Readdirnames(0)
+				directory.Close()
+				if err != nil {
+					return undoBinds, fmt.Errorf("error reading contents of directory %q: %w", target, err)
+				}
+				hasContent = false
+				for _, name := range names {
+					switch name {
+					case ".", "..":
+						continue
+					default:
+						hasContent = true
+					}
+					if hasContent {
+						break
+					}
+				}
+			}
+			// The target's a directory, so read-only bind mount an empty directory on it.
+			roFlags := uintptr(syscall.MS_BIND | syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY)
+			if !isReadOnly || (hasContent && isAccessible) {
+				if err = unix.Mount(roEmptyDir, target, "bind", roFlags, ""); err != nil {
+					return undoBinds, fmt.Errorf("error masking directory %q in mount namespace: %w", target, err)
+				}
+				if err = unix.Statfs(target, &fs); err != nil {
+					return undoBinds, fmt.Errorf("error checking if directory %q was mounted read-only in mount namespace: %w", target, err)
+				}
+				if fs.Flags&unix.ST_RDONLY == 0 {
+					if err = unix.Mount(target, target, "", roFlags|syscall.MS_REMOUNT, ""); err != nil {
+						return undoBinds, fmt.Errorf("error making sure directory %q in mount namespace is read only: %w", target, err)
+					}
+				}
+			}
+		} else {
+			// If the target's is not a directory or os.DevNull, bind mount os.DevNull over it.
+			if !isDevNull(targetinfo) {
+				if err = unix.Mount(os.DevNull, target, "", uintptr(syscall.MS_BIND|syscall.MS_RDONLY|syscall.MS_PRIVATE), ""); err != nil {
+					return undoBinds, fmt.Errorf("error masking non-directory %q in mount namespace: %w", target, err)
+				}
+			}
+		}
+	}
+	return undoBinds, nil
+}
+
+// setPdeathsig sets a parent-death signal for the process
+func setPdeathsig(cmd *exec.Cmd) {
+	if cmd.SysProcAttr == nil {
+		cmd.SysProcAttr = &syscall.SysProcAttr{}
+	}
+	cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
+}
diff --git a/vendor/github.com/containers/buildah/chroot/seccomp_freebsd.go b/vendor/github.com/containers/buildah/chroot/seccomp_freebsd.go
new file mode 100644
index 000000000..02897da74
--- /dev/null
+++ b/vendor/github.com/containers/buildah/chroot/seccomp_freebsd.go
@@ -0,0 +1,13 @@
+//go:build freebsd && seccomp
+// +build freebsd,seccomp
+
+package chroot
+
+import (
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func setSeccomp(spec *specs.Spec) error {
+	// Ignore this on FreeBSD
+	return nil
+}
diff --git a/vendor/github.com/containers/buildah/chroot/seccomp_unsupported.go b/vendor/github.com/containers/buildah/chroot/seccomp_unsupported.go
index 5e97ca073..5be2e48dc 100644
--- a/vendor/github.com/containers/buildah/chroot/seccomp_unsupported.go
+++ b/vendor/github.com/containers/buildah/chroot/seccomp_unsupported.go
@@ -1,5 +1,5 @@
-//go:build !linux || !seccomp
-// +build !linux !seccomp
+//go:build (!linux && !freebsd) || !seccomp
+// +build !linux,!freebsd !seccomp
 
 package chroot
 
diff --git a/vendor/github.com/containers/buildah/chroot/selinux_unsupported.go b/vendor/github.com/containers/buildah/chroot/selinux_unsupported.go
index 9c2eb2843..826b920e7 100644
--- a/vendor/github.com/containers/buildah/chroot/selinux_unsupported.go
+++ b/vendor/github.com/containers/buildah/chroot/selinux_unsupported.go
@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
 
 package chroot
 
diff --git a/vendor/github.com/containers/buildah/chroot/unsupported.go b/vendor/github.com/containers/buildah/chroot/unsupported.go
index 7c112d5e7..677a0a2df 100644
--- a/vendor/github.com/containers/buildah/chroot/unsupported.go
+++ b/vendor/github.com/containers/buildah/chroot/unsupported.go
@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
 
 package chroot
 
diff --git a/vendor/github.com/containers/buildah/commit.go b/vendor/github.com/containers/buildah/commit.go
index d340ca0a2..727f97b06 100644
--- a/vendor/github.com/containers/buildah/commit.go
+++ b/vendor/github.com/containers/buildah/commit.go
@@ -374,17 +374,17 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 	}
 	if err == nil {
 		imgID = img.ID
-		prunedNames := make([]string, 0, len(img.Names))
+		toPruneNames := make([]string, 0, len(img.Names))
 		for _, name := range img.Names {
-			if !(nameToRemove != "" && strings.Contains(name, nameToRemove)) {
-				prunedNames = append(prunedNames, name)
+			if nameToRemove != "" && strings.Contains(name, nameToRemove) {
+				toPruneNames = append(toPruneNames, name)
 			}
 		}
-		if len(prunedNames) < len(img.Names) {
-			if err = b.store.SetNames(imgID, prunedNames); err != nil {
-				return imgID, nil, "", fmt.Errorf("failed to prune temporary name from image %q: %w", imgID, err)
+		if len(toPruneNames) > 0 {
+			if err = b.store.RemoveNames(imgID, toPruneNames); err != nil {
+				return imgID, nil, "", fmt.Errorf("failed to remove temporary name from image %q: %w", imgID, err)
 			}
-			logrus.Debugf("reassigned names %v to image %q", prunedNames, img.ID)
+			logrus.Debugf("removing %v from assigned names to image %q", nameToRemove, img.ID)
 			dest2, err := is.Transport.ParseStoreReference(b.store, "@"+imgID)
 			if err != nil {
 				return imgID, nil, "", fmt.Errorf("error creating unnamed destination reference for image: %w", err)
diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go
index 3c7b021e1..de464ab52 100644
--- a/vendor/github.com/containers/buildah/copier/copier.go
+++ b/vendor/github.com/containers/buildah/copier/copier.go
@@ -1558,7 +1558,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 			} else {
 				// FreeBSD can return EISDIR for "mkdir /":
 				// https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=59739.
-				if !os.IsExist(err) && !errors.Is(err, syscall.EISDIR) {
+				if !errors.Is(err, os.ErrExist) && !errors.Is(err, syscall.EISDIR) {
 					return fmt.Errorf("copier: put: error checking directory %q: %w", path, err)
 				}
 			}
@@ -1581,7 +1581,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 	}
 	createFile := func(path string, tr *tar.Reader) (int64, error) {
 		f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC|os.O_EXCL, 0600)
-		if err != nil && os.IsExist(err) {
+		if err != nil && errors.Is(err, os.ErrExist) {
 			if req.PutOptions.NoOverwriteDirNonDir {
 				if st, err2 := os.Lstat(path); err2 == nil && st.IsDir() {
 					return 0, fmt.Errorf("copier: put: error creating file at %q: %w", path, err)
@@ -1626,7 +1626,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 			return errorResponse("copier: put: %s (%s): exists but is not a directory", req.Directory, targetDirectory)
 		}
 	} else {
-		if !os.IsNotExist(err) {
+		if !errors.Is(err, os.ErrNotExist) {
 			return errorResponse("copier: put: %s: %v", req.Directory, err)
 		}
 		if err := ensureDirectoryUnderRoot(req.Directory); err != nil {
@@ -1738,7 +1738,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 				if linkTarget, err = resolvePath(targetDirectory, filepath.Join(req.Root, filepath.FromSlash(hdr.Linkname)), true, nil); err != nil {
 					return fmt.Errorf("error resolving hardlink target path %q under root %q", hdr.Linkname, req.Root)
 				}
-				if err = os.Link(linkTarget, path); err != nil && os.IsExist(err) {
+				if err = os.Link(linkTarget, path); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
@@ -1753,7 +1753,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 				//	todo: the general solution requires resolving to an absolute path, handling
 				//	renaming, and then possibly converting back to a relative symlink
 				// }
-				if err = os.Symlink(filepath.FromSlash(hdr.Linkname), filepath.FromSlash(path)); err != nil && os.IsExist(err) {
+				if err = os.Symlink(filepath.FromSlash(hdr.Linkname), filepath.FromSlash(path)); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
@@ -1768,7 +1768,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 					ignoredItems[nameBeforeRenaming] = struct{}{}
 					goto nextHeader
 				}
-				if err = mknod(path, chrMode(0600), int(mkdev(devMajor, devMinor))); err != nil && os.IsExist(err) {
+				if err = mknod(path, chrMode(0600), int(mkdev(devMajor, devMinor))); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
@@ -1783,7 +1783,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 					ignoredItems[nameBeforeRenaming] = struct{}{}
 					goto nextHeader
 				}
-				if err = mknod(path, blkMode(0600), int(mkdev(devMajor, devMinor))); err != nil && os.IsExist(err) {
+				if err = mknod(path, blkMode(0600), int(mkdev(devMajor, devMinor))); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
@@ -1794,7 +1794,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 					}
 				}
 			case tar.TypeDir:
-				if err = os.Mkdir(path, 0700); err != nil && os.IsExist(err) {
+				if err = os.Mkdir(path, 0700); err != nil && errors.Is(err, os.ErrExist) {
 					if st, stErr := os.Lstat(path); stErr == nil && !st.IsDir() {
 						if req.PutOptions.NoOverwriteNonDirDir {
 							break
@@ -1821,7 +1821,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 				// the archive more than once for whatever reason
 				directoryModes[path] = mode
 			case tar.TypeFifo:
-				if err = mkfifo(path, 0600); err != nil && os.IsExist(err) {
+				if err = mkfifo(path, 0600); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
@@ -1943,7 +1943,7 @@ func copierHandlerMkdir(req request, idMappings *idtools.IDMappings) (*response,
 		} else {
 			// FreeBSD can return EISDIR for "mkdir /":
 			// https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=59739.
-			if !os.IsExist(err) && !errors.Is(err, syscall.EISDIR) {
+			if !errors.Is(err, os.ErrExist) && !errors.Is(err, syscall.EISDIR) {
 				return errorResponse("copier: mkdir: error checking directory %q: %v", path, err)
 			}
 		}
diff --git a/vendor/github.com/containers/buildah/copier/xattrs.go b/vendor/github.com/containers/buildah/copier/xattrs.go
index 15db6418d..bad057051 100644
--- a/vendor/github.com/containers/buildah/copier/xattrs.go
+++ b/vendor/github.com/containers/buildah/copier/xattrs.go
@@ -4,12 +4,12 @@
 package copier
 
 import (
+	"errors"
 	"fmt"
 	"path/filepath"
 	"strings"
 	"syscall"
 
-	"github.com/containers/buildah/util"
 	"golang.org/x/sys/unix"
 )
 
@@ -45,11 +45,11 @@ func Lgetxattrs(path string) (map[string]string, error) {
 		list = make([]byte, listSize)
 		size, err := unix.Llistxattr(path, list)
 		if err != nil {
-			if util.Cause(err) == syscall.ERANGE {
+			if errors.Is(err, syscall.ERANGE) {
 				listSize *= 2
 				continue
 			}
-			if (util.Cause(err) == syscall.ENOTSUP) || (util.Cause(err) == syscall.ENOSYS) {
+			if errors.Is(err, syscall.ENOTSUP) || errors.Is(err, syscall.ENOSYS) {
 				// treat these errors listing xattrs as equivalent to "no xattrs"
 				list = list[:0]
 				break
@@ -71,7 +71,7 @@ func Lgetxattrs(path string) (map[string]string, error) {
 				attributeValue = make([]byte, attributeSize)
 				size, err := unix.Lgetxattr(path, attribute, attributeValue)
 				if err != nil {
-					if util.Cause(err) == syscall.ERANGE {
+					if errors.Is(err, syscall.ERANGE) {
 						attributeSize *= 2
 						continue
 					}
diff --git a/vendor/github.com/containers/buildah/define/build.go b/vendor/github.com/containers/buildah/define/build.go
index 501f85ff2..352280433 100644
--- a/vendor/github.com/containers/buildah/define/build.go
+++ b/vendor/github.com/containers/buildah/define/build.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	nettypes "github.com/containers/common/libnetwork/types"
+	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
 	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage/pkg/archive"
@@ -136,6 +137,16 @@ type BuildOptions struct {
 	RuntimeArgs []string
 	// TransientMounts is a list of mounts that won't be kept in the image.
 	TransientMounts []string
+	// CacheFrom specifies any remote repository which can be treated as
+	// potential cache source.
+	CacheFrom reference.Named
+	// CacheTo specifies any remote repository which can be treated as
+	// potential cache destination.
+	CacheTo reference.Named
+	// CacheTTL specifies duration, if specified using `--cache-ttl` then
+	// cache intermediate images under this duration will be considered as
+	// valid cache sources and images outside this duration will be ignored.
+	CacheTTL time.Duration
 	// Compression specifies the type of compression which is applied to
 	// layer blobs.  The default is to not use compression, but
 	// archive.Gzip is recommended.
diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go
index 07d900811..015e1e18d 100644
--- a/vendor/github.com/containers/buildah/define/types.go
+++ b/vendor/github.com/containers/buildah/define/types.go
@@ -30,7 +30,7 @@ const (
 	Package = "buildah"
 	// Version for the Package.  Bump version in contrib/rpm/buildah.spec
 	// too.
-	Version = "1.27.0-dev"
+	Version = "1.28.0-dev"
 
 	// DefaultRuntime if containers.conf fails.
 	DefaultRuntime = "runc"
@@ -137,12 +137,7 @@ func TempDirForURL(dir, prefix, url string) (name string, subdir string, err err
 			}
 			return "", "", fmt.Errorf("cloning %q to %q:\n%s: %w", url, name, string(combinedOutput), err)
 		}
-		// Check if git url specifies any subdir
-		// if subdir is there switch to subdir.
-		if gitSubDir != "" {
-			name = filepath.Join(name, gitSubDir)
-		}
-		return name, "", nil
+		return name, gitSubDir, nil
 	}
 	if strings.HasPrefix(url, "github.com/") {
 		ghurl := url
@@ -178,11 +173,13 @@ func TempDirForURL(dir, prefix, url string) (name string, subdir string, err err
 	return "", "", errors.New("unreachable code reached")
 }
 
-func cloneToDirectory(url, dir string) ([]byte, string, error) {
+// parseGitBuildContext parses git build context to `repo`, `sub-dir`
+// `branch/commit`, accepts GitBuildContext in the format of
+// `repourl.git[#[branch-or-commit]:subdir]`.
+func parseGitBuildContext(url string) (string, string, string) {
 	gitSubdir := ""
 	gitBranch := ""
 	gitBranchPart := strings.Split(url, "#")
-	var cmd *exec.Cmd
 	if len(gitBranchPart) > 1 {
 		// check if string contains path to a subdir
 		gitSubDirPart := strings.Split(gitBranchPart[1], ":")
@@ -191,16 +188,52 @@ func cloneToDirectory(url, dir string) ([]byte, string, error) {
 		}
 		gitBranch = gitSubDirPart[0]
 	}
-	if gitBranch == "" {
-		logrus.Debugf("cloning %q to %q", gitBranchPart[0], dir)
-		cmd = exec.Command("git", "clone", "--recurse-submodules", gitBranchPart[0], dir)
-	} else {
-		logrus.Debugf("cloning repo %q and branch %q to %q", gitBranchPart[0], gitBranch, dir)
-		cmd = exec.Command("git", "clone", "--recurse-submodules", "-b", gitBranch, gitBranchPart[0], dir)
-	}
+	return gitBranchPart[0], gitSubdir, gitBranch
+}
 
+func cloneToDirectory(url, dir string) ([]byte, string, error) {
+	var cmd *exec.Cmd
+	gitRepo, gitSubdir, gitBranch := parseGitBuildContext(url)
+	// init repo
+	cmd = exec.Command("git", "init", dir)
 	combinedOutput, err := cmd.CombinedOutput()
-	return combinedOutput, gitSubdir, err
+	if err != nil {
+		return combinedOutput, gitSubdir, fmt.Errorf("failed while performing `git init`: %w", err)
+	}
+	// add origin
+	cmd = exec.Command("git", "remote", "add", "origin", gitRepo)
+	cmd.Dir = dir
+	combinedOutput, err = cmd.CombinedOutput()
+	if err != nil {
+		return combinedOutput, gitSubdir, fmt.Errorf("failed while performing `git remote add`: %w", err)
+	}
+	// fetch required branch or commit and perform checkout
+	// Always default to `HEAD` if nothing specified
+	fetch := "HEAD"
+	if gitBranch != "" {
+		fetch = gitBranch
+	}
+	logrus.Debugf("fetching repo %q and branch (or commit ID) %q to %q", gitRepo, fetch, dir)
+	cmd = exec.Command("git", "fetch", "--depth=1", "origin", "--", fetch)
+	cmd.Dir = dir
+	combinedOutput, err = cmd.CombinedOutput()
+	if err != nil {
+		return combinedOutput, gitSubdir, fmt.Errorf("failed while performing `git fetch`: %w", err)
+	}
+	if fetch == "HEAD" {
+		// We fetched default branch therefore
+		// we don't have any valid `branch` or
+		// `commit` name hence checkout detached
+		// `FETCH_HEAD`
+		fetch = "FETCH_HEAD"
+	}
+	cmd = exec.Command("git", "checkout", fetch)
+	cmd.Dir = dir
+	combinedOutput, err = cmd.CombinedOutput()
+	if err != nil {
+		return combinedOutput, gitSubdir, fmt.Errorf("failed while performing `git checkout`: %w", err)
+	}
+	return combinedOutput, gitSubdir, nil
 }
 
 func downloadToDirectory(url, dir string) error {
diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod
deleted file mode 100644
index 652f09112..000000000
--- a/vendor/github.com/containers/buildah/go.mod
+++ /dev/null
@@ -1,127 +0,0 @@
-module github.com/containers/buildah
-
-go 1.17
-
-require (
-	github.com/containerd/containerd v1.6.6
-	github.com/containernetworking/cni v1.1.1
-	github.com/containers/common v0.48.1-0.20220715075726-2ac10faca05a
-	github.com/containers/image/v5 v5.21.2-0.20220714132403-2bb3f3e44c5c
-	github.com/containers/ocicrypt v1.1.5
-	github.com/containers/storage v1.41.1-0.20220714115232-fc9b0ff5272a
-	github.com/docker/distribution v2.8.1+incompatible
-	github.com/docker/docker v20.10.17+incompatible
-	github.com/docker/go-units v0.4.0
-	github.com/fsouza/go-dockerclient v1.8.1
-	github.com/ghodss/yaml v1.0.0
-	github.com/hashicorp/go-multierror v1.1.1
-	github.com/mattn/go-shellwords v1.0.12
-	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/gomega v1.19.0
-	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198
-	github.com/opencontainers/runc v1.1.3
-	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
-	github.com/opencontainers/runtime-tools v0.9.0
-	github.com/opencontainers/selinux v1.10.1
-	github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
-	github.com/seccomp/libseccomp-golang v0.10.0
-	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/cobra v1.5.0
-	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.8.0
-	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
-	go.etcd.io/bbolt v1.3.6
-	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
-	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
-	golang.org/x/sys v0.0.0-20220624220833-87e55d714810
-	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
-)
-
-require (
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/BurntSushi/toml v1.1.0 // indirect
-	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/Microsoft/hcsshim v0.9.3 // indirect
-	github.com/VividCortex/ewma v1.2.0 // indirect
-	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/blang/semver v3.5.1+incompatible // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect
-	github.com/containerd/cgroups v1.0.3 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.12.0 // indirect
-	github.com/containernetworking/plugins v1.1.1 // indirect
-	github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a // indirect
-	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/disiqueira/gotree/v3 v3.0.2 // indirect
-	github.com/docker/docker-credential-helpers v0.6.4 // indirect
-	github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 // indirect
-	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/fsnotify/fsnotify v1.5.4 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-containerregistry v0.10.0 // indirect
-	github.com/google/go-intervals v0.0.2 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/jinzhu/copier v0.3.5 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.8 // indirect
-	github.com/klauspost/pgzip v1.2.5 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e // indirect
-	github.com/manifoldco/promptui v0.9.0 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/miekg/pkcs11 v1.1.1 // indirect
-	github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible // indirect
-	github.com/moby/sys/mount v0.3.3 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/nxadm/tail v1.4.8 // indirect
-	github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/proglottis/gpgme v0.1.3 // indirect
-	github.com/prometheus/client_golang v1.12.1 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
-	github.com/sigstore/sigstore v1.3.1-0.20220629021053-b95fc0d626c1 // indirect
-	github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
-	github.com/sylabs/sif/v2 v2.7.1 // indirect
-	github.com/tchap/go-patricia v2.3.0+incompatible // indirect
-	github.com/theupdateframework/go-tuf v0.3.0 // indirect
-	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
-	github.com/ulikunitz/xz v0.5.10 // indirect
-	github.com/vbatts/tar-split v0.11.2 // indirect
-	github.com/vbauerster/mpb/v7 v7.4.2 // indirect
-	github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5 // indirect
-	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
-	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 // indirect
-	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e // indirect
-	golang.org/x/text v0.3.7 // indirect
-	google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f // indirect
-	google.golang.org/grpc v1.47.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/klog v1.0.0 // indirect
-)
-
-replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2-0.20211123152302-43a7dee1ec31
diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum
deleted file mode 100644
index cdd6cf3b4..000000000
--- a/vendor/github.com/containers/buildah/go.sum
+++ /dev/null
@@ -1,2123 +0,0 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
-bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U=
-cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
-cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
-cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
-cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
-cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
-cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
-cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c=
-cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
-cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774 h1:SCbEWT58NSt7d2mcFdvxC9uyrdcTfvBbPLThhkDmXzg=
-github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dYRLLXyJjbkIPeeGyoJ/eKOSI0eU6eTlCBYibgd0=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
-github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
-github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
-github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
-github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
-github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
-github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
-github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
-github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
-github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.8.22/go.mod h1:91uVCVzvX2QD16sMCenoxxXo6L1wJnLMX2PSufFMtF0=
-github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
-github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
-github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/ReneKroon/ttlcache/v2 v2.11.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
-github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
-github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
-github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
-github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/aws/aws-sdk-go v1.44.44/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go-v2 v1.16.5/go.mod h1:Wh7MEsmEApyL5hrWzpDkba4gwAPc5/piwLVLFnCxp48=
-github.com/aws/aws-sdk-go-v2/config v1.15.11/go.mod h1:mD5tNFciV7YHNjPpFYqJ6KGpoSfY107oZULvTHIxtbI=
-github.com/aws/aws-sdk-go-v2/credentials v1.12.6/go.mod h1:mQgnRmBPF2S/M01W4T4Obp3ZaZB6o1s/R8cOUda9vtI=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.6/go.mod h1:ClLMcuQA/wcHPmOIfNzNI4Y1Q0oDbmEkbYhMFOzHDh8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.12/go.mod h1:Afj/U8svX6sJ77Q+FPWMzabJ9QjbwP32YlopgKALUpg=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.6/go.mod h1:FwpAKI+FBPIELJIdmQzlLtRe8LQSOreMcM2wBsPMvvc=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.13/go.mod h1:hiM/y1XPp3DoEPhoVEYc/CZcS58dP6RKJRDFp99wdX0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.6/go.mod h1:DxAPjquoEHf3rUHh1b9+47RAaXB8/7cB6jkzCt/GOEI=
-github.com/aws/aws-sdk-go-v2/service/kms v1.17.3/go.mod h1:EKkrWWXwWYf8x3Nrm6Oix3zZP9NRBHqxw5buFGVBHA0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.11.9/go.mod h1:UqRD9bBt15P0ofRyDZX6CfsIqPpzeHOhZKWzgSuAzpo=
-github.com/aws/aws-sdk-go-v2/service/sts v1.16.7/go.mod h1:lVxTdiiSHY3jb1aeg+BBFtDzZGSUCv6qaNOyEGCJ1AY=
-github.com/aws/smithy-go v1.11.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/beeker1121/goque v1.0.3-0.20191103205551-d618510128af/go.mod h1:84CWnaDz4g1tEVnFLnuBigmGK15oPohy0RfvSN8d4eg=
-github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
-github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
-github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
-github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/cilium/ebpf v0.9.0/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY=
-github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
-github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
-github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
-github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
-github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
-github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
-github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
-github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
-github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
-github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/continuity v0.2.2 h1:QSqfxcn8c+12slxwu00AtzXrsami0MJb/MQs9lOLHLA=
-github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
-github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
-github.com/containerd/go-cni v1.1.6/go.mod h1:BWtoWl5ghVymxu6MBjg79W9NZrCRyHIdUtk4cauMe34=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4=
-github.com/containerd/imgcrypt v1.1.4/go.mod h1:LorQnPtzL/T0IyCeftcsMEO7AqxUDbdO8j/tSUpgxvo=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
-github.com/containerd/stargz-snapshotter/estargz v0.9.0/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
-github.com/containerd/stargz-snapshotter/estargz v0.11.4/go.mod h1:7vRJIcImfY8bpifnMjt+HTJoQxASq7T28MYbP15/Nf0=
-github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
-github.com/containerd/stargz-snapshotter/estargz v0.12.0/go.mod h1:AIQ59TewBFJ4GOPEQXujcrJ/EKxh5xXZegW1rkR1P/M=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
-github.com/containernetworking/cni v1.1.1 h1:ky20T7c0MvKvbMOwS/FrlbNwjEoqJEUUYfsL4b0mc4k=
-github.com/containernetworking/cni v1.1.1/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNGz0C1d3wVYlHE=
-github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
-github.com/containers/common v0.48.1-0.20220715075726-2ac10faca05a h1:kdcruVl641VTIm8C3O58WRYcBTbnWCsh6AJymk28ScM=
-github.com/containers/common v0.48.1-0.20220715075726-2ac10faca05a/go.mod h1:1dA7JPGoSi83kjf5H4NIrGANyLOULyvFqV1bwvYFEek=
-github.com/containers/image/v5 v5.21.2-0.20220712113758-29aec5f7bbbf/go.mod h1:0+N0ZM9mgMmoZZc6uNcgnEsbX85Ne7b29cIW5lqWwVU=
-github.com/containers/image/v5 v5.21.2-0.20220714132403-2bb3f3e44c5c h1:ms1Vyzs9Eb17J38aFKrL0+ig2pVwQq3OleaO7VmQuV0=
-github.com/containers/image/v5 v5.21.2-0.20220714132403-2bb3f3e44c5c/go.mod h1:ykVAVRj4DhQNMHZDVU+KCtXjWBKpqiUe669eF0WBEEc=
-github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU=
-github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g=
-github.com/containers/ocicrypt v1.1.5 h1:UO+gBnBXvMvC7HTXLh0bPgLslfW8HlY+oxYcoSHBcZQ=
-github.com/containers/ocicrypt v1.1.5/go.mod h1:WgjxPWdTJMqYMjf3M6cuIFFA1/MpyyhIM99YInA+Rvc=
-github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
-github.com/containers/storage v1.41.0/go.mod h1:Pb0l5Sm/89kolX3o2KolKQ5cCHk5vPNpJrhNaLcdS5s=
-github.com/containers/storage v1.41.1-0.20220712184034-d26be7b27860/go.mod h1:uu6HCcijN30xRxW1ZuZRngwFGOlH5NpBWYiNBnDQNRw=
-github.com/containers/storage v1.41.1-0.20220714115232-fc9b0ff5272a h1:+arJAP0v8kEy5fKRPIELjarjpwUHhB7SyRE0uFXlyKY=
-github.com/containers/storage v1.41.1-0.20220714115232-fc9b0ff5272a/go.mod h1:4DfR+cPpkXKhJnnyydD3z82DXrnTBT63y1k0QWtM2i4=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-oidc/v3 v3.2.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
-github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
-github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
-github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
-github.com/disiqueira/gotree/v3 v3.0.2 h1:ik5iuLQQoufZBNPY518dXhiO5056hyNBIK9lWhkNRq8=
-github.com/disiqueira/gotree/v3 v3.0.2/go.mod h1:ZuyjE4+mUQZlbpkI24AmruZKhg3VHEgPLDY8Qk+uUu8=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v20.10.16+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.16+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
-github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
-github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
-github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 h1:IPrmumsT9t5BS7XcPhgsCTlkWbYg80SEXUzDpReaU6Y=
-github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11/go.mod h1:a6bNUGTbQBsY6VRHTr4h/rkOXjl244DyRD0tx3fgq4Q=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
-github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eggsampler/acme/v3 v3.2.1/go.mod h1:/qh0rKC/Dh7Jj+p4So7DbWmFNzC4dpcpK53r226Fhuo=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw=
-github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a/go.mod h1:7Ga40egUymuWXxAe151lTNnCv97MddSOVsjpPPkityA=
-github.com/facebookgo/ensure v0.0.0-20200202191622-63f1cf65ac4c/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64=
-github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01 h1:IeaD1VDVBPlx3viJT9Md8if8IxxJnO+x0JCGb054heg=
-github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01/go.mod h1:ypD5nozFk9vcGw1ATYefw6jHe/jZP++Z15/+VTMcWhc=
-github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 h1:a4DFiKFJiDRGFD1qIcqGLX/WlUMD9dyLSLDt+9QZgt8=
-github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52/go.mod h1:yIquW87NGRw1FU5p5lEkpnt/QxoH5uPAOUlOVkAUuMg=
-github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
-github.com/facebookgo/subset v0.0.0-20200203212716-c811ad88dec4/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
-github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz5Co8TFO8EupIdlcpwShBmY98dkT2xeHkvEI=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
-github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
-github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
-github.com/fsouza/go-dockerclient v1.7.7/go.mod h1:njNCXvoZj3sLPjf3yO0DPHf1mdLdCPDYPc14GskKA4Y=
-github.com/fsouza/go-dockerclient v1.8.1 h1:a27vHYqNSZz88nUAurI1o6W5PgEt63nAWilOI+j63RE=
-github.com/fsouza/go-dockerclient v1.8.1/go.mod h1:zmA2ogSxRnXmbZcy0Aq7yhRoCdP/bDns/qghCK9SWtM=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
-github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.7.1/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
-github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gorp/gorp/v3 v3.0.2/go.mod h1:BJ3q1ejpV8cVALtcXvXaXyTOlMmJhWDxTmncaR6rwBY=
-github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
-github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
-github.com/go-redis/redis/v8 v8.11.4/go.mod h1:2Z2wHZXdQpCDXEGzqMockDpNyYvi2l4Pxt6RJr792+w=
-github.com/go-rod/rod v0.107.3/go.mod h1:4SqYRUrcc4dSr9iT36YRZ4hdUAPg3A0O8RhxAMh0eCQ=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
-github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/gobuffalo/attrs v0.1.0/go.mod h1:fmNpaWyHM0tRm8gCZWKx8yY9fvaNLo2PyzBNSrBZ5Hw=
-github.com/gobuffalo/envy v1.8.1/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
-github.com/gobuffalo/envy v1.9.0/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
-github.com/gobuffalo/fizz v1.10.0/go.mod h1:J2XGPO0AfJ1zKw7+2BA+6FEGAkyEsdCOLvN93WCT2WI=
-github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
-github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80=
-github.com/gobuffalo/flect v0.2.1/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
-github.com/gobuffalo/genny/v2 v2.0.5/go.mod h1:kRkJuAw9mdI37AiEYjV4Dl+TgkBDYf8HZVjLkqe5eBg=
-github.com/gobuffalo/github_flavored_markdown v1.1.0/go.mod h1:TSpTKWcRTI0+v7W3x8dkSKMLJSUpuVitlptCkpeY8ic=
-github.com/gobuffalo/helpers v0.6.0/go.mod h1:pncVrer7x/KRvnL5aJABLAuT/RhKRR9klL6dkUOhyv8=
-github.com/gobuffalo/helpers v0.6.1/go.mod h1:wInbDi0vTJKZBviURTLRMFLE4+nF2uRuuL2fnlYo7w4=
-github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM=
-github.com/gobuffalo/nulls v0.2.0/go.mod h1:w4q8RoSCEt87Q0K0sRIZWYeIxkxog5mh3eN3C/n+dUc=
-github.com/gobuffalo/packd v0.3.0/go.mod h1:zC7QkmNkYVGKPw4tHpBQ+ml7W/3tIebgeo1b36chA3Q=
-github.com/gobuffalo/packd v1.0.0/go.mod h1:6VTc4htmJRFB7u1m/4LeMTWjFoYrUiBkU9Fdec9hrhI=
-github.com/gobuffalo/packr/v2 v2.8.0/go.mod h1:PDk2k3vGevNE3SwVyVRgQCCXETC9SaONCNSXT1Q8M1g=
-github.com/gobuffalo/plush/v4 v4.0.0/go.mod h1:ErFS3UxKqEb8fpFJT7lYErfN/Nw6vHGiDMTjxpk5bQ0=
-github.com/gobuffalo/pop/v5 v5.3.1/go.mod h1:vcEDhh6cJ3WVENqJDFt/6z7zNb7lLnlN8vj3n5G9rYA=
-github.com/gobuffalo/tags/v3 v3.0.2/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA=
-github.com/gobuffalo/tags/v3 v3.1.0/go.mod h1:ZQeN6TCTiwAFnS0dNcbDtSgZDwNKSpqajvVtt6mlYpA=
-github.com/gobuffalo/validate/v3 v3.0.0/go.mod h1:HFpjq+AIiA2RHoQnQVTFKF/ZpUPXwyw82LgyDPxQ9r0=
-github.com/gobuffalo/validate/v3 v3.1.0/go.mod h1:HFpjq+AIiA2RHoQnQVTFKF/ZpUPXwyw82LgyDPxQ9r0=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/certificate-transparency-go v1.0.22-0.20181127102053-c25855a82c75/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/go-containerregistry v0.10.0 h1:qd/fv2nQajGZJenaNcdaghlwSPjQ0NphN9hzArr2WWg=
-github.com/google/go-containerregistry v0.10.0/go.mod h1:C7uwbB1QUAtvnknyd3ethxJRd4gtEjU/9WLXzckfI1Y=
-github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM=
-github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
-github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
-github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
-github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
-github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
-github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.1.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
-github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M=
-github.com/hashicorp/vault/sdk v0.5.1/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
-github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
-github.com/honeycombio/beeline-go v1.1.1 h1:sU8r4ae34uEL3/CguSl8Mr+Asz9DL1nfH9Wwk85Pc7U=
-github.com/honeycombio/beeline-go v1.1.1/go.mod h1:kN0cfUGBMfA87DyCYbiiLoSzWsnw3bluZvNEWtatHxk=
-github.com/honeycombio/libhoney-go v1.15.2 h1:5NGcjOxZZma13dmzNcl3OtGbF1hECA0XHJNHEb2t2ck=
-github.com/honeycombio/libhoney-go v1.15.2/go.mod h1:JzhRPYgoBCd0rZvudrqmej4Ntx0w7AT3wAJpf5+t1WA=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
-github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw=
-github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
-github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
-github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
-github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
-github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
-github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
-github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
-github.com/jackc/pgconn v1.6.0/go.mod h1:yeseQo4xhQbgyJs2c87RAXOH2i624N0Fh1KSPJya7qo=
-github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
-github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
-github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
-github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
-github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
-github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
-github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
-github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
-github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.0.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
-github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
-github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
-github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
-github.com/jackc/pgtype v1.3.0/go.mod h1:b0JqxHvPmljG+HQ5IsvQ0yqeSi4nGcDTVjFoiLDb0Ik=
-github.com/jackc/pgx v3.6.2+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
-github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
-github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
-github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
-github.com/jackc/pgx/v4 v4.6.0/go.mod h1:vPh43ZzxijXUVJ+t/EmXBtFmbFVO72cuneCT9oAlxAg=
-github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
-github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
-github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4=
-github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo=
-github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
-github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
-github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/karrick/godirwalk v1.15.3/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
-github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
-github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.15.8 h1:JahtItbkWjf2jzm/T+qgMxkP9EMHsqEUA6vCMGmXvhA=
-github.com/klauspost/compress v1.15.8/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
-github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/labstack/echo/v4 v4.3.0/go.mod h1:PvmtTvhVqKDzDQy4d3bWzPjZLzom4iQbAZy2sgZ/qI8=
-github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
-github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e h1:1aV3EJ4ZMsc63MFU4rB+ccSEhZvvVD71T9RA4Rqd3hI=
-github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e/go.mod h1:Bl3mfF2LHYepsU2XfzMceIglyByfPe1IFAXtO+p37Qk=
-github.com/letsencrypt/challtestsrv v1.2.1/go.mod h1:Ur4e4FvELUXLGhkMztHOsPIsvGxD/kzSJninOrkM+zc=
-github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
-github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
-github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg=
-github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
-github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
-github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
-github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
-github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
-github.com/miekg/dns v1.1.45/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
-github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
-github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
-github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
-github.com/moby/sys/mount v0.2.0/go.mod h1:aAivFE2LB3W4bACsUXChRHQ0qKWsetY4Y9V7sxOougM=
-github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
-github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
-github.com/moby/sys/mountinfo v0.6.1/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
-github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
-github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
-github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0=
-github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
-github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
-github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
-github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
-github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
-github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.2-0.20211123152302-43a7dee1ec31 h1:Wh4aR2I6JFwySre9m3iHJYuMnvUFE/HT6qAXozRWi/E=
-github.com/opencontainers/image-spec v1.0.2-0.20211123152302-43a7dee1ec31/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runc v1.1.1-0.20220607072441-a7a45d7d2721/go.mod h1:QvA0UNe48mC1JxcXq0sENIR38+/LdJMLNxuAvtFBhxA=
-github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w=
-github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU=
-github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo=
-github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
-github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
-github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
-github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df h1:vf6pdI10F2Tim5a9JKiVVl4/dpNz1OEhz4EnfLdLtiA=
-github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=
-github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
-github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/proglottis/gpgme v0.1.3 h1:Crxx0oz4LKB3QXc5Ea0J19K/3ICfy3ftr5exgUK1AU0=
-github.com/proglottis/gpgme v0.1.3/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
-github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
-github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y=
-github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
-github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY=
-github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
-github.com/secure-systems-lab/go-securesystemslib v0.3.1/go.mod h1:o8hhjkbNl2gOamKUA/eNW3xUrntHT9L4W89W1nfj43U=
-github.com/secure-systems-lab/go-securesystemslib v0.4.0/go.mod h1:FGBZgq2tXWICsxWQW1msNf49F0Pf2Op5Htayx335Qbs=
-github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
-github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
-github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sigstore/sigstore v1.3.1-0.20220629021053-b95fc0d626c1 h1:5TPCWtlOsaCiuAaglfZX7obd+/kuE8lGUhsVQzmQSaI=
-github.com/sigstore/sigstore v1.3.1-0.20220629021053-b95fc0d626c1/go.mod h1:y83NePRM98MJpbGgBgi54UZduhG0aD7lYngAVCx+i/E=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
-github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
-github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
-github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
-github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
-github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 h1:lIOOHPEbXzO3vnmx2gok1Tfs31Q8GQqKLc8vVqyQq/I=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/sylabs/sif/v2 v2.7.1 h1:XXt9AP39sQfsMCGOGQ/XP9H47yqZOvAonalkaCaNIYM=
-github.com/sylabs/sif/v2 v2.7.1/go.mod h1:bBse2nEFd3yHkmq6KmAOFEWQg5LdFYiQUdVcgamxlc8=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
-github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs=
-github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/theupdateframework/go-tuf v0.3.0 h1:od2sc5+BSkKZhmUG2o2rmruy0BGSmhrbDhCnpxh87X8=
-github.com/theupdateframework/go-tuf v0.3.0/go.mod h1:E5XP0wXitrFUHe4b8cUcAAdxBW4LbfnqF4WXXGLgWNo=
-github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
-github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
-github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
-github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
-github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
-github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
-github.com/vbauerster/mpb/v7 v7.4.2 h1:n917F4d8EWdUKc9c81wFkksyG6P6Mg7IETfKCE1Xqng=
-github.com/vbauerster/mpb/v7 v7.4.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5 h1:+UB2BJA852UkGH42H+Oee69djmxS3ANzl2b/JtT1YiA=
-github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
-github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U=
-github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
-github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY=
-github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
-github.com/weppos/publicsuffix-go v0.15.1-0.20210807195340-dc689ff0bb59/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
-github.com/weppos/publicsuffix-go v0.15.1-0.20220329081811-9a40b608a236/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18=
-github.com/ysmood/got v0.31.2/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY=
-github.com/ysmood/gotrace v0.6.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM=
-github.com/ysmood/gson v0.7.1/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
-github.com/ysmood/leakless v0.7.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
-github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
-github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
-github.com/zmap/zcrypto v0.0.0-20210811211718-6f9bc4aff20f/go.mod h1:y/9hjFEub4DtQxTHp/pqticBgdYeCwL97vojV3lsvHY=
-github.com/zmap/zlint/v3 v3.3.1-0.20211019173530-cb17369b4628/go.mod h1:O+4OXRfNLKqOyDl4eKZ1SBlYudKGUBGRFcv+m1KLr28=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
-go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
-go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
-go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
-go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
-go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE=
-go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc=
-go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0=
-go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
-go.opentelemetry.io/contrib/propagators v0.19.0 h1:HrixVNZYFjUl/Db+Tr3DhqzLsVW9GeVf/Gye+C5dNUY=
-go.opentelemetry.io/contrib/propagators v0.19.0/go.mod h1:4QOdZClXISU5S43xZxk5tYaWcpb+lehqfKtE6PK6msE=
-go.opentelemetry.io/otel v0.19.0/go.mod h1:j9bF567N9EfomkSidSfmMwIwIBuP37AMAIzVW85OxSg=
-go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
-go.opentelemetry.io/otel v1.3.0 h1:APxLf0eiBwLl+SOXiJJCVYzA1OOJNyAoV8C5RNRyy7Y=
-go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
-go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
-go.opentelemetry.io/otel/metric v0.19.0/go.mod h1:8f9fglJPRnXuskQmKpnad31lcLJ2VmNNqIsx/uIwBSc=
-go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/oteltest v0.19.0/go.mod h1:tI4yxwh8U21v7JD6R3BcA/2+RBoTKFexE/PJ/nSO7IA=
-go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
-go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
-go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
-go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
-go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
-go.opentelemetry.io/otel/trace v0.19.0/go.mod h1:4IXiNextNOpPnRlI4ryK69mn5iC84bjBWZQA5DXz/qg=
-go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
-go.opentelemetry.io/otel/trace v1.3.0 h1:doy8Hzb1RJ+I3yFhtDmwNc7tIyw1tNMOIsyPzp1NOGY=
-go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-goji.io/v3 v3.0.0/go.mod h1:c02FFnNiVNCDo+DpR2IhBQpM9r5G1BG/MkHNTPUJ13U=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220524220425-1d687d428aca/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ=
-golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
-golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220624220833-87e55d714810 h1:rHZQSjJdAI4Xf5Qzeh2bBc5YJIkPFVM6oDtMFYmgws0=
-golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200308013534-11ec41452d41/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210112230658-8b4aab62c064/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
-google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
-google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
-google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
-google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
-google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
-google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
-google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
-google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
-google.golang.org/api v0.86.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
-google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
-google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f h1:hJ/Y5SqPXbarffmAsApliUlcvMU+wScNGfyop4bZm8o=
-google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
-google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc=
-gopkg.in/alexcesaro/statsd.v2 v2.0.0/go.mod h1:i0ubccKGzBVNBpdGV5MocxyA/XlLUJzA7SLonnE4drU=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
-k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y=
-k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/cri-api v0.23.1/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
-k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/vendor/github.com/containers/buildah/image.go b/vendor/github.com/containers/buildah/image.go
index ec427da1c..335a6733c 100644
--- a/vendor/github.com/containers/buildah/image.go
+++ b/vendor/github.com/containers/buildah/image.go
@@ -430,6 +430,16 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System
 			return nil, fmt.Errorf("error compressing %s: %w", what, err)
 		}
 		writer := io.MultiWriter(writeCloser, srcHasher.Hash())
+		// Scrub any local user names that might correspond to UIDs or GIDs of
+		// files in this layer.
+		{
+			nestedWriteCloser := ioutils.NewWriteCloserWrapper(writer, writeCloser.Close)
+			writeCloser = newTarFilterer(nestedWriteCloser, func(hdr *tar.Header) (bool, bool, io.Reader) {
+				hdr.Uname, hdr.Gname = "", ""
+				return false, false, nil
+			})
+			writer = io.Writer(writeCloser)
+		}
 		// Use specified timestamps in the layer, if we're doing that for
 		// history entries.
 		if i.created != nil {
@@ -747,7 +757,7 @@ func (i *containerImageSource) GetBlob(ctx context.Context, blob types.BlobInfo,
 				}
 				layerFile.Close()
 			}
-			if !os.IsNotExist(err) {
+			if !errors.Is(err, os.ErrNotExist) {
 				logrus.Debugf("error checking for layer %q in %q: %v", blob.Digest.String(), blobDir, err)
 			}
 		}
diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go
index e098db473..a1810d6ad 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/build.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/build.go
@@ -185,7 +185,8 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
 	options.Manifest = ""
 	type instance struct {
 		v1.Platform
-		ID string
+		ID  string
+		Ref reference.Canonical
 	}
 	var instances []instance
 	var instancesLock sync.Mutex
@@ -266,10 +267,10 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
 			if err != nil {
 				return err
 			}
-			id, ref = thisID, thisRef
 			instancesLock.Lock()
 			instances = append(instances, instance{
 				ID:       thisID,
+				Ref:      thisRef,
 				Platform: platformSpec,
 			})
 			instancesLock.Unlock()
@@ -284,6 +285,25 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
 		return "", nil, merr.ErrorOrNil()
 	}
 
+	// Reasons for this id, ref assigment w.r.t to use-case:
+	//
+	// * Single-platform build: On single platform build we only
+	//   have one built instance i.e on indice 0 of built instances,
+	//   so assign that.
+	//
+	// * Multi-platform build with manifestList: If this is a build for
+	//   multiple platforms ( more than one platform ) and --manifest
+	//   option then this assignment is insignificant since it will be
+	//   overriden anyways with the id and ref of manifest list later in
+	//   in this code.
+	//
+	// * Multi-platform build without manifest list: If this is a build for
+	//   multiple platforms without --manifest then we are free to return
+	//   id and ref of any one of the image in the instance list so always
+	//   return indice 0 for predictable output instead returning the id and
+	//   ref of the go routine which completed at last.
+	id, ref = instances[0].ID, instances[0].Ref
+
 	if manifestList != "" {
 		rt, err := libimage.RuntimeFromStore(store, nil)
 		if err != nil {
@@ -396,6 +416,7 @@ func buildDockerfilesOnce(ctx context.Context, store storage.Store, logger *logr
 	for i, d := range dockerfilecontents[1:] {
 		additionalNode, err := imagebuilder.ParseDockerfile(bytes.NewReader(d))
 		if err != nil {
+			dockerfiles := dockerfiles[1:]
 			return "", nil, fmt.Errorf("error parsing additional Dockerfile %s: %w", dockerfiles[i], err)
 		}
 		mainNode.Children = append(mainNode.Children, additionalNode.Children...)
@@ -662,6 +683,7 @@ func baseImages(dockerfilenames []string, dockerfilecontents [][]byte, from stri
 	for i, d := range dockerfilecontents[1:] {
 		additionalNode, err := imagebuilder.ParseDockerfile(bytes.NewReader(d))
 		if err != nil {
+			dockerfilenames := dockerfilenames[1:]
 			return nil, fmt.Errorf("error parsing additional Dockerfile %s: %w", dockerfilenames[i], err)
 		}
 		mainNode.Children = append(mainNode.Children, additionalNode.Children...)
diff --git a/vendor/github.com/containers/buildah/imagebuildah/executor.go b/vendor/github.com/containers/buildah/imagebuildah/executor.go
index c9e2493b3..ddd2dfc48 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go
@@ -58,6 +58,9 @@ var builtinAllowedBuildArgs = map[string]bool{
 // interface.  It coordinates the entire build by using one or more
 // StageExecutors to handle each stage of the build.
 type Executor struct {
+	cacheFrom                      reference.Named
+	cacheTo                        reference.Named
+	cacheTTL                       time.Duration
 	containerSuffix                string
 	logger                         *logrus.Logger
 	stages                         map[string]*StageExecutor
@@ -212,6 +215,9 @@ func newExecutor(logger *logrus.Logger, logPrefix string, store storage.Store, o
 	}
 
 	exec := Executor{
+		cacheFrom:                      options.CacheFrom,
+		cacheTo:                        options.CacheTo,
+		cacheTTL:                       options.CacheTTL,
 		containerSuffix:                options.ContainerSuffix,
 		logger:                         logger,
 		stages:                         make(map[string]*StageExecutor),
diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
index d21757f4b..9d8214fbd 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@@ -2,6 +2,8 @@ package imagebuildah
 
 import (
 	"context"
+	"crypto/sha256"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -22,6 +24,7 @@ import (
 	"github.com/containers/buildah/util"
 	config "github.com/containers/common/pkg/config"
 	cp "github.com/containers/image/v5/copy"
+	imagedocker "github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/manifest"
 	is "github.com/containers/image/v5/storage"
@@ -35,6 +38,7 @@ import (
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/openshift/imagebuilder"
+	"github.com/openshift/imagebuilder/dockerfile/command"
 	"github.com/openshift/imagebuilder/dockerfile/parser"
 	"github.com/sirupsen/logrus"
 )
@@ -123,7 +127,7 @@ func (s *StageExecutor) Preserve(path string) error {
 	}
 
 	st, err := os.Stat(archivedPath)
-	if os.IsNotExist(err) {
+	if errors.Is(err, os.ErrNotExist) {
 		createdDirPerms := os.FileMode(0755)
 		if err = copier.Mkdir(s.mountPoint, archivedPath, copier.MkdirOptions{ChmodNew: &createdDirPerms}); err != nil {
 			return fmt.Errorf("error ensuring volume path exists: %w", err)
@@ -165,7 +169,7 @@ func (s *StageExecutor) Preserve(path string) error {
 		archivedPath := filepath.Join(s.mountPoint, cachedPath)
 		logrus.Debugf("no longer need cache of %q in %q", archivedPath, s.volumeCache[cachedPath])
 		if err := os.Remove(s.volumeCache[cachedPath]); err != nil {
-			if os.IsNotExist(err) {
+			if errors.Is(err, os.ErrNotExist) {
 				continue
 			}
 			return err
@@ -186,7 +190,7 @@ func (s *StageExecutor) volumeCacheInvalidate(path string) error {
 	}
 	for _, cachedPath := range invalidated {
 		if err := os.Remove(s.volumeCache[cachedPath]); err != nil {
-			if os.IsNotExist(err) {
+			if errors.Is(err, os.ErrNotExist) {
 				continue
 			}
 			return err
@@ -217,7 +221,7 @@ func (s *StageExecutor) volumeCacheSaveVFS() (mounts []specs.Mount, err error) {
 			logrus.Debugf("contents of volume %q are already cached in %q", archivedPath, cacheFile)
 			continue
 		}
-		if !os.IsNotExist(err) {
+		if !errors.Is(err, os.ErrNotExist) {
 			return nil, err
 		}
 		createdDirPerms := os.FileMode(0755)
@@ -867,6 +871,21 @@ func (s *StageExecutor) getImageRootfs(ctx context.Context, image string) (mount
 	return builder.MountPoint, nil
 }
 
+// getContentSummary generates content summary for cases where we added content and need
+// to get summary with updated digests.
+func (s *StageExecutor) getContentSummaryAfterAddingContent() string {
+	contentType, digest := s.builder.ContentDigester.Digest()
+	summary := contentType
+	if digest != "" {
+		if summary != "" {
+			summary = summary + ":"
+		}
+		summary = summary + digest.Encoded()
+		logrus.Debugf("added content %s", summary)
+	}
+	return summary
+}
+
 // Execute runs each of the steps in the stage's parsed tree, in turn.
 func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, ref reference.Canonical, err error) {
 	var resourceUsage rusage.Rusage
@@ -945,6 +964,22 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 			s.log(commitMessage)
 		}
 	}
+	// logCachePulled produces build log for cases when `--cache-from`
+	// is used and a valid intermediate image is pulled from remote source.
+	logCachePulled := func(cacheKey string) {
+		if !s.executor.quiet {
+			cacheHitMessage := "--> Cache pulled from remote"
+			fmt.Fprintf(s.executor.out, "%s %s\n", cacheHitMessage, fmt.Sprintf("%s:%s", s.executor.cacheFrom, cacheKey))
+		}
+	}
+	// logCachePush produces build log for cases when `--cache-to`
+	// is used and a valid intermediate image is pushed tp remote source.
+	logCachePush := func(cacheKey string) {
+		if !s.executor.quiet {
+			cacheHitMessage := "--> Pushing cache"
+			fmt.Fprintf(s.executor.out, "%s %s\n", cacheHitMessage, fmt.Sprintf("%s:%s", s.executor.cacheTo, cacheKey))
+		}
+	}
 	logCacheHit := func(cacheID string) {
 		if !s.executor.quiet {
 			cacheHitMessage := "--> Using cache"
@@ -960,6 +995,17 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 		}
 	}
 
+	// Parse and populate buildOutputOption if needed
+	var buildOutputOption define.BuildOutputOption
+	canGenerateBuildOutput := (s.executor.buildOutput != "" && lastStage)
+	if canGenerateBuildOutput {
+		logrus.Debugf("Generating custom build output with options %q", s.executor.buildOutput)
+		buildOutputOption, err = parse.GetBuildOutput(s.executor.buildOutput)
+		if err != nil {
+			return "", nil, fmt.Errorf("failed to parse build output: %w", err)
+		}
+	}
+
 	if len(children) == 0 {
 		// There are no steps.
 		if s.builder.FromImageID == "" || s.executor.squash {
@@ -970,6 +1016,12 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 			if imgID, ref, err = s.commit(ctx, s.getCreatedBy(nil, ""), false, s.output, s.executor.squash); err != nil {
 				return "", nil, fmt.Errorf("error committing base container: %w", err)
 			}
+			// Generate build output if needed.
+			if canGenerateBuildOutput {
+				if err := s.generateBuildOutput(buildOutputOption); err != nil {
+					return "", nil, err
+				}
+			}
 		} else if len(s.executor.labels) > 0 || len(s.executor.annotations) > 0 {
 			// The image would be modified by the labels passed
 			// via the command line, so we need to commit.
@@ -977,6 +1029,12 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 			if imgID, ref, err = s.commit(ctx, s.getCreatedBy(stage.Node, ""), true, s.output, s.executor.squash); err != nil {
 				return "", nil, err
 			}
+			// Generate build output if needed.
+			if canGenerateBuildOutput {
+				if err := s.generateBuildOutput(buildOutputOption); err != nil {
+					return "", nil, err
+				}
+			}
 		} else {
 			// We don't need to squash the base image, and the
 			// image wouldn't be modified by the command line
@@ -985,22 +1043,16 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 			if imgID, ref, err = s.tagExistingImage(ctx, s.builder.FromImageID, s.output); err != nil {
 				return "", nil, err
 			}
-			if s.executor.buildOutput != "" && lastStage {
-				// If we have reached this point then our build is just performing a tag
-				// and it contains no steps or instructions (i.e Containerfile only contains
-				// `FROM <imagename> and nothing else so we will never end up committing this
-				// but instead just re-tag image. For such use-cases if `-o` or `--output` was
-				// specified honor that and export the contents of the current build anyways.
-				logrus.Debugf("Generating custom build output with options %q", s.executor.buildOutput)
-				buildOutputOption, err := parse.GetBuildOutput(s.executor.buildOutput)
-				if err != nil {
-					return "", nil, fmt.Errorf("failed to parse build output: %w", err)
-				}
-				if err := s.generateBuildOutput(buildah.CommitOptions{}, buildOutputOption); err != nil {
+			// If we have reached this point then our build is just performing a tag
+			// and it contains no steps or instructions (i.e Containerfile only contains
+			// `FROM <imagename> and nothing else so we will never end up committing this
+			// but instead just re-tag image. For such use-cases if `-o` or `--output` was
+			// specified honor that and export the contents of the current build anyways.
+			if canGenerateBuildOutput {
+				if err := s.generateBuildOutput(buildOutputOption); err != nil {
 					return "", nil, err
 				}
 			}
-
 		}
 		logImageID(imgID)
 	}
@@ -1101,15 +1153,7 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 				return "", nil, fmt.Errorf("error building at STEP \"%s\": %w", step.Message, err)
 			}
 			// In case we added content, retrieve its digest.
-			addedContentType, addedContentDigest := s.builder.ContentDigester.Digest()
-			addedContentSummary := addedContentType
-			if addedContentDigest != "" {
-				if addedContentSummary != "" {
-					addedContentSummary = addedContentSummary + ":"
-				}
-				addedContentSummary = addedContentSummary + addedContentDigest.Encoded()
-				logrus.Debugf("added content %s", addedContentSummary)
-			}
+			addedContentSummary := s.getContentSummaryAfterAddingContent()
 			if moreInstructions {
 				// There are still more instructions to process
 				// for this stage.  Make a note of the
@@ -1134,6 +1178,12 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 						return "", nil, fmt.Errorf("error committing container for step %+v: %w", *step, err)
 					}
 					logImageID(imgID)
+					// Generate build output if needed.
+					if canGenerateBuildOutput {
+						if err := s.generateBuildOutput(buildOutputOption); err != nil {
+							return "", nil, err
+						}
+					}
 				} else {
 					imgID = ""
 				}
@@ -1143,19 +1193,33 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 
 		// We're in a multi-layered build.
 		var (
-			commitName          string
-			cacheID             string
-			err                 error
-			rebase              bool
-			addedContentSummary string
+			commitName                string
+			cacheID                   string
+			cacheKey                  string
+			pulledAndUsedCacheImage   bool
+			err                       error
+			rebase                    bool
+			addedContentSummary       string
+			canMatchCacheOnlyAfterRun bool
 		)
 
+		needsCacheKey := (s.executor.cacheFrom != nil || s.executor.cacheTo != nil)
+
 		// If we have to commit for this instruction, only assign the
 		// stage's configured output name to the last layer.
 		if lastInstruction {
 			commitName = s.output
 		}
 
+		// If --cache-from or --cache-to is specified make sure to populate
+		// cacheKey since it will be used either while pulling or pushing the
+		// cache images.
+		if needsCacheKey {
+			cacheKey, err = s.generateCacheKey(ctx, node, addedContentSummary, s.stepRequiresLayer(step))
+			if err != nil {
+				return "", nil, fmt.Errorf("failed while generating cache key: %w", err)
+			}
+		}
 		// Check if there's already an image based on our parent that
 		// has the same change that we're about to make, so far as we
 		// can tell.
@@ -1164,17 +1228,57 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 		// determining if a cached layer with the same build args already exists
 		// and that is done in the if block below.
 		if checkForLayers && step.Command != "arg" && !(s.executor.squash && lastInstruction && lastStage) {
+			// For `COPY` and `ADD`, history entries include digests computed from
+			// the content that's copied in.  We need to compute that information so that
+			// it can be used to evaluate the cache, which means we need to go ahead
+			// and copy the content.
+			canMatchCacheOnlyAfterRun = (step.Command == command.Add || step.Command == command.Copy)
+			if canMatchCacheOnlyAfterRun {
+				if err = ib.Run(step, s, noRunsRemaining); err != nil {
+					logrus.Debugf("Error building at step %+v: %v", *step, err)
+					return "", nil, fmt.Errorf("error building at STEP \"%s\": %w", step.Message, err)
+				}
+				// Retrieve the digest info for the content that we just copied
+				// into the rootfs.
+				addedContentSummary = s.getContentSummaryAfterAddingContent()
+				// regenerate cache key with updated content summary
+				if needsCacheKey {
+					cacheKey, err = s.generateCacheKey(ctx, node, addedContentSummary, s.stepRequiresLayer(step))
+					if err != nil {
+						return "", nil, fmt.Errorf("failed while generating cache key: %w", err)
+					}
+				}
+			}
 			cacheID, err = s.intermediateImageExists(ctx, node, addedContentSummary, s.stepRequiresLayer(step))
 			if err != nil {
 				return "", nil, fmt.Errorf("error checking if cached image exists from a previous build: %w", err)
 			}
+			// All the best effort to find cache on localstorage have failed try pulling
+			// cache from remote repo if `--cache-from` was configured.
+			if cacheID == "" && s.executor.cacheFrom != nil {
+				// only attempt to use cache again if pulling was successful
+				// otherwise do nothing and attempt to run the step, err != nil
+				// is ignored and will be automatically logged for --log-level debug
+				if id, err := s.pullCache(ctx, cacheKey); id != "" && err == nil {
+					logCachePulled(cacheKey)
+					cacheID, err = s.intermediateImageExists(ctx, node, addedContentSummary, s.stepRequiresLayer(step))
+					if err != nil {
+						return "", nil, fmt.Errorf("error checking if cached image exists from a previous build: %w", err)
+					}
+					if cacheID != "" {
+						pulledAndUsedCacheImage = true
+					}
+				}
+			}
 		}
 
 		// If we didn't find a cache entry, or we need to add content
 		// to find the digest of the content to check for a cached
 		// image, run the step so that we can check if the result
 		// matches a cache.
-		if cacheID == "" {
+		// We already called ib.Run() for the `canMatchCacheOnlyAfterRun`
+		// cases above, so we shouldn't do it again.
+		if cacheID == "" && !canMatchCacheOnlyAfterRun {
 			// Process the instruction directly.
 			if err = ib.Run(step, s, noRunsRemaining); err != nil {
 				logrus.Debugf("Error building at step %+v: %v", *step, err)
@@ -1182,14 +1286,13 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 			}
 
 			// In case we added content, retrieve its digest.
-			addedContentType, addedContentDigest := s.builder.ContentDigester.Digest()
-			addedContentSummary = addedContentType
-			if addedContentDigest != "" {
-				if addedContentSummary != "" {
-					addedContentSummary = addedContentSummary + ":"
+			addedContentSummary = s.getContentSummaryAfterAddingContent()
+			// regenerate cache key with updated content summary
+			if needsCacheKey {
+				cacheKey, err = s.generateCacheKey(ctx, node, addedContentSummary, s.stepRequiresLayer(step))
+				if err != nil {
+					return "", nil, fmt.Errorf("failed while generating cache key: %w", err)
 				}
-				addedContentSummary = addedContentSummary + addedContentDigest.Encoded()
-				logrus.Debugf("added content %s", addedContentSummary)
 			}
 
 			// Check if there's already an image based on our parent that
@@ -1201,6 +1304,10 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 				}
 			}
 		} else {
+			// This log line is majorly here so we can verify in tests
+			// that our cache is performing in the most optimal way for
+			// various cases.
+			logrus.Debugf("Found a cache hit in the first iteration with id %s", cacheID)
 			// If the instruction would affect our configuration,
 			// process the configuration change so that, if we fall
 			// off the cache path, the filesystem changes from the
@@ -1246,15 +1353,61 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 			if err != nil {
 				return "", nil, fmt.Errorf("error committing container for step %+v: %w", *step, err)
 			}
+			// Generate build output if needed.
+			if canGenerateBuildOutput {
+				if err := s.generateBuildOutput(buildOutputOption); err != nil {
+					return "", nil, err
+				}
+			}
 		}
 
-		// Create a squashed version of this image
-		// if we're supposed to create one and this
-		// is the last instruction of the last stage.
-		if s.executor.squash && lastInstruction && lastStage {
-			imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), !s.stepRequiresLayer(step), commitName, true)
-			if err != nil {
-				return "", nil, fmt.Errorf("error committing final squash step %+v: %w", *step, err)
+		// Following step is just built and was not used from
+		// cache so check if --cache-to was specified if yes
+		// then attempt pushing this cache to remote repo and
+		// fail accordingly.
+		//
+		// Or
+		//
+		// Try to push this cache to remote repository only
+		// if cache was present on local storage and not
+		// pulled from remote source while processing this
+		if s.executor.cacheTo != nil && (!pulledAndUsedCacheImage || cacheID == "") {
+			logCachePush(cacheKey)
+			if err = s.pushCache(ctx, imgID, cacheKey); err != nil {
+				return "", nil, err
+			}
+		}
+
+		if lastInstruction && lastStage {
+			if s.executor.squash {
+				// Create a squashed version of this image
+				// if we're supposed to create one and this
+				// is the last instruction of the last stage.
+				imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), !s.stepRequiresLayer(step), commitName, true)
+				if err != nil {
+					return "", nil, fmt.Errorf("error committing final squash step %+v: %w", *step, err)
+				}
+				// Generate build output if needed.
+				if canGenerateBuildOutput {
+					if err := s.generateBuildOutput(buildOutputOption); err != nil {
+						return "", nil, err
+					}
+				}
+			} else if cacheID != "" {
+				// If we found a valid cache hit and this is lastStage
+				// and not a squashed build then there is no opportunity
+				// for us to perform a `commit` later in the code since
+				// everything will be used from cache.
+				//
+				// If above statement is true and --output was provided
+				// then generate output manually since there is no opportunity
+				// for us to perform `commit` anywhere in the code.
+				// Generate build output if needed.
+				if canGenerateBuildOutput {
+					if err := s.generateBuildOutput(buildOutputOption); err != nil {
+						return "", nil, err
+					}
+				}
 			}
 		}
 
@@ -1521,6 +1674,114 @@ func (s *StageExecutor) tagExistingImage(ctx context.Context, cacheID, output st
 	return img.ID, ref, nil
 }
 
+// generateCacheKey returns a computed digest for the current STEP
+// running its history and diff against a hash algorithm and this
+// generated CacheKey is further used by buildah to lock and decide
+// tag for the intermeidate image which can be pushed and pulled to/from
+// the remote repository.
+func (s *StageExecutor) generateCacheKey(ctx context.Context, currNode *parser.Node, addedContentDigest string, buildAddsLayer bool) (string, error) {
+	hash := sha256.New()
+	var baseHistory []v1.History
+	var diffIDs []digest.Digest
+	var manifestType string
+	var err error
+	if s.builder.FromImageID != "" {
+		manifestType, baseHistory, diffIDs, err = s.executor.getImageTypeAndHistoryAndDiffIDs(ctx, s.builder.FromImageID)
+		if err != nil {
+			return "", fmt.Errorf("error getting history of base image %q: %w", s.builder.FromImageID, err)
+		}
+		for i := 0; i < len(diffIDs); i++ {
+			fmt.Fprintln(hash, diffIDs[i].String())
+		}
+	}
+	createdBy := s.getCreatedBy(currNode, addedContentDigest)
+	fmt.Fprintf(hash, "%t", buildAddsLayer)
+	fmt.Fprintln(hash, createdBy)
+	fmt.Fprintln(hash, manifestType)
+	for _, element := range baseHistory {
+		fmt.Fprintln(hash, element.CreatedBy)
+		fmt.Fprintln(hash, element.Author)
+		fmt.Fprintln(hash, element.Comment)
+		fmt.Fprintln(hash, element.Created)
+		fmt.Fprintf(hash, "%t", element.EmptyLayer)
+		fmt.Fprintln(hash)
+	}
+	return fmt.Sprintf("%x", hash.Sum(nil)), nil
+}
+
+// cacheImageReference is internal function which generates ImageReference from Named repo sources
+// and a tag.
+func cacheImageReference(repo reference.Named, cachekey string) (types.ImageReference, error) {
+	tagged, err := reference.WithTag(repo, cachekey)
+	if err != nil {
+		return nil, fmt.Errorf("failed generating tagged reference for %q: %w", repo, err)
+	}
+	dest, err := imagedocker.NewReference(tagged)
+	if err != nil {
+		return nil, fmt.Errorf("failed generating docker reference for %q: %w", tagged, err)
+	}
+	return dest, nil
+}
+
+// pushCache takes the image id of intermediate image and attempts
+// to perform push at the remote repository with cacheKey as the tag.
+// Returns error if fails otherwise returns nil.
+func (s *StageExecutor) pushCache(ctx context.Context, src, cacheKey string) error {
+	dest, err := cacheImageReference(s.executor.cacheTo, cacheKey)
+	if err != nil {
+		return err
+	}
+	logrus.Debugf("trying to push cache to dest: %+v from src:%+v", dest, src)
+	options := buildah.PushOptions{
+		Compression:         s.executor.compression,
+		SignaturePolicyPath: s.executor.signaturePolicyPath,
+		Store:               s.executor.store,
+		SystemContext:       s.executor.systemContext,
+		BlobDirectory:       s.executor.blobDirectory,
+		SignBy:              s.executor.signBy,
+		MaxRetries:          s.executor.maxPullPushRetries,
+		RetryDelay:          s.executor.retryPullPushDelay,
+	}
+	ref, digest, err := buildah.Push(ctx, src, dest, options)
+	if err != nil {
+		return fmt.Errorf("failed pushing cache to %q: %w", dest, err)
+	}
+	logrus.Debugf("successfully pushed cache to dest: %+v with ref:%+v and digest: %v", dest, ref, digest)
+	return nil
+}
+
+// pullCache takes the image source of the cache assuming tag
+// already points to the valid cacheKey and pulls the image to
+// local storage only if it was not already present on local storage
+// or a newer version of cache was found in the upstream repo. If new
+// image was pulled function returns image id otherwise returns empty
+// string "" or error if any error was encontered while pulling the cache.
+func (s *StageExecutor) pullCache(ctx context.Context, cacheKey string) (string, error) {
+	src, err := cacheImageReference(s.executor.cacheFrom, cacheKey)
+	if err != nil {
+		return "", err
+	}
+	logrus.Debugf("trying to pull cache from remote repo: %+v", src.DockerReference())
+	options := buildah.PullOptions{
+		SignaturePolicyPath: s.executor.signaturePolicyPath,
+		Store:               s.executor.store,
+		SystemContext:       s.executor.systemContext,
+		BlobDirectory:       s.executor.blobDirectory,
+		MaxRetries:          s.executor.maxPullPushRetries,
+		RetryDelay:          s.executor.retryPullPushDelay,
+		AllTags:             false,
+		ReportWriter:        nil,
+		PullPolicy:          define.PullIfNewer,
+	}
+	id, err := buildah.Pull(ctx, src.DockerReference().String(), options)
+	if err != nil {
+		logrus.Debugf("failed pulling cache from source %s: %v", src, err)
+		return "", fmt.Errorf("failed while pulling cache from %q: %w", src, err)
+	}
+	logrus.Debugf("successfully pulled cache from repo %s: %s", src, id)
+	return id, nil
+}
+
 // intermediateImageExists returns true if an intermediate image of currNode exists in the image store from a previous build.
 // It verifies this by checking the parent of the top layer of the image and the history.
 func (s *StageExecutor) intermediateImageExists(ctx context.Context, currNode *parser.Node, addedContentDigest string, buildAddsLayer bool) (string, error) {
@@ -1538,6 +1799,17 @@ func (s *StageExecutor) intermediateImageExists(ctx context.Context, currNode *p
 		}
 	}
 	for _, image := range images {
+		// If s.executor.cacheTTL was specified
+		// then ignore processing image if it
+		// was created before the specified
+		// duration.
+		if int64(s.executor.cacheTTL) != 0 {
+			timeNow := time.Now()
+			imageDuration := timeNow.Sub(image.Created)
+			if s.executor.cacheTTL < imageDuration {
+				continue
+			}
+		}
 		var imageTopLayer *storage.Layer
 		var imageParentLayerID string
 		if image.TopLayer != "" {
@@ -1590,15 +1862,6 @@ func (s *StageExecutor) intermediateImageExists(ctx context.Context, currNode *p
 // or commit via any custom exporter if specified.
 func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer bool, output string, squash bool) (string, reference.Canonical, error) {
 	ib := s.stage.Builder
-	var buildOutputOption define.BuildOutputOption
-	if s.executor.buildOutput != "" {
-		var err error
-		logrus.Debugf("Generating custom build output with options %q", s.executor.buildOutput)
-		buildOutputOption, err = parse.GetBuildOutput(s.executor.buildOutput)
-		if err != nil {
-			return "", nil, fmt.Errorf("failed to parse build output: %w", err)
-		}
-	}
 	var imageRef types.ImageReference
 	if output != "" {
 		imageRef2, err := s.executor.resolveNameToImageRef(output)
@@ -1739,12 +2002,6 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
 		HistoryTimestamp:      s.executor.timestamp,
 		Manifest:              s.executor.manifest,
 	}
-	// generate build output
-	if s.executor.buildOutput != "" {
-		if err := s.generateBuildOutput(buildah.CommitOptions{}, buildOutputOption); err != nil {
-			return "", nil, err
-		}
-	}
 	imgID, _, manifestDigest, err := s.builder.Commit(ctx, imageRef, options)
 	if err != nil {
 		return "", nil, err
@@ -1760,7 +2017,7 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
 	return imgID, ref, nil
 }
 
-func (s *StageExecutor) generateBuildOutput(commitOpts buildah.CommitOptions, buildOutputOpts define.BuildOutputOption) error {
+func (s *StageExecutor) generateBuildOutput(buildOutputOpts define.BuildOutputOption) error {
 	extractRootfsOpts := buildah.ExtractRootfsOptions{}
 	if unshare.IsRootless() {
 		// In order to maintain as much parity as possible
@@ -1775,7 +2032,7 @@ func (s *StageExecutor) generateBuildOutput(commitOpts buildah.CommitOptions, bu
 		extractRootfsOpts.StripSetgidBit = true
 		extractRootfsOpts.StripXattrs = true
 	}
-	rc, errChan, err := s.builder.ExtractRootfs(commitOpts, extractRootfsOpts)
+	rc, errChan, err := s.builder.ExtractRootfs(buildah.CommitOptions{}, extractRootfsOpts)
 	if err != nil {
 		return fmt.Errorf("failed to extract rootfs from given container image: %w", err)
 	}
diff --git a/vendor/github.com/containers/buildah/info.go b/vendor/github.com/containers/buildah/info.go
index 04a1fd08f..9155bb318 100644
--- a/vendor/github.com/containers/buildah/info.go
+++ b/vendor/github.com/containers/buildah/info.go
@@ -3,16 +3,14 @@ package buildah
 import (
 	"bufio"
 	"bytes"
-	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"runtime"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/containerd/containerd/platforms"
+	putil "github.com/containers/buildah/pkg/util"
 	"github.com/containers/buildah/util"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/system"
@@ -83,22 +81,16 @@ func hostInfo() map[string]interface{} {
 		"version":      hostDistributionInfo["Version"],
 	}
 
-	kv, err := readKernelVersion()
+	kv, err := putil.ReadKernelVersion()
 	if err != nil {
 		logrus.Error(err, "error reading kernel version")
 	}
 	info["kernel"] = kv
 
-	up, err := readUptime()
+	upDuration, err := putil.ReadUptime()
 	if err != nil {
 		logrus.Error(err, "error reading up time")
 	}
-	// Convert uptime in seconds to a human-readable format
-	upSeconds := up + "s"
-	upDuration, err := time.ParseDuration(upSeconds)
-	if err != nil {
-		logrus.Error(err, "error parsing system uptime")
-	}
 
 	hoursFound := false
 	var timeBuffer bytes.Buffer
@@ -170,30 +162,6 @@ func storeInfo(store storage.Store) (map[string]interface{}, error) {
 	return info, nil
 }
 
-func readKernelVersion() (string, error) {
-	buf, err := ioutil.ReadFile("/proc/version")
-	if err != nil {
-		return "", err
-	}
-	f := bytes.Fields(buf)
-	if len(f) < 2 {
-		return string(bytes.TrimSpace(buf)), nil
-	}
-	return string(f[2]), nil
-}
-
-func readUptime() (string, error) {
-	buf, err := ioutil.ReadFile("/proc/uptime")
-	if err != nil {
-		return "", err
-	}
-	f := bytes.Fields(buf)
-	if len(f) < 1 {
-		return "", errors.New("invalid uptime")
-	}
-	return string(f[0]), nil
-}
-
 // getHostDistributionInfo returns a map containing the host's distribution and version
 func getHostDistributionInfo() map[string]string {
 	dist := make(map[string]string)
diff --git a/vendor/github.com/containers/buildah/internal/parse/parse.go b/vendor/github.com/containers/buildah/internal/parse/parse.go
index 3da5f6d73..f0ea3c820 100644
--- a/vendor/github.com/containers/buildah/internal/parse/parse.go
+++ b/vendor/github.com/containers/buildah/internal/parse/parse.go
@@ -18,6 +18,7 @@ import (
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/lockfile"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
+	selinux "github.com/opencontainers/selinux/go-selinux"
 )
 
 const (
@@ -185,9 +186,10 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
 	var mode uint64
 	lockedTargets := make([]string, 0)
 	var (
-		setDest     bool
-		setShared   bool
-		setReadOnly bool
+		setDest           bool
+		setShared         bool
+		setReadOnly       bool
+		foundSElinuxLabel bool
 	)
 	fromStage := ""
 	newMount := specs.Mount{
@@ -217,7 +219,10 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
 			// Alias for "ro"
 			newMount.Options = append(newMount.Options, "ro")
 			setReadOnly = true
-		case "shared", "rshared", "private", "rprivate", "slave", "rslave", "Z", "z", "U":
+		case "Z", "z":
+			newMount.Options = append(newMount.Options, kv[0])
+			foundSElinuxLabel = true
+		case "shared", "rshared", "private", "rprivate", "slave", "rslave", "U":
 			newMount.Options = append(newMount.Options, kv[0])
 			setShared = true
 		case "sharing":
@@ -280,6 +285,12 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
 		}
 	}
 
+	// If selinux is enabled and no selinux option was configured
+	// default to `z` i.e shared content label.
+	if !foundSElinuxLabel && (selinux.EnforceMode() != selinux.Disabled) && fromStage == "" {
+		newMount.Options = append(newMount.Options, "z")
+	}
+
 	if !setDest {
 		return newMount, lockedTargets, errBadVolDest
 	}
diff --git a/vendor/github.com/containers/buildah/pkg/cli/build.go b/vendor/github.com/containers/buildah/pkg/cli/build.go
index 98c42453b..4ff104a4b 100644
--- a/vendor/github.com/containers/buildah/pkg/cli/build.go
+++ b/vendor/github.com/containers/buildah/pkg/cli/build.go
@@ -19,6 +19,7 @@ import (
 	"github.com/containers/buildah/pkg/parse"
 	"github.com/containers/buildah/pkg/util"
 	"github.com/containers/common/pkg/auth"
+	"github.com/containers/image/v5/docker/reference"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
@@ -233,10 +234,6 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 		return options, nil, nil, errors.New("'rm' and 'force-rm' can only be set with either 'layers' or 'no-cache'")
 	}
 
-	if c.Flag("cache-from").Changed {
-		logrus.Debugf("build --cache-from not enabled, has no effect")
-	}
-
 	if c.Flag("compress").Changed {
 		logrus.Debugf("--compress option specified but is ignored")
 	}
@@ -290,6 +287,37 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 			iopts.Quiet = true
 		}
 	}
+	var cacheTo reference.Named
+	var cacheFrom reference.Named
+	cacheTo = nil
+	cacheFrom = nil
+	if c.Flag("cache-to").Changed {
+		cacheTo, err = parse.RepoNameToNamedReference(iopts.CacheTo)
+		if err != nil {
+			return options, nil, nil, fmt.Errorf("unable to parse value provided `%s` to --cache-to: %w", iopts.CacheTo, err)
+		}
+	}
+	if c.Flag("cache-from").Changed {
+		cacheFrom, err = parse.RepoNameToNamedReference(iopts.CacheFrom)
+		if err != nil {
+			return options, nil, nil, fmt.Errorf("unable to parse value provided `%s` to --cache-from: %w", iopts.CacheTo, err)
+		}
+	}
+	var cacheTTL time.Duration
+	if c.Flag("cache-ttl").Changed {
+		cacheTTL, err = time.ParseDuration(iopts.CacheTTL)
+		if err != nil {
+			return options, nil, nil, fmt.Errorf("unable to parse value provided %q as --cache-ttl: %w", iopts.CacheTTL, err)
+		}
+	}
+	var pullPushRetryDelay time.Duration
+	pullPushRetryDelay, err = time.ParseDuration(iopts.RetryDelay)
+	if err != nil {
+		return options, nil, nil, fmt.Errorf("unable to parse value provided %q as --retry-delay: %w", iopts.RetryDelay, err)
+	}
+	// Following log line is used in integration test.
+	logrus.Debugf("Setting MaxPullPushRetries to %d and PullPushRetryDelay to %v", iopts.Retry, pullPushRetryDelay)
+
 	options = define.BuildOptions{
 		AddCapabilities:         iopts.CapAdd,
 		AdditionalBuildContexts: additionalBuildContext,
@@ -300,6 +328,9 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 		Args:                    args,
 		BlobDirectory:           iopts.BlobCache,
 		BuildOutput:             iopts.BuildOutput,
+		CacheFrom:               cacheFrom,
+		CacheTo:                 cacheTo,
+		CacheTTL:                cacheTTL,
 		CNIConfigDir:            iopts.CNIConfigDir,
 		CNIPluginPath:           iopts.CNIPlugInPath,
 		CPPFlags:                iopts.CPPFlags,
@@ -326,7 +357,7 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 		LogRusage:               iopts.LogRusage,
 		LogSplitByPlatform:      iopts.LogSplitByPlatform,
 		Manifest:                iopts.Manifest,
-		MaxPullPushRetries:      MaxPullPushRetries,
+		MaxPullPushRetries:      iopts.Retry,
 		NamespaceOptions:        namespaceOptions,
 		NoCache:                 iopts.NoCache,
 		OS:                      systemContext.OSChoice,
@@ -338,7 +369,7 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 		OutputFormat:            format,
 		Platforms:               platforms,
 		PullPolicy:              pullPolicy,
-		PullPushRetryDelay:      PullPushRetryDelay,
+		PullPushRetryDelay:      pullPushRetryDelay,
 		Quiet:                   iopts.Quiet,
 		RemoveIntermediateCtrs:  iopts.Rm,
 		ReportWriter:            reporter,
diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go
index 97ab95ee1..00b6bd33b 100644
--- a/vendor/github.com/containers/buildah/pkg/cli/common.go
+++ b/vendor/github.com/containers/buildah/pkg/cli/common.go
@@ -54,6 +54,8 @@ type BudResults struct {
 	BuildArg            []string
 	BuildContext        []string
 	CacheFrom           string
+	CacheTo             string
+	CacheTTL            string
 	CertDir             string
 	Compress            bool
 	Creds               string
@@ -123,6 +125,8 @@ type FromAndBudResults struct {
 	Isolation      string
 	Memory         string
 	MemorySwap     string
+	Retry          int
+	RetryDelay     string
 	SecurityOpt    []string
 	ShmSize        string
 	Ulimit         []string
@@ -197,7 +201,9 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet {
 	fs.StringArrayVar(&flags.OCIHooksDir, "hooks-dir", []string{}, "set the OCI hooks directory path (may be set multiple times)")
 	fs.StringArrayVar(&flags.BuildArg, "build-arg", []string{}, "`argument=value` to supply to the builder")
 	fs.StringArrayVar(&flags.BuildContext, "build-context", []string{}, "`argument=value` to supply additional build context to the builder")
-	fs.StringVar(&flags.CacheFrom, "cache-from", "", "images to utilise as potential cache sources. The build process does not currently support caching so this is a NOOP.")
+	fs.StringVar(&flags.CacheFrom, "cache-from", "", "remote repository to utilise as potential cache source.")
+	fs.StringVar(&flags.CacheTo, "cache-to", "", "remote repository to utilise as potential cache destination.")
+	fs.StringVar(&flags.CacheTTL, "cache-ttl", "", "only consider cache images under specified duration.")
 	fs.StringVar(&flags.CertDir, "cert-dir", "", "use certificates at the specified path to access the registry")
 	fs.BoolVar(&flags.Compress, "compress", false, "this is a legacy option, which has no effect on the image")
 	fs.StringArrayVar(&flags.CPPFlags, "cpp-flag", []string{}, "set additional flag to pass to C preprocessor (cpp)")
@@ -276,6 +282,8 @@ func GetBudFlagsCompletions() commonComp.FlagCompletions {
 	flagCompletion["build-arg"] = commonComp.AutocompleteNone
 	flagCompletion["build-context"] = commonComp.AutocompleteNone
 	flagCompletion["cache-from"] = commonComp.AutocompleteNone
+	flagCompletion["cache-to"] = commonComp.AutocompleteNone
+	flagCompletion["cache-ttl"] = commonComp.AutocompleteNone
 	flagCompletion["cert-dir"] = commonComp.AutocompleteDefault
 	flagCompletion["cpp-flag"] = commonComp.AutocompleteNone
 	flagCompletion["creds"] = commonComp.AutocompleteNone
@@ -338,6 +346,8 @@ func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults,
 	fs.StringVar(&flags.Isolation, "isolation", DefaultIsolation(), "`type` of process isolation to use. Use BUILDAH_ISOLATION environment variable to override.")
 	fs.StringVarP(&flags.Memory, "memory", "m", "", "memory limit (format: <number>[<unit>], where unit = b, k, m or g)")
 	fs.StringVar(&flags.MemorySwap, "memory-swap", "", "swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	fs.IntVar(&flags.Retry, "retry", MaxPullPushRetries, "number of times to retry in case of failure when performing push/pull")
+	fs.StringVar(&flags.RetryDelay, "retry-delay", PullPushRetryDelay.String(), "delay between retries in case of push/pull failures")
 	fs.String("arch", runtime.GOARCH, "set the ARCH of the image to the provided value instead of the architecture of the host")
 	fs.String("os", runtime.GOOS, "prefer `OS` instead of the running OS when pulling images")
 	fs.StringSlice("platform", []string{parse.DefaultPlatform()}, "set the OS/ARCH/VARIANT of the image to the provided value instead of the current operating system and architecture of the host (for example `linux/arm`)")
@@ -380,6 +390,8 @@ func GetFromAndBudFlagsCompletions() commonComp.FlagCompletions {
 	flagCompletion["memory-swap"] = commonComp.AutocompleteNone
 	flagCompletion["os"] = commonComp.AutocompleteNone
 	flagCompletion["platform"] = commonComp.AutocompleteNone
+	flagCompletion["retry"] = commonComp.AutocompleteNone
+	flagCompletion["retry-delay"] = commonComp.AutocompleteNone
 	flagCompletion["security-opt"] = commonComp.AutocompleteNone
 	flagCompletion["shm-size"] = commonComp.AutocompleteNone
 	flagCompletion["ulimit"] = commonComp.AutocompleteNone
@@ -448,7 +460,7 @@ func VerifyFlagsArgsOrder(args []string) error {
 	return nil
 }
 
-// aliasFlags is a function to handle backwards compatibility with old flags
+// AliasFlags is a function to handle backwards compatibility with old flags
 func AliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName {
 	switch name {
 	case "net":
diff --git a/vendor/github.com/containers/buildah/pkg/overlay/overlay.go b/vendor/github.com/containers/buildah/pkg/overlay/overlay.go
index 6ab10b13c..07bb2195a 100644
--- a/vendor/github.com/containers/buildah/pkg/overlay/overlay.go
+++ b/vendor/github.com/containers/buildah/pkg/overlay/overlay.go
@@ -250,7 +250,7 @@ func Unmount(contentDir string) error {
 	}
 
 	// Ignore EINVAL as the specified merge dir is not a mount point
-	if err := unix.Unmount(mergeDir, 0); err != nil && !os.IsNotExist(err) && err != unix.EINVAL {
+	if err := unix.Unmount(mergeDir, 0); err != nil && !errors.Is(err, os.ErrNotExist) && err != unix.EINVAL {
 		return fmt.Errorf("unmount overlay %s: %w", mergeDir, err)
 	}
 	return nil
@@ -259,7 +259,7 @@ func Unmount(contentDir string) error {
 func recreate(contentDir string) error {
 	st, err := system.Stat(contentDir)
 	if err != nil {
-		if os.IsNotExist(err) {
+		if errors.Is(err, os.ErrNotExist) {
 			return nil
 		}
 		return fmt.Errorf("failed to stat overlay upper directory: %w", err)
@@ -293,7 +293,7 @@ func CleanupContent(containerDir string) (Err error) {
 
 	files, err := ioutil.ReadDir(contentDir)
 	if err != nil {
-		if os.IsNotExist(err) {
+		if errors.Is(err, os.ErrNotExist) {
 			return nil
 		}
 		return fmt.Errorf("read directory: %w", err)
@@ -305,7 +305,7 @@ func CleanupContent(containerDir string) (Err error) {
 		}
 	}
 
-	if err := os.RemoveAll(contentDir); err != nil && !os.IsNotExist(err) {
+	if err := os.RemoveAll(contentDir); err != nil && !errors.Is(err, os.ErrNotExist) {
 		return fmt.Errorf("failed to cleanup overlay directory: %w", err)
 	}
 	return nil
diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go
index 26ee4da77..bbbfb2fc2 100644
--- a/vendor/github.com/containers/buildah/pkg/parse/parse.go
+++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go
@@ -19,6 +19,7 @@ import (
 	internalParse "github.com/containers/buildah/internal/parse"
 	"github.com/containers/buildah/pkg/sshagent"
 	"github.com/containers/common/pkg/parse"
+	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/unshare"
@@ -48,6 +49,18 @@ const (
 	BuildahCacheDir = "buildah-cache"
 )
 
+// RepoNameToNamedReference parse the raw string to Named reference
+func RepoNameToNamedReference(dest string) (reference.Named, error) {
+	named, err := reference.ParseNormalizedNamed(dest)
+	if err != nil {
+		return nil, fmt.Errorf("invalid repo %q: must contain registry and repository: %w", dest, err)
+	}
+	if !reference.IsNameOnly(named) {
+		return nil, fmt.Errorf("repository must contain neither a tag nor digest: %v", named)
+	}
+	return named, nil
+}
+
 // CommonBuildOptions parses the build options from the bud cli
 func CommonBuildOptions(c *cobra.Command) (*define.CommonBuildOptions, error) {
 	return CommonBuildOptionsFromFlagSet(c.Flags(), c.Flag)
@@ -232,11 +245,11 @@ func parseSecurityOpts(securityOpts []string, commonOpts *define.CommonBuildOpti
 		if _, err := os.Stat(SeccompOverridePath); err == nil {
 			commonOpts.SeccompProfilePath = SeccompOverridePath
 		} else {
-			if !os.IsNotExist(err) {
+			if !errors.Is(err, os.ErrNotExist) {
 				return err
 			}
 			if _, err := os.Stat(SeccompDefaultPath); err != nil {
-				if !os.IsNotExist(err) {
+				if !errors.Is(err, os.ErrNotExist) {
 					return err
 				}
 			} else {
@@ -332,6 +345,15 @@ func SystemContextFromFlagSet(flags *pflag.FlagSet, findFlagFunc func(name strin
 		ctx.OCIInsecureSkipTLSVerify = !tlsVerify
 		ctx.DockerDaemonInsecureSkipTLSVerify = !tlsVerify
 	}
+	insecure, err := flags.GetBool("insecure")
+	if err == nil && findFlagFunc("insecure").Changed {
+		if ctx.DockerInsecureSkipTLSVerify != types.OptionalBoolUndefined {
+			return nil, errors.New("--insecure may not be used with --tls-verify")
+		}
+		ctx.DockerInsecureSkipTLSVerify = types.NewOptionalBool(insecure)
+		ctx.OCIInsecureSkipTLSVerify = insecure
+		ctx.DockerDaemonInsecureSkipTLSVerify = insecure
+	}
 	disableCompression, err := flags.GetBool("disable-compression")
 	if err == nil {
 		if disableCompression {
@@ -1059,11 +1081,11 @@ func ContainerIgnoreFile(contextDir, path string) ([]string, string, error) {
 	}
 	path = filepath.Join(contextDir, ".containerignore")
 	excludes, err := imagebuilder.ParseIgnore(path)
-	if os.IsNotExist(err) {
+	if errors.Is(err, os.ErrNotExist) {
 		path = filepath.Join(contextDir, ".dockerignore")
 		excludes, err = imagebuilder.ParseIgnore(path)
 	}
-	if os.IsNotExist(err) {
+	if errors.Is(err, os.ErrNotExist) {
 		return excludes, "", nil
 	}
 	return excludes, path, err
diff --git a/vendor/github.com/containers/buildah/pkg/util/uptime_darwin.go b/vendor/github.com/containers/buildah/pkg/util/uptime_darwin.go
new file mode 100644
index 000000000..d185cb45f
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/util/uptime_darwin.go
@@ -0,0 +1,10 @@
+package util
+
+import (
+	"errors"
+	"time"
+)
+
+func ReadUptime() (time.Duration, error) {
+	return 0, errors.New("readUptime not supported on darwin")
+}
diff --git a/vendor/github.com/containers/buildah/pkg/util/uptime_freebsd.go b/vendor/github.com/containers/buildah/pkg/util/uptime_freebsd.go
new file mode 100644
index 000000000..7112aba38
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/util/uptime_freebsd.go
@@ -0,0 +1,25 @@
+package util
+
+import (
+	"time"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// For some reason, unix.ClockGettime isn't implemented by x/sys/unix on FreeBSD
+func clockGettime(clockid int32, time *unix.Timespec) (err error) {
+	_, _, e1 := unix.Syscall(unix.SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		return e1
+	}
+	return nil
+}
+
+func ReadUptime() (time.Duration, error) {
+	var uptime unix.Timespec
+	if err := clockGettime(unix.CLOCK_UPTIME, &uptime); err != nil {
+		return 0, err
+	}
+	return time.Duration(unix.TimespecToNsec(uptime)), nil
+}
diff --git a/vendor/github.com/containers/buildah/pkg/util/uptime_linux.go b/vendor/github.com/containers/buildah/pkg/util/uptime_linux.go
new file mode 100644
index 000000000..7c8b6ba76
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/util/uptime_linux.go
@@ -0,0 +1,28 @@
+package util
+
+import (
+	"bytes"
+	"errors"
+	"io/ioutil"
+	"time"
+)
+
+func ReadUptime() (time.Duration, error) {
+	buf, err := ioutil.ReadFile("/proc/uptime")
+	if err != nil {
+		return 0, err
+	}
+	f := bytes.Fields(buf)
+	if len(f) < 1 {
+		return 0, errors.New("invalid uptime")
+	}
+
+	// Convert uptime in seconds to a human-readable format
+	up := string(f[0])
+	upSeconds := up + "s"
+	upDuration, err := time.ParseDuration(upSeconds)
+	if err != nil {
+		return 0, err
+	}
+	return upDuration, nil
+}
diff --git a/vendor/github.com/containers/buildah/pkg/util/uptime_windows.go b/vendor/github.com/containers/buildah/pkg/util/uptime_windows.go
new file mode 100644
index 000000000..ef3adac2a
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/util/uptime_windows.go
@@ -0,0 +1,10 @@
+package util
+
+import (
+	"errors"
+	"time"
+)
+
+func ReadUptime() (time.Duration, error) {
+	return 0, errors.New("readUptime not supported on windows")
+}
diff --git a/vendor/github.com/containers/buildah/pkg/util/version_unix.go b/vendor/github.com/containers/buildah/pkg/util/version_unix.go
new file mode 100644
index 000000000..88e8b58a2
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/util/version_unix.go
@@ -0,0 +1,19 @@
+//go:build linux || freebsd || darwin
+// +build linux freebsd darwin
+
+package util
+
+import (
+	"bytes"
+
+	"golang.org/x/sys/unix"
+)
+
+func ReadKernelVersion() (string, error) {
+	var uname unix.Utsname
+	if err := unix.Uname(&uname); err != nil {
+		return "", err
+	}
+	n := bytes.IndexByte(uname.Release[:], 0)
+	return string(uname.Release[:n]), nil
+}
diff --git a/vendor/github.com/containers/buildah/pkg/util/version_windows.go b/vendor/github.com/containers/buildah/pkg/util/version_windows.go
new file mode 100644
index 000000000..9acf469f1
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/util/version_windows.go
@@ -0,0 +1,10 @@
+package util
+
+import (
+	"errors"
+)
+
+func ReadKernelVersion() (string, error) {
+	return "", errors.New("readKernelVersion not supported on windows")
+
+}
diff --git a/vendor/github.com/containers/buildah/run_common.go b/vendor/github.com/containers/buildah/run_common.go
index b50afec0b..f5a5ec850 100644
--- a/vendor/github.com/containers/buildah/run_common.go
+++ b/vendor/github.com/containers/buildah/run_common.go
@@ -262,6 +262,7 @@ func (b *Builder) configureUIDGID(g *generate.Generator, mountPoint string, opti
 	}
 	g.SetProcessUID(user.UID)
 	g.SetProcessGID(user.GID)
+	g.AddProcessAdditionalGid(user.GID)
 	for _, gid := range user.AdditionalGids {
 		g.AddProcessAdditionalGid(gid)
 	}
@@ -331,7 +332,7 @@ func DefaultNamespaceOptions() (define.NamespaceOptions, error) {
 		{Name: string(specs.MountNamespace), Host: false},
 		{Name: string(specs.NetworkNamespace), Host: cfg.NetNS() == "host"},
 		{Name: string(specs.PIDNamespace), Host: cfg.PidNS() == "host"},
-		{Name: string(specs.UserNamespace), Host: cfg.Containers.UserNS == "host"},
+		{Name: string(specs.UserNamespace), Host: cfg.Containers.UserNS == "" || cfg.Containers.UserNS == "host"},
 		{Name: string(specs.UTSNamespace), Host: cfg.UTSNS() == "host"},
 	}
 	return options, nil
@@ -477,8 +478,10 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
 			if stdioPipe, err = runMakeStdioPipe(int(uid), int(gid)); err != nil {
 				return 1, err
 			}
-			if err = runLabelStdioPipes(stdioPipe, spec.Process.SelinuxLabel, spec.Linux.MountLabel); err != nil {
-				return 1, err
+			if spec.Linux != nil {
+				if err = runLabelStdioPipes(stdioPipe, spec.Process.SelinuxLabel, spec.Linux.MountLabel); err != nil {
+					return 1, err
+				}
 			}
 			errorFds = []int{stdioPipe[unix.Stdout][0], stdioPipe[unix.Stderr][0]}
 			closeBeforeReadingErrorFds = []int{stdioPipe[unix.Stdout][1], stdioPipe[unix.Stderr][1]}
@@ -1147,7 +1150,7 @@ func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options Run
 
 		containerStartR.file, containerStartW.file, err = os.Pipe()
 		if err != nil {
-			return fmt.Errorf("error creating container create pipe: %w", err)
+			return fmt.Errorf("error creating container start pipe: %w", err)
 		}
 		defer containerStartR.Close()
 		defer containerStartW.Close()
@@ -1365,7 +1368,7 @@ func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, builtin
 		// the volume contents.  If we do need to create it, then we'll
 		// need to populate it, too, so make a note of that.
 		if _, err := os.Stat(volumePath); err != nil {
-			if !os.IsNotExist(err) {
+			if !errors.Is(err, os.ErrNotExist) {
 				return nil, err
 			}
 			logrus.Debugf("setting up built-in volume path at %q for %q", volumePath, volume)
@@ -1391,7 +1394,7 @@ func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, builtin
 			return nil, fmt.Errorf("evaluating path %q: %w", srcPath, err)
 		}
 		stat, err := os.Stat(srcPath)
-		if err != nil && !os.IsNotExist(err) {
+		if err != nil && !errors.Is(err, os.ErrNotExist) {
 			return nil, err
 		}
 		// If we need to populate the mounted volume's contents with
@@ -1844,7 +1847,7 @@ func (b *Builder) cleanupRunMounts(context *imageTypes.SystemContext, mountpoint
 	var prevErr error
 	for _, path := range artifacts.TmpFiles {
 		err := os.Remove(path)
-		if !os.IsNotExist(err) {
+		if !errors.Is(err, os.ErrNotExist) {
 			if prevErr != nil {
 				logrus.Error(prevErr)
 			}
diff --git a/vendor/github.com/containers/buildah/run_freebsd.go b/vendor/github.com/containers/buildah/run_freebsd.go
index c9384d2d2..b8d141eec 100644
--- a/vendor/github.com/containers/buildah/run_freebsd.go
+++ b/vendor/github.com/containers/buildah/run_freebsd.go
@@ -251,6 +251,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 		jconf.Set("enforce_statfs", 0)
 		jconf.Set("devfs_ruleset", 4)
 		jconf.Set("allow.raw_sockets", true)
+		jconf.Set("allow.chflags", true)
 		jconf.Set("allow.mount", true)
 		jconf.Set("allow.mount.devfs", true)
 		jconf.Set("allow.mount.nullfs", true)
diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go
index 100e223f9..a5d51732f 100644
--- a/vendor/github.com/containers/buildah/run_linux.go
+++ b/vendor/github.com/containers/buildah/run_linux.go
@@ -381,7 +381,7 @@ func (b *Builder) setupOCIHooks(config *spec.Spec, hasVolumes bool) (map[string]
 		for _, hDir := range []string{hooks.DefaultDir, hooks.OverrideDir} {
 			manager, err := hooks.New(context.Background(), []string{hDir}, []string{})
 			if err != nil {
-				if os.IsNotExist(err) {
+				if errors.Is(err, os.ErrNotExist) {
 					continue
 				}
 				return nil, err
@@ -690,7 +690,7 @@ func setupNamespaces(logger *logrus.Logger, g *generate.Generator, namespaceOpti
 			// by the kernel
 			p := filepath.Join("/proc/sys", strings.Replace(name, ".", "/", -1))
 			_, err := os.Stat(p)
-			if err != nil && !os.IsNotExist(err) {
+			if err != nil && !errors.Is(err, os.ErrNotExist) {
 				return false, nil, false, err
 			}
 			if err == nil {
diff --git a/vendor/github.com/containers/buildah/selinux.go b/vendor/github.com/containers/buildah/selinux.go
index b186cb5e9..8cc2bfc62 100644
--- a/vendor/github.com/containers/buildah/selinux.go
+++ b/vendor/github.com/containers/buildah/selinux.go
@@ -4,6 +4,7 @@
 package buildah
 
 import (
+	"errors"
 	"fmt"
 	"os"
 
@@ -33,7 +34,7 @@ func runLabelStdioPipes(stdioPipe [][]int, processLabel, mountLabel string) erro
 	}
 	for i := range stdioPipe {
 		pipeFdName := fmt.Sprintf("/proc/self/fd/%d", stdioPipe[i][0])
-		if err := selinux.SetFileLabel(pipeFdName, pipeContext); err != nil && !os.IsNotExist(err) {
+		if err := selinux.SetFileLabel(pipeFdName, pipeContext); err != nil && !errors.Is(err, os.ErrNotExist) {
 			return fmt.Errorf("setting file label on %q: %w", pipeFdName, err)
 		}
 	}
diff --git a/vendor/github.com/containers/buildah/util.go b/vendor/github.com/containers/buildah/util.go
index 6ebd04a0c..b362dec84 100644
--- a/vendor/github.com/containers/buildah/util.go
+++ b/vendor/github.com/containers/buildah/util.go
@@ -187,7 +187,7 @@ func IsContainer(id string, store storage.Store) (bool, error) {
 	// Assuming that if the stateFile exists, that this is a Buildah
 	// container.
 	if _, err = os.Stat(filepath.Join(cdir, stateFile)); err != nil {
-		if os.IsNotExist(err) {
+		if errors.Is(err, os.ErrNotExist) {
 			return false, nil
 		}
 		return false, err
diff --git a/vendor/github.com/containers/buildah/util/util.go b/vendor/github.com/containers/buildah/util/util.go
index ffebd3146..6a9049e68 100644
--- a/vendor/github.com/containers/buildah/util/util.go
+++ b/vendor/github.com/containers/buildah/util/util.go
@@ -384,13 +384,15 @@ var (
 
 // fileExistsAndNotADir - Check to see if a file exists
 // and that it is not a directory.
-func fileExistsAndNotADir(path string) bool {
+func fileExistsAndNotADir(path string) (bool, error) {
 	file, err := os.Stat(path)
-
-	if file == nil || err != nil || os.IsNotExist(err) {
-		return false
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return false, nil
+		}
+		return false, err
 	}
-	return !file.IsDir()
+	return !file.IsDir(), nil
 }
 
 // FindLocalRuntime find the local runtime of the
@@ -404,7 +406,11 @@ func FindLocalRuntime(runtime string) string {
 		return localRuntime
 	}
 	for _, val := range conf.Engine.OCIRuntimes[runtime] {
-		if fileExistsAndNotADir(val) {
+		exists, err := fileExistsAndNotADir(val)
+		if err != nil {
+			logrus.Errorf("Failed to determine if file exists and is not a directory: %v", err)
+		}
+		if exists {
 			localRuntime = val
 			break
 		}
@@ -460,22 +466,3 @@ func VerifyTagName(imageSpec string) (types.ImageReference, error) {
 	}
 	return ref, nil
 }
-
-// Cause returns the most underlying error for the provided one. There is a
-// maximum error depth of 100 to avoid endless loops. An additional error log
-// message will be created if this maximum has reached.
-func Cause(err error) (cause error) {
-	cause = err
-
-	const maxDepth = 100
-	for i := 0; i <= maxDepth; i++ {
-		res := errors.Unwrap(cause)
-		if res == nil {
-			return cause
-		}
-		cause = res
-	}
-
-	logrus.Errorf("Max error depth of %d reached, cannot unwrap until root cause: %v", maxDepth, err)
-	return cause
-}
diff --git a/vendor/github.com/containers/common/libimage/copier.go b/vendor/github.com/containers/common/libimage/copier.go
index 7570f2633..13ed9c856 100644
--- a/vendor/github.com/containers/common/libimage/copier.go
+++ b/vendor/github.com/containers/common/libimage/copier.go
@@ -102,6 +102,13 @@ type CopyOptions struct {
 	// If non-empty, asks for a signature to be added during the copy, and
 	// specifies a key ID.
 	SignBy string
+	// If non-empty, passphrase to use when signing with the key ID from SignBy.
+	SignPassphrase string
+	// If non-empty, asks for a signature to be added during the copy, using
+	// a sigstore private key file at the provided path.
+	SignBySigstorePrivateKeyFile string
+	// Passphrase to use when signing with SignBySigstorePrivateKeyFile.
+	SignSigstorePrivateKeyPassphrase []byte
 	// Remove any pre-existing signatures. SignBy will still add a new
 	// signature.
 	RemoveSignatures bool
@@ -293,6 +300,9 @@ func (r *Runtime) newCopier(options *CopyOptions) (*copier, error) {
 	c.imageCopyOptions.OciDecryptConfig = options.OciDecryptConfig
 	c.imageCopyOptions.RemoveSignatures = options.RemoveSignatures
 	c.imageCopyOptions.SignBy = options.SignBy
+	c.imageCopyOptions.SignPassphrase = options.SignPassphrase
+	c.imageCopyOptions.SignBySigstorePrivateKeyFile = options.SignBySigstorePrivateKeyFile
+	c.imageCopyOptions.SignSigstorePrivateKeyPassphrase = options.SignSigstorePrivateKeyPassphrase
 	c.imageCopyOptions.ReportWriter = options.Writer
 
 	defaultContainerConfig, err := config.Default()
@@ -403,7 +413,7 @@ func checkRegistrySourcesAllows(dest types.ImageReference) (insecure *bool, err
 		AllowedRegistries  []string `json:"allowedRegistries,omitempty"`
 	}
 	if err := json.Unmarshal([]byte(registrySources), &sources); err != nil {
-		return nil, fmt.Errorf("error parsing $BUILD_REGISTRY_SOURCES (%q) as JSON: %w", registrySources, err)
+		return nil, fmt.Errorf("parsing $BUILD_REGISTRY_SOURCES (%q) as JSON: %w", registrySources, err)
 	}
 	blocked := false
 	if len(sources.BlockedRegistries) > 0 {
diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go
index b1866fa9b..3cc843ed3 100644
--- a/vendor/github.com/containers/common/libimage/image.go
+++ b/vendor/github.com/containers/common/libimage/image.go
@@ -470,14 +470,26 @@ func (i *Image) removeRecursive(ctx context.Context, rmMap map[string]*RemoveIma
 	}
 
 	if _, err := i.runtime.store.DeleteImage(i.ID(), true); handleError(err) != nil {
+		if errors.Is(err, storage.ErrImageUsedByContainer) {
+			err = fmt.Errorf("%w: consider listing external containers and force-removing image", err)
+		}
 		return processedIDs, err
 	}
+
 	report.Untagged = append(report.Untagged, i.Names()...)
+	for _, name := range i.Names() {
+		i.runtime.writeEvent(&Event{ID: i.ID(), Name: name, Time: time.Now(), Type: EventTypeImageUntag})
+	}
 
 	if !hasChildren {
 		report.Removed = true
 	}
 
+	// Do not delete any parents if NoPrune is true
+	if options.NoPrune {
+		return processedIDs, nil
+	}
+
 	// Check if can remove the parent image.
 	if parent == nil {
 		return processedIDs, nil
@@ -495,7 +507,6 @@ func (i *Image) removeRecursive(ctx context.Context, rmMap map[string]*RemoveIma
 	if !danglingParent {
 		return processedIDs, nil
 	}
-
 	// Recurse into removing the parent.
 	return parent.removeRecursive(ctx, rmMap, processedIDs, "", options)
 }
diff --git a/vendor/github.com/containers/common/libimage/inspect.go b/vendor/github.com/containers/common/libimage/inspect.go
index 5da8df1bf..c6632d9a2 100644
--- a/vendor/github.com/containers/common/libimage/inspect.go
+++ b/vendor/github.com/containers/common/libimage/inspect.go
@@ -190,7 +190,7 @@ func (i *Image) Inspect(ctx context.Context, options *InspectOptions) (*ImageDat
 		// NOTE: Health checks may be listed in the container config or
 		// the config.
 		data.HealthCheck = dockerManifest.ContainerConfig.Healthcheck
-		if data.HealthCheck == nil {
+		if data.HealthCheck == nil && dockerManifest.Config != nil {
 			data.HealthCheck = dockerManifest.Config.Healthcheck
 		}
 	}
diff --git a/vendor/github.com/containers/common/libimage/load.go b/vendor/github.com/containers/common/libimage/load.go
index 89faa4635..593eef04b 100644
--- a/vendor/github.com/containers/common/libimage/load.go
+++ b/vendor/github.com/containers/common/libimage/load.go
@@ -99,7 +99,7 @@ func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) (
 }
 
 // loadMultiImageDockerArchive loads the docker archive specified by ref.  In
-// case the path@reference notation was used, only the specifiec image will be
+// case the path@reference notation was used, only the specified image will be
 // loaded.  Otherwise, all images will be loaded.
 func (r *Runtime) loadMultiImageDockerArchive(ctx context.Context, ref types.ImageReference, options *CopyOptions) ([]string, error) {
 	// If we cannot stat the path, it either does not exist OR the correct
diff --git a/vendor/github.com/containers/common/libimage/manifest_list.go b/vendor/github.com/containers/common/libimage/manifest_list.go
index 4480df548..cec44f1a5 100644
--- a/vendor/github.com/containers/common/libimage/manifest_list.go
+++ b/vendor/github.com/containers/common/libimage/manifest_list.go
@@ -13,6 +13,7 @@ import (
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/storage"
+	structcopier "github.com/jinzhu/copier"
 	"github.com/opencontainers/go-digest"
 )
 
@@ -39,6 +40,28 @@ type ManifestList struct {
 	list manifests.List
 }
 
+// ManifestListDescriptor references a platform-specific manifest.
+// Contains exclusive field like `annotations` which is only present in
+// OCI spec and not in docker image spec.
+type ManifestListDescriptor struct {
+	manifest.Schema2Descriptor
+	Platform manifest.Schema2PlatformSpec `json:"platform"`
+	// Annotations contains arbitrary metadata for the image index.
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// ManifestListData is a list of platform-specific manifests, specifically used to
+// generate output struct for `podman manifest inspect`. Reason for maintaining and
+// having this type is to ensure we can have a common type which contains exclusive
+// fields from both Docker manifest format and OCI manifest format.
+type ManifestListData struct {
+	SchemaVersion int                      `json:"schemaVersion"`
+	MediaType     string                   `json:"mediaType"`
+	Manifests     []ManifestListDescriptor `json:"manifests"`
+	// Annotations contains arbitrary metadata for the image index.
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
 // ID returns the ID of the manifest list.
 func (m *ManifestList) ID() string {
 	return m.image.ID()
@@ -210,8 +233,21 @@ func (i *Image) IsManifestList(ctx context.Context) (bool, error) {
 }
 
 // Inspect returns a dockerized version of the manifest list.
-func (m *ManifestList) Inspect() (*manifest.Schema2List, error) {
-	return m.list.Docker(), nil
+func (m *ManifestList) Inspect() (*ManifestListData, error) {
+	inspectList := ManifestListData{}
+	dockerFormat := m.list.Docker()
+	err := structcopier.Copy(&inspectList, &dockerFormat)
+	if err != nil {
+		return &inspectList, err
+	}
+	// Get missing annotation field from OCIv1 Spec
+	// and populate inspect data.
+	ociFormat := m.list.OCIv1()
+	inspectList.Annotations = ociFormat.Annotations
+	for i, manifest := range ociFormat.Manifests {
+		inspectList.Manifests[i].Annotations = manifest.Annotations
+	}
+	return &inspectList, nil
 }
 
 // Options for adding a manifest list.
@@ -411,14 +447,17 @@ func (m *ManifestList) Push(ctx context.Context, destination string, options *Ma
 	defer copier.close()
 
 	pushOptions := manifests.PushOptions{
-		Store:              m.image.runtime.store,
-		SystemContext:      copier.systemContext,
-		ImageListSelection: options.ImageListSelection,
-		Instances:          options.Instances,
-		ReportWriter:       options.Writer,
-		SignBy:             options.SignBy,
-		RemoveSignatures:   options.RemoveSignatures,
-		ManifestType:       options.ManifestMIMEType,
+		Store:                            m.image.runtime.store,
+		SystemContext:                    copier.systemContext,
+		ImageListSelection:               options.ImageListSelection,
+		Instances:                        options.Instances,
+		ReportWriter:                     options.Writer,
+		SignBy:                           options.SignBy,
+		SignPassphrase:                   options.SignPassphrase,
+		SignBySigstorePrivateKeyFile:     options.SignBySigstorePrivateKeyFile,
+		SignSigstorePrivateKeyPassphrase: options.SignSigstorePrivateKeyPassphrase,
+		RemoveSignatures:                 options.RemoveSignatures,
+		ManifestType:                     options.ManifestMIMEType,
 	}
 
 	_, d, err := m.list.Push(ctx, dest, pushOptions)
diff --git a/vendor/github.com/containers/common/libimage/manifests/manifests.go b/vendor/github.com/containers/common/libimage/manifests/manifests.go
index 8404da9c5..163e37f0b 100644
--- a/vendor/github.com/containers/common/libimage/manifests/manifests.go
+++ b/vendor/github.com/containers/common/libimage/manifests/manifests.go
@@ -56,15 +56,18 @@ type List interface {
 // PushOptions includes various settings which are needed for pushing the
 // manifest list and its instances.
 type PushOptions struct {
-	Store              storage.Store
-	SystemContext      *types.SystemContext  // github.com/containers/image/types.SystemContext
-	ImageListSelection cp.ImageListSelection // set to either CopySystemImage, CopyAllImages, or CopySpecificImages
-	Instances          []digest.Digest       // instances to copy if ImageListSelection == CopySpecificImages
-	ReportWriter       io.Writer             // will be used to log the writing of the list and any blobs
-	SignBy             string                // fingerprint of GPG key to use to sign images
-	RemoveSignatures   bool                  // true to discard signatures in images
-	ManifestType       string                // the format to use when saving the list - possible options are oci, v2s1, and v2s2
-	SourceFilter       LookupReferenceFunc   // filter the list source
+	Store                            storage.Store
+	SystemContext                    *types.SystemContext  // github.com/containers/image/types.SystemContext
+	ImageListSelection               cp.ImageListSelection // set to either CopySystemImage, CopyAllImages, or CopySpecificImages
+	Instances                        []digest.Digest       // instances to copy if ImageListSelection == CopySpecificImages
+	ReportWriter                     io.Writer             // will be used to log the writing of the list and any blobs
+	SignBy                           string                // fingerprint of GPG key to use to sign images
+	SignPassphrase                   string                // passphrase to use when signing with the key ID from SignBy.
+	SignBySigstorePrivateKeyFile     string                // if non-empty, asks for a signature to be added during the copy, using a sigstore private key file at the provided path.
+	SignSigstorePrivateKeyPassphrase []byte                // passphrase to use when signing with SignBySigstorePrivateKeyFile.
+	RemoveSignatures                 bool                  // true to discard signatures in images
+	ManifestType                     string                // the format to use when saving the list - possible options are oci, v2s1, and v2s2
+	SourceFilter                     LookupReferenceFunc   // filter the list source
 }
 
 // Create creates a new list containing information about the specified image,
@@ -84,11 +87,11 @@ func Create() List {
 func LoadFromImage(store storage.Store, image string) (string, List, error) {
 	img, err := store.Image(image)
 	if err != nil {
-		return "", nil, fmt.Errorf("error locating image %q for loading manifest list: %w", image, err)
+		return "", nil, fmt.Errorf("locating image %q for loading manifest list: %w", image, err)
 	}
 	manifestBytes, err := store.ImageBigData(img.ID, storage.ImageDigestManifestBigDataNamePrefix)
 	if err != nil {
-		return "", nil, fmt.Errorf("error locating image %q for loading manifest list: %w", image, err)
+		return "", nil, fmt.Errorf("locating image %q for loading manifest list: %w", image, err)
 	}
 	manifestList, err := manifests.FromBlob(manifestBytes)
 	if err != nil {
@@ -100,10 +103,10 @@ func LoadFromImage(store storage.Store, image string) (string, List, error) {
 	}
 	instancesBytes, err := store.ImageBigData(img.ID, instancesData)
 	if err != nil {
-		return "", nil, fmt.Errorf("error locating image %q for loading instance list: %w", image, err)
+		return "", nil, fmt.Errorf("locating image %q for loading instance list: %w", image, err)
 	}
 	if err := json.Unmarshal(instancesBytes, &list.instances); err != nil {
-		return "", nil, fmt.Errorf("error decoding instance list for image %q: %w", image, err)
+		return "", nil, fmt.Errorf("decoding instance list for image %q: %w", image, err)
 	}
 	list.instances[""] = img.ID
 	return img.ID, list, err
@@ -149,18 +152,18 @@ func (l *list) SaveToImage(store storage.Store, imageID string, names []string,
 		}
 		return imageID, nil
 	}
-	return "", fmt.Errorf("error creating image to hold manifest list: %w", err)
+	return "", fmt.Errorf("creating image to hold manifest list: %w", err)
 }
 
 // Reference returns an image reference for the composite image being built
 // in the list, or an error if the list has never been saved to a local image.
 func (l *list) Reference(store storage.Store, multiple cp.ImageListSelection, instances []digest.Digest) (types.ImageReference, error) {
 	if l.instances[""] == "" {
-		return nil, fmt.Errorf("error building reference to list: %w", ErrListImageUnknown)
+		return nil, fmt.Errorf("building reference to list: %w", ErrListImageUnknown)
 	}
 	s, err := is.Transport.ParseStoreReference(store, l.instances[""])
 	if err != nil {
-		return nil, fmt.Errorf("error creating ImageReference from image %q: %w", l.instances[""], err)
+		return nil, fmt.Errorf("creating ImageReference from image %q: %w", l.instances[""], err)
 	}
 	references := make([]types.ImageReference, 0, len(l.instances))
 	whichInstances := make([]digest.Digest, 0, len(l.instances))
@@ -184,7 +187,7 @@ func (l *list) Reference(store storage.Store, multiple cp.ImageListSelection, in
 		imageName := l.instances[instance]
 		ref, err := alltransports.ParseImageName(imageName)
 		if err != nil {
-			return nil, fmt.Errorf("error creating ImageReference from image %q: %w", imageName, err)
+			return nil, fmt.Errorf("creating ImageReference from image %q: %w", imageName, err)
 		}
 		references = append(references, ref)
 	}
@@ -196,7 +199,7 @@ func (l *list) Push(ctx context.Context, dest types.ImageReference, options Push
 	// Load the system signing policy.
 	pushPolicy, err := signature.DefaultPolicy(options.SystemContext)
 	if err != nil {
-		return nil, "", fmt.Errorf("error obtaining default signature policy: %w", err)
+		return nil, "", fmt.Errorf("obtaining default signature policy: %w", err)
 	}
 
 	// Override the settings for local storage to make sure that we can always read the source "image".
@@ -204,7 +207,7 @@ func (l *list) Push(ctx context.Context, dest types.ImageReference, options Push
 
 	policyContext, err := signature.NewPolicyContext(pushPolicy)
 	if err != nil {
-		return nil, "", fmt.Errorf("error creating new signature policy context: %w", err)
+		return nil, "", fmt.Errorf("creating new signature policy context: %w", err)
 	}
 	defer func() {
 		if err2 := policyContext.Destroy(); err2 != nil {
@@ -235,14 +238,17 @@ func (l *list) Push(ctx context.Context, dest types.ImageReference, options Push
 		}
 	}
 	copyOptions := &cp.Options{
-		ImageListSelection:    options.ImageListSelection,
-		Instances:             options.Instances,
-		SourceCtx:             options.SystemContext,
-		DestinationCtx:        options.SystemContext,
-		ReportWriter:          options.ReportWriter,
-		RemoveSignatures:      options.RemoveSignatures,
-		SignBy:                options.SignBy,
-		ForceManifestMIMEType: singleImageManifestType,
+		ImageListSelection:               options.ImageListSelection,
+		Instances:                        options.Instances,
+		SourceCtx:                        options.SystemContext,
+		DestinationCtx:                   options.SystemContext,
+		ReportWriter:                     options.ReportWriter,
+		RemoveSignatures:                 options.RemoveSignatures,
+		SignBy:                           options.SignBy,
+		SignPassphrase:                   options.SignPassphrase,
+		SignBySigstorePrivateKeyFile:     options.SignBySigstorePrivateKeyFile,
+		SignSigstorePrivateKeyPassphrase: options.SignSigstorePrivateKeyPassphrase,
+		ForceManifestMIMEType:            singleImageManifestType,
 	}
 
 	// Copy whatever we were asked to copy.
@@ -267,7 +273,7 @@ func (l *list) Push(ctx context.Context, dest types.ImageReference, options Push
 func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.ImageReference, all bool) (digest.Digest, error) {
 	src, err := ref.NewImageSource(ctx, sys)
 	if err != nil {
-		return "", fmt.Errorf("error setting up to read manifest and configuration from %q: %w", transports.ImageName(ref), err)
+		return "", fmt.Errorf("setting up to read manifest and configuration from %q: %w", transports.ImageName(ref), err)
 	}
 	defer src.Close()
 
@@ -282,13 +288,13 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag
 
 	primaryManifestBytes, primaryManifestType, err := src.GetManifest(ctx, nil)
 	if err != nil {
-		return "", fmt.Errorf("error reading manifest from %q: %w", transports.ImageName(ref), err)
+		return "", fmt.Errorf("reading manifest from %q: %w", transports.ImageName(ref), err)
 	}
 
 	if manifest.MIMETypeIsMultiImage(primaryManifestType) {
 		lists, err := manifests.FromBlob(primaryManifestBytes)
 		if err != nil {
-			return "", fmt.Errorf("error parsing manifest list in %q: %w", transports.ImageName(ref), err)
+			return "", fmt.Errorf("parsing manifest list in %q: %w", transports.ImageName(ref), err)
 		}
 		if all {
 			for i, instance := range lists.OCIv1().Manifests {
@@ -312,11 +318,11 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag
 		} else {
 			list, err := manifest.ListFromBlob(primaryManifestBytes, primaryManifestType)
 			if err != nil {
-				return "", fmt.Errorf("error parsing manifest list in %q: %w", transports.ImageName(ref), err)
+				return "", fmt.Errorf("parsing manifest list in %q: %w", transports.ImageName(ref), err)
 			}
 			instanceDigest, err := list.ChooseInstance(sys)
 			if err != nil {
-				return "", fmt.Errorf("error selecting image from manifest list in %q: %w", transports.ImageName(ref), err)
+				return "", fmt.Errorf("selecting image from manifest list in %q: %w", transports.ImageName(ref), err)
 			}
 			added := false
 			for i, instance := range lists.OCIv1().Manifests {
@@ -358,11 +364,11 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag
 		if instanceInfo.OS == "" || instanceInfo.Architecture == "" {
 			img, err := image.FromUnparsedImage(ctx, sys, image.UnparsedInstance(src, instanceInfo.instanceDigest))
 			if err != nil {
-				return "", fmt.Errorf("error reading configuration blob from %q: %w", transports.ImageName(ref), err)
+				return "", fmt.Errorf("reading configuration blob from %q: %w", transports.ImageName(ref), err)
 			}
 			config, err := img.OCIConfig(ctx)
 			if err != nil {
-				return "", fmt.Errorf("error reading info about config blob from %q: %w", transports.ImageName(ref), err)
+				return "", fmt.Errorf("reading info about config blob from %q: %w", transports.ImageName(ref), err)
 			}
 			if instanceInfo.OS == "" {
 				instanceInfo.OS = config.OS
@@ -376,12 +382,12 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag
 		}
 		manifestBytes, manifestType, err := src.GetManifest(ctx, instanceInfo.instanceDigest)
 		if err != nil {
-			return "", fmt.Errorf("error reading manifest from %q, instance %q: %w", transports.ImageName(ref), instanceInfo.instanceDigest, err)
+			return "", fmt.Errorf("reading manifest from %q, instance %q: %w", transports.ImageName(ref), instanceInfo.instanceDigest, err)
 		}
 		if instanceInfo.instanceDigest == nil {
 			manifestDigest, err = manifest.Digest(manifestBytes)
 			if err != nil {
-				return "", fmt.Errorf("error computing digest of manifest from %q: %w", transports.ImageName(ref), err)
+				return "", fmt.Errorf("computing digest of manifest from %q: %w", transports.ImageName(ref), err)
 			}
 			instanceInfo.instanceDigest = &manifestDigest
 			instanceInfo.Size = int64(len(manifestBytes))
@@ -390,7 +396,7 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag
 		}
 		err = l.List.AddInstance(*instanceInfo.instanceDigest, instanceInfo.Size, manifestType, instanceInfo.OS, instanceInfo.Architecture, instanceInfo.OSVersion, instanceInfo.OSFeatures, instanceInfo.Variant, instanceInfo.Features, instanceInfo.Annotations)
 		if err != nil {
-			return "", fmt.Errorf("error adding instance with digest %q: %w", *instanceInfo.instanceDigest, err)
+			return "", fmt.Errorf("adding instance with digest %q: %w", *instanceInfo.instanceDigest, err)
 		}
 		if _, ok := l.instances[*instanceInfo.instanceDigest]; !ok {
 			l.instances[*instanceInfo.instanceDigest] = transports.ImageName(ref)
diff --git a/vendor/github.com/containers/common/libimage/normalize.go b/vendor/github.com/containers/common/libimage/normalize.go
index be2d30206..bb3cdbc7c 100644
--- a/vendor/github.com/containers/common/libimage/normalize.go
+++ b/vendor/github.com/containers/common/libimage/normalize.go
@@ -18,7 +18,7 @@ func NormalizeName(name string) (reference.Named, error) {
 	// NOTE: this code is in symmetrie with containers/image/pkg/shortnames.
 	ref, err := reference.Parse(name)
 	if err != nil {
-		return nil, fmt.Errorf("error normalizing name %q: %w", name, err)
+		return nil, fmt.Errorf("normalizing name %q: %w", name, err)
 	}
 
 	named, ok := ref.(reference.Named)
diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go
index 86c9ebef1..51712bb3b 100644
--- a/vendor/github.com/containers/common/libimage/pull.go
+++ b/vendor/github.com/containers/common/libimage/pull.go
@@ -163,7 +163,7 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP
 	for _, name := range pulledImages {
 		image, _, err := r.LookupImage(name, nil)
 		if err != nil {
-			return nil, fmt.Errorf("error locating pulled image %q name in containers storage: %w", name, err)
+			return nil, fmt.Errorf("locating pulled image %q name in containers storage: %w", name, err)
 		}
 
 		// Note that we can ignore the 2nd return value here. Some
@@ -318,7 +318,7 @@ func (r *Runtime) storageReferencesReferencesFromArchiveReader(ctx context.Conte
 	for _, destName := range destNames {
 		destRef, err := storageTransport.Transport.ParseStoreReference(r.store, destName)
 		if err != nil {
-			return nil, nil, fmt.Errorf("error parsing dest reference name %#v: %w", destName, err)
+			return nil, nil, fmt.Errorf("parsing dest reference name %#v: %w", destName, err)
 		}
 		references = append(references, destRef)
 	}
@@ -399,7 +399,7 @@ func (r *Runtime) copyFromRegistry(ctx context.Context, ref types.ImageReference
 		}
 		tagged, err := reference.WithTag(named, tag)
 		if err != nil {
-			return nil, fmt.Errorf("error creating tagged reference (name %s, tag %s): %w", named.String(), tag, err)
+			return nil, fmt.Errorf("creating tagged reference (name %s, tag %s): %w", named.String(), tag, err)
 		}
 		pulled, err := r.copySingleImageFromRegistry(ctx, tagged.String(), pullPolicy, options)
 		if err != nil {
diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go
index 6030a179b..7cbf9c95e 100644
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@@ -608,6 +608,8 @@ type RemoveImagesOptions struct {
 	// much space was freed. However, computing the size of an image is
 	// comparatively expensive, so it is made optional.
 	WithSize bool
+	// NoPrune will not remove dangling images
+	NoPrune bool
 }
 
 // RemoveImages removes images specified by names.  If no names are specified,
@@ -653,7 +655,6 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem
 	toDelete := []string{}
 	// Look up images in the local containers storage and fill out
 	// toDelete and the deleteMap.
-
 	switch {
 	case len(names) > 0:
 		// prepare lookupOptions
diff --git a/vendor/github.com/containers/common/libimage/search.go b/vendor/github.com/containers/common/libimage/search.go
index 0b58055b4..b0e2ca6fb 100644
--- a/vendor/github.com/containers/common/libimage/search.go
+++ b/vendor/github.com/containers/common/libimage/search.go
@@ -281,7 +281,7 @@ func searchRepositoryTags(ctx context.Context, sys *types.SystemContext, registr
 	}
 	tags, err := registryTransport.GetRepositoryTags(ctx, sys, imageRef)
 	if err != nil {
-		return nil, fmt.Errorf("error getting repository tags: %v", err)
+		return nil, fmt.Errorf("getting repository tags: %v", err)
 	}
 	limit := searchMaxQueries
 	if len(tags) < limit {
diff --git a/vendor/github.com/containers/common/libnetwork/cni/network.go b/vendor/github.com/containers/common/libnetwork/cni/network.go
index fce8f0066..11f1bbe14 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/network.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/network.go
@@ -19,6 +19,7 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 type cniNetwork struct {
@@ -62,6 +63,8 @@ type InitConfig struct {
 	CNIConfigDir string
 	// CNIPluginDirs is a list of directories where cni should look for the plugins.
 	CNIPluginDirs []string
+	// RunDir is a directory where temporary files can be stored.
+	RunDir string
 
 	// DefaultNetwork is the name for the default network.
 	DefaultNetwork string
@@ -81,7 +84,16 @@ func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 	// TODO: consider using a shared memory lock
 	lock, err := lockfile.GetLockfile(filepath.Join(conf.CNIConfigDir, "cni.lock"))
 	if err != nil {
-		return nil, err
+		// If we're on a read-only filesystem, there is no risk of
+		// contention. Fall back to a local lockfile.
+		if errors.Is(err, unix.EROFS) {
+			lock, err = lockfile.GetLockfile(filepath.Join(conf.RunDir, "cni.lock"))
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			return nil, err
+		}
 	}
 
 	defaultNetworkName := conf.DefaultNetwork
diff --git a/vendor/github.com/containers/common/libnetwork/network/interface.go b/vendor/github.com/containers/common/libnetwork/network/interface.go
index 639ff4e45..2093e1049 100644
--- a/vendor/github.com/containers/common/libnetwork/network/interface.go
+++ b/vendor/github.com/containers/common/libnetwork/network/interface.go
@@ -132,29 +132,41 @@ func defaultNetworkBackend(store storage.Store, conf *config.Config) (backend ty
 		return types.CNI, nil
 	}
 
-	// now check if there are already containers, images and CNI networks (new install?)
+	// If there are any containers then return CNI
 	cons, err := store.Containers()
 	if err != nil {
 		return "", err
 	}
-	if len(cons) == 0 {
-		imgs, err := store.Images()
-		if err != nil {
+	if len(cons) != 0 {
+		return types.CNI, nil
+	}
+
+	// If there are any non ReadOnly images then return CNI
+	imgs, err := store.Images()
+	if err != nil {
+		return "", err
+	}
+	for _, i := range imgs {
+		if !i.ReadOnly {
+			return types.CNI, nil
+		}
+	}
+
+	// If there are CNI Networks then return CNI
+	cniInterface, err := getCniInterface(conf)
+	if err == nil {
+		nets, err := cniInterface.NetworkList()
+		// there is always a default network so check > 1
+		if err != nil && !errors.Is(err, os.ErrNotExist) {
 			return "", err
 		}
-		if len(imgs) == 0 {
-			cniInterface, err := getCniInterface(conf)
-			if err == nil {
-				nets, err := cniInterface.NetworkList()
-				// there is always a default network so check <= 1
-				if err == nil && len(nets) <= 1 {
-					// we have a fresh system so use netavark
-					return types.Netavark, nil
-				}
-			}
+
+		if len(nets) > 1 {
+			// we do not have a fresh system so use CNI
+			return types.CNI, nil
 		}
 	}
-	return types.CNI, nil
+	return types.Netavark, nil
 }
 
 func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
@@ -169,6 +181,7 @@ func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
 	return cni.NewCNINetworkInterface(&cni.InitConfig{
 		CNIConfigDir:       confDir,
 		CNIPluginDirs:      conf.Network.CNIPluginDirs,
+		RunDir:             conf.Engine.TmpDir,
 		DefaultNetwork:     conf.Network.DefaultNetwork,
 		DefaultSubnet:      conf.Network.DefaultSubnet,
 		DefaultsubnetPools: conf.Network.DefaultSubnetPools,
diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go
index 770dc814d..85af82962 100644
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@@ -158,7 +158,7 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 	}
 	if unauthorized, ok := err.(docker.ErrUnauthorizedForCredentials); ok {
 		logrus.Debugf("error logging into %q: %v", key, unauthorized)
-		return fmt.Errorf("error logging into %q: invalid username/password", key)
+		return fmt.Errorf("logging into %q: invalid username/password", key)
 	}
 	return fmt.Errorf("authenticating creds for %q: %w", key, err)
 }
diff --git a/vendor/github.com/containers/common/pkg/cgroups/cgroups.go b/vendor/github.com/containers/common/pkg/cgroups/cgroups.go
index 9c93618df..4ec6b84dc 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/cgroups.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups.go
@@ -145,7 +145,7 @@ func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool)
 		}
 		controllersFileBytes, err := ioutil.ReadFile(controllersFile)
 		if err != nil {
-			return nil, fmt.Errorf("failed while reading controllers for cgroup v2 from %q: %w", controllersFile, err)
+			return nil, fmt.Errorf("failed while reading controllers for cgroup v2: %w", err)
 		}
 		for _, controllerName := range strings.Fields(string(controllersFileBytes)) {
 			c := controller{
@@ -264,7 +264,7 @@ func (c *CgroupControl) initialize() (err error) {
 	}()
 	if c.cgroup2 {
 		if err := createCgroupv2Path(filepath.Join(cgroupRoot, c.path)); err != nil {
-			return fmt.Errorf("error creating cgroup path %s: %w", c.path, err)
+			return fmt.Errorf("creating cgroup path %s: %w", c.path, err)
 		}
 	}
 	for name, handler := range handlers {
@@ -285,7 +285,7 @@ func (c *CgroupControl) initialize() (err error) {
 			}
 			path := c.getCgroupv1Path(ctr.name)
 			if err := os.MkdirAll(path, 0o755); err != nil {
-				return fmt.Errorf("error creating cgroup path for %s: %w", ctr.name, err)
+				return fmt.Errorf("creating cgroup path for %s: %w", ctr.name, err)
 			}
 		}
 	}
diff --git a/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go b/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go
index 45f7bde29..76397c298 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go
@@ -98,7 +98,7 @@ func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool)
 		}
 		controllersFileBytes, err := ioutil.ReadFile(controllersFile)
 		if err != nil {
-			return nil, fmt.Errorf("failed while reading controllers for cgroup v2 from %q: %w", controllersFile, err)
+			return nil, fmt.Errorf("failed while reading controllers for cgroup v2: %w", err)
 		}
 		for _, controllerName := range strings.Fields(string(controllersFileBytes)) {
 			c := controller{
@@ -217,7 +217,7 @@ func (c *CgroupControl) initialize() (err error) {
 	}()
 	if c.cgroup2 {
 		if err := createCgroupv2Path(filepath.Join(cgroupRoot, c.config.Path)); err != nil {
-			return fmt.Errorf("error creating cgroup path %s: %w", c.config.Path, err)
+			return fmt.Errorf("creating cgroup path %s: %w", c.config.Path, err)
 		}
 	}
 	for name, handler := range handlers {
@@ -238,7 +238,7 @@ func (c *CgroupControl) initialize() (err error) {
 			}
 			path := c.getCgroupv1Path(ctr.name)
 			if err := os.MkdirAll(path, 0o755); err != nil {
-				return fmt.Errorf("error creating cgroup path for %s: %w", ctr.name, err)
+				return fmt.Errorf("creating cgroup path for %s: %w", ctr.name, err)
 			}
 		}
 	}
diff --git a/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go b/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go
index 419bc4ec3..0d70e3975 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go
@@ -80,7 +80,7 @@ func UserOwnsCurrentSystemdCgroup() (bool, error) {
 		}
 		s := st.Sys()
 		if s == nil {
-			return false, fmt.Errorf("error stat cgroup path %s", cgroupPath)
+			return false, fmt.Errorf("stat cgroup path %s", cgroupPath)
 		}
 
 		if int(s.(*syscall.Stat_t).Uid) != uid {
diff --git a/vendor/github.com/containers/common/pkg/cgroups/utils.go b/vendor/github.com/containers/common/pkg/cgroups/utils.go
index c7f86d7e1..d4dda5906 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/utils.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/utils.go
@@ -26,7 +26,7 @@ func readAcctList(ctr *CgroupControl, name string) ([]uint64, error) {
 	p := filepath.Join(ctr.getCgroupv1Path(CPUAcct), name)
 	data, err := ioutil.ReadFile(p)
 	if err != nil {
-		return nil, fmt.Errorf("reading %s: %w", p, err)
+		return nil, err
 	}
 	r := []uint64{}
 	for _, s := range strings.Split(string(data), " ") {
@@ -92,7 +92,12 @@ func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) {
 	}
 	data, err := ioutil.ReadFile(parentPath)
 	if err != nil {
-		return nil, fmt.Errorf("open %s: %w", path, err)
+		// if the file doesn't exist, it is likely that the cpuset controller
+		// is not enabled in the kernel.
+		if os.IsNotExist(err) {
+			return nil, nil
+		}
+		return nil, err
 	}
 	if strings.Trim(string(data), "\n") != "" {
 		return data, nil
@@ -169,7 +174,7 @@ func (c *CgroupControl) createCgroupDirectory(controller string) (bool, error) {
 	}
 
 	if err := os.MkdirAll(cPath, 0o755); err != nil {
-		return false, fmt.Errorf("error creating cgroup for %s: %w", controller, err)
+		return false, fmt.Errorf("creating cgroup for %s: %w", controller, err)
 	}
 	return true, nil
 }
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 3d90268cd..858f961b6 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -7,6 +7,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"runtime"
 	"sort"
 	"strings"
 	"sync"
@@ -27,6 +28,8 @@ const (
 	_configPath = "containers/containers.conf"
 	// UserOverrideContainersConfig holds the containers config path overridden by the rootless user
 	UserOverrideContainersConfig = ".config/" + _configPath
+	// Token prefix for looking for helper binary under $BINDIR
+	bindirPrefix = "$BINDIR"
 )
 
 // RuntimeStateStore is a constant indicating which state store implementation
@@ -234,6 +237,10 @@ type EngineConfig struct {
 	// The first path pointing to a valid file will be used.
 	ConmonPath []string `toml:"conmon_path,omitempty"`
 
+	// ConmonRsPath is the path to the Conmon-rs binary used for managing containers.
+	// The first path pointing to a valid file will be used.
+	ConmonRsPath []string `toml:"conmonrs_path,omitempty"`
+
 	// CompatAPIEnforceDockerHub enforces using docker.io for completing
 	// short names in Podman's compatibility REST API.  Note that this will
 	// ignore unqualified-search-registries and short-name aliases defined
@@ -375,6 +382,9 @@ type EngineConfig struct {
 	// ServiceDestinations mapped by service Names
 	ServiceDestinations map[string]Destination `toml:"service_destinations,omitempty"`
 
+	// SSHConfig contains the ssh config file path if not the default
+	SSHConfig string `toml:"ssh_config,omitempty"`
+
 	// RuntimePath is the path to OCI runtime binary for launching containers.
 	// The first path pointing to a valid file will be used This is used only
 	// when there are no OCIRuntime/OCIRuntimes defined.  It is used only to be
@@ -447,6 +457,13 @@ type EngineConfig struct {
 	// may not be by other drivers.
 	VolumePath string `toml:"volume_path,omitempty"`
 
+	// VolumePluginTimeout sets the default timeout, in seconds, for
+	// operations that must contact a volume plugin. Plugins are external
+	// programs accessed via REST API; this sets a timeout for requests to
+	// that API.
+	// A value of 0 is treated as no timeout.
+	VolumePluginTimeout uint `toml:"volume_plugin_timeout,omitempty,omitzero"`
+
 	// VolumePlugins is a set of plugins that can be used as the backend for
 	// Podman named volumes. Each volume is specified as a name (what Podman
 	// will refer to the plugin as) mapped to a path, which must point to a
@@ -808,6 +825,18 @@ func (c *Config) Validate() error {
 	return nil
 }
 
+// URI returns the URI Path to the machine image
+func (m *MachineConfig) URI() string {
+	uri := m.Image
+	for _, val := range []string{"$ARCH", "$arch"} {
+		uri = strings.Replace(uri, val, runtime.GOARCH, 1)
+	}
+	for _, val := range []string{"$OS", "$os"} {
+		uri = strings.Replace(uri, val, runtime.GOOS, 1)
+	}
+	return uri
+}
+
 func (c *EngineConfig) findRuntime() string {
 	// Search for crun first followed by runc, kata, runsc
 	for _, name := range []string{"crun", "runc", "runj", "kata", "runsc"} {
@@ -912,8 +941,12 @@ func (c *NetworkConfig) Validate() error {
 // to first (version) matching conmon binary. If non is found, we try
 // to do a path lookup of "conmon".
 func (c *Config) FindConmon() (string, error) {
+	return findConmonPath(c.Engine.ConmonPath, "conmon", _conmonMinMajorVersion, _conmonMinMinorVersion, _conmonMinPatchVersion)
+}
+
+func findConmonPath(paths []string, binaryName string, major int, minor int, patch int) (string, error) {
 	foundOutdatedConmon := false
-	for _, path := range c.Engine.ConmonPath {
+	for _, path := range paths {
 		stat, err := os.Stat(path)
 		if err != nil {
 			continue
@@ -931,7 +964,7 @@ func (c *Config) FindConmon() (string, error) {
 	}
 
 	// Search the $PATH as last fallback
-	if path, err := exec.LookPath("conmon"); err == nil {
+	if path, err := exec.LookPath(binaryName); err == nil {
 		if err := probeConmon(path); err != nil {
 			logrus.Warnf("Conmon at %s is invalid: %v", path, err)
 			foundOutdatedConmon = true
@@ -943,11 +976,18 @@ func (c *Config) FindConmon() (string, error) {
 
 	if foundOutdatedConmon {
 		return "", fmt.Errorf("please update to v%d.%d.%d or later: %w",
-			_conmonMinMajorVersion, _conmonMinMinorVersion, _conmonMinPatchVersion, ErrConmonOutdated)
+			major, minor, patch, ErrConmonOutdated)
 	}
 
 	return "", fmt.Errorf("could not find a working conmon binary (configured options: %v: %w)",
-		c.Engine.ConmonPath, ErrInvalidArg)
+		paths, ErrInvalidArg)
+}
+
+// FindConmonRs iterates over (*Config).ConmonRsPath and returns the path
+// to first (version) matching conmonrs binary. If non is found, we try
+// to do a path lookup of "conmonrs".
+func (c *Config) FindConmonRs() (string, error) {
+	return findConmonPath(c.Engine.ConmonRsPath, "conmonrs", _conmonrsMinMajorVersion, _conmonrsMinMinorVersion, _conmonrsMinPatchVersion)
 }
 
 // GetDefaultEnv returns the environment variables for the container.
@@ -1223,10 +1263,37 @@ func (c *Config) ActiveDestination() (uri, identity string, err error) {
 	return "", "", errors.New("no service destination configured")
 }
 
+var (
+	bindirFailed = false
+	bindirCached = ""
+)
+
+func findBindir() string {
+	if bindirCached != "" || bindirFailed {
+		return bindirCached
+	}
+	execPath, err := os.Executable()
+	if err == nil {
+		// Resolve symbolic links to find the actual binary file path.
+		execPath, err = filepath.EvalSymlinks(execPath)
+	}
+	if err != nil {
+		// If failed to find executable (unlikely to happen), warn about it.
+		// The bindirFailed flag will track this, so we only warn once.
+		logrus.Warnf("Failed to find $BINDIR: %v", err)
+		bindirFailed = true
+		return ""
+	}
+	bindirCached = filepath.Dir(execPath)
+	return bindirCached
+}
+
 // FindHelperBinary will search the given binary name in the configured directories.
 // If searchPATH is set to true it will also search in $PATH.
 func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) {
 	dirList := c.Engine.HelperBinariesDir
+	bindirPath := ""
+	bindirSearched := false
 
 	// If set, search this directory first. This is used in testing.
 	if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found {
@@ -1234,6 +1301,24 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error)
 	}
 
 	for _, path := range dirList {
+		if path == bindirPrefix || strings.HasPrefix(path, bindirPrefix+string(filepath.Separator)) {
+			// Calculate the path to the executable first time we encounter a $BINDIR prefix.
+			if !bindirSearched {
+				bindirSearched = true
+				bindirPath = findBindir()
+			}
+			// If there's an error, don't stop the search for the helper binary.
+			// findBindir() will have warned once during the first failure.
+			if bindirPath == "" {
+				continue
+			}
+			// Replace the $BINDIR prefix with the path to the directory of the current binary.
+			if path == bindirPrefix {
+				path = bindirPath
+			} else {
+				path = filepath.Join(bindirPath, strings.TrimPrefix(path, bindirPrefix+string(filepath.Separator)))
+			}
+		}
 		fullpath := filepath.Join(path, name)
 		if fi, err := os.Stat(fullpath); err == nil && fi.Mode().IsRegular() {
 			return fullpath, nil
diff --git a/vendor/github.com/containers/common/pkg/config/config_darwin.go b/vendor/github.com/containers/common/pkg/config/config_darwin.go
index 0ab9e0294..5283665e1 100644
--- a/vendor/github.com/containers/common/pkg/config/config_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/config_darwin.go
@@ -35,4 +35,6 @@ var defaultHelperBinariesDir = []string{
 	"/usr/local/lib/podman",
 	"/usr/libexec/podman",
 	"/usr/lib/podman",
+	// Relative to the binary directory
+	"$BINDIR/../libexec/podman",
 }
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index d1ac7c0e8..5b5aaa00a 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -605,6 +605,12 @@ default_sysctls = [
 #
 #volume_path = "/var/lib/containers/storage/volumes"
 
+# Default timeout (in seconds) for volume plugin operations.
+# Plugins are external programs accessed via a REST API; this sets a timeout
+# for requests to that API.
+# A value of 0 is treated as no timeout.
+#volume_plugin_timeout = 5
+
 # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc)
 [engine.runtimes]
 #crun = [
@@ -665,9 +671,16 @@ default_sysctls = [
 #
 #disk_size=10
 
-# The image used when creating a podman-machine VM.
+# Default image URI when creating a new VM using `podman machine init`.
+# Options: On Linux/Mac, `testing`, `stable`, `next`. On Windows, the major
+# version of the OS (e.g `36`) for Fedora 36. For all platforms you can
+# alternatively specify a custom download URL to an image. Container engines
+# translate URIs $OS and $ARCH to the native OS and ARCH. URI
+# "https://example.com/$OS/$ARCH/foobar.ami" becomes
+# "https://example.com/linux/amd64/foobar.ami" on a Linux AMD machine.
+# The default value is `testing`.
 #
-#image = "testing"
+# image = "testing"
 
 # Memory in MB a machine is created with.
 #
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 161a9c8d6..3a3a558a1 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -33,6 +33,15 @@ const (
 	// _conmonMinPatchVersion is the sub-minor version required for conmon.
 	_conmonMinPatchVersion = 1
 
+	// _conmonrsMinMajorVersion is the major version required for conmonrs.
+	_conmonrsMinMajorVersion = 0
+
+	// _conmonrsMinMinorVersion is the minor version required for conmonrs.
+	_conmonrsMinMinorVersion = 1
+
+	// _conmonrsMinPatchVersion is the sub-minor version required for conmonrs.
+	_conmonrsMinPatchVersion = 0
+
 	// _conmonVersionFormatErr is used when the expected versio-format of conmon
 	// has changed.
 	_conmonVersionFormatErr = "conmon version changed format: %w"
@@ -159,6 +168,8 @@ const (
 	SeccompOverridePath = _etcDir + "/containers/seccomp.json"
 	// SeccompDefaultPath defines the default seccomp path.
 	SeccompDefaultPath = _installPrefix + "/share/containers/seccomp.json"
+	// DefaultVolumePluginTimeout is the default volume plugin timeout, in seconds
+	DefaultVolumePluginTimeout = 5
 )
 
 // DefaultConfig defines the default values from containers.conf.
@@ -255,7 +266,7 @@ func defaultMachineConfig() MachineConfig {
 		Image:    getDefaultMachineImage(),
 		Memory:   2048,
 		User:     getDefaultMachineUser(),
-		Volumes:  []string{"$HOME:$HOME"},
+		Volumes:  getDefaultMachineVolumes(),
 	}
 }
 
@@ -269,14 +280,14 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 	}
 	c.TmpDir = tmp
 
-	c.EventsLogFilePath = filepath.Join(c.TmpDir, "events", "events.log")
-
 	c.EventsLogFileMaxSize = eventsLogMaxSize(DefaultEventsLogSizeMax)
 
 	c.CompatAPIEnforceDockerHub = true
 
 	if path, ok := os.LookupEnv("CONTAINERS_STORAGE_CONF"); ok {
-		types.SetDefaultConfigFilePath(path)
+		if err := types.SetDefaultConfigFilePath(path); err != nil {
+			return nil, err
+		}
 	}
 	storeOpts, err := types.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
 	if err != nil {
@@ -287,11 +298,14 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 		logrus.Warnf("Storage configuration is unset - using hardcoded default graph root %q", _defaultGraphRoot)
 		storeOpts.GraphRoot = _defaultGraphRoot
 	}
+
 	c.graphRoot = storeOpts.GraphRoot
 	c.ImageCopyTmpDir = getDefaultTmpDir()
 	c.StaticDir = filepath.Join(storeOpts.GraphRoot, "libpod")
 	c.VolumePath = filepath.Join(storeOpts.GraphRoot, "volumes")
 
+	c.VolumePluginTimeout = DefaultVolumePluginTimeout
+
 	c.HelperBinariesDir = defaultHelperBinariesDir
 	if additionalHelperBinariesDir != "" {
 		c.HelperBinariesDir = append(c.HelperBinariesDir, additionalHelperBinariesDir)
@@ -371,6 +385,16 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 		"/usr/local/sbin/conmon",
 		"/run/current-system/sw/bin/conmon",
 	}
+	c.ConmonRsPath = []string{
+		"/usr/libexec/podman/conmonrs",
+		"/usr/local/libexec/podman/conmonrs",
+		"/usr/local/lib/podman/conmonrs",
+		"/usr/bin/conmonrs",
+		"/usr/sbin/conmonrs",
+		"/usr/local/bin/conmonrs",
+		"/usr/local/sbin/conmonrs",
+		"/run/current-system/sw/bin/conmonrs",
+	}
 	c.PullPolicy = DefaultPullPolicy
 	c.RuntimeSupportsJSON = []string{
 		"crun",
@@ -397,6 +421,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 	c.ChownCopiedFiles = true
 
 	c.PodExitPolicy = defaultPodExitPolicy
+	c.SSHConfig = getDefaultSSHConfig()
 
 	return c, nil
 }
@@ -432,42 +457,55 @@ func probeConmon(conmonBinary string) error {
 	if err := cmd.Run(); err != nil {
 		return err
 	}
-	r := regexp.MustCompile(`^conmon version (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`)
+	r := regexp.MustCompile(`^(version:|conmon version)? (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`)
 
 	matches := r.FindStringSubmatch(out.String())
-	if len(matches) != 4 {
-		return errors.New(_conmonVersionFormatErr)
+	if len(matches) != 5 {
+		return fmt.Errorf(_conmonVersionFormatErr, errors.New("invalid version format"))
+	}
+	major, err := strconv.Atoi(matches[2])
+
+	var minMajor, minMinor, minPatch int
+	// conmon-rs returns "^version:"
+	if matches[1] == "version:" {
+		minMajor = _conmonrsMinMajorVersion
+		minMinor = _conmonrsMinMinorVersion
+		minPatch = _conmonrsMinPatchVersion
+	} else {
+		minMajor = _conmonMinMajorVersion
+		minMinor = _conmonMinMinorVersion
+		minPatch = _conmonMinPatchVersion
 	}
-	major, err := strconv.Atoi(matches[1])
+
 	if err != nil {
 		return fmt.Errorf(_conmonVersionFormatErr, err)
 	}
-	if major < _conmonMinMajorVersion {
+	if major < minMajor {
 		return ErrConmonOutdated
 	}
-	if major > _conmonMinMajorVersion {
+	if major > minMajor {
 		return nil
 	}
 
-	minor, err := strconv.Atoi(matches[2])
+	minor, err := strconv.Atoi(matches[3])
 	if err != nil {
 		return fmt.Errorf(_conmonVersionFormatErr, err)
 	}
-	if minor < _conmonMinMinorVersion {
+	if minor < minMinor {
 		return ErrConmonOutdated
 	}
-	if minor > _conmonMinMinorVersion {
+	if minor > minMinor {
 		return nil
 	}
 
-	patch, err := strconv.Atoi(matches[3])
+	patch, err := strconv.Atoi(matches[4])
 	if err != nil {
 		return fmt.Errorf(_conmonVersionFormatErr, err)
 	}
-	if patch < _conmonMinPatchVersion {
+	if patch < minPatch {
 		return ErrConmonOutdated
 	}
-	if patch > _conmonMinPatchVersion {
+	if patch > minPatch {
 		return nil
 	}
 
@@ -633,3 +671,11 @@ func machineVolumes(volumes []string) ([]string, error) {
 	}
 	return translatedVolumes, nil
 }
+
+func getDefaultSSHConfig() string {
+	if path, ok := os.LookupEnv("CONTAINERS_SSH_CONF"); ok {
+		return path
+	}
+	dirname := homedir.Get()
+	return filepath.Join(dirname, ".ssh", "config")
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_darwin.go b/vendor/github.com/containers/common/pkg/config/default_darwin.go
index c502ea55e..5d857df4f 100644
--- a/vendor/github.com/containers/common/pkg/config/default_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/default_darwin.go
@@ -11,3 +11,8 @@ func getDefaultLockType() string {
 func getLibpodTmpDir() string {
 	return "/run/libpod"
 }
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+	return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_freebsd.go b/vendor/github.com/containers/common/pkg/config/default_freebsd.go
index 8b10ac1f7..781783b42 100644
--- a/vendor/github.com/containers/common/pkg/config/default_freebsd.go
+++ b/vendor/github.com/containers/common/pkg/config/default_freebsd.go
@@ -1,7 +1,7 @@
 package config
 
 func getDefaultCgroupsMode() string {
-	return "disabled"
+	return "enabled"
 }
 
 // In theory, FreeBSD should be able to use shm locks but in practice,
@@ -18,3 +18,8 @@ func getDefaultLockType() string {
 func getLibpodTmpDir() string {
 	return "/var/run/libpod"
 }
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+	return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_linux.go b/vendor/github.com/containers/common/pkg/config/default_linux.go
index 86873beb1..15052c10e 100644
--- a/vendor/github.com/containers/common/pkg/config/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/config/default_linux.go
@@ -70,3 +70,8 @@ func getDefaultLockType() string {
 func getLibpodTmpDir() string {
 	return "/run/libpod"
 }
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+	return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_windows.go b/vendor/github.com/containers/common/pkg/config/default_windows.go
index 1ff88fc42..08a0bf223 100644
--- a/vendor/github.com/containers/common/pkg/config/default_windows.go
+++ b/vendor/github.com/containers/common/pkg/config/default_windows.go
@@ -44,3 +44,8 @@ func getDefaultLockType() string {
 func getLibpodTmpDir() string {
 	return "/run/libpod"
 }
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+	return []string{}
+}
diff --git a/vendor/github.com/containers/common/pkg/manifests/manifests.go b/vendor/github.com/containers/common/pkg/manifests/manifests.go
index d2279ab0e..d351bdf17 100644
--- a/vendor/github.com/containers/common/pkg/manifests/manifests.go
+++ b/vendor/github.com/containers/common/pkg/manifests/manifests.go
@@ -452,23 +452,23 @@ func (l *list) Serialize(mimeType string) ([]byte, error) {
 		if l.preferOCI() {
 			res, err = json.Marshal(&l.oci)
 			if err != nil {
-				return nil, fmt.Errorf("error marshalling OCI image index: %w", err)
+				return nil, fmt.Errorf("marshalling OCI image index: %w", err)
 			}
 		} else {
 			res, err = json.Marshal(&l.docker)
 			if err != nil {
-				return nil, fmt.Errorf("error marshalling Docker manifest list: %w", err)
+				return nil, fmt.Errorf("marshalling Docker manifest list: %w", err)
 			}
 		}
 	case v1.MediaTypeImageIndex:
 		res, err = json.Marshal(&l.oci)
 		if err != nil {
-			return nil, fmt.Errorf("error marshalling OCI image index: %w", err)
+			return nil, fmt.Errorf("marshalling OCI image index: %w", err)
 		}
 	case manifest.DockerV2ListMediaType:
 		res, err = json.Marshal(&l.docker)
 		if err != nil {
-			return nil, fmt.Errorf("error marshalling Docker manifest list: %w", err)
+			return nil, fmt.Errorf("marshalling Docker manifest list: %w", err)
 		}
 	default:
 		return nil, fmt.Errorf("serializing list to type %q not implemented: %w", mimeType, ErrManifestTypeNotSupported)
diff --git a/vendor/github.com/containers/common/pkg/parse/parse_unix.go b/vendor/github.com/containers/common/pkg/parse/parse_unix.go
index 8b3599229..44fe33d9e 100644
--- a/vendor/github.com/containers/common/pkg/parse/parse_unix.go
+++ b/vendor/github.com/containers/common/pkg/parse/parse_unix.go
@@ -39,7 +39,7 @@ func DeviceFromPath(device string) ([]devices.Device, error) {
 	// If source device is a directory
 	srcDevices, err := devices.GetDevices(src)
 	if err != nil {
-		return nil, fmt.Errorf("error getting source devices from directory %s: %w", src, err)
+		return nil, fmt.Errorf("getting source devices from directory %s: %w", src, err)
 	}
 	devs := make([]devices.Device, 0, len(srcDevices))
 	for _, d := range srcDevices {
diff --git a/vendor/github.com/containers/common/pkg/report/formatter.go b/vendor/github.com/containers/common/pkg/report/formatter.go
index 1772f8765..22626fca1 100644
--- a/vendor/github.com/containers/common/pkg/report/formatter.go
+++ b/vendor/github.com/containers/common/pkg/report/formatter.go
@@ -59,16 +59,22 @@ type Formatter struct {
 func (f *Formatter) Parse(origin Origin, text string) (*Formatter, error) {
 	f.Origin = origin
 
+	// docker tries to be smart and replaces \n with the actual newline character.
+	// For compat we do the same but this will break formats such as '{{printf "\n"}}'
+	// To be backwards compatible with the previous behavior we try to replace and
+	// parse the template. If it fails use the original text and parse again.
+	var normText string
 	switch {
 	case strings.HasPrefix(text, "table "):
 		f.RenderTable = true
-		text = "{{range .}}" + NormalizeFormat(text) + "{{end -}}"
+		normText = "{{range .}}" + NormalizeFormat(text) + "{{end -}}"
+		text = "{{range .}}" + text + "{{end -}}"
 	case OriginUser == origin:
-		text = EnforceRange(NormalizeFormat(text))
+		normText = EnforceRange(NormalizeFormat(text))
+		text = EnforceRange(text)
 	default:
-		text = NormalizeFormat(text)
+		normText = NormalizeFormat(text)
 	}
-	f.text = text
 
 	if f.RenderTable || origin == OriginPodman {
 		tw := tabwriter.NewWriter(f.writer, 12, 2, 2, ' ', tabwriter.StripEscape)
@@ -77,10 +83,14 @@ func (f *Formatter) Parse(origin Origin, text string) (*Formatter, error) {
 		f.RenderHeaders = true
 	}
 
-	tmpl, err := f.template.Funcs(template.FuncMap(DefaultFuncs)).Parse(text)
+	tmpl, err := f.template.Funcs(template.FuncMap(DefaultFuncs)).Parse(normText)
 	if err != nil {
+		tmpl, err = f.template.Funcs(template.FuncMap(DefaultFuncs)).Parse(text)
+		f.template = tmpl
+		f.text = text
 		return f, err
 	}
+	f.text = normText
 	f.template = tmpl
 	return f, nil
 }
diff --git a/vendor/github.com/containers/common/pkg/secrets/secrets.go b/vendor/github.com/containers/common/pkg/secrets/secrets.go
index ba0aa3776..705da3dda 100644
--- a/vendor/github.com/containers/common/pkg/secrets/secrets.go
+++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go
@@ -72,13 +72,15 @@ type Secret struct {
 	Name string `json:"name"`
 	// ID is the unique secret ID
 	ID string `json:"id"`
+	// Labels are labels on the secret
+	Labels map[string]string `json:"labels,omitempty"`
 	// Metadata stores other metadata on the secret
 	Metadata map[string]string `json:"metadata,omitempty"`
 	// CreatedAt is when the secret was created
 	CreatedAt time.Time `json:"createdAt"`
 	// Driver is the driver used to store secret data
 	Driver string `json:"driver"`
-	// DriverOptions is other metadata needed to use the driver
+	// DriverOptions are extra options used to run this driver
 	DriverOptions map[string]string `json:"driverOptions"`
 }
 
@@ -100,6 +102,16 @@ type SecretsDriver interface {
 	Delete(id string) error
 }
 
+// StoreOptions are optional metadata fields that can be set when storing a new secret
+type StoreOptions struct {
+	// DriverOptions are extra options used to run this driver
+	DriverOpts map[string]string
+	// Metadata stores extra metadata on the secret
+	Metadata map[string]string
+	// Labels are labels on the secret
+	Labels map[string]string
+}
+
 // NewManager creates a new secrets manager
 // rootPath is the directory where the secrets data file resides
 func NewManager(rootPath string) (*SecretsManager, error) {
@@ -129,7 +141,7 @@ func NewManager(rootPath string) (*SecretsManager, error) {
 // Store takes a name, creates a secret and stores the secret metadata and the secret payload.
 // It returns a generated ID that is associated with the secret.
 // The max size for secret data is 512kB.
-func (s *SecretsManager) Store(name string, data []byte, driverType string, driverOpts map[string]string, metadata map[string]string) (string, error) {
+func (s *SecretsManager) Store(name string, data []byte, driverType string, options StoreOptions) (string, error) {
 	err := validateSecretName(name)
 	if err != nil {
 		return "", err
@@ -168,27 +180,34 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, driv
 		}
 	}
 
-	if metadata == nil {
-		metadata = make(map[string]string)
+	if options.Metadata == nil {
+		options.Metadata = make(map[string]string)
+	}
+	if options.Labels == nil {
+		options.Labels = make(map[string]string)
+	}
+	if options.DriverOpts == nil {
+		options.DriverOpts = make(map[string]string)
 	}
 
 	secr.Driver = driverType
-	secr.Metadata = metadata
+	secr.Metadata = options.Metadata
 	secr.CreatedAt = time.Now()
-	secr.DriverOptions = driverOpts
+	secr.DriverOptions = options.DriverOpts
+	secr.Labels = options.Labels
 
-	driver, err := getDriver(driverType, driverOpts)
+	driver, err := getDriver(driverType, options.DriverOpts)
 	if err != nil {
 		return "", err
 	}
 	err = driver.Store(secr.ID, data)
 	if err != nil {
-		return "", fmt.Errorf("error creating secret %s: %w", name, err)
+		return "", fmt.Errorf("creating secret %s: %w", name, err)
 	}
 
 	err = s.store(secr)
 	if err != nil {
-		return "", fmt.Errorf("error creating secret %s: %w", name, err)
+		return "", fmt.Errorf("creating secret %s: %w", name, err)
 	}
 
 	return secr.ID, nil
@@ -218,12 +237,12 @@ func (s *SecretsManager) Delete(nameOrID string) (string, error) {
 
 	err = driver.Delete(secretID)
 	if err != nil {
-		return "", fmt.Errorf("error deleting secret %s: %w", nameOrID, err)
+		return "", fmt.Errorf("deleting secret %s: %w", nameOrID, err)
 	}
 
 	err = s.delete(secretID)
 	if err != nil {
-		return "", fmt.Errorf("error deleting secret %s: %w", nameOrID, err)
+		return "", fmt.Errorf("deleting secret %s: %w", nameOrID, err)
 	}
 	return secretID, nil
 }
diff --git a/vendor/github.com/containers/common/pkg/ssh/connection_golang.go b/vendor/github.com/containers/common/pkg/ssh/connection_golang.go
new file mode 100644
index 000000000..a5c1be89c
--- /dev/null
+++ b/vendor/github.com/containers/common/pkg/ssh/connection_golang.go
@@ -0,0 +1,326 @@
+package ssh
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/url"
+	"os"
+	"os/user"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/storage/pkg/homedir"
+	"github.com/pkg/sftp"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/agent"
+	"golang.org/x/crypto/ssh/knownhosts"
+)
+
+func golangConnectionCreate(options ConnectionCreateOptions) error {
+	var match bool
+	var err error
+	if match, err = regexp.Match("^[A-Za-z][A-Za-z0-9+.-]*://", []byte(options.Path)); err != nil {
+		return fmt.Errorf("invalid destination: %w", err)
+	}
+
+	if !match {
+		options.Path = "ssh://" + options.Path
+	}
+
+	if len(options.Socket) > 0 {
+		options.Path += options.Socket
+	}
+
+	dst, uri, err := Validate(options.User, options.Path, options.Port, options.Identity)
+	if err != nil {
+		return err
+	}
+
+	if uri.Path == "" || uri.Path == "/" {
+		if uri.Path, err = getUDS(uri, options.Identity); err != nil {
+			return err
+		}
+		dst.URI += uri.Path
+	}
+
+	cfg, err := config.ReadCustomConfig()
+	if err != nil {
+		return err
+	}
+	if cfg.Engine.ServiceDestinations == nil {
+		cfg.Engine.ServiceDestinations = map[string]config.Destination{
+			options.Name: *dst,
+		}
+		cfg.Engine.ActiveService = options.Name
+	} else {
+		cfg.Engine.ServiceDestinations[options.Name] = *dst
+	}
+	return cfg.Write()
+}
+
+func golangConnectionDial(options ConnectionDialOptions) (*ConnectionDialReport, error) {
+	_, uri, err := Validate(options.User, options.Host, options.Port, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+	cfg, err := ValidateAndConfigure(uri, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+
+	dial, err := ssh.Dial("tcp", uri.Host, cfg) // dial the client
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect: %w", err)
+	}
+
+	return &ConnectionDialReport{dial}, nil
+}
+
+func golangConnectionExec(options ConnectionExecOptions) (*ConnectionExecReport, error) {
+	_, uri, err := Validate(options.User, options.Host, options.Port, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+
+	cfg, err := ValidateAndConfigure(uri, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+	dialAdd, err := ssh.Dial("tcp", uri.Host, cfg) // dial the client
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect: %w", err)
+	}
+
+	out, err := ExecRemoteCommand(dialAdd, strings.Join(options.Args, " "))
+	if err != nil {
+		return nil, err
+	}
+	return &ConnectionExecReport{Response: string(out)}, nil
+}
+
+func golangConnectionScp(options ConnectionScpOptions) (*ConnectionScpReport, error) {
+	host, remoteFile, localFile, swap, err := ParseScpArgs(options)
+	if err != nil {
+		return nil, err
+	}
+
+	_, uri, err := Validate(options.User, host, options.Port, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+	cfg, err := ValidateAndConfigure(uri, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+
+	dial, err := ssh.Dial("tcp", uri.Host, cfg) // dial the client
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect: %w", err)
+	}
+	sc, err := sftp.NewClient(dial)
+	if err != nil {
+		return nil, err
+	}
+
+	f, err := os.OpenFile(localFile, (os.O_RDWR | os.O_CREATE), 0o644)
+	if err != nil {
+		return nil, err
+	}
+
+	parent := filepath.Dir(remoteFile)
+	path := string(filepath.Separator)
+	dirs := strings.Split(parent, path)
+	for _, dir := range dirs {
+		path = filepath.Join(path, dir)
+		// ignore errors due to most of the dirs already existing
+		_ = sc.Mkdir(path)
+	}
+
+	remote, err := sc.OpenFile(remoteFile, (os.O_RDWR | os.O_CREATE))
+	if err != nil {
+		return nil, err
+	}
+	defer remote.Close()
+
+	if !swap {
+		_, err = io.Copy(remote, f)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		_, err = io.Copy(f, remote)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return &ConnectionScpReport{Response: remote.Name()}, nil
+}
+
+// ExecRemoteCommand takes a ssh client connection and a command to run and executes the
+// command on the specified client. The function returns the Stdout from the client or the Stderr
+func ExecRemoteCommand(dial *ssh.Client, run string) ([]byte, error) {
+	sess, err := dial.NewSession() // new ssh client session
+	if err != nil {
+		return nil, err
+	}
+	defer sess.Close()
+
+	var buffer bytes.Buffer
+	var bufferErr bytes.Buffer
+	sess.Stdout = &buffer                 // output from client funneled into buffer
+	sess.Stderr = &bufferErr              // err form client funneled into buffer
+	if err := sess.Run(run); err != nil { // run the command on the ssh client
+		return nil, fmt.Errorf("%v: %w", bufferErr.String(), err)
+	}
+	return buffer.Bytes(), nil
+}
+
+func GetUserInfo(uri *url.URL) (*url.Userinfo, error) {
+	var (
+		usr *user.User
+		err error
+	)
+	if u, found := os.LookupEnv("_CONTAINERS_ROOTLESS_UID"); found {
+		usr, err = user.LookupId(u)
+		if err != nil {
+			return nil, fmt.Errorf("failed to lookup rootless user: %w", err)
+		}
+	} else {
+		usr, err = user.Current()
+		if err != nil {
+			return nil, fmt.Errorf("failed to obtain current user: %w", err)
+		}
+	}
+
+	pw, set := uri.User.Password()
+	if set {
+		return url.UserPassword(usr.Username, pw), nil
+	}
+	return url.User(usr.Username), nil
+}
+
+// ValidateAndConfigure will take a ssh url and an identity key (rsa and the like) and ensure the information given is valid
+// iden iden can be blank to mean no identity key
+// once the function validates the information it creates and returns an ssh.ClientConfig.
+func ValidateAndConfigure(uri *url.URL, iden string) (*ssh.ClientConfig, error) {
+	var signers []ssh.Signer
+	passwd, passwdSet := uri.User.Password()
+	if iden != "" { // iden might be blank if coming from image scp or if no validation is needed
+		value := iden
+		s, err := PublicKey(value, []byte(passwd))
+		if err != nil {
+			return nil, fmt.Errorf("failed to read identity %q: %w", value, err)
+		}
+		signers = append(signers, s)
+		logrus.Debugf("SSH Ident Key %q %s %s", value, ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
+	} else if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found { // validate ssh information, specifically the unix file socket used by the ssh agent.
+		logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer enabled", sock)
+
+		c, err := net.Dial("unix", sock)
+		if err != nil {
+			return nil, err
+		}
+		agentSigners, err := agent.NewClient(c).Signers()
+		if err != nil {
+			return nil, err
+		}
+
+		signers = append(signers, agentSigners...)
+
+		if logrus.IsLevelEnabled(logrus.DebugLevel) {
+			for _, s := range agentSigners {
+				logrus.Debugf("SSH Agent Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
+			}
+		}
+	}
+	var authMethods []ssh.AuthMethod // now we validate and check for the authorization methods, most notaibly public key authorization
+	if len(signers) > 0 {
+		dedup := make(map[string]ssh.Signer)
+		for _, s := range signers {
+			fp := ssh.FingerprintSHA256(s.PublicKey())
+			if _, found := dedup[fp]; found {
+				logrus.Debugf("Dedup SSH Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type())
+			}
+			dedup[fp] = s
+		}
+
+		var uniq []ssh.Signer
+		for _, s := range dedup {
+			uniq = append(uniq, s)
+		}
+		authMethods = append(authMethods, ssh.PublicKeysCallback(func() ([]ssh.Signer, error) {
+			return uniq, nil
+		}))
+	}
+	if passwdSet { // if password authentication is given and valid, add to the list
+		authMethods = append(authMethods, ssh.Password(passwd))
+	}
+	if len(authMethods) == 0 {
+		authMethods = append(authMethods, ssh.PasswordCallback(func() (string, error) {
+			pass, err := ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username()))
+			return string(pass), err
+		}))
+	}
+	tick, err := time.ParseDuration("40s")
+	if err != nil {
+		return nil, err
+	}
+	keyFilePath := filepath.Join(homedir.Get(), ".ssh", "known_hosts")
+	known, err := knownhosts.New(keyFilePath)
+	if err != nil {
+		return nil, fmt.Errorf("creating host key callback function for %s: %w", keyFilePath, err)
+	}
+
+	cfg := &ssh.ClientConfig{
+		User:            uri.User.Username(),
+		Auth:            authMethods,
+		HostKeyCallback: known,
+		Timeout:         tick,
+	}
+	return cfg, nil
+}
+
+func getUDS(uri *url.URL, iden string) (string, error) {
+	cfg, err := ValidateAndConfigure(uri, iden)
+	if err != nil {
+		return "", fmt.Errorf("failed to validate: %w", err)
+	}
+	dial, err := ssh.Dial("tcp", uri.Host, cfg)
+	if err != nil {
+		return "", fmt.Errorf("failed to connect: %w", err)
+	}
+	defer dial.Close()
+
+	session, err := dial.NewSession()
+	if err != nil {
+		return "", fmt.Errorf("failed to create new ssh session on %q: %w", uri.Host, err)
+	}
+	defer session.Close()
+
+	// Override podman binary for testing etc
+	podman := "podman"
+	if v, found := os.LookupEnv("PODMAN_BINARY"); found {
+		podman = v
+	}
+	infoJSON, err := ExecRemoteCommand(dial, podman+" info --format=json")
+	if err != nil {
+		return "", err
+	}
+
+	var info Info
+	if err := json.Unmarshal(infoJSON, &info); err != nil {
+		return "", fmt.Errorf("failed to parse 'podman info' results: %w", err)
+	}
+
+	if info.Host.RemoteSocket == nil || len(info.Host.RemoteSocket.Path) == 0 {
+		return "", fmt.Errorf("remote podman %q failed to report its UDS socket", uri.Host)
+	}
+	return info.Host.RemoteSocket.Path, nil
+}
diff --git a/vendor/github.com/containers/common/pkg/ssh/connection_native.go b/vendor/github.com/containers/common/pkg/ssh/connection_native.go
new file mode 100644
index 000000000..4c407360a
--- /dev/null
+++ b/vendor/github.com/containers/common/pkg/ssh/connection_native.go
@@ -0,0 +1,182 @@
+package ssh
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"os/exec"
+	"regexp"
+	"strings"
+
+	"github.com/containers/common/pkg/config"
+)
+
+func nativeConnectionCreate(options ConnectionCreateOptions) error {
+	var match bool
+	var err error
+	if match, err = regexp.Match("^[A-Za-z][A-Za-z0-9+.-]*://", []byte(options.Path)); err != nil {
+		return fmt.Errorf("invalid destination: %w", err)
+	}
+
+	if !match {
+		options.Path = "ssh://" + options.Path
+	}
+
+	if len(options.Socket) > 0 {
+		options.Path += options.Socket
+	}
+
+	dst, uri, err := Validate(options.User, options.Path, options.Port, options.Identity)
+	if err != nil {
+		return err
+	}
+
+	// test connection
+	ssh, err := exec.LookPath("ssh")
+	if err != nil {
+		return fmt.Errorf("no ssh binary found")
+	}
+
+	if strings.Contains(uri.Host, "/run") {
+		uri.Host = strings.Split(uri.Host, "/run")[0]
+	}
+	conf, err := config.Default()
+	if err != nil {
+		return err
+	}
+
+	args := []string{uri.User.String() + "@" + uri.Hostname()}
+
+	if len(dst.Identity) > 0 {
+		args = append(args, "-i", dst.Identity)
+	}
+	if len(conf.Engine.SSHConfig) > 0 {
+		args = append(args, "-F", conf.Engine.SSHConfig)
+	}
+
+	output := &bytes.Buffer{}
+	args = append(args, "podman", "info", "--format", "json")
+	info := exec.Command(ssh, args...)
+	info.Stdout = output
+	err = info.Run()
+	if err != nil {
+		return err
+	}
+
+	remoteInfo := &Info{}
+	if err := json.Unmarshal(output.Bytes(), &remoteInfo); err != nil {
+		return fmt.Errorf("failed to parse 'podman info' results: %w", err)
+	}
+
+	if remoteInfo.Host.RemoteSocket == nil || len(remoteInfo.Host.RemoteSocket.Path) == 0 {
+		return fmt.Errorf("remote podman %q failed to report its UDS socket", uri.Host)
+	}
+
+	cfg, err := config.ReadCustomConfig()
+	if err != nil {
+		return err
+	}
+	if options.Default {
+		cfg.Engine.ActiveService = options.Name
+	}
+
+	if cfg.Engine.ServiceDestinations == nil {
+		cfg.Engine.ServiceDestinations = map[string]config.Destination{
+			options.Name: *dst,
+		}
+		cfg.Engine.ActiveService = options.Name
+	} else {
+		cfg.Engine.ServiceDestinations[options.Name] = *dst
+	}
+
+	return cfg.Write()
+}
+
+func nativeConnectionExec(options ConnectionExecOptions) (*ConnectionExecReport, error) {
+	dst, uri, err := Validate(options.User, options.Host, options.Port, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+
+	ssh, err := exec.LookPath("ssh")
+	if err != nil {
+		return nil, fmt.Errorf("no ssh binary found")
+	}
+
+	output := &bytes.Buffer{}
+	errors := &bytes.Buffer{}
+	if strings.Contains(uri.Host, "/run") {
+		uri.Host = strings.Split(uri.Host, "/run")[0]
+	}
+
+	options.Args = append([]string{uri.User.String() + "@" + uri.Hostname()}, options.Args...)
+	conf, err := config.Default()
+	if err != nil {
+		return nil, err
+	}
+
+	args := []string{}
+	if len(dst.Identity) > 0 {
+		args = append(args, "-i", dst.Identity)
+	}
+	if len(conf.Engine.SSHConfig) > 0 {
+		args = append(args, "-F", conf.Engine.SSHConfig)
+	}
+	args = append(args, options.Args...)
+	info := exec.Command(ssh, args...)
+	info.Stdout = output
+	info.Stderr = errors
+	err = info.Run()
+	if err != nil {
+		return nil, err
+	}
+	return &ConnectionExecReport{Response: output.String()}, nil
+}
+
+func nativeConnectionScp(options ConnectionScpOptions) (*ConnectionScpReport, error) {
+	host, remotePath, localPath, swap, err := ParseScpArgs(options)
+	if err != nil {
+		return nil, err
+	}
+	dst, uri, err := Validate(options.User, host, options.Port, options.Identity)
+	if err != nil {
+		return nil, err
+	}
+
+	scp, err := exec.LookPath("scp")
+	if err != nil {
+		return nil, fmt.Errorf("no scp binary found")
+	}
+
+	conf, err := config.Default()
+	if err != nil {
+		return nil, err
+	}
+
+	args := []string{}
+	if len(dst.Identity) > 0 {
+		args = append(args, "-i", dst.Identity)
+	}
+	if len(conf.Engine.SSHConfig) > 0 {
+		args = append(args, "-F", conf.Engine.SSHConfig)
+	}
+
+	userString := ""
+	if !strings.Contains(host, "@") {
+		userString = uri.User.String() + "@"
+	}
+	// meaning, we are copying from a remote host
+	if swap {
+		args = append(args, userString+host+":"+remotePath, localPath)
+	} else {
+		args = append(args, localPath, userString+host+":"+remotePath)
+	}
+
+	info := exec.Command(scp, args...)
+	err = info.Run()
+	if err != nil {
+		return nil, err
+	}
+
+	return &ConnectionScpReport{Response: remotePath}, nil
+}
diff --git a/vendor/github.com/containers/common/pkg/ssh/ssh.go b/vendor/github.com/containers/common/pkg/ssh/ssh.go
new file mode 100644
index 000000000..d638d69ad
--- /dev/null
+++ b/vendor/github.com/containers/common/pkg/ssh/ssh.go
@@ -0,0 +1,59 @@
+package ssh
+
+import (
+	"fmt"
+
+	"golang.org/x/crypto/ssh"
+)
+
+func Create(options *ConnectionCreateOptions, kind EngineMode) error {
+	if kind == NativeMode {
+		return nativeConnectionCreate(*options)
+	}
+	return golangConnectionCreate(*options)
+}
+
+func Dial(options *ConnectionDialOptions, kind EngineMode) (*ssh.Client, error) {
+	var rep *ConnectionDialReport
+	var err error
+	if kind == NativeMode {
+		return nil, fmt.Errorf("ssh dial failed: you cannot create a dial-able client with native ssh")
+	}
+	rep, err = golangConnectionDial(*options)
+	if err != nil {
+		return nil, err
+	}
+	return rep.Client, nil
+}
+
+func Exec(options *ConnectionExecOptions, kind EngineMode) (string, error) {
+	var rep *ConnectionExecReport
+	var err error
+	if kind == NativeMode {
+		rep, err = nativeConnectionExec(*options)
+		if err != nil {
+			return "", err
+		}
+	} else {
+		rep, err = golangConnectionExec(*options)
+		if err != nil {
+			return "", err
+		}
+	}
+	return rep.Response, nil
+}
+
+func Scp(options *ConnectionScpOptions, kind EngineMode) (string, error) {
+	var rep *ConnectionScpReport
+	var err error
+	if kind == NativeMode {
+		if rep, err = nativeConnectionScp(*options); err != nil {
+			return "", err
+		}
+		return rep.Response, nil
+	}
+	if rep, err = golangConnectionScp(*options); err != nil {
+		return "", err
+	}
+	return rep.Response, nil
+}
diff --git a/vendor/github.com/containers/common/pkg/ssh/types.go b/vendor/github.com/containers/common/pkg/ssh/types.go
new file mode 100644
index 000000000..f22b5fba9
--- /dev/null
+++ b/vendor/github.com/containers/common/pkg/ssh/types.go
@@ -0,0 +1,223 @@
+package ssh
+
+import (
+	"net/url"
+	"time"
+
+	"github.com/containers/storage/pkg/idtools"
+	"golang.org/x/crypto/ssh"
+)
+
+type EngineMode string
+
+const (
+	NativeMode  = EngineMode("native")
+	GolangMode  = EngineMode("golang")
+	InvalidMode = EngineMode("invalid")
+)
+
+type ConnectionCreateOptions struct {
+	Name     string
+	Path     string
+	User     *url.Userinfo
+	Port     int
+	Identity string
+	Socket   string
+	Default  bool
+}
+
+type ConnectionDialOptions struct {
+	Host     string
+	Identity string
+	User     *url.Userinfo
+	Port     int
+	Auth     []string
+	Timeout  time.Duration
+}
+
+type ConnectionDialReport struct {
+	Client *ssh.Client
+}
+
+type ConnectionExecOptions struct {
+	Host     string
+	Identity string
+	User     *url.Userinfo
+	Port     int
+	Auth     []string
+	Args     []string
+	Timeout  time.Duration
+}
+
+type ConnectionExecReport struct {
+	Response string
+}
+
+type ConnectionScpOptions struct {
+	User        *url.Userinfo
+	Source      string
+	Destination string
+	Identity    string
+	Port        int
+}
+
+type ConnectionScpReport struct {
+	Response string
+}
+
+// Info is the overall struct that describes the host system
+// running libpod/podman
+type Info struct {
+	Host       *HostInfo              `json:"host"`
+	Store      *StoreInfo             `json:"store"`
+	Registries map[string]interface{} `json:"registries"`
+	Plugins    Plugins                `json:"plugins"`
+	Version    Version                `json:"version"`
+}
+
+// Version is an output struct for API
+type Version struct {
+	APIVersion string
+	Version    string
+	GoVersion  string
+	GitCommit  string
+	BuiltTime  string
+	Built      int64
+	OsArch     string
+	Os         string
+}
+
+// SecurityInfo describes the libpod host
+type SecurityInfo struct {
+	AppArmorEnabled     bool   `json:"apparmorEnabled"`
+	DefaultCapabilities string `json:"capabilities"`
+	Rootless            bool   `json:"rootless"`
+	SECCOMPEnabled      bool   `json:"seccompEnabled"`
+	SECCOMPProfilePath  string `json:"seccompProfilePath"`
+	SELinuxEnabled      bool   `json:"selinuxEnabled"`
+}
+
+// HostInfo describes the libpod host
+type HostInfo struct {
+	Arch              string           `json:"arch"`
+	BuildahVersion    string           `json:"buildahVersion"`
+	CgroupManager     string           `json:"cgroupManager"`
+	CgroupsVersion    string           `json:"cgroupVersion"`
+	CgroupControllers []string         `json:"cgroupControllers"`
+	Conmon            *ConmonInfo      `json:"conmon"`
+	CPUs              int              `json:"cpus"`
+	CPUUtilization    *CPUUsage        `json:"cpuUtilization"`
+	Distribution      DistributionInfo `json:"distribution"`
+	EventLogger       string           `json:"eventLogger"`
+	Hostname          string           `json:"hostname"`
+	IDMappings        IDMappings       `json:"idMappings,omitempty"`
+	Kernel            string           `json:"kernel"`
+	LogDriver         string           `json:"logDriver"`
+	MemFree           int64            `json:"memFree"`
+	MemTotal          int64            `json:"memTotal"`
+	NetworkBackend    string           `json:"networkBackend"`
+	OCIRuntime        *OCIRuntimeInfo  `json:"ociRuntime"`
+	OS                string           `json:"os"`
+	// RemoteSocket returns the UNIX domain socket the Podman service is listening on
+	RemoteSocket *RemoteSocket          `json:"remoteSocket,omitempty"`
+	RuntimeInfo  map[string]interface{} `json:"runtimeInfo,omitempty"`
+	// ServiceIsRemote is true when the podman/libpod service is remote to the client
+	ServiceIsRemote bool         `json:"serviceIsRemote"`
+	Security        SecurityInfo `json:"security"`
+	Slirp4NetNS     SlirpInfo    `json:"slirp4netns,omitempty"`
+	SwapFree        int64        `json:"swapFree"`
+	SwapTotal       int64        `json:"swapTotal"`
+	Uptime          string       `json:"uptime"`
+	Linkmode        string       `json:"linkmode"`
+}
+
+// RemoteSocket describes information about the API socket
+type RemoteSocket struct {
+	Path   string `json:"path,omitempty"`
+	Exists bool   `json:"exists,omitempty"`
+}
+
+// SlirpInfo describes the slirp executable that is being used
+type SlirpInfo struct {
+	Executable string `json:"executable"`
+	Package    string `json:"package"`
+	Version    string `json:"version"`
+}
+
+// IDMappings describe the GID and UID mappings
+type IDMappings struct {
+	GIDMap []idtools.IDMap `json:"gidmap"`
+	UIDMap []idtools.IDMap `json:"uidmap"`
+}
+
+// DistributionInfo describes the host distribution for libpod
+type DistributionInfo struct {
+	Distribution string `json:"distribution"`
+	Variant      string `json:"variant,omitempty"`
+	Version      string `json:"version"`
+	Codename     string `json:"codename,omitempty"`
+}
+
+// ConmonInfo describes the conmon executable being used
+type ConmonInfo struct {
+	Package string `json:"package"`
+	Path    string `json:"path"`
+	Version string `json:"version"`
+}
+
+// OCIRuntimeInfo describes the runtime (crun or runc) being
+// used with podman
+type OCIRuntimeInfo struct {
+	Name    string `json:"name"`
+	Package string `json:"package"`
+	Path    string `json:"path"`
+	Version string `json:"version"`
+}
+
+// StoreInfo describes the container storage and its
+// attributes
+type StoreInfo struct {
+	ConfigFile      string                 `json:"configFile"`
+	ContainerStore  ContainerStore         `json:"containerStore"`
+	GraphDriverName string                 `json:"graphDriverName"`
+	GraphOptions    map[string]interface{} `json:"graphOptions"`
+	GraphRoot       string                 `json:"graphRoot"`
+	// GraphRootAllocated is how much space the graphroot has in bytes
+	GraphRootAllocated uint64 `json:"graphRootAllocated"`
+	// GraphRootUsed is how much of graphroot is used in bytes
+	GraphRootUsed   uint64            `json:"graphRootUsed"`
+	GraphStatus     map[string]string `json:"graphStatus"`
+	ImageCopyTmpDir string            `json:"imageCopyTmpDir"`
+	ImageStore      ImageStore        `json:"imageStore"`
+	RunRoot         string            `json:"runRoot"`
+	VolumePath      string            `json:"volumePath"`
+}
+
+// ImageStore describes the image store.  Right now only the number
+// of images present
+type ImageStore struct {
+	Number int `json:"number"`
+}
+
+// ContainerStore describes the quantity of containers in the
+// store by status
+type ContainerStore struct {
+	Number  int `json:"number"`
+	Paused  int `json:"paused"`
+	Running int `json:"running"`
+	Stopped int `json:"stopped"`
+}
+
+type Plugins struct {
+	Volume  []string `json:"volume"`
+	Network []string `json:"network"`
+	Log     []string `json:"log"`
+	// Authorization is provided for compatibility, will always be nil as Podman has no daemon
+	Authorization []string `json:"authorization"`
+}
+
+type CPUUsage struct {
+	UserPercent   float64 `json:"userPercent"`
+	SystemPercent float64 `json:"systemPercent"`
+	IdlePercent   float64 `json:"idlePercent"`
+}
diff --git a/vendor/github.com/containers/common/pkg/ssh/utils.go b/vendor/github.com/containers/common/pkg/ssh/utils.go
new file mode 100644
index 000000000..c15745015
--- /dev/null
+++ b/vendor/github.com/containers/common/pkg/ssh/utils.go
@@ -0,0 +1,198 @@
+package ssh
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/containers/common/pkg/config"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/term"
+)
+
+func Validate(user *url.Userinfo, path string, port int, identity string) (*config.Destination, *url.URL, error) {
+	sock := ""
+	if strings.Contains(path, "/run") {
+		sock = strings.Split(path, "/run")[1]
+	}
+	uri, err := url.Parse(path)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// sometimes we are not going to have a path, this breaks uri.Hostname()
+	if uri.Host == "" && strings.Contains(uri.String(), "@") {
+		uri.Host = strings.Split(uri.String(), "@")[1]
+	}
+
+	if uri.Port() == "" {
+		if port != 0 {
+			uri.Host = net.JoinHostPort(uri.Hostname(), strconv.Itoa(port))
+		} else {
+			uri.Host = net.JoinHostPort(uri.Hostname(), "22")
+		}
+	}
+
+	if user != nil {
+		uri.User = user
+	}
+
+	uriStr := ""
+	if len(sock) > 0 {
+		uriStr = "ssh://" + uri.User.Username() + "@" + uri.Host + "/run" + sock
+	} else {
+		uriStr = "ssh://" + uri.User.Username() + "@" + uri.Host
+	}
+
+	dst := config.Destination{
+		URI: uriStr,
+	}
+
+	if len(identity) > 0 {
+		dst.Identity = identity
+	}
+	return &dst, uri, err
+}
+
+var (
+	passPhrase   []byte
+	phraseSync   sync.Once
+	password     []byte
+	passwordSync sync.Once
+)
+
+// ReadPassword prompts for a secret and returns value input by user from stdin
+// Unlike terminal.ReadPassword(), $(echo $SECRET | podman...) is supported.
+// Additionally, all input after `<secret>/n` is queued to podman command.
+func ReadPassword(prompt string) (pw []byte, err error) {
+	fd := int(os.Stdin.Fd())
+	if term.IsTerminal(fd) {
+		fmt.Fprint(os.Stderr, prompt)
+		pw, err = term.ReadPassword(fd)
+		fmt.Fprintln(os.Stderr)
+		return
+	}
+
+	var b [1]byte
+	for {
+		n, err := os.Stdin.Read(b[:])
+		// terminal.ReadPassword discards any '\r', so we do the same
+		if n > 0 && b[0] != '\r' {
+			if b[0] == '\n' {
+				return pw, nil
+			}
+			pw = append(pw, b[0])
+			// limit size, so that a wrong input won't fill up the memory
+			if len(pw) > 1024 {
+				err = fmt.Errorf("password too long, 1024 byte limit")
+			}
+		}
+		if err != nil {
+			// terminal.ReadPassword accepts EOF-terminated passwords
+			// if non-empty, so we do the same
+			if err == io.EOF && len(pw) > 0 {
+				err = nil
+			}
+			return pw, err
+		}
+	}
+}
+
+func PublicKey(path string, passphrase []byte) (ssh.Signer, error) {
+	key, err := ioutil.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	signer, err := ssh.ParsePrivateKey(key)
+	if err != nil {
+		if _, ok := err.(*ssh.PassphraseMissingError); !ok {
+			return nil, err
+		}
+		if len(passphrase) == 0 {
+			passphrase = ReadPassphrase()
+		}
+		return ssh.ParsePrivateKeyWithPassphrase(key, passphrase)
+	}
+	return signer, nil
+}
+
+func ReadPassphrase() []byte {
+	phraseSync.Do(func() {
+		secret, err := ReadPassword("Key Passphrase: ")
+		if err != nil {
+			secret = []byte{}
+		}
+		passPhrase = secret
+	})
+	return passPhrase
+}
+
+func ReadLogin() []byte {
+	passwordSync.Do(func() {
+		secret, err := ReadPassword("Login password: ")
+		if err != nil {
+			secret = []byte{}
+		}
+		password = secret
+	})
+	return password
+}
+
+func ParseScpArgs(options ConnectionScpOptions) (string, string, string, bool, error) {
+	// assume load to remote
+	host := options.Destination
+	if strings.Contains(host, "ssh://") {
+		host = strings.Split(host, "ssh://")[1]
+	}
+	localPath := options.Source
+	if strings.Contains(localPath, "ssh://") {
+		localPath = strings.Split(localPath, "ssh://")[1]
+	}
+	remotePath := ""
+	swap := false
+	if split := strings.Split(localPath, ":"); len(split) == 2 {
+		// save to remote, load to local
+		host = split[0]
+		remotePath = split[1]
+		localPath = options.Destination
+		swap = true
+	} else {
+		split = strings.Split(host, ":")
+		if len(split) != 2 {
+			return "", "", "", false, fmt.Errorf("no remote destination provided")
+		}
+		host = split[0]
+		remotePath = split[1]
+	}
+	remotePath = strings.TrimSuffix(remotePath, "\n")
+	return host, remotePath, localPath, swap, nil
+}
+
+func DialNet(sshClient *ssh.Client, mode string, url *url.URL) (net.Conn, error) {
+	port, err := strconv.Atoi(url.Port())
+	if err != nil {
+		return nil, err
+	}
+	if _, _, err = Validate(url.User, url.Hostname(), port, ""); err != nil {
+		return nil, err
+	}
+	return sshClient.Dial(mode, url.Path)
+}
+
+func DefineMode(flag string) EngineMode {
+	switch flag {
+	case "native":
+		return NativeMode
+	case "golang":
+		return GolangMode
+	default:
+		return InvalidMode
+	}
+}
diff --git a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
index ff82b5a39..6454f16b0 100644
--- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
+++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
@@ -256,7 +256,7 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string
 				}
 				for _, s := range data {
 					if err := s.saveTo(ctrDirOrFileOnHost); err != nil {
-						return nil, fmt.Errorf("error saving data to container filesystem on host %q: %w", ctrDirOrFileOnHost, err)
+						return nil, fmt.Errorf("saving data to container filesystem on host %q: %w", ctrDirOrFileOnHost, err)
 					}
 				}
 			case mode.IsRegular():
@@ -278,7 +278,7 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string
 
 			err = label.Relabel(ctrDirOrFileOnHost, mountLabel, false)
 			if err != nil {
-				return nil, fmt.Errorf("error applying correct labels: %w", err)
+				return nil, fmt.Errorf("applying correct labels: %w", err)
 			}
 			if uid != 0 || gid != 0 {
 				if err := rchown(ctrDirOrFileOnHost, uid, gid); err != nil {
@@ -372,7 +372,7 @@ func mountExists(mounts []rspec.Mount, dest string) bool {
 	return false
 }
 
-// resolveSymbolicLink resolves a possbile symlink path. If the path is a symlink, returns resolved
+// resolveSymbolicLink resolves symlink paths. If the path is a symlink, returns resolved
 // path; if not, returns the original path.
 func resolveSymbolicLink(path string) (string, error) {
 	info, err := os.Lstat(path)
diff --git a/vendor/github.com/containers/common/pkg/supplemented/supplemented.go b/vendor/github.com/containers/common/pkg/supplemented/supplemented.go
index 84201c998..58c9af654 100644
--- a/vendor/github.com/containers/common/pkg/supplemented/supplemented.go
+++ b/vendor/github.com/containers/common/pkg/supplemented/supplemented.go
@@ -58,7 +58,7 @@ func Reference(ref types.ImageReference, supplemental []types.ImageReference, mu
 func (s *supplementedImageReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
 	src, err := s.NewImageSource(ctx, sys)
 	if err != nil {
-		return nil, fmt.Errorf("error building a new Image using an ImageSource: %w", err)
+		return nil, fmt.Errorf("building a new Image using an ImageSource: %w", err)
 	}
 	return image.FromSource(ctx, sys, src)
 }
@@ -75,7 +75,7 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 	// Open the default instance for reading.
 	top, err := s.ImageReference.NewImageSource(ctx, sys)
 	if err != nil {
-		return nil, fmt.Errorf("error opening %q as image source: %w", transports.ImageName(s.ImageReference), err)
+		return nil, fmt.Errorf("opening %q as image source: %w", transports.ImageName(s.ImageReference), err)
 	}
 
 	defer func() {
@@ -105,14 +105,14 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 		// Mark this instance as being associated with this ImageSource.
 		manifestDigest, err := manifest.Digest(manifestBytes)
 		if err != nil {
-			return fmt.Errorf("error computing digest over manifest %q: %w", string(manifestBytes), err)
+			return fmt.Errorf("computing digest over manifest %q: %w", string(manifestBytes), err)
 		}
 		sources[manifestDigest] = src
 
 		// Parse the manifest as a single image.
 		man, err := manifest.FromBlob(manifestBytes, manifestType)
 		if err != nil {
-			return fmt.Errorf("error parsing manifest %q: %w", string(manifestBytes), err)
+			return fmt.Errorf("parsing manifest %q: %w", string(manifestBytes), err)
 		}
 
 		// Log the config blob's digest and the blobs of its layers as associated with this manifest.
@@ -135,14 +135,14 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 		// Mark this instance as being associated with this ImageSource.
 		manifestDigest, err := manifest.Digest(manifestBytes)
 		if err != nil {
-			return fmt.Errorf("error computing manifest digest: %w", err)
+			return fmt.Errorf("computing manifest digest: %w", err)
 		}
 		sources[manifestDigest] = src
 
 		// Parse the manifest as a list of images.
 		list, err := manifest.ListFromBlob(manifestBytes, manifestType)
 		if err != nil {
-			return fmt.Errorf("error parsing manifest blob %q as a %q: %w", string(manifestBytes), manifestType, err)
+			return fmt.Errorf("parsing manifest blob %q as a %q: %w", string(manifestBytes), manifestType, err)
 		}
 
 		// Figure out which of its instances we want to look at.
@@ -151,7 +151,7 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 		case cp.CopySystemImage:
 			instance, err := list.ChooseInstance(sys)
 			if err != nil {
-				return fmt.Errorf("error selecting appropriate instance from list: %w", err)
+				return fmt.Errorf("selecting appropriate instance from list: %w", err)
 			}
 			chaseInstances = []digest.Digest{instance}
 		case cp.CopySpecificImages:
@@ -194,14 +194,14 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 		} else {
 			src, err = ref.NewImageSource(ctx, sys)
 			if err != nil {
-				return nil, fmt.Errorf("error opening %q as image source: %w", transports.ImageName(ref), err)
+				return nil, fmt.Errorf("opening %q as image source: %w", transports.ImageName(ref), err)
 			}
 		}
 
 		// Read the default manifest for the image.
 		manifestBytes, manifestType, err := src.GetManifest(ctx, nil)
 		if err != nil {
-			return nil, fmt.Errorf("error reading default manifest from image %q: %w", transports.ImageName(ref), err)
+			return nil, fmt.Errorf("reading default manifest from image %q: %w", transports.ImageName(ref), err)
 		}
 
 		// If this is the first image, mark it as our starting point.
@@ -223,18 +223,18 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 		// Record the digest of the ImageSource's default instance's manifest.
 		manifestDigest, err := manifest.Digest(manifestBytes)
 		if err != nil {
-			return nil, fmt.Errorf("error computing digest of manifest from image %q: %w", transports.ImageName(ref), err)
+			return nil, fmt.Errorf("computing digest of manifest from image %q: %w", transports.ImageName(ref), err)
 		}
 		sis.sourceDefaultInstances[src] = manifestDigest
 
 		// If the ImageSource's default manifest is a list, parse each of its instances.
 		if manifest.MIMETypeIsMultiImage(manifestType) {
 			if err = addMulti(manifestBytes, manifestType, src); err != nil {
-				return nil, fmt.Errorf("error adding multi-image %q: %w", transports.ImageName(ref), err)
+				return nil, fmt.Errorf("adding multi-image %q: %w", transports.ImageName(ref), err)
 			}
 		} else {
 			if err = addSingle(manifestBytes, manifestType, src); err != nil {
-				return nil, fmt.Errorf("error adding single image %q: %w", transports.ImageName(ref), err)
+				return nil, fmt.Errorf("adding single image %q: %w", transports.ImageName(ref), err)
 			}
 		}
 	}
@@ -261,18 +261,18 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 			// Trust that we either don't need it, or that it's in another reference.
 			// continue
 			// }
-			return nil, fmt.Errorf("error reading manifest for instance %q: %w", manifestToRead.instance, err)
+			return nil, fmt.Errorf("reading manifest for instance %q: %w", manifestToRead.instance, err)
 		}
 
 		if manifest.MIMETypeIsMultiImage(manifestType) {
 			// Add the list's contents.
 			if err = addMulti(manifestBytes, manifestType, manifestToRead.src); err != nil {
-				return nil, fmt.Errorf("error adding single image instance %q: %w", manifestToRead.instance, err)
+				return nil, fmt.Errorf("adding single image instance %q: %w", manifestToRead.instance, err)
 			}
 		} else {
 			// Add the single image's contents.
 			if err = addSingle(manifestBytes, manifestType, manifestToRead.src); err != nil {
-				return nil, fmt.Errorf("error adding single image instance %q: %w", manifestToRead.instance, err)
+				return nil, fmt.Errorf("adding single image instance %q: %w", manifestToRead.instance, err)
 			}
 		}
 	}
@@ -313,17 +313,17 @@ func (s *supplementedImageSource) GetManifest(ctx context.Context, instanceDiges
 		}
 		return sourceInstance.GetManifest(ctx, requestInstanceDigest)
 	}
-	return nil, "", fmt.Errorf("error getting manifest for digest %q: %w", *instanceDigest, ErrDigestNotFound)
+	return nil, "", fmt.Errorf("getting manifest for digest %q: %w", *instanceDigest, ErrDigestNotFound)
 }
 
 func (s *supplementedImageSource) GetBlob(ctx context.Context, blob types.BlobInfo, bic types.BlobInfoCache) (io.ReadCloser, int64, error) {
 	sourceInstance, ok := s.instancesByBlobDigest[blob.Digest]
 	if !ok {
-		return nil, -1, fmt.Errorf("error blob %q in known instances: %w", blob.Digest, ErrBlobNotFound)
+		return nil, -1, fmt.Errorf("blob %q in known instances: %w", blob.Digest, ErrBlobNotFound)
 	}
 	src, ok := s.sourceInstancesByInstance[sourceInstance]
 	if !ok {
-		return nil, -1, fmt.Errorf("error getting image source for instance %q: %w", sourceInstance, ErrDigestNotFound)
+		return nil, -1, fmt.Errorf("getting image source for instance %q: %w", sourceInstance, ErrDigestNotFound)
 	}
 	return src.GetBlob(ctx, blob, bic)
 }
@@ -364,7 +364,7 @@ func (s *supplementedImageSource) GetSignatures(ctx context.Context, instanceDig
 	if src != nil {
 		return src.GetSignatures(ctx, requestInstanceDigest)
 	}
-	return nil, fmt.Errorf("error finding instance for instance digest %q to read signatures: %w", digest, ErrDigestNotFound)
+	return nil, fmt.Errorf("finding instance for instance digest %q to read signatures: %w", digest, ErrDigestNotFound)
 }
 
 func (s *supplementedImageSource) LayerInfosForCopy(ctx context.Context, instanceDigest *digest.Digest) ([]types.BlobInfo, error) {
@@ -387,7 +387,7 @@ func (s *supplementedImageSource) LayerInfosForCopy(ctx context.Context, instanc
 	if src != nil {
 		blobInfos, err := src.LayerInfosForCopy(ctx, requestInstanceDigest)
 		if err != nil {
-			return nil, fmt.Errorf("error reading layer infos for copy from instance %q: %w", instanceDigest, err)
+			return nil, fmt.Errorf("reading layer infos for copy from instance %q: %w", instanceDigest, err)
 		}
 		var manifestDigest digest.Digest
 		if instanceDigest != nil {
@@ -398,5 +398,5 @@ func (s *supplementedImageSource) LayerInfosForCopy(ctx context.Context, instanc
 		}
 		return blobInfos, nil
 	}
-	return nil, fmt.Errorf("error finding instance for instance digest %q to copy layers: %w", errMsgDigest, ErrDigestNotFound)
+	return nil, fmt.Errorf("finding instance for instance digest %q to copy layers: %w", errMsgDigest, ErrDigestNotFound)
 }
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index f8a24f823..34e9fe6ba 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.49.0-dev"
+const Version = "0.49.2-dev"
diff --git a/vendor/github.com/containers/image/v5/copy/copy.go b/vendor/github.com/containers/image/v5/copy/copy.go
index ba5334e59..6758d4de1 100644
--- a/vendor/github.com/containers/image/v5/copy/copy.go
+++ b/vendor/github.com/containers/image/v5/copy/copy.go
@@ -19,7 +19,6 @@ import (
 	"github.com/containers/image/v5/internal/imagesource"
 	"github.com/containers/image/v5/internal/pkg/platform"
 	"github.com/containers/image/v5/internal/private"
-	internalsig "github.com/containers/image/v5/internal/signature"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/image/v5/pkg/blobinfocache"
 	"github.com/containers/image/v5/pkg/compression"
@@ -405,23 +404,11 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur
 	}
 	updatedList := originalList.Clone()
 
-	// Read and/or clear the set of signatures for this list.
-	var sigs []internalsig.Signature
-	if options.RemoveSignatures {
-		sigs = []internalsig.Signature{}
-	} else {
-		c.Printf("Getting image list signatures\n")
-		s, err := c.rawSource.GetSignaturesWithFormat(ctx, nil)
-		if err != nil {
-			return nil, fmt.Errorf("reading signatures: %w", err)
-		}
-		sigs = s
-	}
-	if len(sigs) != 0 {
-		c.Printf("Checking if image list destination supports signatures\n")
-		if err := c.dest.SupportsSignatures(ctx); err != nil {
-			return nil, fmt.Errorf("Can not copy signatures to %s: %w", transports.ImageName(c.dest.Reference()), err)
-		}
+	sigs, err := c.sourceSignatures(ctx, unparsedToplevel, options,
+		"Getting image list signatures",
+		"Checking if image list destination supports signatures")
+	if err != nil {
+		return nil, err
 	}
 
 	// If the destination is a digested reference, make a note of that, determine what digest value we're
@@ -656,22 +643,11 @@ func (c *copier) copyOneImage(ctx context.Context, policyContext *signature.Poli
 		return nil, "", "", err
 	}
 
-	var sigs []internalsig.Signature
-	if options.RemoveSignatures {
-		sigs = []internalsig.Signature{}
-	} else {
-		c.Printf("Getting image source signatures\n")
-		s, err := src.UntrustedSignatures(ctx)
-		if err != nil {
-			return nil, "", "", fmt.Errorf("reading signatures: %w", err)
-		}
-		sigs = s
-	}
-	if len(sigs) != 0 {
-		c.Printf("Checking if image destination supports signatures\n")
-		if err := c.dest.SupportsSignatures(ctx); err != nil {
-			return nil, "", "", fmt.Errorf("Can not copy signatures to %s: %w", transports.ImageName(c.dest.Reference()), err)
-		}
+	sigs, err := c.sourceSignatures(ctx, src, options,
+		"Getting image source signatures",
+		"Checking if image destination supports signatures")
+	if err != nil {
+		return nil, "", "", err
 	}
 
 	// Determine if we're allowed to modify the manifest.
diff --git a/vendor/github.com/containers/image/v5/copy/sign.go b/vendor/github.com/containers/image/v5/copy/sign.go
index 0ea06f4bb..6c3d9d62c 100644
--- a/vendor/github.com/containers/image/v5/copy/sign.go
+++ b/vendor/github.com/containers/image/v5/copy/sign.go
@@ -1,15 +1,42 @@
 package copy
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/containers/image/v5/docker/reference"
+	"github.com/containers/image/v5/internal/private"
 	internalsig "github.com/containers/image/v5/internal/signature"
 	"github.com/containers/image/v5/signature"
 	"github.com/containers/image/v5/signature/sigstore"
 	"github.com/containers/image/v5/transports"
 )
 
+// sourceSignatures returns signatures from unparsedSource based on options,
+// and verifies that they can be used (to avoid copying a large image when we
+// can tell in advance that it would ultimately fail)
+func (c *copier) sourceSignatures(ctx context.Context, unparsed private.UnparsedImage, options *Options,
+	gettingSignaturesMessage, checkingDestMessage string) ([]internalsig.Signature, error) {
+	var sigs []internalsig.Signature
+	if options.RemoveSignatures {
+		sigs = []internalsig.Signature{}
+	} else {
+		c.Printf("%s\n", gettingSignaturesMessage)
+		s, err := unparsed.UntrustedSignatures(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("reading signatures: %w", err)
+		}
+		sigs = s
+	}
+	if len(sigs) != 0 {
+		c.Printf("%s\n", checkingDestMessage)
+		if err := c.dest.SupportsSignatures(ctx); err != nil {
+			return nil, fmt.Errorf("Can not copy signatures to %s: %w", transports.ImageName(c.dest.Reference()), err)
+		}
+	}
+	return sigs, nil
+}
+
 // createSignature creates a new signature of manifest using keyIdentity.
 func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase string, identity reference.Named) (internalsig.Signature, error) {
 	mech, err := signature.NewGPGSigningMechanism()
diff --git a/vendor/github.com/containers/image/v5/docker/archive/dest.go b/vendor/github.com/containers/image/v5/docker/archive/dest.go
index 60521662e..632ee7c49 100644
--- a/vendor/github.com/containers/image/v5/docker/archive/dest.go
+++ b/vendor/github.com/containers/image/v5/docker/archive/dest.go
@@ -3,7 +3,6 @@ package archive
 import (
 	"context"
 	"fmt"
-	"io"
 
 	"github.com/containers/image/v5/docker/internal/tarfile"
 	"github.com/containers/image/v5/internal/private"
@@ -13,8 +12,8 @@ import (
 type archiveImageDestination struct {
 	*tarfile.Destination // Implements most of types.ImageDestination
 	ref                  archiveReference
-	archive              *tarfile.Writer // Should only be closed if writer != nil
-	writer               io.Closer       // May be nil if the archive is shared
+	writer               *Writer // Should be closed if closeWriter
+	closeWriter          bool
 }
 
 func newImageDestination(sys *types.SystemContext, ref archiveReference) (private.ImageDestination, error) {
@@ -22,29 +21,28 @@ func newImageDestination(sys *types.SystemContext, ref archiveReference) (privat
 		return nil, fmt.Errorf("Destination reference must not contain a manifest index @%d", ref.sourceIndex)
 	}
 
-	var archive *tarfile.Writer
-	var writer io.Closer
-	if ref.archiveWriter != nil {
-		archive = ref.archiveWriter
-		writer = nil
+	var writer *Writer
+	var closeWriter bool
+	if ref.writer != nil {
+		writer = ref.writer
+		closeWriter = false
 	} else {
-		fh, err := openArchiveForWriting(ref.path)
+		w, err := NewWriter(sys, ref.path)
 		if err != nil {
 			return nil, err
 		}
-
-		archive = tarfile.NewWriter(fh)
-		writer = fh
+		writer = w
+		closeWriter = true
 	}
-	tarDest := tarfile.NewDestination(sys, archive, ref.Transport().Name(), ref.ref)
+	tarDest := tarfile.NewDestination(sys, writer.archive, ref.Transport().Name(), ref.ref)
 	if sys != nil && sys.DockerArchiveAdditionalTags != nil {
 		tarDest.AddRepoTags(sys.DockerArchiveAdditionalTags)
 	}
 	return &archiveImageDestination{
 		Destination: tarDest,
 		ref:         ref,
-		archive:     archive,
 		writer:      writer,
+		closeWriter: closeWriter,
 	}, nil
 }
 
@@ -56,7 +54,7 @@ func (d *archiveImageDestination) Reference() types.ImageReference {
 
 // Close removes resources associated with an initialized ImageDestination, if any.
 func (d *archiveImageDestination) Close() error {
-	if d.writer != nil {
+	if d.closeWriter {
 		return d.writer.Close()
 	}
 	return nil
@@ -70,8 +68,15 @@ func (d *archiveImageDestination) Close() error {
 // - Uploaded data MAY be visible to others before Commit() is called
 // - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed)
 func (d *archiveImageDestination) Commit(ctx context.Context, unparsedToplevel types.UnparsedImage) error {
-	if d.writer != nil {
-		return d.archive.Close()
+	d.writer.imageCommitted()
+	if d.closeWriter {
+		// We could do this only in .Close(), but failures in .Close() are much more likely to be
+		// ignored by callers that use defer. So, in single-image destinations, try to complete
+		// the archive here.
+		// But if Commit() is never called, let .Close() clean up.
+		err := d.writer.Close()
+		d.closeWriter = false
+		return err
 	}
 	return nil
 }
diff --git a/vendor/github.com/containers/image/v5/docker/archive/transport.go b/vendor/github.com/containers/image/v5/docker/archive/transport.go
index 9044b340b..304a8c618 100644
--- a/vendor/github.com/containers/image/v5/docker/archive/transport.go
+++ b/vendor/github.com/containers/image/v5/docker/archive/transport.go
@@ -53,7 +53,7 @@ type archiveReference struct {
 	// file, not necessarily path precisely).
 	archiveReader *tarfile.Reader
 	// If not nil, must have been created for path
-	archiveWriter *tarfile.Writer
+	writer *Writer
 }
 
 // ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an Docker ImageReference.
@@ -108,7 +108,7 @@ func NewIndexReference(path string, sourceIndex int) (types.ImageReference, erro
 // newReference returns a docker archive reference for a path, an optional reference or sourceIndex,
 // and optionally a tarfile.Reader and/or a tarfile.Writer matching path.
 func newReference(path string, ref reference.NamedTagged, sourceIndex int,
-	archiveReader *tarfile.Reader, archiveWriter *tarfile.Writer) (types.ImageReference, error) {
+	archiveReader *tarfile.Reader, writer *Writer) (types.ImageReference, error) {
 	if strings.Contains(path, ":") {
 		return nil, fmt.Errorf("Invalid docker-archive: reference: colon in path %q is not supported", path)
 	}
@@ -126,7 +126,7 @@ func newReference(path string, ref reference.NamedTagged, sourceIndex int,
 		ref:           ref,
 		sourceIndex:   sourceIndex,
 		archiveReader: archiveReader,
-		archiveWriter: archiveWriter,
+		writer:        writer,
 	}, nil
 }
 
diff --git a/vendor/github.com/containers/image/v5/docker/archive/writer.go b/vendor/github.com/containers/image/v5/docker/archive/writer.go
index 2d8fafe29..aa8cdd600 100644
--- a/vendor/github.com/containers/image/v5/docker/archive/writer.go
+++ b/vendor/github.com/containers/image/v5/docker/archive/writer.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"sync"
 
 	"github.com/containers/image/v5/docker/internal/tarfile"
 	"github.com/containers/image/v5/docker/reference"
@@ -13,47 +14,19 @@ import (
 
 // Writer manages a single in-progress Docker archive and allows adding images to it.
 type Writer struct {
-	path    string // The original, user-specified path; not the maintained temporary file, if any
-	archive *tarfile.Writer
-	writer  io.Closer
+	path        string // The original, user-specified path; not the maintained temporary file, if any
+	regularFile bool   // path refers to a regular file (e.g. not a pipe)
+	archive     *tarfile.Writer
+	writer      io.Closer
+
+	// The following state can only be acccessed with the mutex held.
+	mutex     sync.Mutex
+	hadCommit bool // At least one successful commit has happened
 }
 
 // NewWriter returns a Writer for path.
 // The caller should call .Close() on the returned object.
 func NewWriter(sys *types.SystemContext, path string) (*Writer, error) {
-	fh, err := openArchiveForWriting(path)
-	if err != nil {
-		return nil, err
-	}
-	archive := tarfile.NewWriter(fh)
-
-	return &Writer{
-		path:    path,
-		archive: archive,
-		writer:  fh,
-	}, nil
-}
-
-// Close writes all outstanding data about images to the archive, and
-// releases state associated with the Writer, if any.
-// No more images can be added after this is called.
-func (w *Writer) Close() error {
-	err := w.archive.Close()
-	if err2 := w.writer.Close(); err2 != nil && err == nil {
-		err = err2
-	}
-	return err
-}
-
-// NewReference returns an ImageReference that allows adding an image to Writer,
-// with an optional reference.
-func (w *Writer) NewReference(destinationRef reference.NamedTagged) (types.ImageReference, error) {
-	return newReference(w.path, destinationRef, -1, nil, w.archive)
-}
-
-// openArchiveForWriting opens path for writing a tar archive,
-// making a few sanity checks.
-func openArchiveForWriting(path string) (*os.File, error) {
 	// path can be either a pipe or a regular file
 	// in the case of a pipe, we require that we can open it for write
 	// in the case of a regular file, we don't want to overwrite any pre-existing file
@@ -69,15 +42,62 @@ func openArchiveForWriting(path string) (*os.File, error) {
 			fh.Close()
 		}
 	}()
+
 	fhStat, err := fh.Stat()
 	if err != nil {
 		return nil, fmt.Errorf("statting file %q: %w", path, err)
 	}
-
-	if fhStat.Mode().IsRegular() && fhStat.Size() != 0 {
+	regularFile := fhStat.Mode().IsRegular()
+	if regularFile && fhStat.Size() != 0 {
 		return nil, errors.New("docker-archive doesn't support modifying existing images")
 	}
 
+	archive := tarfile.NewWriter(fh)
+
 	succeeded = true
-	return fh, nil
+	return &Writer{
+		path:        path,
+		regularFile: regularFile,
+		archive:     archive,
+		writer:      fh,
+		hadCommit:   false,
+	}, nil
+}
+
+// imageCommitted notifies the Writer that at least one image was successfully commited to the stream.
+func (w *Writer) imageCommitted() {
+	w.mutex.Lock()
+	defer w.mutex.Unlock()
+	w.hadCommit = true
+}
+
+// Close writes all outstanding data about images to the archive, and
+// releases state associated with the Writer, if any.
+// No more images can be added after this is called.
+func (w *Writer) Close() error {
+	err := w.archive.Close()
+	if err2 := w.writer.Close(); err2 != nil && err == nil {
+		err = err2
+	}
+	if err == nil && w.regularFile && !w.hadCommit {
+		// Writing to the destination never had a success; delete the destination if we created it.
+		// This is done primarily because we don’t implement adding another image to a pre-existing image, so if we
+		// left a partial archive around (notably because reading from the _source_ has failed), we couldn’t retry without
+		// the caller manually deleting the partial archive. So, delete it instead.
+		//
+		// Archives with at least one successfully created image are left around; they might still be valuable.
+		//
+		// Note a corner case: If there _originally_ was an empty file (which is not a valid archive anyway), this deletes it.
+		// Ideally, if w.regularFile, we should write the full contents to a temporary file and use os.Rename here, only on success.
+		if err2 := os.Remove(w.path); err2 != nil {
+			err = err2
+		}
+	}
+	return err
+}
+
+// NewReference returns an ImageReference that allows adding an image to Writer,
+// with an optional reference.
+func (w *Writer) NewReference(destinationRef reference.NamedTagged) (types.ImageReference, error) {
+	return newReference(w.path, destinationRef, -1, nil, w)
 }
diff --git a/vendor/github.com/containers/image/v5/docker/daemon/daemon_transport.go b/vendor/github.com/containers/image/v5/docker/daemon/daemon_transport.go
index 31ce167f1..ad2189084 100644
--- a/vendor/github.com/containers/image/v5/docker/daemon/daemon_transport.go
+++ b/vendor/github.com/containers/image/v5/docker/daemon/daemon_transport.go
@@ -53,7 +53,7 @@ func (t daemonTransport) ValidatePolicyConfigurationScope(scope string) error {
 // For daemonImageSource, both id and ref are acceptable, ref must not be a NameOnly (interpreted as all tags in that repository by the daemon)
 // For daemonImageDestination, it must be a ref, which is NamedTagged.
 // (We could, in principle, also allow storing images without tagging them, and the user would have to refer to them using the docker image ID = config digest.
-//  Using the config digest requires the caller to parse the manifest themselves, which is very cumbersome; so, for now, we don’t bother.)
+// Using the config digest requires the caller to parse the manifest themselves, which is very cumbersome; so, for now, we don’t bother.)
 type daemonReference struct {
 	id  digest.Digest
 	ref reference.Named // !reference.IsNameOnly
diff --git a/vendor/github.com/docker/distribution/registry/client/errors.go b/vendor/github.com/containers/image/v5/docker/distribution_error.go
index 52d49d5d2..0fe915249 100644
--- a/vendor/github.com/docker/distribution/registry/client/errors.go
+++ b/vendor/github.com/containers/image/v5/docker/distribution_error.go
@@ -1,46 +1,60 @@
-package client
+// Code below is taken from https://github.com/distribution/distribution/blob/a4d9db5a884b70be0c96dd6a7a9dbef4f2798c51/registry/client/errors.go
+// Copyright 2022 github.com/distribution/distribution authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package docker
 
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 
 	"github.com/docker/distribution/registry/api/errcode"
-	"github.com/docker/distribution/registry/client/auth/challenge"
+	dockerChallenge "github.com/docker/distribution/registry/client/auth/challenge"
 )
 
-// ErrNoErrorsInBody is returned when an HTTP response body parses to an empty
+// errNoErrorsInBody is returned when an HTTP response body parses to an empty
 // errcode.Errors slice.
-var ErrNoErrorsInBody = errors.New("no error details found in HTTP response body")
+var errNoErrorsInBody = errors.New("no error details found in HTTP response body")
 
-// UnexpectedHTTPStatusError is returned when an unexpected HTTP status is
+// unexpectedHTTPStatusError is returned when an unexpected HTTP status is
 // returned when making a registry api call.
-type UnexpectedHTTPStatusError struct {
+type unexpectedHTTPStatusError struct {
 	Status string
 }
 
-func (e *UnexpectedHTTPStatusError) Error() string {
+func (e *unexpectedHTTPStatusError) Error() string {
 	return fmt.Sprintf("received unexpected HTTP status: %s", e.Status)
 }
 
-// UnexpectedHTTPResponseError is returned when an expected HTTP status code
+// unexpectedHTTPResponseError is returned when an expected HTTP status code
 // is returned, but the content was unexpected and failed to be parsed.
-type UnexpectedHTTPResponseError struct {
+type unexpectedHTTPResponseError struct {
 	ParseErr   error
 	StatusCode int
 	Response   []byte
 }
 
-func (e *UnexpectedHTTPResponseError) Error() string {
+func (e *unexpectedHTTPResponseError) Error() string {
 	return fmt.Sprintf("error parsing HTTP %d response body: %s: %q", e.StatusCode, e.ParseErr.Error(), string(e.Response))
 }
 
 func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 	var errors errcode.Errors
-	body, err := ioutil.ReadAll(r)
+	body, err := io.ReadAll(r)
 	if err != nil {
 		return err
 	}
@@ -63,7 +77,7 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 	}
 
 	if err := json.Unmarshal(body, &errors); err != nil {
-		return &UnexpectedHTTPResponseError{
+		return &unexpectedHTTPResponseError{
 			ParseErr:   err,
 			StatusCode: statusCode,
 			Response:   body,
@@ -73,8 +87,8 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 	if len(errors) == 0 {
 		// If there was no error specified in the body, return
 		// UnexpectedHTTPResponseError.
-		return &UnexpectedHTTPResponseError{
-			ParseErr:   ErrNoErrorsInBody,
+		return &unexpectedHTTPResponseError{
+			ParseErr:   errNoErrorsInBody,
 			StatusCode: statusCode,
 			Response:   body,
 		}
@@ -94,15 +108,15 @@ func mergeErrors(err1, err2 error) error {
 	return errcode.Errors(append(makeErrorList(err1), makeErrorList(err2)...))
 }
 
-// HandleErrorResponse returns error parsed from HTTP response for an
+// handleErrorResponse returns error parsed from HTTP response for an
 // unsuccessful HTTP response code (in the range 400 - 499 inclusive). An
 // UnexpectedHTTPStatusError returned for response code outside of expected
 // range.
-func HandleErrorResponse(resp *http.Response) error {
+func handleErrorResponse(resp *http.Response) error {
 	if resp.StatusCode >= 400 && resp.StatusCode < 500 {
 		// Check for OAuth errors within the `WWW-Authenticate` header first
 		// See https://tools.ietf.org/html/rfc6750#section-3
-		for _, c := range challenge.ResponseChallenges(resp) {
+		for _, c := range dockerChallenge.ResponseChallenges(resp) {
 			if c.Scheme == "bearer" {
 				var err errcode.Error
 				// codes defined at https://tools.ietf.org/html/rfc6750#section-3.1
@@ -124,16 +138,10 @@ func HandleErrorResponse(resp *http.Response) error {
 			}
 		}
 		err := parseHTTPErrorResponse(resp.StatusCode, resp.Body)
-		if uErr, ok := err.(*UnexpectedHTTPResponseError); ok && resp.StatusCode == 401 {
+		if uErr, ok := err.(*unexpectedHTTPResponseError); ok && resp.StatusCode == 401 {
 			return errcode.ErrorCodeUnauthorized.WithDetail(uErr.Response)
 		}
 		return err
 	}
-	return &UnexpectedHTTPStatusError{Status: resp.Status}
-}
-
-// SuccessStatus returns true if the argument is a successful HTTP response
-// code (in the range 200 - 399 inclusive).
-func SuccessStatus(status int) bool {
-	return status >= 200 && status <= 399
+	return &unexpectedHTTPStatusError{Status: resp.Status}
 }
diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go
index 5de076740..c7ef38b9d 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_client.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_client.go
@@ -27,7 +27,6 @@ import (
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/docker/distribution/registry/api/errcode"
 	v2 "github.com/docker/distribution/registry/api/v2"
-	clientLib "github.com/docker/distribution/registry/client"
 	"github.com/docker/go-connections/tlsconfig"
 	digest "github.com/opencontainers/go-digest"
 	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -126,8 +125,9 @@ type dockerClient struct {
 }
 
 type authScope struct {
-	remoteName string
-	actions    string
+	resourceType string
+	remoteName   string
+	actions      string
 }
 
 // sendAuth determines whether we need authentication for v2 or v1 endpoint.
@@ -236,6 +236,7 @@ func newDockerClientFromRef(sys *types.SystemContext, ref dockerReference, regis
 	}
 	client.signatureBase = sigBase
 	client.useSigstoreAttachments = registryConfig.useSigstoreAttachments(ref)
+	client.scope.resourceType = "repository"
 	client.scope.actions = actions
 	client.scope.remoteName = reference.Path(ref.ref)
 	return client, nil
@@ -474,6 +475,33 @@ func (c *dockerClient) makeRequest(ctx context.Context, method, path string, hea
 	return c.makeRequestToResolvedURL(ctx, method, url, headers, stream, -1, auth, extraScope)
 }
 
+// Checks if the auth headers in the response contain an indication of a failed
+// authorizdation because of an "insufficient_scope" error. If that's the case,
+// returns the required scope to be used for fetching a new token.
+func needsRetryWithUpdatedScope(err error, res *http.Response) (bool, *authScope) {
+	if err == nil && res.StatusCode == http.StatusUnauthorized {
+		challenges := parseAuthHeader(res.Header)
+		for _, challenge := range challenges {
+			if challenge.Scheme == "bearer" {
+				if errmsg, ok := challenge.Parameters["error"]; ok && errmsg == "insufficient_scope" {
+					if scope, ok := challenge.Parameters["scope"]; ok && scope != "" {
+						if newScope, err := parseAuthScope(scope); err == nil {
+							return true, newScope
+						} else {
+							logrus.WithFields(logrus.Fields{
+								"error":     err,
+								"scope":     scope,
+								"challenge": challenge,
+							}).Error("Failed to parse the authentication scope from the given challenge")
+						}
+					}
+				}
+			}
+		}
+	}
+	return false, nil
+}
+
 // parseRetryAfter determines the delay required by the "Retry-After" header in res and returns it,
 // silently falling back to fallbackDelay if the header is missing or invalid.
 func parseRetryAfter(res *http.Response, fallbackDelay time.Duration) time.Duration {
@@ -513,6 +541,29 @@ func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method stri
 	for {
 		res, err := c.makeRequestToResolvedURLOnce(ctx, method, url, headers, stream, streamLen, auth, extraScope)
 		attempts++
+
+		// By default we use pre-defined scopes per operation. In
+		// certain cases, this can fail when our authentication is
+		// insufficient, then we might be getting an error back with a
+		// Www-Authenticate Header indicating an insufficient scope.
+		//
+		// Check for that and update the client challenges to retry after
+		// requesting a new token
+		//
+		// We only try this on the first attempt, to not overload an
+		// already struggling server.
+		// We also cannot retry with a body (stream != nil) as stream
+		// was already read
+		if attempts == 1 && stream == nil && auth != noAuth {
+			if retry, newScope := needsRetryWithUpdatedScope(err, res); retry {
+				logrus.Debug("Detected insufficient_scope error, will retry request with updated scope")
+				// Note: This retry ignores extraScope. That’s, strictly speaking, incorrect, but we don’t currently
+				// expect the insufficient_scope errors to happen for those callers. If that changes, we can add support
+				// for more than one extra scope.
+				res, err = c.makeRequestToResolvedURLOnce(ctx, method, url, headers, stream, streamLen, auth, newScope)
+				extraScope = newScope
+			}
+		}
 		if res == nil || res.StatusCode != http.StatusTooManyRequests || // Only retry on StatusTooManyRequests, success or other failure is returned to caller immediately
 			stream != nil || // We can't retry with a body (which is not restartable in the general case)
 			attempts == backoffNumIterations {
@@ -592,8 +643,18 @@ func (c *dockerClient) setupRequestAuth(req *http.Request, extraScope *authScope
 				cacheKey := ""
 				scopes := []authScope{c.scope}
 				if extraScope != nil {
-					// Using ':' as a separator here is unambiguous because getBearerToken below uses the same separator when formatting a remote request (and because repository names can't contain colons).
-					cacheKey = fmt.Sprintf("%s:%s", extraScope.remoteName, extraScope.actions)
+					// Using ':' as a separator here is unambiguous because getBearerToken below
+					// uses the same separator when formatting a remote request (and because
+					// repository names that we create can't contain colons, and extraScope values
+					// coming from a server come from `parseAuthScope`, which also splits on colons).
+					cacheKey = fmt.Sprintf("%s:%s:%s", extraScope.resourceType, extraScope.remoteName, extraScope.actions)
+					if colonCount := strings.Count(cacheKey, ":"); colonCount != 2 {
+						return fmt.Errorf(
+							"Internal error: there must be exactly 2 colons in the cacheKey ('%s') but got %d",
+							cacheKey,
+							colonCount,
+						)
+					}
 					scopes = append(scopes, *extraScope)
 				}
 				var token bearerToken
@@ -648,9 +709,10 @@ func (c *dockerClient) getBearerTokenOAuth2(ctx context.Context, challenge chall
 	if service, ok := challenge.Parameters["service"]; ok && service != "" {
 		params.Add("service", service)
 	}
+
 	for _, scope := range scopes {
-		if scope.remoteName != "" && scope.actions != "" {
-			params.Add("scope", fmt.Sprintf("repository:%s:%s", scope.remoteName, scope.actions))
+		if scope.resourceType != "" && scope.remoteName != "" && scope.actions != "" {
+			params.Add("scope", fmt.Sprintf("%s:%s:%s", scope.resourceType, scope.remoteName, scope.actions))
 		}
 	}
 	params.Add("grant_type", "refresh_token")
@@ -700,8 +762,8 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge,
 	}
 
 	for _, scope := range scopes {
-		if scope.remoteName != "" && scope.actions != "" {
-			params.Add("scope", fmt.Sprintf("repository:%s:%s", scope.remoteName, scope.actions))
+		if scope.resourceType != "" && scope.remoteName != "" && scope.actions != "" {
+			params.Add("scope", fmt.Sprintf("%s:%s:%s", scope.resourceType, scope.remoteName, scope.actions))
 		}
 	}
 
@@ -977,7 +1039,7 @@ func (c *dockerClient) getExtensionsSignatures(ctx context.Context, ref dockerRe
 	defer res.Body.Close()
 
 	if res.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("downloading signatures for %s in %s: %w", manifestDigest, ref.ref.Name(), clientLib.HandleErrorResponse(res))
+		return nil, fmt.Errorf("downloading signatures for %s in %s: %w", manifestDigest, ref.ref.Name(), handleErrorResponse(res))
 	}
 
 	body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureListBodySize)
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
index 6cd693b6b..44b45c472 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
@@ -358,8 +358,9 @@ func (d *dockerImageDestination) TryReusingBlobWithOptions(ctx context.Context,
 		// Checking candidateRepo, and mounting from it, requires an
 		// expanded token scope.
 		extraScope := &authScope{
-			remoteName: reference.Path(candidateRepo),
-			actions:    "pull",
+			resourceType: "repository",
+			remoteName:   reference.Path(candidateRepo),
+			actions:      "pull",
 		}
 		// This existence check is not, strictly speaking, necessary: We only _really_ need it to get the blob size, and we could record that in the cache instead.
 		// But a "failed" d.mountBlob currently leaves around an unterminated server-side upload, which we would try to cancel.
diff --git a/vendor/github.com/containers/image/v5/docker/errors.go b/vendor/github.com/containers/image/v5/docker/errors.go
index 79590c4c7..9c02e27e3 100644
--- a/vendor/github.com/containers/image/v5/docker/errors.go
+++ b/vendor/github.com/containers/image/v5/docker/errors.go
@@ -4,8 +4,6 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-
-	"github.com/docker/distribution/registry/client"
 )
 
 var (
@@ -35,7 +33,7 @@ func httpResponseToError(res *http.Response, context string) error {
 	case http.StatusTooManyRequests:
 		return ErrTooManyRequests
 	case http.StatusUnauthorized:
-		err := client.HandleErrorResponse(res)
+		err := handleErrorResponse(res)
 		return ErrUnauthorizedForCredentials{Err: err}
 	default:
 		if context != "" {
@@ -48,8 +46,8 @@ func httpResponseToError(res *http.Response, context string) error {
 // registryHTTPResponseToError creates a Go error from an HTTP error response of a docker/distribution
 // registry
 func registryHTTPResponseToError(res *http.Response) error {
-	err := client.HandleErrorResponse(res)
-	if e, ok := err.(*client.UnexpectedHTTPResponseError); ok {
+	err := handleErrorResponse(res)
+	if e, ok := err.(*unexpectedHTTPResponseError); ok {
 		response := string(e.Response)
 		if len(response) > 50 {
 			response = response[:50] + "..."
diff --git a/vendor/github.com/containers/image/v5/docker/reference/reference.go b/vendor/github.com/containers/image/v5/docker/reference/reference.go
index 8c0c23b2f..b7cd00b0d 100644
--- a/vendor/github.com/containers/image/v5/docker/reference/reference.go
+++ b/vendor/github.com/containers/image/v5/docker/reference/reference.go
@@ -3,13 +3,13 @@
 //
 // Grammar
 //
-// 	reference                       := name [ ":" tag ] [ "@" digest ]
+//	reference                       := name [ ":" tag ] [ "@" digest ]
 //	name                            := [domain '/'] path-component ['/' path-component]*
 //	domain                          := domain-component ['.' domain-component]* [':' port-number]
 //	domain-component                := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
 //	port-number                     := /[0-9]+/
 //	path-component                  := alpha-numeric [separator alpha-numeric]*
-// 	alpha-numeric                   := /[a-z0-9]+/
+//	alpha-numeric                   := /[a-z0-9]+/
 //	separator                       := /[_.]|__|[-]*/
 //
 //	tag                             := /[\w][\w.-]{0,127}/
diff --git a/vendor/github.com/containers/image/v5/docker/wwwauthenticate.go b/vendor/github.com/containers/image/v5/docker/wwwauthenticate.go
index d0bbbba8a..37ca098a8 100644
--- a/vendor/github.com/containers/image/v5/docker/wwwauthenticate.go
+++ b/vendor/github.com/containers/image/v5/docker/wwwauthenticate.go
@@ -3,6 +3,7 @@ package docker
 // Based on github.com/docker/distribution/registry/client/auth/authchallenge.go, primarily stripping unnecessary dependencies.
 
 import (
+	"fmt"
 	"net/http"
 	"strings"
 )
@@ -70,6 +71,18 @@ func parseAuthHeader(header http.Header) []challenge {
 	return challenges
 }
 
+// parseAuthScope parses an authentication scope string of the form `$resource:$remote:$actions`
+func parseAuthScope(scopeStr string) (*authScope, error) {
+	if parts := strings.Split(scopeStr, ":"); len(parts) == 3 {
+		return &authScope{
+			resourceType: parts[0],
+			remoteName:   parts[1],
+			actions:      parts[2],
+		}, nil
+	}
+	return nil, fmt.Errorf("error parsing auth scope: '%s'", scopeStr)
+}
+
 // NOTE: This is not a fully compliant parser per RFC 7235:
 // Most notably it does not support more than one challenge within a single header
 // Some of the whitespace parsing also seems noncompliant.
diff --git a/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go b/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go
index ee34ffdbd..cff68ac16 100644
--- a/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go
+++ b/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go
@@ -22,13 +22,14 @@ type Compat struct {
 // for implementations of private.ImageDestination.
 //
 // Use it like this:
-// type yourDestination struct {
-//     impl.Compat
-//     …
-// }
-// dest := &yourDestination{…}
-// dest.Compat = impl.AddCompat(dest)
 //
+//	type yourDestination struct {
+//		impl.Compat
+//		…
+//	}
+//
+//	dest := &yourDestination{…}
+//	dest.Compat = impl.AddCompat(dest)
 func AddCompat(dest private.ImageDestinationInternalOnly) Compat {
 	return Compat{dest}
 }
diff --git a/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/stubs.go b/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/stubs.go
index e81eec896..ab233406a 100644
--- a/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/stubs.go
+++ b/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/stubs.go
@@ -3,23 +3,25 @@
 // Compare with imagedestination/impl, which might require non-trivial implementation work.
 //
 // There are two kinds of stubs:
-// - Pure stubs, like ImplementsPutBlobPartial. Those can just be included in an imageDestination
-//   implementation:
 //
-//   type yourDestination struct {
-//       stubs.ImplementsPutBlobPartial
-//       …
-//   }
-// - Stubs with a constructor, like NoPutBlobPartialInitialize. The Initialize marker
-//   means that a constructor must be called:
-//   type yourDestination struct {
-//       stubs.NoPutBlobPartialInitialize
-//       …
-//   }
+// First, there are pure stubs, like ImplementsPutBlobPartial. Those can just be included in an imageDestination
+// implementation:
 //
-//   dest := &yourDestination{
-//       …
-//       NoPutBlobPartialInitialize: stubs.NoPutBlobPartial(ref),
-//   }
+//	type yourDestination struct {
+//		stubs.ImplementsPutBlobPartial
+//		…
+//	}
 //
+// Second, there are stubs with a constructor, like NoPutBlobPartialInitialize. The Initialize marker
+// means that a constructor must be called:
+//
+//	type yourDestination struct {
+//		stubs.NoPutBlobPartialInitialize
+//		…
+//	}
+//
+//	dest := &yourDestination{
+//		…
+//		NoPutBlobPartialInitialize: stubs.NoPutBlobPartial(ref),
+//	}
 package stubs
diff --git a/vendor/github.com/containers/image/v5/internal/imagesource/impl/compat.go b/vendor/github.com/containers/image/v5/internal/imagesource/impl/compat.go
index 6f7932916..7d859c312 100644
--- a/vendor/github.com/containers/image/v5/internal/imagesource/impl/compat.go
+++ b/vendor/github.com/containers/image/v5/internal/imagesource/impl/compat.go
@@ -19,13 +19,14 @@ type Compat struct {
 // for implementations of private.ImageSource.
 //
 // Use it like this:
-// type yourSource struct {
-//     impl.Compat
-//     …
-// }
-// src := &yourSource{…}
-// src.Compat = impl.AddCompat(src)
 //
+//	type yourSource struct {
+//		impl.Compat
+//		…
+//	}
+//
+//	src := &yourSource{…}
+//	src.Compat = impl.AddCompat(src)
 func AddCompat(src private.ImageSourceInternalOnly) Compat {
 	return Compat{src}
 }
diff --git a/vendor/github.com/containers/image/v5/internal/imagesource/stubs/stubs.go b/vendor/github.com/containers/image/v5/internal/imagesource/stubs/stubs.go
index 134fd1b53..0ce6fd51f 100644
--- a/vendor/github.com/containers/image/v5/internal/imagesource/stubs/stubs.go
+++ b/vendor/github.com/containers/image/v5/internal/imagesource/stubs/stubs.go
@@ -3,23 +3,26 @@
 // Compare with imagesource/impl, which might require non-trivial implementation work.
 //
 // There are two kinds of stubs:
-// - Pure stubs, like ImplementsGetBlobAt. Those can just be included in an ImageSource
-//   implementation:
 //
-//   type yourSource struct {
-//       stubs.ImplementsGetBlobAt
-//       …
-//   }
-// - Stubs with a constructor, like NoGetBlobAtInitialize. The Initialize marker
-//   means that a constructor must be called:
-//   type yourSource struct {
-//       stubs.NoGetBlobAtInitialize
-//       …
-//   }
+// First, there are pure stubs, like ImplementsGetBlobAt. Those can just be included in an ImageSource
 //
-//   dest := &yourSource{
-//       …
-//       NoGetBlobAtInitialize: stubs.NoGetBlobAt(ref),
-//   }
+// implementation:
 //
+//	type yourSource struct {
+//		stubs.ImplementsGetBlobAt
+//		…
+//	}
+//
+// Second, there are stubs with a constructor, like NoGetBlobAtInitialize. The Initialize marker
+// means that a constructor must be called:
+
+//	type yourSource struct {
+//		stubs.NoGetBlobAtInitialize
+//		…
+//	}
+//
+//	dest := &yourSource{
+//		…
+//		NoGetBlobAtInitialize: stubs.NoGetBlobAt(ref),
+//	}
 package stubs
diff --git a/vendor/github.com/containers/image/v5/manifest/common.go b/vendor/github.com/containers/image/v5/manifest/common.go
index 9cf7dd3a9..5f352acc2 100644
--- a/vendor/github.com/containers/image/v5/manifest/common.go
+++ b/vendor/github.com/containers/image/v5/manifest/common.go
@@ -228,3 +228,16 @@ func compressionVariantsRecognizeMIMEType(variantTable []compressionMIMETypeSet,
 	variants := findCompressionMIMETypeSet(variantTable, mimeType)
 	return variants != nil // Alternatively, this could be len(variants) > 1, but really the caller should ask about a specific algorithm.
 }
+
+// imgInspectLayersFromLayerInfos converts a list of layer infos, presumably obtained from a Manifest.LayerInfos()
+// method call, into a format suitable for inclusion in a types.ImageInspectInfo structure.
+func imgInspectLayersFromLayerInfos(infos []LayerInfo) []types.ImageInspectLayer {
+	layers := make([]types.ImageInspectLayer, len(infos))
+	for i, info := range infos {
+		layers[i].MIMEType = info.MediaType
+		layers[i].Digest = info.Digest
+		layers[i].Size = info.Size
+		layers[i].Annotations = info.Annotations
+	}
+	return layers
+}
diff --git a/vendor/github.com/containers/image/v5/manifest/docker_schema1.go b/vendor/github.com/containers/image/v5/manifest/docker_schema1.go
index e1f1fb9d9..9df9bc667 100644
--- a/vendor/github.com/containers/image/v5/manifest/docker_schema1.go
+++ b/vendor/github.com/containers/image/v5/manifest/docker_schema1.go
@@ -221,13 +221,16 @@ func (m *Schema1) Inspect(_ func(types.BlobInfo) ([]byte, error)) (*types.ImageI
 	if err := json.Unmarshal([]byte(m.History[0].V1Compatibility), s1); err != nil {
 		return nil, err
 	}
+	layerInfos := m.LayerInfos()
 	i := &types.ImageInspectInfo{
 		Tag:           m.Tag,
 		Created:       &s1.Created,
 		DockerVersion: s1.DockerVersion,
 		Architecture:  s1.Architecture,
 		Os:            s1.OS,
-		Layers:        layerInfosToStrings(m.LayerInfos()),
+		Layers:        layerInfosToStrings(layerInfos),
+		LayersData:    imgInspectLayersFromLayerInfos(layerInfos),
+		Author:        s1.Author,
 	}
 	if s1.Config != nil {
 		i.Labels = s1.Config.Labels
diff --git a/vendor/github.com/containers/image/v5/manifest/docker_schema2.go b/vendor/github.com/containers/image/v5/manifest/docker_schema2.go
index e79d0851f..d9eca043b 100644
--- a/vendor/github.com/containers/image/v5/manifest/docker_schema2.go
+++ b/vendor/github.com/containers/image/v5/manifest/docker_schema2.go
@@ -271,6 +271,7 @@ func (m *Schema2) Inspect(configGetter func(types.BlobInfo) ([]byte, error)) (*t
 	if err := json.Unmarshal(config, s2); err != nil {
 		return nil, err
 	}
+	layerInfos := m.LayerInfos()
 	i := &types.ImageInspectInfo{
 		Tag:           "",
 		Created:       &s2.Created,
@@ -278,7 +279,9 @@ func (m *Schema2) Inspect(configGetter func(types.BlobInfo) ([]byte, error)) (*t
 		Architecture:  s2.Architecture,
 		Variant:       s2.Variant,
 		Os:            s2.OS,
-		Layers:        layerInfosToStrings(m.LayerInfos()),
+		Layers:        layerInfosToStrings(layerInfos),
+		LayersData:    imgInspectLayersFromLayerInfos(layerInfos),
+		Author:        s2.Author,
 	}
 	if s2.Config != nil {
 		i.Labels = s2.Config.Labels
diff --git a/vendor/github.com/containers/image/v5/manifest/oci.go b/vendor/github.com/containers/image/v5/manifest/oci.go
index fc325009c..0674eb47b 100644
--- a/vendor/github.com/containers/image/v5/manifest/oci.go
+++ b/vendor/github.com/containers/image/v5/manifest/oci.go
@@ -212,6 +212,7 @@ func (m *OCI1) Inspect(configGetter func(types.BlobInfo) ([]byte, error)) (*type
 	if err := json.Unmarshal(config, d1); err != nil {
 		return nil, err
 	}
+	layerInfos := m.LayerInfos()
 	i := &types.ImageInspectInfo{
 		Tag:           "",
 		Created:       v1.Created,
@@ -219,8 +220,10 @@ func (m *OCI1) Inspect(configGetter func(types.BlobInfo) ([]byte, error)) (*type
 		Labels:        v1.Config.Labels,
 		Architecture:  v1.Architecture,
 		Os:            v1.OS,
-		Layers:        layerInfosToStrings(m.LayerInfos()),
+		Layers:        layerInfosToStrings(layerInfos),
+		LayersData:    imgInspectLayersFromLayerInfos(layerInfos),
 		Env:           v1.Config.Env,
+		Author:        v1.Author,
 	}
 	return i, nil
 }
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift-copies.go b/vendor/github.com/containers/image/v5/openshift/openshift-copies.go
index 8df1bfc8b..42e8970a0 100644
--- a/vendor/github.com/containers/image/v5/openshift/openshift-copies.go
+++ b/vendor/github.com/containers/image/v5/openshift/openshift-copies.go
@@ -332,7 +332,7 @@ var (
 	errEmptyCluster = errors.New("cluster has no server defined")
 )
 
-//helper for checking certificate/key/CA
+// helper for checking certificate/key/CA
 func validateFileIsReadable(name string) error {
 	answer, err := os.Open(name)
 	defer func() {
@@ -545,8 +545,10 @@ type clientConfigLoadingRules struct {
 // Load is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfigLoadingRules.Load
 // Load starts by running the MigrationRules and then
 // takes the loading rules and returns a Config object based on following rules.
-//   if the ExplicitPath, return the unmerged explicit file
-//   Otherwise, return a merged config based on the Precedence slice
+//
+//   - if the ExplicitPath, return the unmerged explicit file
+//   - Otherwise, return a merged config based on the Precedence slice
+//
 // A missing ExplicitPath file produces an error. Empty filenames or other missing files are ignored.
 // Read errors or files with non-deserializable content produce errors.
 // The first file to set a particular map key wins and map key's value is never changed.
diff --git a/vendor/github.com/containers/image/v5/pkg/cli/passphrase.go b/vendor/github.com/containers/image/v5/pkg/cli/passphrase.go
new file mode 100644
index 000000000..c46650cdc
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/pkg/cli/passphrase.go
@@ -0,0 +1,36 @@
+package cli
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+)
+
+// ReadPassphraseFile returns the first line of the specified path.
+// For convenience, an empty string is returned if the path is empty.
+func ReadPassphraseFile(path string) (string, error) {
+	if path == "" {
+		return "", nil
+	}
+
+	logrus.Debugf("Reading user-specified passphrase for signing from %s", path)
+
+	ppf, err := os.Open(path)
+	if err != nil {
+		return "", err
+	}
+	defer ppf.Close()
+
+	// Read the *first* line in the passphrase file, just as gpg(1) does.
+	buf, err := bufio.NewReader(ppf).ReadBytes('\n')
+	if err != nil && !errors.Is(err, io.EOF) {
+		return "", fmt.Errorf("reading passphrase file: %w", err)
+	}
+
+	return strings.TrimSuffix(string(buf), "\n"), nil
+}
diff --git a/vendor/github.com/containers/image/v5/pkg/shortnames/shortnames.go b/vendor/github.com/containers/image/v5/pkg/shortnames/shortnames.go
index 3e16d8ca2..8793711fe 100644
--- a/vendor/github.com/containers/image/v5/pkg/shortnames/shortnames.go
+++ b/vendor/github.com/containers/image/v5/pkg/shortnames/shortnames.go
@@ -20,9 +20,9 @@ import (
 // short names.
 //
 // Examples:
-//  * short names: "image:tag", "library/fedora"
-//  * not short names: "quay.io/image", "localhost/image:tag",
-//                     "server.org:5000/lib/image", "image@sha256:..."
+//   - short names: "image:tag", "library/fedora"
+//   - not short names: "quay.io/image", "localhost/image:tag",
+//     "server.org:5000/lib/image", "image@sha256:..."
 func IsShortName(input string) bool {
 	isShort, _, _ := parseUnnormalizedShortName(input)
 	return isShort
@@ -402,9 +402,9 @@ func Resolve(ctx *types.SystemContext, name string) (*Resolved, error) {
 // not a short name), it is returned as is.  In case, it's a short name, the
 // returned slice of named references looks as follows:
 //
-//  1) If present, the short-name alias
-//  2) "localhost/" as used by many container engines such as Podman and Buildah
-//  3) Unqualified-search registries from the registries.conf files
+//  1. If present, the short-name alias
+//  2. "localhost/" as used by many container engines such as Podman and Buildah
+//  3. Unqualified-search registries from the registries.conf files
 //
 // Note that tags and digests are stripped from the specified name before
 // looking up an alias. Stripped off tags and digests are later on appended to
diff --git a/vendor/github.com/containers/image/v5/signature/policy_eval.go b/vendor/github.com/containers/image/v5/signature/policy_eval.go
index 2edf8397c..533a997b1 100644
--- a/vendor/github.com/containers/image/v5/signature/policy_eval.go
+++ b/vendor/github.com/containers/image/v5/signature/policy_eval.go
@@ -172,10 +172,10 @@ func (pc *PolicyContext) requirementsForImageRef(ref types.ImageReference) Polic
 // but it does not necessarily mean that the contents of the signature are
 // consistent with local policy.
 // For example:
-// - Do not use a an existence of an accepted signature to determine whether to run
-//   a container based on this image; use IsRunningImageAllowed instead.
-// - Just because a signature is accepted does not automatically mean the contents of the
-//   signature are authorized to run code as root, or to affect system or cluster configuration.
+//   - Do not use a an existence of an accepted signature to determine whether to run
+//     a container based on this image; use IsRunningImageAllowed instead.
+//   - Just because a signature is accepted does not automatically mean the contents of the
+//     signature are authorized to run code as root, or to affect system or cluster configuration.
 func (pc *PolicyContext) GetSignaturesWithAcceptedAuthor(ctx context.Context, publicImage types.UnparsedImage) (sigs []*Signature, finalErr error) {
 	if err := pc.changeState(pcReady, pcInUse); err != nil {
 		return nil, err
diff --git a/vendor/github.com/containers/image/v5/tarball/doc.go b/vendor/github.com/containers/image/v5/tarball/doc.go
index e9d321b8f..064c78b17 100644
--- a/vendor/github.com/containers/image/v5/tarball/doc.go
+++ b/vendor/github.com/containers/image/v5/tarball/doc.go
@@ -2,6 +2,7 @@
 // tarballs and an optional template configuration.
 //
 // An example:
+//
 //	package main
 //
 //	import (
diff --git a/vendor/github.com/containers/image/v5/types/types.go b/vendor/github.com/containers/image/v5/types/types.go
index dcff8caf7..7075b09e0 100644
--- a/vendor/github.com/containers/image/v5/types/types.go
+++ b/vendor/github.com/containers/image/v5/types/types.go
@@ -177,24 +177,25 @@ type BICReplacementCandidate struct {
 // BlobInfoCache records data useful for reusing blobs, or substituting equivalent ones, to avoid unnecessary blob copies.
 //
 // It records two kinds of data:
-// - Sets of corresponding digest vs. uncompressed digest ("DiffID") pairs:
-//   One of the two digests is known to be uncompressed, and a single uncompressed digest may correspond to more than one compressed digest.
-//   This allows matching compressed layer blobs to existing local uncompressed layers (to avoid unnecessary download and decompression),
-//   or uncompressed layer blobs to existing remote compressed layers (to avoid unnecessary compression and upload)/
 //
-//   It is allowed to record an (uncompressed digest, the same uncompressed digest) correspondence, to express that the digest is known
-//   to be uncompressed (i.e. that a conversion from schema1 does not have to decompress the blob to compute a DiffID value).
+//   - Sets of corresponding digest vs. uncompressed digest ("DiffID") pairs:
+//     One of the two digests is known to be uncompressed, and a single uncompressed digest may correspond to more than one compressed digest.
+//     This allows matching compressed layer blobs to existing local uncompressed layers (to avoid unnecessary download and decompression),
+//     or uncompressed layer blobs to existing remote compressed layers (to avoid unnecessary compression and upload)/
 //
-//   This mapping is primarily maintained in generic copy.Image code, but transports may want to contribute more data points if they independently
-//   compress/decompress blobs for their own purposes.
+//     It is allowed to record an (uncompressed digest, the same uncompressed digest) correspondence, to express that the digest is known
+//     to be uncompressed (i.e. that a conversion from schema1 does not have to decompress the blob to compute a DiffID value).
 //
-// - Known blob locations, managed by individual transports:
-//   The transports call RecordKnownLocation when encountering a blob that could possibly be reused (typically in GetBlob/PutBlob/TryReusingBlob),
-//   recording transport-specific information that allows the transport to reuse the blob in the future;
-//   then, TryReusingBlob implementations can call CandidateLocations to look up previously recorded blob locations that could be reused.
+//     This mapping is primarily maintained in generic copy.Image code, but transports may want to contribute more data points if they independently
+//     compress/decompress blobs for their own purposes.
 //
-//   Each transport defines its own “scopes� within which blob reuse is possible (e.g. in, the docker/distribution case, blobs
-//   can be directly reused within a registry, or mounted across registries within a registry server.)
+//   - Known blob locations, managed by individual transports:
+//     The transports call RecordKnownLocation when encountering a blob that could possibly be reused (typically in GetBlob/PutBlob/TryReusingBlob),
+//     recording transport-specific information that allows the transport to reuse the blob in the future;
+//     then, TryReusingBlob implementations can call CandidateLocations to look up previously recorded blob locations that could be reused.
+//
+//     Each transport defines its own “scopes� within which blob reuse is possible (e.g. in, the docker/distribution case, blobs
+//     can be directly reused within a registry, or mounted across registries within a registry server.)
 //
 // None of the methods return an error indication: errors when neither reading from, nor writing to, the cache, should be fatal;
 // users of the cache should just fall back to copying the blobs the usual way.
@@ -465,7 +466,17 @@ type ImageInspectInfo struct {
 	Variant       string
 	Os            string
 	Layers        []string
+	LayersData    []ImageInspectLayer
 	Env           []string
+	Author        string
+}
+
+// ImageInspectLayer is a set of metadata describing an image layers' detail
+type ImageInspectLayer struct {
+	MIMEType    string // "" if unknown.
+	Digest      digest.Digest
+	Size        int64 // -1 if unknown.
+	Annotations map[string]string
 }
 
 // DockerAuthConfig contains authorization information for connecting to a registry.
diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go
index f15c5ac20..ca5f4a42d 100644
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@@ -6,9 +6,9 @@ const (
 	// VersionMajor is for an API incompatible changes
 	VersionMajor = 5
 	// VersionMinor is for functionality in a backwards-compatible manner
-	VersionMinor = 21
+	VersionMinor = 22
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 2
+	VersionPatch = 1
 
 	// VersionDev indicates development branch. Releases will be empty string.
 	VersionDev = "-dev"
diff --git a/vendor/github.com/containers/ocicrypt/go.mod b/vendor/github.com/containers/ocicrypt/go.mod
deleted file mode 100644
index 46ee2a289..000000000
--- a/vendor/github.com/containers/ocicrypt/go.mod
+++ /dev/null
@@ -1,21 +0,0 @@
-module github.com/containers/ocicrypt
-
-go 1.12
-
-require (
-	github.com/golang/protobuf v1.4.3
-	github.com/google/go-cmp v0.5.2 // indirect
-	github.com/miekg/pkcs11 v1.1.1
-	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.0.2
-	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.7.0
-	github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980
-	github.com/stretchr/testify v1.3.0
-	go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
-	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
-	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
-	google.golang.org/grpc v1.33.2
-	gopkg.in/square/go-jose.v2 v2.5.1
-	gopkg.in/yaml.v3 v3.0.0
-)
diff --git a/vendor/github.com/containers/ocicrypt/go.sum b/vendor/github.com/containers/ocicrypt/go.sum
deleted file mode 100644
index 86e36e768..000000000
--- a/vendor/github.com/containers/ocicrypt/go.sum
+++ /dev/null
@@ -1,117 +0,0 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
-github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
-github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 h1:lIOOHPEbXzO3vnmx2gok1Tfs31Q8GQqKLc8vVqyQq/I=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 h1:It14KIkyBFYkHkwZ7k45minvA9aorojkyjGk9KJ5B/w=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.2 h1:EQyQC3sa8M+p6Ulc8yy9SWSS2GVwyRc83gAbG8lrl4o=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/vendor/github.com/containers/psgo/go.mod b/vendor/github.com/containers/psgo/go.mod
deleted file mode 100644
index 1489be7c3..000000000
--- a/vendor/github.com/containers/psgo/go.mod
+++ /dev/null
@@ -1,10 +0,0 @@
-module github.com/containers/psgo
-
-go 1.14
-
-require (
-	github.com/containers/storage v1.38.0
-	github.com/opencontainers/runc v1.1.0
-	github.com/stretchr/testify v1.7.0
-	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
-)
diff --git a/vendor/github.com/containers/psgo/go.sum b/vendor/github.com/containers/psgo/go.sum
deleted file mode 100644
index 71bfe7abe..000000000
--- a/vendor/github.com/containers/psgo/go.sum
+++ /dev/null
@@ -1,1041 +0,0 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
-github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
-github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
-github.com/containerd/stargz-snapshotter/estargz v0.10.1/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/storage v1.38.0 h1:QTgqmtQeb2tk1VucK0nZwCJKmlVLZGybrMMMlixedFY=
-github.com/containers/storage v1.38.0/go.mod h1:lBzt28gAk5ADZuRtwdndRJyqX22vnRaXmlF+7ktfMYc=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
-github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.14.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
-github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8=
-github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/vendor/github.com/containers/psgo/internal/capabilities/capabilities.go b/vendor/github.com/containers/psgo/internal/capabilities/capabilities.go
index 1a60b96c4..9545ed57b 100644
--- a/vendor/github.com/containers/psgo/internal/capabilities/capabilities.go
+++ b/vendor/github.com/containers/psgo/internal/capabilities/capabilities.go
@@ -63,11 +63,14 @@ var (
 		35: "WAKE_ALARM",
 		36: "BLOCK_SUSPEND",
 		37: "AUDIT_READ",
+		38: "PERFMON",
+		39: "BPF",
+		40: "CHECKPOINT_RESTORE",
 	}
 
 	// FullCAPs represents the value of a bitmask with a full capability
 	// set.
-	FullCAPs = uint64(0x3FFFFFFFFF)
+	FullCAPs = uint64(0x1FFFFFFFFFF)
 )
 
 // TranslateMask iterates over mask and returns a slice of corresponding
diff --git a/vendor/github.com/containers/psgo/internal/proc/stat.go b/vendor/github.com/containers/psgo/internal/proc/stat.go
index e3286704c..5e0bafb2b 100644
--- a/vendor/github.com/containers/psgo/internal/proc/stat.go
+++ b/vendor/github.com/containers/psgo/internal/proc/stat.go
@@ -32,7 +32,7 @@ type Stat struct {
 	// whether or not the executable is swapped out.
 	Comm string
 	// (3) The process state (e.g., running, sleeping, zombie, dead).
-	// Refer to proc(5) for further deatils.
+	// Refer to proc(5) for further details.
 	State string
 	// (4) The PID of the parent of this process.
 	Ppid string
diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml
index 53b13cd33..e3e2b58f9 100644
--- a/vendor/github.com/containers/storage/.cirrus.yml
+++ b/vendor/github.com/containers/storage/.cirrus.yml
@@ -132,7 +132,7 @@ lint_task:
 meta_task:
 
     container:
-        image: "quay.io/libpod/imgts:${IMAGE_SUFFIX}"
+        image: "quay.io/libpod/imgts:latest"
         cpu: 1
         memory: 1
 
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index ce045fe2d..6d41d503d 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.41.1-dev
+1.42.1-dev
diff --git a/vendor/github.com/containers/storage/drivers/aufs/aufs.go b/vendor/github.com/containers/storage/drivers/aufs/aufs.go
index dd5685aca..f0eb6d2fd 100644
--- a/vendor/github.com/containers/storage/drivers/aufs/aufs.go
+++ b/vendor/github.com/containers/storage/drivers/aufs/aufs.go
@@ -47,7 +47,7 @@ import (
 	mountpk "github.com/containers/storage/pkg/mount"
 	"github.com/containers/storage/pkg/parsers"
 	"github.com/containers/storage/pkg/system"
-	"github.com/opencontainers/runc/libcontainer/userns"
+	"github.com/containers/storage/pkg/unshare"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/sirupsen/logrus"
 	"github.com/vbatts/tar-split/tar/storage"
@@ -200,7 +200,7 @@ func supportsAufs() error {
 	// proc/filesystems for when aufs is supported
 	exec.Command("modprobe", "aufs").Run()
 
-	if userns.RunningInUserNS() {
+	if unshare.IsRootless() {
 		return ErrAufsNested
 	}
 
diff --git a/vendor/github.com/containers/storage/drivers/chown.go b/vendor/github.com/containers/storage/drivers/chown.go
index bad654b59..34a76b822 100644
--- a/vendor/github.com/containers/storage/drivers/chown.go
+++ b/vendor/github.com/containers/storage/drivers/chown.go
@@ -2,6 +2,7 @@ package graphdriver
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"os"
 
@@ -93,7 +94,7 @@ func ChownPathByMaps(path string, toContainer, toHost *idtools.IDMappings) error
 		return err
 	}
 	if len(output) > 0 {
-		return fmt.Errorf(string(output))
+		return errors.New(string(output))
 	}
 
 	return nil
diff --git a/vendor/github.com/containers/storage/drivers/copy/copy_linux.go b/vendor/github.com/containers/storage/drivers/copy/copy_linux.go
index b92b3b12d..58c0b5daf 100644
--- a/vendor/github.com/containers/storage/drivers/copy/copy_linux.go
+++ b/vendor/github.com/containers/storage/drivers/copy/copy_linux.go
@@ -27,7 +27,6 @@ import (
 	"github.com/containers/storage/pkg/pools"
 	"github.com/containers/storage/pkg/system"
 	"github.com/containers/storage/pkg/unshare"
-	"github.com/opencontainers/runc/libcontainer/userns"
 	"golang.org/x/sys/unix"
 )
 
@@ -207,7 +206,7 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
 			s.Close()
 
 		case mode&os.ModeDevice != 0:
-			if userns.RunningInUserNS() {
+			if unshare.IsRootless() {
 				// cannot create a device if running in user namespace
 				return nil
 			}
diff --git a/vendor/github.com/containers/storage/drivers/devmapper/device_setup.go b/vendor/github.com/containers/storage/drivers/devmapper/device_setup.go
index d239be87b..c5a64a500 100644
--- a/vendor/github.com/containers/storage/drivers/devmapper/device_setup.go
+++ b/vendor/github.com/containers/storage/drivers/devmapper/device_setup.go
@@ -166,9 +166,10 @@ func readLVMConfig(root string) (directLVMConfig, error) {
 	if len(b) == 0 {
 		return cfg, nil
 	}
-
-	err = json.Unmarshal(b, &cfg)
-	return cfg, fmt.Errorf("unmarshaling previous device setup config: %w", err)
+	if err := json.Unmarshal(b, &cfg); err != nil {
+		return cfg, fmt.Errorf("unmarshaling previous device setup config: %w", err)
+	}
+	return cfg, nil
 }
 
 func writeLVMConfig(root string, cfg directLVMConfig) error {
@@ -177,8 +178,10 @@ func writeLVMConfig(root string, cfg directLVMConfig) error {
 	if err != nil {
 		return fmt.Errorf("marshalling direct lvm config: %w", err)
 	}
-	err = ioutil.WriteFile(p, b, 0600)
-	return fmt.Errorf("writing direct lvm config to file: %w", err)
+	if err := ioutil.WriteFile(p, b, 0600); err != nil {
+		return fmt.Errorf("writing direct lvm config to file: %w", err)
+	}
+	return nil
 }
 
 func setupDirectLVM(cfg directLVMConfig) error {
diff --git a/vendor/github.com/containers/storage/drivers/fsdiff.go b/vendor/github.com/containers/storage/drivers/fsdiff.go
index b619317e0..f0e091004 100644
--- a/vendor/github.com/containers/storage/drivers/fsdiff.go
+++ b/vendor/github.com/containers/storage/drivers/fsdiff.go
@@ -10,7 +10,7 @@ import (
 	"github.com/containers/storage/pkg/chrootarchive"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/ioutils"
-	"github.com/opencontainers/runc/libcontainer/userns"
+	"github.com/containers/storage/pkg/unshare"
 	"github.com/sirupsen/logrus"
 )
 
@@ -179,7 +179,7 @@ func (gdw *NaiveDiffDriver) ApplyDiff(id, parent string, options ApplyDiffOpts)
 	}
 
 	tarOptions := &archive.TarOptions{
-		InUserNS:          userns.RunningInUserNS(),
+		InUserNS:          unshare.IsRootless(),
 		IgnoreChownErrors: options.IgnoreChownErrors,
 		ForceMask:         forceMask,
 	}
diff --git a/vendor/github.com/containers/storage/drivers/overlay/check_116.go b/vendor/github.com/containers/storage/drivers/overlay/check_116.go
index 6d7913cbf..bec455dd4 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/check_116.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/check_116.go
@@ -1,14 +1,17 @@
-// +build go1.16
+//go:build linux
+// +build linux
 
 package overlay
 
 import (
+	"errors"
 	"io/fs"
 	"path/filepath"
 	"strings"
 
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/system"
+	"golang.org/x/sys/unix"
 )
 
 func scanForMountProgramIndicators(home string) (detected bool, err error) {
@@ -26,7 +29,7 @@ func scanForMountProgramIndicators(home string) (detected bool, err error) {
 		}
 		if d.IsDir() {
 			xattrs, err := system.Llistxattr(path)
-			if err != nil {
+			if err != nil && !errors.Is(err, unix.EOPNOTSUPP) {
 				return err
 			}
 			for _, xattr := range xattrs {
diff --git a/vendor/github.com/containers/storage/drivers/overlay/idmapped_utils.go b/vendor/github.com/containers/storage/drivers/overlay/idmapped_utils.go
index 30423e363..4b7b0db44 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/idmapped_utils.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/idmapped_utils.go
@@ -21,17 +21,6 @@ type attr struct {
 	userNs      uint64
 }
 
-const (
-	// _MOUNT_ATTR_IDMAP - Idmap mount to @userns_fd in struct mount_attr
-	_MOUNT_ATTR_IDMAP = 0x00100000 //nolint:golint
-
-	// _OPEN_TREE_CLONE - Clone the source path mount
-	_OPEN_TREE_CLONE = 0x00000001 //nolint:golint
-
-	// _MOVE_MOUNT_F_EMPTY_PATH - Move the path referenced by the fd
-	_MOVE_MOUNT_F_EMPTY_PATH = 0x00000004 //nolint:golint
-)
-
 // openTree is a wrapper for the open_tree syscall
 func openTree(path string, flags int) (fd int, err error) {
 	var _p0 *byte
@@ -61,7 +50,7 @@ func moveMount(fdTree int, target string) (err error) {
 		return err
 	}
 
-	flags := _MOVE_MOUNT_F_EMPTY_PATH
+	flags := unix.MOVE_MOUNT_F_EMPTY_PATH
 
 	_, _, e1 := syscall.Syscall6(uintptr(unix.SYS_MOVE_MOUNT),
 		uintptr(fdTree), uintptr(unsafe.Pointer(_p1)),
@@ -98,14 +87,14 @@ func createIDMappedMount(source, target string, pid int) error {
 	}
 
 	var attr attr
-	attr.attrSet = _MOUNT_ATTR_IDMAP
+	attr.attrSet = unix.MOUNT_ATTR_IDMAP
 	attr.attrClr = 0
 	attr.propagation = 0
 	attr.userNs = uint64(userNsFile.Fd())
 
 	defer userNsFile.Close()
 
-	targetDirFd, err := openTree(source, _OPEN_TREE_CLONE|unix.AT_RECURSIVE)
+	targetDirFd, err := openTree(source, unix.OPEN_TREE_CLONE)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index 6bc8343f4..434d43521 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -34,7 +34,6 @@ import (
 	units "github.com/docker/go-units"
 	"github.com/hashicorp/go-multierror"
 	digest "github.com/opencontainers/go-digest"
-	"github.com/opencontainers/runc/libcontainer/userns"
 	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/sirupsen/logrus"
@@ -1346,7 +1345,11 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
 	}
 	if !d.usingMetacopy {
 		if hasMetacopyOption(optsList) {
-			logrus.StandardLogger().Logf(logLevel, "Ignoring global metacopy option, not supported with booted kernel")
+			if d.options.mountProgram == "" {
+				logrus.StandardLogger().Logf(logLevel, "Ignoring global metacopy option, not supported with booted kernel")
+			} else {
+				logrus.Debugf("Ignoring global metacopy option, the mount program doesn't support it")
+			}
 		}
 		optsList = stripOption(optsList, "metacopy=on")
 	}
@@ -1608,7 +1611,7 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
 			diffDir := path.Join(id, "diff")
 			opts = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(relLowers, ":"), diffDir, workdir)
 		} else {
-			opts = fmt.Sprintf("lowerdir=%s", strings.Join(relLowers, ":"))
+			opts = fmt.Sprintf("lowerdir=%s:%s", diffDir, strings.Join(relLowers, ":"))
 		}
 		if len(optsList) > 0 {
 			opts = fmt.Sprintf("%s,%s", opts, strings.Join(optsList, ","))
@@ -1826,7 +1829,7 @@ func (d *Driver) ApplyDiffWithDiffer(id, parent string, options *graphdriver.App
 		GIDMaps:           idMappings.GIDs(),
 		IgnoreChownErrors: d.options.ignoreChownErrors,
 		WhiteoutFormat:    d.getWhiteoutFormat(),
-		InUserNS:          userns.RunningInUserNS(),
+		InUserNS:          unshare.IsRootless(),
 	})
 	out.Target = applyDir
 	return out, err
@@ -1884,7 +1887,7 @@ func (d *Driver) ApplyDiff(id, parent string, options graphdriver.ApplyDiffOpts)
 		IgnoreChownErrors: d.options.ignoreChownErrors,
 		ForceMask:         d.options.forceMask,
 		WhiteoutFormat:    d.getWhiteoutFormat(),
-		InUserNS:          userns.RunningInUserNS(),
+		InUserNS:          unshare.IsRootless(),
 	}); err != nil {
 		return 0, err
 	}
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
deleted file mode 100644
index 1b455a0c8..000000000
--- a/vendor/github.com/containers/storage/go.mod
+++ /dev/null
@@ -1,33 +0,0 @@
-go 1.16
-
-module github.com/containers/storage
-
-require (
-	github.com/BurntSushi/toml v1.1.0
-	github.com/Microsoft/go-winio v0.5.2
-	github.com/Microsoft/hcsshim v0.9.3
-	github.com/containerd/stargz-snapshotter/estargz v0.12.0
-	github.com/cyphar/filepath-securejoin v0.2.3
-	github.com/docker/go-units v0.4.0
-	github.com/google/go-intervals v0.0.2
-	github.com/hashicorp/go-multierror v1.1.1
-	github.com/json-iterator/go v1.1.12
-	github.com/klauspost/compress v1.15.8
-	github.com/klauspost/pgzip v1.2.5
-	github.com/mattn/go-shellwords v1.0.12
-	github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
-	github.com/moby/sys/mountinfo v0.6.2
-	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/runc v1.1.3
-	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
-	github.com/opencontainers/selinux v1.10.1
-	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.8.0
-	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
-	github.com/tchap/go-patricia v2.3.0+incompatible
-	github.com/ulikunitz/xz v0.5.10
-	github.com/vbatts/tar-split v0.11.2
-	golang.org/x/net v0.0.0-20210825183410-e898025ed96a
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
-	gotest.tools v2.2.0+incompatible
-)
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
deleted file mode 100644
index 42e88f347..000000000
--- a/vendor/github.com/containers/storage/go.sum
+++ /dev/null
@@ -1,1076 +0,0 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
-github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
-github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
-github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
-github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1 h1:iJnMvco9XGvKUvNQkv88bE4uJXxRQH18efbKo9w5vHQ=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
-github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
-github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
-github.com/containerd/stargz-snapshotter/estargz v0.12.0/go.mod h1:AIQ59TewBFJ4GOPEQXujcrJ/EKxh5xXZegW1rkR1P/M=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
-github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
-github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM=
-github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.15.8 h1:JahtItbkWjf2jzm/T+qgMxkP9EMHsqEUA6vCMGmXvhA=
-github.com/klauspost/compress v1.15.8/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
-github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
-github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
-github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w=
-github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
-github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
-github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs=
-github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
-github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/vendor/github.com/containers/storage/images.go b/vendor/github.com/containers/storage/images.go
index e3008ea6c..ad3389722 100644
--- a/vendor/github.com/containers/storage/images.go
+++ b/vendor/github.com/containers/storage/images.go
@@ -242,8 +242,8 @@ func (i *Image) recomputeDigests() error {
 		if !bigDataNameIsManifest(name) {
 			continue
 		}
-		if digest.Validate() != nil {
-			return fmt.Errorf("validating digest %q for big data item %q: %w", string(digest), name, digest.Validate())
+		if err := digest.Validate(); err != nil {
+			return fmt.Errorf("validating digest %q for big data item %q: %w", string(digest), name, err)
 		}
 		// Deduplicate the digest values.
 		if _, known := digests[digest]; !known {
diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
index d24625a22..0863648ae 100644
--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
@@ -344,6 +344,14 @@ func (r *layerStore) layerspath() string {
 func (r *layerStore) Load() error {
 	shouldSave := false
 	rpath := r.layerspath()
+	info, err := os.Stat(rpath)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return err
+		}
+	} else {
+		r.layerspathModified = info.ModTime()
+	}
 	data, err := ioutil.ReadFile(rpath)
 	if err != nil && !os.IsNotExist(err) {
 		return err
@@ -1924,7 +1932,6 @@ func (r *layerStore) Modified() (bool, error) {
 	}
 	if info != nil {
 		tmodified = info.ModTime() != r.layerspathModified
-		r.layerspathModified = info.ModTime()
 	}
 
 	return tmodified, nil
diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go
index 0d0ad7bae..fc9ca3602 100644
--- a/vendor/github.com/containers/storage/pkg/archive/archive.go
+++ b/vendor/github.com/containers/storage/pkg/archive/archive.go
@@ -25,7 +25,6 @@ import (
 	"github.com/containers/storage/pkg/system"
 	"github.com/containers/storage/pkg/unshare"
 	gzip "github.com/klauspost/pgzip"
-	"github.com/opencontainers/runc/libcontainer/userns"
 	"github.com/sirupsen/logrus"
 	"github.com/ulikunitz/xz"
 )
@@ -1159,7 +1158,7 @@ func (archiver *Archiver) TarUntar(src, dst string) error {
 		GIDMaps:     tarMappings.GIDs(),
 		Compression: Uncompressed,
 		CopyPass:    true,
-		InUserNS:    userns.RunningInUserNS(),
+		InUserNS:    unshare.IsRootless(),
 	}
 	archive, err := TarWithOptions(src, options)
 	if err != nil {
@@ -1174,7 +1173,7 @@ func (archiver *Archiver) TarUntar(src, dst string) error {
 		UIDMaps:   untarMappings.UIDs(),
 		GIDMaps:   untarMappings.GIDs(),
 		ChownOpts: archiver.ChownOpts,
-		InUserNS:  userns.RunningInUserNS(),
+		InUserNS:  unshare.IsRootless(),
 	}
 	return archiver.Untar(archive, dst, options)
 }
@@ -1194,7 +1193,7 @@ func (archiver *Archiver) UntarPath(src, dst string) error {
 		UIDMaps:   untarMappings.UIDs(),
 		GIDMaps:   untarMappings.GIDs(),
 		ChownOpts: archiver.ChownOpts,
-		InUserNS:  userns.RunningInUserNS(),
+		InUserNS:  unshare.IsRootless(),
 	}
 	return archiver.Untar(archive, dst, options)
 }
@@ -1294,7 +1293,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
 		UIDMaps:              archiver.UntarIDMappings.UIDs(),
 		GIDMaps:              archiver.UntarIDMappings.GIDs(),
 		ChownOpts:            archiver.ChownOpts,
-		InUserNS:             userns.RunningInUserNS(),
+		InUserNS:             unshare.IsRootless(),
 		NoOverwriteDirNonDir: true,
 	}
 	err = archiver.Untar(r, filepath.Dir(dst), options)
@@ -1472,7 +1471,7 @@ func CopyFileWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap
 				err = fmt.Errorf("extracting data to %q while copying: %w", dest, err)
 			}
 			hashWorker.Wait()
-			if err == nil {
+			if err == nil && hashError != nil {
 				err = fmt.Errorf("calculating digest of data for %q while copying: %w", dest, hashError)
 			}
 			return err
diff --git a/vendor/github.com/containers/storage/pkg/archive/archive_freebsd.go b/vendor/github.com/containers/storage/pkg/archive/archive_freebsd.go
index 7c307ffcf..fe22eb433 100644
--- a/vendor/github.com/containers/storage/pkg/archive/archive_freebsd.go
+++ b/vendor/github.com/containers/storage/pkg/archive/archive_freebsd.go
@@ -1,3 +1,4 @@
+//go:build freebsd
 // +build freebsd
 
 package archive
@@ -11,7 +12,7 @@ import (
 
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/system"
-	"github.com/opencontainers/runc/libcontainer/userns"
+	"github.com/containers/storage/pkg/unshare"
 	"golang.org/x/sys/unix"
 )
 
@@ -87,7 +88,7 @@ func minor(device uint64) uint64 {
 // handleTarTypeBlockCharFifo is an OS-specific helper function used by
 // createTarFile to handle the following types of header: Block; Char; Fifo
 func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
-	if userns.RunningInUserNS() {
+	if unshare.IsRootless() {
 		// cannot create a device if running in user namespace
 		return nil
 	}
diff --git a/vendor/github.com/containers/storage/pkg/chrootarchive/archive.go b/vendor/github.com/containers/storage/pkg/chrootarchive/archive.go
index 2232f5d4a..d66c98b30 100644
--- a/vendor/github.com/containers/storage/pkg/chrootarchive/archive.go
+++ b/vendor/github.com/containers/storage/pkg/chrootarchive/archive.go
@@ -11,7 +11,7 @@ import (
 
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/idtools"
-	"github.com/opencontainers/runc/libcontainer/userns"
+	"github.com/containers/storage/pkg/unshare"
 )
 
 // NewArchiver returns a new Archiver which uses chrootarchive.Untar
@@ -66,7 +66,7 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
 	}
 	if options == nil {
 		options = &archive.TarOptions{}
-		options.InUserNS = userns.RunningInUserNS()
+		options.InUserNS = unshare.IsRootless()
 	}
 	if options.ExcludePatterns == nil {
 		options.ExcludePatterns = []string{}
@@ -136,7 +136,7 @@ func CopyFileWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap
 				err = fmt.Errorf("extracting data to %q while copying: %w", dest, err)
 			}
 			hashWorker.Wait()
-			if err == nil {
+			if err == nil && hashError != nil {
 				err = fmt.Errorf("calculating digest of data for %q while copying: %w", dest, hashError)
 			}
 			return err
diff --git a/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go b/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go
index 3ebee9496..511c61761 100644
--- a/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go
+++ b/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go
@@ -16,7 +16,7 @@ import (
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/reexec"
 	"github.com/containers/storage/pkg/system"
-	"github.com/opencontainers/runc/libcontainer/userns"
+	"github.com/containers/storage/pkg/unshare"
 )
 
 type applyLayerResponse struct {
@@ -36,7 +36,7 @@ func applyLayer() {
 	runtime.LockOSThread()
 	flag.Parse()
 
-	inUserns := userns.RunningInUserNS()
+	inUserns := unshare.IsRootless()
 	if err := chroot(flag.Arg(0)); err != nil {
 		fatal(err)
 	}
@@ -95,7 +95,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
 	}
 	if options == nil {
 		options = &archive.TarOptions{}
-		if userns.RunningInUserNS() {
+		if unshare.IsRootless() {
 			options.InUserNS = true
 		}
 	}
@@ -110,7 +110,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
 
 	cmd := reexec.Command("storage-applyLayer", dest)
 	cmd.Stdin = layer
-	cmd.Env = append(cmd.Env, fmt.Sprintf("OPT=%s", data))
+	cmd.Env = append(os.Environ(), fmt.Sprintf("OPT=%s", data))
 
 	outBuf, errBuf := new(bytes.Buffer), new(bytes.Buffer)
 	cmd.Stdout, cmd.Stderr = outBuf, errBuf
diff --git a/vendor/github.com/containers/storage/pkg/system/meminfo_freebsd.go b/vendor/github.com/containers/storage/pkg/system/meminfo_freebsd.go
index d66f1c5a4..46cb40291 100644
--- a/vendor/github.com/containers/storage/pkg/system/meminfo_freebsd.go
+++ b/vendor/github.com/containers/storage/pkg/system/meminfo_freebsd.go
@@ -4,6 +4,7 @@
 package system
 
 import (
+	"errors"
 	"fmt"
 	"unsafe"
 
@@ -70,7 +71,7 @@ func ReadMemInfo() (*MemInfo, error) {
 	}
 
 	if MemTotal < 0 || MemFree < 0 || SwapTotal < 0 || SwapFree < 0 {
-		return nil, fmt.Errorf("getting system memory info %w", err)
+		return nil, errors.New("getting system memory info")
 	}
 
 	meminfo := &MemInfo{}
diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go
index 6a6f21d9c..fbfb90d59 100644
--- a/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go
+++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go
@@ -5,7 +5,7 @@ package unshare
 
 // #cgo CFLAGS: -Wall
 // extern void _containers_unshare(void);
-// void __attribute__((constructor)) init(void) {
+// static void __attribute__((constructor)) init(void) {
 //   _containers_unshare();
 // }
 import "C"
diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_gccgo.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_gccgo.go
index 2f95da7d8..39bff651e 100644
--- a/vendor/github.com/containers/storage/pkg/unshare/unshare_gccgo.go
+++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_gccgo.go
@@ -4,7 +4,7 @@ package unshare
 
 // #cgo CFLAGS: -Wall -Wextra
 // extern void _containers_unshare(void);
-// void __attribute__((constructor)) init(void) {
+// static void __attribute__((constructor)) init(void) {
 //   _containers_unshare();
 // }
 import "C"
diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
index c86390bd3..b7ad1e19e 100644
--- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
+++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"os/signal"
@@ -387,10 +388,41 @@ const (
 	UsernsEnvName = "_CONTAINERS_USERNS_CONFIGURED"
 )
 
+// hasFullUsersMappings checks whether the current user namespace has all the IDs mapped.
+func hasFullUsersMappings() (bool, error) {
+	content, err := ioutil.ReadFile("/proc/self/uid_map")
+	if err != nil {
+		return false, err
+	}
+	// The kernel rejects attempts to create mappings where either starting
+	// point is (u32)-1: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c?id=af3e9579ecfb#n1006 .
+	// So, if the uid_map contains 4294967295, the entire IDs space is available in the
+	// user namespace, so it is likely the initial user namespace.
+	return bytes.Contains(content, []byte("4294967295")), nil
+}
+
 // IsRootless tells us if we are running in rootless mode
 func IsRootless() bool {
 	isRootlessOnce.Do(func() {
 		isRootless = getRootlessUID() != 0 || getenv(UsernsEnvName) != ""
+		if !isRootless {
+			hasCapSysAdmin, err := HasCapSysAdmin()
+			if err != nil {
+				logrus.Warnf("Failed to read CAP_SYS_ADMIN presence for the current process")
+			}
+			if err == nil && !hasCapSysAdmin {
+				isRootless = true
+			}
+		}
+		if !isRootless {
+			hasMappings, err := hasFullUsersMappings()
+			if err != nil {
+				logrus.Warnf("Failed to read current user namespace mappings")
+			}
+			if err == nil && !hasMappings {
+				isRootless = true
+			}
+		}
 	})
 	return isRootless
 }
diff --git a/vendor/github.com/containers/storage/storage.conf b/vendor/github.com/containers/storage/storage.conf
index e075bce13..1814b4727 100644
--- a/vendor/github.com/containers/storage/storage.conf
+++ b/vendor/github.com/containers/storage/storage.conf
@@ -1,4 +1,4 @@
-# This file is is the configuration file for all tools
+# This file is the configuration file for all tools
 # that use the containers/storage library. The storage.conf file
 # overrides all other storage.conf files. Container engines using the
 # container/storage library do not inherit fields from other storage.conf
@@ -65,7 +65,7 @@ pull_options = {enable_partial_images = "false", use_hard_links = "false", ostre
 # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
 # a container, to the UIDs/GIDs as they should appear outside of the container,
 # and the length of the range of UIDs/GIDs.  Additional mapped sets can be
-# listed and will be heeded by libraries, but there are limits to the number of
+# listed and will be needed by libraries, but there are limits to the number of
 # mappings which the kernel will allow when you later attempt to run a
 # container.
 #
@@ -150,7 +150,7 @@ mountopt = "nodev"
 #  future.  When "force_mask" is set the original permission mask is stored in
 #  the "user.containers.override_stat" xattr and the "mount_program" option must
 #  be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
-#  extended attribute permissions to processes within containers rather then the
+#  extended attribute permissions to processes within containers rather than the
 #  "force_mask"  permissions.
 #
 # force_mask = ""
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index 8297d3c2c..afcf8ee70 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -410,7 +410,7 @@ type Store interface {
 	SetImageBigData(id, key string, data []byte, digestManifest func([]byte) (digest.Digest, error)) error
 
 	// ListLayerBigData retrieves a list of the (possibly large) chunks of
-	// named data associated with an layer.
+	// named data associated with a layer.
 	ListLayerBigData(id string) ([]string, error)
 
 	// LayerBigData retrieves a (possibly large) chunk of named data
diff --git a/vendor/github.com/cyphar/filepath-securejoin/go.mod b/vendor/github.com/cyphar/filepath-securejoin/go.mod
deleted file mode 100644
index 0607c1fa0..000000000
--- a/vendor/github.com/cyphar/filepath-securejoin/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/cyphar/filepath-securejoin
-
-go 1.13
diff --git a/vendor/github.com/digitalocean/go-libvirt/go.mod b/vendor/github.com/digitalocean/go-libvirt/go.mod
deleted file mode 100644
index b0957576a..000000000
--- a/vendor/github.com/digitalocean/go-libvirt/go.mod
+++ /dev/null
@@ -1,9 +0,0 @@
-module github.com/digitalocean/go-libvirt
-
-go 1.14
-
-require (
-	github.com/stretchr/testify v1.6.1
-	golang.org/x/net v0.0.0-20200625001655-4c5254603344
-	golang.org/x/tools v0.0.0-20200711155855-7342f9734a7d
-)
diff --git a/vendor/github.com/digitalocean/go-libvirt/go.sum b/vendor/github.com/digitalocean/go-libvirt/go.sum
deleted file mode 100644
index a213b4803..000000000
--- a/vendor/github.com/digitalocean/go-libvirt/go.sum
+++ /dev/null
@@ -1,35 +0,0 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200711155855-7342f9734a7d h1:F3OmlXCzYtG9YE6tXDnUOlJBzVzHF8EcmZ1yTJlcgIk=
-golang.org/x/tools v0.0.0-20200711155855-7342f9734a7d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/vendor/github.com/disiqueira/gotree/v3/go.mod b/vendor/github.com/disiqueira/gotree/v3/go.mod
deleted file mode 100644
index 7e17c637e..000000000
--- a/vendor/github.com/disiqueira/gotree/v3/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/disiqueira/gotree/v3
-
-go 1.13
diff --git a/vendor/github.com/docker/distribution/.gitignore b/vendor/github.com/docker/distribution/.gitignore
deleted file mode 100644
index 4cf7888e9..000000000
--- a/vendor/github.com/docker/distribution/.gitignore
+++ /dev/null
@@ -1,38 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
-
-# never checkin from the bin file (for now)
-bin/*
-
-# Test key files
-*.pem
-
-# Cover profiles
-*.out
-
-# Editor/IDE specific files.
-*.sublime-project
-*.sublime-workspace
-.idea/*
diff --git a/vendor/github.com/docker/distribution/.golangci.yml b/vendor/github.com/docker/distribution/.golangci.yml
deleted file mode 100644
index 1ba6cb916..000000000
--- a/vendor/github.com/docker/distribution/.golangci.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-linters:
-  enable:
-    - structcheck
-    - varcheck
-    - staticcheck
-    - unconvert
-    - gofmt
-    - goimports
-    - golint
-    - ineffassign
-    - vet
-    - unused
-    - misspell
-  disable:
-    - errcheck
-
-run:
-  deadline: 2m
-  skip-dirs:
-    - vendor
diff --git a/vendor/github.com/docker/distribution/.mailmap b/vendor/github.com/docker/distribution/.mailmap
deleted file mode 100644
index 8f3738f3d..000000000
--- a/vendor/github.com/docker/distribution/.mailmap
+++ /dev/null
@@ -1,49 +0,0 @@
-Stephen J Day <stephen.day@docker.com> Stephen Day <stevvooe@users.noreply.github.com>
-Stephen J Day <stephen.day@docker.com> Stephen Day <stevvooe@gmail.com>
-Olivier Gambier <olivier@docker.com> Olivier Gambier <dmp42@users.noreply.github.com>
-Brian Bland <brian.bland@docker.com> Brian Bland <r4nd0m1n4t0r@gmail.com>
-Brian Bland <brian.bland@docker.com> Brian Bland <brian.t.bland@gmail.com>
-Josh Hawn <josh.hawn@docker.com> Josh Hawn <jlhawn@berkeley.edu>
-Richard Scothern <richard.scothern@docker.com> Richard <richard.scothern@gmail.com>
-Richard Scothern <richard.scothern@docker.com> Richard Scothern <richard.scothern@gmail.com>
-Andrew Meredith <andymeredith@gmail.com> Andrew Meredith <kendru@users.noreply.github.com>
-harche <p.harshal@gmail.com> harche <harche@users.noreply.github.com>
-Jessie Frazelle <jessie@docker.com>  <jfrazelle@users.noreply.github.com>
-Sharif Nassar <sharif@mrwacky.com> Sharif Nassar <mrwacky42@users.noreply.github.com>
-Sven Dowideit <SvenDowideit@home.org.au> Sven Dowideit <SvenDowideit@users.noreply.github.com>
-Vincent Giersch <vincent.giersch@ovh.net> Vincent Giersch <vincent@giersch.fr>
-davidli <wenquan.li@hp.com> davidli <wenquan.li@hpe.com>
-Omer Cohen <git@omer.io> Omer Cohen <git@omerc.net>
-Eric Yang <windfarer@gmail.com> Eric Yang <Windfarer@users.noreply.github.com>
-Nikita Tarasov <nikita@mygento.ru> Nikita <luckyraul@users.noreply.github.com>
-Yu Wang <yuwa@microsoft.com> yuwaMSFT2 <yuwa@microsoft.com>
-Yu Wang <yuwa@microsoft.com> Yu Wang (UC) <yuwa@microsoft.com>
-Olivier Gambier <olivier@docker.com> dmp <dmp@loaner.local>
-Olivier Gambier <olivier@docker.com> Olivier <o+github@gambier.email>
-Olivier Gambier <olivier@docker.com> Olivier <dmp42@users.noreply.github.com>
-Elsan Li �楠 <elsanli@tencent.com> elsanli(�楠) <elsanli@tencent.com>
-Rui Cao <ruicao@alauda.io> ruicao <ruicao@alauda.io>
-Gwendolynne Barr <gwendolynne.barr@docker.com> gbarr01 <gwendolynne.barr@docker.com>
-Haibing Zhou 周海兵 <zhouhaibing089@gmail.com> zhouhaibing089 <zhouhaibing089@gmail.com>
-Feng Honglin <tifayuki@gmail.com> tifayuki <tifayuki@gmail.com>
-Helen Xie <xieyulin821@harmonycloud.cn> Helen-xie <xieyulin821@harmonycloud.cn>
-Mike Brown <brownwm@us.ibm.com> Mike Brown <mikebrow@users.noreply.github.com>
-Manish Tomar <manish.tomar@docker.com> Manish Tomar <manishtomar@users.noreply.github.com>
-Sakeven Jiang <jc5930@sina.cn> sakeven <jc5930@sina.cn>
-Milos Gajdos <milosgajdos83@gmail.com> Milos Gajdos <milosgajdos@users.noreply.github.com>
-Derek McGowan <derek@mcgstyle.net> Derek McGowa <dmcgowan@users.noreply.github.com>
-Adrian Plata <adrian.plata@docker.com> Adrian Plata <@users.noreply.github.com>
-Sebastiaan van Stijn <github@gone.nl> Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
-Vishesh Jindal <vishesh92@gmail.com> Vishesh Jindal <vishesh92@users.noreply.github.com>
-Wang Yan <wangyan@vmware.com> Wang Yan <wy65701436@users.noreply.github.com>
-Chris Patterson <chrispat@github.com> Chris Patterson <chrispat@users.noreply.github.com>
-Eohyung Lee <liquidnuker@gmail.com> Eohyung Lee <leoh0@users.noreply.github.com>
-João Pereira <484633+joaodrp@users.noreply.github.com>
-Smasherr <soundcracker@gmail.com> Smasherr <Smasherr@users.noreply.github.com>
-Thomas Berger <loki@lokis-chaos.de> Thomas Berger <tbe@users.noreply.github.com>
-Samuel Karp <skarp@amazon.com> Samuel Karp <samuelkarp@users.noreply.github.com>
-Justin Cormack <justin.cormack@docker.com>
-sayboras <sayboras@yahoo.com>
-CrazyMax <github@crazymax.dev>
-CrazyMax <github@crazymax.dev> <1951866+crazy-max@users.noreply.github.com>
-CrazyMax <github@crazymax.dev> <crazy-max@users.noreply.github.com>
diff --git a/vendor/github.com/docker/distribution/BUILDING.md b/vendor/github.com/docker/distribution/BUILDING.md
deleted file mode 100644
index 2981d016b..000000000
--- a/vendor/github.com/docker/distribution/BUILDING.md
+++ /dev/null
@@ -1,117 +0,0 @@
-
-# Building the registry source
-
-## Use-case
-
-This is useful if you intend to actively work on the registry.
-
-### Alternatives
-
-Most people should use the [official Registry docker image](https://hub.docker.com/r/library/registry/).
-
-People looking for advanced operational use cases might consider rolling their own image with a custom Dockerfile inheriting `FROM registry:2`.
-
-OS X users who want to run natively can do so following [the instructions here](https://github.com/docker/docker.github.io/blob/master/registry/recipes/osx-setup-guide.md).
-
-### Gotchas
-
-You are expected to know your way around with go & git.
-
-If you are a casual user with no development experience, and no preliminary knowledge of go, building from source is probably not a good solution for you.
-
-## Build the development environment
-
-The first prerequisite of properly building distribution targets is to have a Go
-development environment setup. Please follow [How to Write Go Code](https://golang.org/doc/code.html)
-for proper setup. If done correctly, you should have a GOROOT and GOPATH set in the
-environment.
-
-If a Go development environment is setup, one can use `go get` to install the
-`registry` command from the current latest:
-
-    go get github.com/docker/distribution/cmd/registry
-
-The above will install the source repository into the `GOPATH`.
-
-Now create the directory for the registry data (this might require you to set permissions properly)
-
-    mkdir -p /var/lib/registry
-
-... or alternatively `export REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere` if you want to store data into another location.
-
-The `registry`
-binary can then be run with the following:
-
-    $ $GOPATH/bin/registry --version
-    $GOPATH/bin/registry github.com/docker/distribution v2.0.0-alpha.1+unknown
-
-> __NOTE:__ While you do not need to use `go get` to checkout the distribution
-> project, for these build instructions to work, the project must be checked
-> out in the correct location in the `GOPATH`. This should almost always be
-> `$GOPATH/src/github.com/docker/distribution`.
-
-The registry can be run with the default config using the following
-incantation:
-
-    $ $GOPATH/bin/registry serve $GOPATH/src/github.com/docker/distribution/cmd/registry/config-example.yml
-    INFO[0000] endpoint local-5003 disabled, skipping        app.id=34bbec38-a91a-494a-9a3f-b72f9010081f version=v2.0.0-alpha.1+unknown
-    INFO[0000] endpoint local-8083 disabled, skipping        app.id=34bbec38-a91a-494a-9a3f-b72f9010081f version=v2.0.0-alpha.1+unknown
-    INFO[0000] listening on :5000                            app.id=34bbec38-a91a-494a-9a3f-b72f9010081f version=v2.0.0-alpha.1+unknown
-    INFO[0000] debug server listening localhost:5001
-
-If it is working, one should see the above log messages.
-
-### Repeatable Builds
-
-For the full development experience, one should `cd` into
-`$GOPATH/src/github.com/docker/distribution`. From there, the regular `go`
-commands, such as `go test`, should work per package (please see
-[Developing](#developing) if they don't work).
-
-A `Makefile` has been provided as a convenience to support repeatable builds.
-Please install the following into `GOPATH` for it to work:
-
-    go get github.com/golang/lint/golint
-
-Once these commands are available in the `GOPATH`, run `make` to get a full
-build:
-
-    $ make
-    + clean
-    + fmt
-    + vet
-    + lint
-    + build
-    github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar
-    github.com/sirupsen/logrus
-    github.com/docker/libtrust
-    ...
-    github.com/yvasiyarov/gorelic
-    github.com/docker/distribution/registry/handlers
-    github.com/docker/distribution/cmd/registry
-    + test
-    ...
-    ok    github.com/docker/distribution/digest 7.875s
-    ok    github.com/docker/distribution/manifest 0.028s
-    ok    github.com/docker/distribution/notifications  17.322s
-    ?     github.com/docker/distribution/registry [no test files]
-    ok    github.com/docker/distribution/registry/api/v2  0.101s
-    ?     github.com/docker/distribution/registry/auth  [no test files]
-    ok    github.com/docker/distribution/registry/auth/silly  0.011s
-    ...
-    + /Users/sday/go/src/github.com/docker/distribution/bin/registry
-    + /Users/sday/go/src/github.com/docker/distribution/bin/registry-api-descriptor-template
-    + binaries
-
-The above provides a repeatable build using the contents of the vendor
-directory. This includes formatting, vetting, linting, building,
-testing and generating tagged binaries. We can verify this worked by running
-the registry binary generated in the "./bin" directory:
-
-    $ ./bin/registry --version
-    ./bin/registry github.com/docker/distribution v2.0.0-alpha.2-80-g16d8b2c.m
-
-### Optional build tags
-
-Optional [build tags](http://golang.org/pkg/go/build/) can be provided using
-the environment variable `DOCKER_BUILDTAGS`.
diff --git a/vendor/github.com/docker/distribution/CONTRIBUTING.md b/vendor/github.com/docker/distribution/CONTRIBUTING.md
deleted file mode 100644
index 4c067d9e7..000000000
--- a/vendor/github.com/docker/distribution/CONTRIBUTING.md
+++ /dev/null
@@ -1,148 +0,0 @@
-# Contributing to the registry
-
-## Before reporting an issue...
-
-### If your problem is with...
-
- - automated builds
- - your account on the [Docker Hub](https://hub.docker.com/)
- - any other [Docker Hub](https://hub.docker.com/) issue
-
-Then please do not report your issue here - you should instead report it to [https://support.docker.com](https://support.docker.com)
-
-### If you...
-
- - need help setting up your registry
- - can't figure out something
- - are not sure what's going on or what your problem is
-
-Then please do not open an issue here yet - you should first try one of the following support forums:
-
- - irc: #docker-distribution on freenode
- - mailing-list: <distribution@dockerproject.org> or https://groups.google.com/a/dockerproject.org/forum/#!forum/distribution
-
-### Reporting security issues
-
-The Docker maintainers take security seriously. If you discover a security
-issue, please bring it to their attention right away!
-
-Please **DO NOT** file a public issue, instead send your report privately to
-[security@docker.com](mailto:security@docker.com).
-
-## Reporting an issue properly
-
-By following these simple rules you will get better and faster feedback on your issue.
-
- - search the bugtracker for an already reported issue
-
-### If you found an issue that describes your problem:
-
- - please read other user comments first, and confirm this is the same issue: a given error condition might be indicative of different problems - you may also find a workaround in the comments
- - please refrain from adding "same thing here" or "+1" comments
- - you don't need to comment on an issue to get notified of updates: just hit the "subscribe" button
- - comment if you have some new, technical and relevant information to add to the case
- - __DO NOT__ comment on closed issues or merged PRs. If you think you have a related problem, open up a new issue and reference the PR or issue.
-
-### If you have not found an existing issue that describes your problem:
-
- 1. create a new issue, with a succinct title that describes your issue:
-   - bad title: "It doesn't work with my docker"
-   - good title: "Private registry push fail: 400 error with E_INVALID_DIGEST"
- 2. copy the output of:
-   - `docker version`
-   - `docker info`
-   - `docker exec <registry-container> registry --version`
- 3. copy the command line you used to launch your Registry
- 4. restart your docker daemon in debug mode (add `-D` to the daemon launch arguments)
- 5. reproduce your problem and get your docker daemon logs showing the error
- 6. if relevant, copy your registry logs that show the error
- 7. provide any relevant detail about your specific Registry configuration (e.g., storage backend used)
- 8. indicate if you are using an enterprise proxy, Nginx, or anything else between you and your Registry
-
-## Contributing a patch for a known bug, or a small correction
-
-You should follow the basic GitHub workflow:
-
- 1. fork
- 2. commit a change
- 3. make sure the tests pass
- 4. PR
-
-Additionally, you must [sign your commits](https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work). It's very simple:
-
- - configure your name with git: `git config user.name "Real Name" && git config user.email mail@example.com`
- - sign your commits using `-s`: `git commit -s -m "My commit"`
-
-Some simple rules to ensure quick merge:
-
- - clearly point to the issue(s) you want to fix in your PR comment (e.g., `closes #12345`)
- - prefer multiple (smaller) PRs addressing individual issues over a big one trying to address multiple issues at once
- - if you need to amend your PR following comments, please squash instead of adding more commits
-
-## Contributing new features
-
-You are heavily encouraged to first discuss what you want to do. You can do so on the irc channel, or by opening an issue that clearly describes the use case you want to fulfill, or the problem you are trying to solve.
-
-If this is a major new feature, you should then submit a proposal that describes your technical solution and reasoning.
-If you did discuss it first, this will likely be greenlighted very fast. It's advisable to address all feedback on this proposal before starting actual work.
-
-Then you should submit your implementation, clearly linking to the issue (and possible proposal).
-
-Your PR will be reviewed by the community, then ultimately by the project maintainers, before being merged.
-
-It's mandatory to:
-
- - interact respectfully with other community members and maintainers - more generally, you are expected to abide by the [Docker community rules](https://github.com/docker/docker/blob/master/CONTRIBUTING.md#docker-community-guidelines)
- - address maintainers' comments and modify your submission accordingly
- - write tests for any new code
-
-Complying to these simple rules will greatly accelerate the review process, and will ensure you have a pleasant experience in contributing code to the Registry.
-
-Have a look at a great, successful contribution: the [Swift driver PR](https://github.com/docker/distribution/pull/493)
-
-## Coding Style
-
-Unless explicitly stated, we follow all coding guidelines from the Go
-community. While some of these standards may seem arbitrary, they somehow seem
-to result in a solid, consistent codebase.
-
-It is possible that the code base does not currently comply with these
-guidelines. We are not looking for a massive PR that fixes this, since that
-goes against the spirit of the guidelines. All new contributions should make a
-best effort to clean up and make the code base better than they left it.
-Obviously, apply your best judgement. Remember, the goal here is to make the
-code base easier for humans to navigate and understand. Always keep that in
-mind when nudging others to comply.
-
-The rules:
-
-1. All code should be formatted with `gofmt -s`.
-2. All code should pass the default levels of
-   [`golint`](https://github.com/golang/lint).
-3. All code should follow the guidelines covered in [Effective
-   Go](http://golang.org/doc/effective_go.html) and [Go Code Review
-   Comments](https://github.com/golang/go/wiki/CodeReviewComments).
-4. Comment the code. Tell us the why, the history and the context.
-5. Document _all_ declarations and methods, even private ones. Declare
-   expectations, caveats and anything else that may be important. If a type
-   gets exported, having the comments already there will ensure it's ready.
-6. Variable name length should be proportional to its context and no longer.
-   `noCommaALongVariableNameLikeThisIsNotMoreClearWhenASimpleCommentWouldDo`.
-   In practice, short methods will have short variable names and globals will
-   have longer names.
-7. No underscores in package names. If you need a compound name, step back,
-   and re-examine why you need a compound name. If you still think you need a
-   compound name, lose the underscore.
-8. No utils or helpers packages. If a function is not general enough to
-   warrant its own package, it has not been written generally enough to be a
-   part of a util package. Just leave it unexported and well-documented.
-9. All tests should run with `go test` and outside tooling should not be
-   required. No, we don't need another unit testing framework. Assertion
-   packages are acceptable if they provide _real_ incremental value.
-10. Even though we call these "rules" above, they are actually just
-    guidelines. Since you've read all the rules, you now know that.
-
-If you are having trouble getting into the mood of idiomatic Go, we recommend
-reading through [Effective Go](http://golang.org/doc/effective_go.html). The
-[Go Blog](http://blog.golang.org/) is also a great resource. Drinking the
-kool-aid is a lot easier than going thirsty.
diff --git a/vendor/github.com/docker/distribution/Dockerfile b/vendor/github.com/docker/distribution/Dockerfile
deleted file mode 100644
index ae8c040c7..000000000
--- a/vendor/github.com/docker/distribution/Dockerfile
+++ /dev/null
@@ -1,50 +0,0 @@
-# syntax=docker/dockerfile:1.3
-
-ARG GO_VERSION=1.16.15
-ARG GORELEASER_XX_VERSION=1.2.5
-
-FROM --platform=$BUILDPLATFORM crazymax/goreleaser-xx:${GORELEASER_XX_VERSION} AS goreleaser-xx
-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS base
-COPY --from=goreleaser-xx / /
-RUN apk add --no-cache file git
-WORKDIR /go/src/github.com/docker/distribution
-
-FROM base AS build
-ENV GO111MODULE=auto
-ENV CGO_ENABLED=0
-# GIT_REF is used by goreleaser-xx to handle the proper git ref when available.
-# It will fallback to the working tree info if empty and use "git tag --points-at"
-# or "git describe" to define the version info.
-ARG GIT_REF
-ARG TARGETPLATFORM
-ARG PKG="github.com/distribution/distribution"
-ARG BUILDTAGS="include_oss include_gcs"
-RUN --mount=type=bind,rw \
-  --mount=type=cache,target=/root/.cache/go-build \
-  --mount=target=/go/pkg/mod,type=cache \
-  goreleaser-xx --debug \
-    --name="registry" \
-    --dist="/out" \
-    --main="./cmd/registry" \
-    --flags="-v" \
-    --ldflags="-s -w -X '$PKG/version.Version={{.Version}}' -X '$PKG/version.Revision={{.Commit}}' -X '$PKG/version.Package=$PKG'" \
-    --tags="$BUILDTAGS" \
-    --files="LICENSE" \
-    --files="README.md"
-
-FROM scratch AS artifact
-COPY --from=build /out/*.tar.gz /
-COPY --from=build /out/*.zip /
-COPY --from=build /out/*.sha256 /
-
-FROM scratch AS binary
-COPY --from=build /usr/local/bin/registry* /
-
-FROM alpine:3.14
-RUN apk add --no-cache ca-certificates
-COPY cmd/registry/config-dev.yml /etc/docker/registry/config.yml
-COPY --from=build /usr/local/bin/registry /bin/registry
-VOLUME ["/var/lib/registry"]
-EXPOSE 5000
-ENTRYPOINT ["registry"]
-CMD ["serve", "/etc/docker/registry/config.yml"]
diff --git a/vendor/github.com/docker/distribution/MAINTAINERS b/vendor/github.com/docker/distribution/MAINTAINERS
deleted file mode 100644
index 3183620c5..000000000
--- a/vendor/github.com/docker/distribution/MAINTAINERS
+++ /dev/null
@@ -1,243 +0,0 @@
-# Distribution maintainers file
-#
-# This file describes who runs the docker/distribution project and how.
-# This is a living document - if you see something out of date or missing, speak up!
-#
-# It is structured to be consumable by both humans and programs.
-# To extract its contents programmatically, use any TOML-compliant parser.
-#
-
-[Rules]
-
-	[Rules.maintainers]
-
-	title = "What is a maintainer?"
-
-	text = """
-There are different types of maintainers, with different responsibilities, but
-all maintainers have 3 things in common:
-
-1) They share responsibility in the project's success.
-2) They have made a long-term, recurring time investment to improve the project.
-3) They spend that time doing whatever needs to be done, not necessarily what
-is the most interesting or fun.
-
-Maintainers are often under-appreciated, because their work is harder to appreciate.
-It's easy to appreciate a really cool and technically advanced feature. It's harder
-to appreciate the absence of bugs, the slow but steady improvement in stability,
-or the reliability of a release process. But those things distinguish a good
-project from a great one.
-"""
-
-	[Rules.reviewer]
-
-	title = "What is a reviewer?"
-
-	text = """
-A reviewer is a core role within the project.
-They share in reviewing issues and pull requests and their LGTM count towards the
-required LGTM count to merge a code change into the project.
-
-Reviewers are part of the organization but do not have write access.
-Becoming a reviewer is a core aspect in the journey to becoming a maintainer.
-"""
-
-	[Rules.adding-maintainers]
-
-	title = "How are maintainers added?"
-
-	text = """
-Maintainers are first and foremost contributors that have shown they are
-committed to the long term success of a project. Contributors wanting to become
-maintainers are expected to be deeply involved in contributing code, pull
-request review, and triage of issues in the project for more than three months.
-
-Just contributing does not make you a maintainer, it is about building trust
-with the current maintainers of the project and being a person that they can
-depend on and trust to make decisions in the best interest of the project.
-
-Periodically, the existing maintainers curate a list of contributors that have
-shown regular activity on the project over the prior months. From this list,
-maintainer candidates are selected and proposed on the maintainers mailing list.
-
-After a candidate has been announced on the maintainers mailing list, the
-existing maintainers are given five business days to discuss the candidate,
-raise objections and cast their vote. Candidates must be approved by at least 66% of the current maintainers by adding their vote on the mailing
-list. Only maintainers of the repository that the candidate is proposed for are
-allowed to vote.
-
-If a candidate is approved, a maintainer will contact the candidate to invite
-the candidate to open a pull request that adds the contributor to the
-MAINTAINERS file. The candidate becomes a maintainer once the pull request is
-merged.
-"""
-
-	[Rules.stepping-down-policy]
-
-	title = "Stepping down policy"
-
-	text = """
-Life priorities, interests, and passions can change. If you're a maintainer but
-feel you must remove yourself from the list, inform other maintainers that you
-intend to step down, and if possible, help find someone to pick up your work.
-At the very least, ensure your work can be continued where you left off.
-
-After you've informed other maintainers, create a pull request to remove
-yourself from the MAINTAINERS file.
-"""
-
-	[Rules.inactive-maintainers]
-
-	title = "Removal of inactive maintainers"
-
-	text = """
-Similar to the procedure for adding new maintainers, existing maintainers can
-be removed from the list if they do not show significant activity on the
-project. Periodically, the maintainers review the list of maintainers and their
-activity over the last three months.
-
-If a maintainer has shown insufficient activity over this period, a neutral
-person will contact the maintainer to ask if they want to continue being
-a maintainer. If the maintainer decides to step down as a maintainer, they
-open a pull request to be removed from the MAINTAINERS file.
-
-If the maintainer wants to remain a maintainer, but is unable to perform the
-required duties they can be removed with a vote of at least 66% of
-the current maintainers. An e-mail is sent to the
-mailing list, inviting maintainers of the project to vote. The voting period is
-five business days. Issues related to a maintainer's performance should be
-discussed with them among the other maintainers so that they are not surprised
-by a pull request removing them.
-"""
-
-	[Rules.decisions]
-
-	title = "How are decisions made?"
-
-	text = """
-Short answer: EVERYTHING IS A PULL REQUEST.
-
-distribution is an open-source project with an open design philosophy. This means
-that the repository is the source of truth for EVERY aspect of the project,
-including its philosophy, design, road map, and APIs. *If it's part of the
-project, it's in the repo. If it's in the repo, it's part of the project.*
-
-As a result, all decisions can be expressed as changes to the repository. An
-implementation change is a change to the source code. An API change is a change
-to the API specification. A philosophy change is a change to the philosophy
-manifesto, and so on.
-
-All decisions affecting distribution, big and small, follow the same 3 steps:
-
-* Step 1: Open a pull request. Anyone can do this.
-
-* Step 2: Discuss the pull request. Anyone can do this.
-
-* Step 3: Merge or refuse the pull request. Who does this depends on the nature
-of the pull request and which areas of the project it affects.
-"""
-
-	[Rules.DCO]
-
-	title = "Helping contributors with the DCO"
-
-	text = """
-The [DCO or `Sign your work`](
-https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work)
-requirement is not intended as a roadblock or speed bump.
-
-Some distribution contributors are not as familiar with `git`, or have used a web
-based editor, and thus asking them to `git commit --amend -s` is not the best
-way forward.
-
-In this case, maintainers can update the commits based on clause (c) of the DCO.
-The most trivial way for a contributor to allow the maintainer to do this, is to
-add a DCO signature in a pull requests's comment, or a maintainer can simply
-note that the change is sufficiently trivial that it does not substantially
-change the existing contribution - i.e., a spelling change.
-
-When you add someone's DCO, please also add your own to keep a log.
-"""
-
-	[Rules."no direct push"]
-
-	title = "I'm a maintainer. Should I make pull requests too?"
-
-	text = """
-Yes. Nobody should ever push to master directly. All changes should be
-made through a pull request.
-"""
-
-	[Rules.tsc]
-
-	title = "Conflict Resolution and technical disputes"
-
-	text = """
-distribution defers to the [Technical Steering Committee](https://github.com/moby/tsc) for escalations and resolution on disputes for technical matters."
-	"""
-
-	[Rules.meta]
-
-	title = "How is this process changed?"
-
-	text = "Just like everything else: by making a pull request :)"
-
-# Current project organization
-[Org]
-
-	[Org.Maintainers]
-		people = [
-			"dmcgowan",
-			"dmp42",
-			"stevvooe",
-		]
-	[Org.Reviewers]
-		people = [
-			"manishtomar",
-			"caervs",
-			"davidswu",
-			"RobbKistler"
-		]
-
-[people]
-
-# A reference list of all people associated with the project.
-# All other sections should refer to people by their canonical key
-# in the people section.
-
-	# ADD YOURSELF HERE IN ALPHABETICAL ORDER
-
-	[people.caervs]
-	Name = "Ryan Abrams"
-	Email = "rdabrams@gmail.com"
-	GitHub = "caervs"
-
-	[people.davidswu]
-	Name = "David Wu"
-	Email = "dwu7401@gmail.com"
-	GitHub = "davidswu"
-
-	[people.dmcgowan]
-	Name = "Derek McGowan"
-	Email = "derek@mcgstyle.net"
-	GitHub = "dmcgowan"
-
-	[people.dmp42]
-	Name = "Olivier Gambier"
-	Email = "olivier@docker.com"
-	GitHub = "dmp42"
-
-	[people.manishtomar]
-	Name = "Manish Tomar"
-	Email = "manish.tomar@docker.com"
-	GitHub = "manishtomar"
-
-	[people.RobbKistler]
-	Name = "Robb Kistler"
-	Email = "robb.kistler@docker.com"
-	GitHub = "RobbKistler"
-
-	[people.stevvooe]
-	Name = "Stephen Day"
-	Email = "stephen.day@docker.com"
-	GitHub = "stevvooe"
diff --git a/vendor/github.com/docker/distribution/Makefile b/vendor/github.com/docker/distribution/Makefile
deleted file mode 100644
index 331da2732..000000000
--- a/vendor/github.com/docker/distribution/Makefile
+++ /dev/null
@@ -1,102 +0,0 @@
-# Root directory of the project (absolute path).
-ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))
-
-# Used to populate version variable in main package.
-VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
-REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)
-
-
-PKG=github.com/docker/distribution
-
-# Project packages.
-PACKAGES=$(shell go list -tags "${BUILDTAGS}" ./... | grep -v /vendor/)
-INTEGRATION_PACKAGE=${PKG}
-COVERAGE_PACKAGES=$(filter-out ${PKG}/registry/storage/driver/%,${PACKAGES})
-
-
-# Project binaries.
-COMMANDS=registry digest registry-api-descriptor-template
-
-# Allow turning off function inlining and variable registerization
-ifeq (${DISABLE_OPTIMIZATION},true)
-	GO_GCFLAGS=-gcflags "-N -l"
-	VERSION:="$(VERSION)-noopt"
-endif
-
-WHALE = "+"
-
-# Go files
-#
-TESTFLAGS_RACE=
-GOFILES=$(shell find . -type f -name '*.go')
-GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",)
-GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) $(EXTRA_LDFLAGS)'
-
-BINARIES=$(addprefix bin/,$(COMMANDS))
-
-# Flags passed to `go test`
-TESTFLAGS ?= -v $(TESTFLAGS_RACE)
-TESTFLAGS_PARALLEL ?= 8
-
-.PHONY: all build binaries check clean test test-race test-full integration coverage
-.DEFAULT: all
-
-all: binaries
-
-# This only needs to be generated by hand when cutting full releases.
-version/version.go:
-	@echo "$(WHALE) $@"
-	./version/version.sh > $@
-
-check: ## run all linters (TODO: enable "unused", "varcheck", "ineffassign", "unconvert", "staticheck", "goimports", "structcheck")
-	@echo "$(WHALE) $@"
-	golangci-lint run
-
-test: ## run tests, except integration test with test.short
-	@echo "$(WHALE) $@"
-	@go test ${GO_TAGS} -test.short ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES})
-
-test-race: ## run tests, except integration test with test.short and race
-	@echo "$(WHALE) $@"
-	@go test ${GO_TAGS} -race -test.short ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES})
-
-test-full: ## run tests, except integration tests
-	@echo "$(WHALE) $@"
-	@go test ${GO_TAGS} ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES})
-
-integration: ## run integration tests
-	@echo "$(WHALE) $@"
-	@go test ${TESTFLAGS} -parallel ${TESTFLAGS_PARALLEL} ${INTEGRATION_PACKAGE}
-
-coverage: ## generate coverprofiles from the unit tests
-	@echo "$(WHALE) $@"
-	@rm -f coverage.txt
-	@go test ${GO_TAGS} -i ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${COVERAGE_PACKAGES}) 2> /dev/null
-	@( for pkg in $(filter-out ${INTEGRATION_PACKAGE},${COVERAGE_PACKAGES}); do \
-		go test ${GO_TAGS} ${TESTFLAGS} \
-			-cover \
-			-coverprofile=profile.out \
-			-covermode=atomic $$pkg || exit; \
-		if [ -f profile.out ]; then \
-			cat profile.out >> coverage.txt; \
-			rm profile.out; \
-		fi; \
-	done )
-
-FORCE:
-
-# Build a binary from a cmd.
-bin/%: cmd/% FORCE
-	@echo "$(WHALE) $@${BINARY_SUFFIX}"
-	@go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS}  ./$<
-
-binaries: $(BINARIES) ## build binaries
-	@echo "$(WHALE) $@"
-
-build:
-	@echo "$(WHALE) $@"
-	@go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} ${GO_LDFLAGS} ${GO_TAGS} $(PACKAGES)
-
-clean: ## clean up binaries
-	@echo "$(WHALE) $@"
-	@rm -f $(BINARIES)
diff --git a/vendor/github.com/docker/distribution/README.md b/vendor/github.com/docker/distribution/README.md
deleted file mode 100644
index e513c18e9..000000000
--- a/vendor/github.com/docker/distribution/README.md
+++ /dev/null
@@ -1,130 +0,0 @@
-# Distribution
-
-The Docker toolset to pack, ship, store, and deliver content.
-
-This repository provides the Docker Registry 2.0 implementation
-for storing and distributing Docker images. It supersedes the
-[docker/docker-registry](https://github.com/docker/docker-registry)
-project with a new API design, focused around security and performance.
-
-<img src="https://www.docker.com/sites/default/files/oyster-registry-3.png" width=200px/>
-
-[![Circle CI](https://circleci.com/gh/docker/distribution/tree/master.svg?style=svg)](https://circleci.com/gh/docker/distribution/tree/master)
-[![GoDoc](https://godoc.org/github.com/docker/distribution?status.svg)](https://godoc.org/github.com/docker/distribution)
-
-This repository contains the following components:
-
-|**Component**       |Description                                                                                                                                                                                         |
-|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **registry**       | An implementation of the [Docker Registry HTTP API V2](docs/spec/api.md) for use with docker 1.6+.                                                                                                  |
-| **libraries**      | A rich set of libraries for interacting with distribution components. Please see [godoc](https://godoc.org/github.com/docker/distribution) for details. **Note**: These libraries are **unstable**. |
-| **specifications** | _Distribution_ related specifications are available in [docs/spec](docs/spec)                                                                                                                        |
-| **documentation**  | Docker's full documentation set is available at [docs.docker.com](https://docs.docker.com). This repository [contains the subset](docs/) related just to the registry.                                                                                                                                          |
-
-### How does this integrate with Docker engine?
-
-This project should provide an implementation to a V2 API for use in the [Docker
-core project](https://github.com/docker/docker). The API should be embeddable
-and simplify the process of securely pulling and pushing content from `docker`
-daemons.
-
-### What are the long term goals of the Distribution project?
-
-The _Distribution_ project has the further long term goal of providing a
-secure tool chain for distributing content. The specifications, APIs and tools
-should be as useful with Docker as they are without.
-
-Our goal is to design a professional grade and extensible content distribution
-system that allow users to:
-
-* Enjoy an efficient, secured and reliable way to store, manage, package and
-  exchange content
-* Hack/roll their own on top of healthy open-source components
-* Implement their own home made solution through good specs, and solid
-  extensions mechanism.
-
-## More about Registry 2.0
-
-The new registry implementation provides the following benefits:
-
-- faster push and pull
-- new, more efficient implementation
-- simplified deployment
-- pluggable storage backend
-- webhook notifications
-
-For information on upcoming functionality, please see [ROADMAP.md](ROADMAP.md).
-
-### Who needs to deploy a registry?
-
-By default, Docker users pull images from Docker's public registry instance.
-[Installing Docker](https://docs.docker.com/engine/installation/) gives users this
-ability. Users can also push images to a repository on Docker's public registry,
-if they have a [Docker Hub](https://hub.docker.com/) account.
-
-For some users and even companies, this default behavior is sufficient. For
-others, it is not.
-
-For example, users with their own software products may want to maintain a
-registry for private, company images. Also, you may wish to deploy your own
-image repository for images used to test or in continuous integration. For these
-use cases and others, [deploying your own registry instance](https://github.com/docker/docker.github.io/blob/master/registry/deploying.md)
-may be the better choice.
-
-### Migration to Registry 2.0
-
-For those who have previously deployed their own registry based on the Registry
-1.0 implementation and wish to deploy a Registry 2.0 while retaining images,
-data migration is required. A tool to assist with migration efforts has been
-created. For more information see [docker/migrator](https://github.com/docker/migrator).
-
-## Contribute
-
-Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute
-issues, fixes, and patches to this project. If you are contributing code, see
-the instructions for [building a development environment](BUILDING.md).
-
-## Support
-
-If any issues are encountered while using the _Distribution_ project, several
-avenues are available for support:
-
-<table>
-<tr>
-	<th align="left">
-	IRC
-	</th>
-	<td>
-	#docker-distribution on FreeNode
-	</td>
-</tr>
-<tr>
-	<th align="left">
-	Issue Tracker
-	</th>
-	<td>
-	github.com/docker/distribution/issues
-	</td>
-</tr>
-<tr>
-	<th align="left">
-	Google Groups
-	</th>
-	<td>
-	https://groups.google.com/a/dockerproject.org/forum/#!forum/distribution
-	</td>
-</tr>
-<tr>
-	<th align="left">
-	Mailing List
-	</th>
-	<td>
-	docker@dockerproject.org
-	</td>
-</tr>
-</table>
-
-
-## License
-
-This project is distributed under [Apache License, Version 2.0](LICENSE).
diff --git a/vendor/github.com/docker/distribution/ROADMAP.md b/vendor/github.com/docker/distribution/ROADMAP.md
deleted file mode 100644
index 701127afe..000000000
--- a/vendor/github.com/docker/distribution/ROADMAP.md
+++ /dev/null
@@ -1,267 +0,0 @@
-# Roadmap
-
-The Distribution Project consists of several components, some of which are
-still being defined. This document defines the high-level goals of the
-project, identifies the current components, and defines the release-
-relationship to the Docker Platform.
-
-* [Distribution Goals](#distribution-goals)
-* [Distribution Components](#distribution-components)
-* [Project Planning](#project-planning): release-relationship to the Docker Platform.
-
-This road map is a living document, providing an overview of the goals and
-considerations made in respect of the future of the project.
-
-## Distribution Goals
-
-- Replace the existing [docker registry](github.com/docker/docker-registry)
-  implementation as the primary implementation.
-- Replace the existing push and pull code in the docker engine with the
-  distribution package.
-- Define a strong data model for distributing docker images
-- Provide a flexible distribution tool kit for use in the docker platform
-- Unlock new distribution models
-
-## Distribution Components
-
-Components of the Distribution Project are managed via github [milestones](https://github.com/docker/distribution/milestones). Upcoming
-features and bugfixes for a component will be added to the relevant milestone. If a feature or
-bugfix is not part of a milestone, it is currently unscheduled for
-implementation. 
-
-* [Registry](#registry)
-* [Distribution Package](#distribution-package)
-
-***
-
-### Registry
-
-The new Docker registry is the main portion of the distribution repository.
-Registry 2.0 is the first release of the next-generation registry. This was
-primarily focused on implementing the [new registry
-API](https://github.com/docker/distribution/blob/master/docs/spec/api.md),
-with a focus on security and performance. 
-
-Following from the Distribution project goals above, we have a set of goals
-for registry v2 that we would like to follow in the design. New features
-should be compared against these goals.
-
-#### Data Storage and Distribution First
-
-The registry's first goal is to provide a reliable, consistent storage
-location for Docker images. The registry should only provide the minimal
-amount of indexing required to fetch image data and no more.
-
-This means we should be selective in new features and API additions, including
-those that may require expensive, ever growing indexes. Requests should be
-servable in "constant time".
-
-#### Content Addressability
-
-All data objects used in the registry API should be content addressable.
-Content identifiers should be secure and verifiable. This provides a secure,
-reliable base from which to build more advanced content distribution systems.
-
-#### Content Agnostic
-
-In the past, changes to the image format would require large changes in Docker
-and the Registry. By decoupling the distribution and image format, we can
-allow the formats to progress without having to coordinate between the two.
-This means that we should be focused on decoupling Docker from the registry
-just as much as decoupling the registry from Docker. Such an approach will
-allow us to unlock new distribution models that haven't been possible before.
-
-We can take this further by saying that the new registry should be content
-agnostic. The registry provides a model of names, tags, manifests and content
-addresses and that model can be used to work with content.
-
-#### Simplicity
-
-The new registry should be closer to a microservice component than its
-predecessor. This means it should have a narrower API and a low number of
-service dependencies. It should be easy to deploy.
-
-This means that other solutions should be explored before changing the API or
-adding extra dependencies. If functionality is required, can it be added as an
-extension or companion service.
-
-#### Extensibility
-
-The registry should provide extension points to add functionality. By keeping
-the scope narrow, but providing the ability to add functionality.
-
-Features like search, indexing, synchronization and registry explorers fall
-into this category. No such feature should be added unless we've found it
-impossible to do through an extension.
-
-#### Active Feature Discussions
-
-The following are feature discussions that are currently active.
-
-If you don't see your favorite, unimplemented feature, feel free to contact us
-via IRC or the mailing list and we can talk about adding it. The goal here is
-to make sure that new features go through a rigid design process before
-landing in the registry.
-
-##### Proxying to other Registries
-
-A _pull-through caching_ mode exists for the registry, but is restricted from 
-within the docker client to only mirror the official Docker Hub.  This functionality
-can be expanded when image provenance has been specified and implemented in the 
-distribution project.
-
-##### Metadata storage
-
-Metadata for the registry is currently stored with the manifest and layer data on
-the storage backend.  While this is a big win for simplicity and reliably maintaining
-state, it comes with the cost of consistency and high latency.  The mutable registry
-metadata operations should be abstracted behind an API which will allow ACID compliant
-storage systems to handle metadata.
-
-##### Peer to Peer transfer
-
-Discussion has started here: https://docs.google.com/document/d/1rYDpSpJiQWmCQy8Cuiaa3NH-Co33oK_SC9HeXYo87QA/edit
-
-##### Indexing, Search and Discovery
-
-The original registry provided some implementation of search for use with
-private registries. Support has been elided from V2 since we'd like to both
-decouple search functionality from the registry. The makes the registry
-simpler to deploy, especially in use cases where search is not needed, and
-let's us decouple the image format from the registry.
-
-There are explorations into using the catalog API and notification system to
-build external indexes. The current line of thought is that we will define a
-common search API to index and query docker images. Such a system could be run
-as a companion to a registry or set of registries to power discovery.
-
-The main issue with search and discovery is that there are so many ways to
-accomplish it. There are two aspects to this project. The first is deciding on
-how it will be done, including an API definition that can work with changing
-data formats. The second is the process of integrating with `docker search`.
-We expect that someone attempts to address the problem with the existing tools
-and propose it as a standard search API or uses it to inform a standardization
-process. Once this has been explored, we integrate with the docker client.
-
-Please see the following for more detail:
-
-- https://github.com/docker/distribution/issues/206
-
-##### Deletes
-
-> __NOTE:__ Deletes are a much asked for feature. Before requesting this
-feature or participating in discussion, we ask that you read this section in
-full and understand the problems behind deletes.
-
-While, at first glance, implementing deleting seems simple, there are a number
-mitigating factors that make many solutions not ideal or even pathological in
-the context of a registry. The following paragraph discuss the background and
-approaches that could be applied to arrive at a solution.
-
-The goal of deletes in any system is to remove unused or unneeded data. Only
-data requested for deletion should be removed and no other data. Removing
-unintended data is worse than _not_ removing data that was requested for
-removal but ideally, both are supported. Generally, according to this rule, we
-err on holding data longer than needed, ensuring that it is only removed when
-we can be certain that it can be removed. With the current behavior, we opt to
-hold onto the data forever, ensuring that data cannot be incorrectly removed.
-
-To understand the problems with implementing deletes, one must understand the
-data model. All registry data is stored in a filesystem layout, implemented on
-a "storage driver", effectively a _virtual file system_ (VFS). The storage
-system must assume that this VFS layer will be eventually consistent and has
-poor read- after-write consistency, since this is the lower common denominator
-among the storage drivers. This is mitigated by writing values in reverse-
-dependent order, but makes wider transactional operations unsafe.
-
-Layered on the VFS model is a content-addressable _directed, acyclic graph_
-(DAG) made up of blobs. Manifests reference layers. Tags reference manifests.
-Since the same data can be referenced by multiple manifests, we only store
-data once, even if it is in different repositories. Thus, we have a set of
-blobs, referenced by tags and manifests. If we want to delete a blob we need
-to be certain that it is no longer referenced by another manifest or tag. When
-we delete a manifest, we also can try to delete the referenced blobs. Deciding
-whether or not a blob has an active reference is the crux of the problem.
-
-Conceptually, deleting a manifest and its resources is quite simple. Just find
-all the manifests, enumerate the referenced blobs and delete the blobs not in
-that set. An astute observer will recognize this as a garbage collection
-problem. As with garbage collection in programming languages, this is very
-simple when one always has a consistent view. When one adds parallelism and an
-inconsistent view of data, it becomes very challenging.
-
-A simple example can demonstrate this. Let's say we are deleting a manifest
-_A_ in one process. We scan the manifest and decide that all the blobs are
-ready for deletion. Concurrently, we have another process accepting a new
-manifest _B_ referencing one or more blobs from the manifest _A_. Manifest _B_
-is accepted and all the blobs are considered present, so the operation
-proceeds. The original process then deletes the referenced blobs, assuming
-they were unreferenced. The manifest _B_, which we thought had all of its data
-present, can no longer be served by the registry, since the dependent data has
-been deleted.
-
-Deleting data from the registry safely requires some way to coordinate this
-operation. The following approaches are being considered:
-
-- _Reference Counting_ - Maintain a count of references to each blob. This is
-  challenging for a number of reasons: 1. maintaining a consistent consensus
-  of reference counts across a set of Registries and 2. Building the initial
-  list of reference counts for an existing registry. These challenges can be
-  met with a consensus protocol like Paxos or Raft in the first case and a
-  necessary but simple scan in the second..
-- _Lock the World GC_ - Halt all writes to the data store. Walk the data store
-  and find all blob references. Delete all unreferenced blobs. This approach
-  is very simple but requires disabling writes for a period of time while the
-  service reads all data. This is slow and expensive but very accurate and
-  effective.
-- _Generational GC_ - Do something similar to above but instead of blocking
-  writes, writes are sent to another storage backend while reads are broadcast
-  to the new and old backends. GC is then performed on the read-only portion.
-  Because writes land in the new backend, the data in the read-only section
-  can be safely deleted. The main drawbacks of this approach are complexity
-  and coordination.
-- _Centralized Oracle_ - Using a centralized, transactional database, we can
-  know exactly which data is referenced at any given time. This avoids
-  coordination problem by managing this data in a single location. We trade
-  off metadata scalability for simplicity and performance. This is a very good
-  option for most registry deployments. This would create a bottleneck for
-  registry metadata. However, metadata is generally not the main bottleneck
-  when serving images.
-
-Please let us know if other solutions exist that we have yet to enumerate.
-Note that for any approach, implementation is a massive consideration. For
-example, a mark-sweep based solution may seem simple but the amount of work in
-coordination offset the extra work it might take to build a _Centralized
-Oracle_. We'll accept proposals for any solution but please coordinate with us
-before dropping code.
-
-At this time, we have traded off simplicity and ease of deployment for disk
-space. Simplicity and ease of deployment tend to reduce developer involvement,
-which is currently the most expensive resource in software engineering. Taking
-on any solution for deletes will greatly effect these factors, trading off
-very cheap disk space for a complex deployment and operational story.
-
-Please see the following issues for more detail:
-
-- https://github.com/docker/distribution/issues/422
-- https://github.com/docker/distribution/issues/461
-- https://github.com/docker/distribution/issues/462
-
-### Distribution Package 
-
-At its core, the Distribution Project is a set of Go packages that make up
-Distribution Components. At this time, most of these packages make up the
-Registry implementation. 
-
-The package itself is considered unstable. If you're using it, please take care to vendor the dependent version. 
-
-For feature additions, please see the Registry section. In the future, we may break out a
-separate Roadmap for distribution-specific features that apply to more than
-just the registry.
-
-***
-
-### Project Planning
-
-An [Open-Source Planning Process](https://github.com/docker/distribution/wiki/Open-Source-Planning-Process) is used to define the Roadmap. [Project Pages](https://github.com/docker/distribution/wiki) define the goals for each Milestone and identify current progress.
-
diff --git a/vendor/github.com/docker/distribution/blobs.go b/vendor/github.com/docker/distribution/blobs.go
deleted file mode 100644
index 2a659eaa3..000000000
--- a/vendor/github.com/docker/distribution/blobs.go
+++ /dev/null
@@ -1,265 +0,0 @@
-package distribution
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"time"
-
-	"github.com/docker/distribution/reference"
-	"github.com/opencontainers/go-digest"
-	v1 "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-var (
-	// ErrBlobExists returned when blob already exists
-	ErrBlobExists = errors.New("blob exists")
-
-	// ErrBlobDigestUnsupported when blob digest is an unsupported version.
-	ErrBlobDigestUnsupported = errors.New("unsupported blob digest")
-
-	// ErrBlobUnknown when blob is not found.
-	ErrBlobUnknown = errors.New("unknown blob")
-
-	// ErrBlobUploadUnknown returned when upload is not found.
-	ErrBlobUploadUnknown = errors.New("blob upload unknown")
-
-	// ErrBlobInvalidLength returned when the blob has an expected length on
-	// commit, meaning mismatched with the descriptor or an invalid value.
-	ErrBlobInvalidLength = errors.New("blob invalid length")
-)
-
-// ErrBlobInvalidDigest returned when digest check fails.
-type ErrBlobInvalidDigest struct {
-	Digest digest.Digest
-	Reason error
-}
-
-func (err ErrBlobInvalidDigest) Error() string {
-	return fmt.Sprintf("invalid digest for referenced layer: %v, %v",
-		err.Digest, err.Reason)
-}
-
-// ErrBlobMounted returned when a blob is mounted from another repository
-// instead of initiating an upload session.
-type ErrBlobMounted struct {
-	From       reference.Canonical
-	Descriptor Descriptor
-}
-
-func (err ErrBlobMounted) Error() string {
-	return fmt.Sprintf("blob mounted from: %v to: %v",
-		err.From, err.Descriptor)
-}
-
-// Descriptor describes targeted content. Used in conjunction with a blob
-// store, a descriptor can be used to fetch, store and target any kind of
-// blob. The struct also describes the wire protocol format. Fields should
-// only be added but never changed.
-type Descriptor struct {
-	// MediaType describe the type of the content. All text based formats are
-	// encoded as utf-8.
-	MediaType string `json:"mediaType,omitempty"`
-
-	// Size in bytes of content.
-	Size int64 `json:"size,omitempty"`
-
-	// Digest uniquely identifies the content. A byte stream can be verified
-	// against this digest.
-	Digest digest.Digest `json:"digest,omitempty"`
-
-	// URLs contains the source URLs of this content.
-	URLs []string `json:"urls,omitempty"`
-
-	// Annotations contains arbitrary metadata relating to the targeted content.
-	Annotations map[string]string `json:"annotations,omitempty"`
-
-	// Platform describes the platform which the image in the manifest runs on.
-	// This should only be used when referring to a manifest.
-	Platform *v1.Platform `json:"platform,omitempty"`
-
-	// NOTE: Before adding a field here, please ensure that all
-	// other options have been exhausted. Much of the type relationships
-	// depend on the simplicity of this type.
-}
-
-// Descriptor returns the descriptor, to make it satisfy the Describable
-// interface. Note that implementations of Describable are generally objects
-// which can be described, not simply descriptors; this exception is in place
-// to make it more convenient to pass actual descriptors to functions that
-// expect Describable objects.
-func (d Descriptor) Descriptor() Descriptor {
-	return d
-}
-
-// BlobStatter makes blob descriptors available by digest. The service may
-// provide a descriptor of a different digest if the provided digest is not
-// canonical.
-type BlobStatter interface {
-	// Stat provides metadata about a blob identified by the digest. If the
-	// blob is unknown to the describer, ErrBlobUnknown will be returned.
-	Stat(ctx context.Context, dgst digest.Digest) (Descriptor, error)
-}
-
-// BlobDeleter enables deleting blobs from storage.
-type BlobDeleter interface {
-	Delete(ctx context.Context, dgst digest.Digest) error
-}
-
-// BlobEnumerator enables iterating over blobs from storage
-type BlobEnumerator interface {
-	Enumerate(ctx context.Context, ingester func(dgst digest.Digest) error) error
-}
-
-// BlobDescriptorService manages metadata about a blob by digest. Most
-// implementations will not expose such an interface explicitly. Such mappings
-// should be maintained by interacting with the BlobIngester. Hence, this is
-// left off of BlobService and BlobStore.
-type BlobDescriptorService interface {
-	BlobStatter
-
-	// SetDescriptor assigns the descriptor to the digest. The provided digest and
-	// the digest in the descriptor must map to identical content but they may
-	// differ on their algorithm. The descriptor must have the canonical
-	// digest of the content and the digest algorithm must match the
-	// annotators canonical algorithm.
-	//
-	// Such a facility can be used to map blobs between digest domains, with
-	// the restriction that the algorithm of the descriptor must match the
-	// canonical algorithm (ie sha256) of the annotator.
-	SetDescriptor(ctx context.Context, dgst digest.Digest, desc Descriptor) error
-
-	// Clear enables descriptors to be unlinked
-	Clear(ctx context.Context, dgst digest.Digest) error
-}
-
-// BlobDescriptorServiceFactory creates middleware for BlobDescriptorService.
-type BlobDescriptorServiceFactory interface {
-	BlobAccessController(svc BlobDescriptorService) BlobDescriptorService
-}
-
-// ReadSeekCloser is the primary reader type for blob data, combining
-// io.ReadSeeker with io.Closer.
-type ReadSeekCloser interface {
-	io.ReadSeeker
-	io.Closer
-}
-
-// BlobProvider describes operations for getting blob data.
-type BlobProvider interface {
-	// Get returns the entire blob identified by digest along with the descriptor.
-	Get(ctx context.Context, dgst digest.Digest) ([]byte, error)
-
-	// Open provides a ReadSeekCloser to the blob identified by the provided
-	// descriptor. If the blob is not known to the service, an error will be
-	// returned.
-	Open(ctx context.Context, dgst digest.Digest) (ReadSeekCloser, error)
-}
-
-// BlobServer can serve blobs via http.
-type BlobServer interface {
-	// ServeBlob attempts to serve the blob, identified by dgst, via http. The
-	// service may decide to redirect the client elsewhere or serve the data
-	// directly.
-	//
-	// This handler only issues successful responses, such as 2xx or 3xx,
-	// meaning it serves data or issues a redirect. If the blob is not
-	// available, an error will be returned and the caller may still issue a
-	// response.
-	//
-	// The implementation may serve the same blob from a different digest
-	// domain. The appropriate headers will be set for the blob, unless they
-	// have already been set by the caller.
-	ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error
-}
-
-// BlobIngester ingests blob data.
-type BlobIngester interface {
-	// Put inserts the content p into the blob service, returning a descriptor
-	// or an error.
-	Put(ctx context.Context, mediaType string, p []byte) (Descriptor, error)
-
-	// Create allocates a new blob writer to add a blob to this service. The
-	// returned handle can be written to and later resumed using an opaque
-	// identifier. With this approach, one can Close and Resume a BlobWriter
-	// multiple times until the BlobWriter is committed or cancelled.
-	Create(ctx context.Context, options ...BlobCreateOption) (BlobWriter, error)
-
-	// Resume attempts to resume a write to a blob, identified by an id.
-	Resume(ctx context.Context, id string) (BlobWriter, error)
-}
-
-// BlobCreateOption is a general extensible function argument for blob creation
-// methods. A BlobIngester may choose to honor any or none of the given
-// BlobCreateOptions, which can be specific to the implementation of the
-// BlobIngester receiving them.
-// TODO (brianbland): unify this with ManifestServiceOption in the future
-type BlobCreateOption interface {
-	Apply(interface{}) error
-}
-
-// CreateOptions is a collection of blob creation modifiers relevant to general
-// blob storage intended to be configured by the BlobCreateOption.Apply method.
-type CreateOptions struct {
-	Mount struct {
-		ShouldMount bool
-		From        reference.Canonical
-		// Stat allows to pass precalculated descriptor to link and return.
-		// Blob access check will be skipped if set.
-		Stat *Descriptor
-	}
-}
-
-// BlobWriter provides a handle for inserting data into a blob store.
-// Instances should be obtained from BlobWriteService.Writer and
-// BlobWriteService.Resume. If supported by the store, a writer can be
-// recovered with the id.
-type BlobWriter interface {
-	io.WriteCloser
-	io.ReaderFrom
-
-	// Size returns the number of bytes written to this blob.
-	Size() int64
-
-	// ID returns the identifier for this writer. The ID can be used with the
-	// Blob service to later resume the write.
-	ID() string
-
-	// StartedAt returns the time this blob write was started.
-	StartedAt() time.Time
-
-	// Commit completes the blob writer process. The content is verified
-	// against the provided provisional descriptor, which may result in an
-	// error. Depending on the implementation, written data may be validated
-	// against the provisional descriptor fields. If MediaType is not present,
-	// the implementation may reject the commit or assign "application/octet-
-	// stream" to the blob. The returned descriptor may have a different
-	// digest depending on the blob store, referred to as the canonical
-	// descriptor.
-	Commit(ctx context.Context, provisional Descriptor) (canonical Descriptor, err error)
-
-	// Cancel ends the blob write without storing any data and frees any
-	// associated resources. Any data written thus far will be lost. Cancel
-	// implementations should allow multiple calls even after a commit that
-	// result in a no-op. This allows use of Cancel in a defer statement,
-	// increasing the assurance that it is correctly called.
-	Cancel(ctx context.Context) error
-}
-
-// BlobService combines the operations to access, read and write blobs. This
-// can be used to describe remote blob services.
-type BlobService interface {
-	BlobStatter
-	BlobProvider
-	BlobIngester
-}
-
-// BlobStore represent the entire suite of blob related operations. Such an
-// implementation can access, read, write, delete and serve blobs.
-type BlobStore interface {
-	BlobService
-	BlobServer
-	BlobDeleter
-}
diff --git a/vendor/github.com/docker/distribution/doc.go b/vendor/github.com/docker/distribution/doc.go
deleted file mode 100644
index bdd8cb708..000000000
--- a/vendor/github.com/docker/distribution/doc.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Package distribution will define the interfaces for the components of
-// docker distribution. The goal is to allow users to reliably package, ship
-// and store content related to docker images.
-//
-// This is currently a work in progress. More details are available in the
-// README.md.
-package distribution
diff --git a/vendor/github.com/docker/distribution/docker-bake.hcl b/vendor/github.com/docker/distribution/docker-bake.hcl
deleted file mode 100644
index 4dd5a100c..000000000
--- a/vendor/github.com/docker/distribution/docker-bake.hcl
+++ /dev/null
@@ -1,65 +0,0 @@
-// GITHUB_REF is the actual ref that triggers the workflow
-// https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
-variable "GITHUB_REF" {
-  default = ""
-}
-
-target "_common" {
-  args = {
-    GIT_REF = GITHUB_REF
-  }
-}
-
-group "default" {
-  targets = ["image-local"]
-}
-
-// Special target: https://github.com/docker/metadata-action#bake-definition
-target "docker-metadata-action" {
-  tags = ["registry:local"]
-}
-
-target "binary" {
-  inherits = ["_common"]
-  target = "binary"
-  output = ["./bin"]
-}
-
-target "artifact" {
-  inherits = ["_common"]
-  target = "artifact"
-  output = ["./bin"]
-}
-
-target "artifact-all" {
-  inherits = ["artifact"]
-  platforms = [
-    "linux/amd64",
-    "linux/arm/v6",
-    "linux/arm/v7",
-    "linux/arm64",
-    "linux/ppc64le",
-    "linux/s390x"
-  ]
-}
-
-target "image" {
-  inherits = ["_common", "docker-metadata-action"]
-}
-
-target "image-local" {
-  inherits = ["image"]
-  output = ["type=docker"]
-}
-
-target "image-all" {
-  inherits = ["image"]
-  platforms = [
-    "linux/amd64",
-    "linux/arm/v6",
-    "linux/arm/v7",
-    "linux/arm64",
-    "linux/ppc64le",
-    "linux/s390x"
-  ]
-}
diff --git a/vendor/github.com/docker/distribution/errors.go b/vendor/github.com/docker/distribution/errors.go
deleted file mode 100644
index 8e0b788d6..000000000
--- a/vendor/github.com/docker/distribution/errors.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package distribution
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/opencontainers/go-digest"
-)
-
-// ErrAccessDenied is returned when an access to a requested resource is
-// denied.
-var ErrAccessDenied = errors.New("access denied")
-
-// ErrManifestNotModified is returned when a conditional manifest GetByTag
-// returns nil due to the client indicating it has the latest version
-var ErrManifestNotModified = errors.New("manifest not modified")
-
-// ErrUnsupported is returned when an unimplemented or unsupported action is
-// performed
-var ErrUnsupported = errors.New("operation unsupported")
-
-// ErrSchemaV1Unsupported is returned when a client tries to upload a schema v1
-// manifest but the registry is configured to reject it
-var ErrSchemaV1Unsupported = errors.New("manifest schema v1 unsupported")
-
-// ErrTagUnknown is returned if the given tag is not known by the tag service
-type ErrTagUnknown struct {
-	Tag string
-}
-
-func (err ErrTagUnknown) Error() string {
-	return fmt.Sprintf("unknown tag=%s", err.Tag)
-}
-
-// ErrRepositoryUnknown is returned if the named repository is not known by
-// the registry.
-type ErrRepositoryUnknown struct {
-	Name string
-}
-
-func (err ErrRepositoryUnknown) Error() string {
-	return fmt.Sprintf("unknown repository name=%s", err.Name)
-}
-
-// ErrRepositoryNameInvalid should be used to denote an invalid repository
-// name. Reason may set, indicating the cause of invalidity.
-type ErrRepositoryNameInvalid struct {
-	Name   string
-	Reason error
-}
-
-func (err ErrRepositoryNameInvalid) Error() string {
-	return fmt.Sprintf("repository name %q invalid: %v", err.Name, err.Reason)
-}
-
-// ErrManifestUnknown is returned if the manifest is not known by the
-// registry.
-type ErrManifestUnknown struct {
-	Name string
-	Tag  string
-}
-
-func (err ErrManifestUnknown) Error() string {
-	return fmt.Sprintf("unknown manifest name=%s tag=%s", err.Name, err.Tag)
-}
-
-// ErrManifestUnknownRevision is returned when a manifest cannot be found by
-// revision within a repository.
-type ErrManifestUnknownRevision struct {
-	Name     string
-	Revision digest.Digest
-}
-
-func (err ErrManifestUnknownRevision) Error() string {
-	return fmt.Sprintf("unknown manifest name=%s revision=%s", err.Name, err.Revision)
-}
-
-// ErrManifestUnverified is returned when the registry is unable to verify
-// the manifest.
-type ErrManifestUnverified struct{}
-
-func (ErrManifestUnverified) Error() string {
-	return "unverified manifest"
-}
-
-// ErrManifestVerification provides a type to collect errors encountered
-// during manifest verification. Currently, it accepts errors of all types,
-// but it may be narrowed to those involving manifest verification.
-type ErrManifestVerification []error
-
-func (errs ErrManifestVerification) Error() string {
-	var parts []string
-	for _, err := range errs {
-		parts = append(parts, err.Error())
-	}
-
-	return fmt.Sprintf("errors verifying manifest: %v", strings.Join(parts, ","))
-}
-
-// ErrManifestBlobUnknown returned when a referenced blob cannot be found.
-type ErrManifestBlobUnknown struct {
-	Digest digest.Digest
-}
-
-func (err ErrManifestBlobUnknown) Error() string {
-	return fmt.Sprintf("unknown blob %v on manifest", err.Digest)
-}
-
-// ErrManifestNameInvalid should be used to denote an invalid manifest
-// name. Reason may set, indicating the cause of invalidity.
-type ErrManifestNameInvalid struct {
-	Name   string
-	Reason error
-}
-
-func (err ErrManifestNameInvalid) Error() string {
-	return fmt.Sprintf("manifest name %q invalid: %v", err.Name, err.Reason)
-}
diff --git a/vendor/github.com/docker/distribution/manifests.go b/vendor/github.com/docker/distribution/manifests.go
deleted file mode 100644
index 8f84a220a..000000000
--- a/vendor/github.com/docker/distribution/manifests.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package distribution
-
-import (
-	"context"
-	"fmt"
-	"mime"
-
-	"github.com/opencontainers/go-digest"
-)
-
-// Manifest represents a registry object specifying a set of
-// references and an optional target
-type Manifest interface {
-	// References returns a list of objects which make up this manifest.
-	// A reference is anything which can be represented by a
-	// distribution.Descriptor. These can consist of layers, resources or other
-	// manifests.
-	//
-	// While no particular order is required, implementations should return
-	// them from highest to lowest priority. For example, one might want to
-	// return the base layer before the top layer.
-	References() []Descriptor
-
-	// Payload provides the serialized format of the manifest, in addition to
-	// the media type.
-	Payload() (mediaType string, payload []byte, err error)
-}
-
-// ManifestBuilder creates a manifest allowing one to include dependencies.
-// Instances can be obtained from a version-specific manifest package.  Manifest
-// specific data is passed into the function which creates the builder.
-type ManifestBuilder interface {
-	// Build creates the manifest from his builder.
-	Build(ctx context.Context) (Manifest, error)
-
-	// References returns a list of objects which have been added to this
-	// builder. The dependencies are returned in the order they were added,
-	// which should be from base to head.
-	References() []Descriptor
-
-	// AppendReference includes the given object in the manifest after any
-	// existing dependencies. If the add fails, such as when adding an
-	// unsupported dependency, an error may be returned.
-	//
-	// The destination of the reference is dependent on the manifest type and
-	// the dependency type.
-	AppendReference(dependency Describable) error
-}
-
-// ManifestService describes operations on image manifests.
-type ManifestService interface {
-	// Exists returns true if the manifest exists.
-	Exists(ctx context.Context, dgst digest.Digest) (bool, error)
-
-	// Get retrieves the manifest specified by the given digest
-	Get(ctx context.Context, dgst digest.Digest, options ...ManifestServiceOption) (Manifest, error)
-
-	// Put creates or updates the given manifest returning the manifest digest
-	Put(ctx context.Context, manifest Manifest, options ...ManifestServiceOption) (digest.Digest, error)
-
-	// Delete removes the manifest specified by the given digest. Deleting
-	// a manifest that doesn't exist will return ErrManifestNotFound
-	Delete(ctx context.Context, dgst digest.Digest) error
-}
-
-// ManifestEnumerator enables iterating over manifests
-type ManifestEnumerator interface {
-	// Enumerate calls ingester for each manifest.
-	Enumerate(ctx context.Context, ingester func(digest.Digest) error) error
-}
-
-// Describable is an interface for descriptors
-type Describable interface {
-	Descriptor() Descriptor
-}
-
-// ManifestMediaTypes returns the supported media types for manifests.
-func ManifestMediaTypes() (mediaTypes []string) {
-	for t := range mappings {
-		if t != "" {
-			mediaTypes = append(mediaTypes, t)
-		}
-	}
-	return
-}
-
-// UnmarshalFunc implements manifest unmarshalling a given MediaType
-type UnmarshalFunc func([]byte) (Manifest, Descriptor, error)
-
-var mappings = make(map[string]UnmarshalFunc)
-
-// UnmarshalManifest looks up manifest unmarshal functions based on
-// MediaType
-func UnmarshalManifest(ctHeader string, p []byte) (Manifest, Descriptor, error) {
-	// Need to look up by the actual media type, not the raw contents of
-	// the header. Strip semicolons and anything following them.
-	var mediaType string
-	if ctHeader != "" {
-		var err error
-		mediaType, _, err = mime.ParseMediaType(ctHeader)
-		if err != nil {
-			return nil, Descriptor{}, err
-		}
-	}
-
-	unmarshalFunc, ok := mappings[mediaType]
-	if !ok {
-		unmarshalFunc, ok = mappings[""]
-		if !ok {
-			return nil, Descriptor{}, fmt.Errorf("unsupported manifest media type and no default available: %s", mediaType)
-		}
-	}
-
-	return unmarshalFunc(p)
-}
-
-// RegisterManifestSchema registers an UnmarshalFunc for a given schema type.  This
-// should be called from specific
-func RegisterManifestSchema(mediaType string, u UnmarshalFunc) error {
-	if _, ok := mappings[mediaType]; ok {
-		return fmt.Errorf("manifest media type registration would overwrite existing: %s", mediaType)
-	}
-	mappings[mediaType] = u
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/metrics/prometheus.go b/vendor/github.com/docker/distribution/metrics/prometheus.go
deleted file mode 100644
index b5a532144..000000000
--- a/vendor/github.com/docker/distribution/metrics/prometheus.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package metrics
-
-import "github.com/docker/go-metrics"
-
-const (
-	// NamespacePrefix is the namespace of prometheus metrics
-	NamespacePrefix = "registry"
-)
-
-var (
-	// StorageNamespace is the prometheus namespace of blob/cache related operations
-	StorageNamespace = metrics.NewNamespace(NamespacePrefix, "storage", nil)
-)
diff --git a/vendor/github.com/docker/distribution/registry.go b/vendor/github.com/docker/distribution/registry.go
deleted file mode 100644
index 6c3210989..000000000
--- a/vendor/github.com/docker/distribution/registry.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package distribution
-
-import (
-	"context"
-
-	"github.com/docker/distribution/reference"
-)
-
-// Scope defines the set of items that match a namespace.
-type Scope interface {
-	// Contains returns true if the name belongs to the namespace.
-	Contains(name string) bool
-}
-
-type fullScope struct{}
-
-func (f fullScope) Contains(string) bool {
-	return true
-}
-
-// GlobalScope represents the full namespace scope which contains
-// all other scopes.
-var GlobalScope = Scope(fullScope{})
-
-// Namespace represents a collection of repositories, addressable by name.
-// Generally, a namespace is backed by a set of one or more services,
-// providing facilities such as registry access, trust, and indexing.
-type Namespace interface {
-	// Scope describes the names that can be used with this Namespace. The
-	// global namespace will have a scope that matches all names. The scope
-	// effectively provides an identity for the namespace.
-	Scope() Scope
-
-	// Repository should return a reference to the named repository. The
-	// registry may or may not have the repository but should always return a
-	// reference.
-	Repository(ctx context.Context, name reference.Named) (Repository, error)
-
-	// Repositories fills 'repos' with a lexicographically sorted catalog of repositories
-	// up to the size of 'repos' and returns the value 'n' for the number of entries
-	// which were filled.  'last' contains an offset in the catalog, and 'err' will be
-	// set to io.EOF if there are no more entries to obtain.
-	Repositories(ctx context.Context, repos []string, last string) (n int, err error)
-
-	// Blobs returns a blob enumerator to access all blobs
-	Blobs() BlobEnumerator
-
-	// BlobStatter returns a BlobStatter to control
-	BlobStatter() BlobStatter
-}
-
-// RepositoryEnumerator describes an operation to enumerate repositories
-type RepositoryEnumerator interface {
-	Enumerate(ctx context.Context, ingester func(string) error) error
-}
-
-// RepositoryRemover removes given repository
-type RepositoryRemover interface {
-	Remove(ctx context.Context, name reference.Named) error
-}
-
-// ManifestServiceOption is a function argument for Manifest Service methods
-type ManifestServiceOption interface {
-	Apply(ManifestService) error
-}
-
-// WithTag allows a tag to be passed into Put
-func WithTag(tag string) ManifestServiceOption {
-	return WithTagOption{tag}
-}
-
-// WithTagOption holds a tag
-type WithTagOption struct{ Tag string }
-
-// Apply conforms to the ManifestServiceOption interface
-func (o WithTagOption) Apply(m ManifestService) error {
-	// no implementation
-	return nil
-}
-
-// WithManifestMediaTypes lists the media types the client wishes
-// the server to provide.
-func WithManifestMediaTypes(mediaTypes []string) ManifestServiceOption {
-	return WithManifestMediaTypesOption{mediaTypes}
-}
-
-// WithManifestMediaTypesOption holds a list of accepted media types
-type WithManifestMediaTypesOption struct{ MediaTypes []string }
-
-// Apply conforms to the ManifestServiceOption interface
-func (o WithManifestMediaTypesOption) Apply(m ManifestService) error {
-	// no implementation
-	return nil
-}
-
-// Repository is a named collection of manifests and layers.
-type Repository interface {
-	// Named returns the name of the repository.
-	Named() reference.Named
-
-	// Manifests returns a reference to this repository's manifest service.
-	// with the supplied options applied.
-	Manifests(ctx context.Context, options ...ManifestServiceOption) (ManifestService, error)
-
-	// Blobs returns a reference to this repository's blob service.
-	Blobs(ctx context.Context) BlobStore
-
-	// TODO(stevvooe): The above BlobStore return can probably be relaxed to
-	// be a BlobService for use with clients. This will allow such
-	// implementations to avoid implementing ServeBlob.
-
-	// Tags returns a reference to this repositories tag service
-	Tags(ctx context.Context) TagService
-}
-
-// TODO(stevvooe): Must add close methods to all these. May want to change the
-// way instances are created to better reflect internal dependency
-// relationships.
diff --git a/vendor/github.com/docker/distribution/registry/client/blob_writer.go b/vendor/github.com/docker/distribution/registry/client/blob_writer.go
deleted file mode 100644
index 695bf852f..000000000
--- a/vendor/github.com/docker/distribution/registry/client/blob_writer.go
+++ /dev/null
@@ -1,162 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"time"
-
-	"github.com/docker/distribution"
-)
-
-type httpBlobUpload struct {
-	statter distribution.BlobStatter
-	client  *http.Client
-
-	uuid      string
-	startedAt time.Time
-
-	location string // always the last value of the location header.
-	offset   int64
-	closed   bool
-}
-
-func (hbu *httpBlobUpload) Reader() (io.ReadCloser, error) {
-	panic("Not implemented")
-}
-
-func (hbu *httpBlobUpload) handleErrorResponse(resp *http.Response) error {
-	if resp.StatusCode == http.StatusNotFound {
-		return distribution.ErrBlobUploadUnknown
-	}
-	return HandleErrorResponse(resp)
-}
-
-func (hbu *httpBlobUpload) ReadFrom(r io.Reader) (n int64, err error) {
-	req, err := http.NewRequest("PATCH", hbu.location, ioutil.NopCloser(r))
-	if err != nil {
-		return 0, err
-	}
-	defer req.Body.Close()
-
-	resp, err := hbu.client.Do(req)
-	if err != nil {
-		return 0, err
-	}
-
-	if !SuccessStatus(resp.StatusCode) {
-		return 0, hbu.handleErrorResponse(resp)
-	}
-
-	hbu.uuid = resp.Header.Get("Docker-Upload-UUID")
-	hbu.location, err = sanitizeLocation(resp.Header.Get("Location"), hbu.location)
-	if err != nil {
-		return 0, err
-	}
-	rng := resp.Header.Get("Range")
-	var start, end int64
-	if n, err := fmt.Sscanf(rng, "%d-%d", &start, &end); err != nil {
-		return 0, err
-	} else if n != 2 || end < start {
-		return 0, fmt.Errorf("bad range format: %s", rng)
-	}
-
-	return (end - start + 1), nil
-
-}
-
-func (hbu *httpBlobUpload) Write(p []byte) (n int, err error) {
-	req, err := http.NewRequest("PATCH", hbu.location, bytes.NewReader(p))
-	if err != nil {
-		return 0, err
-	}
-	req.Header.Set("Content-Range", fmt.Sprintf("%d-%d", hbu.offset, hbu.offset+int64(len(p)-1)))
-	req.Header.Set("Content-Length", fmt.Sprintf("%d", len(p)))
-	req.Header.Set("Content-Type", "application/octet-stream")
-
-	resp, err := hbu.client.Do(req)
-	if err != nil {
-		return 0, err
-	}
-
-	if !SuccessStatus(resp.StatusCode) {
-		return 0, hbu.handleErrorResponse(resp)
-	}
-
-	hbu.uuid = resp.Header.Get("Docker-Upload-UUID")
-	hbu.location, err = sanitizeLocation(resp.Header.Get("Location"), hbu.location)
-	if err != nil {
-		return 0, err
-	}
-	rng := resp.Header.Get("Range")
-	var start, end int
-	if n, err := fmt.Sscanf(rng, "%d-%d", &start, &end); err != nil {
-		return 0, err
-	} else if n != 2 || end < start {
-		return 0, fmt.Errorf("bad range format: %s", rng)
-	}
-
-	return (end - start + 1), nil
-
-}
-
-func (hbu *httpBlobUpload) Size() int64 {
-	return hbu.offset
-}
-
-func (hbu *httpBlobUpload) ID() string {
-	return hbu.uuid
-}
-
-func (hbu *httpBlobUpload) StartedAt() time.Time {
-	return hbu.startedAt
-}
-
-func (hbu *httpBlobUpload) Commit(ctx context.Context, desc distribution.Descriptor) (distribution.Descriptor, error) {
-	// TODO(dmcgowan): Check if already finished, if so just fetch
-	req, err := http.NewRequest("PUT", hbu.location, nil)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	values := req.URL.Query()
-	values.Set("digest", desc.Digest.String())
-	req.URL.RawQuery = values.Encode()
-
-	resp, err := hbu.client.Do(req)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	defer resp.Body.Close()
-
-	if !SuccessStatus(resp.StatusCode) {
-		return distribution.Descriptor{}, hbu.handleErrorResponse(resp)
-	}
-
-	return hbu.statter.Stat(ctx, desc.Digest)
-}
-
-func (hbu *httpBlobUpload) Cancel(ctx context.Context) error {
-	req, err := http.NewRequest("DELETE", hbu.location, nil)
-	if err != nil {
-		return err
-	}
-	resp, err := hbu.client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode == http.StatusNotFound || SuccessStatus(resp.StatusCode) {
-		return nil
-	}
-	return hbu.handleErrorResponse(resp)
-}
-
-func (hbu *httpBlobUpload) Close() error {
-	hbu.closed = true
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/client/repository.go b/vendor/github.com/docker/distribution/registry/client/repository.go
deleted file mode 100644
index 3e2ae66d3..000000000
--- a/vendor/github.com/docker/distribution/registry/client/repository.go
+++ /dev/null
@@ -1,872 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/distribution/registry/storage/cache"
-	"github.com/docker/distribution/registry/storage/cache/memory"
-	"github.com/opencontainers/go-digest"
-)
-
-// Registry provides an interface for calling Repositories, which returns a catalog of repositories.
-type Registry interface {
-	Repositories(ctx context.Context, repos []string, last string) (n int, err error)
-}
-
-// checkHTTPRedirect is a callback that can manipulate redirected HTTP
-// requests. It is used to preserve Accept and Range headers.
-func checkHTTPRedirect(req *http.Request, via []*http.Request) error {
-	if len(via) >= 10 {
-		return errors.New("stopped after 10 redirects")
-	}
-
-	if len(via) > 0 {
-		for headerName, headerVals := range via[0].Header {
-			if headerName != "Accept" && headerName != "Range" {
-				continue
-			}
-			for _, val := range headerVals {
-				// Don't add to redirected request if redirected
-				// request already has a header with the same
-				// name and value.
-				hasValue := false
-				for _, existingVal := range req.Header[headerName] {
-					if existingVal == val {
-						hasValue = true
-						break
-					}
-				}
-				if !hasValue {
-					req.Header.Add(headerName, val)
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-// NewRegistry creates a registry namespace which can be used to get a listing of repositories
-func NewRegistry(baseURL string, transport http.RoundTripper) (Registry, error) {
-	ub, err := v2.NewURLBuilderFromString(baseURL, false)
-	if err != nil {
-		return nil, err
-	}
-
-	client := &http.Client{
-		Transport:     transport,
-		Timeout:       1 * time.Minute,
-		CheckRedirect: checkHTTPRedirect,
-	}
-
-	return &registry{
-		client: client,
-		ub:     ub,
-	}, nil
-}
-
-type registry struct {
-	client *http.Client
-	ub     *v2.URLBuilder
-}
-
-// Repositories returns a lexigraphically sorted catalog given a base URL.  The 'entries' slice will be filled up to the size
-// of the slice, starting at the value provided in 'last'.  The number of entries will be returned along with io.EOF if there
-// are no more entries
-func (r *registry) Repositories(ctx context.Context, entries []string, last string) (int, error) {
-	var numFilled int
-	var returnErr error
-
-	values := buildCatalogValues(len(entries), last)
-	u, err := r.ub.BuildCatalogURL(values)
-	if err != nil {
-		return 0, err
-	}
-
-	resp, err := r.client.Get(u)
-	if err != nil {
-		return 0, err
-	}
-	defer resp.Body.Close()
-
-	if SuccessStatus(resp.StatusCode) {
-		var ctlg struct {
-			Repositories []string `json:"repositories"`
-		}
-		decoder := json.NewDecoder(resp.Body)
-
-		if err := decoder.Decode(&ctlg); err != nil {
-			return 0, err
-		}
-
-		for cnt := range ctlg.Repositories {
-			entries[cnt] = ctlg.Repositories[cnt]
-		}
-		numFilled = len(ctlg.Repositories)
-
-		link := resp.Header.Get("Link")
-		if link == "" {
-			returnErr = io.EOF
-		}
-	} else {
-		return 0, HandleErrorResponse(resp)
-	}
-
-	return numFilled, returnErr
-}
-
-// NewRepository creates a new Repository for the given repository name and base URL.
-func NewRepository(name reference.Named, baseURL string, transport http.RoundTripper) (distribution.Repository, error) {
-	ub, err := v2.NewURLBuilderFromString(baseURL, false)
-	if err != nil {
-		return nil, err
-	}
-
-	client := &http.Client{
-		Transport:     transport,
-		CheckRedirect: checkHTTPRedirect,
-		// TODO(dmcgowan): create cookie jar
-	}
-
-	return &repository{
-		client: client,
-		ub:     ub,
-		name:   name,
-	}, nil
-}
-
-type repository struct {
-	client *http.Client
-	ub     *v2.URLBuilder
-	name   reference.Named
-}
-
-func (r *repository) Named() reference.Named {
-	return r.name
-}
-
-func (r *repository) Blobs(ctx context.Context) distribution.BlobStore {
-	statter := &blobStatter{
-		name:   r.name,
-		ub:     r.ub,
-		client: r.client,
-	}
-	return &blobs{
-		name:    r.name,
-		ub:      r.ub,
-		client:  r.client,
-		statter: cache.NewCachedBlobStatter(memory.NewInMemoryBlobDescriptorCacheProvider(), statter),
-	}
-}
-
-func (r *repository) Manifests(ctx context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
-	// todo(richardscothern): options should be sent over the wire
-	return &manifests{
-		name:   r.name,
-		ub:     r.ub,
-		client: r.client,
-		etags:  make(map[string]string),
-	}, nil
-}
-
-func (r *repository) Tags(ctx context.Context) distribution.TagService {
-	return &tags{
-		client: r.client,
-		ub:     r.ub,
-		name:   r.Named(),
-	}
-}
-
-// tags implements remote tagging operations.
-type tags struct {
-	client *http.Client
-	ub     *v2.URLBuilder
-	name   reference.Named
-}
-
-// All returns all tags
-func (t *tags) All(ctx context.Context) ([]string, error) {
-	var tags []string
-
-	listURLStr, err := t.ub.BuildTagsURL(t.name)
-	if err != nil {
-		return tags, err
-	}
-
-	listURL, err := url.Parse(listURLStr)
-	if err != nil {
-		return tags, err
-	}
-
-	for {
-		resp, err := t.client.Get(listURL.String())
-		if err != nil {
-			return tags, err
-		}
-		defer resp.Body.Close()
-
-		if SuccessStatus(resp.StatusCode) {
-			b, err := ioutil.ReadAll(resp.Body)
-			if err != nil {
-				return tags, err
-			}
-
-			tagsResponse := struct {
-				Tags []string `json:"tags"`
-			}{}
-			if err := json.Unmarshal(b, &tagsResponse); err != nil {
-				return tags, err
-			}
-			tags = append(tags, tagsResponse.Tags...)
-			if link := resp.Header.Get("Link"); link != "" {
-				linkURLStr := strings.Trim(strings.Split(link, ";")[0], "<>")
-				linkURL, err := url.Parse(linkURLStr)
-				if err != nil {
-					return tags, err
-				}
-
-				listURL = listURL.ResolveReference(linkURL)
-			} else {
-				return tags, nil
-			}
-		} else {
-			return tags, HandleErrorResponse(resp)
-		}
-	}
-}
-
-func descriptorFromResponse(response *http.Response) (distribution.Descriptor, error) {
-	desc := distribution.Descriptor{}
-	headers := response.Header
-
-	ctHeader := headers.Get("Content-Type")
-	if ctHeader == "" {
-		return distribution.Descriptor{}, errors.New("missing or empty Content-Type header")
-	}
-	desc.MediaType = ctHeader
-
-	digestHeader := headers.Get("Docker-Content-Digest")
-	if digestHeader == "" {
-		bytes, err := ioutil.ReadAll(response.Body)
-		if err != nil {
-			return distribution.Descriptor{}, err
-		}
-		_, desc, err := distribution.UnmarshalManifest(ctHeader, bytes)
-		if err != nil {
-			return distribution.Descriptor{}, err
-		}
-		return desc, nil
-	}
-
-	dgst, err := digest.Parse(digestHeader)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	desc.Digest = dgst
-
-	lengthHeader := headers.Get("Content-Length")
-	if lengthHeader == "" {
-		return distribution.Descriptor{}, errors.New("missing or empty Content-Length header")
-	}
-	length, err := strconv.ParseInt(lengthHeader, 10, 64)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	desc.Size = length
-
-	return desc, nil
-
-}
-
-// Get issues a HEAD request for a Manifest against its named endpoint in order
-// to construct a descriptor for the tag.  If the registry doesn't support HEADing
-// a manifest, fallback to GET.
-func (t *tags) Get(ctx context.Context, tag string) (distribution.Descriptor, error) {
-	ref, err := reference.WithTag(t.name, tag)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	u, err := t.ub.BuildManifestURL(ref)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	newRequest := func(method string) (*http.Response, error) {
-		req, err := http.NewRequest(method, u, nil)
-		if err != nil {
-			return nil, err
-		}
-
-		for _, t := range distribution.ManifestMediaTypes() {
-			req.Header.Add("Accept", t)
-		}
-		resp, err := t.client.Do(req)
-		return resp, err
-	}
-
-	resp, err := newRequest("HEAD")
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	defer resp.Body.Close()
-
-	switch {
-	case resp.StatusCode >= 200 && resp.StatusCode < 400 && len(resp.Header.Get("Docker-Content-Digest")) > 0:
-		// if the response is a success AND a Docker-Content-Digest can be retrieved from the headers
-		return descriptorFromResponse(resp)
-	default:
-		// if the response is an error - there will be no body to decode.
-		// Issue a GET request:
-		//   - for data from a server that does not handle HEAD
-		//   - to get error details in case of a failure
-		resp, err = newRequest("GET")
-		if err != nil {
-			return distribution.Descriptor{}, err
-		}
-		defer resp.Body.Close()
-
-		if resp.StatusCode >= 200 && resp.StatusCode < 400 {
-			return descriptorFromResponse(resp)
-		}
-		return distribution.Descriptor{}, HandleErrorResponse(resp)
-	}
-}
-
-func (t *tags) Lookup(ctx context.Context, digest distribution.Descriptor) ([]string, error) {
-	panic("not implemented")
-}
-
-func (t *tags) Tag(ctx context.Context, tag string, desc distribution.Descriptor) error {
-	panic("not implemented")
-}
-
-func (t *tags) Untag(ctx context.Context, tag string) error {
-	panic("not implemented")
-}
-
-type manifests struct {
-	name   reference.Named
-	ub     *v2.URLBuilder
-	client *http.Client
-	etags  map[string]string
-}
-
-func (ms *manifests) Exists(ctx context.Context, dgst digest.Digest) (bool, error) {
-	ref, err := reference.WithDigest(ms.name, dgst)
-	if err != nil {
-		return false, err
-	}
-	u, err := ms.ub.BuildManifestURL(ref)
-	if err != nil {
-		return false, err
-	}
-
-	resp, err := ms.client.Head(u)
-	if err != nil {
-		return false, err
-	}
-
-	if SuccessStatus(resp.StatusCode) {
-		return true, nil
-	} else if resp.StatusCode == http.StatusNotFound {
-		return false, nil
-	}
-	return false, HandleErrorResponse(resp)
-}
-
-// AddEtagToTag allows a client to supply an eTag to Get which will be
-// used for a conditional HTTP request.  If the eTag matches, a nil manifest
-// and ErrManifestNotModified error will be returned. etag is automatically
-// quoted when added to this map.
-func AddEtagToTag(tag, etag string) distribution.ManifestServiceOption {
-	return etagOption{tag, etag}
-}
-
-type etagOption struct{ tag, etag string }
-
-func (o etagOption) Apply(ms distribution.ManifestService) error {
-	if ms, ok := ms.(*manifests); ok {
-		ms.etags[o.tag] = fmt.Sprintf(`"%s"`, o.etag)
-		return nil
-	}
-	return fmt.Errorf("etag options is a client-only option")
-}
-
-// ReturnContentDigest allows a client to set a the content digest on
-// a successful request from the 'Docker-Content-Digest' header. This
-// returned digest is represents the digest which the registry uses
-// to refer to the content and can be used to delete the content.
-func ReturnContentDigest(dgst *digest.Digest) distribution.ManifestServiceOption {
-	return contentDigestOption{dgst}
-}
-
-type contentDigestOption struct{ digest *digest.Digest }
-
-func (o contentDigestOption) Apply(ms distribution.ManifestService) error {
-	return nil
-}
-
-func (ms *manifests) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
-	var (
-		digestOrTag string
-		ref         reference.Named
-		err         error
-		contentDgst *digest.Digest
-		mediaTypes  []string
-	)
-
-	for _, option := range options {
-		switch opt := option.(type) {
-		case distribution.WithTagOption:
-			digestOrTag = opt.Tag
-			ref, err = reference.WithTag(ms.name, opt.Tag)
-			if err != nil {
-				return nil, err
-			}
-		case contentDigestOption:
-			contentDgst = opt.digest
-		case distribution.WithManifestMediaTypesOption:
-			mediaTypes = opt.MediaTypes
-		default:
-			err := option.Apply(ms)
-			if err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	if digestOrTag == "" {
-		digestOrTag = dgst.String()
-		ref, err = reference.WithDigest(ms.name, dgst)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if len(mediaTypes) == 0 {
-		mediaTypes = distribution.ManifestMediaTypes()
-	}
-
-	u, err := ms.ub.BuildManifestURL(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest("GET", u, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, t := range mediaTypes {
-		req.Header.Add("Accept", t)
-	}
-
-	if _, ok := ms.etags[digestOrTag]; ok {
-		req.Header.Set("If-None-Match", ms.etags[digestOrTag])
-	}
-
-	resp, err := ms.client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode == http.StatusNotModified {
-		return nil, distribution.ErrManifestNotModified
-	} else if SuccessStatus(resp.StatusCode) {
-		if contentDgst != nil {
-			dgst, err := digest.Parse(resp.Header.Get("Docker-Content-Digest"))
-			if err == nil {
-				*contentDgst = dgst
-			}
-		}
-		mt := resp.Header.Get("Content-Type")
-		body, err := ioutil.ReadAll(resp.Body)
-
-		if err != nil {
-			return nil, err
-		}
-		m, _, err := distribution.UnmarshalManifest(mt, body)
-		if err != nil {
-			return nil, err
-		}
-		return m, nil
-	}
-	return nil, HandleErrorResponse(resp)
-}
-
-// Put puts a manifest.  A tag can be specified using an options parameter which uses some shared state to hold the
-// tag name in order to build the correct upload URL.
-func (ms *manifests) Put(ctx context.Context, m distribution.Manifest, options ...distribution.ManifestServiceOption) (digest.Digest, error) {
-	ref := ms.name
-	var tagged bool
-
-	for _, option := range options {
-		if opt, ok := option.(distribution.WithTagOption); ok {
-			var err error
-			ref, err = reference.WithTag(ref, opt.Tag)
-			if err != nil {
-				return "", err
-			}
-			tagged = true
-		} else {
-			err := option.Apply(ms)
-			if err != nil {
-				return "", err
-			}
-		}
-	}
-	mediaType, p, err := m.Payload()
-	if err != nil {
-		return "", err
-	}
-
-	if !tagged {
-		// generate a canonical digest and Put by digest
-		_, d, err := distribution.UnmarshalManifest(mediaType, p)
-		if err != nil {
-			return "", err
-		}
-		ref, err = reference.WithDigest(ref, d.Digest)
-		if err != nil {
-			return "", err
-		}
-	}
-
-	manifestURL, err := ms.ub.BuildManifestURL(ref)
-	if err != nil {
-		return "", err
-	}
-
-	putRequest, err := http.NewRequest("PUT", manifestURL, bytes.NewReader(p))
-	if err != nil {
-		return "", err
-	}
-
-	putRequest.Header.Set("Content-Type", mediaType)
-
-	resp, err := ms.client.Do(putRequest)
-	if err != nil {
-		return "", err
-	}
-	defer resp.Body.Close()
-
-	if SuccessStatus(resp.StatusCode) {
-		dgstHeader := resp.Header.Get("Docker-Content-Digest")
-		dgst, err := digest.Parse(dgstHeader)
-		if err != nil {
-			return "", err
-		}
-
-		return dgst, nil
-	}
-
-	return "", HandleErrorResponse(resp)
-}
-
-func (ms *manifests) Delete(ctx context.Context, dgst digest.Digest) error {
-	ref, err := reference.WithDigest(ms.name, dgst)
-	if err != nil {
-		return err
-	}
-	u, err := ms.ub.BuildManifestURL(ref)
-	if err != nil {
-		return err
-	}
-	req, err := http.NewRequest("DELETE", u, nil)
-	if err != nil {
-		return err
-	}
-
-	resp, err := ms.client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if SuccessStatus(resp.StatusCode) {
-		return nil
-	}
-	return HandleErrorResponse(resp)
-}
-
-// todo(richardscothern): Restore interface and implementation with merge of #1050
-/*func (ms *manifests) Enumerate(ctx context.Context, manifests []distribution.Manifest, last distribution.Manifest) (n int, err error) {
-	panic("not supported")
-}*/
-
-type blobs struct {
-	name   reference.Named
-	ub     *v2.URLBuilder
-	client *http.Client
-
-	statter distribution.BlobDescriptorService
-	distribution.BlobDeleter
-}
-
-func sanitizeLocation(location, base string) (string, error) {
-	baseURL, err := url.Parse(base)
-	if err != nil {
-		return "", err
-	}
-
-	locationURL, err := url.Parse(location)
-	if err != nil {
-		return "", err
-	}
-
-	return baseURL.ResolveReference(locationURL).String(), nil
-}
-
-func (bs *blobs) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	return bs.statter.Stat(ctx, dgst)
-
-}
-
-func (bs *blobs) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
-	reader, err := bs.Open(ctx, dgst)
-	if err != nil {
-		return nil, err
-	}
-	defer reader.Close()
-
-	return ioutil.ReadAll(reader)
-}
-
-func (bs *blobs) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
-	ref, err := reference.WithDigest(bs.name, dgst)
-	if err != nil {
-		return nil, err
-	}
-	blobURL, err := bs.ub.BuildBlobURL(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	return transport.NewHTTPReadSeeker(bs.client, blobURL,
-		func(resp *http.Response) error {
-			if resp.StatusCode == http.StatusNotFound {
-				return distribution.ErrBlobUnknown
-			}
-			return HandleErrorResponse(resp)
-		}), nil
-}
-
-func (bs *blobs) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
-	panic("not implemented")
-}
-
-func (bs *blobs) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
-	writer, err := bs.Create(ctx)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	dgstr := digest.Canonical.Digester()
-	n, err := io.Copy(writer, io.TeeReader(bytes.NewReader(p), dgstr.Hash()))
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	if n < int64(len(p)) {
-		return distribution.Descriptor{}, fmt.Errorf("short copy: wrote %d of %d", n, len(p))
-	}
-
-	desc := distribution.Descriptor{
-		MediaType: mediaType,
-		Size:      int64(len(p)),
-		Digest:    dgstr.Digest(),
-	}
-
-	return writer.Commit(ctx, desc)
-}
-
-type optionFunc func(interface{}) error
-
-func (f optionFunc) Apply(v interface{}) error {
-	return f(v)
-}
-
-// WithMountFrom returns a BlobCreateOption which designates that the blob should be
-// mounted from the given canonical reference.
-func WithMountFrom(ref reference.Canonical) distribution.BlobCreateOption {
-	return optionFunc(func(v interface{}) error {
-		opts, ok := v.(*distribution.CreateOptions)
-		if !ok {
-			return fmt.Errorf("unexpected options type: %T", v)
-		}
-
-		opts.Mount.ShouldMount = true
-		opts.Mount.From = ref
-
-		return nil
-	})
-}
-
-func (bs *blobs) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
-	var opts distribution.CreateOptions
-
-	for _, option := range options {
-		err := option.Apply(&opts)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	var values []url.Values
-
-	if opts.Mount.ShouldMount {
-		values = append(values, url.Values{"from": {opts.Mount.From.Name()}, "mount": {opts.Mount.From.Digest().String()}})
-	}
-
-	u, err := bs.ub.BuildBlobUploadURL(bs.name, values...)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest("POST", u, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := bs.client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	switch resp.StatusCode {
-	case http.StatusCreated:
-		desc, err := bs.statter.Stat(ctx, opts.Mount.From.Digest())
-		if err != nil {
-			return nil, err
-		}
-		return nil, distribution.ErrBlobMounted{From: opts.Mount.From, Descriptor: desc}
-	case http.StatusAccepted:
-		// TODO(dmcgowan): Check for invalid UUID
-		uuid := resp.Header.Get("Docker-Upload-UUID")
-		location, err := sanitizeLocation(resp.Header.Get("Location"), u)
-		if err != nil {
-			return nil, err
-		}
-
-		return &httpBlobUpload{
-			statter:   bs.statter,
-			client:    bs.client,
-			uuid:      uuid,
-			startedAt: time.Now(),
-			location:  location,
-		}, nil
-	default:
-		return nil, HandleErrorResponse(resp)
-	}
-}
-
-func (bs *blobs) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
-	panic("not implemented")
-}
-
-func (bs *blobs) Delete(ctx context.Context, dgst digest.Digest) error {
-	return bs.statter.Clear(ctx, dgst)
-}
-
-type blobStatter struct {
-	name   reference.Named
-	ub     *v2.URLBuilder
-	client *http.Client
-}
-
-func (bs *blobStatter) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	ref, err := reference.WithDigest(bs.name, dgst)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	u, err := bs.ub.BuildBlobURL(ref)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	resp, err := bs.client.Head(u)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	defer resp.Body.Close()
-
-	if SuccessStatus(resp.StatusCode) {
-		lengthHeader := resp.Header.Get("Content-Length")
-		if lengthHeader == "" {
-			return distribution.Descriptor{}, fmt.Errorf("missing content-length header for request: %s", u)
-		}
-
-		length, err := strconv.ParseInt(lengthHeader, 10, 64)
-		if err != nil {
-			return distribution.Descriptor{}, fmt.Errorf("error parsing content-length: %v", err)
-		}
-
-		return distribution.Descriptor{
-			MediaType: resp.Header.Get("Content-Type"),
-			Size:      length,
-			Digest:    dgst,
-		}, nil
-	} else if resp.StatusCode == http.StatusNotFound {
-		return distribution.Descriptor{}, distribution.ErrBlobUnknown
-	}
-	return distribution.Descriptor{}, HandleErrorResponse(resp)
-}
-
-func buildCatalogValues(maxEntries int, last string) url.Values {
-	values := url.Values{}
-
-	if maxEntries > 0 {
-		values.Add("n", strconv.Itoa(maxEntries))
-	}
-
-	if last != "" {
-		values.Add("last", last)
-	}
-
-	return values
-}
-
-func (bs *blobStatter) Clear(ctx context.Context, dgst digest.Digest) error {
-	ref, err := reference.WithDigest(bs.name, dgst)
-	if err != nil {
-		return err
-	}
-	blobURL, err := bs.ub.BuildBlobURL(ref)
-	if err != nil {
-		return err
-	}
-
-	req, err := http.NewRequest("DELETE", blobURL, nil)
-	if err != nil {
-		return err
-	}
-
-	resp, err := bs.client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if SuccessStatus(resp.StatusCode) {
-		return nil
-	}
-	return HandleErrorResponse(resp)
-}
-
-func (bs *blobStatter) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go b/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go
deleted file mode 100644
index 1d0b382fb..000000000
--- a/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go
+++ /dev/null
@@ -1,250 +0,0 @@
-package transport
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"regexp"
-	"strconv"
-)
-
-var (
-	contentRangeRegexp = regexp.MustCompile(`bytes ([0-9]+)-([0-9]+)/([0-9]+|\\*)`)
-
-	// ErrWrongCodeForByteRange is returned if the client sends a request
-	// with a Range header but the server returns a 2xx or 3xx code other
-	// than 206 Partial Content.
-	ErrWrongCodeForByteRange = errors.New("expected HTTP 206 from byte range request")
-)
-
-// ReadSeekCloser combines io.ReadSeeker with io.Closer.
-type ReadSeekCloser interface {
-	io.ReadSeeker
-	io.Closer
-}
-
-// NewHTTPReadSeeker handles reading from an HTTP endpoint using a GET
-// request. When seeking and starting a read from a non-zero offset
-// the a "Range" header will be added which sets the offset.
-// TODO(dmcgowan): Move this into a separate utility package
-func NewHTTPReadSeeker(client *http.Client, url string, errorHandler func(*http.Response) error) ReadSeekCloser {
-	return &httpReadSeeker{
-		client:       client,
-		url:          url,
-		errorHandler: errorHandler,
-	}
-}
-
-type httpReadSeeker struct {
-	client *http.Client
-	url    string
-
-	// errorHandler creates an error from an unsuccessful HTTP response.
-	// This allows the error to be created with the HTTP response body
-	// without leaking the body through a returned error.
-	errorHandler func(*http.Response) error
-
-	size int64
-
-	// rc is the remote read closer.
-	rc io.ReadCloser
-	// readerOffset tracks the offset as of the last read.
-	readerOffset int64
-	// seekOffset allows Seek to override the offset. Seek changes
-	// seekOffset instead of changing readOffset directly so that
-	// connection resets can be delayed and possibly avoided if the
-	// seek is undone (i.e. seeking to the end and then back to the
-	// beginning).
-	seekOffset int64
-	err        error
-}
-
-func (hrs *httpReadSeeker) Read(p []byte) (n int, err error) {
-	if hrs.err != nil {
-		return 0, hrs.err
-	}
-
-	// If we sought to a different position, we need to reset the
-	// connection. This logic is here instead of Seek so that if
-	// a seek is undone before the next read, the connection doesn't
-	// need to be closed and reopened. A common example of this is
-	// seeking to the end to determine the length, and then seeking
-	// back to the original position.
-	if hrs.readerOffset != hrs.seekOffset {
-		hrs.reset()
-	}
-
-	hrs.readerOffset = hrs.seekOffset
-
-	rd, err := hrs.reader()
-	if err != nil {
-		return 0, err
-	}
-
-	n, err = rd.Read(p)
-	hrs.seekOffset += int64(n)
-	hrs.readerOffset += int64(n)
-
-	return n, err
-}
-
-func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) {
-	if hrs.err != nil {
-		return 0, hrs.err
-	}
-
-	lastReaderOffset := hrs.readerOffset
-
-	if whence == io.SeekStart && hrs.rc == nil {
-		// If no request has been made yet, and we are seeking to an
-		// absolute position, set the read offset as well to avoid an
-		// unnecessary request.
-		hrs.readerOffset = offset
-	}
-
-	_, err := hrs.reader()
-	if err != nil {
-		hrs.readerOffset = lastReaderOffset
-		return 0, err
-	}
-
-	newOffset := hrs.seekOffset
-
-	switch whence {
-	case io.SeekCurrent:
-		newOffset += offset
-	case io.SeekEnd:
-		if hrs.size < 0 {
-			return 0, errors.New("content length not known")
-		}
-		newOffset = hrs.size + offset
-	case io.SeekStart:
-		newOffset = offset
-	}
-
-	if newOffset < 0 {
-		err = errors.New("cannot seek to negative position")
-	} else {
-		hrs.seekOffset = newOffset
-	}
-
-	return hrs.seekOffset, err
-}
-
-func (hrs *httpReadSeeker) Close() error {
-	if hrs.err != nil {
-		return hrs.err
-	}
-
-	// close and release reader chain
-	if hrs.rc != nil {
-		hrs.rc.Close()
-	}
-
-	hrs.rc = nil
-
-	hrs.err = errors.New("httpLayer: closed")
-
-	return nil
-}
-
-func (hrs *httpReadSeeker) reset() {
-	if hrs.err != nil {
-		return
-	}
-	if hrs.rc != nil {
-		hrs.rc.Close()
-		hrs.rc = nil
-	}
-}
-
-func (hrs *httpReadSeeker) reader() (io.Reader, error) {
-	if hrs.err != nil {
-		return nil, hrs.err
-	}
-
-	if hrs.rc != nil {
-		return hrs.rc, nil
-	}
-
-	req, err := http.NewRequest("GET", hrs.url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	if hrs.readerOffset > 0 {
-		// If we are at different offset, issue a range request from there.
-		req.Header.Add("Range", fmt.Sprintf("bytes=%d-", hrs.readerOffset))
-		// TODO: get context in here
-		// context.GetLogger(hrs.context).Infof("Range: %s", req.Header.Get("Range"))
-	}
-
-	req.Header.Add("Accept-Encoding", "identity")
-	resp, err := hrs.client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-
-	// Normally would use client.SuccessStatus, but that would be a cyclic
-	// import
-	if resp.StatusCode >= 200 && resp.StatusCode <= 399 {
-		if hrs.readerOffset > 0 {
-			if resp.StatusCode != http.StatusPartialContent {
-				return nil, ErrWrongCodeForByteRange
-			}
-
-			contentRange := resp.Header.Get("Content-Range")
-			if contentRange == "" {
-				return nil, errors.New("no Content-Range header found in HTTP 206 response")
-			}
-
-			submatches := contentRangeRegexp.FindStringSubmatch(contentRange)
-			if len(submatches) < 4 {
-				return nil, fmt.Errorf("could not parse Content-Range header: %s", contentRange)
-			}
-
-			startByte, err := strconv.ParseUint(submatches[1], 10, 64)
-			if err != nil {
-				return nil, fmt.Errorf("could not parse start of range in Content-Range header: %s", contentRange)
-			}
-
-			if startByte != uint64(hrs.readerOffset) {
-				return nil, fmt.Errorf("received Content-Range starting at offset %d instead of requested %d", startByte, hrs.readerOffset)
-			}
-
-			endByte, err := strconv.ParseUint(submatches[2], 10, 64)
-			if err != nil {
-				return nil, fmt.Errorf("could not parse end of range in Content-Range header: %s", contentRange)
-			}
-
-			if submatches[3] == "*" {
-				hrs.size = -1
-			} else {
-				size, err := strconv.ParseUint(submatches[3], 10, 64)
-				if err != nil {
-					return nil, fmt.Errorf("could not parse total size in Content-Range header: %s", contentRange)
-				}
-
-				if endByte+1 != size {
-					return nil, fmt.Errorf("range in Content-Range stops before the end of the content: %s", contentRange)
-				}
-
-				hrs.size = int64(size)
-			}
-		} else if resp.StatusCode == http.StatusOK {
-			hrs.size = resp.ContentLength
-		} else {
-			hrs.size = -1
-		}
-		hrs.rc = resp.Body
-	} else {
-		defer resp.Body.Close()
-		if hrs.errorHandler != nil {
-			return nil, hrs.errorHandler(resp)
-		}
-		return nil, fmt.Errorf("unexpected status resolving reader: %v", resp.Status)
-	}
-
-	return hrs.rc, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/client/transport/transport.go b/vendor/github.com/docker/distribution/registry/client/transport/transport.go
deleted file mode 100644
index 30e45fab0..000000000
--- a/vendor/github.com/docker/distribution/registry/client/transport/transport.go
+++ /dev/null
@@ -1,147 +0,0 @@
-package transport
-
-import (
-	"io"
-	"net/http"
-	"sync"
-)
-
-// RequestModifier represents an object which will do an inplace
-// modification of an HTTP request.
-type RequestModifier interface {
-	ModifyRequest(*http.Request) error
-}
-
-type headerModifier http.Header
-
-// NewHeaderRequestModifier returns a new RequestModifier which will
-// add the given headers to a request.
-func NewHeaderRequestModifier(header http.Header) RequestModifier {
-	return headerModifier(header)
-}
-
-func (h headerModifier) ModifyRequest(req *http.Request) error {
-	for k, s := range http.Header(h) {
-		req.Header[k] = append(req.Header[k], s...)
-	}
-
-	return nil
-}
-
-// NewTransport creates a new transport which will apply modifiers to
-// the request on a RoundTrip call.
-func NewTransport(base http.RoundTripper, modifiers ...RequestModifier) http.RoundTripper {
-	return &transport{
-		Modifiers: modifiers,
-		Base:      base,
-	}
-}
-
-// transport is an http.RoundTripper that makes HTTP requests after
-// copying and modifying the request
-type transport struct {
-	Modifiers []RequestModifier
-	Base      http.RoundTripper
-
-	mu     sync.Mutex                      // guards modReq
-	modReq map[*http.Request]*http.Request // original -> modified
-}
-
-// RoundTrip authorizes and authenticates the request with an
-// access token. If no token exists or token is expired,
-// tries to refresh/fetch a new token.
-func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
-	req2 := cloneRequest(req)
-	for _, modifier := range t.Modifiers {
-		if err := modifier.ModifyRequest(req2); err != nil {
-			return nil, err
-		}
-	}
-
-	t.setModReq(req, req2)
-	res, err := t.base().RoundTrip(req2)
-	if err != nil {
-		t.setModReq(req, nil)
-		return nil, err
-	}
-	res.Body = &onEOFReader{
-		rc: res.Body,
-		fn: func() { t.setModReq(req, nil) },
-	}
-	return res, nil
-}
-
-// CancelRequest cancels an in-flight request by closing its connection.
-func (t *transport) CancelRequest(req *http.Request) {
-	type canceler interface {
-		CancelRequest(*http.Request)
-	}
-	if cr, ok := t.base().(canceler); ok {
-		t.mu.Lock()
-		modReq := t.modReq[req]
-		delete(t.modReq, req)
-		t.mu.Unlock()
-		cr.CancelRequest(modReq)
-	}
-}
-
-func (t *transport) base() http.RoundTripper {
-	if t.Base != nil {
-		return t.Base
-	}
-	return http.DefaultTransport
-}
-
-func (t *transport) setModReq(orig, mod *http.Request) {
-	t.mu.Lock()
-	defer t.mu.Unlock()
-	if t.modReq == nil {
-		t.modReq = make(map[*http.Request]*http.Request)
-	}
-	if mod == nil {
-		delete(t.modReq, orig)
-	} else {
-		t.modReq[orig] = mod
-	}
-}
-
-// cloneRequest returns a clone of the provided *http.Request.
-// The clone is a shallow copy of the struct and its Header map.
-func cloneRequest(r *http.Request) *http.Request {
-	// shallow copy of the struct
-	r2 := new(http.Request)
-	*r2 = *r
-	// deep copy of the Header
-	r2.Header = make(http.Header, len(r.Header))
-	for k, s := range r.Header {
-		r2.Header[k] = append([]string(nil), s...)
-	}
-
-	return r2
-}
-
-type onEOFReader struct {
-	rc io.ReadCloser
-	fn func()
-}
-
-func (r *onEOFReader) Read(p []byte) (n int, err error) {
-	n, err = r.rc.Read(p)
-	if err == io.EOF {
-		r.runFunc()
-	}
-	return
-}
-
-func (r *onEOFReader) Close() error {
-	err := r.rc.Close()
-	r.runFunc()
-	return err
-}
-
-func (r *onEOFReader) runFunc() {
-	if fn := r.fn; fn != nil {
-		fn()
-		r.fn = nil
-	}
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/cache.go b/vendor/github.com/docker/distribution/registry/storage/cache/cache.go
deleted file mode 100644
index 10a390919..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/cache/cache.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Package cache provides facilities to speed up access to the storage
-// backend.
-package cache
-
-import (
-	"fmt"
-
-	"github.com/docker/distribution"
-)
-
-// BlobDescriptorCacheProvider provides repository scoped
-// BlobDescriptorService cache instances and a global descriptor cache.
-type BlobDescriptorCacheProvider interface {
-	distribution.BlobDescriptorService
-
-	RepositoryScoped(repo string) (distribution.BlobDescriptorService, error)
-}
-
-// ValidateDescriptor provides a helper function to ensure that caches have
-// common criteria for admitting descriptors.
-func ValidateDescriptor(desc distribution.Descriptor) error {
-	if err := desc.Digest.Validate(); err != nil {
-		return err
-	}
-
-	if desc.Size < 0 {
-		return fmt.Errorf("cache: invalid length in descriptor: %v < 0", desc.Size)
-	}
-
-	if desc.MediaType == "" {
-		return fmt.Errorf("cache: empty mediatype on descriptor: %v", desc)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/cachedblobdescriptorstore.go b/vendor/github.com/docker/distribution/registry/storage/cache/cachedblobdescriptorstore.go
deleted file mode 100644
index ac4c45211..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/cache/cachedblobdescriptorstore.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package cache
-
-import (
-	"context"
-
-	"github.com/docker/distribution"
-	prometheus "github.com/docker/distribution/metrics"
-	"github.com/opencontainers/go-digest"
-)
-
-// Metrics is used to hold metric counters
-// related to the number of times a cache was
-// hit or missed.
-type Metrics struct {
-	Requests uint64
-	Hits     uint64
-	Misses   uint64
-}
-
-// Logger can be provided on the MetricsTracker to log errors.
-//
-// Usually, this is just a proxy to dcontext.GetLogger.
-type Logger interface {
-	Errorf(format string, args ...interface{})
-}
-
-// MetricsTracker represents a metric tracker
-// which simply counts the number of hits and misses.
-type MetricsTracker interface {
-	Hit()
-	Miss()
-	Metrics() Metrics
-	Logger(context.Context) Logger
-}
-
-type cachedBlobStatter struct {
-	cache   distribution.BlobDescriptorService
-	backend distribution.BlobDescriptorService
-	tracker MetricsTracker
-}
-
-var (
-	// cacheCount is the number of total cache request received/hits/misses
-	cacheCount = prometheus.StorageNamespace.NewLabeledCounter("cache", "The number of cache request received", "type")
-)
-
-// NewCachedBlobStatter creates a new statter which prefers a cache and
-// falls back to a backend.
-func NewCachedBlobStatter(cache distribution.BlobDescriptorService, backend distribution.BlobDescriptorService) distribution.BlobDescriptorService {
-	return &cachedBlobStatter{
-		cache:   cache,
-		backend: backend,
-	}
-}
-
-// NewCachedBlobStatterWithMetrics creates a new statter which prefers a cache and
-// falls back to a backend. Hits and misses will send to the tracker.
-func NewCachedBlobStatterWithMetrics(cache distribution.BlobDescriptorService, backend distribution.BlobDescriptorService, tracker MetricsTracker) distribution.BlobStatter {
-	return &cachedBlobStatter{
-		cache:   cache,
-		backend: backend,
-		tracker: tracker,
-	}
-}
-
-func (cbds *cachedBlobStatter) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	cacheCount.WithValues("Request").Inc(1)
-	desc, err := cbds.cache.Stat(ctx, dgst)
-	if err != nil {
-		if err != distribution.ErrBlobUnknown {
-			logErrorf(ctx, cbds.tracker, "error retrieving descriptor from cache: %v", err)
-		}
-
-		goto fallback
-	}
-	cacheCount.WithValues("Hit").Inc(1)
-	if cbds.tracker != nil {
-		cbds.tracker.Hit()
-	}
-	return desc, nil
-fallback:
-	cacheCount.WithValues("Miss").Inc(1)
-	if cbds.tracker != nil {
-		cbds.tracker.Miss()
-	}
-	desc, err = cbds.backend.Stat(ctx, dgst)
-	if err != nil {
-		return desc, err
-	}
-
-	if err := cbds.cache.SetDescriptor(ctx, dgst, desc); err != nil {
-		logErrorf(ctx, cbds.tracker, "error adding descriptor %v to cache: %v", desc.Digest, err)
-	}
-
-	return desc, err
-
-}
-
-func (cbds *cachedBlobStatter) Clear(ctx context.Context, dgst digest.Digest) error {
-	err := cbds.cache.Clear(ctx, dgst)
-	if err != nil {
-		return err
-	}
-
-	err = cbds.backend.Clear(ctx, dgst)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (cbds *cachedBlobStatter) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	if err := cbds.cache.SetDescriptor(ctx, dgst, desc); err != nil {
-		logErrorf(ctx, cbds.tracker, "error adding descriptor %v to cache: %v", desc.Digest, err)
-	}
-	return nil
-}
-
-func logErrorf(ctx context.Context, tracker MetricsTracker, format string, args ...interface{}) {
-	if tracker == nil {
-		return
-	}
-
-	logger := tracker.Logger(ctx)
-	if logger == nil {
-		return
-	}
-	logger.Errorf(format, args...)
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go b/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
deleted file mode 100644
index 42d94d9bd..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
+++ /dev/null
@@ -1,179 +0,0 @@
-package memory
-
-import (
-	"context"
-	"sync"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/storage/cache"
-	"github.com/opencontainers/go-digest"
-)
-
-type inMemoryBlobDescriptorCacheProvider struct {
-	global       *mapBlobDescriptorCache
-	repositories map[string]*mapBlobDescriptorCache
-	mu           sync.RWMutex
-}
-
-// NewInMemoryBlobDescriptorCacheProvider returns a new mapped-based cache for
-// storing blob descriptor data.
-func NewInMemoryBlobDescriptorCacheProvider() cache.BlobDescriptorCacheProvider {
-	return &inMemoryBlobDescriptorCacheProvider{
-		global:       newMapBlobDescriptorCache(),
-		repositories: make(map[string]*mapBlobDescriptorCache),
-	}
-}
-
-func (imbdcp *inMemoryBlobDescriptorCacheProvider) RepositoryScoped(repo string) (distribution.BlobDescriptorService, error) {
-	if _, err := reference.ParseNormalizedNamed(repo); err != nil {
-		return nil, err
-	}
-
-	imbdcp.mu.RLock()
-	defer imbdcp.mu.RUnlock()
-
-	return &repositoryScopedInMemoryBlobDescriptorCache{
-		repo:       repo,
-		parent:     imbdcp,
-		repository: imbdcp.repositories[repo],
-	}, nil
-}
-
-func (imbdcp *inMemoryBlobDescriptorCacheProvider) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	return imbdcp.global.Stat(ctx, dgst)
-}
-
-func (imbdcp *inMemoryBlobDescriptorCacheProvider) Clear(ctx context.Context, dgst digest.Digest) error {
-	return imbdcp.global.Clear(ctx, dgst)
-}
-
-func (imbdcp *inMemoryBlobDescriptorCacheProvider) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	_, err := imbdcp.Stat(ctx, dgst)
-	if err == distribution.ErrBlobUnknown {
-
-		if dgst.Algorithm() != desc.Digest.Algorithm() && dgst != desc.Digest {
-			// if the digests differ, set the other canonical mapping
-			if err := imbdcp.global.SetDescriptor(ctx, desc.Digest, desc); err != nil {
-				return err
-			}
-		}
-
-		// unknown, just set it
-		return imbdcp.global.SetDescriptor(ctx, dgst, desc)
-	}
-
-	// we already know it, do nothing
-	return err
-}
-
-// repositoryScopedInMemoryBlobDescriptorCache provides the request scoped
-// repository cache. Instances are not thread-safe but the delegated
-// operations are.
-type repositoryScopedInMemoryBlobDescriptorCache struct {
-	repo       string
-	parent     *inMemoryBlobDescriptorCacheProvider // allows lazy allocation of repo's map
-	repository *mapBlobDescriptorCache
-}
-
-func (rsimbdcp *repositoryScopedInMemoryBlobDescriptorCache) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	rsimbdcp.parent.mu.Lock()
-	repo := rsimbdcp.repository
-	rsimbdcp.parent.mu.Unlock()
-
-	if repo == nil {
-		return distribution.Descriptor{}, distribution.ErrBlobUnknown
-	}
-
-	return repo.Stat(ctx, dgst)
-}
-
-func (rsimbdcp *repositoryScopedInMemoryBlobDescriptorCache) Clear(ctx context.Context, dgst digest.Digest) error {
-	rsimbdcp.parent.mu.Lock()
-	repo := rsimbdcp.repository
-	rsimbdcp.parent.mu.Unlock()
-
-	if repo == nil {
-		return distribution.ErrBlobUnknown
-	}
-
-	return repo.Clear(ctx, dgst)
-}
-
-func (rsimbdcp *repositoryScopedInMemoryBlobDescriptorCache) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	rsimbdcp.parent.mu.Lock()
-	repo := rsimbdcp.repository
-	if repo == nil {
-		// allocate map since we are setting it now.
-		var ok bool
-		// have to read back value since we may have allocated elsewhere.
-		repo, ok = rsimbdcp.parent.repositories[rsimbdcp.repo]
-		if !ok {
-			repo = newMapBlobDescriptorCache()
-			rsimbdcp.parent.repositories[rsimbdcp.repo] = repo
-		}
-		rsimbdcp.repository = repo
-	}
-	rsimbdcp.parent.mu.Unlock()
-
-	if err := repo.SetDescriptor(ctx, dgst, desc); err != nil {
-		return err
-	}
-
-	return rsimbdcp.parent.SetDescriptor(ctx, dgst, desc)
-}
-
-// mapBlobDescriptorCache provides a simple map-based implementation of the
-// descriptor cache.
-type mapBlobDescriptorCache struct {
-	descriptors map[digest.Digest]distribution.Descriptor
-	mu          sync.RWMutex
-}
-
-var _ distribution.BlobDescriptorService = &mapBlobDescriptorCache{}
-
-func newMapBlobDescriptorCache() *mapBlobDescriptorCache {
-	return &mapBlobDescriptorCache{
-		descriptors: make(map[digest.Digest]distribution.Descriptor),
-	}
-}
-
-func (mbdc *mapBlobDescriptorCache) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	if err := dgst.Validate(); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	mbdc.mu.RLock()
-	defer mbdc.mu.RUnlock()
-
-	desc, ok := mbdc.descriptors[dgst]
-	if !ok {
-		return distribution.Descriptor{}, distribution.ErrBlobUnknown
-	}
-
-	return desc, nil
-}
-
-func (mbdc *mapBlobDescriptorCache) Clear(ctx context.Context, dgst digest.Digest) error {
-	mbdc.mu.Lock()
-	defer mbdc.mu.Unlock()
-
-	delete(mbdc.descriptors, dgst)
-	return nil
-}
-
-func (mbdc *mapBlobDescriptorCache) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	if err := dgst.Validate(); err != nil {
-		return err
-	}
-
-	if err := cache.ValidateDescriptor(desc); err != nil {
-		return err
-	}
-
-	mbdc.mu.Lock()
-	defer mbdc.mu.Unlock()
-
-	mbdc.descriptors[dgst] = desc
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/tags.go b/vendor/github.com/docker/distribution/tags.go
deleted file mode 100644
index f22df2b85..000000000
--- a/vendor/github.com/docker/distribution/tags.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package distribution
-
-import (
-	"context"
-)
-
-// TagService provides access to information about tagged objects.
-type TagService interface {
-	// Get retrieves the descriptor identified by the tag. Some
-	// implementations may differentiate between "trusted" tags and
-	// "untrusted" tags. If a tag is "untrusted", the mapping will be returned
-	// as an ErrTagUntrusted error, with the target descriptor.
-	Get(ctx context.Context, tag string) (Descriptor, error)
-
-	// Tag associates the tag with the provided descriptor, updating the
-	// current association, if needed.
-	Tag(ctx context.Context, tag string, desc Descriptor) error
-
-	// Untag removes the given tag association
-	Untag(ctx context.Context, tag string) error
-
-	// All returns the set of tags managed by this tag service
-	All(ctx context.Context) ([]string, error)
-
-	// Lookup returns the set of tags referencing the given digest.
-	Lookup(ctx context.Context, digest Descriptor) ([]string, error)
-}
diff --git a/vendor/github.com/docker/distribution/vendor.conf b/vendor/github.com/docker/distribution/vendor.conf
deleted file mode 100644
index bd1b4bff6..000000000
--- a/vendor/github.com/docker/distribution/vendor.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-github.com/Azure/azure-sdk-for-go 4650843026a7fdec254a8d9cf893693a254edd0b
-github.com/Azure/go-autorest eaa7994b2278094c904d31993d26f56324db3052
-github.com/sirupsen/logrus 3d4380f53a34dcdc95f0c1db702615992b38d9a4
-github.com/aws/aws-sdk-go f831d5a0822a1ad72420ab18c6269bca1ddaf490
-github.com/bshuster-repo/logrus-logstash-hook d2c0ecc1836d91814e15e23bb5dc309c3ef51f4a
-github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
-github.com/bugsnag/bugsnag-go b1d153021fcd90ca3f080db36bec96dc690fb274
-github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
-github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
-github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2
-github.com/dgrijalva/jwt-go 4bbdd8ac624fc7a9ef7aec841c43d99b5fe65a29 https://github.com/golang-jwt/jwt.git # v3.2.2
-github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab
-github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21
-github.com/garyburd/redigo 535138d7bcd717d6531c701ef5933d98b1866257
-github.com/go-ini/ini 2ba15ac2dc9cdf88c110ec2dc0ced7fa45f5678c
-github.com/golang/protobuf 8d92cf5fc15a4382f8964b08e1f42a75c0591aa3
-github.com/gorilla/handlers 60c7bfde3e33c201519a200a4507a158cc03a17b
-github.com/gorilla/mux 599cba5e7b6137d46ddf58fb1765f5d928e69604
-github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
-github.com/jmespath/go-jmespath bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d
-github.com/marstr/guid 8bd9a64bf37eb297b492a4101fb28e80ac0b290f
-github.com/satori/go.uuid f58768cc1a7a7e77a3bd49e98cdd21419399b6a3
-github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c
-github.com/miekg/dns 271c58e0c14f552178ea321a545ff9af38930f39
-github.com/mitchellh/mapstructure 482a9fd5fa83e8c4e7817413b80f3eb8feec03ef
-github.com/ncw/swift a0320860b16212c2b59b4912bb6508cda1d7cee6
-github.com/prometheus/client_golang c332b6f63c0658a65eca15c0e5247ded801cf564
-github.com/prometheus/client_model 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c
-github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563
-github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd
-github.com/Shopify/logrus-bugsnag 577dee27f20dd8f1a529f82210094af593be12bd
-github.com/spf13/cobra 312092086bed4968099259622145a0c9ae280064
-github.com/spf13/pflag 5644820622454e71517561946e3d94b9f9db6842
-github.com/xenolf/lego a9d8cec0e6563575e5868a005359ac97911b5985
-github.com/yvasiyarov/go-metrics 57bccd1ccd43f94bb17fdd8bf3007059b802f85e
-github.com/yvasiyarov/gorelic a9bba5b9ab508a086f9a12b8c51fab68478e2128
-github.com/yvasiyarov/newrelic_platform_go b21fdbd4370f3717f3bbd2bf41c223bc273068e6
-golang.org/x/crypto c10c31b5e94b6f7a0283272dc2bb27163dcea24b
-golang.org/x/net 4876518f9e71663000c348837735820161a42df7
-golang.org/x/oauth2 045497edb6234273d67dbc25da3f2ddbc4c4cacf
-golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb
-google.golang.org/api 9bf6e6e569ff057f75d9604a46c52928f17d2b54
-google.golang.org/appengine 12d5545dc1cfa6047a286d5e853841b6471f4c19
-google.golang.org/cloud 975617b05ea8a58727e6c1a06b6161ff4185a9f2
-google.golang.org/grpc d3ddb4469d5a1b949fc7a7da7c1d6a0d1b6de994
-gopkg.in/check.v1 64131543e7896d5bcc6bd5a76287eb75ea96c673
-gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b
-gopkg.in/yaml.v2 v2.2.1
-rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git
-github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
-github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml
index 0bbe74700..0756ff1bb 100644
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@@ -1891,23 +1891,52 @@ definitions:
 
   BuildCache:
     type: "object"
+    description: |
+      BuildCache contains information about a build cache record.
     properties:
       ID:
         type: "string"
+        description: |
+          Unique ID of the build cache record.
+        example: "ndlpt0hhvkqcdfkputsk4cq9c"
       Parent:
+        description: |
+          ID of the parent build cache record.
         type: "string"
+        example: "hw53o5aio51xtltp5xjp8v7fx"
       Type:
         type: "string"
+        description: |
+          Cache record type.
+        example: "regular"
+        # see https://github.com/moby/buildkit/blob/fce4a32258dc9d9664f71a4831d5de10f0670677/client/diskusage.go#L75-L84
+        enum:
+          - "internal"
+          - "frontend"
+          - "source.local"
+          - "source.git.checkout"
+          - "exec.cachemount"
+          - "regular"
       Description:
         type: "string"
+        description: |
+          Description of the build-step that produced the build cache.
+        example: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
       InUse:
         type: "boolean"
+        description: |
+          Indicates if the build cache is in use.
+        example: false
       Shared:
         type: "boolean"
+        description: |
+          Indicates if the build cache is shared.
+        example: true
       Size:
         description: |
           Amount of disk space used by the build cache (in bytes).
         type: "integer"
+        example: 51
       CreatedAt:
         description: |
           Date and time at which the build cache was created in
@@ -1925,6 +1954,7 @@ definitions:
         example: "2017-08-09T07:09:37.632105588Z"
       UsageCount:
         type: "integer"
+        example: 26
 
   ImageID:
     type: "object"
@@ -5415,6 +5445,28 @@ paths:
             `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
           type: "string"
           pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
+        - name: "platform"
+          in: "query"
+          description: |
+            Platform in the format `os[/arch[/variant]]` used for image lookup.
+
+            When specified, the daemon checks if the requested image is present
+            in the local image cache with the given OS and Architecture, and
+            otherwise returns a `404` status.
+
+            If the option is not set, the host's native OS and Architecture are
+            used to look up the image in the image cache. However, if no platform
+            is passed and the given image does exist in the local image cache,
+            but its OS or architecture does not match, the container is created
+            with the available image, and a warning is added to the `Warnings`
+            field in the response, for example;
+
+                WARNING: The requested image's platform (linux/arm64/v8) does not
+                         match the detected host platform (linux/amd64) and no
+                         specific platform was requested
+
+          type: "string"
+          default: ""
         - name: "body"
           in: "body"
           description: "Container to create"
diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go
index 21edf1fa1..9b2b2eaeb 100644
--- a/vendor/github.com/docker/docker/client/client.go
+++ b/vendor/github.com/docker/docker/client/client.go
@@ -135,9 +135,6 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 		}
 	}
 
-	if _, ok := c.client.Transport.(http.RoundTripper); !ok {
-		return nil, fmt.Errorf("unable to verify TLS configuration, invalid transport %v", c.client.Transport)
-	}
 	if c.scheme == "" {
 		c.scheme = "http"
 
diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go
index 813eac2c9..7f54b1dd8 100644
--- a/vendor/github.com/docker/docker/client/request.go
+++ b/vendor/github.com/docker/docker/client/request.go
@@ -150,10 +150,8 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp
 			if err.Timeout() {
 				return serverResp, ErrorConnectionFailed(cli.host)
 			}
-			if !err.Temporary() {
-				if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "dial unix") {
-					return serverResp, ErrorConnectionFailed(cli.host)
-				}
+			if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "dial unix") {
+				return serverResp, ErrorConnectionFailed(cli.host)
 			}
 		}
 
@@ -242,10 +240,8 @@ func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request
 		req.Header.Set(k, v)
 	}
 
-	if headers != nil {
-		for k, v := range headers {
-			req.Header[k] = v
-		}
+	for k, v := range headers {
+		req.Header[k] = v
 	}
 	return req
 }
diff --git a/vendor/github.com/docker/docker/opts/address_pools.go b/vendor/github.com/docker/docker/opts/address_pools.go
deleted file mode 100644
index fa15c24b9..000000000
--- a/vendor/github.com/docker/docker/opts/address_pools.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package opts
-
-import (
-	"encoding/csv"
-	"encoding/json"
-	"fmt"
-	"strconv"
-	"strings"
-
-	types "github.com/docker/libnetwork/ipamutils"
-)
-
-// PoolsOpt is a Value type for parsing the default address pools definitions
-type PoolsOpt struct {
-	Values []*types.NetworkToSplit
-}
-
-// UnmarshalJSON fills values structure  info from JSON input
-func (p *PoolsOpt) UnmarshalJSON(raw []byte) error {
-	return json.Unmarshal(raw, &(p.Values))
-}
-
-// Set predefined pools
-func (p *PoolsOpt) Set(value string) error {
-	csvReader := csv.NewReader(strings.NewReader(value))
-	fields, err := csvReader.Read()
-	if err != nil {
-		return err
-	}
-
-	poolsDef := types.NetworkToSplit{}
-
-	for _, field := range fields {
-		parts := strings.SplitN(field, "=", 2)
-		if len(parts) != 2 {
-			return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
-		}
-
-		key := strings.ToLower(parts[0])
-		value := strings.ToLower(parts[1])
-
-		switch key {
-		case "base":
-			poolsDef.Base = value
-		case "size":
-			size, err := strconv.Atoi(value)
-			if err != nil {
-				return fmt.Errorf("invalid size value: %q (must be integer): %v", value, err)
-			}
-			poolsDef.Size = size
-		default:
-			return fmt.Errorf("unexpected key '%s' in '%s'", key, field)
-		}
-	}
-
-	p.Values = append(p.Values, &poolsDef)
-
-	return nil
-}
-
-// Type returns the type of this option
-func (p *PoolsOpt) Type() string {
-	return "pool-options"
-}
-
-// String returns a string repr of this option
-func (p *PoolsOpt) String() string {
-	var pools []string
-	for _, pool := range p.Values {
-		repr := fmt.Sprintf("%s %d", pool.Base, pool.Size)
-		pools = append(pools, repr)
-	}
-	return strings.Join(pools, ", ")
-}
-
-// Value returns the mounts
-func (p *PoolsOpt) Value() []*types.NetworkToSplit {
-	return p.Values
-}
-
-// Name returns the flag name of this option
-func (p *PoolsOpt) Name() string {
-	return "default-address-pools"
-}
diff --git a/vendor/github.com/docker/docker/opts/env.go b/vendor/github.com/docker/docker/opts/env.go
deleted file mode 100644
index 97e1a8c8a..000000000
--- a/vendor/github.com/docker/docker/opts/env.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-import (
-	"os"
-	"strings"
-
-	"github.com/pkg/errors"
-)
-
-// ValidateEnv validates an environment variable and returns it.
-// If no value is specified, it obtains its value from the current environment
-//
-// As on ParseEnvFile and related to #16585, environment variable names
-// are not validate whatsoever, it's up to application inside docker
-// to validate them or not.
-//
-// The only validation here is to check if name is empty, per #25099
-func ValidateEnv(val string) (string, error) {
-	arr := strings.SplitN(val, "=", 2)
-	if arr[0] == "" {
-		return "", errors.New("invalid environment variable: " + val)
-	}
-	if len(arr) > 1 {
-		return val, nil
-	}
-	if envVal, ok := os.LookupEnv(arr[0]); ok {
-		return arr[0] + "=" + envVal, nil
-	}
-	return val, nil
-}
diff --git a/vendor/github.com/docker/docker/opts/hosts.go b/vendor/github.com/docker/docker/opts/hosts.go
deleted file mode 100644
index a3123adef..000000000
--- a/vendor/github.com/docker/docker/opts/hosts.go
+++ /dev/null
@@ -1,183 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-import (
-	"fmt"
-	"net"
-	"net/url"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/docker/docker/pkg/homedir"
-)
-
-const (
-	// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. dockerd -H tcp://
-	// These are the IANA registered port numbers for use with Docker
-	// see http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker
-	DefaultHTTPPort = 2375 // Default HTTP Port
-	// DefaultTLSHTTPPort Default HTTP Port used when TLS enabled
-	DefaultTLSHTTPPort = 2376 // Default TLS encrypted HTTP Port
-	// DefaultUnixSocket Path for the unix socket.
-	// Docker daemon by default always listens on the default unix socket
-	DefaultUnixSocket = "/var/run/docker.sock"
-	// DefaultTCPHost constant defines the default host string used by docker on Windows
-	DefaultTCPHost = "tcp://" + DefaultHTTPHost + ":2375"
-	// DefaultTLSHost constant defines the default host string used by docker for TLS sockets
-	DefaultTLSHost = "tcp://" + DefaultHTTPHost + ":2376"
-	// DefaultNamedPipe defines the default named pipe used by docker on Windows
-	DefaultNamedPipe = `//./pipe/docker_engine`
-	// HostGatewayName is the string value that can be passed
-	// to the IPAddr section in --add-host that is replaced by
-	// the value of HostGatewayIP daemon config value
-	HostGatewayName = "host-gateway"
-)
-
-// ValidateHost validates that the specified string is a valid host and returns it.
-func ValidateHost(val string) (string, error) {
-	host := strings.TrimSpace(val)
-	// The empty string means default and is not handled by parseDaemonHost
-	if host != "" {
-		_, err := parseDaemonHost(host)
-		if err != nil {
-			return val, err
-		}
-	}
-	// Note: unlike most flag validators, we don't return the mutated value here
-	//       we need to know what the user entered later (using ParseHost) to adjust for TLS
-	return val, nil
-}
-
-// ParseHost and set defaults for a Daemon host string.
-// defaultToTLS is preferred over defaultToUnixXDG.
-func ParseHost(defaultToTLS, defaultToUnixXDG bool, val string) (string, error) {
-	host := strings.TrimSpace(val)
-	if host == "" {
-		if defaultToTLS {
-			host = DefaultTLSHost
-		} else if defaultToUnixXDG {
-			runtimeDir, err := homedir.GetRuntimeDir()
-			if err != nil {
-				return "", err
-			}
-			socket := filepath.Join(runtimeDir, "docker.sock")
-			host = "unix://" + socket
-		} else {
-			host = DefaultHost
-		}
-	} else {
-		var err error
-		host, err = parseDaemonHost(host)
-		if err != nil {
-			return val, err
-		}
-	}
-	return host, nil
-}
-
-// parseDaemonHost parses the specified address and returns an address that will be used as the host.
-// Depending of the address specified, this may return one of the global Default* strings defined in hosts.go.
-func parseDaemonHost(addr string) (string, error) {
-	addrParts := strings.SplitN(addr, "://", 2)
-	if len(addrParts) == 1 && addrParts[0] != "" {
-		addrParts = []string{"tcp", addrParts[0]}
-	}
-
-	switch addrParts[0] {
-	case "tcp":
-		return ParseTCPAddr(addrParts[1], DefaultTCPHost)
-	case "unix":
-		return parseSimpleProtoAddr("unix", addrParts[1], DefaultUnixSocket)
-	case "npipe":
-		return parseSimpleProtoAddr("npipe", addrParts[1], DefaultNamedPipe)
-	case "fd":
-		return addr, nil
-	default:
-		return "", fmt.Errorf("Invalid bind address format: %s", addr)
-	}
-}
-
-// parseSimpleProtoAddr parses and validates that the specified address is a valid
-// socket address for simple protocols like unix and npipe. It returns a formatted
-// socket address, either using the address parsed from addr, or the contents of
-// defaultAddr if addr is a blank string.
-func parseSimpleProtoAddr(proto, addr, defaultAddr string) (string, error) {
-	addr = strings.TrimPrefix(addr, proto+"://")
-	if strings.Contains(addr, "://") {
-		return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
-	}
-	if addr == "" {
-		addr = defaultAddr
-	}
-	return fmt.Sprintf("%s://%s", proto, addr), nil
-}
-
-// ParseTCPAddr parses and validates that the specified address is a valid TCP
-// address. It returns a formatted TCP address, either using the address parsed
-// from tryAddr, or the contents of defaultAddr if tryAddr is a blank string.
-// tryAddr is expected to have already been Trim()'d
-// defaultAddr must be in the full `tcp://host:port` form
-func ParseTCPAddr(tryAddr string, defaultAddr string) (string, error) {
-	if tryAddr == "" || tryAddr == "tcp://" {
-		return defaultAddr, nil
-	}
-	addr := strings.TrimPrefix(tryAddr, "tcp://")
-	if strings.Contains(addr, "://") || addr == "" {
-		return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
-	}
-
-	defaultAddr = strings.TrimPrefix(defaultAddr, "tcp://")
-	defaultHost, defaultPort, err := net.SplitHostPort(defaultAddr)
-	if err != nil {
-		return "", err
-	}
-	// url.Parse fails for trailing colon on IPv6 brackets on Go 1.5, but
-	// not 1.4. See https://github.com/golang/go/issues/12200 and
-	// https://github.com/golang/go/issues/6530.
-	if strings.HasSuffix(addr, "]:") {
-		addr += defaultPort
-	}
-
-	u, err := url.Parse("tcp://" + addr)
-	if err != nil {
-		return "", err
-	}
-	host, port, err := net.SplitHostPort(u.Host)
-	if err != nil {
-		// try port addition once
-		host, port, err = net.SplitHostPort(net.JoinHostPort(u.Host, defaultPort))
-	}
-	if err != nil {
-		return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
-	}
-
-	if host == "" {
-		host = defaultHost
-	}
-	if port == "" {
-		port = defaultPort
-	}
-	p, err := strconv.Atoi(port)
-	if err != nil && p == 0 {
-		return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
-	}
-
-	return fmt.Sprintf("tcp://%s%s", net.JoinHostPort(host, port), u.Path), nil
-}
-
-// ValidateExtraHost validates that the specified string is a valid extrahost and returns it.
-// ExtraHost is in the form of name:ip where the ip has to be a valid ip (IPv4 or IPv6).
-func ValidateExtraHost(val string) (string, error) {
-	// allow for IPv6 addresses in extra hosts by only splitting on first ":"
-	arr := strings.SplitN(val, ":", 2)
-	if len(arr) != 2 || len(arr[0]) == 0 {
-		return "", fmt.Errorf("bad format for add-host: %q", val)
-	}
-	// Skip IPaddr validation for special "host-gateway" string
-	if arr[1] != HostGatewayName {
-		if _, err := ValidateIPAddress(arr[1]); err != nil {
-			return "", fmt.Errorf("invalid IP address in add-host: %q", arr[1])
-		}
-	}
-	return val, nil
-}
diff --git a/vendor/github.com/docker/docker/opts/hosts_unix.go b/vendor/github.com/docker/docker/opts/hosts_unix.go
deleted file mode 100644
index 4b1c8512e..000000000
--- a/vendor/github.com/docker/docker/opts/hosts_unix.go
+++ /dev/null
@@ -1,12 +0,0 @@
-//go:build !windows
-// +build !windows
-
-package opts // import "github.com/docker/docker/opts"
-
-const (
-	// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
-	DefaultHTTPHost = "localhost"
-
-	// DefaultHost constant defines the default host string used by docker on other hosts than Windows
-	DefaultHost = "unix://" + DefaultUnixSocket
-)
diff --git a/vendor/github.com/docker/docker/opts/hosts_windows.go b/vendor/github.com/docker/docker/opts/hosts_windows.go
deleted file mode 100644
index 576236ba4..000000000
--- a/vendor/github.com/docker/docker/opts/hosts_windows.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-const (
-	// TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5.
-	//
-	// On Windows, this mitigates a problem with the default options of running
-	// a docker client against a local docker daemon on TP5.
-	//
-	// What was found that if the default host is "localhost", even if the client
-	// (and daemon as this is local) is not physically on a network, and the DNS
-	// cache is flushed (ipconfig /flushdns), then the client will pause for
-	// exactly one second when connecting to the daemon for calls. For example
-	// using docker run windowsservercore cmd, the CLI will send a create followed
-	// by an attach. You see the delay between the attach finishing and the attach
-	// being seen by the daemon.
-	//
-	// Here's some daemon debug logs with additional debug spew put in. The
-	// AfterWriteJSON log is the very last thing the daemon does as part of the
-	// create call. The POST /attach is the second CLI call. Notice the second
-	// time gap.
-	//
-	// time="2015-11-06T13:38:37.259627400-08:00" level=debug msg="After createRootfs"
-	// time="2015-11-06T13:38:37.263626300-08:00" level=debug msg="After setHostConfig"
-	// time="2015-11-06T13:38:37.267631200-08:00" level=debug msg="before createContainerPl...."
-	// time="2015-11-06T13:38:37.271629500-08:00" level=debug msg=ToDiskLocking....
-	// time="2015-11-06T13:38:37.275643200-08:00" level=debug msg="loggin event...."
-	// time="2015-11-06T13:38:37.277627600-08:00" level=debug msg="logged event...."
-	// time="2015-11-06T13:38:37.279631800-08:00" level=debug msg="In defer func"
-	// time="2015-11-06T13:38:37.282628100-08:00" level=debug msg="After daemon.create"
-	// time="2015-11-06T13:38:37.286651700-08:00" level=debug msg="return 2"
-	// time="2015-11-06T13:38:37.289629500-08:00" level=debug msg="Returned from daemon.ContainerCreate"
-	// time="2015-11-06T13:38:37.311629100-08:00" level=debug msg="After WriteJSON"
-	// ... 1 second gap here....
-	// time="2015-11-06T13:38:38.317866200-08:00" level=debug msg="Calling POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach"
-	// time="2015-11-06T13:38:38.326882500-08:00" level=info msg="POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach?stderr=1&stdin=1&stdout=1&stream=1"
-	//
-	// We suspect this is either a bug introduced in GOLang 1.5.1, or that a change
-	// in GOLang 1.5.1 (from 1.4.3) is exposing a bug in Windows. In theory,
-	// the Windows networking stack is supposed to resolve "localhost" internally,
-	// without hitting DNS, or even reading the hosts file (which is why localhost
-	// is commented out in the hosts file on Windows).
-	//
-	// We have validated that working around this using the actual IPv4 localhost
-	// address does not cause the delay.
-	//
-	// This does not occur with the docker client built with 1.4.3 on the same
-	// Windows build, regardless of whether the daemon is built using 1.5.1
-	// or 1.4.3. It does not occur on Linux. We also verified we see the same thing
-	// on a cross-compiled Windows binary (from Linux).
-	//
-	// Final note: This is a mitigation, not a 'real' fix. It is still susceptible
-	// to the delay if a user were to do 'docker run -H=tcp://localhost:2375...'
-	// explicitly.
-
-	// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
-	DefaultHTTPHost = "127.0.0.1"
-
-	// DefaultHost constant defines the default host string used by docker on Windows
-	DefaultHost = "npipe://" + DefaultNamedPipe
-)
diff --git a/vendor/github.com/docker/docker/opts/ip.go b/vendor/github.com/docker/docker/opts/ip.go
deleted file mode 100644
index cfbff3a9f..000000000
--- a/vendor/github.com/docker/docker/opts/ip.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-import (
-	"fmt"
-	"net"
-)
-
-// IPOpt holds an IP. It is used to store values from CLI flags.
-type IPOpt struct {
-	*net.IP
-}
-
-// NewIPOpt creates a new IPOpt from a reference net.IP and a
-// string representation of an IP. If the string is not a valid
-// IP it will fallback to the specified reference.
-func NewIPOpt(ref *net.IP, defaultVal string) *IPOpt {
-	o := &IPOpt{
-		IP: ref,
-	}
-	o.Set(defaultVal)
-	return o
-}
-
-// Set sets an IPv4 or IPv6 address from a given string. If the given
-// string is not parsable as an IP address it returns an error.
-func (o *IPOpt) Set(val string) error {
-	ip := net.ParseIP(val)
-	if ip == nil {
-		return fmt.Errorf("%s is not an ip address", val)
-	}
-	*o.IP = ip
-	return nil
-}
-
-// String returns the IP address stored in the IPOpt. If stored IP is a
-// nil pointer, it returns an empty string.
-func (o *IPOpt) String() string {
-	if *o.IP == nil {
-		return ""
-	}
-	return o.IP.String()
-}
-
-// Type returns the type of the option
-func (o *IPOpt) Type() string {
-	return "ip"
-}
diff --git a/vendor/github.com/docker/docker/opts/opts.go b/vendor/github.com/docker/docker/opts/opts.go
deleted file mode 100644
index 60a093f28..000000000
--- a/vendor/github.com/docker/docker/opts/opts.go
+++ /dev/null
@@ -1,348 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-import (
-	"fmt"
-	"net"
-	"path"
-	"regexp"
-	"strings"
-
-	units "github.com/docker/go-units"
-)
-
-var (
-	alphaRegexp  = regexp.MustCompile(`[a-zA-Z]`)
-	domainRegexp = regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`)
-)
-
-// ListOpts holds a list of values and a validation function.
-type ListOpts struct {
-	values    *[]string
-	validator ValidatorFctType
-}
-
-// NewListOpts creates a new ListOpts with the specified validator.
-func NewListOpts(validator ValidatorFctType) ListOpts {
-	var values []string
-	return *NewListOptsRef(&values, validator)
-}
-
-// NewListOptsRef creates a new ListOpts with the specified values and validator.
-func NewListOptsRef(values *[]string, validator ValidatorFctType) *ListOpts {
-	return &ListOpts{
-		values:    values,
-		validator: validator,
-	}
-}
-
-func (opts *ListOpts) String() string {
-	if len(*opts.values) == 0 {
-		return ""
-	}
-	return fmt.Sprintf("%v", *opts.values)
-}
-
-// Set validates if needed the input value and adds it to the
-// internal slice.
-func (opts *ListOpts) Set(value string) error {
-	if opts.validator != nil {
-		v, err := opts.validator(value)
-		if err != nil {
-			return err
-		}
-		value = v
-	}
-	*opts.values = append(*opts.values, value)
-	return nil
-}
-
-// Delete removes the specified element from the slice.
-func (opts *ListOpts) Delete(key string) {
-	for i, k := range *opts.values {
-		if k == key {
-			*opts.values = append((*opts.values)[:i], (*opts.values)[i+1:]...)
-			return
-		}
-	}
-}
-
-// GetMap returns the content of values in a map in order to avoid
-// duplicates.
-func (opts *ListOpts) GetMap() map[string]struct{} {
-	ret := make(map[string]struct{})
-	for _, k := range *opts.values {
-		ret[k] = struct{}{}
-	}
-	return ret
-}
-
-// GetAll returns the values of slice.
-func (opts *ListOpts) GetAll() []string {
-	return *opts.values
-}
-
-// GetAllOrEmpty returns the values of the slice
-// or an empty slice when there are no values.
-func (opts *ListOpts) GetAllOrEmpty() []string {
-	v := *opts.values
-	if v == nil {
-		return make([]string, 0)
-	}
-	return v
-}
-
-// Get checks the existence of the specified key.
-func (opts *ListOpts) Get(key string) bool {
-	for _, k := range *opts.values {
-		if k == key {
-			return true
-		}
-	}
-	return false
-}
-
-// Len returns the amount of element in the slice.
-func (opts *ListOpts) Len() int {
-	return len(*opts.values)
-}
-
-// Type returns a string name for this Option type
-func (opts *ListOpts) Type() string {
-	return "list"
-}
-
-// WithValidator returns the ListOpts with validator set.
-func (opts *ListOpts) WithValidator(validator ValidatorFctType) *ListOpts {
-	opts.validator = validator
-	return opts
-}
-
-// NamedOption is an interface that list and map options
-// with names implement.
-type NamedOption interface {
-	Name() string
-}
-
-// NamedListOpts is a ListOpts with a configuration name.
-// This struct is useful to keep reference to the assigned
-// field name in the internal configuration struct.
-type NamedListOpts struct {
-	name string
-	ListOpts
-}
-
-var _ NamedOption = &NamedListOpts{}
-
-// NewNamedListOptsRef creates a reference to a new NamedListOpts struct.
-func NewNamedListOptsRef(name string, values *[]string, validator ValidatorFctType) *NamedListOpts {
-	return &NamedListOpts{
-		name:     name,
-		ListOpts: *NewListOptsRef(values, validator),
-	}
-}
-
-// Name returns the name of the NamedListOpts in the configuration.
-func (o *NamedListOpts) Name() string {
-	return o.name
-}
-
-// MapOpts holds a map of values and a validation function.
-type MapOpts struct {
-	values    map[string]string
-	validator ValidatorFctType
-}
-
-// Set validates if needed the input value and add it to the
-// internal map, by splitting on '='.
-func (opts *MapOpts) Set(value string) error {
-	if opts.validator != nil {
-		v, err := opts.validator(value)
-		if err != nil {
-			return err
-		}
-		value = v
-	}
-	vals := strings.SplitN(value, "=", 2)
-	if len(vals) == 1 {
-		(opts.values)[vals[0]] = ""
-	} else {
-		(opts.values)[vals[0]] = vals[1]
-	}
-	return nil
-}
-
-// GetAll returns the values of MapOpts as a map.
-func (opts *MapOpts) GetAll() map[string]string {
-	return opts.values
-}
-
-func (opts *MapOpts) String() string {
-	return fmt.Sprintf("%v", opts.values)
-}
-
-// Type returns a string name for this Option type
-func (opts *MapOpts) Type() string {
-	return "map"
-}
-
-// NewMapOpts creates a new MapOpts with the specified map of values and a validator.
-func NewMapOpts(values map[string]string, validator ValidatorFctType) *MapOpts {
-	if values == nil {
-		values = make(map[string]string)
-	}
-	return &MapOpts{
-		values:    values,
-		validator: validator,
-	}
-}
-
-// NamedMapOpts is a MapOpts struct with a configuration name.
-// This struct is useful to keep reference to the assigned
-// field name in the internal configuration struct.
-type NamedMapOpts struct {
-	name string
-	MapOpts
-}
-
-var _ NamedOption = &NamedMapOpts{}
-
-// NewNamedMapOpts creates a reference to a new NamedMapOpts struct.
-func NewNamedMapOpts(name string, values map[string]string, validator ValidatorFctType) *NamedMapOpts {
-	return &NamedMapOpts{
-		name:    name,
-		MapOpts: *NewMapOpts(values, validator),
-	}
-}
-
-// Name returns the name of the NamedMapOpts in the configuration.
-func (o *NamedMapOpts) Name() string {
-	return o.name
-}
-
-// ValidatorFctType defines a validator function that returns a validated string and/or an error.
-type ValidatorFctType func(val string) (string, error)
-
-// ValidatorFctListType defines a validator function that returns a validated list of string and/or an error
-type ValidatorFctListType func(val string) ([]string, error)
-
-// ValidateIPAddress validates an Ip address.
-func ValidateIPAddress(val string) (string, error) {
-	var ip = net.ParseIP(strings.TrimSpace(val))
-	if ip != nil {
-		return ip.String(), nil
-	}
-	return "", fmt.Errorf("%s is not an ip address", val)
-}
-
-// ValidateDNSSearch validates domain for resolvconf search configuration.
-// A zero length domain is represented by a dot (.).
-func ValidateDNSSearch(val string) (string, error) {
-	if val = strings.Trim(val, " "); val == "." {
-		return val, nil
-	}
-	return validateDomain(val)
-}
-
-func validateDomain(val string) (string, error) {
-	if alphaRegexp.FindString(val) == "" {
-		return "", fmt.Errorf("%s is not a valid domain", val)
-	}
-	ns := domainRegexp.FindSubmatch([]byte(val))
-	if len(ns) > 0 && len(ns[1]) < 255 {
-		return string(ns[1]), nil
-	}
-	return "", fmt.Errorf("%s is not a valid domain", val)
-}
-
-// ValidateLabel validates that the specified string is a valid label,
-// it does not use the reserved namespaces com.docker.*, io.docker.*, org.dockerproject.*
-// and returns it.
-// Labels are in the form on key=value.
-func ValidateLabel(val string) (string, error) {
-	if strings.Count(val, "=") < 1 {
-		return "", fmt.Errorf("bad attribute format: %s", val)
-	}
-
-	lowered := strings.ToLower(val)
-	if strings.HasPrefix(lowered, "com.docker.") || strings.HasPrefix(lowered, "io.docker.") ||
-		strings.HasPrefix(lowered, "org.dockerproject.") {
-		return "", fmt.Errorf(
-			"label %s is not allowed: the namespaces com.docker.*, io.docker.*, and org.dockerproject.* are reserved for internal use",
-			val)
-	}
-
-	return val, nil
-}
-
-// ValidateSingleGenericResource validates that a single entry in the
-// generic resource list is valid.
-// i.e 'GPU=UID1' is valid however 'GPU:UID1' or 'UID1' isn't
-func ValidateSingleGenericResource(val string) (string, error) {
-	if strings.Count(val, "=") < 1 {
-		return "", fmt.Errorf("invalid node-generic-resource format `%s` expected `name=value`", val)
-	}
-	return val, nil
-}
-
-// ParseLink parses and validates the specified string as a link format (name:alias)
-func ParseLink(val string) (string, string, error) {
-	if val == "" {
-		return "", "", fmt.Errorf("empty string specified for links")
-	}
-	arr := strings.Split(val, ":")
-	if len(arr) > 2 {
-		return "", "", fmt.Errorf("bad format for links: %s", val)
-	}
-	if len(arr) == 1 {
-		return val, val, nil
-	}
-	// This is kept because we can actually get a HostConfig with links
-	// from an already created container and the format is not `foo:bar`
-	// but `/foo:/c1/bar`
-	if strings.HasPrefix(arr[0], "/") {
-		_, alias := path.Split(arr[1])
-		return arr[0][1:], alias, nil
-	}
-	return arr[0], arr[1], nil
-}
-
-// MemBytes is a type for human readable memory bytes (like 128M, 2g, etc)
-type MemBytes int64
-
-// String returns the string format of the human readable memory bytes
-func (m *MemBytes) String() string {
-	// NOTE: In spf13/pflag/flag.go, "0" is considered as "zero value" while "0 B" is not.
-	// We return "0" in case value is 0 here so that the default value is hidden.
-	// (Sometimes "default 0 B" is actually misleading)
-	if m.Value() != 0 {
-		return units.BytesSize(float64(m.Value()))
-	}
-	return "0"
-}
-
-// Set sets the value of the MemBytes by passing a string
-func (m *MemBytes) Set(value string) error {
-	val, err := units.RAMInBytes(value)
-	*m = MemBytes(val)
-	return err
-}
-
-// Type returns the type
-func (m *MemBytes) Type() string {
-	return "bytes"
-}
-
-// Value returns the value in int64
-func (m *MemBytes) Value() int64 {
-	return int64(*m)
-}
-
-// UnmarshalJSON is the customized unmarshaler for MemBytes
-func (m *MemBytes) UnmarshalJSON(s []byte) error {
-	if len(s) <= 2 || s[0] != '"' || s[len(s)-1] != '"' {
-		return fmt.Errorf("invalid size: %q", s)
-	}
-	val, err := units.RAMInBytes(string(s[1 : len(s)-1]))
-	*m = MemBytes(val)
-	return err
-}
diff --git a/vendor/github.com/docker/docker/opts/quotedstring.go b/vendor/github.com/docker/docker/opts/quotedstring.go
deleted file mode 100644
index 6c889070e..000000000
--- a/vendor/github.com/docker/docker/opts/quotedstring.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-// QuotedString is a string that may have extra quotes around the value. The
-// quotes are stripped from the value.
-type QuotedString struct {
-	value *string
-}
-
-// Set sets a new value
-func (s *QuotedString) Set(val string) error {
-	*s.value = trimQuotes(val)
-	return nil
-}
-
-// Type returns the type of the value
-func (s *QuotedString) Type() string {
-	return "string"
-}
-
-func (s *QuotedString) String() string {
-	return *s.value
-}
-
-func trimQuotes(value string) string {
-	lastIndex := len(value) - 1
-	for _, char := range []byte{'\'', '"'} {
-		if value[0] == char && value[lastIndex] == char {
-			return value[1:lastIndex]
-		}
-	}
-	return value
-}
-
-// NewQuotedString returns a new quoted string option
-func NewQuotedString(value *string) *QuotedString {
-	return &QuotedString{value: value}
-}
diff --git a/vendor/github.com/docker/docker/opts/runtime.go b/vendor/github.com/docker/docker/opts/runtime.go
deleted file mode 100644
index 4b9babf0a..000000000
--- a/vendor/github.com/docker/docker/opts/runtime.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/docker/docker/api/types"
-)
-
-// RuntimeOpt defines a map of Runtimes
-type RuntimeOpt struct {
-	name             string
-	stockRuntimeName string
-	values           *map[string]types.Runtime
-}
-
-// NewNamedRuntimeOpt creates a new RuntimeOpt
-func NewNamedRuntimeOpt(name string, ref *map[string]types.Runtime, stockRuntime string) *RuntimeOpt {
-	if ref == nil {
-		ref = &map[string]types.Runtime{}
-	}
-	return &RuntimeOpt{name: name, values: ref, stockRuntimeName: stockRuntime}
-}
-
-// Name returns the name of the NamedListOpts in the configuration.
-func (o *RuntimeOpt) Name() string {
-	return o.name
-}
-
-// Set validates and updates the list of Runtimes
-func (o *RuntimeOpt) Set(val string) error {
-	parts := strings.SplitN(val, "=", 2)
-	if len(parts) != 2 {
-		return fmt.Errorf("invalid runtime argument: %s", val)
-	}
-
-	parts[0] = strings.TrimSpace(parts[0])
-	parts[1] = strings.TrimSpace(parts[1])
-	if parts[0] == "" || parts[1] == "" {
-		return fmt.Errorf("invalid runtime argument: %s", val)
-	}
-
-	parts[0] = strings.ToLower(parts[0])
-	if parts[0] == o.stockRuntimeName {
-		return fmt.Errorf("runtime name '%s' is reserved", o.stockRuntimeName)
-	}
-
-	if _, ok := (*o.values)[parts[0]]; ok {
-		return fmt.Errorf("runtime '%s' was already defined", parts[0])
-	}
-
-	(*o.values)[parts[0]] = types.Runtime{Path: parts[1]}
-
-	return nil
-}
-
-// String returns Runtime values as a string.
-func (o *RuntimeOpt) String() string {
-	var out []string
-	for k := range *o.values {
-		out = append(out, k)
-	}
-
-	return fmt.Sprintf("%v", out)
-}
-
-// GetMap returns a map of Runtimes (name: path)
-func (o *RuntimeOpt) GetMap() map[string]types.Runtime {
-	if o.values != nil {
-		return *o.values
-	}
-
-	return map[string]types.Runtime{}
-}
-
-// Type returns the type of the option
-func (o *RuntimeOpt) Type() string {
-	return "runtime"
-}
diff --git a/vendor/github.com/docker/docker/opts/ulimit.go b/vendor/github.com/docker/docker/opts/ulimit.go
deleted file mode 100644
index 61cc58d4d..000000000
--- a/vendor/github.com/docker/docker/opts/ulimit.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package opts // import "github.com/docker/docker/opts"
-
-import (
-	"fmt"
-
-	units "github.com/docker/go-units"
-)
-
-// UlimitOpt defines a map of Ulimits
-type UlimitOpt struct {
-	values *map[string]*units.Ulimit
-}
-
-// NewUlimitOpt creates a new UlimitOpt
-func NewUlimitOpt(ref *map[string]*units.Ulimit) *UlimitOpt {
-	if ref == nil {
-		ref = &map[string]*units.Ulimit{}
-	}
-	return &UlimitOpt{ref}
-}
-
-// Set validates a Ulimit and sets its name as a key in UlimitOpt
-func (o *UlimitOpt) Set(val string) error {
-	l, err := units.ParseUlimit(val)
-	if err != nil {
-		return err
-	}
-
-	(*o.values)[l.Name] = l
-
-	return nil
-}
-
-// String returns Ulimit values as a string.
-func (o *UlimitOpt) String() string {
-	var out []string
-	for _, v := range *o.values {
-		out = append(out, v.String())
-	}
-
-	return fmt.Sprintf("%v", out)
-}
-
-// GetList returns a slice of pointers to Ulimits.
-func (o *UlimitOpt) GetList() []*units.Ulimit {
-	var ulimits []*units.Ulimit
-	for _, v := range *o.values {
-		ulimits = append(ulimits, v)
-	}
-
-	return ulimits
-}
-
-// Type returns the option type
-func (o *UlimitOpt) Type() string {
-	return "ulimit"
-}
-
-// NamedUlimitOpt defines a named map of Ulimits
-type NamedUlimitOpt struct {
-	name string
-	UlimitOpt
-}
-
-var _ NamedOption = &NamedUlimitOpt{}
-
-// NewNamedUlimitOpt creates a new NamedUlimitOpt
-func NewNamedUlimitOpt(name string, ref *map[string]*units.Ulimit) *NamedUlimitOpt {
-	if ref == nil {
-		ref = &map[string]*units.Ulimit{}
-	}
-	return &NamedUlimitOpt{
-		name:      name,
-		UlimitOpt: *NewUlimitOpt(ref),
-	}
-}
-
-// Name returns the option name
-func (o *NamedUlimitOpt) Name() string {
-	return o.name
-}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
index 1eb0b74c3..fea53d3ae 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
@@ -52,8 +52,8 @@ func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (
 		// Currently go does not fill in the major/minors
 		if s.Mode&unix.S_IFBLK != 0 ||
 			s.Mode&unix.S_IFCHR != 0 {
-			hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert
-			hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert
+			hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) //nolint: unconvert
+			hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) //nolint: unconvert
 		}
 	}
 
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/docker/docker/pkg/archive/copy.go
index 57fddac07..4b9f504d7 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy.go
@@ -354,6 +354,16 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
 				return
 			}
 
+			// Ignoring GoSec G110. See https://github.com/securego/gosec/pull/433
+			// and https://cure53.de/pentest-report_opa.pdf, which recommends to
+			// replace io.Copy with io.CopyN7. The latter allows to specify the
+			// maximum number of bytes that should be read. By properly defining
+			// the limit, it can be assured that a GZip compression bomb cannot
+			// easily cause a Denial-of-Service.
+			// After reviewing with @tonistiigi and @cpuguy83, this should not
+			// affect us, because here we do not read into memory, hence should
+			// not be vulnerable to this code consuming memory.
+			//nolint:gosec // G110: Potential DoS vulnerability via decompression bomb (gosec)
 			if _, err = io.Copy(rebasedTar, srcTar); err != nil {
 				w.CloseWithError(err)
 				return
diff --git a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
index 2dfb66af0..090bd1cad 100644
--- a/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
+++ b/vendor/github.com/docker/docker/pkg/namesgenerator/names-generator.go
@@ -758,9 +758,6 @@ var (
 		// Helen Brooke Taussig - American cardiologist and founder of the field of paediatric cardiology. https://en.wikipedia.org/wiki/Helen_B._Taussig
 		"taussig",
 
-		// Valentina Tereshkova is a Russian engineer, cosmonaut and politician. She was the first woman to fly to space in 1963. In 2013, at the age of 76, she offered to go on a one-way mission to Mars. https://en.wikipedia.org/wiki/Valentina_Tereshkova
-		"tereshkova",
-
 		// Nikola Tesla invented the AC electric system and every gadget ever used by a James Bond villain. https://en.wikipedia.org/wiki/Nikola_Tesla
 		"tesla",
 
@@ -840,13 +837,13 @@ var (
 // integer between 0 and 10 will be added to the end of the name, e.g `focused_turing3`
 func GetRandomName(retry int) string {
 begin:
-	name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))])
+	name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))]) //nolint:gosec // G404: Use of weak random number generator (math/rand instead of crypto/rand)
 	if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
 		goto begin
 	}
 
 	if retry > 0 {
-		name = fmt.Sprintf("%s%d", name, rand.Intn(10))
+		name = fmt.Sprintf("%s%d", name, rand.Intn(10)) //nolint:gosec // G404: Use of weak random number generator (math/rand instead of crypto/rand)
 	}
 	return name
 }
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_linux.go b/vendor/github.com/docker/docker/pkg/system/stat_linux.go
index 17d5d131a..3ac02393f 100644
--- a/vendor/github.com/docker/docker/pkg/system/stat_linux.go
+++ b/vendor/github.com/docker/docker/pkg/system/stat_linux.go
@@ -9,7 +9,7 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 		uid:  s.Uid,
 		gid:  s.Gid,
 		// the type is 32bit on mips
-		rdev: uint64(s.Rdev), // nolint: unconvert
+		rdev: uint64(s.Rdev), //nolint: unconvert
 		mtim: s.Mtim}, nil
 }
 
diff --git a/vendor/github.com/docker/go-metrics/CONTRIBUTING.md b/vendor/github.com/docker/go-metrics/CONTRIBUTING.md
deleted file mode 100644
index b8a512c36..000000000
--- a/vendor/github.com/docker/go-metrics/CONTRIBUTING.md
+++ /dev/null
@@ -1,55 +0,0 @@
-# Contributing
-
-## Sign your work
-
-The sign-off is a simple line at the end of the explanation for the patch. Your
-signature certifies that you wrote the patch or otherwise have the right to pass
-it on as an open-source patch. The rules are pretty simple: if you can certify
-the below (from [developercertificate.org](http://developercertificate.org/)):
-
-```
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-660 York Street, Suite 102,
-San Francisco, CA 94110 USA
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
-```
-
-Then you just add a line to every git commit message:
-
-    Signed-off-by: Joe Smith <joe.smith@email.com>
-
-Use your real name (sorry, no pseudonyms or anonymous contributions.)
-
-If you set your `user.name` and `user.email` git configs, you can sign your
-commit automatically with `git commit -s`.
diff --git a/vendor/github.com/docker/go-metrics/LICENSE b/vendor/github.com/docker/go-metrics/LICENSE
deleted file mode 100644
index 8f3fee627..000000000
--- a/vendor/github.com/docker/go-metrics/LICENSE
+++ /dev/null
@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2013-2016 Docker, Inc.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/docker/go-metrics/LICENSE.docs b/vendor/github.com/docker/go-metrics/LICENSE.docs
deleted file mode 100644
index e26cd4fc8..000000000
--- a/vendor/github.com/docker/go-metrics/LICENSE.docs
+++ /dev/null
@@ -1,425 +0,0 @@
-Attribution-ShareAlike 4.0 International
-
-=======================================================================
-
-Creative Commons Corporation ("Creative Commons") is not a law firm and
-does not provide legal services or legal advice. Distribution of
-Creative Commons public licenses does not create a lawyer-client or
-other relationship. Creative Commons makes its licenses and related
-information available on an "as-is" basis. Creative Commons gives no
-warranties regarding its licenses, any material licensed under their
-terms and conditions, or any related information. Creative Commons
-disclaims all liability for damages resulting from their use to the
-fullest extent possible.
-
-Using Creative Commons Public Licenses
-
-Creative Commons public licenses provide a standard set of terms and
-conditions that creators and other rights holders may use to share
-original works of authorship and other material subject to copyright
-and certain other rights specified in the public license below. The
-following considerations are for informational purposes only, are not
-exhaustive, and do not form part of our licenses.
-
-     Considerations for licensors: Our public licenses are
-     intended for use by those authorized to give the public
-     permission to use material in ways otherwise restricted by
-     copyright and certain other rights. Our licenses are
-     irrevocable. Licensors should read and understand the terms
-     and conditions of the license they choose before applying it.
-     Licensors should also secure all rights necessary before
-     applying our licenses so that the public can reuse the
-     material as expected. Licensors should clearly mark any
-     material not subject to the license. This includes other CC-
-     licensed material, or material used under an exception or
-     limitation to copyright. More considerations for licensors:
-	wiki.creativecommons.org/Considerations_for_licensors
-
-     Considerations for the public: By using one of our public
-     licenses, a licensor grants the public permission to use the
-     licensed material under specified terms and conditions. If
-     the licensor's permission is not necessary for any reason--for
-     example, because of any applicable exception or limitation to
-     copyright--then that use is not regulated by the license. Our
-     licenses grant only permissions under copyright and certain
-     other rights that a licensor has authority to grant. Use of
-     the licensed material may still be restricted for other
-     reasons, including because others have copyright or other
-     rights in the material. A licensor may make special requests,
-     such as asking that all changes be marked or described.
-     Although not required by our licenses, you are encouraged to
-     respect those requests where reasonable. More_considerations
-     for the public:
-	wiki.creativecommons.org/Considerations_for_licensees
-
-=======================================================================
-
-Creative Commons Attribution-ShareAlike 4.0 International Public
-License
-
-By exercising the Licensed Rights (defined below), You accept and agree
-to be bound by the terms and conditions of this Creative Commons
-Attribution-ShareAlike 4.0 International Public License ("Public
-License"). To the extent this Public License may be interpreted as a
-contract, You are granted the Licensed Rights in consideration of Your
-acceptance of these terms and conditions, and the Licensor grants You
-such rights in consideration of benefits the Licensor receives from
-making the Licensed Material available under these terms and
-conditions.
-
-
-Section 1 -- Definitions.
-
-  a. Adapted Material means material subject to Copyright and Similar
-     Rights that is derived from or based upon the Licensed Material
-     and in which the Licensed Material is translated, altered,
-     arranged, transformed, or otherwise modified in a manner requiring
-     permission under the Copyright and Similar Rights held by the
-     Licensor. For purposes of this Public License, where the Licensed
-     Material is a musical work, performance, or sound recording,
-     Adapted Material is always produced where the Licensed Material is
-     synched in timed relation with a moving image.
-
-  b. Adapter's License means the license You apply to Your Copyright
-     and Similar Rights in Your contributions to Adapted Material in
-     accordance with the terms and conditions of this Public License.
-
-  c. BY-SA Compatible License means a license listed at
-     creativecommons.org/compatiblelicenses, approved by Creative
-     Commons as essentially the equivalent of this Public License.
-
-  d. Copyright and Similar Rights means copyright and/or similar rights
-     closely related to copyright including, without limitation,
-     performance, broadcast, sound recording, and Sui Generis Database
-     Rights, without regard to how the rights are labeled or
-     categorized. For purposes of this Public License, the rights
-     specified in Section 2(b)(1)-(2) are not Copyright and Similar
-     Rights.
-
-  e. Effective Technological Measures means those measures that, in the
-     absence of proper authority, may not be circumvented under laws
-     fulfilling obligations under Article 11 of the WIPO Copyright
-     Treaty adopted on December 20, 1996, and/or similar international
-     agreements.
-
-  f. Exceptions and Limitations means fair use, fair dealing, and/or
-     any other exception or limitation to Copyright and Similar Rights
-     that applies to Your use of the Licensed Material.
-
-  g. License Elements means the license attributes listed in the name
-     of a Creative Commons Public License. The License Elements of this
-     Public License are Attribution and ShareAlike.
-
-  h. Licensed Material means the artistic or literary work, database,
-     or other material to which the Licensor applied this Public
-     License.
-
-  i. Licensed Rights means the rights granted to You subject to the
-     terms and conditions of this Public License, which are limited to
-     all Copyright and Similar Rights that apply to Your use of the
-     Licensed Material and that the Licensor has authority to license.
-
-  j. Licensor means the individual(s) or entity(ies) granting rights
-     under this Public License.
-
-  k. Share means to provide material to the public by any means or
-     process that requires permission under the Licensed Rights, such
-     as reproduction, public display, public performance, distribution,
-     dissemination, communication, or importation, and to make material
-     available to the public including in ways that members of the
-     public may access the material from a place and at a time
-     individually chosen by them.
-
-  l. Sui Generis Database Rights means rights other than copyright
-     resulting from Directive 96/9/EC of the European Parliament and of
-     the Council of 11 March 1996 on the legal protection of databases,
-     as amended and/or succeeded, as well as other essentially
-     equivalent rights anywhere in the world.
-
-  m. You means the individual or entity exercising the Licensed Rights
-     under this Public License. Your has a corresponding meaning.
-
-
-Section 2 -- Scope.
-
-  a. License grant.
-
-       1. Subject to the terms and conditions of this Public License,
-          the Licensor hereby grants You a worldwide, royalty-free,
-          non-sublicensable, non-exclusive, irrevocable license to
-          exercise the Licensed Rights in the Licensed Material to:
-
-            a. reproduce and Share the Licensed Material, in whole or
-               in part; and
-
-            b. produce, reproduce, and Share Adapted Material.
-
-       2. Exceptions and Limitations. For the avoidance of doubt, where
-          Exceptions and Limitations apply to Your use, this Public
-          License does not apply, and You do not need to comply with
-          its terms and conditions.
-
-       3. Term. The term of this Public License is specified in Section
-          6(a).
-
-       4. Media and formats; technical modifications allowed. The
-          Licensor authorizes You to exercise the Licensed Rights in
-          all media and formats whether now known or hereafter created,
-          and to make technical modifications necessary to do so. The
-          Licensor waives and/or agrees not to assert any right or
-          authority to forbid You from making technical modifications
-          necessary to exercise the Licensed Rights, including
-          technical modifications necessary to circumvent Effective
-          Technological Measures. For purposes of this Public License,
-          simply making modifications authorized by this Section 2(a)
-          (4) never produces Adapted Material.
-
-       5. Downstream recipients.
-
-            a. Offer from the Licensor -- Licensed Material. Every
-               recipient of the Licensed Material automatically
-               receives an offer from the Licensor to exercise the
-               Licensed Rights under the terms and conditions of this
-               Public License.
-
-            b. Additional offer from the Licensor -- Adapted Material.
-               Every recipient of Adapted Material from You
-               automatically receives an offer from the Licensor to
-               exercise the Licensed Rights in the Adapted Material
-               under the conditions of the Adapter's License You apply.
-
-            c. No downstream restrictions. You may not offer or impose
-               any additional or different terms or conditions on, or
-               apply any Effective Technological Measures to, the
-               Licensed Material if doing so restricts exercise of the
-               Licensed Rights by any recipient of the Licensed
-               Material.
-
-       6. No endorsement. Nothing in this Public License constitutes or
-          may be construed as permission to assert or imply that You
-          are, or that Your use of the Licensed Material is, connected
-          with, or sponsored, endorsed, or granted official status by,
-          the Licensor or others designated to receive attribution as
-          provided in Section 3(a)(1)(A)(i).
-
-  b. Other rights.
-
-       1. Moral rights, such as the right of integrity, are not
-          licensed under this Public License, nor are publicity,
-          privacy, and/or other similar personality rights; however, to
-          the extent possible, the Licensor waives and/or agrees not to
-          assert any such rights held by the Licensor to the limited
-          extent necessary to allow You to exercise the Licensed
-          Rights, but not otherwise.
-
-       2. Patent and trademark rights are not licensed under this
-          Public License.
-
-       3. To the extent possible, the Licensor waives any right to
-          collect royalties from You for the exercise of the Licensed
-          Rights, whether directly or through a collecting society
-          under any voluntary or waivable statutory or compulsory
-          licensing scheme. In all other cases the Licensor expressly
-          reserves any right to collect such royalties.
-
-
-Section 3 -- License Conditions.
-
-Your exercise of the Licensed Rights is expressly made subject to the
-following conditions.
-
-  a. Attribution.
-
-       1. If You Share the Licensed Material (including in modified
-          form), You must:
-
-            a. retain the following if it is supplied by the Licensor
-               with the Licensed Material:
-
-                 i. identification of the creator(s) of the Licensed
-                    Material and any others designated to receive
-                    attribution, in any reasonable manner requested by
-                    the Licensor (including by pseudonym if
-                    designated);
-
-                ii. a copyright notice;
-
-               iii. a notice that refers to this Public License;
-
-                iv. a notice that refers to the disclaimer of
-                    warranties;
-
-                 v. a URI or hyperlink to the Licensed Material to the
-                    extent reasonably practicable;
-
-            b. indicate if You modified the Licensed Material and
-               retain an indication of any previous modifications; and
-
-            c. indicate the Licensed Material is licensed under this
-               Public License, and include the text of, or the URI or
-               hyperlink to, this Public License.
-
-       2. You may satisfy the conditions in Section 3(a)(1) in any
-          reasonable manner based on the medium, means, and context in
-          which You Share the Licensed Material. For example, it may be
-          reasonable to satisfy the conditions by providing a URI or
-          hyperlink to a resource that includes the required
-          information.
-
-       3. If requested by the Licensor, You must remove any of the
-          information required by Section 3(a)(1)(A) to the extent
-          reasonably practicable.
-
-  b. ShareAlike.
-
-     In addition to the conditions in Section 3(a), if You Share
-     Adapted Material You produce, the following conditions also apply.
-
-       1. The Adapter's License You apply must be a Creative Commons
-          license with the same License Elements, this version or
-          later, or a BY-SA Compatible License.
-
-       2. You must include the text of, or the URI or hyperlink to, the
-          Adapter's License You apply. You may satisfy this condition
-          in any reasonable manner based on the medium, means, and
-          context in which You Share Adapted Material.
-
-       3. You may not offer or impose any additional or different terms
-          or conditions on, or apply any Effective Technological
-          Measures to, Adapted Material that restrict exercise of the
-          rights granted under the Adapter's License You apply.
-
-
-Section 4 -- Sui Generis Database Rights.
-
-Where the Licensed Rights include Sui Generis Database Rights that
-apply to Your use of the Licensed Material:
-
-  a. for the avoidance of doubt, Section 2(a)(1) grants You the right
-     to extract, reuse, reproduce, and Share all or a substantial
-     portion of the contents of the database;
-
-  b. if You include all or a substantial portion of the database
-     contents in a database in which You have Sui Generis Database
-     Rights, then the database in which You have Sui Generis Database
-     Rights (but not its individual contents) is Adapted Material,
-
-     including for purposes of Section 3(b); and
-  c. You must comply with the conditions in Section 3(a) if You Share
-     all or a substantial portion of the contents of the database.
-
-For the avoidance of doubt, this Section 4 supplements and does not
-replace Your obligations under this Public License where the Licensed
-Rights include other Copyright and Similar Rights.
-
-
-Section 5 -- Disclaimer of Warranties and Limitation of Liability.
-
-  a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
-     EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
-     AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
-     ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
-     IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
-     WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
-     PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
-     ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
-     KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
-     ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
-
-  b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
-     TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
-     NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
-     INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
-     COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
-     USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
-     ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
-     DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
-     IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
-
-  c. The disclaimer of warranties and limitation of liability provided
-     above shall be interpreted in a manner that, to the extent
-     possible, most closely approximates an absolute disclaimer and
-     waiver of all liability.
-
-
-Section 6 -- Term and Termination.
-
-  a. This Public License applies for the term of the Copyright and
-     Similar Rights licensed here. However, if You fail to comply with
-     this Public License, then Your rights under this Public License
-     terminate automatically.
-
-  b. Where Your right to use the Licensed Material has terminated under
-     Section 6(a), it reinstates:
-
-       1. automatically as of the date the violation is cured, provided
-          it is cured within 30 days of Your discovery of the
-          violation; or
-
-       2. upon express reinstatement by the Licensor.
-
-     For the avoidance of doubt, this Section 6(b) does not affect any
-     right the Licensor may have to seek remedies for Your violations
-     of this Public License.
-
-  c. For the avoidance of doubt, the Licensor may also offer the
-     Licensed Material under separate terms or conditions or stop
-     distributing the Licensed Material at any time; however, doing so
-     will not terminate this Public License.
-
-  d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
-     License.
-
-
-Section 7 -- Other Terms and Conditions.
-
-  a. The Licensor shall not be bound by any additional or different
-     terms or conditions communicated by You unless expressly agreed.
-
-  b. Any arrangements, understandings, or agreements regarding the
-     Licensed Material not stated herein are separate from and
-     independent of the terms and conditions of this Public License.
-
-
-Section 8 -- Interpretation.
-
-  a. For the avoidance of doubt, this Public License does not, and
-     shall not be interpreted to, reduce, limit, restrict, or impose
-     conditions on any use of the Licensed Material that could lawfully
-     be made without permission under this Public License.
-
-  b. To the extent possible, if any provision of this Public License is
-     deemed unenforceable, it shall be automatically reformed to the
-     minimum extent necessary to make it enforceable. If the provision
-     cannot be reformed, it shall be severed from this Public License
-     without affecting the enforceability of the remaining terms and
-     conditions.
-
-  c. No term or condition of this Public License will be waived and no
-     failure to comply consented to unless expressly agreed to by the
-     Licensor.
-
-  d. Nothing in this Public License constitutes or may be interpreted
-     as a limitation upon, or waiver of, any privileges and immunities
-     that apply to the Licensor or You, including from the legal
-     processes of any jurisdiction or authority.
-
-
-=======================================================================
-
-Creative Commons is not a party to its public licenses.
-Notwithstanding, Creative Commons may elect to apply one of its public
-licenses to material it publishes and in those instances will be
-considered the "Licensor." Except for the limited purpose of indicating
-that material is shared under a Creative Commons public license or as
-otherwise permitted by the Creative Commons policies published at
-creativecommons.org/policies, Creative Commons does not authorize the
-use of the trademark "Creative Commons" or any other trademark or logo
-of Creative Commons without its prior written consent including,
-without limitation, in connection with any unauthorized modifications
-to any of its public licenses or any other arrangements,
-understandings, or agreements concerning use of licensed material. For
-the avoidance of doubt, this paragraph does not form part of the public
-licenses.
-
-Creative Commons may be contacted at creativecommons.org.
diff --git a/vendor/github.com/docker/go-metrics/NOTICE b/vendor/github.com/docker/go-metrics/NOTICE
deleted file mode 100644
index 8915f0277..000000000
--- a/vendor/github.com/docker/go-metrics/NOTICE
+++ /dev/null
@@ -1,16 +0,0 @@
-Docker
-Copyright 2012-2015 Docker, Inc.
-
-This product includes software developed at Docker, Inc. (https://www.docker.com).
-
-The following is courtesy of our legal counsel:
-
-
-Use and transfer of Docker may be subject to certain restrictions by the
-United States and other governments.
-It is your responsibility to ensure that your use and/or transfer does not
-violate applicable laws.
-
-For more information, please see https://www.bis.doc.gov
-
-See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
diff --git a/vendor/github.com/docker/go-metrics/README.md b/vendor/github.com/docker/go-metrics/README.md
deleted file mode 100644
index a9e947cb5..000000000
--- a/vendor/github.com/docker/go-metrics/README.md
+++ /dev/null
@@ -1,91 +0,0 @@
-# go-metrics [![GoDoc](https://godoc.org/github.com/docker/go-metrics?status.svg)](https://godoc.org/github.com/docker/go-metrics) ![Badge Badge](http://doyouevenbadge.com/github.com/docker/go-metrics)
-
-This package is small wrapper around the prometheus go client to help enforce convention and best practices for metrics collection in Docker projects.
-
-## Best Practices
-
-This packages is meant to be used for collecting metrics in Docker projects.
-It is not meant to be used as a replacement for the prometheus client but to help enforce consistent naming across metrics collected.
-If you have not already read the prometheus best practices around naming and labels you can read the page [here](https://prometheus.io/docs/practices/naming/).
-
-The following are a few Docker specific rules that will help you name and work with metrics in your project.
-
-1. Namespace and Subsystem
-
-This package provides you with a namespace type that allows you to specify the same namespace and subsystem for your metrics.
-
-```go
-ns := metrics.NewNamespace("engine", "daemon", metrics.Labels{
-        "version": dockerversion.Version,
-        "commit":  dockerversion.GitCommit,
-})
-```
-
-In the example above we are creating metrics for the Docker engine's daemon package.
-`engine` would be the namespace in this example where `daemon` is the subsystem or package where we are collecting the metrics.
-
-A namespace also allows you to attach constant labels to the metrics such as the git commit and version that it is collecting.
-
-2. Declaring your Metrics
-
-Try to keep all your metric declarations in one file.
-This makes it easy for others to see what constant labels are defined on the namespace and what labels are defined on the metrics when they are created.
-
-3. Use labels instead of multiple metrics
-
-Labels allow you to define one metric such as the time it takes to perform a certain action on an object.
-If we wanted to collect timings on various container actions such as create, start, and delete then we can define one metric called `container_actions` and use labels to specify the type of action.
-
-
-```go
-containerActions = ns.NewLabeledTimer("container_actions", "The number of milliseconds it takes to process each container action", "action")
-```
-
-The last parameter is the label name or key.
-When adding a data point to the metric you will use the `WithValues` function to specify the `action` that you are collecting for.
-
-```go
-containerActions.WithValues("create").UpdateSince(start)
-```
-
-4. Always use a unit
-
-The metric name should describe what you are measuring but you also need to provide the unit that it is being measured with.
-For a timer, the standard unit is seconds and a counter's standard unit is a total.
-For gauges you must provide the unit.
-This package provides a standard set of units for use within the Docker projects.
-
-```go
-Nanoseconds Unit = "nanoseconds"
-Seconds     Unit = "seconds"
-Bytes       Unit = "bytes"
-Total       Unit = "total"
-```
-
-If you need to use a unit but it is not defined in the package please open a PR to add it but first try to see if one of the already created units will work for your metric, i.e. seconds or nanoseconds vs adding milliseconds.
-
-## Docs
-
-Package documentation can be found [here](https://godoc.org/github.com/docker/go-metrics).
-
-## HTTP Metrics
-
-To instrument a http handler, you can wrap the code like this:
-
-```go
-namespace := metrics.NewNamespace("docker_distribution", "http", metrics.Labels{"handler": "your_http_handler_name"})
-httpMetrics := namespace.NewDefaultHttpMetrics()
-metrics.Register(namespace)
-instrumentedHandler = metrics.InstrumentHandler(httpMetrics, unInstrumentedHandler)
-```
-Note: The `handler` label must be provided when a new namespace is created.
-
-## Additional Metrics
-
-Additional metrics are also defined here that are not available in the prometheus client.
-If you need a custom metrics and it is generic enough to be used by multiple projects, define it here.
-
-
-## Copyright and license
-
-Copyright © 2016 Docker, Inc. All rights reserved, except as follows. Code is released under the Apache 2.0 license. The README.md file, and files in the "docs" folder are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file "LICENSE.docs". You may obtain a duplicate copy of the same license, titled CC-BY-SA-4.0, at http://creativecommons.org/licenses/by/4.0/.
diff --git a/vendor/github.com/docker/go-metrics/counter.go b/vendor/github.com/docker/go-metrics/counter.go
deleted file mode 100644
index fe36316a4..000000000
--- a/vendor/github.com/docker/go-metrics/counter.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package metrics
-
-import "github.com/prometheus/client_golang/prometheus"
-
-// Counter is a metrics that can only increment its current count
-type Counter interface {
-	// Inc adds Sum(vs) to the counter. Sum(vs) must be positive.
-	//
-	// If len(vs) == 0, increments the counter by 1.
-	Inc(vs ...float64)
-}
-
-// LabeledCounter is counter that must have labels populated before use.
-type LabeledCounter interface {
-	WithValues(vs ...string) Counter
-}
-
-type labeledCounter struct {
-	pc *prometheus.CounterVec
-}
-
-func (lc *labeledCounter) WithValues(vs ...string) Counter {
-	return &counter{pc: lc.pc.WithLabelValues(vs...)}
-}
-
-func (lc *labeledCounter) Describe(ch chan<- *prometheus.Desc) {
-	lc.pc.Describe(ch)
-}
-
-func (lc *labeledCounter) Collect(ch chan<- prometheus.Metric) {
-	lc.pc.Collect(ch)
-}
-
-type counter struct {
-	pc prometheus.Counter
-}
-
-func (c *counter) Inc(vs ...float64) {
-	if len(vs) == 0 {
-		c.pc.Inc()
-	}
-
-	c.pc.Add(sumFloat64(vs...))
-}
-
-func (c *counter) Describe(ch chan<- *prometheus.Desc) {
-	c.pc.Describe(ch)
-}
-
-func (c *counter) Collect(ch chan<- prometheus.Metric) {
-	c.pc.Collect(ch)
-}
diff --git a/vendor/github.com/docker/go-metrics/docs.go b/vendor/github.com/docker/go-metrics/docs.go
deleted file mode 100644
index 8fbdfc697..000000000
--- a/vendor/github.com/docker/go-metrics/docs.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// This package is small wrapper around the prometheus go client to help enforce convention and best practices for metrics collection in Docker projects.
-
-package metrics
diff --git a/vendor/github.com/docker/go-metrics/gauge.go b/vendor/github.com/docker/go-metrics/gauge.go
deleted file mode 100644
index 74296e877..000000000
--- a/vendor/github.com/docker/go-metrics/gauge.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package metrics
-
-import "github.com/prometheus/client_golang/prometheus"
-
-// Gauge is a metric that allows incrementing and decrementing a value
-type Gauge interface {
-	Inc(...float64)
-	Dec(...float64)
-
-	// Add adds the provided value to the gauge's current value
-	Add(float64)
-
-	// Set replaces the gauge's current value with the provided value
-	Set(float64)
-}
-
-// LabeledGauge describes a gauge the must have values populated before use.
-type LabeledGauge interface {
-	WithValues(labels ...string) Gauge
-}
-
-type labeledGauge struct {
-	pg *prometheus.GaugeVec
-}
-
-func (lg *labeledGauge) WithValues(labels ...string) Gauge {
-	return &gauge{pg: lg.pg.WithLabelValues(labels...)}
-}
-
-func (lg *labeledGauge) Describe(c chan<- *prometheus.Desc) {
-	lg.pg.Describe(c)
-}
-
-func (lg *labeledGauge) Collect(c chan<- prometheus.Metric) {
-	lg.pg.Collect(c)
-}
-
-type gauge struct {
-	pg prometheus.Gauge
-}
-
-func (g *gauge) Inc(vs ...float64) {
-	if len(vs) == 0 {
-		g.pg.Inc()
-	}
-
-	g.Add(sumFloat64(vs...))
-}
-
-func (g *gauge) Dec(vs ...float64) {
-	if len(vs) == 0 {
-		g.pg.Dec()
-	}
-
-	g.Add(-sumFloat64(vs...))
-}
-
-func (g *gauge) Add(v float64) {
-	g.pg.Add(v)
-}
-
-func (g *gauge) Set(v float64) {
-	g.pg.Set(v)
-}
-
-func (g *gauge) Describe(c chan<- *prometheus.Desc) {
-	g.pg.Describe(c)
-}
-
-func (g *gauge) Collect(c chan<- prometheus.Metric) {
-	g.pg.Collect(c)
-}
diff --git a/vendor/github.com/docker/go-metrics/go.mod b/vendor/github.com/docker/go-metrics/go.mod
deleted file mode 100644
index 7e328f0cf..000000000
--- a/vendor/github.com/docker/go-metrics/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/docker/go-metrics
-
-go 1.11
-
-require github.com/prometheus/client_golang v1.1.0
diff --git a/vendor/github.com/docker/go-metrics/go.sum b/vendor/github.com/docker/go-metrics/go.sum
deleted file mode 100644
index b8fb9d079..000000000
--- a/vendor/github.com/docker/go-metrics/go.sum
+++ /dev/null
@@ -1,67 +0,0 @@
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0 h1:BQ53HtBmfOitExawJ6LokA4x8ov/z0SYYb0+HxJfRI8=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0 h1:kRhiuYSXR3+uv2IbVbZhUxK5zVD/2pp3Gd2PpvPkpEo=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3 h1:CTwfnzjQ+8dS6MhHHu4YswVAD99sL2wjPqP+VkURmKE=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3 h1:4y9KwBHBgBNwDbtu44R5o1fdOCQUEXhbk/P4A9WmJq0=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/github.com/docker/go-metrics/handler.go b/vendor/github.com/docker/go-metrics/handler.go
deleted file mode 100644
index 05601e9ec..000000000
--- a/vendor/github.com/docker/go-metrics/handler.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package metrics
-
-import (
-	"net/http"
-
-	"github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/client_golang/prometheus/promhttp"
-)
-
-// HTTPHandlerOpts describes a set of configurable options of http metrics
-type HTTPHandlerOpts struct {
-	DurationBuckets     []float64
-	RequestSizeBuckets  []float64
-	ResponseSizeBuckets []float64
-}
-
-const (
-	InstrumentHandlerResponseSize = iota
-	InstrumentHandlerRequestSize
-	InstrumentHandlerDuration
-	InstrumentHandlerCounter
-	InstrumentHandlerInFlight
-)
-
-type HTTPMetric struct {
-	prometheus.Collector
-	handlerType int
-}
-
-var (
-	defaultDurationBuckets     = []float64{.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10, 25, 60}
-	defaultRequestSizeBuckets  = prometheus.ExponentialBuckets(1024, 2, 22) //1K to 4G
-	defaultResponseSizeBuckets = defaultRequestSizeBuckets
-)
-
-// Handler returns the global http.Handler that provides the prometheus
-// metrics format on GET requests. This handler is no longer instrumented.
-func Handler() http.Handler {
-	return promhttp.Handler()
-}
-
-func InstrumentHandler(metrics []*HTTPMetric, handler http.Handler) http.HandlerFunc {
-	return InstrumentHandlerFunc(metrics, handler.ServeHTTP)
-}
-
-func InstrumentHandlerFunc(metrics []*HTTPMetric, handlerFunc http.HandlerFunc) http.HandlerFunc {
-	var handler http.Handler
-	handler = http.HandlerFunc(handlerFunc)
-	for _, metric := range metrics {
-		switch metric.handlerType {
-		case InstrumentHandlerResponseSize:
-			if collector, ok := metric.Collector.(prometheus.ObserverVec); ok {
-				handler = promhttp.InstrumentHandlerResponseSize(collector, handler)
-			}
-		case InstrumentHandlerRequestSize:
-			if collector, ok := metric.Collector.(prometheus.ObserverVec); ok {
-				handler = promhttp.InstrumentHandlerRequestSize(collector, handler)
-			}
-		case InstrumentHandlerDuration:
-			if collector, ok := metric.Collector.(prometheus.ObserverVec); ok {
-				handler = promhttp.InstrumentHandlerDuration(collector, handler)
-			}
-		case InstrumentHandlerCounter:
-			if collector, ok := metric.Collector.(*prometheus.CounterVec); ok {
-				handler = promhttp.InstrumentHandlerCounter(collector, handler)
-			}
-		case InstrumentHandlerInFlight:
-			if collector, ok := metric.Collector.(prometheus.Gauge); ok {
-				handler = promhttp.InstrumentHandlerInFlight(collector, handler)
-			}
-		}
-	}
-	return handler.ServeHTTP
-}
diff --git a/vendor/github.com/docker/go-metrics/helpers.go b/vendor/github.com/docker/go-metrics/helpers.go
deleted file mode 100644
index 68b7f51b3..000000000
--- a/vendor/github.com/docker/go-metrics/helpers.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package metrics
-
-func sumFloat64(vs ...float64) float64 {
-	var sum float64
-	for _, v := range vs {
-		sum += v
-	}
-
-	return sum
-}
diff --git a/vendor/github.com/docker/go-metrics/namespace.go b/vendor/github.com/docker/go-metrics/namespace.go
deleted file mode 100644
index 798315451..000000000
--- a/vendor/github.com/docker/go-metrics/namespace.go
+++ /dev/null
@@ -1,315 +0,0 @@
-package metrics
-
-import (
-	"fmt"
-	"sync"
-
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-type Labels map[string]string
-
-// NewNamespace returns a namespaces that is responsible for managing a collection of
-// metrics for a particual namespace and subsystem
-//
-// labels allows const labels to be added to all metrics created in this namespace
-// and are commonly used for data like application version and git commit
-func NewNamespace(name, subsystem string, labels Labels) *Namespace {
-	if labels == nil {
-		labels = make(map[string]string)
-	}
-	return &Namespace{
-		name:      name,
-		subsystem: subsystem,
-		labels:    labels,
-	}
-}
-
-// Namespace describes a set of metrics that share a namespace and subsystem.
-type Namespace struct {
-	name      string
-	subsystem string
-	labels    Labels
-	mu        sync.Mutex
-	metrics   []prometheus.Collector
-}
-
-// WithConstLabels returns a namespace with the provided set of labels merged
-// with the existing constant labels on the namespace.
-//
-//  Only metrics created with the returned namespace will get the new constant
-//  labels.  The returned namespace must be registered separately.
-func (n *Namespace) WithConstLabels(labels Labels) *Namespace {
-	n.mu.Lock()
-	ns := &Namespace{
-		name:      n.name,
-		subsystem: n.subsystem,
-		labels:    mergeLabels(n.labels, labels),
-	}
-	n.mu.Unlock()
-	return ns
-}
-
-func (n *Namespace) NewCounter(name, help string) Counter {
-	c := &counter{pc: prometheus.NewCounter(n.newCounterOpts(name, help))}
-	n.Add(c)
-	return c
-}
-
-func (n *Namespace) NewLabeledCounter(name, help string, labels ...string) LabeledCounter {
-	c := &labeledCounter{pc: prometheus.NewCounterVec(n.newCounterOpts(name, help), labels)}
-	n.Add(c)
-	return c
-}
-
-func (n *Namespace) newCounterOpts(name, help string) prometheus.CounterOpts {
-	return prometheus.CounterOpts{
-		Namespace:   n.name,
-		Subsystem:   n.subsystem,
-		Name:        makeName(name, Total),
-		Help:        help,
-		ConstLabels: prometheus.Labels(n.labels),
-	}
-}
-
-func (n *Namespace) NewTimer(name, help string) Timer {
-	t := &timer{
-		m: prometheus.NewHistogram(n.newTimerOpts(name, help)),
-	}
-	n.Add(t)
-	return t
-}
-
-func (n *Namespace) NewLabeledTimer(name, help string, labels ...string) LabeledTimer {
-	t := &labeledTimer{
-		m: prometheus.NewHistogramVec(n.newTimerOpts(name, help), labels),
-	}
-	n.Add(t)
-	return t
-}
-
-func (n *Namespace) newTimerOpts(name, help string) prometheus.HistogramOpts {
-	return prometheus.HistogramOpts{
-		Namespace:   n.name,
-		Subsystem:   n.subsystem,
-		Name:        makeName(name, Seconds),
-		Help:        help,
-		ConstLabels: prometheus.Labels(n.labels),
-	}
-}
-
-func (n *Namespace) NewGauge(name, help string, unit Unit) Gauge {
-	g := &gauge{
-		pg: prometheus.NewGauge(n.newGaugeOpts(name, help, unit)),
-	}
-	n.Add(g)
-	return g
-}
-
-func (n *Namespace) NewLabeledGauge(name, help string, unit Unit, labels ...string) LabeledGauge {
-	g := &labeledGauge{
-		pg: prometheus.NewGaugeVec(n.newGaugeOpts(name, help, unit), labels),
-	}
-	n.Add(g)
-	return g
-}
-
-func (n *Namespace) newGaugeOpts(name, help string, unit Unit) prometheus.GaugeOpts {
-	return prometheus.GaugeOpts{
-		Namespace:   n.name,
-		Subsystem:   n.subsystem,
-		Name:        makeName(name, unit),
-		Help:        help,
-		ConstLabels: prometheus.Labels(n.labels),
-	}
-}
-
-func (n *Namespace) Describe(ch chan<- *prometheus.Desc) {
-	n.mu.Lock()
-	defer n.mu.Unlock()
-
-	for _, metric := range n.metrics {
-		metric.Describe(ch)
-	}
-}
-
-func (n *Namespace) Collect(ch chan<- prometheus.Metric) {
-	n.mu.Lock()
-	defer n.mu.Unlock()
-
-	for _, metric := range n.metrics {
-		metric.Collect(ch)
-	}
-}
-
-func (n *Namespace) Add(collector prometheus.Collector) {
-	n.mu.Lock()
-	n.metrics = append(n.metrics, collector)
-	n.mu.Unlock()
-}
-
-func (n *Namespace) NewDesc(name, help string, unit Unit, labels ...string) *prometheus.Desc {
-	name = makeName(name, unit)
-	namespace := n.name
-	if n.subsystem != "" {
-		namespace = fmt.Sprintf("%s_%s", namespace, n.subsystem)
-	}
-	name = fmt.Sprintf("%s_%s", namespace, name)
-	return prometheus.NewDesc(name, help, labels, prometheus.Labels(n.labels))
-}
-
-// mergeLabels merges two or more labels objects into a single map, favoring
-// the later labels.
-func mergeLabels(lbs ...Labels) Labels {
-	merged := make(Labels)
-
-	for _, target := range lbs {
-		for k, v := range target {
-			merged[k] = v
-		}
-	}
-
-	return merged
-}
-
-func makeName(name string, unit Unit) string {
-	if unit == "" {
-		return name
-	}
-
-	return fmt.Sprintf("%s_%s", name, unit)
-}
-
-func (n *Namespace) NewDefaultHttpMetrics(handlerName string) []*HTTPMetric {
-	return n.NewHttpMetricsWithOpts(handlerName, HTTPHandlerOpts{
-		DurationBuckets:     defaultDurationBuckets,
-		RequestSizeBuckets:  defaultResponseSizeBuckets,
-		ResponseSizeBuckets: defaultResponseSizeBuckets,
-	})
-}
-
-func (n *Namespace) NewHttpMetrics(handlerName string, durationBuckets, requestSizeBuckets, responseSizeBuckets []float64) []*HTTPMetric {
-	return n.NewHttpMetricsWithOpts(handlerName, HTTPHandlerOpts{
-		DurationBuckets:     durationBuckets,
-		RequestSizeBuckets:  requestSizeBuckets,
-		ResponseSizeBuckets: responseSizeBuckets,
-	})
-}
-
-func (n *Namespace) NewHttpMetricsWithOpts(handlerName string, opts HTTPHandlerOpts) []*HTTPMetric {
-	var httpMetrics []*HTTPMetric
-	inFlightMetric := n.NewInFlightGaugeMetric(handlerName)
-	requestTotalMetric := n.NewRequestTotalMetric(handlerName)
-	requestDurationMetric := n.NewRequestDurationMetric(handlerName, opts.DurationBuckets)
-	requestSizeMetric := n.NewRequestSizeMetric(handlerName, opts.RequestSizeBuckets)
-	responseSizeMetric := n.NewResponseSizeMetric(handlerName, opts.ResponseSizeBuckets)
-	httpMetrics = append(httpMetrics, inFlightMetric, requestDurationMetric, requestTotalMetric, requestSizeMetric, responseSizeMetric)
-	return httpMetrics
-}
-
-func (n *Namespace) NewInFlightGaugeMetric(handlerName string) *HTTPMetric {
-	labels := prometheus.Labels(n.labels)
-	labels["handler"] = handlerName
-	metric := prometheus.NewGauge(prometheus.GaugeOpts{
-		Namespace:   n.name,
-		Subsystem:   n.subsystem,
-		Name:        "in_flight_requests",
-		Help:        "The in-flight HTTP requests",
-		ConstLabels: prometheus.Labels(labels),
-	})
-	httpMetric := &HTTPMetric{
-		Collector:   metric,
-		handlerType: InstrumentHandlerInFlight,
-	}
-	n.Add(httpMetric)
-	return httpMetric
-}
-
-func (n *Namespace) NewRequestTotalMetric(handlerName string) *HTTPMetric {
-	labels := prometheus.Labels(n.labels)
-	labels["handler"] = handlerName
-	metric := prometheus.NewCounterVec(
-		prometheus.CounterOpts{
-			Namespace:   n.name,
-			Subsystem:   n.subsystem,
-			Name:        "requests_total",
-			Help:        "Total number of HTTP requests made.",
-			ConstLabels: prometheus.Labels(labels),
-		},
-		[]string{"code", "method"},
-	)
-	httpMetric := &HTTPMetric{
-		Collector:   metric,
-		handlerType: InstrumentHandlerCounter,
-	}
-	n.Add(httpMetric)
-	return httpMetric
-}
-func (n *Namespace) NewRequestDurationMetric(handlerName string, buckets []float64) *HTTPMetric {
-	if len(buckets) == 0 {
-		panic("DurationBuckets must be provided")
-	}
-	labels := prometheus.Labels(n.labels)
-	labels["handler"] = handlerName
-	opts := prometheus.HistogramOpts{
-		Namespace:   n.name,
-		Subsystem:   n.subsystem,
-		Name:        "request_duration_seconds",
-		Help:        "The HTTP request latencies in seconds.",
-		Buckets:     buckets,
-		ConstLabels: prometheus.Labels(labels),
-	}
-	metric := prometheus.NewHistogramVec(opts, []string{"method"})
-	httpMetric := &HTTPMetric{
-		Collector:   metric,
-		handlerType: InstrumentHandlerDuration,
-	}
-	n.Add(httpMetric)
-	return httpMetric
-}
-
-func (n *Namespace) NewRequestSizeMetric(handlerName string, buckets []float64) *HTTPMetric {
-	if len(buckets) == 0 {
-		panic("RequestSizeBuckets must be provided")
-	}
-	labels := prometheus.Labels(n.labels)
-	labels["handler"] = handlerName
-	opts := prometheus.HistogramOpts{
-		Namespace:   n.name,
-		Subsystem:   n.subsystem,
-		Name:        "request_size_bytes",
-		Help:        "The HTTP request sizes in bytes.",
-		Buckets:     buckets,
-		ConstLabels: prometheus.Labels(labels),
-	}
-	metric := prometheus.NewHistogramVec(opts, []string{})
-	httpMetric := &HTTPMetric{
-		Collector:   metric,
-		handlerType: InstrumentHandlerRequestSize,
-	}
-	n.Add(httpMetric)
-	return httpMetric
-}
-
-func (n *Namespace) NewResponseSizeMetric(handlerName string, buckets []float64) *HTTPMetric {
-	if len(buckets) == 0 {
-		panic("ResponseSizeBuckets must be provided")
-	}
-	labels := prometheus.Labels(n.labels)
-	labels["handler"] = handlerName
-	opts := prometheus.HistogramOpts{
-		Namespace:   n.name,
-		Subsystem:   n.subsystem,
-		Name:        "response_size_bytes",
-		Help:        "The HTTP response sizes in bytes.",
-		Buckets:     buckets,
-		ConstLabels: prometheus.Labels(labels),
-	}
-	metrics := prometheus.NewHistogramVec(opts, []string{})
-	httpMetric := &HTTPMetric{
-		Collector:   metrics,
-		handlerType: InstrumentHandlerResponseSize,
-	}
-	n.Add(httpMetric)
-	return httpMetric
-}
diff --git a/vendor/github.com/docker/go-metrics/register.go b/vendor/github.com/docker/go-metrics/register.go
deleted file mode 100644
index 708358df0..000000000
--- a/vendor/github.com/docker/go-metrics/register.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package metrics
-
-import "github.com/prometheus/client_golang/prometheus"
-
-// Register adds all the metrics in the provided namespace to the global
-// metrics registry
-func Register(n *Namespace) {
-	prometheus.MustRegister(n)
-}
-
-// Deregister removes all the metrics in the provided namespace from the
-// global metrics registry
-func Deregister(n *Namespace) {
-	prometheus.Unregister(n)
-}
diff --git a/vendor/github.com/docker/go-metrics/timer.go b/vendor/github.com/docker/go-metrics/timer.go
deleted file mode 100644
index 824c98739..000000000
--- a/vendor/github.com/docker/go-metrics/timer.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package metrics
-
-import (
-	"time"
-
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-// StartTimer begins a timer observation at the callsite. When the target
-// operation is completed, the caller should call the return done func().
-func StartTimer(timer Timer) (done func()) {
-	start := time.Now()
-	return func() {
-		timer.Update(time.Since(start))
-	}
-}
-
-// Timer is a metric that allows collecting the duration of an action in seconds
-type Timer interface {
-	// Update records an observation, duration, and converts to the target
-	// units.
-	Update(duration time.Duration)
-
-	// UpdateSince will add the duration from the provided starting time to the
-	// timer's summary with the precisions that was used in creation of the timer
-	UpdateSince(time.Time)
-}
-
-// LabeledTimer is a timer that must have label values populated before use.
-type LabeledTimer interface {
-	WithValues(labels ...string) *labeledTimerObserver
-}
-
-type labeledTimer struct {
-	m *prometheus.HistogramVec
-}
-
-type labeledTimerObserver struct {
-	m prometheus.Observer
-}
-
-func (lbo *labeledTimerObserver) Update(duration time.Duration) {
-	lbo.m.Observe(duration.Seconds())
-}
-
-func (lbo *labeledTimerObserver) UpdateSince(since time.Time) {
-	lbo.m.Observe(time.Since(since).Seconds())
-}
-
-func (lt *labeledTimer) WithValues(labels ...string) *labeledTimerObserver {
-	return &labeledTimerObserver{m: lt.m.WithLabelValues(labels...)}
-}
-
-func (lt *labeledTimer) Describe(c chan<- *prometheus.Desc) {
-	lt.m.Describe(c)
-}
-
-func (lt *labeledTimer) Collect(c chan<- prometheus.Metric) {
-	lt.m.Collect(c)
-}
-
-type timer struct {
-	m prometheus.Observer
-}
-
-func (t *timer) Update(duration time.Duration) {
-	t.m.Observe(duration.Seconds())
-}
-
-func (t *timer) UpdateSince(since time.Time) {
-	t.m.Observe(time.Since(since).Seconds())
-}
-
-func (t *timer) Describe(c chan<- *prometheus.Desc) {
-	c <- t.m.(prometheus.Metric).Desc()
-}
-
-func (t *timer) Collect(c chan<- prometheus.Metric) {
-	// Are there any observers that don't implement Collector? It is really
-	// unclear what the point of the upstream change was, but we'll let this
-	// panic if we get an observer that doesn't implement collector. In this
-	// case, we should almost always see metricVec objects, so this should
-	// never panic.
-	t.m.(prometheus.Collector).Collect(c)
-}
diff --git a/vendor/github.com/docker/go-metrics/unit.go b/vendor/github.com/docker/go-metrics/unit.go
deleted file mode 100644
index c96622f90..000000000
--- a/vendor/github.com/docker/go-metrics/unit.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package metrics
-
-// Unit represents the type or precision of a metric that is appended to
-// the metrics fully qualified name
-type Unit string
-
-const (
-	Nanoseconds Unit = "nanoseconds"
-	Seconds     Unit = "seconds"
-	Bytes       Unit = "bytes"
-	Total       Unit = "total"
-)
diff --git a/vendor/github.com/docker/go-units/size.go b/vendor/github.com/docker/go-units/size.go
index 85f6ab071..c245a8951 100644
--- a/vendor/github.com/docker/go-units/size.go
+++ b/vendor/github.com/docker/go-units/size.go
@@ -2,7 +2,6 @@ package units
 
 import (
 	"fmt"
-	"regexp"
 	"strconv"
 	"strings"
 )
@@ -26,16 +25,17 @@ const (
 	PiB = 1024 * TiB
 )
 
-type unitMap map[string]int64
+type unitMap map[byte]int64
 
 var (
-	decimalMap = unitMap{"k": KB, "m": MB, "g": GB, "t": TB, "p": PB}
-	binaryMap  = unitMap{"k": KiB, "m": MiB, "g": GiB, "t": TiB, "p": PiB}
-	sizeRegex  = regexp.MustCompile(`^(\d+(\.\d+)*) ?([kKmMgGtTpP])?[iI]?[bB]?$`)
+	decimalMap = unitMap{'k': KB, 'm': MB, 'g': GB, 't': TB, 'p': PB}
+	binaryMap  = unitMap{'k': KiB, 'm': MiB, 'g': GiB, 't': TiB, 'p': PiB}
 )
 
-var decimapAbbrs = []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}
-var binaryAbbrs = []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB"}
+var (
+	decimapAbbrs = []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}
+	binaryAbbrs  = []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB"}
+)
 
 func getSizeAndUnit(size float64, base float64, _map []string) (float64, string) {
 	i := 0
@@ -89,20 +89,66 @@ func RAMInBytes(size string) (int64, error) {
 
 // Parses the human-readable size string into the amount it represents.
 func parseSize(sizeStr string, uMap unitMap) (int64, error) {
-	matches := sizeRegex.FindStringSubmatch(sizeStr)
-	if len(matches) != 4 {
+	// TODO: rewrite to use strings.Cut if there's a space
+	// once Go < 1.18 is deprecated.
+	sep := strings.LastIndexAny(sizeStr, "01234567890. ")
+	if sep == -1 {
+		// There should be at least a digit.
 		return -1, fmt.Errorf("invalid size: '%s'", sizeStr)
 	}
+	var num, sfx string
+	if sizeStr[sep] != ' ' {
+		num = sizeStr[:sep+1]
+		sfx = sizeStr[sep+1:]
+	} else {
+		// Omit the space separator.
+		num = sizeStr[:sep]
+		sfx = sizeStr[sep+1:]
+	}
 
-	size, err := strconv.ParseFloat(matches[1], 64)
+	size, err := strconv.ParseFloat(num, 64)
 	if err != nil {
 		return -1, err
 	}
+	// Backward compatibility: reject negative sizes.
+	if size < 0 {
+		return -1, fmt.Errorf("invalid size: '%s'", sizeStr)
+	}
+
+	if len(sfx) == 0 {
+		return int64(size), nil
+	}
 
-	unitPrefix := strings.ToLower(matches[3])
-	if mul, ok := uMap[unitPrefix]; ok {
+	// Process the suffix.
+
+	if len(sfx) > 3 { // Too long.
+		goto badSuffix
+	}
+	sfx = strings.ToLower(sfx)
+	// Trivial case: b suffix.
+	if sfx[0] == 'b' {
+		if len(sfx) > 1 { // no extra characters allowed after b.
+			goto badSuffix
+		}
+		return int64(size), nil
+	}
+	// A suffix from the map.
+	if mul, ok := uMap[sfx[0]]; ok {
 		size *= float64(mul)
+	} else {
+		goto badSuffix
+	}
+
+	// The suffix may have extra "b" or "ib" (e.g. KiB or MB).
+	switch {
+	case len(sfx) == 2 && sfx[1] != 'b':
+		goto badSuffix
+	case len(sfx) == 3 && sfx[1:] != "ib":
+		goto badSuffix
 	}
 
 	return int64(size), nil
+
+badSuffix:
+	return -1, fmt.Errorf("invalid suffix: '%s'", sfx)
 }
diff --git a/vendor/github.com/docker/libnetwork/LICENSE b/vendor/github.com/docker/libnetwork/LICENSE
deleted file mode 100644
index e06d20818..000000000
--- a/vendor/github.com/docker/libnetwork/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
diff --git a/vendor/github.com/docker/libnetwork/ipamutils/utils.go b/vendor/github.com/docker/libnetwork/ipamutils/utils.go
deleted file mode 100644
index 3fd37cd88..000000000
--- a/vendor/github.com/docker/libnetwork/ipamutils/utils.go
+++ /dev/null
@@ -1,135 +0,0 @@
-// Package ipamutils provides utility functions for ipam management
-package ipamutils
-
-import (
-	"fmt"
-	"net"
-	"sync"
-)
-
-var (
-	// PredefinedLocalScopeDefaultNetworks contains a list of 31 IPv4 private networks with host size 16 and 12
-	// (172.17-31.x.x/16, 192.168.x.x/20) which do not overlap with the networks in `PredefinedGlobalScopeDefaultNetworks`
-	PredefinedLocalScopeDefaultNetworks []*net.IPNet
-	// PredefinedGlobalScopeDefaultNetworks contains a list of 64K IPv4 private networks with host size 8
-	// (10.x.x.x/24) which do not overlap with the networks in `PredefinedLocalScopeDefaultNetworks`
-	PredefinedGlobalScopeDefaultNetworks []*net.IPNet
-	mutex                                sync.Mutex
-	localScopeDefaultNetworks            = []*NetworkToSplit{{"172.17.0.0/16", 16}, {"172.18.0.0/16", 16}, {"172.19.0.0/16", 16},
-		{"172.20.0.0/14", 16}, {"172.24.0.0/14", 16}, {"172.28.0.0/14", 16},
-		{"192.168.0.0/16", 20}}
-	globalScopeDefaultNetworks = []*NetworkToSplit{{"10.0.0.0/8", 24}}
-)
-
-// NetworkToSplit represent a network that has to be split in chunks with mask length Size.
-// Each subnet in the set is derived from the Base pool. Base is to be passed
-// in CIDR format.
-// Example: a Base "10.10.0.0/16 with Size 24 will define the set of 256
-// 10.10.[0-255].0/24 address pools
-type NetworkToSplit struct {
-	Base string `json:"base"`
-	Size int    `json:"size"`
-}
-
-func init() {
-	var err error
-	if PredefinedGlobalScopeDefaultNetworks, err = splitNetworks(globalScopeDefaultNetworks); err != nil {
-		//we are going to panic in case of error as we should never get into this state
-		panic("InitAddressPools failed to initialize the global scope default address pool")
-	}
-
-	if PredefinedLocalScopeDefaultNetworks, err = splitNetworks(localScopeDefaultNetworks); err != nil {
-		//we are going to panic in case of error as we should never get into this state
-		panic("InitAddressPools failed to initialize the local scope default address pool")
-	}
-}
-
-// configDefaultNetworks configures local as well global default pool based on input
-func configDefaultNetworks(defaultAddressPool []*NetworkToSplit, result *[]*net.IPNet) error {
-	mutex.Lock()
-	defer mutex.Unlock()
-	defaultNetworks, err := splitNetworks(defaultAddressPool)
-	if err != nil {
-		return err
-	}
-	*result = defaultNetworks
-	return nil
-}
-
-// GetGlobalScopeDefaultNetworks returns PredefinedGlobalScopeDefaultNetworks
-func GetGlobalScopeDefaultNetworks() []*net.IPNet {
-	mutex.Lock()
-	defer mutex.Unlock()
-	return PredefinedGlobalScopeDefaultNetworks
-}
-
-// GetLocalScopeDefaultNetworks returns PredefinedLocalScopeDefaultNetworks
-func GetLocalScopeDefaultNetworks() []*net.IPNet {
-	mutex.Lock()
-	defer mutex.Unlock()
-	return PredefinedLocalScopeDefaultNetworks
-}
-
-// ConfigGlobalScopeDefaultNetworks configures global default pool.
-// Ideally this will be called from SwarmKit as part of swarm init
-func ConfigGlobalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error {
-	if defaultAddressPool == nil {
-		defaultAddressPool = globalScopeDefaultNetworks
-	}
-	return configDefaultNetworks(defaultAddressPool, &PredefinedGlobalScopeDefaultNetworks)
-}
-
-// ConfigLocalScopeDefaultNetworks configures local default pool.
-// Ideally this will be called during libnetwork init
-func ConfigLocalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error {
-	if defaultAddressPool == nil {
-		return nil
-	}
-	return configDefaultNetworks(defaultAddressPool, &PredefinedLocalScopeDefaultNetworks)
-}
-
-// splitNetworks takes a slice of networks, split them accordingly and returns them
-func splitNetworks(list []*NetworkToSplit) ([]*net.IPNet, error) {
-	localPools := make([]*net.IPNet, 0, len(list))
-
-	for _, p := range list {
-		_, b, err := net.ParseCIDR(p.Base)
-		if err != nil {
-			return nil, fmt.Errorf("invalid base pool %q: %v", p.Base, err)
-		}
-		ones, _ := b.Mask.Size()
-		if p.Size <= 0 || p.Size < ones {
-			return nil, fmt.Errorf("invalid pools size: %d", p.Size)
-		}
-		localPools = append(localPools, splitNetwork(p.Size, b)...)
-	}
-	return localPools, nil
-}
-
-func splitNetwork(size int, base *net.IPNet) []*net.IPNet {
-	one, bits := base.Mask.Size()
-	mask := net.CIDRMask(size, bits)
-	n := 1 << uint(size-one)
-	s := uint(bits - size)
-	list := make([]*net.IPNet, 0, n)
-
-	for i := 0; i < n; i++ {
-		ip := copyIP(base.IP)
-		addIntToIP(ip, uint(i<<s))
-		list = append(list, &net.IPNet{IP: ip, Mask: mask})
-	}
-	return list
-}
-
-func copyIP(from net.IP) net.IP {
-	ip := make([]byte, len(from))
-	copy(ip, from)
-	return ip
-}
-
-func addIntToIP(array net.IP, ordinal uint) {
-	for i := len(array) - 1; i >= 0; i-- {
-		array[i] |= (byte)(ordinal & 0xff)
-		ordinal >>= 8
-	}
-}
diff --git a/vendor/github.com/dtylman/scp/.gitignore b/vendor/github.com/dtylman/scp/.gitignore
deleted file mode 100644
index 6e1690ed6..000000000
--- a/vendor/github.com/dtylman/scp/.gitignore
+++ /dev/null
@@ -1,25 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
-example/example
diff --git a/vendor/github.com/dtylman/scp/LICENSE b/vendor/github.com/dtylman/scp/LICENSE
deleted file mode 100644
index 6565de59d..000000000
--- a/vendor/github.com/dtylman/scp/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2016 Danny
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/dtylman/scp/README.md b/vendor/github.com/dtylman/scp/README.md
deleted file mode 100644
index 48cfefe02..000000000
--- a/vendor/github.com/dtylman/scp/README.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# scp
-
-[![Go Report Card](https://goreportcard.com/badge/github.com/dtylman/scp)](https://goreportcard.com/report/github.com/dtylman/scp)
-
-A Simple `go` SCP client library.
-
-## Usage
-
-```go
-import (
-  "github.com/dtylman/scp"
-  "golang.org/x/crypto/ssh"
-)
-```
-
-## Sending Files
-
-Copies `/var/log/messages` to remote `/tmp/lala`:
-
-```go
-var sc* ssh.Client
-// establish ssh connection into sc here...
-n,err:=scp.CopyTo(sc, "/var/log/messages", "/tmp/lala")
-if err==nil{
-  fmt.Printf("Sent %v bytes",n)
-}
-```
-
-## Receiving Files
-
-Copies remote `/var/log/message` to local `/tmp/lala`:
-
-```go
-var sc* ssh.Client
-// establish ssh connection into sc here...
-n,err:=scp.CopyFrom(sc, "/var/log/message", "/tmp/lala")
-if err==nil{
-  fmt.Printf("Sent %v bytes",n)
-}
-```
-
-
diff --git a/vendor/github.com/dtylman/scp/msg.go b/vendor/github.com/dtylman/scp/msg.go
deleted file mode 100644
index 6dfc53535..000000000
--- a/vendor/github.com/dtylman/scp/msg.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package scp
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"strconv"
-	"strings"
-)
-
-const (
-	//CopyMessage Copy Message Opcode
-	CopyMessage = 'C'
-	//ErrorMessage Error OpCode
-	ErrorMessage = 0x1
-	//WarnMessage Warning Opcode
-	WarnMessage = 0x2
-)
-
-//Message is scp control message
-type Message struct {
-	Type     byte
-	Error    error
-	Mode     string
-	Size     int64
-	FileName string
-}
-
-func (m *Message) readByte(reader io.Reader) (byte, error) {
-	buff := make([]byte, 1)
-	_, err := io.ReadFull(reader, buff)
-	if err != nil {
-		return 0, err
-	}
-	return buff[0], nil
-
-}
-
-func (m *Message) readOpCode(reader io.Reader) error {
-	var err error
-	m.Type, err = m.readByte(reader)
-	return err
-}
-
-//ReadError reads an error message
-func (m *Message) ReadError(reader io.Reader) error {
-	msg, err := ioutil.ReadAll(reader)
-	if err != nil {
-		return err
-	}
-	m.Error = errors.New(strings.TrimSpace(string(msg)))
-	return nil
-}
-
-func (m *Message) readLine(reader io.Reader) (string, error) {
-	line := ""
-	b, err := m.readByte(reader)
-	if err != nil {
-		return "", err
-	}
-	for b != 10 {
-		line += string(b)
-		b, err = m.readByte(reader)
-		if err != nil {
-			return "", err
-		}
-	}
-	return line, nil
-}
-
-func (m *Message) readCopy(reader io.Reader) error {
-	line, err := m.readLine(reader)
-	if err != nil {
-		return err
-	}
-	parts := strings.Split(line, " ")
-	if len(parts) < 2 {
-		return errors.New("Invalid copy line: " + line)
-	}
-	m.Mode = parts[0]
-	m.Size, err = strconv.ParseInt(parts[1], 10, 0)
-	if err != nil {
-		return err
-	}
-	m.FileName = parts[2]
-	return nil
-}
-
-//ReadFrom reads message from reader
-func (m *Message) ReadFrom(reader io.Reader) (int64, error) {
-	err := m.readOpCode(reader)
-	if err != nil {
-		return 0, err
-	}
-	switch m.Type {
-	case CopyMessage:
-		err = m.readCopy(reader)
-		if err != nil {
-			return 0, err
-		}
-	case ErrorMessage, WarnMessage:
-		err = m.ReadError(reader)
-		if err != nil {
-			return 0, err
-		}
-	default:
-		return 0, fmt.Errorf("Unsupported opcode: %v", m.Type)
-	}
-	return m.Size, nil
-}
-
-//NewMessageFromReader constructs a new message from a data in reader
-func NewMessageFromReader(reader io.Reader) (*Message, error) {
-	m := new(Message)
-	_, err := m.ReadFrom(reader)
-	if err != nil {
-		return nil, err
-	}
-	return m, nil
-}
diff --git a/vendor/github.com/dtylman/scp/scp.go b/vendor/github.com/dtylman/scp/scp.go
deleted file mode 100644
index 841c16965..000000000
--- a/vendor/github.com/dtylman/scp/scp.go
+++ /dev/null
@@ -1,153 +0,0 @@
-package scp
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/crypto/ssh"
-)
-
-const (
-	fileMode = "0644"
-	buffSize = 1024 * 256
-)
-
-//CopyTo copy from local to remote
-func CopyTo(sshClient *ssh.Client, local string, remote string) (int64, error) {
-	session, err := sshClient.NewSession()
-	if err != nil {
-		return 0, err
-	}
-	defer session.Close()
-	stderr := &bytes.Buffer{}
-	session.Stderr = stderr
-	stdout := &bytes.Buffer{}
-	session.Stdout = stdout
-	writer, err := session.StdinPipe()
-	if err != nil {
-		return 0, err
-	}
-	defer writer.Close()
-	err = session.Start("scp -t " + filepath.Dir(remote))
-	if err != nil {
-		return 0, err
-	}
-
-	localFile, err := os.Open(local)
-	if err != nil {
-		return 0, err
-	}
-	fileInfo, err := localFile.Stat()
-	if err != nil {
-		return 0, err
-	}
-	_, err = fmt.Fprintf(writer, "C%s %d %s\n", fileMode, fileInfo.Size(), filepath.Base(remote))
-	if err != nil {
-		return 0, err
-	}
-	n, err := copyN(writer, localFile, fileInfo.Size())
-	if err != nil {
-		return 0, err
-	}
-	err = ack(writer)
-	if err != nil {
-		return 0, err
-	}
-
-	err = session.Wait()
-	log.Debugf("Copied %v bytes out of %v. err: %v stdout:%v. stderr:%v", n, fileInfo.Size(), err, stdout, stderr)
-	//NOTE: Process exited with status 1 is not an error, it just how scp work. (waiting for the next control message and we send EOF)
-	return n, nil
-}
-
-//CopyFrom copy from remote to local
-func CopyFrom(sshClient *ssh.Client, remote string, local string) (int64, error) {
-	session, err := sshClient.NewSession()
-	if err != nil {
-		return 0, err
-	}
-	defer session.Close()
-	stderr := &bytes.Buffer{}
-	session.Stderr = stderr
-	writer, err := session.StdinPipe()
-	if err != nil {
-		return 0, err
-	}
-	defer writer.Close()
-	reader, err := session.StdoutPipe()
-	if err != nil {
-		return 0, err
-	}
-	err = session.Start("scp -f " + remote)
-	if err != nil {
-		return 0, err
-	}
-	err = ack(writer)
-	if err != nil {
-		return 0, err
-	}
-	msg, err := NewMessageFromReader(reader)
-	if err != nil {
-		return 0, err
-	}
-	if msg.Type == ErrorMessage || msg.Type == WarnMessage {
-		return 0, msg.Error
-	}
-	log.Debugf("Receiving %v", msg)
-
-	err = ack(writer)
-	if err != nil {
-		return 0, err
-	}
-	outFile, err := os.Create(local)
-	if err != nil {
-		return 0, err
-	}
-	defer outFile.Close()
-	n, err := copyN(outFile, reader, msg.Size)
-	if err != nil {
-		return 0, err
-	}
-	err = outFile.Sync()
-	if err != nil {
-		return 0, err
-	}
-	err = outFile.Close()
-	if err != nil {
-		return 0, err
-	}
-	err = session.Wait()
-	log.Debugf("Copied %v bytes out of %v. err: %v stderr:%v", n, msg.Size, err, stderr)
-	return n, nil
-}
-
-func ack(writer io.Writer) error {
-	var msg = []byte{0, 0, 10, 13}
-	n, err := writer.Write(msg)
-	if err != nil {
-		return err
-	}
-	if n < len(msg) {
-		return errors.New("Failed to write ack buffer")
-	}
-	return nil
-}
-
-func copyN(writer io.Writer, src io.Reader, size int64) (int64, error) {
-	reader := io.LimitReader(src, size)
-	var total int64
-	for total < size {
-		n, err := io.CopyBuffer(writer, reader, make([]byte, buffSize))
-		log.Debugf("Copied chunk %v total: %v out of %v err: %v ", n, total, size, err)
-		if err != nil {
-			return 0, err
-		}
-		total += n
-	}
-	return total, nil
-}
diff --git a/vendor/github.com/felixge/httpsnoop/README.md b/vendor/github.com/felixge/httpsnoop/README.md
index ae44137e9..ddcecd13e 100644
--- a/vendor/github.com/felixge/httpsnoop/README.md
+++ b/vendor/github.com/felixge/httpsnoop/README.md
@@ -65,7 +65,8 @@ being called, or called more than once, as well as concurrent calls to
 Unfortunately this package is not perfect either. It's possible that it is
 still missing some interfaces provided by the go core (let me know if you find
 one), and it won't work for applications adding their own interfaces into the
-mix.
+mix. You can however use `httpsnoop.Unwrap(w)` to access the underlying
+`http.ResponseWriter` and type-assert the result to its other interfaces.
 
 However, hopefully the explanation above has sufficiently scared you of rolling
 your own solution to this problem. httpsnoop may still break your application,
diff --git a/vendor/github.com/felixge/httpsnoop/capture_metrics.go b/vendor/github.com/felixge/httpsnoop/capture_metrics.go
index 4c45b1a8c..b77cc7c00 100644
--- a/vendor/github.com/felixge/httpsnoop/capture_metrics.go
+++ b/vendor/github.com/felixge/httpsnoop/capture_metrics.go
@@ -3,7 +3,6 @@ package httpsnoop
 import (
 	"io"
 	"net/http"
-	"sync"
 	"time"
 )
 
@@ -36,17 +35,23 @@ func CaptureMetrics(hnd http.Handler, w http.ResponseWriter, r *http.Request) Me
 // sugar on top of this func), but is a more usable interface if your
 // application doesn't use the Go http.Handler interface.
 func CaptureMetricsFn(w http.ResponseWriter, fn func(http.ResponseWriter)) Metrics {
+	m := Metrics{Code: http.StatusOK}
+	m.CaptureMetrics(w, fn)
+	return m
+}
+
+// CaptureMetrics wraps w and calls fn with the wrapped w and updates
+// Metrics m with the resulting metrics. This is similar to CaptureMetricsFn,
+// but allows one to customize starting Metrics object.
+func (m *Metrics) CaptureMetrics(w http.ResponseWriter, fn func(http.ResponseWriter)) {
 	var (
 		start         = time.Now()
-		m             = Metrics{Code: http.StatusOK}
 		headerWritten bool
-		lock          sync.Mutex
 		hooks         = Hooks{
 			WriteHeader: func(next WriteHeaderFunc) WriteHeaderFunc {
 				return func(code int) {
 					next(code)
-					lock.Lock()
-					defer lock.Unlock()
+
 					if !headerWritten {
 						m.Code = code
 						headerWritten = true
@@ -57,8 +62,7 @@ func CaptureMetricsFn(w http.ResponseWriter, fn func(http.ResponseWriter)) Metri
 			Write: func(next WriteFunc) WriteFunc {
 				return func(p []byte) (int, error) {
 					n, err := next(p)
-					lock.Lock()
-					defer lock.Unlock()
+
 					m.Written += int64(n)
 					headerWritten = true
 					return n, err
@@ -68,8 +72,7 @@ func CaptureMetricsFn(w http.ResponseWriter, fn func(http.ResponseWriter)) Metri
 			ReadFrom: func(next ReadFromFunc) ReadFromFunc {
 				return func(src io.Reader) (int64, error) {
 					n, err := next(src)
-					lock.Lock()
-					defer lock.Unlock()
+
 					headerWritten = true
 					m.Written += n
 					return n, err
@@ -79,6 +82,5 @@ func CaptureMetricsFn(w http.ResponseWriter, fn func(http.ResponseWriter)) Metri
 	)
 
 	fn(Wrap(w, hooks))
-	m.Duration = time.Since(start)
-	return m
+	m.Duration += time.Since(start)
 }
diff --git a/vendor/github.com/felixge/httpsnoop/go.mod b/vendor/github.com/felixge/httpsnoop/go.mod
deleted file mode 100644
index 73b394690..000000000
--- a/vendor/github.com/felixge/httpsnoop/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/felixge/httpsnoop
-
-go 1.13
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
index 41a20da9e..31cbdfb8e 100644
--- a/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
+++ b/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
@@ -74,243 +74,275 @@ func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
 	// combination 1/32
 	case !i0 && !i1 && !i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
-		}{rw}
+		}{rw, rw}
 	// combination 2/32
 	case !i0 && !i1 && !i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Pusher
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 3/32
 	case !i0 && !i1 && !i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			io.ReaderFrom
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 4/32
 	case !i0 && !i1 && !i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 5/32
 	case !i0 && !i1 && i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Hijacker
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 6/32
 	case !i0 && !i1 && i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Hijacker
 			http.Pusher
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 7/32
 	case !i0 && !i1 && i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 8/32
 	case !i0 && !i1 && i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Hijacker
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 9/32
 	case !i0 && i1 && !i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 10/32
 	case !i0 && i1 && !i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			http.Pusher
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 11/32
 	case !i0 && i1 && !i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			io.ReaderFrom
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 12/32
 	case !i0 && i1 && !i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 13/32
 	case !i0 && i1 && i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			http.Hijacker
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 14/32
 	case !i0 && i1 && i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			http.Hijacker
 			http.Pusher
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 15/32
 	case !i0 && i1 && i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 16/32
 	case !i0 && i1 && i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			http.Hijacker
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw, rw}
 	// combination 17/32
 	case i0 && !i1 && !i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 18/32
 	case i0 && !i1 && !i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.Pusher
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 19/32
 	case i0 && !i1 && !i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			io.ReaderFrom
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 20/32
 	case i0 && !i1 && !i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 21/32
 	case i0 && !i1 && i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.Hijacker
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 22/32
 	case i0 && !i1 && i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.Hijacker
 			http.Pusher
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 23/32
 	case i0 && !i1 && i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 24/32
 	case i0 && !i1 && i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.Hijacker
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw, rw}
 	// combination 25/32
 	case i0 && i1 && !i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 26/32
 	case i0 && i1 && !i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			http.Pusher
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 27/32
 	case i0 && i1 && !i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			io.ReaderFrom
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 28/32
 	case i0 && i1 && !i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw, rw}
 	// combination 29/32
 	case i0 && i1 && i2 && !i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			http.Hijacker
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 30/32
 	case i0 && i1 && i2 && !i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			http.Hijacker
 			http.Pusher
-		}{rw, rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw, rw}
 	// combination 31/32
 	case i0 && i1 && i2 && i3 && !i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw, rw}
 	// combination 32/32
 	case i0 && i1 && i2 && i3 && i4:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			http.Hijacker
 			io.ReaderFrom
 			http.Pusher
-		}{rw, rw, rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw, rw, rw}
 	}
 	panic("unreachable")
 }
@@ -320,6 +352,10 @@ type rw struct {
 	h Hooks
 }
 
+func (w *rw) Unwrap() http.ResponseWriter {
+	return w.w
+}
+
 func (w *rw) Header() http.Header {
 	f := w.w.(http.ResponseWriter).Header
 	if w.h.Header != nil {
@@ -383,3 +419,18 @@ func (w *rw) Push(target string, opts *http.PushOptions) error {
 	}
 	return f(target, opts)
 }
+
+type Unwrapper interface {
+	Unwrap() http.ResponseWriter
+}
+
+// Unwrap returns the underlying http.ResponseWriter from within zero or more
+// layers of httpsnoop wrappers.
+func Unwrap(w http.ResponseWriter) http.ResponseWriter {
+	if rw, ok := w.(Unwrapper); ok {
+		// recurse until rw.Unwrap() returns a non-Unwrapper
+		return Unwrap(rw.Unwrap())
+	} else {
+		return w
+	}
+}
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
index 36bb59b83..ab99c07c7 100644
--- a/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
+++ b/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
@@ -68,115 +68,131 @@ func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
 	// combination 1/16
 	case !i0 && !i1 && !i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
-		}{rw}
+		}{rw, rw}
 	// combination 2/16
 	case !i0 && !i1 && !i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			io.ReaderFrom
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 3/16
 	case !i0 && !i1 && i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Hijacker
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 4/16
 	case !i0 && !i1 && i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 5/16
 	case !i0 && i1 && !i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 6/16
 	case !i0 && i1 && !i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			io.ReaderFrom
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 7/16
 	case !i0 && i1 && i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			http.Hijacker
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 8/16
 	case !i0 && i1 && i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.CloseNotifier
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 9/16
 	case i0 && !i1 && !i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
-		}{rw, rw}
+		}{rw, rw, rw}
 	// combination 10/16
 	case i0 && !i1 && !i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			io.ReaderFrom
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 11/16
 	case i0 && !i1 && i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.Hijacker
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 12/16
 	case i0 && !i1 && i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 13/16
 	case i0 && i1 && !i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
-		}{rw, rw, rw}
+		}{rw, rw, rw, rw}
 	// combination 14/16
 	case i0 && i1 && !i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			io.ReaderFrom
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 15/16
 	case i0 && i1 && i2 && !i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			http.Hijacker
-		}{rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw}
 	// combination 16/16
 	case i0 && i1 && i2 && i3:
 		return struct {
+			Unwrapper
 			http.ResponseWriter
 			http.Flusher
 			http.CloseNotifier
 			http.Hijacker
 			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
+		}{rw, rw, rw, rw, rw, rw}
 	}
 	panic("unreachable")
 }
@@ -186,6 +202,10 @@ type rw struct {
 	h Hooks
 }
 
+func (w *rw) Unwrap() http.ResponseWriter {
+	return w.w
+}
+
 func (w *rw) Header() http.Header {
 	f := w.w.(http.ResponseWriter).Header
 	if w.h.Header != nil {
@@ -241,3 +261,18 @@ func (w *rw) ReadFrom(src io.Reader) (int64, error) {
 	}
 	return f(src)
 }
+
+type Unwrapper interface {
+	Unwrap() http.ResponseWriter
+}
+
+// Unwrap returns the underlying http.ResponseWriter from within zero or more
+// layers of httpsnoop wrappers.
+func Unwrap(w http.ResponseWriter) http.ResponseWriter {
+	if rw, ok := w.(Unwrapper); ok {
+		// recurse until rw.Unwrap() returns a non-Unwrapper
+		return Unwrap(rw.Unwrap())
+	} else {
+		return w
+	}
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/go.mod b/vendor/github.com/fsnotify/fsnotify/go.mod
deleted file mode 100644
index 48cfd07fe..000000000
--- a/vendor/github.com/fsnotify/fsnotify/go.mod
+++ /dev/null
@@ -1,10 +0,0 @@
-module github.com/fsnotify/fsnotify
-
-go 1.16
-
-require golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
-
-retract (
-    v1.5.3 // Published an incorrect branch accidentally https://github.com/fsnotify/fsnotify/issues/445
-    v1.5.0 // Contains symlink regression https://github.com/fsnotify/fsnotify/pull/394
-)
diff --git a/vendor/github.com/fsnotify/fsnotify/go.sum b/vendor/github.com/fsnotify/fsnotify/go.sum
deleted file mode 100644
index 7f2d82d5c..000000000
--- a/vendor/github.com/fsnotify/fsnotify/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/vendor/github.com/fsouza/go-dockerclient/AUTHORS b/vendor/github.com/fsouza/go-dockerclient/AUTHORS
deleted file mode 100644
index ec3562c97..000000000
--- a/vendor/github.com/fsouza/go-dockerclient/AUTHORS
+++ /dev/null
@@ -1 +0,0 @@
-# The official list of authors for copyright purposes can be found on GitHub: https://github.com/fsouza/go-dockerclient/graphs/contributors
diff --git a/vendor/github.com/fsouza/go-dockerclient/container_restart.go b/vendor/github.com/fsouza/go-dockerclient/container_restart.go
index 183cbac0f..64bb1a092 100644
--- a/vendor/github.com/fsouza/go-dockerclient/container_restart.go
+++ b/vendor/github.com/fsouza/go-dockerclient/container_restart.go
@@ -12,9 +12,9 @@ import (
 //
 //   - always: the docker daemon will always restart the container
 //   - on-failure: the docker daemon will restart the container on failures, at
-//                 most MaximumRetryCount times
+//     most MaximumRetryCount times
 //   - unless-stopped: the docker daemon will always restart the container except
-//                 when user has manually stopped the container
+//     when user has manually stopped the container
 //   - no: the docker daemon will not restart the container automatically
 type RestartPolicy struct {
 	Name              string `json:"Name,omitempty" yaml:"Name,omitempty" toml:"Name,omitempty"`
diff --git a/vendor/github.com/fsouza/go-dockerclient/event.go b/vendor/github.com/fsouza/go-dockerclient/event.go
index 024b4ecc2..ce1fb5021 100644
--- a/vendor/github.com/fsouza/go-dockerclient/event.go
+++ b/vendor/github.com/fsouza/go-dockerclient/event.go
@@ -93,6 +93,7 @@ type eventMonitoringState struct {
 	C         chan *APIEvents
 	errC      chan error
 	listeners []chan<- *APIEvents
+	closeConn func()
 }
 
 const (
@@ -229,6 +230,11 @@ func (eventState *eventMonitoringState) disableEventMonitoring() {
 		eventState.enabled = false
 		close(eventState.C)
 		close(eventState.errC)
+
+		if eventState.closeConn != nil {
+			eventState.closeConn()
+			eventState.closeConn = nil
+		}
 	}
 }
 
@@ -290,7 +296,7 @@ func (eventState *eventMonitoringState) connectWithRetry(c *Client, opts EventsO
 	eventChan := eventState.C
 	errChan := eventState.errC
 	eventState.RUnlock()
-	err := c.eventHijack(opts, atomic.LoadInt64(&eventState.lastSeen), eventChan, errChan)
+	closeConn, err := c.eventHijack(opts, atomic.LoadInt64(&eventState.lastSeen), eventChan, errChan)
 	for ; err != nil && retries < maxMonitorConnRetries; retries++ {
 		waitTime := int64(retryInitialWaitTime * math.Pow(2, float64(retries)))
 		time.Sleep(time.Duration(waitTime) * time.Millisecond)
@@ -298,8 +304,11 @@ func (eventState *eventMonitoringState) connectWithRetry(c *Client, opts EventsO
 		eventChan = eventState.C
 		errChan = eventState.errC
 		eventState.RUnlock()
-		err = c.eventHijack(opts, atomic.LoadInt64(&eventState.lastSeen), eventChan, errChan)
+		closeConn, err = c.eventHijack(opts, atomic.LoadInt64(&eventState.lastSeen), eventChan, errChan)
 	}
+	eventState.Lock()
+	defer eventState.Unlock()
+	eventState.closeConn = closeConn
 	return err
 }
 
@@ -343,7 +352,7 @@ func (eventState *eventMonitoringState) updateLastSeen(e *APIEvents) {
 	}
 }
 
-func (c *Client) eventHijack(opts EventsOptions, startTime int64, eventChan chan *APIEvents, errChan chan error) error {
+func (c *Client) eventHijack(opts EventsOptions, startTime int64, eventChan chan *APIEvents, errChan chan error) (closeConn func(), err error) {
 	// on reconnect override initial Since with last event seen time
 	if startTime != 0 {
 		opts.Since = strconv.FormatInt(startTime, 10)
@@ -356,37 +365,38 @@ func (c *Client) eventHijack(opts EventsOptions, startTime int64, eventChan chan
 		address = c.endpointURL.Host
 	}
 	var dial net.Conn
-	var err error
 	if c.TLSConfig == nil {
 		dial, err = c.Dialer.Dial(protocol, address)
 	} else {
 		netDialer, ok := c.Dialer.(*net.Dialer)
 		if !ok {
-			return ErrTLSNotSupported
+			return nil, ErrTLSNotSupported
 		}
 		dial, err = tlsDialWithDialer(netDialer, protocol, address, c.TLSConfig)
 	}
 	if err != nil {
-		return err
+		return nil, err
 	}
 	//lint:ignore SA1019 the alternative doesn't quite work, so keep using the deprecated thing.
 	conn := httputil.NewClientConn(dial, nil)
 	req, err := http.NewRequest(http.MethodGet, uri, nil)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	res, err := conn.Do(req)
 	if err != nil {
-		return err
+		return nil, err
 	}
+
+	keepRunning := int32(1)
 	//lint:ignore SA1019 the alternative doesn't quite work, so keep using the deprecated thing.
 	go func(res *http.Response, conn *httputil.ClientConn) {
 		defer conn.Close()
 		defer res.Body.Close()
 		decoder := json.NewDecoder(res.Body)
-		for {
+		for atomic.LoadInt32(&keepRunning) == 1 {
 			var event APIEvents
-			if err = decoder.Decode(&event); err != nil {
+			if err := decoder.Decode(&event); err != nil {
 				if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
 					c.eventMonitor.RLock()
 					if c.eventMonitor.enabled && c.eventMonitor.C == eventChan {
@@ -409,7 +419,9 @@ func (c *Client) eventHijack(opts EventsOptions, startTime int64, eventChan chan
 			c.eventMonitor.RUnlock()
 		}
 	}(res, conn)
-	return nil
+	return func() {
+		atomic.StoreInt32(&keepRunning, 0)
+	}, nil
 }
 
 // transformEvent takes an event and determines what version it is from
diff --git a/vendor/github.com/fsouza/go-dockerclient/go.mod b/vendor/github.com/fsouza/go-dockerclient/go.mod
deleted file mode 100644
index 06fe42430..000000000
--- a/vendor/github.com/fsouza/go-dockerclient/go.mod
+++ /dev/null
@@ -1,34 +0,0 @@
-module github.com/fsouza/go-dockerclient
-
-go 1.17
-
-require (
-	github.com/Microsoft/go-winio v0.5.2
-	github.com/docker/docker v20.10.17+incompatible
-	github.com/docker/go-units v0.4.0
-	github.com/google/go-cmp v0.5.8
-	github.com/gorilla/mux v1.8.0
-	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
-)
-
-require (
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/Microsoft/hcsshim v0.9.3 // indirect
-	github.com/containerd/cgroups v1.0.3 // indirect
-	github.com/containerd/containerd v1.6.6 // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/moby/sys/mount v0.3.3 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
-	github.com/opencontainers/runc v1.1.2 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/sirupsen/logrus v1.8.1 // indirect
-	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)
diff --git a/vendor/github.com/fsouza/go-dockerclient/go.sum b/vendor/github.com/fsouza/go-dockerclient/go.sum
deleted file mode 100644
index ad52e1c17..000000000
--- a/vendor/github.com/fsouza/go-dockerclient/go.sum
+++ /dev/null
@@ -1,1428 +0,0 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
-bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
-github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
-github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
-github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
-github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
-github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
-github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
-github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
-github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
-github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
-github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/continuity v0.2.2 h1:QSqfxcn8c+12slxwu00AtzXrsami0MJb/MQs9lOLHLA=
-github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
-github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
-github.com/containerd/go-cni v1.1.6/go.mod h1:BWtoWl5ghVymxu6MBjg79W9NZrCRyHIdUtk4cauMe34=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4=
-github.com/containerd/imgcrypt v1.1.4/go.mod h1:LorQnPtzL/T0IyCeftcsMEO7AqxUDbdO8j/tSUpgxvo=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
-github.com/containernetworking/cni v1.1.1/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
-github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
-github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
-github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
-github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
-github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
-github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
-github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
-github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
-github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
-github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
-github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0=
-github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
-github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
-github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec=
-github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw=
-github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
-github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
-github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
-github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
-go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
-go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
-go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
-go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
-go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE=
-go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc=
-go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
-go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
-go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
-go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
-go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
-go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
-go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
-go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
-go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
-go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
-go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
-k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y=
-k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/cri-api v0.23.1/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
-k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/vendor/github.com/fsouza/go-dockerclient/misc.go b/vendor/github.com/fsouza/go-dockerclient/misc.go
index 8eaa82704..2fa19c67f 100644
--- a/vendor/github.com/fsouza/go-dockerclient/misc.go
+++ b/vendor/github.com/fsouza/go-dockerclient/misc.go
@@ -131,13 +131,11 @@ type ServiceConfig struct {
 type NetIPNet net.IPNet
 
 // MarshalJSON returns the JSON representation of the IPNet.
-//
 func (ipnet *NetIPNet) MarshalJSON() ([]byte, error) {
 	return json.Marshal((*net.IPNet)(ipnet).String())
 }
 
 // UnmarshalJSON sets the IPNet from a byte array of JSON.
-//
 func (ipnet *NetIPNet) UnmarshalJSON(b []byte) (err error) {
 	var ipnetStr string
 	if err = json.Unmarshal(b, &ipnetStr); err == nil {
@@ -181,9 +179,9 @@ func (c *Client) Info() (*DockerInfo, error) {
 //
 // Some examples:
 //
-//     localhost.localdomain:5000/samalba/hipache:latest -> localhost.localdomain:5000/samalba/hipache, latest
-//     localhost.localdomain:5000/samalba/hipache -> localhost.localdomain:5000/samalba/hipache, ""
-//     busybox:latest@sha256:4a731fb46adc5cefe3ae374a8b6020fc1b6ad667a279647766e9a3cd89f6fa92 -> busybox, latest
+//	localhost.localdomain:5000/samalba/hipache:latest -> localhost.localdomain:5000/samalba/hipache, latest
+//	localhost.localdomain:5000/samalba/hipache -> localhost.localdomain:5000/samalba/hipache, ""
+//	busybox:latest@sha256:4a731fb46adc5cefe3ae374a8b6020fc1b6ad667a279647766e9a3cd89f6fa92 -> busybox, latest
 func ParseRepositoryTag(repoTag string) (repository string, tag string) {
 	parts := strings.SplitN(repoTag, "@", 2)
 	repoTag = parts[0]
diff --git a/vendor/github.com/fsouza/go-dockerclient/tls.go b/vendor/github.com/fsouza/go-dockerclient/tls.go
index 56f00589b..15d5e2667 100644
--- a/vendor/github.com/fsouza/go-dockerclient/tls.go
+++ b/vendor/github.com/fsouza/go-dockerclient/tls.go
@@ -97,20 +97,19 @@ func tlsDialWithDialer(dialer *net.Dialer, network, addr string, config *tls.Con
 // this exists to silent an error message in go vet
 func copyTLSConfig(cfg *tls.Config) *tls.Config {
 	return &tls.Config{
-		Certificates:             cfg.Certificates,
-		CipherSuites:             cfg.CipherSuites,
-		ClientAuth:               cfg.ClientAuth,
-		ClientCAs:                cfg.ClientCAs,
-		ClientSessionCache:       cfg.ClientSessionCache,
-		CurvePreferences:         cfg.CurvePreferences,
-		InsecureSkipVerify:       cfg.InsecureSkipVerify,
-		MaxVersion:               cfg.MaxVersion,
-		MinVersion:               cfg.MinVersion,
-		NextProtos:               cfg.NextProtos,
-		PreferServerCipherSuites: cfg.PreferServerCipherSuites,
-		Rand:                     cfg.Rand,
-		RootCAs:                  cfg.RootCAs,
-		ServerName:               cfg.ServerName,
-		SessionTicketsDisabled:   cfg.SessionTicketsDisabled,
+		Certificates:           cfg.Certificates,
+		CipherSuites:           cfg.CipherSuites,
+		ClientAuth:             cfg.ClientAuth,
+		ClientCAs:              cfg.ClientCAs,
+		ClientSessionCache:     cfg.ClientSessionCache,
+		CurvePreferences:       cfg.CurvePreferences,
+		InsecureSkipVerify:     cfg.InsecureSkipVerify,
+		MaxVersion:             cfg.MaxVersion,
+		MinVersion:             cfg.MinVersion,
+		NextProtos:             cfg.NextProtos,
+		Rand:                   cfg.Rand,
+		RootCAs:                cfg.RootCAs,
+		ServerName:             cfg.ServerName,
+		SessionTicketsDisabled: cfg.SessionTicketsDisabled,
 	}
 }
diff --git a/vendor/github.com/go-task/slim-sprig/go.mod b/vendor/github.com/go-task/slim-sprig/go.mod
deleted file mode 100644
index d90a221be..000000000
--- a/vendor/github.com/go-task/slim-sprig/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module github.com/go-task/slim-sprig
-
-go 1.13
-
-require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/stretchr/testify v1.5.1
-)
diff --git a/vendor/github.com/go-task/slim-sprig/go.sum b/vendor/github.com/go-task/slim-sprig/go.sum
deleted file mode 100644
index 256ef8493..000000000
--- a/vendor/github.com/go-task/slim-sprig/go.sum
+++ /dev/null
@@ -1,22 +0,0 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/github.com/godbus/dbus/v5/go.mod b/vendor/github.com/godbus/dbus/v5/go.mod
deleted file mode 100644
index 15b920203..000000000
--- a/vendor/github.com/godbus/dbus/v5/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/godbus/dbus/v5
-
-go 1.12
diff --git a/vendor/github.com/godbus/dbus/v5/go.sum b/vendor/github.com/godbus/dbus/v5/go.sum
deleted file mode 100644
index e69de29bb..000000000
--- a/vendor/github.com/godbus/dbus/v5/go.sum
+++ /dev/null
diff --git a/vendor/github.com/google/go-cmp/LICENSE b/vendor/github.com/google/go-cmp/LICENSE
new file mode 100644
index 000000000..32017f8fa
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2017 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/google/go-cmp/cmp/compare.go b/vendor/github.com/google/go-cmp/cmp/compare.go
new file mode 100644
index 000000000..fd2b3a42b
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/compare.go
@@ -0,0 +1,667 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cmp determines equality of values.
+//
+// This package is intended to be a more powerful and safer alternative to
+// reflect.DeepEqual for comparing whether two values are semantically equal.
+// It is intended to only be used in tests, as performance is not a goal and
+// it may panic if it cannot compare the values. Its propensity towards
+// panicking means that its unsuitable for production environments where a
+// spurious panic may be fatal.
+//
+// The primary features of cmp are:
+//
+// • When the default behavior of equality does not suit the needs of the test,
+// custom equality functions can override the equality operation.
+// For example, an equality function may report floats as equal so long as they
+// are within some tolerance of each other.
+//
+// • Types that have an Equal method may use that method to determine equality.
+// This allows package authors to determine the equality operation for the types
+// that they define.
+//
+// • If no custom equality functions are used and no Equal method is defined,
+// equality is determined by recursively comparing the primitive kinds on both
+// values, much like reflect.DeepEqual. Unlike reflect.DeepEqual, unexported
+// fields are not compared by default; they result in panics unless suppressed
+// by using an Ignore option (see cmpopts.IgnoreUnexported) or explicitly
+// compared using the Exporter option.
+package cmp
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/google/go-cmp/cmp/internal/diff"
+	"github.com/google/go-cmp/cmp/internal/function"
+	"github.com/google/go-cmp/cmp/internal/value"
+)
+
+// TODO(≥go1.18): Use any instead of interface{}.
+
+// Equal reports whether x and y are equal by recursively applying the
+// following rules in the given order to x and y and all of their sub-values:
+//
+// • Let S be the set of all Ignore, Transformer, and Comparer options that
+// remain after applying all path filters, value filters, and type filters.
+// If at least one Ignore exists in S, then the comparison is ignored.
+// If the number of Transformer and Comparer options in S is greater than one,
+// then Equal panics because it is ambiguous which option to use.
+// If S contains a single Transformer, then use that to transform the current
+// values and recursively call Equal on the output values.
+// If S contains a single Comparer, then use that to compare the current values.
+// Otherwise, evaluation proceeds to the next rule.
+//
+// • If the values have an Equal method of the form "(T) Equal(T) bool" or
+// "(T) Equal(I) bool" where T is assignable to I, then use the result of
+// x.Equal(y) even if x or y is nil. Otherwise, no such method exists and
+// evaluation proceeds to the next rule.
+//
+// • Lastly, try to compare x and y based on their basic kinds.
+// Simple kinds like booleans, integers, floats, complex numbers, strings, and
+// channels are compared using the equivalent of the == operator in Go.
+// Functions are only equal if they are both nil, otherwise they are unequal.
+//
+// Structs are equal if recursively calling Equal on all fields report equal.
+// If a struct contains unexported fields, Equal panics unless an Ignore option
+// (e.g., cmpopts.IgnoreUnexported) ignores that field or the Exporter option
+// explicitly permits comparing the unexported field.
+//
+// Slices are equal if they are both nil or both non-nil, where recursively
+// calling Equal on all non-ignored slice or array elements report equal.
+// Empty non-nil slices and nil slices are not equal; to equate empty slices,
+// consider using cmpopts.EquateEmpty.
+//
+// Maps are equal if they are both nil or both non-nil, where recursively
+// calling Equal on all non-ignored map entries report equal.
+// Map keys are equal according to the == operator.
+// To use custom comparisons for map keys, consider using cmpopts.SortMaps.
+// Empty non-nil maps and nil maps are not equal; to equate empty maps,
+// consider using cmpopts.EquateEmpty.
+//
+// Pointers and interfaces are equal if they are both nil or both non-nil,
+// where they have the same underlying concrete type and recursively
+// calling Equal on the underlying values reports equal.
+//
+// Before recursing into a pointer, slice element, or map, the current path
+// is checked to detect whether the address has already been visited.
+// If there is a cycle, then the pointed at values are considered equal
+// only if both addresses were previously visited in the same path step.
+func Equal(x, y interface{}, opts ...Option) bool {
+	s := newState(opts)
+	s.compareAny(rootStep(x, y))
+	return s.result.Equal()
+}
+
+// Diff returns a human-readable report of the differences between two values:
+// y - x. It returns an empty string if and only if Equal returns true for the
+// same input values and options.
+//
+// The output is displayed as a literal in pseudo-Go syntax.
+// At the start of each line, a "-" prefix indicates an element removed from x,
+// a "+" prefix to indicates an element added from y, and the lack of a prefix
+// indicates an element common to both x and y. If possible, the output
+// uses fmt.Stringer.String or error.Error methods to produce more humanly
+// readable outputs. In such cases, the string is prefixed with either an
+// 's' or 'e' character, respectively, to indicate that the method was called.
+//
+// Do not depend on this output being stable. If you need the ability to
+// programmatically interpret the difference, consider using a custom Reporter.
+func Diff(x, y interface{}, opts ...Option) string {
+	s := newState(opts)
+
+	// Optimization: If there are no other reporters, we can optimize for the
+	// common case where the result is equal (and thus no reported difference).
+	// This avoids the expensive construction of a difference tree.
+	if len(s.reporters) == 0 {
+		s.compareAny(rootStep(x, y))
+		if s.result.Equal() {
+			return ""
+		}
+		s.result = diff.Result{} // Reset results
+	}
+
+	r := new(defaultReporter)
+	s.reporters = append(s.reporters, reporter{r})
+	s.compareAny(rootStep(x, y))
+	d := r.String()
+	if (d == "") != s.result.Equal() {
+		panic("inconsistent difference and equality results")
+	}
+	return d
+}
+
+// rootStep constructs the first path step. If x and y have differing types,
+// then they are stored within an empty interface type.
+func rootStep(x, y interface{}) PathStep {
+	vx := reflect.ValueOf(x)
+	vy := reflect.ValueOf(y)
+
+	// If the inputs are different types, auto-wrap them in an empty interface
+	// so that they have the same parent type.
+	var t reflect.Type
+	if !vx.IsValid() || !vy.IsValid() || vx.Type() != vy.Type() {
+		t = reflect.TypeOf((*interface{})(nil)).Elem()
+		if vx.IsValid() {
+			vvx := reflect.New(t).Elem()
+			vvx.Set(vx)
+			vx = vvx
+		}
+		if vy.IsValid() {
+			vvy := reflect.New(t).Elem()
+			vvy.Set(vy)
+			vy = vvy
+		}
+	} else {
+		t = vx.Type()
+	}
+
+	return &pathStep{t, vx, vy}
+}
+
+type state struct {
+	// These fields represent the "comparison state".
+	// Calling statelessCompare must not result in observable changes to these.
+	result    diff.Result // The current result of comparison
+	curPath   Path        // The current path in the value tree
+	curPtrs   pointerPath // The current set of visited pointers
+	reporters []reporter  // Optional reporters
+
+	// recChecker checks for infinite cycles applying the same set of
+	// transformers upon the output of itself.
+	recChecker recChecker
+
+	// dynChecker triggers pseudo-random checks for option correctness.
+	// It is safe for statelessCompare to mutate this value.
+	dynChecker dynChecker
+
+	// These fields, once set by processOption, will not change.
+	exporters []exporter // List of exporters for structs with unexported fields
+	opts      Options    // List of all fundamental and filter options
+}
+
+func newState(opts []Option) *state {
+	// Always ensure a validator option exists to validate the inputs.
+	s := &state{opts: Options{validator{}}}
+	s.curPtrs.Init()
+	s.processOption(Options(opts))
+	return s
+}
+
+func (s *state) processOption(opt Option) {
+	switch opt := opt.(type) {
+	case nil:
+	case Options:
+		for _, o := range opt {
+			s.processOption(o)
+		}
+	case coreOption:
+		type filtered interface {
+			isFiltered() bool
+		}
+		if fopt, ok := opt.(filtered); ok && !fopt.isFiltered() {
+			panic(fmt.Sprintf("cannot use an unfiltered option: %v", opt))
+		}
+		s.opts = append(s.opts, opt)
+	case exporter:
+		s.exporters = append(s.exporters, opt)
+	case reporter:
+		s.reporters = append(s.reporters, opt)
+	default:
+		panic(fmt.Sprintf("unknown option %T", opt))
+	}
+}
+
+// statelessCompare compares two values and returns the result.
+// This function is stateless in that it does not alter the current result,
+// or output to any registered reporters.
+func (s *state) statelessCompare(step PathStep) diff.Result {
+	// We do not save and restore curPath and curPtrs because all of the
+	// compareX methods should properly push and pop from them.
+	// It is an implementation bug if the contents of the paths differ from
+	// when calling this function to when returning from it.
+
+	oldResult, oldReporters := s.result, s.reporters
+	s.result = diff.Result{} // Reset result
+	s.reporters = nil        // Remove reporters to avoid spurious printouts
+	s.compareAny(step)
+	res := s.result
+	s.result, s.reporters = oldResult, oldReporters
+	return res
+}
+
+func (s *state) compareAny(step PathStep) {
+	// Update the path stack.
+	s.curPath.push(step)
+	defer s.curPath.pop()
+	for _, r := range s.reporters {
+		r.PushStep(step)
+		defer r.PopStep()
+	}
+	s.recChecker.Check(s.curPath)
+
+	// Cycle-detection for slice elements (see NOTE in compareSlice).
+	t := step.Type()
+	vx, vy := step.Values()
+	if si, ok := step.(SliceIndex); ok && si.isSlice && vx.IsValid() && vy.IsValid() {
+		px, py := vx.Addr(), vy.Addr()
+		if eq, visited := s.curPtrs.Push(px, py); visited {
+			s.report(eq, reportByCycle)
+			return
+		}
+		defer s.curPtrs.Pop(px, py)
+	}
+
+	// Rule 1: Check whether an option applies on this node in the value tree.
+	if s.tryOptions(t, vx, vy) {
+		return
+	}
+
+	// Rule 2: Check whether the type has a valid Equal method.
+	if s.tryMethod(t, vx, vy) {
+		return
+	}
+
+	// Rule 3: Compare based on the underlying kind.
+	switch t.Kind() {
+	case reflect.Bool:
+		s.report(vx.Bool() == vy.Bool(), 0)
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		s.report(vx.Int() == vy.Int(), 0)
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		s.report(vx.Uint() == vy.Uint(), 0)
+	case reflect.Float32, reflect.Float64:
+		s.report(vx.Float() == vy.Float(), 0)
+	case reflect.Complex64, reflect.Complex128:
+		s.report(vx.Complex() == vy.Complex(), 0)
+	case reflect.String:
+		s.report(vx.String() == vy.String(), 0)
+	case reflect.Chan, reflect.UnsafePointer:
+		s.report(vx.Pointer() == vy.Pointer(), 0)
+	case reflect.Func:
+		s.report(vx.IsNil() && vy.IsNil(), 0)
+	case reflect.Struct:
+		s.compareStruct(t, vx, vy)
+	case reflect.Slice, reflect.Array:
+		s.compareSlice(t, vx, vy)
+	case reflect.Map:
+		s.compareMap(t, vx, vy)
+	case reflect.Ptr:
+		s.comparePtr(t, vx, vy)
+	case reflect.Interface:
+		s.compareInterface(t, vx, vy)
+	default:
+		panic(fmt.Sprintf("%v kind not handled", t.Kind()))
+	}
+}
+
+func (s *state) tryOptions(t reflect.Type, vx, vy reflect.Value) bool {
+	// Evaluate all filters and apply the remaining options.
+	if opt := s.opts.filter(s, t, vx, vy); opt != nil {
+		opt.apply(s, vx, vy)
+		return true
+	}
+	return false
+}
+
+func (s *state) tryMethod(t reflect.Type, vx, vy reflect.Value) bool {
+	// Check if this type even has an Equal method.
+	m, ok := t.MethodByName("Equal")
+	if !ok || !function.IsType(m.Type, function.EqualAssignable) {
+		return false
+	}
+
+	eq := s.callTTBFunc(m.Func, vx, vy)
+	s.report(eq, reportByMethod)
+	return true
+}
+
+func (s *state) callTRFunc(f, v reflect.Value, step Transform) reflect.Value {
+	if !s.dynChecker.Next() {
+		return f.Call([]reflect.Value{v})[0]
+	}
+
+	// Run the function twice and ensure that we get the same results back.
+	// We run in goroutines so that the race detector (if enabled) can detect
+	// unsafe mutations to the input.
+	c := make(chan reflect.Value)
+	go detectRaces(c, f, v)
+	got := <-c
+	want := f.Call([]reflect.Value{v})[0]
+	if step.vx, step.vy = got, want; !s.statelessCompare(step).Equal() {
+		// To avoid false-positives with non-reflexive equality operations,
+		// we sanity check whether a value is equal to itself.
+		if step.vx, step.vy = want, want; !s.statelessCompare(step).Equal() {
+			return want
+		}
+		panic(fmt.Sprintf("non-deterministic function detected: %s", function.NameOf(f)))
+	}
+	return want
+}
+
+func (s *state) callTTBFunc(f, x, y reflect.Value) bool {
+	if !s.dynChecker.Next() {
+		return f.Call([]reflect.Value{x, y})[0].Bool()
+	}
+
+	// Swapping the input arguments is sufficient to check that
+	// f is symmetric and deterministic.
+	// We run in goroutines so that the race detector (if enabled) can detect
+	// unsafe mutations to the input.
+	c := make(chan reflect.Value)
+	go detectRaces(c, f, y, x)
+	got := <-c
+	want := f.Call([]reflect.Value{x, y})[0].Bool()
+	if !got.IsValid() || got.Bool() != want {
+		panic(fmt.Sprintf("non-deterministic or non-symmetric function detected: %s", function.NameOf(f)))
+	}
+	return want
+}
+
+func detectRaces(c chan<- reflect.Value, f reflect.Value, vs ...reflect.Value) {
+	var ret reflect.Value
+	defer func() {
+		recover() // Ignore panics, let the other call to f panic instead
+		c <- ret
+	}()
+	ret = f.Call(vs)[0]
+}
+
+func (s *state) compareStruct(t reflect.Type, vx, vy reflect.Value) {
+	var addr bool
+	var vax, vay reflect.Value // Addressable versions of vx and vy
+
+	var mayForce, mayForceInit bool
+	step := StructField{&structField{}}
+	for i := 0; i < t.NumField(); i++ {
+		step.typ = t.Field(i).Type
+		step.vx = vx.Field(i)
+		step.vy = vy.Field(i)
+		step.name = t.Field(i).Name
+		step.idx = i
+		step.unexported = !isExported(step.name)
+		if step.unexported {
+			if step.name == "_" {
+				continue
+			}
+			// Defer checking of unexported fields until later to give an
+			// Ignore a chance to ignore the field.
+			if !vax.IsValid() || !vay.IsValid() {
+				// For retrieveUnexportedField to work, the parent struct must
+				// be addressable. Create a new copy of the values if
+				// necessary to make them addressable.
+				addr = vx.CanAddr() || vy.CanAddr()
+				vax = makeAddressable(vx)
+				vay = makeAddressable(vy)
+			}
+			if !mayForceInit {
+				for _, xf := range s.exporters {
+					mayForce = mayForce || xf(t)
+				}
+				mayForceInit = true
+			}
+			step.mayForce = mayForce
+			step.paddr = addr
+			step.pvx = vax
+			step.pvy = vay
+			step.field = t.Field(i)
+		}
+		s.compareAny(step)
+	}
+}
+
+func (s *state) compareSlice(t reflect.Type, vx, vy reflect.Value) {
+	isSlice := t.Kind() == reflect.Slice
+	if isSlice && (vx.IsNil() || vy.IsNil()) {
+		s.report(vx.IsNil() && vy.IsNil(), 0)
+		return
+	}
+
+	// NOTE: It is incorrect to call curPtrs.Push on the slice header pointer
+	// since slices represents a list of pointers, rather than a single pointer.
+	// The pointer checking logic must be handled on a per-element basis
+	// in compareAny.
+	//
+	// A slice header (see reflect.SliceHeader) in Go is a tuple of a starting
+	// pointer P, a length N, and a capacity C. Supposing each slice element has
+	// a memory size of M, then the slice is equivalent to the list of pointers:
+	//	[P+i*M for i in range(N)]
+	//
+	// For example, v[:0] and v[:1] are slices with the same starting pointer,
+	// but they are clearly different values. Using the slice pointer alone
+	// violates the assumption that equal pointers implies equal values.
+
+	step := SliceIndex{&sliceIndex{pathStep: pathStep{typ: t.Elem()}, isSlice: isSlice}}
+	withIndexes := func(ix, iy int) SliceIndex {
+		if ix >= 0 {
+			step.vx, step.xkey = vx.Index(ix), ix
+		} else {
+			step.vx, step.xkey = reflect.Value{}, -1
+		}
+		if iy >= 0 {
+			step.vy, step.ykey = vy.Index(iy), iy
+		} else {
+			step.vy, step.ykey = reflect.Value{}, -1
+		}
+		return step
+	}
+
+	// Ignore options are able to ignore missing elements in a slice.
+	// However, detecting these reliably requires an optimal differencing
+	// algorithm, for which diff.Difference is not.
+	//
+	// Instead, we first iterate through both slices to detect which elements
+	// would be ignored if standing alone. The index of non-discarded elements
+	// are stored in a separate slice, which diffing is then performed on.
+	var indexesX, indexesY []int
+	var ignoredX, ignoredY []bool
+	for ix := 0; ix < vx.Len(); ix++ {
+		ignored := s.statelessCompare(withIndexes(ix, -1)).NumDiff == 0
+		if !ignored {
+			indexesX = append(indexesX, ix)
+		}
+		ignoredX = append(ignoredX, ignored)
+	}
+	for iy := 0; iy < vy.Len(); iy++ {
+		ignored := s.statelessCompare(withIndexes(-1, iy)).NumDiff == 0
+		if !ignored {
+			indexesY = append(indexesY, iy)
+		}
+		ignoredY = append(ignoredY, ignored)
+	}
+
+	// Compute an edit-script for slices vx and vy (excluding ignored elements).
+	edits := diff.Difference(len(indexesX), len(indexesY), func(ix, iy int) diff.Result {
+		return s.statelessCompare(withIndexes(indexesX[ix], indexesY[iy]))
+	})
+
+	// Replay the ignore-scripts and the edit-script.
+	var ix, iy int
+	for ix < vx.Len() || iy < vy.Len() {
+		var e diff.EditType
+		switch {
+		case ix < len(ignoredX) && ignoredX[ix]:
+			e = diff.UniqueX
+		case iy < len(ignoredY) && ignoredY[iy]:
+			e = diff.UniqueY
+		default:
+			e, edits = edits[0], edits[1:]
+		}
+		switch e {
+		case diff.UniqueX:
+			s.compareAny(withIndexes(ix, -1))
+			ix++
+		case diff.UniqueY:
+			s.compareAny(withIndexes(-1, iy))
+			iy++
+		default:
+			s.compareAny(withIndexes(ix, iy))
+			ix++
+			iy++
+		}
+	}
+}
+
+func (s *state) compareMap(t reflect.Type, vx, vy reflect.Value) {
+	if vx.IsNil() || vy.IsNil() {
+		s.report(vx.IsNil() && vy.IsNil(), 0)
+		return
+	}
+
+	// Cycle-detection for maps.
+	if eq, visited := s.curPtrs.Push(vx, vy); visited {
+		s.report(eq, reportByCycle)
+		return
+	}
+	defer s.curPtrs.Pop(vx, vy)
+
+	// We combine and sort the two map keys so that we can perform the
+	// comparisons in a deterministic order.
+	step := MapIndex{&mapIndex{pathStep: pathStep{typ: t.Elem()}}}
+	for _, k := range value.SortKeys(append(vx.MapKeys(), vy.MapKeys()...)) {
+		step.vx = vx.MapIndex(k)
+		step.vy = vy.MapIndex(k)
+		step.key = k
+		if !step.vx.IsValid() && !step.vy.IsValid() {
+			// It is possible for both vx and vy to be invalid if the
+			// key contained a NaN value in it.
+			//
+			// Even with the ability to retrieve NaN keys in Go 1.12,
+			// there still isn't a sensible way to compare the values since
+			// a NaN key may map to multiple unordered values.
+			// The most reasonable way to compare NaNs would be to compare the
+			// set of values. However, this is impossible to do efficiently
+			// since set equality is provably an O(n^2) operation given only
+			// an Equal function. If we had a Less function or Hash function,
+			// this could be done in O(n*log(n)) or O(n), respectively.
+			//
+			// Rather than adding complex logic to deal with NaNs, make it
+			// the user's responsibility to compare such obscure maps.
+			const help = "consider providing a Comparer to compare the map"
+			panic(fmt.Sprintf("%#v has map key with NaNs\n%s", s.curPath, help))
+		}
+		s.compareAny(step)
+	}
+}
+
+func (s *state) comparePtr(t reflect.Type, vx, vy reflect.Value) {
+	if vx.IsNil() || vy.IsNil() {
+		s.report(vx.IsNil() && vy.IsNil(), 0)
+		return
+	}
+
+	// Cycle-detection for pointers.
+	if eq, visited := s.curPtrs.Push(vx, vy); visited {
+		s.report(eq, reportByCycle)
+		return
+	}
+	defer s.curPtrs.Pop(vx, vy)
+
+	vx, vy = vx.Elem(), vy.Elem()
+	s.compareAny(Indirect{&indirect{pathStep{t.Elem(), vx, vy}}})
+}
+
+func (s *state) compareInterface(t reflect.Type, vx, vy reflect.Value) {
+	if vx.IsNil() || vy.IsNil() {
+		s.report(vx.IsNil() && vy.IsNil(), 0)
+		return
+	}
+	vx, vy = vx.Elem(), vy.Elem()
+	if vx.Type() != vy.Type() {
+		s.report(false, 0)
+		return
+	}
+	s.compareAny(TypeAssertion{&typeAssertion{pathStep{vx.Type(), vx, vy}}})
+}
+
+func (s *state) report(eq bool, rf resultFlags) {
+	if rf&reportByIgnore == 0 {
+		if eq {
+			s.result.NumSame++
+			rf |= reportEqual
+		} else {
+			s.result.NumDiff++
+			rf |= reportUnequal
+		}
+	}
+	for _, r := range s.reporters {
+		r.Report(Result{flags: rf})
+	}
+}
+
+// recChecker tracks the state needed to periodically perform checks that
+// user provided transformers are not stuck in an infinitely recursive cycle.
+type recChecker struct{ next int }
+
+// Check scans the Path for any recursive transformers and panics when any
+// recursive transformers are detected. Note that the presence of a
+// recursive Transformer does not necessarily imply an infinite cycle.
+// As such, this check only activates after some minimal number of path steps.
+func (rc *recChecker) Check(p Path) {
+	const minLen = 1 << 16
+	if rc.next == 0 {
+		rc.next = minLen
+	}
+	if len(p) < rc.next {
+		return
+	}
+	rc.next <<= 1
+
+	// Check whether the same transformer has appeared at least twice.
+	var ss []string
+	m := map[Option]int{}
+	for _, ps := range p {
+		if t, ok := ps.(Transform); ok {
+			t := t.Option()
+			if m[t] == 1 { // Transformer was used exactly once before
+				tf := t.(*transformer).fnc.Type()
+				ss = append(ss, fmt.Sprintf("%v: %v => %v", t, tf.In(0), tf.Out(0)))
+			}
+			m[t]++
+		}
+	}
+	if len(ss) > 0 {
+		const warning = "recursive set of Transformers detected"
+		const help = "consider using cmpopts.AcyclicTransformer"
+		set := strings.Join(ss, "\n\t")
+		panic(fmt.Sprintf("%s:\n\t%s\n%s", warning, set, help))
+	}
+}
+
+// dynChecker tracks the state needed to periodically perform checks that
+// user provided functions are symmetric and deterministic.
+// The zero value is safe for immediate use.
+type dynChecker struct{ curr, next int }
+
+// Next increments the state and reports whether a check should be performed.
+//
+// Checks occur every Nth function call, where N is a triangular number:
+//	0 1 3 6 10 15 21 28 36 45 55 66 78 91 105 120 136 153 171 190 ...
+// See https://en.wikipedia.org/wiki/Triangular_number
+//
+// This sequence ensures that the cost of checks drops significantly as
+// the number of functions calls grows larger.
+func (dc *dynChecker) Next() bool {
+	ok := dc.curr == dc.next
+	if ok {
+		dc.curr = 0
+		dc.next++
+	}
+	dc.curr++
+	return ok
+}
+
+// makeAddressable returns a value that is always addressable.
+// It returns the input verbatim if it is already addressable,
+// otherwise it creates a new value and returns an addressable copy.
+func makeAddressable(v reflect.Value) reflect.Value {
+	if v.CanAddr() {
+		return v
+	}
+	vc := reflect.New(v.Type()).Elem()
+	vc.Set(v)
+	return vc
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/export_panic.go b/vendor/github.com/google/go-cmp/cmp/export_panic.go
new file mode 100644
index 000000000..ae851fe53
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/export_panic.go
@@ -0,0 +1,16 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build purego
+// +build purego
+
+package cmp
+
+import "reflect"
+
+const supportExporters = false
+
+func retrieveUnexportedField(reflect.Value, reflect.StructField, bool) reflect.Value {
+	panic("no support for forcibly accessing unexported fields")
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go b/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
new file mode 100644
index 000000000..e2c0f74e8
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
@@ -0,0 +1,36 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !purego
+// +build !purego
+
+package cmp
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+const supportExporters = true
+
+// retrieveUnexportedField uses unsafe to forcibly retrieve any field from
+// a struct such that the value has read-write permissions.
+//
+// The parent struct, v, must be addressable, while f must be a StructField
+// describing the field to retrieve. If addr is false,
+// then the returned value will be shallowed copied to be non-addressable.
+func retrieveUnexportedField(v reflect.Value, f reflect.StructField, addr bool) reflect.Value {
+	ve := reflect.NewAt(f.Type, unsafe.Pointer(uintptr(unsafe.Pointer(v.UnsafeAddr()))+f.Offset)).Elem()
+	if !addr {
+		// A field is addressable if and only if the struct is addressable.
+		// If the original parent value was not addressable, shallow copy the
+		// value to make it non-addressable to avoid leaking an implementation
+		// detail of how forcibly exporting a field works.
+		if ve.Kind() == reflect.Interface && ve.IsNil() {
+			return reflect.Zero(f.Type)
+		}
+		return reflect.ValueOf(ve.Interface()).Convert(f.Type)
+	}
+	return ve
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go
new file mode 100644
index 000000000..36062a604
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go
@@ -0,0 +1,18 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !cmp_debug
+// +build !cmp_debug
+
+package diff
+
+var debug debugger
+
+type debugger struct{}
+
+func (debugger) Begin(_, _ int, f EqualFunc, _, _ *EditScript) EqualFunc {
+	return f
+}
+func (debugger) Update() {}
+func (debugger) Finish() {}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go
new file mode 100644
index 000000000..a3b97a1ad
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go
@@ -0,0 +1,123 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build cmp_debug
+// +build cmp_debug
+
+package diff
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+	"time"
+)
+
+// The algorithm can be seen running in real-time by enabling debugging:
+//	go test -tags=cmp_debug -v
+//
+// Example output:
+//	=== RUN   TestDifference/#34
+//	┌───────────────────────────────�
+//	│ \ · · · · · · · · · · · · · · │
+//	│ · # · · · · · · · · · · · · · │
+//	│ · \ · · · · · · · · · · · · · │
+//	│ · · \ · · · · · · · · · · · · │
+//	│ · · · X # · · · · · · · · · · │
+//	│ · · · # \ · · · · · · · · · · │
+//	│ · · · · · # # · · · · · · · · │
+//	│ · · · · · # \ · · · · · · · · │
+//	│ · · · · · · · \ · · · · · · · │
+//	│ · · · · · · · · \ · · · · · · │
+//	│ · · · · · · · · · \ · · · · · │
+//	│ · · · · · · · · · · \ · · # · │
+//	│ · · · · · · · · · · · \ # # · │
+//	│ · · · · · · · · · · · # # # · │
+//	│ · · · · · · · · · · # # # # · │
+//	│ · · · · · · · · · # # # # # · │
+//	│ · · · · · · · · · · · · · · \ │
+//	└───────────────────────────────┘
+//	[.Y..M.XY......YXYXY.|]
+//
+// The grid represents the edit-graph where the horizontal axis represents
+// list X and the vertical axis represents list Y. The start of the two lists
+// is the top-left, while the ends are the bottom-right. The '·' represents
+// an unexplored node in the graph. The '\' indicates that the two symbols
+// from list X and Y are equal. The 'X' indicates that two symbols are similar
+// (but not exactly equal) to each other. The '#' indicates that the two symbols
+// are different (and not similar). The algorithm traverses this graph trying to
+// make the paths starting in the top-left and the bottom-right connect.
+//
+// The series of '.', 'X', 'Y', and 'M' characters at the bottom represents
+// the currently established path from the forward and reverse searches,
+// separated by a '|' character.
+
+const (
+	updateDelay  = 100 * time.Millisecond
+	finishDelay  = 500 * time.Millisecond
+	ansiTerminal = true // ANSI escape codes used to move terminal cursor
+)
+
+var debug debugger
+
+type debugger struct {
+	sync.Mutex
+	p1, p2           EditScript
+	fwdPath, revPath *EditScript
+	grid             []byte
+	lines            int
+}
+
+func (dbg *debugger) Begin(nx, ny int, f EqualFunc, p1, p2 *EditScript) EqualFunc {
+	dbg.Lock()
+	dbg.fwdPath, dbg.revPath = p1, p2
+	top := "┌─" + strings.Repeat("──", nx) + "�\n"
+	row := "│ " + strings.Repeat("· ", nx) + "│\n"
+	btm := "└─" + strings.Repeat("──", nx) + "┘\n"
+	dbg.grid = []byte(top + strings.Repeat(row, ny) + btm)
+	dbg.lines = strings.Count(dbg.String(), "\n")
+	fmt.Print(dbg)
+
+	// Wrap the EqualFunc so that we can intercept each result.
+	return func(ix, iy int) (r Result) {
+		cell := dbg.grid[len(top)+iy*len(row):][len("│ ")+len("· ")*ix:][:len("·")]
+		for i := range cell {
+			cell[i] = 0 // Zero out the multiple bytes of UTF-8 middle-dot
+		}
+		switch r = f(ix, iy); {
+		case r.Equal():
+			cell[0] = '\\'
+		case r.Similar():
+			cell[0] = 'X'
+		default:
+			cell[0] = '#'
+		}
+		return
+	}
+}
+
+func (dbg *debugger) Update() {
+	dbg.print(updateDelay)
+}
+
+func (dbg *debugger) Finish() {
+	dbg.print(finishDelay)
+	dbg.Unlock()
+}
+
+func (dbg *debugger) String() string {
+	dbg.p1, dbg.p2 = *dbg.fwdPath, dbg.p2[:0]
+	for i := len(*dbg.revPath) - 1; i >= 0; i-- {
+		dbg.p2 = append(dbg.p2, (*dbg.revPath)[i])
+	}
+	return fmt.Sprintf("%s[%v|%v]\n\n", dbg.grid, dbg.p1, dbg.p2)
+}
+
+func (dbg *debugger) print(d time.Duration) {
+	if ansiTerminal {
+		fmt.Printf("\x1b[%dA", dbg.lines) // Reset terminal cursor
+	}
+	fmt.Print(dbg)
+	time.Sleep(d)
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/diff/diff.go b/vendor/github.com/google/go-cmp/cmp/internal/diff/diff.go
new file mode 100644
index 000000000..bc196b16c
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/diff/diff.go
@@ -0,0 +1,398 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package diff implements an algorithm for producing edit-scripts.
+// The edit-script is a sequence of operations needed to transform one list
+// of symbols into another (or vice-versa). The edits allowed are insertions,
+// deletions, and modifications. The summation of all edits is called the
+// Levenshtein distance as this problem is well-known in computer science.
+//
+// This package prioritizes performance over accuracy. That is, the run time
+// is more important than obtaining a minimal Levenshtein distance.
+package diff
+
+import (
+	"math/rand"
+	"time"
+
+	"github.com/google/go-cmp/cmp/internal/flags"
+)
+
+// EditType represents a single operation within an edit-script.
+type EditType uint8
+
+const (
+	// Identity indicates that a symbol pair is identical in both list X and Y.
+	Identity EditType = iota
+	// UniqueX indicates that a symbol only exists in X and not Y.
+	UniqueX
+	// UniqueY indicates that a symbol only exists in Y and not X.
+	UniqueY
+	// Modified indicates that a symbol pair is a modification of each other.
+	Modified
+)
+
+// EditScript represents the series of differences between two lists.
+type EditScript []EditType
+
+// String returns a human-readable string representing the edit-script where
+// Identity, UniqueX, UniqueY, and Modified are represented by the
+// '.', 'X', 'Y', and 'M' characters, respectively.
+func (es EditScript) String() string {
+	b := make([]byte, len(es))
+	for i, e := range es {
+		switch e {
+		case Identity:
+			b[i] = '.'
+		case UniqueX:
+			b[i] = 'X'
+		case UniqueY:
+			b[i] = 'Y'
+		case Modified:
+			b[i] = 'M'
+		default:
+			panic("invalid edit-type")
+		}
+	}
+	return string(b)
+}
+
+// stats returns a histogram of the number of each type of edit operation.
+func (es EditScript) stats() (s struct{ NI, NX, NY, NM int }) {
+	for _, e := range es {
+		switch e {
+		case Identity:
+			s.NI++
+		case UniqueX:
+			s.NX++
+		case UniqueY:
+			s.NY++
+		case Modified:
+			s.NM++
+		default:
+			panic("invalid edit-type")
+		}
+	}
+	return
+}
+
+// Dist is the Levenshtein distance and is guaranteed to be 0 if and only if
+// lists X and Y are equal.
+func (es EditScript) Dist() int { return len(es) - es.stats().NI }
+
+// LenX is the length of the X list.
+func (es EditScript) LenX() int { return len(es) - es.stats().NY }
+
+// LenY is the length of the Y list.
+func (es EditScript) LenY() int { return len(es) - es.stats().NX }
+
+// EqualFunc reports whether the symbols at indexes ix and iy are equal.
+// When called by Difference, the index is guaranteed to be within nx and ny.
+type EqualFunc func(ix int, iy int) Result
+
+// Result is the result of comparison.
+// NumSame is the number of sub-elements that are equal.
+// NumDiff is the number of sub-elements that are not equal.
+type Result struct{ NumSame, NumDiff int }
+
+// BoolResult returns a Result that is either Equal or not Equal.
+func BoolResult(b bool) Result {
+	if b {
+		return Result{NumSame: 1} // Equal, Similar
+	} else {
+		return Result{NumDiff: 2} // Not Equal, not Similar
+	}
+}
+
+// Equal indicates whether the symbols are equal. Two symbols are equal
+// if and only if NumDiff == 0. If Equal, then they are also Similar.
+func (r Result) Equal() bool { return r.NumDiff == 0 }
+
+// Similar indicates whether two symbols are similar and may be represented
+// by using the Modified type. As a special case, we consider binary comparisons
+// (i.e., those that return Result{1, 0} or Result{0, 1}) to be similar.
+//
+// The exact ratio of NumSame to NumDiff to determine similarity may change.
+func (r Result) Similar() bool {
+	// Use NumSame+1 to offset NumSame so that binary comparisons are similar.
+	return r.NumSame+1 >= r.NumDiff
+}
+
+var randBool = rand.New(rand.NewSource(time.Now().Unix())).Intn(2) == 0
+
+// Difference reports whether two lists of lengths nx and ny are equal
+// given the definition of equality provided as f.
+//
+// This function returns an edit-script, which is a sequence of operations
+// needed to convert one list into the other. The following invariants for
+// the edit-script are maintained:
+//	• eq == (es.Dist()==0)
+//	• nx == es.LenX()
+//	• ny == es.LenY()
+//
+// This algorithm is not guaranteed to be an optimal solution (i.e., one that
+// produces an edit-script with a minimal Levenshtein distance). This algorithm
+// favors performance over optimality. The exact output is not guaranteed to
+// be stable and may change over time.
+func Difference(nx, ny int, f EqualFunc) (es EditScript) {
+	// This algorithm is based on traversing what is known as an "edit-graph".
+	// See Figure 1 from "An O(ND) Difference Algorithm and Its Variations"
+	// by Eugene W. Myers. Since D can be as large as N itself, this is
+	// effectively O(N^2). Unlike the algorithm from that paper, we are not
+	// interested in the optimal path, but at least some "decent" path.
+	//
+	// For example, let X and Y be lists of symbols:
+	//	X = [A B C A B B A]
+	//	Y = [C B A B A C]
+	//
+	// The edit-graph can be drawn as the following:
+	//	   A B C A B B A
+	//	  ┌─────────────�
+	//	C │_|_|\|_|_|_|_│ 0
+	//	B │_|\|_|_|\|\|_│ 1
+	//	A │\|_|_|\|_|_|\│ 2
+	//	B │_|\|_|_|\|\|_│ 3
+	//	A │\|_|_|\|_|_|\│ 4
+	//	C │ | |\| | | | │ 5
+	//	  └─────────────┘ 6
+	//	   0 1 2 3 4 5 6 7
+	//
+	// List X is written along the horizontal axis, while list Y is written
+	// along the vertical axis. At any point on this grid, if the symbol in
+	// list X matches the corresponding symbol in list Y, then a '\' is drawn.
+	// The goal of any minimal edit-script algorithm is to find a path from the
+	// top-left corner to the bottom-right corner, while traveling through the
+	// fewest horizontal or vertical edges.
+	// A horizontal edge is equivalent to inserting a symbol from list X.
+	// A vertical edge is equivalent to inserting a symbol from list Y.
+	// A diagonal edge is equivalent to a matching symbol between both X and Y.
+
+	// Invariants:
+	//	• 0 ≤ fwdPath.X ≤ (fwdFrontier.X, revFrontier.X) ≤ revPath.X ≤ nx
+	//	• 0 ≤ fwdPath.Y ≤ (fwdFrontier.Y, revFrontier.Y) ≤ revPath.Y ≤ ny
+	//
+	// In general:
+	//	• fwdFrontier.X < revFrontier.X
+	//	• fwdFrontier.Y < revFrontier.Y
+	// Unless, it is time for the algorithm to terminate.
+	fwdPath := path{+1, point{0, 0}, make(EditScript, 0, (nx+ny)/2)}
+	revPath := path{-1, point{nx, ny}, make(EditScript, 0)}
+	fwdFrontier := fwdPath.point // Forward search frontier
+	revFrontier := revPath.point // Reverse search frontier
+
+	// Search budget bounds the cost of searching for better paths.
+	// The longest sequence of non-matching symbols that can be tolerated is
+	// approximately the square-root of the search budget.
+	searchBudget := 4 * (nx + ny) // O(n)
+
+	// Running the tests with the "cmp_debug" build tag prints a visualization
+	// of the algorithm running in real-time. This is educational for
+	// understanding how the algorithm works. See debug_enable.go.
+	f = debug.Begin(nx, ny, f, &fwdPath.es, &revPath.es)
+
+	// The algorithm below is a greedy, meet-in-the-middle algorithm for
+	// computing sub-optimal edit-scripts between two lists.
+	//
+	// The algorithm is approximately as follows:
+	//	• Searching for differences switches back-and-forth between
+	//	a search that starts at the beginning (the top-left corner), and
+	//	a search that starts at the end (the bottom-right corner). The goal of
+	//	the search is connect with the search from the opposite corner.
+	//	• As we search, we build a path in a greedy manner, where the first
+	//	match seen is added to the path (this is sub-optimal, but provides a
+	//	decent result in practice). When matches are found, we try the next pair
+	//	of symbols in the lists and follow all matches as far as possible.
+	//	• When searching for matches, we search along a diagonal going through
+	//	through the "frontier" point. If no matches are found, we advance the
+	//	frontier towards the opposite corner.
+	//	• This algorithm terminates when either the X coordinates or the
+	//	Y coordinates of the forward and reverse frontier points ever intersect.
+
+	// This algorithm is correct even if searching only in the forward direction
+	// or in the reverse direction. We do both because it is commonly observed
+	// that two lists commonly differ because elements were added to the front
+	// or end of the other list.
+	//
+	// Non-deterministically start with either the forward or reverse direction
+	// to introduce some deliberate instability so that we have the flexibility
+	// to change this algorithm in the future.
+	if flags.Deterministic || randBool {
+		goto forwardSearch
+	} else {
+		goto reverseSearch
+	}
+
+forwardSearch:
+	{
+		// Forward search from the beginning.
+		if fwdFrontier.X >= revFrontier.X || fwdFrontier.Y >= revFrontier.Y || searchBudget == 0 {
+			goto finishSearch
+		}
+		for stop1, stop2, i := false, false, 0; !(stop1 && stop2) && searchBudget > 0; i++ {
+			// Search in a diagonal pattern for a match.
+			z := zigzag(i)
+			p := point{fwdFrontier.X + z, fwdFrontier.Y - z}
+			switch {
+			case p.X >= revPath.X || p.Y < fwdPath.Y:
+				stop1 = true // Hit top-right corner
+			case p.Y >= revPath.Y || p.X < fwdPath.X:
+				stop2 = true // Hit bottom-left corner
+			case f(p.X, p.Y).Equal():
+				// Match found, so connect the path to this point.
+				fwdPath.connect(p, f)
+				fwdPath.append(Identity)
+				// Follow sequence of matches as far as possible.
+				for fwdPath.X < revPath.X && fwdPath.Y < revPath.Y {
+					if !f(fwdPath.X, fwdPath.Y).Equal() {
+						break
+					}
+					fwdPath.append(Identity)
+				}
+				fwdFrontier = fwdPath.point
+				stop1, stop2 = true, true
+			default:
+				searchBudget-- // Match not found
+			}
+			debug.Update()
+		}
+		// Advance the frontier towards reverse point.
+		if revPath.X-fwdFrontier.X >= revPath.Y-fwdFrontier.Y {
+			fwdFrontier.X++
+		} else {
+			fwdFrontier.Y++
+		}
+		goto reverseSearch
+	}
+
+reverseSearch:
+	{
+		// Reverse search from the end.
+		if fwdFrontier.X >= revFrontier.X || fwdFrontier.Y >= revFrontier.Y || searchBudget == 0 {
+			goto finishSearch
+		}
+		for stop1, stop2, i := false, false, 0; !(stop1 && stop2) && searchBudget > 0; i++ {
+			// Search in a diagonal pattern for a match.
+			z := zigzag(i)
+			p := point{revFrontier.X - z, revFrontier.Y + z}
+			switch {
+			case fwdPath.X >= p.X || revPath.Y < p.Y:
+				stop1 = true // Hit bottom-left corner
+			case fwdPath.Y >= p.Y || revPath.X < p.X:
+				stop2 = true // Hit top-right corner
+			case f(p.X-1, p.Y-1).Equal():
+				// Match found, so connect the path to this point.
+				revPath.connect(p, f)
+				revPath.append(Identity)
+				// Follow sequence of matches as far as possible.
+				for fwdPath.X < revPath.X && fwdPath.Y < revPath.Y {
+					if !f(revPath.X-1, revPath.Y-1).Equal() {
+						break
+					}
+					revPath.append(Identity)
+				}
+				revFrontier = revPath.point
+				stop1, stop2 = true, true
+			default:
+				searchBudget-- // Match not found
+			}
+			debug.Update()
+		}
+		// Advance the frontier towards forward point.
+		if revFrontier.X-fwdPath.X >= revFrontier.Y-fwdPath.Y {
+			revFrontier.X--
+		} else {
+			revFrontier.Y--
+		}
+		goto forwardSearch
+	}
+
+finishSearch:
+	// Join the forward and reverse paths and then append the reverse path.
+	fwdPath.connect(revPath.point, f)
+	for i := len(revPath.es) - 1; i >= 0; i-- {
+		t := revPath.es[i]
+		revPath.es = revPath.es[:i]
+		fwdPath.append(t)
+	}
+	debug.Finish()
+	return fwdPath.es
+}
+
+type path struct {
+	dir   int // +1 if forward, -1 if reverse
+	point     // Leading point of the EditScript path
+	es    EditScript
+}
+
+// connect appends any necessary Identity, Modified, UniqueX, or UniqueY types
+// to the edit-script to connect p.point to dst.
+func (p *path) connect(dst point, f EqualFunc) {
+	if p.dir > 0 {
+		// Connect in forward direction.
+		for dst.X > p.X && dst.Y > p.Y {
+			switch r := f(p.X, p.Y); {
+			case r.Equal():
+				p.append(Identity)
+			case r.Similar():
+				p.append(Modified)
+			case dst.X-p.X >= dst.Y-p.Y:
+				p.append(UniqueX)
+			default:
+				p.append(UniqueY)
+			}
+		}
+		for dst.X > p.X {
+			p.append(UniqueX)
+		}
+		for dst.Y > p.Y {
+			p.append(UniqueY)
+		}
+	} else {
+		// Connect in reverse direction.
+		for p.X > dst.X && p.Y > dst.Y {
+			switch r := f(p.X-1, p.Y-1); {
+			case r.Equal():
+				p.append(Identity)
+			case r.Similar():
+				p.append(Modified)
+			case p.Y-dst.Y >= p.X-dst.X:
+				p.append(UniqueY)
+			default:
+				p.append(UniqueX)
+			}
+		}
+		for p.X > dst.X {
+			p.append(UniqueX)
+		}
+		for p.Y > dst.Y {
+			p.append(UniqueY)
+		}
+	}
+}
+
+func (p *path) append(t EditType) {
+	p.es = append(p.es, t)
+	switch t {
+	case Identity, Modified:
+		p.add(p.dir, p.dir)
+	case UniqueX:
+		p.add(p.dir, 0)
+	case UniqueY:
+		p.add(0, p.dir)
+	}
+	debug.Update()
+}
+
+type point struct{ X, Y int }
+
+func (p *point) add(dx, dy int) { p.X += dx; p.Y += dy }
+
+// zigzag maps a consecutive sequence of integers to a zig-zag sequence.
+//	[0 1 2 3 4 5 ...] => [0 -1 +1 -2 +2 ...]
+func zigzag(x int) int {
+	if x&1 != 0 {
+		x = ^x
+	}
+	return x >> 1
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/flags/flags.go b/vendor/github.com/google/go-cmp/cmp/internal/flags/flags.go
new file mode 100644
index 000000000..d8e459c9b
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/flags/flags.go
@@ -0,0 +1,9 @@
+// Copyright 2019, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package flags
+
+// Deterministic controls whether the output of Diff should be deterministic.
+// This is only used for testing.
+var Deterministic bool
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/function/func.go b/vendor/github.com/google/go-cmp/cmp/internal/function/func.go
new file mode 100644
index 000000000..d127d4362
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/function/func.go
@@ -0,0 +1,99 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package function provides functionality for identifying function types.
+package function
+
+import (
+	"reflect"
+	"regexp"
+	"runtime"
+	"strings"
+)
+
+type funcType int
+
+const (
+	_ funcType = iota
+
+	tbFunc  // func(T) bool
+	ttbFunc // func(T, T) bool
+	trbFunc // func(T, R) bool
+	tibFunc // func(T, I) bool
+	trFunc  // func(T) R
+
+	Equal             = ttbFunc // func(T, T) bool
+	EqualAssignable   = tibFunc // func(T, I) bool; encapsulates func(T, T) bool
+	Transformer       = trFunc  // func(T) R
+	ValueFilter       = ttbFunc // func(T, T) bool
+	Less              = ttbFunc // func(T, T) bool
+	ValuePredicate    = tbFunc  // func(T) bool
+	KeyValuePredicate = trbFunc // func(T, R) bool
+)
+
+var boolType = reflect.TypeOf(true)
+
+// IsType reports whether the reflect.Type is of the specified function type.
+func IsType(t reflect.Type, ft funcType) bool {
+	if t == nil || t.Kind() != reflect.Func || t.IsVariadic() {
+		return false
+	}
+	ni, no := t.NumIn(), t.NumOut()
+	switch ft {
+	case tbFunc: // func(T) bool
+		if ni == 1 && no == 1 && t.Out(0) == boolType {
+			return true
+		}
+	case ttbFunc: // func(T, T) bool
+		if ni == 2 && no == 1 && t.In(0) == t.In(1) && t.Out(0) == boolType {
+			return true
+		}
+	case trbFunc: // func(T, R) bool
+		if ni == 2 && no == 1 && t.Out(0) == boolType {
+			return true
+		}
+	case tibFunc: // func(T, I) bool
+		if ni == 2 && no == 1 && t.In(0).AssignableTo(t.In(1)) && t.Out(0) == boolType {
+			return true
+		}
+	case trFunc: // func(T) R
+		if ni == 1 && no == 1 {
+			return true
+		}
+	}
+	return false
+}
+
+var lastIdentRx = regexp.MustCompile(`[_\p{L}][_\p{L}\p{N}]*$`)
+
+// NameOf returns the name of the function value.
+func NameOf(v reflect.Value) string {
+	fnc := runtime.FuncForPC(v.Pointer())
+	if fnc == nil {
+		return "<unknown>"
+	}
+	fullName := fnc.Name() // e.g., "long/path/name/mypkg.(*MyType).(long/path/name/mypkg.myMethod)-fm"
+
+	// Method closures have a "-fm" suffix.
+	fullName = strings.TrimSuffix(fullName, "-fm")
+
+	var name string
+	for len(fullName) > 0 {
+		inParen := strings.HasSuffix(fullName, ")")
+		fullName = strings.TrimSuffix(fullName, ")")
+
+		s := lastIdentRx.FindString(fullName)
+		if s == "" {
+			break
+		}
+		name = s + "." + name
+		fullName = strings.TrimSuffix(fullName, s)
+
+		if i := strings.LastIndexByte(fullName, '('); inParen && i >= 0 {
+			fullName = fullName[:i]
+		}
+		fullName = strings.TrimSuffix(fullName, ".")
+	}
+	return strings.TrimSuffix(name, ".")
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/name.go b/vendor/github.com/google/go-cmp/cmp/internal/value/name.go
new file mode 100644
index 000000000..7b498bb2c
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/name.go
@@ -0,0 +1,164 @@
+// Copyright 2020, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package value
+
+import (
+	"reflect"
+	"strconv"
+)
+
+var anyType = reflect.TypeOf((*interface{})(nil)).Elem()
+
+// TypeString is nearly identical to reflect.Type.String,
+// but has an additional option to specify that full type names be used.
+func TypeString(t reflect.Type, qualified bool) string {
+	return string(appendTypeName(nil, t, qualified, false))
+}
+
+func appendTypeName(b []byte, t reflect.Type, qualified, elideFunc bool) []byte {
+	// BUG: Go reflection provides no way to disambiguate two named types
+	// of the same name and within the same package,
+	// but declared within the namespace of different functions.
+
+	// Use the "any" alias instead of "interface{}" for better readability.
+	if t == anyType {
+		return append(b, "any"...)
+	}
+
+	// Named type.
+	if t.Name() != "" {
+		if qualified && t.PkgPath() != "" {
+			b = append(b, '"')
+			b = append(b, t.PkgPath()...)
+			b = append(b, '"')
+			b = append(b, '.')
+			b = append(b, t.Name()...)
+		} else {
+			b = append(b, t.String()...)
+		}
+		return b
+	}
+
+	// Unnamed type.
+	switch k := t.Kind(); k {
+	case reflect.Bool, reflect.String, reflect.UnsafePointer,
+		reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+		reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr,
+		reflect.Float32, reflect.Float64, reflect.Complex64, reflect.Complex128:
+		b = append(b, k.String()...)
+	case reflect.Chan:
+		if t.ChanDir() == reflect.RecvDir {
+			b = append(b, "<-"...)
+		}
+		b = append(b, "chan"...)
+		if t.ChanDir() == reflect.SendDir {
+			b = append(b, "<-"...)
+		}
+		b = append(b, ' ')
+		b = appendTypeName(b, t.Elem(), qualified, false)
+	case reflect.Func:
+		if !elideFunc {
+			b = append(b, "func"...)
+		}
+		b = append(b, '(')
+		for i := 0; i < t.NumIn(); i++ {
+			if i > 0 {
+				b = append(b, ", "...)
+			}
+			if i == t.NumIn()-1 && t.IsVariadic() {
+				b = append(b, "..."...)
+				b = appendTypeName(b, t.In(i).Elem(), qualified, false)
+			} else {
+				b = appendTypeName(b, t.In(i), qualified, false)
+			}
+		}
+		b = append(b, ')')
+		switch t.NumOut() {
+		case 0:
+			// Do nothing
+		case 1:
+			b = append(b, ' ')
+			b = appendTypeName(b, t.Out(0), qualified, false)
+		default:
+			b = append(b, " ("...)
+			for i := 0; i < t.NumOut(); i++ {
+				if i > 0 {
+					b = append(b, ", "...)
+				}
+				b = appendTypeName(b, t.Out(i), qualified, false)
+			}
+			b = append(b, ')')
+		}
+	case reflect.Struct:
+		b = append(b, "struct{ "...)
+		for i := 0; i < t.NumField(); i++ {
+			if i > 0 {
+				b = append(b, "; "...)
+			}
+			sf := t.Field(i)
+			if !sf.Anonymous {
+				if qualified && sf.PkgPath != "" {
+					b = append(b, '"')
+					b = append(b, sf.PkgPath...)
+					b = append(b, '"')
+					b = append(b, '.')
+				}
+				b = append(b, sf.Name...)
+				b = append(b, ' ')
+			}
+			b = appendTypeName(b, sf.Type, qualified, false)
+			if sf.Tag != "" {
+				b = append(b, ' ')
+				b = strconv.AppendQuote(b, string(sf.Tag))
+			}
+		}
+		if b[len(b)-1] == ' ' {
+			b = b[:len(b)-1]
+		} else {
+			b = append(b, ' ')
+		}
+		b = append(b, '}')
+	case reflect.Slice, reflect.Array:
+		b = append(b, '[')
+		if k == reflect.Array {
+			b = strconv.AppendUint(b, uint64(t.Len()), 10)
+		}
+		b = append(b, ']')
+		b = appendTypeName(b, t.Elem(), qualified, false)
+	case reflect.Map:
+		b = append(b, "map["...)
+		b = appendTypeName(b, t.Key(), qualified, false)
+		b = append(b, ']')
+		b = appendTypeName(b, t.Elem(), qualified, false)
+	case reflect.Ptr:
+		b = append(b, '*')
+		b = appendTypeName(b, t.Elem(), qualified, false)
+	case reflect.Interface:
+		b = append(b, "interface{ "...)
+		for i := 0; i < t.NumMethod(); i++ {
+			if i > 0 {
+				b = append(b, "; "...)
+			}
+			m := t.Method(i)
+			if qualified && m.PkgPath != "" {
+				b = append(b, '"')
+				b = append(b, m.PkgPath...)
+				b = append(b, '"')
+				b = append(b, '.')
+			}
+			b = append(b, m.Name...)
+			b = appendTypeName(b, m.Type, qualified, true)
+		}
+		if b[len(b)-1] == ' ' {
+			b = b[:len(b)-1]
+		} else {
+			b = append(b, ' ')
+		}
+		b = append(b, '}')
+	default:
+		panic("invalid kind: " + k.String())
+	}
+	return b
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
new file mode 100644
index 000000000..1a71bfcbd
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
@@ -0,0 +1,34 @@
+// Copyright 2018, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build purego
+// +build purego
+
+package value
+
+import "reflect"
+
+// Pointer is an opaque typed pointer and is guaranteed to be comparable.
+type Pointer struct {
+	p uintptr
+	t reflect.Type
+}
+
+// PointerOf returns a Pointer from v, which must be a
+// reflect.Ptr, reflect.Slice, or reflect.Map.
+func PointerOf(v reflect.Value) Pointer {
+	// NOTE: Storing a pointer as an uintptr is technically incorrect as it
+	// assumes that the GC implementation does not use a moving collector.
+	return Pointer{v.Pointer(), v.Type()}
+}
+
+// IsNil reports whether the pointer is nil.
+func (p Pointer) IsNil() bool {
+	return p.p == 0
+}
+
+// Uintptr returns the pointer as a uintptr.
+func (p Pointer) Uintptr() uintptr {
+	return p.p
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
new file mode 100644
index 000000000..16e6860af
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
@@ -0,0 +1,37 @@
+// Copyright 2018, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !purego
+// +build !purego
+
+package value
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// Pointer is an opaque typed pointer and is guaranteed to be comparable.
+type Pointer struct {
+	p unsafe.Pointer
+	t reflect.Type
+}
+
+// PointerOf returns a Pointer from v, which must be a
+// reflect.Ptr, reflect.Slice, or reflect.Map.
+func PointerOf(v reflect.Value) Pointer {
+	// The proper representation of a pointer is unsafe.Pointer,
+	// which is necessary if the GC ever uses a moving collector.
+	return Pointer{unsafe.Pointer(v.Pointer()), v.Type()}
+}
+
+// IsNil reports whether the pointer is nil.
+func (p Pointer) IsNil() bool {
+	return p.p == nil
+}
+
+// Uintptr returns the pointer as a uintptr.
+func (p Pointer) Uintptr() uintptr {
+	return uintptr(p.p)
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/sort.go b/vendor/github.com/google/go-cmp/cmp/internal/value/sort.go
new file mode 100644
index 000000000..98533b036
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/sort.go
@@ -0,0 +1,106 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package value
+
+import (
+	"fmt"
+	"math"
+	"reflect"
+	"sort"
+)
+
+// SortKeys sorts a list of map keys, deduplicating keys if necessary.
+// The type of each value must be comparable.
+func SortKeys(vs []reflect.Value) []reflect.Value {
+	if len(vs) == 0 {
+		return vs
+	}
+
+	// Sort the map keys.
+	sort.SliceStable(vs, func(i, j int) bool { return isLess(vs[i], vs[j]) })
+
+	// Deduplicate keys (fails for NaNs).
+	vs2 := vs[:1]
+	for _, v := range vs[1:] {
+		if isLess(vs2[len(vs2)-1], v) {
+			vs2 = append(vs2, v)
+		}
+	}
+	return vs2
+}
+
+// isLess is a generic function for sorting arbitrary map keys.
+// The inputs must be of the same type and must be comparable.
+func isLess(x, y reflect.Value) bool {
+	switch x.Type().Kind() {
+	case reflect.Bool:
+		return !x.Bool() && y.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return x.Int() < y.Int()
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return x.Uint() < y.Uint()
+	case reflect.Float32, reflect.Float64:
+		// NOTE: This does not sort -0 as less than +0
+		// since Go maps treat -0 and +0 as equal keys.
+		fx, fy := x.Float(), y.Float()
+		return fx < fy || math.IsNaN(fx) && !math.IsNaN(fy)
+	case reflect.Complex64, reflect.Complex128:
+		cx, cy := x.Complex(), y.Complex()
+		rx, ix, ry, iy := real(cx), imag(cx), real(cy), imag(cy)
+		if rx == ry || (math.IsNaN(rx) && math.IsNaN(ry)) {
+			return ix < iy || math.IsNaN(ix) && !math.IsNaN(iy)
+		}
+		return rx < ry || math.IsNaN(rx) && !math.IsNaN(ry)
+	case reflect.Ptr, reflect.UnsafePointer, reflect.Chan:
+		return x.Pointer() < y.Pointer()
+	case reflect.String:
+		return x.String() < y.String()
+	case reflect.Array:
+		for i := 0; i < x.Len(); i++ {
+			if isLess(x.Index(i), y.Index(i)) {
+				return true
+			}
+			if isLess(y.Index(i), x.Index(i)) {
+				return false
+			}
+		}
+		return false
+	case reflect.Struct:
+		for i := 0; i < x.NumField(); i++ {
+			if isLess(x.Field(i), y.Field(i)) {
+				return true
+			}
+			if isLess(y.Field(i), x.Field(i)) {
+				return false
+			}
+		}
+		return false
+	case reflect.Interface:
+		vx, vy := x.Elem(), y.Elem()
+		if !vx.IsValid() || !vy.IsValid() {
+			return !vx.IsValid() && vy.IsValid()
+		}
+		tx, ty := vx.Type(), vy.Type()
+		if tx == ty {
+			return isLess(x.Elem(), y.Elem())
+		}
+		if tx.Kind() != ty.Kind() {
+			return vx.Kind() < vy.Kind()
+		}
+		if tx.String() != ty.String() {
+			return tx.String() < ty.String()
+		}
+		if tx.PkgPath() != ty.PkgPath() {
+			return tx.PkgPath() < ty.PkgPath()
+		}
+		// This can happen in rare situations, so we fallback to just comparing
+		// the unique pointer for a reflect.Type. This guarantees deterministic
+		// ordering within a program, but it is obviously not stable.
+		return reflect.ValueOf(vx.Type()).Pointer() < reflect.ValueOf(vy.Type()).Pointer()
+	default:
+		// Must be Func, Map, or Slice; which are not comparable.
+		panic(fmt.Sprintf("%T is not comparable", x.Type()))
+	}
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/zero.go b/vendor/github.com/google/go-cmp/cmp/internal/value/zero.go
new file mode 100644
index 000000000..9147a2997
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/zero.go
@@ -0,0 +1,48 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package value
+
+import (
+	"math"
+	"reflect"
+)
+
+// IsZero reports whether v is the zero value.
+// This does not rely on Interface and so can be used on unexported fields.
+func IsZero(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Bool:
+		return v.Bool() == false
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return math.Float64bits(v.Float()) == 0
+	case reflect.Complex64, reflect.Complex128:
+		return math.Float64bits(real(v.Complex())) == 0 && math.Float64bits(imag(v.Complex())) == 0
+	case reflect.String:
+		return v.String() == ""
+	case reflect.UnsafePointer:
+		return v.Pointer() == 0
+	case reflect.Chan, reflect.Func, reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice:
+		return v.IsNil()
+	case reflect.Array:
+		for i := 0; i < v.Len(); i++ {
+			if !IsZero(v.Index(i)) {
+				return false
+			}
+		}
+		return true
+	case reflect.Struct:
+		for i := 0; i < v.NumField(); i++ {
+			if !IsZero(v.Field(i)) {
+				return false
+			}
+		}
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/options.go b/vendor/github.com/google/go-cmp/cmp/options.go
new file mode 100644
index 000000000..e57b9eb53
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/options.go
@@ -0,0 +1,552 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+	"fmt"
+	"reflect"
+	"regexp"
+	"strings"
+
+	"github.com/google/go-cmp/cmp/internal/function"
+)
+
+// Option configures for specific behavior of Equal and Diff. In particular,
+// the fundamental Option functions (Ignore, Transformer, and Comparer),
+// configure how equality is determined.
+//
+// The fundamental options may be composed with filters (FilterPath and
+// FilterValues) to control the scope over which they are applied.
+//
+// The cmp/cmpopts package provides helper functions for creating options that
+// may be used with Equal and Diff.
+type Option interface {
+	// filter applies all filters and returns the option that remains.
+	// Each option may only read s.curPath and call s.callTTBFunc.
+	//
+	// An Options is returned only if multiple comparers or transformers
+	// can apply simultaneously and will only contain values of those types
+	// or sub-Options containing values of those types.
+	filter(s *state, t reflect.Type, vx, vy reflect.Value) applicableOption
+}
+
+// applicableOption represents the following types:
+//	Fundamental: ignore | validator | *comparer | *transformer
+//	Grouping:    Options
+type applicableOption interface {
+	Option
+
+	// apply executes the option, which may mutate s or panic.
+	apply(s *state, vx, vy reflect.Value)
+}
+
+// coreOption represents the following types:
+//	Fundamental: ignore | validator | *comparer | *transformer
+//	Filters:     *pathFilter | *valuesFilter
+type coreOption interface {
+	Option
+	isCore()
+}
+
+type core struct{}
+
+func (core) isCore() {}
+
+// Options is a list of Option values that also satisfies the Option interface.
+// Helper comparison packages may return an Options value when packing multiple
+// Option values into a single Option. When this package processes an Options,
+// it will be implicitly expanded into a flat list.
+//
+// Applying a filter on an Options is equivalent to applying that same filter
+// on all individual options held within.
+type Options []Option
+
+func (opts Options) filter(s *state, t reflect.Type, vx, vy reflect.Value) (out applicableOption) {
+	for _, opt := range opts {
+		switch opt := opt.filter(s, t, vx, vy); opt.(type) {
+		case ignore:
+			return ignore{} // Only ignore can short-circuit evaluation
+		case validator:
+			out = validator{} // Takes precedence over comparer or transformer
+		case *comparer, *transformer, Options:
+			switch out.(type) {
+			case nil:
+				out = opt
+			case validator:
+				// Keep validator
+			case *comparer, *transformer, Options:
+				out = Options{out, opt} // Conflicting comparers or transformers
+			}
+		}
+	}
+	return out
+}
+
+func (opts Options) apply(s *state, _, _ reflect.Value) {
+	const warning = "ambiguous set of applicable options"
+	const help = "consider using filters to ensure at most one Comparer or Transformer may apply"
+	var ss []string
+	for _, opt := range flattenOptions(nil, opts) {
+		ss = append(ss, fmt.Sprint(opt))
+	}
+	set := strings.Join(ss, "\n\t")
+	panic(fmt.Sprintf("%s at %#v:\n\t%s\n%s", warning, s.curPath, set, help))
+}
+
+func (opts Options) String() string {
+	var ss []string
+	for _, opt := range opts {
+		ss = append(ss, fmt.Sprint(opt))
+	}
+	return fmt.Sprintf("Options{%s}", strings.Join(ss, ", "))
+}
+
+// FilterPath returns a new Option where opt is only evaluated if filter f
+// returns true for the current Path in the value tree.
+//
+// This filter is called even if a slice element or map entry is missing and
+// provides an opportunity to ignore such cases. The filter function must be
+// symmetric such that the filter result is identical regardless of whether the
+// missing value is from x or y.
+//
+// The option passed in may be an Ignore, Transformer, Comparer, Options, or
+// a previously filtered Option.
+func FilterPath(f func(Path) bool, opt Option) Option {
+	if f == nil {
+		panic("invalid path filter function")
+	}
+	if opt := normalizeOption(opt); opt != nil {
+		return &pathFilter{fnc: f, opt: opt}
+	}
+	return nil
+}
+
+type pathFilter struct {
+	core
+	fnc func(Path) bool
+	opt Option
+}
+
+func (f pathFilter) filter(s *state, t reflect.Type, vx, vy reflect.Value) applicableOption {
+	if f.fnc(s.curPath) {
+		return f.opt.filter(s, t, vx, vy)
+	}
+	return nil
+}
+
+func (f pathFilter) String() string {
+	return fmt.Sprintf("FilterPath(%s, %v)", function.NameOf(reflect.ValueOf(f.fnc)), f.opt)
+}
+
+// FilterValues returns a new Option where opt is only evaluated if filter f,
+// which is a function of the form "func(T, T) bool", returns true for the
+// current pair of values being compared. If either value is invalid or
+// the type of the values is not assignable to T, then this filter implicitly
+// returns false.
+//
+// The filter function must be
+// symmetric (i.e., agnostic to the order of the inputs) and
+// deterministic (i.e., produces the same result when given the same inputs).
+// If T is an interface, it is possible that f is called with two values with
+// different concrete types that both implement T.
+//
+// The option passed in may be an Ignore, Transformer, Comparer, Options, or
+// a previously filtered Option.
+func FilterValues(f interface{}, opt Option) Option {
+	v := reflect.ValueOf(f)
+	if !function.IsType(v.Type(), function.ValueFilter) || v.IsNil() {
+		panic(fmt.Sprintf("invalid values filter function: %T", f))
+	}
+	if opt := normalizeOption(opt); opt != nil {
+		vf := &valuesFilter{fnc: v, opt: opt}
+		if ti := v.Type().In(0); ti.Kind() != reflect.Interface || ti.NumMethod() > 0 {
+			vf.typ = ti
+		}
+		return vf
+	}
+	return nil
+}
+
+type valuesFilter struct {
+	core
+	typ reflect.Type  // T
+	fnc reflect.Value // func(T, T) bool
+	opt Option
+}
+
+func (f valuesFilter) filter(s *state, t reflect.Type, vx, vy reflect.Value) applicableOption {
+	if !vx.IsValid() || !vx.CanInterface() || !vy.IsValid() || !vy.CanInterface() {
+		return nil
+	}
+	if (f.typ == nil || t.AssignableTo(f.typ)) && s.callTTBFunc(f.fnc, vx, vy) {
+		return f.opt.filter(s, t, vx, vy)
+	}
+	return nil
+}
+
+func (f valuesFilter) String() string {
+	return fmt.Sprintf("FilterValues(%s, %v)", function.NameOf(f.fnc), f.opt)
+}
+
+// Ignore is an Option that causes all comparisons to be ignored.
+// This value is intended to be combined with FilterPath or FilterValues.
+// It is an error to pass an unfiltered Ignore option to Equal.
+func Ignore() Option { return ignore{} }
+
+type ignore struct{ core }
+
+func (ignore) isFiltered() bool                                                     { return false }
+func (ignore) filter(_ *state, _ reflect.Type, _, _ reflect.Value) applicableOption { return ignore{} }
+func (ignore) apply(s *state, _, _ reflect.Value)                                   { s.report(true, reportByIgnore) }
+func (ignore) String() string                                                       { return "Ignore()" }
+
+// validator is a sentinel Option type to indicate that some options could not
+// be evaluated due to unexported fields, missing slice elements, or
+// missing map entries. Both values are validator only for unexported fields.
+type validator struct{ core }
+
+func (validator) filter(_ *state, _ reflect.Type, vx, vy reflect.Value) applicableOption {
+	if !vx.IsValid() || !vy.IsValid() {
+		return validator{}
+	}
+	if !vx.CanInterface() || !vy.CanInterface() {
+		return validator{}
+	}
+	return nil
+}
+func (validator) apply(s *state, vx, vy reflect.Value) {
+	// Implies missing slice element or map entry.
+	if !vx.IsValid() || !vy.IsValid() {
+		s.report(vx.IsValid() == vy.IsValid(), 0)
+		return
+	}
+
+	// Unable to Interface implies unexported field without visibility access.
+	if !vx.CanInterface() || !vy.CanInterface() {
+		help := "consider using a custom Comparer; if you control the implementation of type, you can also consider using an Exporter, AllowUnexported, or cmpopts.IgnoreUnexported"
+		var name string
+		if t := s.curPath.Index(-2).Type(); t.Name() != "" {
+			// Named type with unexported fields.
+			name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) // e.g., "path/to/package".MyType
+			if _, ok := reflect.New(t).Interface().(error); ok {
+				help = "consider using cmpopts.EquateErrors to compare error values"
+			}
+		} else {
+			// Unnamed type with unexported fields. Derive PkgPath from field.
+			var pkgPath string
+			for i := 0; i < t.NumField() && pkgPath == ""; i++ {
+				pkgPath = t.Field(i).PkgPath
+			}
+			name = fmt.Sprintf("%q.(%v)", pkgPath, t.String()) // e.g., "path/to/package".(struct { a int })
+		}
+		panic(fmt.Sprintf("cannot handle unexported field at %#v:\n\t%v\n%s", s.curPath, name, help))
+	}
+
+	panic("not reachable")
+}
+
+// identRx represents a valid identifier according to the Go specification.
+const identRx = `[_\p{L}][_\p{L}\p{N}]*`
+
+var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
+
+// Transformer returns an Option that applies a transformation function that
+// converts values of a certain type into that of another.
+//
+// The transformer f must be a function "func(T) R" that converts values of
+// type T to those of type R and is implicitly filtered to input values
+// assignable to T. The transformer must not mutate T in any way.
+//
+// To help prevent some cases of infinite recursive cycles applying the
+// same transform to the output of itself (e.g., in the case where the
+// input and output types are the same), an implicit filter is added such that
+// a transformer is applicable only if that exact transformer is not already
+// in the tail of the Path since the last non-Transform step.
+// For situations where the implicit filter is still insufficient,
+// consider using cmpopts.AcyclicTransformer, which adds a filter
+// to prevent the transformer from being recursively applied upon itself.
+//
+// The name is a user provided label that is used as the Transform.Name in the
+// transformation PathStep (and eventually shown in the Diff output).
+// The name must be a valid identifier or qualified identifier in Go syntax.
+// If empty, an arbitrary name is used.
+func Transformer(name string, f interface{}) Option {
+	v := reflect.ValueOf(f)
+	if !function.IsType(v.Type(), function.Transformer) || v.IsNil() {
+		panic(fmt.Sprintf("invalid transformer function: %T", f))
+	}
+	if name == "" {
+		name = function.NameOf(v)
+		if !identsRx.MatchString(name) {
+			name = "λ" // Lambda-symbol as placeholder name
+		}
+	} else if !identsRx.MatchString(name) {
+		panic(fmt.Sprintf("invalid name: %q", name))
+	}
+	tr := &transformer{name: name, fnc: reflect.ValueOf(f)}
+	if ti := v.Type().In(0); ti.Kind() != reflect.Interface || ti.NumMethod() > 0 {
+		tr.typ = ti
+	}
+	return tr
+}
+
+type transformer struct {
+	core
+	name string
+	typ  reflect.Type  // T
+	fnc  reflect.Value // func(T) R
+}
+
+func (tr *transformer) isFiltered() bool { return tr.typ != nil }
+
+func (tr *transformer) filter(s *state, t reflect.Type, _, _ reflect.Value) applicableOption {
+	for i := len(s.curPath) - 1; i >= 0; i-- {
+		if t, ok := s.curPath[i].(Transform); !ok {
+			break // Hit most recent non-Transform step
+		} else if tr == t.trans {
+			return nil // Cannot directly use same Transform
+		}
+	}
+	if tr.typ == nil || t.AssignableTo(tr.typ) {
+		return tr
+	}
+	return nil
+}
+
+func (tr *transformer) apply(s *state, vx, vy reflect.Value) {
+	step := Transform{&transform{pathStep{typ: tr.fnc.Type().Out(0)}, tr}}
+	vvx := s.callTRFunc(tr.fnc, vx, step)
+	vvy := s.callTRFunc(tr.fnc, vy, step)
+	step.vx, step.vy = vvx, vvy
+	s.compareAny(step)
+}
+
+func (tr transformer) String() string {
+	return fmt.Sprintf("Transformer(%s, %s)", tr.name, function.NameOf(tr.fnc))
+}
+
+// Comparer returns an Option that determines whether two values are equal
+// to each other.
+//
+// The comparer f must be a function "func(T, T) bool" and is implicitly
+// filtered to input values assignable to T. If T is an interface, it is
+// possible that f is called with two values of different concrete types that
+// both implement T.
+//
+// The equality function must be:
+//	• Symmetric: equal(x, y) == equal(y, x)
+//	• Deterministic: equal(x, y) == equal(x, y)
+//	• Pure: equal(x, y) does not modify x or y
+func Comparer(f interface{}) Option {
+	v := reflect.ValueOf(f)
+	if !function.IsType(v.Type(), function.Equal) || v.IsNil() {
+		panic(fmt.Sprintf("invalid comparer function: %T", f))
+	}
+	cm := &comparer{fnc: v}
+	if ti := v.Type().In(0); ti.Kind() != reflect.Interface || ti.NumMethod() > 0 {
+		cm.typ = ti
+	}
+	return cm
+}
+
+type comparer struct {
+	core
+	typ reflect.Type  // T
+	fnc reflect.Value // func(T, T) bool
+}
+
+func (cm *comparer) isFiltered() bool { return cm.typ != nil }
+
+func (cm *comparer) filter(_ *state, t reflect.Type, _, _ reflect.Value) applicableOption {
+	if cm.typ == nil || t.AssignableTo(cm.typ) {
+		return cm
+	}
+	return nil
+}
+
+func (cm *comparer) apply(s *state, vx, vy reflect.Value) {
+	eq := s.callTTBFunc(cm.fnc, vx, vy)
+	s.report(eq, reportByFunc)
+}
+
+func (cm comparer) String() string {
+	return fmt.Sprintf("Comparer(%s)", function.NameOf(cm.fnc))
+}
+
+// Exporter returns an Option that specifies whether Equal is allowed to
+// introspect into the unexported fields of certain struct types.
+//
+// Users of this option must understand that comparing on unexported fields
+// from external packages is not safe since changes in the internal
+// implementation of some external package may cause the result of Equal
+// to unexpectedly change. However, it may be valid to use this option on types
+// defined in an internal package where the semantic meaning of an unexported
+// field is in the control of the user.
+//
+// In many cases, a custom Comparer should be used instead that defines
+// equality as a function of the public API of a type rather than the underlying
+// unexported implementation.
+//
+// For example, the reflect.Type documentation defines equality to be determined
+// by the == operator on the interface (essentially performing a shallow pointer
+// comparison) and most attempts to compare *regexp.Regexp types are interested
+// in only checking that the regular expression strings are equal.
+// Both of these are accomplished using Comparers:
+//
+//	Comparer(func(x, y reflect.Type) bool { return x == y })
+//	Comparer(func(x, y *regexp.Regexp) bool { return x.String() == y.String() })
+//
+// In other cases, the cmpopts.IgnoreUnexported option can be used to ignore
+// all unexported fields on specified struct types.
+func Exporter(f func(reflect.Type) bool) Option {
+	if !supportExporters {
+		panic("Exporter is not supported on purego builds")
+	}
+	return exporter(f)
+}
+
+type exporter func(reflect.Type) bool
+
+func (exporter) filter(_ *state, _ reflect.Type, _, _ reflect.Value) applicableOption {
+	panic("not implemented")
+}
+
+// AllowUnexported returns an Options that allows Equal to forcibly introspect
+// unexported fields of the specified struct types.
+//
+// See Exporter for the proper use of this option.
+func AllowUnexported(types ...interface{}) Option {
+	m := make(map[reflect.Type]bool)
+	for _, typ := range types {
+		t := reflect.TypeOf(typ)
+		if t.Kind() != reflect.Struct {
+			panic(fmt.Sprintf("invalid struct type: %T", typ))
+		}
+		m[t] = true
+	}
+	return exporter(func(t reflect.Type) bool { return m[t] })
+}
+
+// Result represents the comparison result for a single node and
+// is provided by cmp when calling Result (see Reporter).
+type Result struct {
+	_     [0]func() // Make Result incomparable
+	flags resultFlags
+}
+
+// Equal reports whether the node was determined to be equal or not.
+// As a special case, ignored nodes are considered equal.
+func (r Result) Equal() bool {
+	return r.flags&(reportEqual|reportByIgnore) != 0
+}
+
+// ByIgnore reports whether the node is equal because it was ignored.
+// This never reports true if Equal reports false.
+func (r Result) ByIgnore() bool {
+	return r.flags&reportByIgnore != 0
+}
+
+// ByMethod reports whether the Equal method determined equality.
+func (r Result) ByMethod() bool {
+	return r.flags&reportByMethod != 0
+}
+
+// ByFunc reports whether a Comparer function determined equality.
+func (r Result) ByFunc() bool {
+	return r.flags&reportByFunc != 0
+}
+
+// ByCycle reports whether a reference cycle was detected.
+func (r Result) ByCycle() bool {
+	return r.flags&reportByCycle != 0
+}
+
+type resultFlags uint
+
+const (
+	_ resultFlags = (1 << iota) / 2
+
+	reportEqual
+	reportUnequal
+	reportByIgnore
+	reportByMethod
+	reportByFunc
+	reportByCycle
+)
+
+// Reporter is an Option that can be passed to Equal. When Equal traverses
+// the value trees, it calls PushStep as it descends into each node in the
+// tree and PopStep as it ascend out of the node. The leaves of the tree are
+// either compared (determined to be equal or not equal) or ignored and reported
+// as such by calling the Report method.
+func Reporter(r interface {
+	// PushStep is called when a tree-traversal operation is performed.
+	// The PathStep itself is only valid until the step is popped.
+	// The PathStep.Values are valid for the duration of the entire traversal
+	// and must not be mutated.
+	//
+	// Equal always calls PushStep at the start to provide an operation-less
+	// PathStep used to report the root values.
+	//
+	// Within a slice, the exact set of inserted, removed, or modified elements
+	// is unspecified and may change in future implementations.
+	// The entries of a map are iterated through in an unspecified order.
+	PushStep(PathStep)
+
+	// Report is called exactly once on leaf nodes to report whether the
+	// comparison identified the node as equal, unequal, or ignored.
+	// A leaf node is one that is immediately preceded by and followed by
+	// a pair of PushStep and PopStep calls.
+	Report(Result)
+
+	// PopStep ascends back up the value tree.
+	// There is always a matching pop call for every push call.
+	PopStep()
+}) Option {
+	return reporter{r}
+}
+
+type reporter struct{ reporterIface }
+type reporterIface interface {
+	PushStep(PathStep)
+	Report(Result)
+	PopStep()
+}
+
+func (reporter) filter(_ *state, _ reflect.Type, _, _ reflect.Value) applicableOption {
+	panic("not implemented")
+}
+
+// normalizeOption normalizes the input options such that all Options groups
+// are flattened and groups with a single element are reduced to that element.
+// Only coreOptions and Options containing coreOptions are allowed.
+func normalizeOption(src Option) Option {
+	switch opts := flattenOptions(nil, Options{src}); len(opts) {
+	case 0:
+		return nil
+	case 1:
+		return opts[0]
+	default:
+		return opts
+	}
+}
+
+// flattenOptions copies all options in src to dst as a flat list.
+// Only coreOptions and Options containing coreOptions are allowed.
+func flattenOptions(dst, src Options) Options {
+	for _, opt := range src {
+		switch opt := opt.(type) {
+		case nil:
+			continue
+		case Options:
+			dst = flattenOptions(dst, opt)
+		case coreOption:
+			dst = append(dst, opt)
+		default:
+			panic(fmt.Sprintf("invalid option type: %T", opt))
+		}
+	}
+	return dst
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/path.go b/vendor/github.com/google/go-cmp/cmp/path.go
new file mode 100644
index 000000000..c71003463
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/path.go
@@ -0,0 +1,378 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"github.com/google/go-cmp/cmp/internal/value"
+)
+
+// Path is a list of PathSteps describing the sequence of operations to get
+// from some root type to the current position in the value tree.
+// The first Path element is always an operation-less PathStep that exists
+// simply to identify the initial type.
+//
+// When traversing structs with embedded structs, the embedded struct will
+// always be accessed as a field before traversing the fields of the
+// embedded struct themselves. That is, an exported field from the
+// embedded struct will never be accessed directly from the parent struct.
+type Path []PathStep
+
+// PathStep is a union-type for specific operations to traverse
+// a value's tree structure. Users of this package never need to implement
+// these types as values of this type will be returned by this package.
+//
+// Implementations of this interface are
+// StructField, SliceIndex, MapIndex, Indirect, TypeAssertion, and Transform.
+type PathStep interface {
+	String() string
+
+	// Type is the resulting type after performing the path step.
+	Type() reflect.Type
+
+	// Values is the resulting values after performing the path step.
+	// The type of each valid value is guaranteed to be identical to Type.
+	//
+	// In some cases, one or both may be invalid or have restrictions:
+	//	• For StructField, both are not interface-able if the current field
+	//	is unexported and the struct type is not explicitly permitted by
+	//	an Exporter to traverse unexported fields.
+	//	• For SliceIndex, one may be invalid if an element is missing from
+	//	either the x or y slice.
+	//	• For MapIndex, one may be invalid if an entry is missing from
+	//	either the x or y map.
+	//
+	// The provided values must not be mutated.
+	Values() (vx, vy reflect.Value)
+}
+
+var (
+	_ PathStep = StructField{}
+	_ PathStep = SliceIndex{}
+	_ PathStep = MapIndex{}
+	_ PathStep = Indirect{}
+	_ PathStep = TypeAssertion{}
+	_ PathStep = Transform{}
+)
+
+func (pa *Path) push(s PathStep) {
+	*pa = append(*pa, s)
+}
+
+func (pa *Path) pop() {
+	*pa = (*pa)[:len(*pa)-1]
+}
+
+// Last returns the last PathStep in the Path.
+// If the path is empty, this returns a non-nil PathStep that reports a nil Type.
+func (pa Path) Last() PathStep {
+	return pa.Index(-1)
+}
+
+// Index returns the ith step in the Path and supports negative indexing.
+// A negative index starts counting from the tail of the Path such that -1
+// refers to the last step, -2 refers to the second-to-last step, and so on.
+// If index is invalid, this returns a non-nil PathStep that reports a nil Type.
+func (pa Path) Index(i int) PathStep {
+	if i < 0 {
+		i = len(pa) + i
+	}
+	if i < 0 || i >= len(pa) {
+		return pathStep{}
+	}
+	return pa[i]
+}
+
+// String returns the simplified path to a node.
+// The simplified path only contains struct field accesses.
+//
+// For example:
+//	MyMap.MySlices.MyField
+func (pa Path) String() string {
+	var ss []string
+	for _, s := range pa {
+		if _, ok := s.(StructField); ok {
+			ss = append(ss, s.String())
+		}
+	}
+	return strings.TrimPrefix(strings.Join(ss, ""), ".")
+}
+
+// GoString returns the path to a specific node using Go syntax.
+//
+// For example:
+//	(*root.MyMap["key"].(*mypkg.MyStruct).MySlices)[2][3].MyField
+func (pa Path) GoString() string {
+	var ssPre, ssPost []string
+	var numIndirect int
+	for i, s := range pa {
+		var nextStep PathStep
+		if i+1 < len(pa) {
+			nextStep = pa[i+1]
+		}
+		switch s := s.(type) {
+		case Indirect:
+			numIndirect++
+			pPre, pPost := "(", ")"
+			switch nextStep.(type) {
+			case Indirect:
+				continue // Next step is indirection, so let them batch up
+			case StructField:
+				numIndirect-- // Automatic indirection on struct fields
+			case nil:
+				pPre, pPost = "", "" // Last step; no need for parenthesis
+			}
+			if numIndirect > 0 {
+				ssPre = append(ssPre, pPre+strings.Repeat("*", numIndirect))
+				ssPost = append(ssPost, pPost)
+			}
+			numIndirect = 0
+			continue
+		case Transform:
+			ssPre = append(ssPre, s.trans.name+"(")
+			ssPost = append(ssPost, ")")
+			continue
+		}
+		ssPost = append(ssPost, s.String())
+	}
+	for i, j := 0, len(ssPre)-1; i < j; i, j = i+1, j-1 {
+		ssPre[i], ssPre[j] = ssPre[j], ssPre[i]
+	}
+	return strings.Join(ssPre, "") + strings.Join(ssPost, "")
+}
+
+type pathStep struct {
+	typ    reflect.Type
+	vx, vy reflect.Value
+}
+
+func (ps pathStep) Type() reflect.Type             { return ps.typ }
+func (ps pathStep) Values() (vx, vy reflect.Value) { return ps.vx, ps.vy }
+func (ps pathStep) String() string {
+	if ps.typ == nil {
+		return "<nil>"
+	}
+	s := ps.typ.String()
+	if s == "" || strings.ContainsAny(s, "{}\n") {
+		return "root" // Type too simple or complex to print
+	}
+	return fmt.Sprintf("{%s}", s)
+}
+
+// StructField represents a struct field access on a field called Name.
+type StructField struct{ *structField }
+type structField struct {
+	pathStep
+	name string
+	idx  int
+
+	// These fields are used for forcibly accessing an unexported field.
+	// pvx, pvy, and field are only valid if unexported is true.
+	unexported bool
+	mayForce   bool                // Forcibly allow visibility
+	paddr      bool                // Was parent addressable?
+	pvx, pvy   reflect.Value       // Parent values (always addressable)
+	field      reflect.StructField // Field information
+}
+
+func (sf StructField) Type() reflect.Type { return sf.typ }
+func (sf StructField) Values() (vx, vy reflect.Value) {
+	if !sf.unexported {
+		return sf.vx, sf.vy // CanInterface reports true
+	}
+
+	// Forcibly obtain read-write access to an unexported struct field.
+	if sf.mayForce {
+		vx = retrieveUnexportedField(sf.pvx, sf.field, sf.paddr)
+		vy = retrieveUnexportedField(sf.pvy, sf.field, sf.paddr)
+		return vx, vy // CanInterface reports true
+	}
+	return sf.vx, sf.vy // CanInterface reports false
+}
+func (sf StructField) String() string { return fmt.Sprintf(".%s", sf.name) }
+
+// Name is the field name.
+func (sf StructField) Name() string { return sf.name }
+
+// Index is the index of the field in the parent struct type.
+// See reflect.Type.Field.
+func (sf StructField) Index() int { return sf.idx }
+
+// SliceIndex is an index operation on a slice or array at some index Key.
+type SliceIndex struct{ *sliceIndex }
+type sliceIndex struct {
+	pathStep
+	xkey, ykey int
+	isSlice    bool // False for reflect.Array
+}
+
+func (si SliceIndex) Type() reflect.Type             { return si.typ }
+func (si SliceIndex) Values() (vx, vy reflect.Value) { return si.vx, si.vy }
+func (si SliceIndex) String() string {
+	switch {
+	case si.xkey == si.ykey:
+		return fmt.Sprintf("[%d]", si.xkey)
+	case si.ykey == -1:
+		// [5->?] means "I don't know where X[5] went"
+		return fmt.Sprintf("[%d->?]", si.xkey)
+	case si.xkey == -1:
+		// [?->3] means "I don't know where Y[3] came from"
+		return fmt.Sprintf("[?->%d]", si.ykey)
+	default:
+		// [5->3] means "X[5] moved to Y[3]"
+		return fmt.Sprintf("[%d->%d]", si.xkey, si.ykey)
+	}
+}
+
+// Key is the index key; it may return -1 if in a split state
+func (si SliceIndex) Key() int {
+	if si.xkey != si.ykey {
+		return -1
+	}
+	return si.xkey
+}
+
+// SplitKeys are the indexes for indexing into slices in the
+// x and y values, respectively. These indexes may differ due to the
+// insertion or removal of an element in one of the slices, causing
+// all of the indexes to be shifted. If an index is -1, then that
+// indicates that the element does not exist in the associated slice.
+//
+// Key is guaranteed to return -1 if and only if the indexes returned
+// by SplitKeys are not the same. SplitKeys will never return -1 for
+// both indexes.
+func (si SliceIndex) SplitKeys() (ix, iy int) { return si.xkey, si.ykey }
+
+// MapIndex is an index operation on a map at some index Key.
+type MapIndex struct{ *mapIndex }
+type mapIndex struct {
+	pathStep
+	key reflect.Value
+}
+
+func (mi MapIndex) Type() reflect.Type             { return mi.typ }
+func (mi MapIndex) Values() (vx, vy reflect.Value) { return mi.vx, mi.vy }
+func (mi MapIndex) String() string                 { return fmt.Sprintf("[%#v]", mi.key) }
+
+// Key is the value of the map key.
+func (mi MapIndex) Key() reflect.Value { return mi.key }
+
+// Indirect represents pointer indirection on the parent type.
+type Indirect struct{ *indirect }
+type indirect struct {
+	pathStep
+}
+
+func (in Indirect) Type() reflect.Type             { return in.typ }
+func (in Indirect) Values() (vx, vy reflect.Value) { return in.vx, in.vy }
+func (in Indirect) String() string                 { return "*" }
+
+// TypeAssertion represents a type assertion on an interface.
+type TypeAssertion struct{ *typeAssertion }
+type typeAssertion struct {
+	pathStep
+}
+
+func (ta TypeAssertion) Type() reflect.Type             { return ta.typ }
+func (ta TypeAssertion) Values() (vx, vy reflect.Value) { return ta.vx, ta.vy }
+func (ta TypeAssertion) String() string                 { return fmt.Sprintf(".(%v)", ta.typ) }
+
+// Transform is a transformation from the parent type to the current type.
+type Transform struct{ *transform }
+type transform struct {
+	pathStep
+	trans *transformer
+}
+
+func (tf Transform) Type() reflect.Type             { return tf.typ }
+func (tf Transform) Values() (vx, vy reflect.Value) { return tf.vx, tf.vy }
+func (tf Transform) String() string                 { return fmt.Sprintf("%s()", tf.trans.name) }
+
+// Name is the name of the Transformer.
+func (tf Transform) Name() string { return tf.trans.name }
+
+// Func is the function pointer to the transformer function.
+func (tf Transform) Func() reflect.Value { return tf.trans.fnc }
+
+// Option returns the originally constructed Transformer option.
+// The == operator can be used to detect the exact option used.
+func (tf Transform) Option() Option { return tf.trans }
+
+// pointerPath represents a dual-stack of pointers encountered when
+// recursively traversing the x and y values. This data structure supports
+// detection of cycles and determining whether the cycles are equal.
+// In Go, cycles can occur via pointers, slices, and maps.
+//
+// The pointerPath uses a map to represent a stack; where descension into a
+// pointer pushes the address onto the stack, and ascension from a pointer
+// pops the address from the stack. Thus, when traversing into a pointer from
+// reflect.Ptr, reflect.Slice element, or reflect.Map, we can detect cycles
+// by checking whether the pointer has already been visited. The cycle detection
+// uses a separate stack for the x and y values.
+//
+// If a cycle is detected we need to determine whether the two pointers
+// should be considered equal. The definition of equality chosen by Equal
+// requires two graphs to have the same structure. To determine this, both the
+// x and y values must have a cycle where the previous pointers were also
+// encountered together as a pair.
+//
+// Semantically, this is equivalent to augmenting Indirect, SliceIndex, and
+// MapIndex with pointer information for the x and y values.
+// Suppose px and py are two pointers to compare, we then search the
+// Path for whether px was ever encountered in the Path history of x, and
+// similarly so with py. If either side has a cycle, the comparison is only
+// equal if both px and py have a cycle resulting from the same PathStep.
+//
+// Using a map as a stack is more performant as we can perform cycle detection
+// in O(1) instead of O(N) where N is len(Path).
+type pointerPath struct {
+	// mx is keyed by x pointers, where the value is the associated y pointer.
+	mx map[value.Pointer]value.Pointer
+	// my is keyed by y pointers, where the value is the associated x pointer.
+	my map[value.Pointer]value.Pointer
+}
+
+func (p *pointerPath) Init() {
+	p.mx = make(map[value.Pointer]value.Pointer)
+	p.my = make(map[value.Pointer]value.Pointer)
+}
+
+// Push indicates intent to descend into pointers vx and vy where
+// visited reports whether either has been seen before. If visited before,
+// equal reports whether both pointers were encountered together.
+// Pop must be called if and only if the pointers were never visited.
+//
+// The pointers vx and vy must be a reflect.Ptr, reflect.Slice, or reflect.Map
+// and be non-nil.
+func (p pointerPath) Push(vx, vy reflect.Value) (equal, visited bool) {
+	px := value.PointerOf(vx)
+	py := value.PointerOf(vy)
+	_, ok1 := p.mx[px]
+	_, ok2 := p.my[py]
+	if ok1 || ok2 {
+		equal = p.mx[px] == py && p.my[py] == px // Pointers paired together
+		return equal, true
+	}
+	p.mx[px] = py
+	p.my[py] = px
+	return false, false
+}
+
+// Pop ascends from pointers vx and vy.
+func (p pointerPath) Pop(vx, vy reflect.Value) {
+	delete(p.mx, value.PointerOf(vx))
+	delete(p.my, value.PointerOf(vy))
+}
+
+// isExported reports whether the identifier is exported.
+func isExported(id string) bool {
+	r, _ := utf8.DecodeRuneInString(id)
+	return unicode.IsUpper(r)
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/report.go b/vendor/github.com/google/go-cmp/cmp/report.go
new file mode 100644
index 000000000..f43cd12eb
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/report.go
@@ -0,0 +1,54 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+// defaultReporter implements the reporter interface.
+//
+// As Equal serially calls the PushStep, Report, and PopStep methods, the
+// defaultReporter constructs a tree-based representation of the compared value
+// and the result of each comparison (see valueNode).
+//
+// When the String method is called, the FormatDiff method transforms the
+// valueNode tree into a textNode tree, which is a tree-based representation
+// of the textual output (see textNode).
+//
+// Lastly, the textNode.String method produces the final report as a string.
+type defaultReporter struct {
+	root *valueNode
+	curr *valueNode
+}
+
+func (r *defaultReporter) PushStep(ps PathStep) {
+	r.curr = r.curr.PushStep(ps)
+	if r.root == nil {
+		r.root = r.curr
+	}
+}
+func (r *defaultReporter) Report(rs Result) {
+	r.curr.Report(rs)
+}
+func (r *defaultReporter) PopStep() {
+	r.curr = r.curr.PopStep()
+}
+
+// String provides a full report of the differences detected as a structured
+// literal in pseudo-Go syntax. String may only be called after the entire tree
+// has been traversed.
+func (r *defaultReporter) String() string {
+	assert(r.root != nil && r.curr == nil)
+	if r.root.NumDiff == 0 {
+		return ""
+	}
+	ptrs := new(pointerReferences)
+	text := formatOptions{}.FormatDiff(r.root, ptrs)
+	resolveReferences(text)
+	return text.String()
+}
+
+func assert(ok bool) {
+	if !ok {
+		panic("assertion failure")
+	}
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/report_compare.go b/vendor/github.com/google/go-cmp/cmp/report_compare.go
new file mode 100644
index 000000000..1ef65ac1d
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/report_compare.go
@@ -0,0 +1,435 @@
+// Copyright 2019, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/google/go-cmp/cmp/internal/value"
+)
+
+// numContextRecords is the number of surrounding equal records to print.
+const numContextRecords = 2
+
+type diffMode byte
+
+const (
+	diffUnknown   diffMode = 0
+	diffIdentical diffMode = ' '
+	diffRemoved   diffMode = '-'
+	diffInserted  diffMode = '+'
+)
+
+type typeMode int
+
+const (
+	// emitType always prints the type.
+	emitType typeMode = iota
+	// elideType never prints the type.
+	elideType
+	// autoType prints the type only for composite kinds
+	// (i.e., structs, slices, arrays, and maps).
+	autoType
+)
+
+type formatOptions struct {
+	// DiffMode controls the output mode of FormatDiff.
+	//
+	// If diffUnknown,   then produce a diff of the x and y values.
+	// If diffIdentical, then emit values as if they were equal.
+	// If diffRemoved,   then only emit x values (ignoring y values).
+	// If diffInserted,  then only emit y values (ignoring x values).
+	DiffMode diffMode
+
+	// TypeMode controls whether to print the type for the current node.
+	//
+	// As a general rule of thumb, we always print the type of the next node
+	// after an interface, and always elide the type of the next node after
+	// a slice or map node.
+	TypeMode typeMode
+
+	// formatValueOptions are options specific to printing reflect.Values.
+	formatValueOptions
+}
+
+func (opts formatOptions) WithDiffMode(d diffMode) formatOptions {
+	opts.DiffMode = d
+	return opts
+}
+func (opts formatOptions) WithTypeMode(t typeMode) formatOptions {
+	opts.TypeMode = t
+	return opts
+}
+func (opts formatOptions) WithVerbosity(level int) formatOptions {
+	opts.VerbosityLevel = level
+	opts.LimitVerbosity = true
+	return opts
+}
+func (opts formatOptions) verbosity() uint {
+	switch {
+	case opts.VerbosityLevel < 0:
+		return 0
+	case opts.VerbosityLevel > 16:
+		return 16 // some reasonable maximum to avoid shift overflow
+	default:
+		return uint(opts.VerbosityLevel)
+	}
+}
+
+const maxVerbosityPreset = 6
+
+// verbosityPreset modifies the verbosity settings given an index
+// between 0 and maxVerbosityPreset, inclusive.
+func verbosityPreset(opts formatOptions, i int) formatOptions {
+	opts.VerbosityLevel = int(opts.verbosity()) + 2*i
+	if i > 0 {
+		opts.AvoidStringer = true
+	}
+	if i >= maxVerbosityPreset {
+		opts.PrintAddresses = true
+		opts.QualifiedNames = true
+	}
+	return opts
+}
+
+// FormatDiff converts a valueNode tree into a textNode tree, where the later
+// is a textual representation of the differences detected in the former.
+func (opts formatOptions) FormatDiff(v *valueNode, ptrs *pointerReferences) (out textNode) {
+	if opts.DiffMode == diffIdentical {
+		opts = opts.WithVerbosity(1)
+	} else if opts.verbosity() < 3 {
+		opts = opts.WithVerbosity(3)
+	}
+
+	// Check whether we have specialized formatting for this node.
+	// This is not necessary, but helpful for producing more readable outputs.
+	if opts.CanFormatDiffSlice(v) {
+		return opts.FormatDiffSlice(v)
+	}
+
+	var parentKind reflect.Kind
+	if v.parent != nil && v.parent.TransformerName == "" {
+		parentKind = v.parent.Type.Kind()
+	}
+
+	// For leaf nodes, format the value based on the reflect.Values alone.
+	// As a special case, treat equal []byte as a leaf nodes.
+	isBytes := v.Type.Kind() == reflect.Slice && v.Type.Elem() == reflect.TypeOf(byte(0))
+	isEqualBytes := isBytes && v.NumDiff+v.NumIgnored+v.NumTransformed == 0
+	if v.MaxDepth == 0 || isEqualBytes {
+		switch opts.DiffMode {
+		case diffUnknown, diffIdentical:
+			// Format Equal.
+			if v.NumDiff == 0 {
+				outx := opts.FormatValue(v.ValueX, parentKind, ptrs)
+				outy := opts.FormatValue(v.ValueY, parentKind, ptrs)
+				if v.NumIgnored > 0 && v.NumSame == 0 {
+					return textEllipsis
+				} else if outx.Len() < outy.Len() {
+					return outx
+				} else {
+					return outy
+				}
+			}
+
+			// Format unequal.
+			assert(opts.DiffMode == diffUnknown)
+			var list textList
+			outx := opts.WithTypeMode(elideType).FormatValue(v.ValueX, parentKind, ptrs)
+			outy := opts.WithTypeMode(elideType).FormatValue(v.ValueY, parentKind, ptrs)
+			for i := 0; i <= maxVerbosityPreset && outx != nil && outy != nil && outx.Equal(outy); i++ {
+				opts2 := verbosityPreset(opts, i).WithTypeMode(elideType)
+				outx = opts2.FormatValue(v.ValueX, parentKind, ptrs)
+				outy = opts2.FormatValue(v.ValueY, parentKind, ptrs)
+			}
+			if outx != nil {
+				list = append(list, textRecord{Diff: '-', Value: outx})
+			}
+			if outy != nil {
+				list = append(list, textRecord{Diff: '+', Value: outy})
+			}
+			return opts.WithTypeMode(emitType).FormatType(v.Type, list)
+		case diffRemoved:
+			return opts.FormatValue(v.ValueX, parentKind, ptrs)
+		case diffInserted:
+			return opts.FormatValue(v.ValueY, parentKind, ptrs)
+		default:
+			panic("invalid diff mode")
+		}
+	}
+
+	// Register slice element to support cycle detection.
+	if parentKind == reflect.Slice {
+		ptrRefs := ptrs.PushPair(v.ValueX, v.ValueY, opts.DiffMode, true)
+		defer ptrs.Pop()
+		defer func() { out = wrapTrunkReferences(ptrRefs, out) }()
+	}
+
+	// Descend into the child value node.
+	if v.TransformerName != "" {
+		out := opts.WithTypeMode(emitType).FormatDiff(v.Value, ptrs)
+		out = &textWrap{Prefix: "Inverse(" + v.TransformerName + ", ", Value: out, Suffix: ")"}
+		return opts.FormatType(v.Type, out)
+	} else {
+		switch k := v.Type.Kind(); k {
+		case reflect.Struct, reflect.Array, reflect.Slice:
+			out = opts.formatDiffList(v.Records, k, ptrs)
+			out = opts.FormatType(v.Type, out)
+		case reflect.Map:
+			// Register map to support cycle detection.
+			ptrRefs := ptrs.PushPair(v.ValueX, v.ValueY, opts.DiffMode, false)
+			defer ptrs.Pop()
+
+			out = opts.formatDiffList(v.Records, k, ptrs)
+			out = wrapTrunkReferences(ptrRefs, out)
+			out = opts.FormatType(v.Type, out)
+		case reflect.Ptr:
+			// Register pointer to support cycle detection.
+			ptrRefs := ptrs.PushPair(v.ValueX, v.ValueY, opts.DiffMode, false)
+			defer ptrs.Pop()
+
+			out = opts.FormatDiff(v.Value, ptrs)
+			out = wrapTrunkReferences(ptrRefs, out)
+			out = &textWrap{Prefix: "&", Value: out}
+		case reflect.Interface:
+			out = opts.WithTypeMode(emitType).FormatDiff(v.Value, ptrs)
+		default:
+			panic(fmt.Sprintf("%v cannot have children", k))
+		}
+		return out
+	}
+}
+
+func (opts formatOptions) formatDiffList(recs []reportRecord, k reflect.Kind, ptrs *pointerReferences) textNode {
+	// Derive record name based on the data structure kind.
+	var name string
+	var formatKey func(reflect.Value) string
+	switch k {
+	case reflect.Struct:
+		name = "field"
+		opts = opts.WithTypeMode(autoType)
+		formatKey = func(v reflect.Value) string { return v.String() }
+	case reflect.Slice, reflect.Array:
+		name = "element"
+		opts = opts.WithTypeMode(elideType)
+		formatKey = func(reflect.Value) string { return "" }
+	case reflect.Map:
+		name = "entry"
+		opts = opts.WithTypeMode(elideType)
+		formatKey = func(v reflect.Value) string { return formatMapKey(v, false, ptrs) }
+	}
+
+	maxLen := -1
+	if opts.LimitVerbosity {
+		if opts.DiffMode == diffIdentical {
+			maxLen = ((1 << opts.verbosity()) >> 1) << 2 // 0, 4, 8, 16, 32, etc...
+		} else {
+			maxLen = (1 << opts.verbosity()) << 1 // 2, 4, 8, 16, 32, 64, etc...
+		}
+		opts.VerbosityLevel--
+	}
+
+	// Handle unification.
+	switch opts.DiffMode {
+	case diffIdentical, diffRemoved, diffInserted:
+		var list textList
+		var deferredEllipsis bool // Add final "..." to indicate records were dropped
+		for _, r := range recs {
+			if len(list) == maxLen {
+				deferredEllipsis = true
+				break
+			}
+
+			// Elide struct fields that are zero value.
+			if k == reflect.Struct {
+				var isZero bool
+				switch opts.DiffMode {
+				case diffIdentical:
+					isZero = value.IsZero(r.Value.ValueX) || value.IsZero(r.Value.ValueY)
+				case diffRemoved:
+					isZero = value.IsZero(r.Value.ValueX)
+				case diffInserted:
+					isZero = value.IsZero(r.Value.ValueY)
+				}
+				if isZero {
+					continue
+				}
+			}
+			// Elide ignored nodes.
+			if r.Value.NumIgnored > 0 && r.Value.NumSame+r.Value.NumDiff == 0 {
+				deferredEllipsis = !(k == reflect.Slice || k == reflect.Array)
+				if !deferredEllipsis {
+					list.AppendEllipsis(diffStats{})
+				}
+				continue
+			}
+			if out := opts.FormatDiff(r.Value, ptrs); out != nil {
+				list = append(list, textRecord{Key: formatKey(r.Key), Value: out})
+			}
+		}
+		if deferredEllipsis {
+			list.AppendEllipsis(diffStats{})
+		}
+		return &textWrap{Prefix: "{", Value: list, Suffix: "}"}
+	case diffUnknown:
+	default:
+		panic("invalid diff mode")
+	}
+
+	// Handle differencing.
+	var numDiffs int
+	var list textList
+	var keys []reflect.Value // invariant: len(list) == len(keys)
+	groups := coalesceAdjacentRecords(name, recs)
+	maxGroup := diffStats{Name: name}
+	for i, ds := range groups {
+		if maxLen >= 0 && numDiffs >= maxLen {
+			maxGroup = maxGroup.Append(ds)
+			continue
+		}
+
+		// Handle equal records.
+		if ds.NumDiff() == 0 {
+			// Compute the number of leading and trailing records to print.
+			var numLo, numHi int
+			numEqual := ds.NumIgnored + ds.NumIdentical
+			for numLo < numContextRecords && numLo+numHi < numEqual && i != 0 {
+				if r := recs[numLo].Value; r.NumIgnored > 0 && r.NumSame+r.NumDiff == 0 {
+					break
+				}
+				numLo++
+			}
+			for numHi < numContextRecords && numLo+numHi < numEqual && i != len(groups)-1 {
+				if r := recs[numEqual-numHi-1].Value; r.NumIgnored > 0 && r.NumSame+r.NumDiff == 0 {
+					break
+				}
+				numHi++
+			}
+			if numEqual-(numLo+numHi) == 1 && ds.NumIgnored == 0 {
+				numHi++ // Avoid pointless coalescing of a single equal record
+			}
+
+			// Format the equal values.
+			for _, r := range recs[:numLo] {
+				out := opts.WithDiffMode(diffIdentical).FormatDiff(r.Value, ptrs)
+				list = append(list, textRecord{Key: formatKey(r.Key), Value: out})
+				keys = append(keys, r.Key)
+			}
+			if numEqual > numLo+numHi {
+				ds.NumIdentical -= numLo + numHi
+				list.AppendEllipsis(ds)
+				for len(keys) < len(list) {
+					keys = append(keys, reflect.Value{})
+				}
+			}
+			for _, r := range recs[numEqual-numHi : numEqual] {
+				out := opts.WithDiffMode(diffIdentical).FormatDiff(r.Value, ptrs)
+				list = append(list, textRecord{Key: formatKey(r.Key), Value: out})
+				keys = append(keys, r.Key)
+			}
+			recs = recs[numEqual:]
+			continue
+		}
+
+		// Handle unequal records.
+		for _, r := range recs[:ds.NumDiff()] {
+			switch {
+			case opts.CanFormatDiffSlice(r.Value):
+				out := opts.FormatDiffSlice(r.Value)
+				list = append(list, textRecord{Key: formatKey(r.Key), Value: out})
+				keys = append(keys, r.Key)
+			case r.Value.NumChildren == r.Value.MaxDepth:
+				outx := opts.WithDiffMode(diffRemoved).FormatDiff(r.Value, ptrs)
+				outy := opts.WithDiffMode(diffInserted).FormatDiff(r.Value, ptrs)
+				for i := 0; i <= maxVerbosityPreset && outx != nil && outy != nil && outx.Equal(outy); i++ {
+					opts2 := verbosityPreset(opts, i)
+					outx = opts2.WithDiffMode(diffRemoved).FormatDiff(r.Value, ptrs)
+					outy = opts2.WithDiffMode(diffInserted).FormatDiff(r.Value, ptrs)
+				}
+				if outx != nil {
+					list = append(list, textRecord{Diff: diffRemoved, Key: formatKey(r.Key), Value: outx})
+					keys = append(keys, r.Key)
+				}
+				if outy != nil {
+					list = append(list, textRecord{Diff: diffInserted, Key: formatKey(r.Key), Value: outy})
+					keys = append(keys, r.Key)
+				}
+			default:
+				out := opts.FormatDiff(r.Value, ptrs)
+				list = append(list, textRecord{Key: formatKey(r.Key), Value: out})
+				keys = append(keys, r.Key)
+			}
+		}
+		recs = recs[ds.NumDiff():]
+		numDiffs += ds.NumDiff()
+	}
+	if maxGroup.IsZero() {
+		assert(len(recs) == 0)
+	} else {
+		list.AppendEllipsis(maxGroup)
+		for len(keys) < len(list) {
+			keys = append(keys, reflect.Value{})
+		}
+	}
+	assert(len(list) == len(keys))
+
+	// For maps, the default formatting logic uses fmt.Stringer which may
+	// produce ambiguous output. Avoid calling String to disambiguate.
+	if k == reflect.Map {
+		var ambiguous bool
+		seenKeys := map[string]reflect.Value{}
+		for i, currKey := range keys {
+			if currKey.IsValid() {
+				strKey := list[i].Key
+				prevKey, seen := seenKeys[strKey]
+				if seen && prevKey.CanInterface() && currKey.CanInterface() {
+					ambiguous = prevKey.Interface() != currKey.Interface()
+					if ambiguous {
+						break
+					}
+				}
+				seenKeys[strKey] = currKey
+			}
+		}
+		if ambiguous {
+			for i, k := range keys {
+				if k.IsValid() {
+					list[i].Key = formatMapKey(k, true, ptrs)
+				}
+			}
+		}
+	}
+
+	return &textWrap{Prefix: "{", Value: list, Suffix: "}"}
+}
+
+// coalesceAdjacentRecords coalesces the list of records into groups of
+// adjacent equal, or unequal counts.
+func coalesceAdjacentRecords(name string, recs []reportRecord) (groups []diffStats) {
+	var prevCase int // Arbitrary index into which case last occurred
+	lastStats := func(i int) *diffStats {
+		if prevCase != i {
+			groups = append(groups, diffStats{Name: name})
+			prevCase = i
+		}
+		return &groups[len(groups)-1]
+	}
+	for _, r := range recs {
+		switch rv := r.Value; {
+		case rv.NumIgnored > 0 && rv.NumSame+rv.NumDiff == 0:
+			lastStats(1).NumIgnored++
+		case rv.NumDiff == 0:
+			lastStats(1).NumIdentical++
+		case rv.NumDiff > 0 && !rv.ValueY.IsValid():
+			lastStats(2).NumRemoved++
+		case rv.NumDiff > 0 && !rv.ValueX.IsValid():
+			lastStats(2).NumInserted++
+		default:
+			lastStats(2).NumModified++
+		}
+	}
+	return groups
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/report_references.go b/vendor/github.com/google/go-cmp/cmp/report_references.go
new file mode 100644
index 000000000..be31b33a9
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/report_references.go
@@ -0,0 +1,264 @@
+// Copyright 2020, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/google/go-cmp/cmp/internal/flags"
+	"github.com/google/go-cmp/cmp/internal/value"
+)
+
+const (
+	pointerDelimPrefix = "⟪"
+	pointerDelimSuffix = "⟫"
+)
+
+// formatPointer prints the address of the pointer.
+func formatPointer(p value.Pointer, withDelims bool) string {
+	v := p.Uintptr()
+	if flags.Deterministic {
+		v = 0xdeadf00f // Only used for stable testing purposes
+	}
+	if withDelims {
+		return pointerDelimPrefix + formatHex(uint64(v)) + pointerDelimSuffix
+	}
+	return formatHex(uint64(v))
+}
+
+// pointerReferences is a stack of pointers visited so far.
+type pointerReferences [][2]value.Pointer
+
+func (ps *pointerReferences) PushPair(vx, vy reflect.Value, d diffMode, deref bool) (pp [2]value.Pointer) {
+	if deref && vx.IsValid() {
+		vx = vx.Addr()
+	}
+	if deref && vy.IsValid() {
+		vy = vy.Addr()
+	}
+	switch d {
+	case diffUnknown, diffIdentical:
+		pp = [2]value.Pointer{value.PointerOf(vx), value.PointerOf(vy)}
+	case diffRemoved:
+		pp = [2]value.Pointer{value.PointerOf(vx), value.Pointer{}}
+	case diffInserted:
+		pp = [2]value.Pointer{value.Pointer{}, value.PointerOf(vy)}
+	}
+	*ps = append(*ps, pp)
+	return pp
+}
+
+func (ps *pointerReferences) Push(v reflect.Value) (p value.Pointer, seen bool) {
+	p = value.PointerOf(v)
+	for _, pp := range *ps {
+		if p == pp[0] || p == pp[1] {
+			return p, true
+		}
+	}
+	*ps = append(*ps, [2]value.Pointer{p, p})
+	return p, false
+}
+
+func (ps *pointerReferences) Pop() {
+	*ps = (*ps)[:len(*ps)-1]
+}
+
+// trunkReferences is metadata for a textNode indicating that the sub-tree
+// represents the value for either pointer in a pair of references.
+type trunkReferences struct{ pp [2]value.Pointer }
+
+// trunkReference is metadata for a textNode indicating that the sub-tree
+// represents the value for the given pointer reference.
+type trunkReference struct{ p value.Pointer }
+
+// leafReference is metadata for a textNode indicating that the value is
+// truncated as it refers to another part of the tree (i.e., a trunk).
+type leafReference struct{ p value.Pointer }
+
+func wrapTrunkReferences(pp [2]value.Pointer, s textNode) textNode {
+	switch {
+	case pp[0].IsNil():
+		return &textWrap{Value: s, Metadata: trunkReference{pp[1]}}
+	case pp[1].IsNil():
+		return &textWrap{Value: s, Metadata: trunkReference{pp[0]}}
+	case pp[0] == pp[1]:
+		return &textWrap{Value: s, Metadata: trunkReference{pp[0]}}
+	default:
+		return &textWrap{Value: s, Metadata: trunkReferences{pp}}
+	}
+}
+func wrapTrunkReference(p value.Pointer, printAddress bool, s textNode) textNode {
+	var prefix string
+	if printAddress {
+		prefix = formatPointer(p, true)
+	}
+	return &textWrap{Prefix: prefix, Value: s, Metadata: trunkReference{p}}
+}
+func makeLeafReference(p value.Pointer, printAddress bool) textNode {
+	out := &textWrap{Prefix: "(", Value: textEllipsis, Suffix: ")"}
+	var prefix string
+	if printAddress {
+		prefix = formatPointer(p, true)
+	}
+	return &textWrap{Prefix: prefix, Value: out, Metadata: leafReference{p}}
+}
+
+// resolveReferences walks the textNode tree searching for any leaf reference
+// metadata and resolves each against the corresponding trunk references.
+// Since pointer addresses in memory are not particularly readable to the user,
+// it replaces each pointer value with an arbitrary and unique reference ID.
+func resolveReferences(s textNode) {
+	var walkNodes func(textNode, func(textNode))
+	walkNodes = func(s textNode, f func(textNode)) {
+		f(s)
+		switch s := s.(type) {
+		case *textWrap:
+			walkNodes(s.Value, f)
+		case textList:
+			for _, r := range s {
+				walkNodes(r.Value, f)
+			}
+		}
+	}
+
+	// Collect all trunks and leaves with reference metadata.
+	var trunks, leaves []*textWrap
+	walkNodes(s, func(s textNode) {
+		if s, ok := s.(*textWrap); ok {
+			switch s.Metadata.(type) {
+			case leafReference:
+				leaves = append(leaves, s)
+			case trunkReference, trunkReferences:
+				trunks = append(trunks, s)
+			}
+		}
+	})
+
+	// No leaf references to resolve.
+	if len(leaves) == 0 {
+		return
+	}
+
+	// Collect the set of all leaf references to resolve.
+	leafPtrs := make(map[value.Pointer]bool)
+	for _, leaf := range leaves {
+		leafPtrs[leaf.Metadata.(leafReference).p] = true
+	}
+
+	// Collect the set of trunk pointers that are always paired together.
+	// This allows us to assign a single ID to both pointers for brevity.
+	// If a pointer in a pair ever occurs by itself or as a different pair,
+	// then the pair is broken.
+	pairedTrunkPtrs := make(map[value.Pointer]value.Pointer)
+	unpair := func(p value.Pointer) {
+		if !pairedTrunkPtrs[p].IsNil() {
+			pairedTrunkPtrs[pairedTrunkPtrs[p]] = value.Pointer{} // invalidate other half
+		}
+		pairedTrunkPtrs[p] = value.Pointer{} // invalidate this half
+	}
+	for _, trunk := range trunks {
+		switch p := trunk.Metadata.(type) {
+		case trunkReference:
+			unpair(p.p) // standalone pointer cannot be part of a pair
+		case trunkReferences:
+			p0, ok0 := pairedTrunkPtrs[p.pp[0]]
+			p1, ok1 := pairedTrunkPtrs[p.pp[1]]
+			switch {
+			case !ok0 && !ok1:
+				// Register the newly seen pair.
+				pairedTrunkPtrs[p.pp[0]] = p.pp[1]
+				pairedTrunkPtrs[p.pp[1]] = p.pp[0]
+			case ok0 && ok1 && p0 == p.pp[1] && p1 == p.pp[0]:
+				// Exact pair already seen; do nothing.
+			default:
+				// Pair conflicts with some other pair; break all pairs.
+				unpair(p.pp[0])
+				unpair(p.pp[1])
+			}
+		}
+	}
+
+	// Correlate each pointer referenced by leaves to a unique identifier,
+	// and print the IDs for each trunk that matches those pointers.
+	var nextID uint
+	ptrIDs := make(map[value.Pointer]uint)
+	newID := func() uint {
+		id := nextID
+		nextID++
+		return id
+	}
+	for _, trunk := range trunks {
+		switch p := trunk.Metadata.(type) {
+		case trunkReference:
+			if print := leafPtrs[p.p]; print {
+				id, ok := ptrIDs[p.p]
+				if !ok {
+					id = newID()
+					ptrIDs[p.p] = id
+				}
+				trunk.Prefix = updateReferencePrefix(trunk.Prefix, formatReference(id))
+			}
+		case trunkReferences:
+			print0 := leafPtrs[p.pp[0]]
+			print1 := leafPtrs[p.pp[1]]
+			if print0 || print1 {
+				id0, ok0 := ptrIDs[p.pp[0]]
+				id1, ok1 := ptrIDs[p.pp[1]]
+				isPair := pairedTrunkPtrs[p.pp[0]] == p.pp[1] && pairedTrunkPtrs[p.pp[1]] == p.pp[0]
+				if isPair {
+					var id uint
+					assert(ok0 == ok1) // must be seen together or not at all
+					if ok0 {
+						assert(id0 == id1) // must have the same ID
+						id = id0
+					} else {
+						id = newID()
+						ptrIDs[p.pp[0]] = id
+						ptrIDs[p.pp[1]] = id
+					}
+					trunk.Prefix = updateReferencePrefix(trunk.Prefix, formatReference(id))
+				} else {
+					if print0 && !ok0 {
+						id0 = newID()
+						ptrIDs[p.pp[0]] = id0
+					}
+					if print1 && !ok1 {
+						id1 = newID()
+						ptrIDs[p.pp[1]] = id1
+					}
+					switch {
+					case print0 && print1:
+						trunk.Prefix = updateReferencePrefix(trunk.Prefix, formatReference(id0)+","+formatReference(id1))
+					case print0:
+						trunk.Prefix = updateReferencePrefix(trunk.Prefix, formatReference(id0))
+					case print1:
+						trunk.Prefix = updateReferencePrefix(trunk.Prefix, formatReference(id1))
+					}
+				}
+			}
+		}
+	}
+
+	// Update all leaf references with the unique identifier.
+	for _, leaf := range leaves {
+		if id, ok := ptrIDs[leaf.Metadata.(leafReference).p]; ok {
+			leaf.Prefix = updateReferencePrefix(leaf.Prefix, formatReference(id))
+		}
+	}
+}
+
+func formatReference(id uint) string {
+	return fmt.Sprintf("ref#%d", id)
+}
+
+func updateReferencePrefix(prefix, ref string) string {
+	if prefix == "" {
+		return pointerDelimPrefix + ref + pointerDelimSuffix
+	}
+	suffix := strings.TrimPrefix(prefix, pointerDelimPrefix)
+	return pointerDelimPrefix + ref + ": " + suffix
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/report_reflect.go b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
new file mode 100644
index 000000000..287b89358
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
@@ -0,0 +1,407 @@
+// Copyright 2019, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"github.com/google/go-cmp/cmp/internal/value"
+)
+
+type formatValueOptions struct {
+	// AvoidStringer controls whether to avoid calling custom stringer
+	// methods like error.Error or fmt.Stringer.String.
+	AvoidStringer bool
+
+	// PrintAddresses controls whether to print the address of all pointers,
+	// slice elements, and maps.
+	PrintAddresses bool
+
+	// QualifiedNames controls whether FormatType uses the fully qualified name
+	// (including the full package path as opposed to just the package name).
+	QualifiedNames bool
+
+	// VerbosityLevel controls the amount of output to produce.
+	// A higher value produces more output. A value of zero or lower produces
+	// no output (represented using an ellipsis).
+	// If LimitVerbosity is false, then the level is treated as infinite.
+	VerbosityLevel int
+
+	// LimitVerbosity specifies that formatting should respect VerbosityLevel.
+	LimitVerbosity bool
+}
+
+// FormatType prints the type as if it were wrapping s.
+// This may return s as-is depending on the current type and TypeMode mode.
+func (opts formatOptions) FormatType(t reflect.Type, s textNode) textNode {
+	// Check whether to emit the type or not.
+	switch opts.TypeMode {
+	case autoType:
+		switch t.Kind() {
+		case reflect.Struct, reflect.Slice, reflect.Array, reflect.Map:
+			if s.Equal(textNil) {
+				return s
+			}
+		default:
+			return s
+		}
+		if opts.DiffMode == diffIdentical {
+			return s // elide type for identical nodes
+		}
+	case elideType:
+		return s
+	}
+
+	// Determine the type label, applying special handling for unnamed types.
+	typeName := value.TypeString(t, opts.QualifiedNames)
+	if t.Name() == "" {
+		// According to Go grammar, certain type literals contain symbols that
+		// do not strongly bind to the next lexicographical token (e.g., *T).
+		switch t.Kind() {
+		case reflect.Chan, reflect.Func, reflect.Ptr:
+			typeName = "(" + typeName + ")"
+		}
+	}
+	return &textWrap{Prefix: typeName, Value: wrapParens(s)}
+}
+
+// wrapParens wraps s with a set of parenthesis, but avoids it if the
+// wrapped node itself is already surrounded by a pair of parenthesis or braces.
+// It handles unwrapping one level of pointer-reference nodes.
+func wrapParens(s textNode) textNode {
+	var refNode *textWrap
+	if s2, ok := s.(*textWrap); ok {
+		// Unwrap a single pointer reference node.
+		switch s2.Metadata.(type) {
+		case leafReference, trunkReference, trunkReferences:
+			refNode = s2
+			if s3, ok := refNode.Value.(*textWrap); ok {
+				s2 = s3
+			}
+		}
+
+		// Already has delimiters that make parenthesis unnecessary.
+		hasParens := strings.HasPrefix(s2.Prefix, "(") && strings.HasSuffix(s2.Suffix, ")")
+		hasBraces := strings.HasPrefix(s2.Prefix, "{") && strings.HasSuffix(s2.Suffix, "}")
+		if hasParens || hasBraces {
+			return s
+		}
+	}
+	if refNode != nil {
+		refNode.Value = &textWrap{Prefix: "(", Value: refNode.Value, Suffix: ")"}
+		return s
+	}
+	return &textWrap{Prefix: "(", Value: s, Suffix: ")"}
+}
+
+// FormatValue prints the reflect.Value, taking extra care to avoid descending
+// into pointers already in ptrs. As pointers are visited, ptrs is also updated.
+func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind, ptrs *pointerReferences) (out textNode) {
+	if !v.IsValid() {
+		return nil
+	}
+	t := v.Type()
+
+	// Check slice element for cycles.
+	if parentKind == reflect.Slice {
+		ptrRef, visited := ptrs.Push(v.Addr())
+		if visited {
+			return makeLeafReference(ptrRef, false)
+		}
+		defer ptrs.Pop()
+		defer func() { out = wrapTrunkReference(ptrRef, false, out) }()
+	}
+
+	// Check whether there is an Error or String method to call.
+	if !opts.AvoidStringer && v.CanInterface() {
+		// Avoid calling Error or String methods on nil receivers since many
+		// implementations crash when doing so.
+		if (t.Kind() != reflect.Ptr && t.Kind() != reflect.Interface) || !v.IsNil() {
+			var prefix, strVal string
+			func() {
+				// Swallow and ignore any panics from String or Error.
+				defer func() { recover() }()
+				switch v := v.Interface().(type) {
+				case error:
+					strVal = v.Error()
+					prefix = "e"
+				case fmt.Stringer:
+					strVal = v.String()
+					prefix = "s"
+				}
+			}()
+			if prefix != "" {
+				return opts.formatString(prefix, strVal)
+			}
+		}
+	}
+
+	// Check whether to explicitly wrap the result with the type.
+	var skipType bool
+	defer func() {
+		if !skipType {
+			out = opts.FormatType(t, out)
+		}
+	}()
+
+	switch t.Kind() {
+	case reflect.Bool:
+		return textLine(fmt.Sprint(v.Bool()))
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return textLine(fmt.Sprint(v.Int()))
+	case reflect.Uint, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		return textLine(fmt.Sprint(v.Uint()))
+	case reflect.Uint8:
+		if parentKind == reflect.Slice || parentKind == reflect.Array {
+			return textLine(formatHex(v.Uint()))
+		}
+		return textLine(fmt.Sprint(v.Uint()))
+	case reflect.Uintptr:
+		return textLine(formatHex(v.Uint()))
+	case reflect.Float32, reflect.Float64:
+		return textLine(fmt.Sprint(v.Float()))
+	case reflect.Complex64, reflect.Complex128:
+		return textLine(fmt.Sprint(v.Complex()))
+	case reflect.String:
+		return opts.formatString("", v.String())
+	case reflect.UnsafePointer, reflect.Chan, reflect.Func:
+		return textLine(formatPointer(value.PointerOf(v), true))
+	case reflect.Struct:
+		var list textList
+		v := makeAddressable(v) // needed for retrieveUnexportedField
+		maxLen := v.NumField()
+		if opts.LimitVerbosity {
+			maxLen = ((1 << opts.verbosity()) >> 1) << 2 // 0, 4, 8, 16, 32, etc...
+			opts.VerbosityLevel--
+		}
+		for i := 0; i < v.NumField(); i++ {
+			vv := v.Field(i)
+			if value.IsZero(vv) {
+				continue // Elide fields with zero values
+			}
+			if len(list) == maxLen {
+				list.AppendEllipsis(diffStats{})
+				break
+			}
+			sf := t.Field(i)
+			if supportExporters && !isExported(sf.Name) {
+				vv = retrieveUnexportedField(v, sf, true)
+			}
+			s := opts.WithTypeMode(autoType).FormatValue(vv, t.Kind(), ptrs)
+			list = append(list, textRecord{Key: sf.Name, Value: s})
+		}
+		return &textWrap{Prefix: "{", Value: list, Suffix: "}"}
+	case reflect.Slice:
+		if v.IsNil() {
+			return textNil
+		}
+
+		// Check whether this is a []byte of text data.
+		if t.Elem() == reflect.TypeOf(byte(0)) {
+			b := v.Bytes()
+			isPrintSpace := func(r rune) bool { return unicode.IsPrint(r) || unicode.IsSpace(r) }
+			if len(b) > 0 && utf8.Valid(b) && len(bytes.TrimFunc(b, isPrintSpace)) == 0 {
+				out = opts.formatString("", string(b))
+				skipType = true
+				return opts.FormatType(t, out)
+			}
+		}
+
+		fallthrough
+	case reflect.Array:
+		maxLen := v.Len()
+		if opts.LimitVerbosity {
+			maxLen = ((1 << opts.verbosity()) >> 1) << 2 // 0, 4, 8, 16, 32, etc...
+			opts.VerbosityLevel--
+		}
+		var list textList
+		for i := 0; i < v.Len(); i++ {
+			if len(list) == maxLen {
+				list.AppendEllipsis(diffStats{})
+				break
+			}
+			s := opts.WithTypeMode(elideType).FormatValue(v.Index(i), t.Kind(), ptrs)
+			list = append(list, textRecord{Value: s})
+		}
+
+		out = &textWrap{Prefix: "{", Value: list, Suffix: "}"}
+		if t.Kind() == reflect.Slice && opts.PrintAddresses {
+			header := fmt.Sprintf("ptr:%v, len:%d, cap:%d", formatPointer(value.PointerOf(v), false), v.Len(), v.Cap())
+			out = &textWrap{Prefix: pointerDelimPrefix + header + pointerDelimSuffix, Value: out}
+		}
+		return out
+	case reflect.Map:
+		if v.IsNil() {
+			return textNil
+		}
+
+		// Check pointer for cycles.
+		ptrRef, visited := ptrs.Push(v)
+		if visited {
+			return makeLeafReference(ptrRef, opts.PrintAddresses)
+		}
+		defer ptrs.Pop()
+
+		maxLen := v.Len()
+		if opts.LimitVerbosity {
+			maxLen = ((1 << opts.verbosity()) >> 1) << 2 // 0, 4, 8, 16, 32, etc...
+			opts.VerbosityLevel--
+		}
+		var list textList
+		for _, k := range value.SortKeys(v.MapKeys()) {
+			if len(list) == maxLen {
+				list.AppendEllipsis(diffStats{})
+				break
+			}
+			sk := formatMapKey(k, false, ptrs)
+			sv := opts.WithTypeMode(elideType).FormatValue(v.MapIndex(k), t.Kind(), ptrs)
+			list = append(list, textRecord{Key: sk, Value: sv})
+		}
+
+		out = &textWrap{Prefix: "{", Value: list, Suffix: "}"}
+		out = wrapTrunkReference(ptrRef, opts.PrintAddresses, out)
+		return out
+	case reflect.Ptr:
+		if v.IsNil() {
+			return textNil
+		}
+
+		// Check pointer for cycles.
+		ptrRef, visited := ptrs.Push(v)
+		if visited {
+			out = makeLeafReference(ptrRef, opts.PrintAddresses)
+			return &textWrap{Prefix: "&", Value: out}
+		}
+		defer ptrs.Pop()
+
+		// Skip the name only if this is an unnamed pointer type.
+		// Otherwise taking the address of a value does not reproduce
+		// the named pointer type.
+		if v.Type().Name() == "" {
+			skipType = true // Let the underlying value print the type instead
+		}
+		out = opts.FormatValue(v.Elem(), t.Kind(), ptrs)
+		out = wrapTrunkReference(ptrRef, opts.PrintAddresses, out)
+		out = &textWrap{Prefix: "&", Value: out}
+		return out
+	case reflect.Interface:
+		if v.IsNil() {
+			return textNil
+		}
+		// Interfaces accept different concrete types,
+		// so configure the underlying value to explicitly print the type.
+		return opts.WithTypeMode(emitType).FormatValue(v.Elem(), t.Kind(), ptrs)
+	default:
+		panic(fmt.Sprintf("%v kind not handled", v.Kind()))
+	}
+}
+
+func (opts formatOptions) formatString(prefix, s string) textNode {
+	maxLen := len(s)
+	maxLines := strings.Count(s, "\n") + 1
+	if opts.LimitVerbosity {
+		maxLen = (1 << opts.verbosity()) << 5   // 32, 64, 128, 256, etc...
+		maxLines = (1 << opts.verbosity()) << 2 //  4, 8, 16, 32, 64, etc...
+	}
+
+	// For multiline strings, use the triple-quote syntax,
+	// but only use it when printing removed or inserted nodes since
+	// we only want the extra verbosity for those cases.
+	lines := strings.Split(strings.TrimSuffix(s, "\n"), "\n")
+	isTripleQuoted := len(lines) >= 4 && (opts.DiffMode == '-' || opts.DiffMode == '+')
+	for i := 0; i < len(lines) && isTripleQuoted; i++ {
+		lines[i] = strings.TrimPrefix(strings.TrimSuffix(lines[i], "\r"), "\r") // trim leading/trailing carriage returns for legacy Windows endline support
+		isPrintable := func(r rune) bool {
+			return unicode.IsPrint(r) || r == '\t' // specially treat tab as printable
+		}
+		line := lines[i]
+		isTripleQuoted = !strings.HasPrefix(strings.TrimPrefix(line, prefix), `"""`) && !strings.HasPrefix(line, "...") && strings.TrimFunc(line, isPrintable) == "" && len(line) <= maxLen
+	}
+	if isTripleQuoted {
+		var list textList
+		list = append(list, textRecord{Diff: opts.DiffMode, Value: textLine(prefix + `"""`), ElideComma: true})
+		for i, line := range lines {
+			if numElided := len(lines) - i; i == maxLines-1 && numElided > 1 {
+				comment := commentString(fmt.Sprintf("%d elided lines", numElided))
+				list = append(list, textRecord{Diff: opts.DiffMode, Value: textEllipsis, ElideComma: true, Comment: comment})
+				break
+			}
+			list = append(list, textRecord{Diff: opts.DiffMode, Value: textLine(line), ElideComma: true})
+		}
+		list = append(list, textRecord{Diff: opts.DiffMode, Value: textLine(prefix + `"""`), ElideComma: true})
+		return &textWrap{Prefix: "(", Value: list, Suffix: ")"}
+	}
+
+	// Format the string as a single-line quoted string.
+	if len(s) > maxLen+len(textEllipsis) {
+		return textLine(prefix + formatString(s[:maxLen]) + string(textEllipsis))
+	}
+	return textLine(prefix + formatString(s))
+}
+
+// formatMapKey formats v as if it were a map key.
+// The result is guaranteed to be a single line.
+func formatMapKey(v reflect.Value, disambiguate bool, ptrs *pointerReferences) string {
+	var opts formatOptions
+	opts.DiffMode = diffIdentical
+	opts.TypeMode = elideType
+	opts.PrintAddresses = disambiguate
+	opts.AvoidStringer = disambiguate
+	opts.QualifiedNames = disambiguate
+	opts.VerbosityLevel = maxVerbosityPreset
+	opts.LimitVerbosity = true
+	s := opts.FormatValue(v, reflect.Map, ptrs).String()
+	return strings.TrimSpace(s)
+}
+
+// formatString prints s as a double-quoted or backtick-quoted string.
+func formatString(s string) string {
+	// Use quoted string if it the same length as a raw string literal.
+	// Otherwise, attempt to use the raw string form.
+	qs := strconv.Quote(s)
+	if len(qs) == 1+len(s)+1 {
+		return qs
+	}
+
+	// Disallow newlines to ensure output is a single line.
+	// Only allow printable runes for readability purposes.
+	rawInvalid := func(r rune) bool {
+		return r == '`' || r == '\n' || !(unicode.IsPrint(r) || r == '\t')
+	}
+	if utf8.ValidString(s) && strings.IndexFunc(s, rawInvalid) < 0 {
+		return "`" + s + "`"
+	}
+	return qs
+}
+
+// formatHex prints u as a hexadecimal integer in Go notation.
+func formatHex(u uint64) string {
+	var f string
+	switch {
+	case u <= 0xff:
+		f = "0x%02x"
+	case u <= 0xffff:
+		f = "0x%04x"
+	case u <= 0xffffff:
+		f = "0x%06x"
+	case u <= 0xffffffff:
+		f = "0x%08x"
+	case u <= 0xffffffffff:
+		f = "0x%010x"
+	case u <= 0xffffffffffff:
+		f = "0x%012x"
+	case u <= 0xffffffffffffff:
+		f = "0x%014x"
+	case u <= 0xffffffffffffffff:
+		f = "0x%016x"
+	}
+	return fmt.Sprintf(f, u)
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/report_slices.go b/vendor/github.com/google/go-cmp/cmp/report_slices.go
new file mode 100644
index 000000000..68b5c1ae1
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/report_slices.go
@@ -0,0 +1,613 @@
+// Copyright 2019, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+	"bytes"
+	"fmt"
+	"math"
+	"reflect"
+	"strconv"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"github.com/google/go-cmp/cmp/internal/diff"
+)
+
+// CanFormatDiffSlice reports whether we support custom formatting for nodes
+// that are slices of primitive kinds or strings.
+func (opts formatOptions) CanFormatDiffSlice(v *valueNode) bool {
+	switch {
+	case opts.DiffMode != diffUnknown:
+		return false // Must be formatting in diff mode
+	case v.NumDiff == 0:
+		return false // No differences detected
+	case !v.ValueX.IsValid() || !v.ValueY.IsValid():
+		return false // Both values must be valid
+	case v.NumIgnored > 0:
+		return false // Some ignore option was used
+	case v.NumTransformed > 0:
+		return false // Some transform option was used
+	case v.NumCompared > 1:
+		return false // More than one comparison was used
+	case v.NumCompared == 1 && v.Type.Name() != "":
+		// The need for cmp to check applicability of options on every element
+		// in a slice is a significant performance detriment for large []byte.
+		// The workaround is to specify Comparer(bytes.Equal),
+		// which enables cmp to compare []byte more efficiently.
+		// If they differ, we still want to provide batched diffing.
+		// The logic disallows named types since they tend to have their own
+		// String method, with nicer formatting than what this provides.
+		return false
+	}
+
+	// Check whether this is an interface with the same concrete types.
+	t := v.Type
+	vx, vy := v.ValueX, v.ValueY
+	if t.Kind() == reflect.Interface && !vx.IsNil() && !vy.IsNil() && vx.Elem().Type() == vy.Elem().Type() {
+		vx, vy = vx.Elem(), vy.Elem()
+		t = vx.Type()
+	}
+
+	// Check whether we provide specialized diffing for this type.
+	switch t.Kind() {
+	case reflect.String:
+	case reflect.Array, reflect.Slice:
+		// Only slices of primitive types have specialized handling.
+		switch t.Elem().Kind() {
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+			reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr,
+			reflect.Bool, reflect.Float32, reflect.Float64, reflect.Complex64, reflect.Complex128:
+		default:
+			return false
+		}
+
+		// Both slice values have to be non-empty.
+		if t.Kind() == reflect.Slice && (vx.Len() == 0 || vy.Len() == 0) {
+			return false
+		}
+
+		// If a sufficient number of elements already differ,
+		// use specialized formatting even if length requirement is not met.
+		if v.NumDiff > v.NumSame {
+			return true
+		}
+	default:
+		return false
+	}
+
+	// Use specialized string diffing for longer slices or strings.
+	const minLength = 32
+	return vx.Len() >= minLength && vy.Len() >= minLength
+}
+
+// FormatDiffSlice prints a diff for the slices (or strings) represented by v.
+// This provides custom-tailored logic to make printing of differences in
+// textual strings and slices of primitive kinds more readable.
+func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode {
+	assert(opts.DiffMode == diffUnknown)
+	t, vx, vy := v.Type, v.ValueX, v.ValueY
+	if t.Kind() == reflect.Interface {
+		vx, vy = vx.Elem(), vy.Elem()
+		t = vx.Type()
+		opts = opts.WithTypeMode(emitType)
+	}
+
+	// Auto-detect the type of the data.
+	var sx, sy string
+	var ssx, ssy []string
+	var isString, isMostlyText, isPureLinedText, isBinary bool
+	switch {
+	case t.Kind() == reflect.String:
+		sx, sy = vx.String(), vy.String()
+		isString = true
+	case t.Kind() == reflect.Slice && t.Elem() == reflect.TypeOf(byte(0)):
+		sx, sy = string(vx.Bytes()), string(vy.Bytes())
+		isString = true
+	case t.Kind() == reflect.Array:
+		// Arrays need to be addressable for slice operations to work.
+		vx2, vy2 := reflect.New(t).Elem(), reflect.New(t).Elem()
+		vx2.Set(vx)
+		vy2.Set(vy)
+		vx, vy = vx2, vy2
+	}
+	if isString {
+		var numTotalRunes, numValidRunes, numLines, lastLineIdx, maxLineLen int
+		for i, r := range sx + sy {
+			numTotalRunes++
+			if (unicode.IsPrint(r) || unicode.IsSpace(r)) && r != utf8.RuneError {
+				numValidRunes++
+			}
+			if r == '\n' {
+				if maxLineLen < i-lastLineIdx {
+					maxLineLen = i - lastLineIdx
+				}
+				lastLineIdx = i + 1
+				numLines++
+			}
+		}
+		isPureText := numValidRunes == numTotalRunes
+		isMostlyText = float64(numValidRunes) > math.Floor(0.90*float64(numTotalRunes))
+		isPureLinedText = isPureText && numLines >= 4 && maxLineLen <= 1024
+		isBinary = !isMostlyText
+
+		// Avoid diffing by lines if it produces a significantly more complex
+		// edit script than diffing by bytes.
+		if isPureLinedText {
+			ssx = strings.Split(sx, "\n")
+			ssy = strings.Split(sy, "\n")
+			esLines := diff.Difference(len(ssx), len(ssy), func(ix, iy int) diff.Result {
+				return diff.BoolResult(ssx[ix] == ssy[iy])
+			})
+			esBytes := diff.Difference(len(sx), len(sy), func(ix, iy int) diff.Result {
+				return diff.BoolResult(sx[ix] == sy[iy])
+			})
+			efficiencyLines := float64(esLines.Dist()) / float64(len(esLines))
+			efficiencyBytes := float64(esBytes.Dist()) / float64(len(esBytes))
+			isPureLinedText = efficiencyLines < 4*efficiencyBytes
+		}
+	}
+
+	// Format the string into printable records.
+	var list textList
+	var delim string
+	switch {
+	// If the text appears to be multi-lined text,
+	// then perform differencing across individual lines.
+	case isPureLinedText:
+		list = opts.formatDiffSlice(
+			reflect.ValueOf(ssx), reflect.ValueOf(ssy), 1, "line",
+			func(v reflect.Value, d diffMode) textRecord {
+				s := formatString(v.Index(0).String())
+				return textRecord{Diff: d, Value: textLine(s)}
+			},
+		)
+		delim = "\n"
+
+		// If possible, use a custom triple-quote (""") syntax for printing
+		// differences in a string literal. This format is more readable,
+		// but has edge-cases where differences are visually indistinguishable.
+		// This format is avoided under the following conditions:
+		//	• A line starts with `"""`
+		//	• A line starts with "..."
+		//	• A line contains non-printable characters
+		//	• Adjacent different lines differ only by whitespace
+		//
+		// For example:
+		//		"""
+		//		... // 3 identical lines
+		//		foo
+		//		bar
+		//	-	baz
+		//	+	BAZ
+		//		"""
+		isTripleQuoted := true
+		prevRemoveLines := map[string]bool{}
+		prevInsertLines := map[string]bool{}
+		var list2 textList
+		list2 = append(list2, textRecord{Value: textLine(`"""`), ElideComma: true})
+		for _, r := range list {
+			if !r.Value.Equal(textEllipsis) {
+				line, _ := strconv.Unquote(string(r.Value.(textLine)))
+				line = strings.TrimPrefix(strings.TrimSuffix(line, "\r"), "\r") // trim leading/trailing carriage returns for legacy Windows endline support
+				normLine := strings.Map(func(r rune) rune {
+					if unicode.IsSpace(r) {
+						return -1 // drop whitespace to avoid visually indistinguishable output
+					}
+					return r
+				}, line)
+				isPrintable := func(r rune) bool {
+					return unicode.IsPrint(r) || r == '\t' // specially treat tab as printable
+				}
+				isTripleQuoted = !strings.HasPrefix(line, `"""`) && !strings.HasPrefix(line, "...") && strings.TrimFunc(line, isPrintable) == ""
+				switch r.Diff {
+				case diffRemoved:
+					isTripleQuoted = isTripleQuoted && !prevInsertLines[normLine]
+					prevRemoveLines[normLine] = true
+				case diffInserted:
+					isTripleQuoted = isTripleQuoted && !prevRemoveLines[normLine]
+					prevInsertLines[normLine] = true
+				}
+				if !isTripleQuoted {
+					break
+				}
+				r.Value = textLine(line)
+				r.ElideComma = true
+			}
+			if !(r.Diff == diffRemoved || r.Diff == diffInserted) { // start a new non-adjacent difference group
+				prevRemoveLines = map[string]bool{}
+				prevInsertLines = map[string]bool{}
+			}
+			list2 = append(list2, r)
+		}
+		if r := list2[len(list2)-1]; r.Diff == diffIdentical && len(r.Value.(textLine)) == 0 {
+			list2 = list2[:len(list2)-1] // elide single empty line at the end
+		}
+		list2 = append(list2, textRecord{Value: textLine(`"""`), ElideComma: true})
+		if isTripleQuoted {
+			var out textNode = &textWrap{Prefix: "(", Value: list2, Suffix: ")"}
+			switch t.Kind() {
+			case reflect.String:
+				if t != reflect.TypeOf(string("")) {
+					out = opts.FormatType(t, out)
+				}
+			case reflect.Slice:
+				// Always emit type for slices since the triple-quote syntax
+				// looks like a string (not a slice).
+				opts = opts.WithTypeMode(emitType)
+				out = opts.FormatType(t, out)
+			}
+			return out
+		}
+
+	// If the text appears to be single-lined text,
+	// then perform differencing in approximately fixed-sized chunks.
+	// The output is printed as quoted strings.
+	case isMostlyText:
+		list = opts.formatDiffSlice(
+			reflect.ValueOf(sx), reflect.ValueOf(sy), 64, "byte",
+			func(v reflect.Value, d diffMode) textRecord {
+				s := formatString(v.String())
+				return textRecord{Diff: d, Value: textLine(s)}
+			},
+		)
+
+	// If the text appears to be binary data,
+	// then perform differencing in approximately fixed-sized chunks.
+	// The output is inspired by hexdump.
+	case isBinary:
+		list = opts.formatDiffSlice(
+			reflect.ValueOf(sx), reflect.ValueOf(sy), 16, "byte",
+			func(v reflect.Value, d diffMode) textRecord {
+				var ss []string
+				for i := 0; i < v.Len(); i++ {
+					ss = append(ss, formatHex(v.Index(i).Uint()))
+				}
+				s := strings.Join(ss, ", ")
+				comment := commentString(fmt.Sprintf("%c|%v|", d, formatASCII(v.String())))
+				return textRecord{Diff: d, Value: textLine(s), Comment: comment}
+			},
+		)
+
+	// For all other slices of primitive types,
+	// then perform differencing in approximately fixed-sized chunks.
+	// The size of each chunk depends on the width of the element kind.
+	default:
+		var chunkSize int
+		if t.Elem().Kind() == reflect.Bool {
+			chunkSize = 16
+		} else {
+			switch t.Elem().Bits() {
+			case 8:
+				chunkSize = 16
+			case 16:
+				chunkSize = 12
+			case 32:
+				chunkSize = 8
+			default:
+				chunkSize = 8
+			}
+		}
+		list = opts.formatDiffSlice(
+			vx, vy, chunkSize, t.Elem().Kind().String(),
+			func(v reflect.Value, d diffMode) textRecord {
+				var ss []string
+				for i := 0; i < v.Len(); i++ {
+					switch t.Elem().Kind() {
+					case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+						ss = append(ss, fmt.Sprint(v.Index(i).Int()))
+					case reflect.Uint, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+						ss = append(ss, fmt.Sprint(v.Index(i).Uint()))
+					case reflect.Uint8, reflect.Uintptr:
+						ss = append(ss, formatHex(v.Index(i).Uint()))
+					case reflect.Bool, reflect.Float32, reflect.Float64, reflect.Complex64, reflect.Complex128:
+						ss = append(ss, fmt.Sprint(v.Index(i).Interface()))
+					}
+				}
+				s := strings.Join(ss, ", ")
+				return textRecord{Diff: d, Value: textLine(s)}
+			},
+		)
+	}
+
+	// Wrap the output with appropriate type information.
+	var out textNode = &textWrap{Prefix: "{", Value: list, Suffix: "}"}
+	if !isMostlyText {
+		// The "{...}" byte-sequence literal is not valid Go syntax for strings.
+		// Emit the type for extra clarity (e.g. "string{...}").
+		if t.Kind() == reflect.String {
+			opts = opts.WithTypeMode(emitType)
+		}
+		return opts.FormatType(t, out)
+	}
+	switch t.Kind() {
+	case reflect.String:
+		out = &textWrap{Prefix: "strings.Join(", Value: out, Suffix: fmt.Sprintf(", %q)", delim)}
+		if t != reflect.TypeOf(string("")) {
+			out = opts.FormatType(t, out)
+		}
+	case reflect.Slice:
+		out = &textWrap{Prefix: "bytes.Join(", Value: out, Suffix: fmt.Sprintf(", %q)", delim)}
+		if t != reflect.TypeOf([]byte(nil)) {
+			out = opts.FormatType(t, out)
+		}
+	}
+	return out
+}
+
+// formatASCII formats s as an ASCII string.
+// This is useful for printing binary strings in a semi-legible way.
+func formatASCII(s string) string {
+	b := bytes.Repeat([]byte{'.'}, len(s))
+	for i := 0; i < len(s); i++ {
+		if ' ' <= s[i] && s[i] <= '~' {
+			b[i] = s[i]
+		}
+	}
+	return string(b)
+}
+
+func (opts formatOptions) formatDiffSlice(
+	vx, vy reflect.Value, chunkSize int, name string,
+	makeRec func(reflect.Value, diffMode) textRecord,
+) (list textList) {
+	eq := func(ix, iy int) bool {
+		return vx.Index(ix).Interface() == vy.Index(iy).Interface()
+	}
+	es := diff.Difference(vx.Len(), vy.Len(), func(ix, iy int) diff.Result {
+		return diff.BoolResult(eq(ix, iy))
+	})
+
+	appendChunks := func(v reflect.Value, d diffMode) int {
+		n0 := v.Len()
+		for v.Len() > 0 {
+			n := chunkSize
+			if n > v.Len() {
+				n = v.Len()
+			}
+			list = append(list, makeRec(v.Slice(0, n), d))
+			v = v.Slice(n, v.Len())
+		}
+		return n0 - v.Len()
+	}
+
+	var numDiffs int
+	maxLen := -1
+	if opts.LimitVerbosity {
+		maxLen = (1 << opts.verbosity()) << 2 // 4, 8, 16, 32, 64, etc...
+		opts.VerbosityLevel--
+	}
+
+	groups := coalesceAdjacentEdits(name, es)
+	groups = coalesceInterveningIdentical(groups, chunkSize/4)
+	groups = cleanupSurroundingIdentical(groups, eq)
+	maxGroup := diffStats{Name: name}
+	for i, ds := range groups {
+		if maxLen >= 0 && numDiffs >= maxLen {
+			maxGroup = maxGroup.Append(ds)
+			continue
+		}
+
+		// Print equal.
+		if ds.NumDiff() == 0 {
+			// Compute the number of leading and trailing equal bytes to print.
+			var numLo, numHi int
+			numEqual := ds.NumIgnored + ds.NumIdentical
+			for numLo < chunkSize*numContextRecords && numLo+numHi < numEqual && i != 0 {
+				numLo++
+			}
+			for numHi < chunkSize*numContextRecords && numLo+numHi < numEqual && i != len(groups)-1 {
+				numHi++
+			}
+			if numEqual-(numLo+numHi) <= chunkSize && ds.NumIgnored == 0 {
+				numHi = numEqual - numLo // Avoid pointless coalescing of single equal row
+			}
+
+			// Print the equal bytes.
+			appendChunks(vx.Slice(0, numLo), diffIdentical)
+			if numEqual > numLo+numHi {
+				ds.NumIdentical -= numLo + numHi
+				list.AppendEllipsis(ds)
+			}
+			appendChunks(vx.Slice(numEqual-numHi, numEqual), diffIdentical)
+			vx = vx.Slice(numEqual, vx.Len())
+			vy = vy.Slice(numEqual, vy.Len())
+			continue
+		}
+
+		// Print unequal.
+		len0 := len(list)
+		nx := appendChunks(vx.Slice(0, ds.NumIdentical+ds.NumRemoved+ds.NumModified), diffRemoved)
+		vx = vx.Slice(nx, vx.Len())
+		ny := appendChunks(vy.Slice(0, ds.NumIdentical+ds.NumInserted+ds.NumModified), diffInserted)
+		vy = vy.Slice(ny, vy.Len())
+		numDiffs += len(list) - len0
+	}
+	if maxGroup.IsZero() {
+		assert(vx.Len() == 0 && vy.Len() == 0)
+	} else {
+		list.AppendEllipsis(maxGroup)
+	}
+	return list
+}
+
+// coalesceAdjacentEdits coalesces the list of edits into groups of adjacent
+// equal or unequal counts.
+//
+// Example:
+//
+//	Input:  "..XXY...Y"
+//	Output: [
+//		{NumIdentical: 2},
+//		{NumRemoved: 2, NumInserted 1},
+//		{NumIdentical: 3},
+//		{NumInserted: 1},
+//	]
+//
+func coalesceAdjacentEdits(name string, es diff.EditScript) (groups []diffStats) {
+	var prevMode byte
+	lastStats := func(mode byte) *diffStats {
+		if prevMode != mode {
+			groups = append(groups, diffStats{Name: name})
+			prevMode = mode
+		}
+		return &groups[len(groups)-1]
+	}
+	for _, e := range es {
+		switch e {
+		case diff.Identity:
+			lastStats('=').NumIdentical++
+		case diff.UniqueX:
+			lastStats('!').NumRemoved++
+		case diff.UniqueY:
+			lastStats('!').NumInserted++
+		case diff.Modified:
+			lastStats('!').NumModified++
+		}
+	}
+	return groups
+}
+
+// coalesceInterveningIdentical coalesces sufficiently short (<= windowSize)
+// equal groups into adjacent unequal groups that currently result in a
+// dual inserted/removed printout. This acts as a high-pass filter to smooth
+// out high-frequency changes within the windowSize.
+//
+// Example:
+//
+//	WindowSize: 16,
+//	Input: [
+//		{NumIdentical: 61},              // group 0
+//		{NumRemoved: 3, NumInserted: 1}, // group 1
+//		{NumIdentical: 6},               // ├── coalesce
+//		{NumInserted: 2},                // ├── coalesce
+//		{NumIdentical: 1},               // ├── coalesce
+//		{NumRemoved: 9},                 // └── coalesce
+//		{NumIdentical: 64},              // group 2
+//		{NumRemoved: 3, NumInserted: 1}, // group 3
+//		{NumIdentical: 6},               // ├── coalesce
+//		{NumInserted: 2},                // ├── coalesce
+//		{NumIdentical: 1},               // ├── coalesce
+//		{NumRemoved: 7},                 // ├── coalesce
+//		{NumIdentical: 1},               // ├── coalesce
+//		{NumRemoved: 2},                 // └── coalesce
+//		{NumIdentical: 63},              // group 4
+//	]
+//	Output: [
+//		{NumIdentical: 61},
+//		{NumIdentical: 7, NumRemoved: 12, NumInserted: 3},
+//		{NumIdentical: 64},
+//		{NumIdentical: 8, NumRemoved: 12, NumInserted: 3},
+//		{NumIdentical: 63},
+//	]
+//
+func coalesceInterveningIdentical(groups []diffStats, windowSize int) []diffStats {
+	groups, groupsOrig := groups[:0], groups
+	for i, ds := range groupsOrig {
+		if len(groups) >= 2 && ds.NumDiff() > 0 {
+			prev := &groups[len(groups)-2] // Unequal group
+			curr := &groups[len(groups)-1] // Equal group
+			next := &groupsOrig[i]         // Unequal group
+			hadX, hadY := prev.NumRemoved > 0, prev.NumInserted > 0
+			hasX, hasY := next.NumRemoved > 0, next.NumInserted > 0
+			if ((hadX || hasX) && (hadY || hasY)) && curr.NumIdentical <= windowSize {
+				*prev = prev.Append(*curr).Append(*next)
+				groups = groups[:len(groups)-1] // Truncate off equal group
+				continue
+			}
+		}
+		groups = append(groups, ds)
+	}
+	return groups
+}
+
+// cleanupSurroundingIdentical scans through all unequal groups, and
+// moves any leading sequence of equal elements to the preceding equal group and
+// moves and trailing sequence of equal elements to the succeeding equal group.
+//
+// This is necessary since coalesceInterveningIdentical may coalesce edit groups
+// together such that leading/trailing spans of equal elements becomes possible.
+// Note that this can occur even with an optimal diffing algorithm.
+//
+// Example:
+//
+//	Input: [
+//		{NumIdentical: 61},
+//		{NumIdentical: 1 , NumRemoved: 11, NumInserted: 2}, // assume 3 leading identical elements
+//		{NumIdentical: 67},
+//		{NumIdentical: 7, NumRemoved: 12, NumInserted: 3},  // assume 10 trailing identical elements
+//		{NumIdentical: 54},
+//	]
+//	Output: [
+//		{NumIdentical: 64}, // incremented by 3
+//		{NumRemoved: 9},
+//		{NumIdentical: 67},
+//		{NumRemoved: 9},
+//		{NumIdentical: 64}, // incremented by 10
+//	]
+//
+func cleanupSurroundingIdentical(groups []diffStats, eq func(i, j int) bool) []diffStats {
+	var ix, iy int // indexes into sequence x and y
+	for i, ds := range groups {
+		// Handle equal group.
+		if ds.NumDiff() == 0 {
+			ix += ds.NumIdentical
+			iy += ds.NumIdentical
+			continue
+		}
+
+		// Handle unequal group.
+		nx := ds.NumIdentical + ds.NumRemoved + ds.NumModified
+		ny := ds.NumIdentical + ds.NumInserted + ds.NumModified
+		var numLeadingIdentical, numTrailingIdentical int
+		for j := 0; j < nx && j < ny && eq(ix+j, iy+j); j++ {
+			numLeadingIdentical++
+		}
+		for j := 0; j < nx && j < ny && eq(ix+nx-1-j, iy+ny-1-j); j++ {
+			numTrailingIdentical++
+		}
+		if numIdentical := numLeadingIdentical + numTrailingIdentical; numIdentical > 0 {
+			if numLeadingIdentical > 0 {
+				// Remove leading identical span from this group and
+				// insert it into the preceding group.
+				if i-1 >= 0 {
+					groups[i-1].NumIdentical += numLeadingIdentical
+				} else {
+					// No preceding group exists, so prepend a new group,
+					// but do so after we finish iterating over all groups.
+					defer func() {
+						groups = append([]diffStats{{Name: groups[0].Name, NumIdentical: numLeadingIdentical}}, groups...)
+					}()
+				}
+				// Increment indexes since the preceding group would have handled this.
+				ix += numLeadingIdentical
+				iy += numLeadingIdentical
+			}
+			if numTrailingIdentical > 0 {
+				// Remove trailing identical span from this group and
+				// insert it into the succeeding group.
+				if i+1 < len(groups) {
+					groups[i+1].NumIdentical += numTrailingIdentical
+				} else {
+					// No succeeding group exists, so append a new group,
+					// but do so after we finish iterating over all groups.
+					defer func() {
+						groups = append(groups, diffStats{Name: groups[len(groups)-1].Name, NumIdentical: numTrailingIdentical})
+					}()
+				}
+				// Do not increment indexes since the succeeding group will handle this.
+			}
+
+			// Update this group since some identical elements were removed.
+			nx -= numIdentical
+			ny -= numIdentical
+			groups[i] = diffStats{Name: ds.Name, NumRemoved: nx, NumInserted: ny}
+		}
+		ix += nx
+		iy += ny
+	}
+	return groups
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/report_text.go b/vendor/github.com/google/go-cmp/cmp/report_text.go
new file mode 100644
index 000000000..0fd46d7ff
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/report_text.go
@@ -0,0 +1,431 @@
+// Copyright 2019, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+	"bytes"
+	"fmt"
+	"math/rand"
+	"strings"
+	"time"
+	"unicode/utf8"
+
+	"github.com/google/go-cmp/cmp/internal/flags"
+)
+
+var randBool = rand.New(rand.NewSource(time.Now().Unix())).Intn(2) == 0
+
+const maxColumnLength = 80
+
+type indentMode int
+
+func (n indentMode) appendIndent(b []byte, d diffMode) []byte {
+	// The output of Diff is documented as being unstable to provide future
+	// flexibility in changing the output for more humanly readable reports.
+	// This logic intentionally introduces instability to the exact output
+	// so that users can detect accidental reliance on stability early on,
+	// rather than much later when an actual change to the format occurs.
+	if flags.Deterministic || randBool {
+		// Use regular spaces (U+0020).
+		switch d {
+		case diffUnknown, diffIdentical:
+			b = append(b, "  "...)
+		case diffRemoved:
+			b = append(b, "- "...)
+		case diffInserted:
+			b = append(b, "+ "...)
+		}
+	} else {
+		// Use non-breaking spaces (U+00a0).
+		switch d {
+		case diffUnknown, diffIdentical:
+			b = append(b, "  "...)
+		case diffRemoved:
+			b = append(b, "- "...)
+		case diffInserted:
+			b = append(b, "+ "...)
+		}
+	}
+	return repeatCount(n).appendChar(b, '\t')
+}
+
+type repeatCount int
+
+func (n repeatCount) appendChar(b []byte, c byte) []byte {
+	for ; n > 0; n-- {
+		b = append(b, c)
+	}
+	return b
+}
+
+// textNode is a simplified tree-based representation of structured text.
+// Possible node types are textWrap, textList, or textLine.
+type textNode interface {
+	// Len reports the length in bytes of a single-line version of the tree.
+	// Nested textRecord.Diff and textRecord.Comment fields are ignored.
+	Len() int
+	// Equal reports whether the two trees are structurally identical.
+	// Nested textRecord.Diff and textRecord.Comment fields are compared.
+	Equal(textNode) bool
+	// String returns the string representation of the text tree.
+	// It is not guaranteed that len(x.String()) == x.Len(),
+	// nor that x.String() == y.String() implies that x.Equal(y).
+	String() string
+
+	// formatCompactTo formats the contents of the tree as a single-line string
+	// to the provided buffer. Any nested textRecord.Diff and textRecord.Comment
+	// fields are ignored.
+	//
+	// However, not all nodes in the tree should be collapsed as a single-line.
+	// If a node can be collapsed as a single-line, it is replaced by a textLine
+	// node. Since the top-level node cannot replace itself, this also returns
+	// the current node itself.
+	//
+	// This does not mutate the receiver.
+	formatCompactTo([]byte, diffMode) ([]byte, textNode)
+	// formatExpandedTo formats the contents of the tree as a multi-line string
+	// to the provided buffer. In order for column alignment to operate well,
+	// formatCompactTo must be called before calling formatExpandedTo.
+	formatExpandedTo([]byte, diffMode, indentMode) []byte
+}
+
+// textWrap is a wrapper that concatenates a prefix and/or a suffix
+// to the underlying node.
+type textWrap struct {
+	Prefix   string      // e.g., "bytes.Buffer{"
+	Value    textNode    // textWrap | textList | textLine
+	Suffix   string      // e.g., "}"
+	Metadata interface{} // arbitrary metadata; has no effect on formatting
+}
+
+func (s *textWrap) Len() int {
+	return len(s.Prefix) + s.Value.Len() + len(s.Suffix)
+}
+func (s1 *textWrap) Equal(s2 textNode) bool {
+	if s2, ok := s2.(*textWrap); ok {
+		return s1.Prefix == s2.Prefix && s1.Value.Equal(s2.Value) && s1.Suffix == s2.Suffix
+	}
+	return false
+}
+func (s *textWrap) String() string {
+	var d diffMode
+	var n indentMode
+	_, s2 := s.formatCompactTo(nil, d)
+	b := n.appendIndent(nil, d)      // Leading indent
+	b = s2.formatExpandedTo(b, d, n) // Main body
+	b = append(b, '\n')              // Trailing newline
+	return string(b)
+}
+func (s *textWrap) formatCompactTo(b []byte, d diffMode) ([]byte, textNode) {
+	n0 := len(b) // Original buffer length
+	b = append(b, s.Prefix...)
+	b, s.Value = s.Value.formatCompactTo(b, d)
+	b = append(b, s.Suffix...)
+	if _, ok := s.Value.(textLine); ok {
+		return b, textLine(b[n0:])
+	}
+	return b, s
+}
+func (s *textWrap) formatExpandedTo(b []byte, d diffMode, n indentMode) []byte {
+	b = append(b, s.Prefix...)
+	b = s.Value.formatExpandedTo(b, d, n)
+	b = append(b, s.Suffix...)
+	return b
+}
+
+// textList is a comma-separated list of textWrap or textLine nodes.
+// The list may be formatted as multi-lines or single-line at the discretion
+// of the textList.formatCompactTo method.
+type textList []textRecord
+type textRecord struct {
+	Diff       diffMode     // e.g., 0 or '-' or '+'
+	Key        string       // e.g., "MyField"
+	Value      textNode     // textWrap | textLine
+	ElideComma bool         // avoid trailing comma
+	Comment    fmt.Stringer // e.g., "6 identical fields"
+}
+
+// AppendEllipsis appends a new ellipsis node to the list if none already
+// exists at the end. If cs is non-zero it coalesces the statistics with the
+// previous diffStats.
+func (s *textList) AppendEllipsis(ds diffStats) {
+	hasStats := !ds.IsZero()
+	if len(*s) == 0 || !(*s)[len(*s)-1].Value.Equal(textEllipsis) {
+		if hasStats {
+			*s = append(*s, textRecord{Value: textEllipsis, ElideComma: true, Comment: ds})
+		} else {
+			*s = append(*s, textRecord{Value: textEllipsis, ElideComma: true})
+		}
+		return
+	}
+	if hasStats {
+		(*s)[len(*s)-1].Comment = (*s)[len(*s)-1].Comment.(diffStats).Append(ds)
+	}
+}
+
+func (s textList) Len() (n int) {
+	for i, r := range s {
+		n += len(r.Key)
+		if r.Key != "" {
+			n += len(": ")
+		}
+		n += r.Value.Len()
+		if i < len(s)-1 {
+			n += len(", ")
+		}
+	}
+	return n
+}
+
+func (s1 textList) Equal(s2 textNode) bool {
+	if s2, ok := s2.(textList); ok {
+		if len(s1) != len(s2) {
+			return false
+		}
+		for i := range s1 {
+			r1, r2 := s1[i], s2[i]
+			if !(r1.Diff == r2.Diff && r1.Key == r2.Key && r1.Value.Equal(r2.Value) && r1.Comment == r2.Comment) {
+				return false
+			}
+		}
+		return true
+	}
+	return false
+}
+
+func (s textList) String() string {
+	return (&textWrap{Prefix: "{", Value: s, Suffix: "}"}).String()
+}
+
+func (s textList) formatCompactTo(b []byte, d diffMode) ([]byte, textNode) {
+	s = append(textList(nil), s...) // Avoid mutating original
+
+	// Determine whether we can collapse this list as a single line.
+	n0 := len(b) // Original buffer length
+	var multiLine bool
+	for i, r := range s {
+		if r.Diff == diffInserted || r.Diff == diffRemoved {
+			multiLine = true
+		}
+		b = append(b, r.Key...)
+		if r.Key != "" {
+			b = append(b, ": "...)
+		}
+		b, s[i].Value = r.Value.formatCompactTo(b, d|r.Diff)
+		if _, ok := s[i].Value.(textLine); !ok {
+			multiLine = true
+		}
+		if r.Comment != nil {
+			multiLine = true
+		}
+		if i < len(s)-1 {
+			b = append(b, ", "...)
+		}
+	}
+	// Force multi-lined output when printing a removed/inserted node that
+	// is sufficiently long.
+	if (d == diffInserted || d == diffRemoved) && len(b[n0:]) > maxColumnLength {
+		multiLine = true
+	}
+	if !multiLine {
+		return b, textLine(b[n0:])
+	}
+	return b, s
+}
+
+func (s textList) formatExpandedTo(b []byte, d diffMode, n indentMode) []byte {
+	alignKeyLens := s.alignLens(
+		func(r textRecord) bool {
+			_, isLine := r.Value.(textLine)
+			return r.Key == "" || !isLine
+		},
+		func(r textRecord) int { return utf8.RuneCountInString(r.Key) },
+	)
+	alignValueLens := s.alignLens(
+		func(r textRecord) bool {
+			_, isLine := r.Value.(textLine)
+			return !isLine || r.Value.Equal(textEllipsis) || r.Comment == nil
+		},
+		func(r textRecord) int { return utf8.RuneCount(r.Value.(textLine)) },
+	)
+
+	// Format lists of simple lists in a batched form.
+	// If the list is sequence of only textLine values,
+	// then batch multiple values on a single line.
+	var isSimple bool
+	for _, r := range s {
+		_, isLine := r.Value.(textLine)
+		isSimple = r.Diff == 0 && r.Key == "" && isLine && r.Comment == nil
+		if !isSimple {
+			break
+		}
+	}
+	if isSimple {
+		n++
+		var batch []byte
+		emitBatch := func() {
+			if len(batch) > 0 {
+				b = n.appendIndent(append(b, '\n'), d)
+				b = append(b, bytes.TrimRight(batch, " ")...)
+				batch = batch[:0]
+			}
+		}
+		for _, r := range s {
+			line := r.Value.(textLine)
+			if len(batch)+len(line)+len(", ") > maxColumnLength {
+				emitBatch()
+			}
+			batch = append(batch, line...)
+			batch = append(batch, ", "...)
+		}
+		emitBatch()
+		n--
+		return n.appendIndent(append(b, '\n'), d)
+	}
+
+	// Format the list as a multi-lined output.
+	n++
+	for i, r := range s {
+		b = n.appendIndent(append(b, '\n'), d|r.Diff)
+		if r.Key != "" {
+			b = append(b, r.Key+": "...)
+		}
+		b = alignKeyLens[i].appendChar(b, ' ')
+
+		b = r.Value.formatExpandedTo(b, d|r.Diff, n)
+		if !r.ElideComma {
+			b = append(b, ',')
+		}
+		b = alignValueLens[i].appendChar(b, ' ')
+
+		if r.Comment != nil {
+			b = append(b, " // "+r.Comment.String()...)
+		}
+	}
+	n--
+
+	return n.appendIndent(append(b, '\n'), d)
+}
+
+func (s textList) alignLens(
+	skipFunc func(textRecord) bool,
+	lenFunc func(textRecord) int,
+) []repeatCount {
+	var startIdx, endIdx, maxLen int
+	lens := make([]repeatCount, len(s))
+	for i, r := range s {
+		if skipFunc(r) {
+			for j := startIdx; j < endIdx && j < len(s); j++ {
+				lens[j] = repeatCount(maxLen - lenFunc(s[j]))
+			}
+			startIdx, endIdx, maxLen = i+1, i+1, 0
+		} else {
+			if maxLen < lenFunc(r) {
+				maxLen = lenFunc(r)
+			}
+			endIdx = i + 1
+		}
+	}
+	for j := startIdx; j < endIdx && j < len(s); j++ {
+		lens[j] = repeatCount(maxLen - lenFunc(s[j]))
+	}
+	return lens
+}
+
+// textLine is a single-line segment of text and is always a leaf node
+// in the textNode tree.
+type textLine []byte
+
+var (
+	textNil      = textLine("nil")
+	textEllipsis = textLine("...")
+)
+
+func (s textLine) Len() int {
+	return len(s)
+}
+func (s1 textLine) Equal(s2 textNode) bool {
+	if s2, ok := s2.(textLine); ok {
+		return bytes.Equal([]byte(s1), []byte(s2))
+	}
+	return false
+}
+func (s textLine) String() string {
+	return string(s)
+}
+func (s textLine) formatCompactTo(b []byte, d diffMode) ([]byte, textNode) {
+	return append(b, s...), s
+}
+func (s textLine) formatExpandedTo(b []byte, _ diffMode, _ indentMode) []byte {
+	return append(b, s...)
+}
+
+type diffStats struct {
+	Name         string
+	NumIgnored   int
+	NumIdentical int
+	NumRemoved   int
+	NumInserted  int
+	NumModified  int
+}
+
+func (s diffStats) IsZero() bool {
+	s.Name = ""
+	return s == diffStats{}
+}
+
+func (s diffStats) NumDiff() int {
+	return s.NumRemoved + s.NumInserted + s.NumModified
+}
+
+func (s diffStats) Append(ds diffStats) diffStats {
+	assert(s.Name == ds.Name)
+	s.NumIgnored += ds.NumIgnored
+	s.NumIdentical += ds.NumIdentical
+	s.NumRemoved += ds.NumRemoved
+	s.NumInserted += ds.NumInserted
+	s.NumModified += ds.NumModified
+	return s
+}
+
+// String prints a humanly-readable summary of coalesced records.
+//
+// Example:
+//	diffStats{Name: "Field", NumIgnored: 5}.String() => "5 ignored fields"
+func (s diffStats) String() string {
+	var ss []string
+	var sum int
+	labels := [...]string{"ignored", "identical", "removed", "inserted", "modified"}
+	counts := [...]int{s.NumIgnored, s.NumIdentical, s.NumRemoved, s.NumInserted, s.NumModified}
+	for i, n := range counts {
+		if n > 0 {
+			ss = append(ss, fmt.Sprintf("%d %v", n, labels[i]))
+		}
+		sum += n
+	}
+
+	// Pluralize the name (adjusting for some obscure English grammar rules).
+	name := s.Name
+	if sum > 1 {
+		name += "s"
+		if strings.HasSuffix(name, "ys") {
+			name = name[:len(name)-2] + "ies" // e.g., "entrys" => "entries"
+		}
+	}
+
+	// Format the list according to English grammar (with Oxford comma).
+	switch n := len(ss); n {
+	case 0:
+		return ""
+	case 1, 2:
+		return strings.Join(ss, " and ") + " " + name
+	default:
+		return strings.Join(ss[:n-1], ", ") + ", and " + ss[n-1] + " " + name
+	}
+}
+
+type commentString string
+
+func (s commentString) String() string { return string(s) }
diff --git a/vendor/github.com/google/go-cmp/cmp/report_value.go b/vendor/github.com/google/go-cmp/cmp/report_value.go
new file mode 100644
index 000000000..668d470fd
--- /dev/null
+++ b/vendor/github.com/google/go-cmp/cmp/report_value.go
@@ -0,0 +1,121 @@
+// Copyright 2019, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import "reflect"
+
+// valueNode represents a single node within a report, which is a
+// structured representation of the value tree, containing information
+// regarding which nodes are equal or not.
+type valueNode struct {
+	parent *valueNode
+
+	Type   reflect.Type
+	ValueX reflect.Value
+	ValueY reflect.Value
+
+	// NumSame is the number of leaf nodes that are equal.
+	// All descendants are equal only if NumDiff is 0.
+	NumSame int
+	// NumDiff is the number of leaf nodes that are not equal.
+	NumDiff int
+	// NumIgnored is the number of leaf nodes that are ignored.
+	NumIgnored int
+	// NumCompared is the number of leaf nodes that were compared
+	// using an Equal method or Comparer function.
+	NumCompared int
+	// NumTransformed is the number of non-leaf nodes that were transformed.
+	NumTransformed int
+	// NumChildren is the number of transitive descendants of this node.
+	// This counts from zero; thus, leaf nodes have no descendants.
+	NumChildren int
+	// MaxDepth is the maximum depth of the tree. This counts from zero;
+	// thus, leaf nodes have a depth of zero.
+	MaxDepth int
+
+	// Records is a list of struct fields, slice elements, or map entries.
+	Records []reportRecord // If populated, implies Value is not populated
+
+	// Value is the result of a transformation, pointer indirect, of
+	// type assertion.
+	Value *valueNode // If populated, implies Records is not populated
+
+	// TransformerName is the name of the transformer.
+	TransformerName string // If non-empty, implies Value is populated
+}
+type reportRecord struct {
+	Key   reflect.Value // Invalid for slice element
+	Value *valueNode
+}
+
+func (parent *valueNode) PushStep(ps PathStep) (child *valueNode) {
+	vx, vy := ps.Values()
+	child = &valueNode{parent: parent, Type: ps.Type(), ValueX: vx, ValueY: vy}
+	switch s := ps.(type) {
+	case StructField:
+		assert(parent.Value == nil)
+		parent.Records = append(parent.Records, reportRecord{Key: reflect.ValueOf(s.Name()), Value: child})
+	case SliceIndex:
+		assert(parent.Value == nil)
+		parent.Records = append(parent.Records, reportRecord{Value: child})
+	case MapIndex:
+		assert(parent.Value == nil)
+		parent.Records = append(parent.Records, reportRecord{Key: s.Key(), Value: child})
+	case Indirect:
+		assert(parent.Value == nil && parent.Records == nil)
+		parent.Value = child
+	case TypeAssertion:
+		assert(parent.Value == nil && parent.Records == nil)
+		parent.Value = child
+	case Transform:
+		assert(parent.Value == nil && parent.Records == nil)
+		parent.Value = child
+		parent.TransformerName = s.Name()
+		parent.NumTransformed++
+	default:
+		assert(parent == nil) // Must be the root step
+	}
+	return child
+}
+
+func (r *valueNode) Report(rs Result) {
+	assert(r.MaxDepth == 0) // May only be called on leaf nodes
+
+	if rs.ByIgnore() {
+		r.NumIgnored++
+	} else {
+		if rs.Equal() {
+			r.NumSame++
+		} else {
+			r.NumDiff++
+		}
+	}
+	assert(r.NumSame+r.NumDiff+r.NumIgnored == 1)
+
+	if rs.ByMethod() {
+		r.NumCompared++
+	}
+	if rs.ByFunc() {
+		r.NumCompared++
+	}
+	assert(r.NumCompared <= 1)
+}
+
+func (child *valueNode) PopStep() (parent *valueNode) {
+	if child.parent == nil {
+		return nil
+	}
+	parent = child.parent
+	parent.NumSame += child.NumSame
+	parent.NumDiff += child.NumDiff
+	parent.NumIgnored += child.NumIgnored
+	parent.NumCompared += child.NumCompared
+	parent.NumTransformed += child.NumTransformed
+	parent.NumChildren += child.NumChildren + 1
+	if parent.MaxDepth < child.MaxDepth+1 {
+		parent.MaxDepth = child.MaxDepth + 1
+	}
+	return parent
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/digest.go b/vendor/github.com/google/go-containerregistry/pkg/name/digest.go
index e465aef49..c4a2e693e 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/name/digest.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/digest.go
@@ -15,16 +15,14 @@
 package name
 
 import (
+	_ "crypto/sha256" // Recommended by go-digest.
 	"strings"
-)
 
-const (
-	// These have the form: sha256:<hex string>
-	// TODO(dekkagaijin): replace with opencontainers/go-digest or docker/distribution's validation.
-	digestChars = "sh:0123456789abcdef"
-	digestDelim = "@"
+	"github.com/opencontainers/go-digest"
 )
 
+const digestDelim = "@"
+
 // Digest stores a digest name in a structured form.
 type Digest struct {
 	Repository
@@ -60,10 +58,6 @@ func (d Digest) String() string {
 	return d.original
 }
 
-func checkDigest(name string) error {
-	return checkElement("digest", name, digestChars, 7+64, 7+64)
-}
-
 // NewDigest returns a new Digest representing the given name.
 func NewDigest(name string, opts ...Option) (Digest, error) {
 	// Split on "@"
@@ -72,10 +66,13 @@ func NewDigest(name string, opts ...Option) (Digest, error) {
 		return Digest{}, newErrBadName("a digest must contain exactly one '@' separator (e.g. registry/repository@digest) saw: %s", name)
 	}
 	base := parts[0]
-	digest := parts[1]
-
-	// Always check that the digest is valid.
-	if err := checkDigest(digest); err != nil {
+	dig := parts[1]
+	prefix := digest.Canonical.String() + ":"
+	if !strings.HasPrefix(dig, prefix) {
+		return Digest{}, newErrBadName("unsupported digest algorithm: %s", dig)
+	}
+	hex := strings.TrimPrefix(dig, prefix)
+	if err := digest.Canonical.Validate(hex); err != nil {
 		return Digest{}, err
 	}
 
@@ -90,7 +87,7 @@ func NewDigest(name string, opts ...Option) (Digest, error) {
 	}
 	return Digest{
 		Repository: repo,
-		digest:     digest,
+		digest:     dig,
 		original:   name,
 	}, nil
 }
diff --git a/vendor/github.com/google/gofuzz/go.mod b/vendor/github.com/google/gofuzz/go.mod
deleted file mode 100644
index 8ec4fe9e9..000000000
--- a/vendor/github.com/google/gofuzz/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/google/gofuzz
-
-go 1.12
diff --git a/vendor/github.com/google/shlex/go.mod b/vendor/github.com/google/shlex/go.mod
deleted file mode 100644
index 0ab3bce7f..000000000
--- a/vendor/github.com/google/shlex/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/google/shlex
-
-go 1.13
diff --git a/vendor/github.com/google/uuid/go.mod b/vendor/github.com/google/uuid/go.mod
deleted file mode 100644
index fc84cd79d..000000000
--- a/vendor/github.com/google/uuid/go.mod
+++ /dev/null
@@ -1 +0,0 @@
-module github.com/google/uuid
diff --git a/vendor/github.com/gorilla/handlers/go.mod b/vendor/github.com/gorilla/handlers/go.mod
deleted file mode 100644
index 58e6a85ec..000000000
--- a/vendor/github.com/gorilla/handlers/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/gorilla/handlers
-
-go 1.14
-
-require github.com/felixge/httpsnoop v1.0.1
diff --git a/vendor/github.com/gorilla/handlers/go.sum b/vendor/github.com/gorilla/handlers/go.sum
deleted file mode 100644
index 8c2645804..000000000
--- a/vendor/github.com/gorilla/handlers/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
-github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
diff --git a/vendor/github.com/gorilla/mux/go.mod b/vendor/github.com/gorilla/mux/go.mod
deleted file mode 100644
index df170a399..000000000
--- a/vendor/github.com/gorilla/mux/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/gorilla/mux
-
-go 1.12
diff --git a/vendor/github.com/hashicorp/errwrap/go.mod b/vendor/github.com/hashicorp/errwrap/go.mod
deleted file mode 100644
index c9b84022c..000000000
--- a/vendor/github.com/hashicorp/errwrap/go.mod
+++ /dev/null
@@ -1 +0,0 @@
-module github.com/hashicorp/errwrap
diff --git a/vendor/github.com/hashicorp/go-multierror/go.mod b/vendor/github.com/hashicorp/go-multierror/go.mod
deleted file mode 100644
index 141cc4ccb..000000000
--- a/vendor/github.com/hashicorp/go-multierror/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/hashicorp/go-multierror
-
-go 1.13
-
-require github.com/hashicorp/errwrap v1.0.0
diff --git a/vendor/github.com/hashicorp/go-multierror/go.sum b/vendor/github.com/hashicorp/go-multierror/go.sum
deleted file mode 100644
index e8238e9ec..000000000
--- a/vendor/github.com/hashicorp/go-multierror/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
diff --git a/vendor/github.com/imdario/mergo/go.mod b/vendor/github.com/imdario/mergo/go.mod
deleted file mode 100644
index 6f476d6ff..000000000
--- a/vendor/github.com/imdario/mergo/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/imdario/mergo
-
-go 1.13
-
-require gopkg.in/yaml.v3 v3.0.0
diff --git a/vendor/github.com/imdario/mergo/go.sum b/vendor/github.com/imdario/mergo/go.sum
deleted file mode 100644
index 223abcb42..000000000
--- a/vendor/github.com/imdario/mergo/go.sum
+++ /dev/null
@@ -1,4 +0,0 @@
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/vendor/github.com/jinzhu/copier/go.mod b/vendor/github.com/jinzhu/copier/go.mod
deleted file mode 100644
index 309801e9b..000000000
--- a/vendor/github.com/jinzhu/copier/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/jinzhu/copier
-
-go 1.13
diff --git a/vendor/github.com/json-iterator/go/go.mod b/vendor/github.com/json-iterator/go/go.mod
deleted file mode 100644
index e817cccbf..000000000
--- a/vendor/github.com/json-iterator/go/go.mod
+++ /dev/null
@@ -1,11 +0,0 @@
-module github.com/json-iterator/go
-
-go 1.12
-
-require (
-	github.com/davecgh/go-spew v1.1.1
-	github.com/google/gofuzz v1.0.0
-	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421
-	github.com/modern-go/reflect2 v1.0.2
-	github.com/stretchr/testify v1.3.0
-)
diff --git a/vendor/github.com/json-iterator/go/go.sum b/vendor/github.com/json-iterator/go/go.sum
deleted file mode 100644
index 4b7bb8a29..000000000
--- a/vendor/github.com/json-iterator/go/go.sum
+++ /dev/null
@@ -1,14 +0,0 @@
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md
index c7cf1a20c..ad5c63a82 100644
--- a/vendor/github.com/klauspost/compress/README.md
+++ b/vendor/github.com/klauspost/compress/README.md
@@ -17,6 +17,16 @@ This package provides various compression algorithms.
 

 # changelog

 

+* July 13, 2022 (v1.15.8)

+

+	* gzip: fix stack exhaustion bug in Reader.Read https://github.com/klauspost/compress/pull/641

+	* s2: Add Index header trim/restore https://github.com/klauspost/compress/pull/638

+	* zstd: Optimize seqdeq amd64 asm by @greatroar in https://github.com/klauspost/compress/pull/636

+	* zstd: Improve decoder memcopy https://github.com/klauspost/compress/pull/637

+	* huff0: Pass a single bitReader pointer to asm by @greatroar in https://github.com/klauspost/compress/pull/634

+	* zstd: Branchless getBits for amd64 w/o BMI2 by @greatroar in https://github.com/klauspost/compress/pull/640

+	* gzhttp: Remove header before writing https://github.com/klauspost/compress/pull/639

+

 * June 29, 2022 (v1.15.7)

 

 	* s2: Fix absolute forward seeks  https://github.com/klauspost/compress/pull/633

diff --git a/vendor/github.com/klauspost/compress/go.mod b/vendor/github.com/klauspost/compress/go.mod
deleted file mode 100644
index b605e2d52..000000000
--- a/vendor/github.com/klauspost/compress/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/klauspost/compress
-
-go 1.16
diff --git a/vendor/github.com/klauspost/compress/go.sum b/vendor/github.com/klauspost/compress/go.sum
deleted file mode 100644
index e69de29bb..000000000
--- a/vendor/github.com/klauspost/compress/go.sum
+++ /dev/null
diff --git a/vendor/github.com/klauspost/compress/zstd/bytebuf.go b/vendor/github.com/klauspost/compress/zstd/bytebuf.go
index 4493baa75..2ad02070d 100644
--- a/vendor/github.com/klauspost/compress/zstd/bytebuf.go
+++ b/vendor/github.com/klauspost/compress/zstd/bytebuf.go
@@ -23,7 +23,7 @@ type byteBuffer interface {
 	readByte() (byte, error)
 
 	// Skip n bytes.
-	skipN(n int) error
+	skipN(n int64) error
 }
 
 // in-memory buffer
@@ -62,9 +62,12 @@ func (b *byteBuf) readByte() (byte, error) {
 	return r, nil
 }
 
-func (b *byteBuf) skipN(n int) error {
+func (b *byteBuf) skipN(n int64) error {
 	bb := *b
-	if len(bb) < n {
+	if n < 0 {
+		return fmt.Errorf("negative skip (%d) requested", n)
+	}
+	if int64(len(bb)) < n {
 		return io.ErrUnexpectedEOF
 	}
 	*b = bb[n:]
@@ -120,9 +123,9 @@ func (r *readerWrapper) readByte() (byte, error) {
 	return r.tmp[0], nil
 }
 
-func (r *readerWrapper) skipN(n int) error {
-	n2, err := io.CopyN(ioutil.Discard, r.r, int64(n))
-	if n2 != int64(n) {
+func (r *readerWrapper) skipN(n int64) error {
+	n2, err := io.CopyN(ioutil.Discard, r.r, n)
+	if n2 != n {
 		err = io.ErrUnexpectedEOF
 	}
 	return err
diff --git a/vendor/github.com/klauspost/compress/zstd/decoder.go b/vendor/github.com/klauspost/compress/zstd/decoder.go
index 286c8f9d7..d212f4737 100644
--- a/vendor/github.com/klauspost/compress/zstd/decoder.go
+++ b/vendor/github.com/klauspost/compress/zstd/decoder.go
@@ -348,6 +348,9 @@ func (d *Decoder) DecodeAll(input, dst []byte) ([]byte, error) {
 			frame.history.setDict(&dict)
 		}
 		if frame.WindowSize > d.o.maxWindowSize {
+			if debugDecoder {
+				println("window size exceeded:", frame.WindowSize, ">", d.o.maxWindowSize)
+			}
 			return dst, ErrWindowSizeExceeded
 		}
 		if frame.FrameContentSize != fcsUnknown {
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go
index e6b1d01cf..7aaaedb23 100644
--- a/vendor/github.com/klauspost/compress/zstd/encoder.go
+++ b/vendor/github.com/klauspost/compress/zstd/encoder.go
@@ -528,8 +528,8 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
 		// If a non-single block is needed the encoder will reset again.
 		e.encoders <- enc
 	}()
-	// Use single segments when above minimum window and below 1MB.
-	single := len(src) < 1<<20 && len(src) > MinWindowSize
+	// Use single segments when above minimum window and below window size.
+	single := len(src) <= e.o.windowSize && len(src) > MinWindowSize
 	if e.o.single != nil {
 		single = *e.o.single
 	}
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go
index 44d8dbd19..a7c5e1aac 100644
--- a/vendor/github.com/klauspost/compress/zstd/encoder_options.go
+++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go
@@ -283,7 +283,7 @@ func WithNoEntropyCompression(b bool) EOption {
 // a decoder is allowed to reject a compressed frame which requests a memory size beyond decoder's authorized range.
 // For broader compatibility, decoders are recommended to support memory sizes of at least 8 MB.
 // This is only a recommendation, each decoder is free to support higher or lower limits, depending on local limitations.
-// If this is not specified, block encodes will automatically choose this based on the input size.
+// If this is not specified, block encodes will automatically choose this based on the input size and the window size.
 // This setting has no effect on streamed encodes.
 func WithSingleSegment(b bool) EOption {
 	return func(o *encoderOptions) error {
diff --git a/vendor/github.com/klauspost/compress/zstd/framedec.go b/vendor/github.com/klauspost/compress/zstd/framedec.go
index fa0a633f3..9568a4ba3 100644
--- a/vendor/github.com/klauspost/compress/zstd/framedec.go
+++ b/vendor/github.com/klauspost/compress/zstd/framedec.go
@@ -106,7 +106,7 @@ func (d *frameDec) reset(br byteBuffer) error {
 		}
 		n := uint32(b[0]) | (uint32(b[1]) << 8) | (uint32(b[2]) << 16) | (uint32(b[3]) << 24)
 		println("Skipping frame with", n, "bytes.")
-		err = br.skipN(int(n))
+		err = br.skipN(int64(n))
 		if err != nil {
 			if debugDecoder {
 				println("Reading discarded frame", err)
@@ -231,20 +231,27 @@ func (d *frameDec) reset(br byteBuffer) error {
 		d.crc.Reset()
 	}
 
+	if d.WindowSize > d.o.maxWindowSize {
+		if debugDecoder {
+			printf("window size %d > max %d\n", d.WindowSize, d.o.maxWindowSize)
+		}
+		return ErrWindowSizeExceeded
+	}
+
 	if d.WindowSize == 0 && d.SingleSegment {
 		// We may not need window in this case.
 		d.WindowSize = d.FrameContentSize
 		if d.WindowSize < MinWindowSize {
 			d.WindowSize = MinWindowSize
 		}
-	}
-
-	if d.WindowSize > uint64(d.o.maxWindowSize) {
-		if debugDecoder {
-			printf("window size %d > max %d\n", d.WindowSize, d.o.maxWindowSize)
+		if d.WindowSize > d.o.maxDecodedSize {
+			if debugDecoder {
+				printf("window size %d > max %d\n", d.WindowSize, d.o.maxWindowSize)
+			}
+			return ErrDecoderSizeExceeded
 		}
-		return ErrWindowSizeExceeded
 	}
+
 	// The minimum Window_Size is 1 KB.
 	if d.WindowSize < MinWindowSize {
 		if debugDecoder {
diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go
index e74df436c..c881d28d8 100644
--- a/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go
+++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go
@@ -34,8 +34,8 @@ const (
 // buildDtable will build the decoding table.
 func (s *fseDecoder) buildDtable() error {
 	ctx := buildDtableAsmContext{
-		stateTable: (*uint16)(&s.stateTable[0]),
-		norm:       (*int16)(&s.norm[0]),
+		stateTable: &s.stateTable[0],
+		norm:       &s.norm[0],
 		dt:         (*uint64)(&s.dt[0]),
 	}
 	code := buildDtable_asm(s, &ctx)
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go
index 847b322ae..7598c1018 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go
@@ -55,16 +55,22 @@ func (s *sequenceDecs) decodeSyncSimple(hist []byte) (bool, error) {
 	if s.maxSyncLen == 0 && cap(s.out)-len(s.out) < maxCompressedBlockSize {
 		return false, nil
 	}
-	useSafe := false
-	if s.maxSyncLen == 0 && cap(s.out)-len(s.out) < maxCompressedBlockSizeAlloc {
-		useSafe = true
-	}
-	if s.maxSyncLen > 0 && cap(s.out)-len(s.out)-compressedBlockOverAlloc < int(s.maxSyncLen) {
-		useSafe = true
-	}
-	if cap(s.literals) < len(s.literals)+compressedBlockOverAlloc {
-		useSafe = true
-	}
+
+	// FIXME: Using unsafe memory copies leads to rare, random crashes
+	// with fuzz testing. It is therefore disabled for now.
+	const useSafe = true
+	/*
+		useSafe := false
+		if s.maxSyncLen == 0 && cap(s.out)-len(s.out) < maxCompressedBlockSizeAlloc {
+			useSafe = true
+		}
+		if s.maxSyncLen > 0 && cap(s.out)-len(s.out)-compressedBlockOverAlloc < int(s.maxSyncLen) {
+			useSafe = true
+		}
+		if cap(s.literals) < len(s.literals)+compressedBlockOverAlloc {
+			useSafe = true
+		}
+	*/
 
 	br := s.br
 
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
index 71e64e061..27e76774c 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
@@ -52,34 +52,46 @@ sequenceDecs_decode_amd64_fill_byte_by_byte:
 
 sequenceDecs_decode_amd64_fill_end:
 	// Update offset
-	MOVQ    R9, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R15
-	SHLQ    CL, R15
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R15
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R15
-	ADDQ    R15, AX
-	MOVQ    AX, 16(R10)
+	MOVQ  R9, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R15
+	SHLQ  CL, R15
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decode_amd64_of_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decode_amd64_of_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decode_amd64_of_update_zero
+	NEGQ  CX
+	SHRQ  CL, R15
+	ADDQ  R15, AX
+
+sequenceDecs_decode_amd64_of_update_zero:
+	MOVQ AX, 16(R10)
 
 	// Update match length
-	MOVQ    R8, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R15
-	SHLQ    CL, R15
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R15
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R15
-	ADDQ    R15, AX
-	MOVQ    AX, 8(R10)
+	MOVQ  R8, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R15
+	SHLQ  CL, R15
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decode_amd64_ml_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decode_amd64_ml_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decode_amd64_ml_update_zero
+	NEGQ  CX
+	SHRQ  CL, R15
+	ADDQ  R15, AX
+
+sequenceDecs_decode_amd64_ml_update_zero:
+	MOVQ AX, 8(R10)
 
 	// Fill bitreader to have enough for the remaining
 	CMPQ SI, $0x08
@@ -107,19 +119,25 @@ sequenceDecs_decode_amd64_fill_2_byte_by_byte:
 
 sequenceDecs_decode_amd64_fill_2_end:
 	// Update literal length
-	MOVQ    DI, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R15
-	SHLQ    CL, R15
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R15
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R15
-	ADDQ    R15, AX
-	MOVQ    AX, (R10)
+	MOVQ  DI, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R15
+	SHLQ  CL, R15
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decode_amd64_ll_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decode_amd64_ll_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decode_amd64_ll_update_zero
+	NEGQ  CX
+	SHRQ  CL, R15
+	ADDQ  R15, AX
+
+sequenceDecs_decode_amd64_ll_update_zero:
+	MOVQ AX, (R10)
 
 	// Fill bitreader for state updates
 	MOVQ    R14, (SP)
@@ -198,7 +216,7 @@ sequenceDecs_decode_amd64_skip_update:
 	MOVQ R12, R13
 	MOVQ R11, R12
 	MOVQ CX, R11
-	JMP  sequenceDecs_decode_amd64_adjust_end
+	JMP  sequenceDecs_decode_amd64_after_adjust
 
 sequenceDecs_decode_amd64_adjust_offsetB_1_or_0:
 	CMPQ (R10), $0x00000000
@@ -210,7 +228,7 @@ sequenceDecs_decode_amd64_adjust_offset_maybezero:
 	TESTQ CX, CX
 	JNZ   sequenceDecs_decode_amd64_adjust_offset_nonzero
 	MOVQ  R11, CX
-	JMP   sequenceDecs_decode_amd64_adjust_end
+	JMP   sequenceDecs_decode_amd64_after_adjust
 
 sequenceDecs_decode_amd64_adjust_offset_nonzero:
 	CMPQ CX, $0x01
@@ -247,7 +265,7 @@ sequenceDecs_decode_amd64_adjust_temp_valid:
 	MOVQ    AX, R11
 	MOVQ    AX, CX
 
-sequenceDecs_decode_amd64_adjust_end:
+sequenceDecs_decode_amd64_after_adjust:
 	MOVQ CX, 16(R10)
 
 	// Check values
@@ -356,49 +374,67 @@ sequenceDecs_decode_56_amd64_fill_byte_by_byte:
 
 sequenceDecs_decode_56_amd64_fill_end:
 	// Update offset
-	MOVQ    R9, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R15
-	SHLQ    CL, R15
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R15
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R15
-	ADDQ    R15, AX
-	MOVQ    AX, 16(R10)
+	MOVQ  R9, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R15
+	SHLQ  CL, R15
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decode_56_amd64_of_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decode_56_amd64_of_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decode_56_amd64_of_update_zero
+	NEGQ  CX
+	SHRQ  CL, R15
+	ADDQ  R15, AX
+
+sequenceDecs_decode_56_amd64_of_update_zero:
+	MOVQ AX, 16(R10)
 
 	// Update match length
-	MOVQ    R8, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R15
-	SHLQ    CL, R15
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R15
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R15
-	ADDQ    R15, AX
-	MOVQ    AX, 8(R10)
+	MOVQ  R8, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R15
+	SHLQ  CL, R15
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decode_56_amd64_ml_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decode_56_amd64_ml_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decode_56_amd64_ml_update_zero
+	NEGQ  CX
+	SHRQ  CL, R15
+	ADDQ  R15, AX
+
+sequenceDecs_decode_56_amd64_ml_update_zero:
+	MOVQ AX, 8(R10)
 
 	// Update literal length
-	MOVQ    DI, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R15
-	SHLQ    CL, R15
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R15
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R15
-	ADDQ    R15, AX
-	MOVQ    AX, (R10)
+	MOVQ  DI, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R15
+	SHLQ  CL, R15
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decode_56_amd64_ll_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decode_56_amd64_ll_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decode_56_amd64_ll_update_zero
+	NEGQ  CX
+	SHRQ  CL, R15
+	ADDQ  R15, AX
+
+sequenceDecs_decode_56_amd64_ll_update_zero:
+	MOVQ AX, (R10)
 
 	// Fill bitreader for state updates
 	MOVQ    R14, (SP)
@@ -477,7 +513,7 @@ sequenceDecs_decode_56_amd64_skip_update:
 	MOVQ R12, R13
 	MOVQ R11, R12
 	MOVQ CX, R11
-	JMP  sequenceDecs_decode_56_amd64_adjust_end
+	JMP  sequenceDecs_decode_56_amd64_after_adjust
 
 sequenceDecs_decode_56_amd64_adjust_offsetB_1_or_0:
 	CMPQ (R10), $0x00000000
@@ -489,7 +525,7 @@ sequenceDecs_decode_56_amd64_adjust_offset_maybezero:
 	TESTQ CX, CX
 	JNZ   sequenceDecs_decode_56_amd64_adjust_offset_nonzero
 	MOVQ  R11, CX
-	JMP   sequenceDecs_decode_56_amd64_adjust_end
+	JMP   sequenceDecs_decode_56_amd64_after_adjust
 
 sequenceDecs_decode_56_amd64_adjust_offset_nonzero:
 	CMPQ CX, $0x01
@@ -526,7 +562,7 @@ sequenceDecs_decode_56_amd64_adjust_temp_valid:
 	MOVQ    AX, R11
 	MOVQ    AX, CX
 
-sequenceDecs_decode_56_amd64_adjust_end:
+sequenceDecs_decode_56_amd64_after_adjust:
 	MOVQ CX, 16(R10)
 
 	// Check values
@@ -757,7 +793,7 @@ sequenceDecs_decode_bmi2_skip_update:
 	MOVQ R11, R12
 	MOVQ R10, R11
 	MOVQ CX, R10
-	JMP  sequenceDecs_decode_bmi2_adjust_end
+	JMP  sequenceDecs_decode_bmi2_after_adjust
 
 sequenceDecs_decode_bmi2_adjust_offsetB_1_or_0:
 	CMPQ (R9), $0x00000000
@@ -769,7 +805,7 @@ sequenceDecs_decode_bmi2_adjust_offset_maybezero:
 	TESTQ CX, CX
 	JNZ   sequenceDecs_decode_bmi2_adjust_offset_nonzero
 	MOVQ  R10, CX
-	JMP   sequenceDecs_decode_bmi2_adjust_end
+	JMP   sequenceDecs_decode_bmi2_after_adjust
 
 sequenceDecs_decode_bmi2_adjust_offset_nonzero:
 	CMPQ CX, $0x01
@@ -806,7 +842,7 @@ sequenceDecs_decode_bmi2_adjust_temp_valid:
 	MOVQ    R13, R10
 	MOVQ    R13, CX
 
-sequenceDecs_decode_bmi2_adjust_end:
+sequenceDecs_decode_bmi2_after_adjust:
 	MOVQ CX, 16(R9)
 
 	// Check values
@@ -1012,7 +1048,7 @@ sequenceDecs_decode_56_bmi2_skip_update:
 	MOVQ R11, R12
 	MOVQ R10, R11
 	MOVQ CX, R10
-	JMP  sequenceDecs_decode_56_bmi2_adjust_end
+	JMP  sequenceDecs_decode_56_bmi2_after_adjust
 
 sequenceDecs_decode_56_bmi2_adjust_offsetB_1_or_0:
 	CMPQ (R9), $0x00000000
@@ -1024,7 +1060,7 @@ sequenceDecs_decode_56_bmi2_adjust_offset_maybezero:
 	TESTQ CX, CX
 	JNZ   sequenceDecs_decode_56_bmi2_adjust_offset_nonzero
 	MOVQ  R10, CX
-	JMP   sequenceDecs_decode_56_bmi2_adjust_end
+	JMP   sequenceDecs_decode_56_bmi2_after_adjust
 
 sequenceDecs_decode_56_bmi2_adjust_offset_nonzero:
 	CMPQ CX, $0x01
@@ -1061,7 +1097,7 @@ sequenceDecs_decode_56_bmi2_adjust_temp_valid:
 	MOVQ    R13, R10
 	MOVQ    R13, CX
 
-sequenceDecs_decode_56_bmi2_adjust_end:
+sequenceDecs_decode_56_bmi2_after_adjust:
 	MOVQ CX, 16(R9)
 
 	// Check values
@@ -1749,6 +1785,10 @@ TEXT ·sequenceDecs_decodeSync_amd64(SB), $64-32
 	MOVQ    72(AX), DI
 	MOVQ    80(AX), R8
 	MOVQ    88(AX), R9
+	XORQ    CX, CX
+	MOVQ    CX, 8(SP)
+	MOVQ    CX, 16(SP)
+	MOVQ    CX, 24(SP)
 	MOVQ    112(AX), R10
 	MOVQ    128(AX), CX
 	MOVQ    CX, 32(SP)
@@ -1798,34 +1838,46 @@ sequenceDecs_decodeSync_amd64_fill_byte_by_byte:
 
 sequenceDecs_decodeSync_amd64_fill_end:
 	// Update offset
-	MOVQ    R9, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R14
-	SHLQ    CL, R14
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R14
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R14
-	ADDQ    R14, AX
-	MOVQ    AX, 8(SP)
+	MOVQ  R9, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R14
+	SHLQ  CL, R14
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decodeSync_amd64_of_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decodeSync_amd64_of_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decodeSync_amd64_of_update_zero
+	NEGQ  CX
+	SHRQ  CL, R14
+	ADDQ  R14, AX
+
+sequenceDecs_decodeSync_amd64_of_update_zero:
+	MOVQ AX, 8(SP)
 
 	// Update match length
-	MOVQ    R8, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R14
-	SHLQ    CL, R14
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R14
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R14
-	ADDQ    R14, AX
-	MOVQ    AX, 16(SP)
+	MOVQ  R8, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R14
+	SHLQ  CL, R14
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decodeSync_amd64_ml_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decodeSync_amd64_ml_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decodeSync_amd64_ml_update_zero
+	NEGQ  CX
+	SHRQ  CL, R14
+	ADDQ  R14, AX
+
+sequenceDecs_decodeSync_amd64_ml_update_zero:
+	MOVQ AX, 16(SP)
 
 	// Fill bitreader to have enough for the remaining
 	CMPQ SI, $0x08
@@ -1853,19 +1905,25 @@ sequenceDecs_decodeSync_amd64_fill_2_byte_by_byte:
 
 sequenceDecs_decodeSync_amd64_fill_2_end:
 	// Update literal length
-	MOVQ    DI, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R14
-	SHLQ    CL, R14
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R14
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R14
-	ADDQ    R14, AX
-	MOVQ    AX, 24(SP)
+	MOVQ  DI, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R14
+	SHLQ  CL, R14
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decodeSync_amd64_ll_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decodeSync_amd64_ll_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decodeSync_amd64_ll_update_zero
+	NEGQ  CX
+	SHRQ  CL, R14
+	ADDQ  R14, AX
+
+sequenceDecs_decodeSync_amd64_ll_update_zero:
+	MOVQ AX, 24(SP)
 
 	// Fill bitreader for state updates
 	MOVQ    R13, (SP)
@@ -1945,7 +2003,7 @@ sequenceDecs_decodeSync_amd64_skip_update:
 	MOVUPS 144(CX), X0
 	MOVQ   R13, 144(CX)
 	MOVUPS X0, 152(CX)
-	JMP    sequenceDecs_decodeSync_amd64_adjust_end
+	JMP    sequenceDecs_decodeSync_amd64_after_adjust
 
 sequenceDecs_decodeSync_amd64_adjust_offsetB_1_or_0:
 	CMPQ 24(SP), $0x00000000
@@ -1957,7 +2015,7 @@ sequenceDecs_decodeSync_amd64_adjust_offset_maybezero:
 	TESTQ R13, R13
 	JNZ   sequenceDecs_decodeSync_amd64_adjust_offset_nonzero
 	MOVQ  144(CX), R13
-	JMP   sequenceDecs_decodeSync_amd64_adjust_end
+	JMP   sequenceDecs_decodeSync_amd64_after_adjust
 
 sequenceDecs_decodeSync_amd64_adjust_offset_nonzero:
 	MOVQ    R13, AX
@@ -1966,8 +2024,7 @@ sequenceDecs_decodeSync_amd64_adjust_offset_nonzero:
 	CMPQ    R13, $0x03
 	CMOVQEQ R14, AX
 	CMOVQEQ R15, R14
-	LEAQ    144(CX), R15
-	ADDQ    (R15)(AX*8), R14
+	ADDQ    144(CX)(AX*8), R14
 	JNZ     sequenceDecs_decodeSync_amd64_adjust_temp_valid
 	MOVQ    $0x00000001, R14
 
@@ -1983,7 +2040,7 @@ sequenceDecs_decodeSync_amd64_adjust_skip:
 	MOVQ R14, 144(CX)
 	MOVQ R14, R13
 
-sequenceDecs_decodeSync_amd64_adjust_end:
+sequenceDecs_decodeSync_amd64_after_adjust:
 	MOVQ R13, 8(SP)
 
 	// Check values
@@ -2280,6 +2337,10 @@ TEXT ·sequenceDecs_decodeSync_bmi2(SB), $64-32
 	MOVQ    72(CX), SI
 	MOVQ    80(CX), DI
 	MOVQ    88(CX), R8
+	XORQ    R9, R9
+	MOVQ    R9, 8(SP)
+	MOVQ    R9, 16(SP)
+	MOVQ    R9, 24(SP)
 	MOVQ    112(CX), R9
 	MOVQ    128(CX), R10
 	MOVQ    R10, 32(SP)
@@ -2452,7 +2513,7 @@ sequenceDecs_decodeSync_bmi2_skip_update:
 	MOVUPS 144(CX), X0
 	MOVQ   R13, 144(CX)
 	MOVUPS X0, 152(CX)
-	JMP    sequenceDecs_decodeSync_bmi2_adjust_end
+	JMP    sequenceDecs_decodeSync_bmi2_after_adjust
 
 sequenceDecs_decodeSync_bmi2_adjust_offsetB_1_or_0:
 	CMPQ 24(SP), $0x00000000
@@ -2464,7 +2525,7 @@ sequenceDecs_decodeSync_bmi2_adjust_offset_maybezero:
 	TESTQ R13, R13
 	JNZ   sequenceDecs_decodeSync_bmi2_adjust_offset_nonzero
 	MOVQ  144(CX), R13
-	JMP   sequenceDecs_decodeSync_bmi2_adjust_end
+	JMP   sequenceDecs_decodeSync_bmi2_after_adjust
 
 sequenceDecs_decodeSync_bmi2_adjust_offset_nonzero:
 	MOVQ    R13, R12
@@ -2473,8 +2534,7 @@ sequenceDecs_decodeSync_bmi2_adjust_offset_nonzero:
 	CMPQ    R13, $0x03
 	CMOVQEQ R14, R12
 	CMOVQEQ R15, R14
-	LEAQ    144(CX), R15
-	ADDQ    (R15)(R12*8), R14
+	ADDQ    144(CX)(R12*8), R14
 	JNZ     sequenceDecs_decodeSync_bmi2_adjust_temp_valid
 	MOVQ    $0x00000001, R14
 
@@ -2490,7 +2550,7 @@ sequenceDecs_decodeSync_bmi2_adjust_skip:
 	MOVQ R14, 144(CX)
 	MOVQ R14, R13
 
-sequenceDecs_decodeSync_bmi2_adjust_end:
+sequenceDecs_decodeSync_bmi2_after_adjust:
 	MOVQ R13, 8(SP)
 
 	// Check values
@@ -2787,6 +2847,10 @@ TEXT ·sequenceDecs_decodeSync_safe_amd64(SB), $64-32
 	MOVQ    72(AX), DI
 	MOVQ    80(AX), R8
 	MOVQ    88(AX), R9
+	XORQ    CX, CX
+	MOVQ    CX, 8(SP)
+	MOVQ    CX, 16(SP)
+	MOVQ    CX, 24(SP)
 	MOVQ    112(AX), R10
 	MOVQ    128(AX), CX
 	MOVQ    CX, 32(SP)
@@ -2836,34 +2900,46 @@ sequenceDecs_decodeSync_safe_amd64_fill_byte_by_byte:
 
 sequenceDecs_decodeSync_safe_amd64_fill_end:
 	// Update offset
-	MOVQ    R9, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R14
-	SHLQ    CL, R14
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R14
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R14
-	ADDQ    R14, AX
-	MOVQ    AX, 8(SP)
+	MOVQ  R9, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R14
+	SHLQ  CL, R14
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decodeSync_safe_amd64_of_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decodeSync_safe_amd64_of_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decodeSync_safe_amd64_of_update_zero
+	NEGQ  CX
+	SHRQ  CL, R14
+	ADDQ  R14, AX
+
+sequenceDecs_decodeSync_safe_amd64_of_update_zero:
+	MOVQ AX, 8(SP)
 
 	// Update match length
-	MOVQ    R8, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R14
-	SHLQ    CL, R14
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R14
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R14
-	ADDQ    R14, AX
-	MOVQ    AX, 16(SP)
+	MOVQ  R8, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R14
+	SHLQ  CL, R14
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decodeSync_safe_amd64_ml_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decodeSync_safe_amd64_ml_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decodeSync_safe_amd64_ml_update_zero
+	NEGQ  CX
+	SHRQ  CL, R14
+	ADDQ  R14, AX
+
+sequenceDecs_decodeSync_safe_amd64_ml_update_zero:
+	MOVQ AX, 16(SP)
 
 	// Fill bitreader to have enough for the remaining
 	CMPQ SI, $0x08
@@ -2891,19 +2967,25 @@ sequenceDecs_decodeSync_safe_amd64_fill_2_byte_by_byte:
 
 sequenceDecs_decodeSync_safe_amd64_fill_2_end:
 	// Update literal length
-	MOVQ    DI, AX
-	MOVQ    BX, CX
-	MOVQ    DX, R14
-	SHLQ    CL, R14
-	MOVB    AH, CL
-	ADDQ    CX, BX
-	NEGL    CX
-	SHRQ    CL, R14
-	SHRQ    $0x20, AX
-	TESTQ   CX, CX
-	CMOVQEQ CX, R14
-	ADDQ    R14, AX
-	MOVQ    AX, 24(SP)
+	MOVQ  DI, AX
+	MOVQ  BX, CX
+	MOVQ  DX, R14
+	SHLQ  CL, R14
+	MOVB  AH, CL
+	SHRQ  $0x20, AX
+	TESTQ CX, CX
+	JZ    sequenceDecs_decodeSync_safe_amd64_ll_update_zero
+	ADDQ  CX, BX
+	CMPQ  BX, $0x40
+	JA    sequenceDecs_decodeSync_safe_amd64_ll_update_zero
+	CMPQ  CX, $0x40
+	JAE   sequenceDecs_decodeSync_safe_amd64_ll_update_zero
+	NEGQ  CX
+	SHRQ  CL, R14
+	ADDQ  R14, AX
+
+sequenceDecs_decodeSync_safe_amd64_ll_update_zero:
+	MOVQ AX, 24(SP)
 
 	// Fill bitreader for state updates
 	MOVQ    R13, (SP)
@@ -2983,7 +3065,7 @@ sequenceDecs_decodeSync_safe_amd64_skip_update:
 	MOVUPS 144(CX), X0
 	MOVQ   R13, 144(CX)
 	MOVUPS X0, 152(CX)
-	JMP    sequenceDecs_decodeSync_safe_amd64_adjust_end
+	JMP    sequenceDecs_decodeSync_safe_amd64_after_adjust
 
 sequenceDecs_decodeSync_safe_amd64_adjust_offsetB_1_or_0:
 	CMPQ 24(SP), $0x00000000
@@ -2995,7 +3077,7 @@ sequenceDecs_decodeSync_safe_amd64_adjust_offset_maybezero:
 	TESTQ R13, R13
 	JNZ   sequenceDecs_decodeSync_safe_amd64_adjust_offset_nonzero
 	MOVQ  144(CX), R13
-	JMP   sequenceDecs_decodeSync_safe_amd64_adjust_end
+	JMP   sequenceDecs_decodeSync_safe_amd64_after_adjust
 
 sequenceDecs_decodeSync_safe_amd64_adjust_offset_nonzero:
 	MOVQ    R13, AX
@@ -3004,8 +3086,7 @@ sequenceDecs_decodeSync_safe_amd64_adjust_offset_nonzero:
 	CMPQ    R13, $0x03
 	CMOVQEQ R14, AX
 	CMOVQEQ R15, R14
-	LEAQ    144(CX), R15
-	ADDQ    (R15)(AX*8), R14
+	ADDQ    144(CX)(AX*8), R14
 	JNZ     sequenceDecs_decodeSync_safe_amd64_adjust_temp_valid
 	MOVQ    $0x00000001, R14
 
@@ -3021,7 +3102,7 @@ sequenceDecs_decodeSync_safe_amd64_adjust_skip:
 	MOVQ R14, 144(CX)
 	MOVQ R14, R13
 
-sequenceDecs_decodeSync_safe_amd64_adjust_end:
+sequenceDecs_decodeSync_safe_amd64_after_adjust:
 	MOVQ R13, 8(SP)
 
 	// Check values
@@ -3420,6 +3501,10 @@ TEXT ·sequenceDecs_decodeSync_safe_bmi2(SB), $64-32
 	MOVQ    72(CX), SI
 	MOVQ    80(CX), DI
 	MOVQ    88(CX), R8
+	XORQ    R9, R9
+	MOVQ    R9, 8(SP)
+	MOVQ    R9, 16(SP)
+	MOVQ    R9, 24(SP)
 	MOVQ    112(CX), R9
 	MOVQ    128(CX), R10
 	MOVQ    R10, 32(SP)
@@ -3592,7 +3677,7 @@ sequenceDecs_decodeSync_safe_bmi2_skip_update:
 	MOVUPS 144(CX), X0
 	MOVQ   R13, 144(CX)
 	MOVUPS X0, 152(CX)
-	JMP    sequenceDecs_decodeSync_safe_bmi2_adjust_end
+	JMP    sequenceDecs_decodeSync_safe_bmi2_after_adjust
 
 sequenceDecs_decodeSync_safe_bmi2_adjust_offsetB_1_or_0:
 	CMPQ 24(SP), $0x00000000
@@ -3604,7 +3689,7 @@ sequenceDecs_decodeSync_safe_bmi2_adjust_offset_maybezero:
 	TESTQ R13, R13
 	JNZ   sequenceDecs_decodeSync_safe_bmi2_adjust_offset_nonzero
 	MOVQ  144(CX), R13
-	JMP   sequenceDecs_decodeSync_safe_bmi2_adjust_end
+	JMP   sequenceDecs_decodeSync_safe_bmi2_after_adjust
 
 sequenceDecs_decodeSync_safe_bmi2_adjust_offset_nonzero:
 	MOVQ    R13, R12
@@ -3613,8 +3698,7 @@ sequenceDecs_decodeSync_safe_bmi2_adjust_offset_nonzero:
 	CMPQ    R13, $0x03
 	CMOVQEQ R14, R12
 	CMOVQEQ R15, R14
-	LEAQ    144(CX), R15
-	ADDQ    (R15)(R12*8), R14
+	ADDQ    144(CX)(R12*8), R14
 	JNZ     sequenceDecs_decodeSync_safe_bmi2_adjust_temp_valid
 	MOVQ    $0x00000001, R14
 
@@ -3630,7 +3714,7 @@ sequenceDecs_decodeSync_safe_bmi2_adjust_skip:
 	MOVQ R14, 144(CX)
 	MOVQ R14, R13
 
-sequenceDecs_decodeSync_safe_bmi2_adjust_end:
+sequenceDecs_decodeSync_safe_bmi2_after_adjust:
 	MOVQ R13, 8(SP)
 
 	// Check values
diff --git a/vendor/github.com/kr/fs/LICENSE b/vendor/github.com/kr/fs/LICENSE
new file mode 100644
index 000000000..744875676
--- /dev/null
+++ b/vendor/github.com/kr/fs/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/kr/fs/Readme b/vendor/github.com/kr/fs/Readme
new file mode 100644
index 000000000..c95e13fc8
--- /dev/null
+++ b/vendor/github.com/kr/fs/Readme
@@ -0,0 +1,3 @@
+Filesystem Package
+
+http://godoc.org/github.com/kr/fs
diff --git a/vendor/github.com/kr/fs/filesystem.go b/vendor/github.com/kr/fs/filesystem.go
new file mode 100644
index 000000000..f1c4805fb
--- /dev/null
+++ b/vendor/github.com/kr/fs/filesystem.go
@@ -0,0 +1,36 @@
+package fs
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+)
+
+// FileSystem defines the methods of an abstract filesystem.
+type FileSystem interface {
+
+	// ReadDir reads the directory named by dirname and returns a
+	// list of directory entries.
+	ReadDir(dirname string) ([]os.FileInfo, error)
+
+	// Lstat returns a FileInfo describing the named file. If the file is a
+	// symbolic link, the returned FileInfo describes the symbolic link. Lstat
+	// makes no attempt to follow the link.
+	Lstat(name string) (os.FileInfo, error)
+
+	// Join joins any number of path elements into a single path, adding a
+	// separator if necessary. The result is Cleaned; in particular, all
+	// empty strings are ignored.
+	//
+	// The separator is FileSystem specific.
+	Join(elem ...string) string
+}
+
+// fs represents a FileSystem provided by the os package.
+type fs struct{}
+
+func (f *fs) ReadDir(dirname string) ([]os.FileInfo, error) { return ioutil.ReadDir(dirname) }
+
+func (f *fs) Lstat(name string) (os.FileInfo, error) { return os.Lstat(name) }
+
+func (f *fs) Join(elem ...string) string { return filepath.Join(elem...) }
diff --git a/vendor/github.com/kr/fs/walk.go b/vendor/github.com/kr/fs/walk.go
new file mode 100644
index 000000000..6ffa1e0b2
--- /dev/null
+++ b/vendor/github.com/kr/fs/walk.go
@@ -0,0 +1,95 @@
+// Package fs provides filesystem-related functions.
+package fs
+
+import (
+	"os"
+)
+
+// Walker provides a convenient interface for iterating over the
+// descendants of a filesystem path.
+// Successive calls to the Step method will step through each
+// file or directory in the tree, including the root. The files
+// are walked in lexical order, which makes the output deterministic
+// but means that for very large directories Walker can be inefficient.
+// Walker does not follow symbolic links.
+type Walker struct {
+	fs      FileSystem
+	cur     item
+	stack   []item
+	descend bool
+}
+
+type item struct {
+	path string
+	info os.FileInfo
+	err  error
+}
+
+// Walk returns a new Walker rooted at root.
+func Walk(root string) *Walker {
+	return WalkFS(root, new(fs))
+}
+
+// WalkFS returns a new Walker rooted at root on the FileSystem fs.
+func WalkFS(root string, fs FileSystem) *Walker {
+	info, err := fs.Lstat(root)
+	return &Walker{
+		fs:    fs,
+		stack: []item{{root, info, err}},
+	}
+}
+
+// Step advances the Walker to the next file or directory,
+// which will then be available through the Path, Stat,
+// and Err methods.
+// It returns false when the walk stops at the end of the tree.
+func (w *Walker) Step() bool {
+	if w.descend && w.cur.err == nil && w.cur.info.IsDir() {
+		list, err := w.fs.ReadDir(w.cur.path)
+		if err != nil {
+			w.cur.err = err
+			w.stack = append(w.stack, w.cur)
+		} else {
+			for i := len(list) - 1; i >= 0; i-- {
+				path := w.fs.Join(w.cur.path, list[i].Name())
+				w.stack = append(w.stack, item{path, list[i], nil})
+			}
+		}
+	}
+
+	if len(w.stack) == 0 {
+		return false
+	}
+	i := len(w.stack) - 1
+	w.cur = w.stack[i]
+	w.stack = w.stack[:i]
+	w.descend = true
+	return true
+}
+
+// Path returns the path to the most recent file or directory
+// visited by a call to Step. It contains the argument to Walk
+// as a prefix; that is, if Walk is called with "dir", which is
+// a directory containing the file "a", Path will return "dir/a".
+func (w *Walker) Path() string {
+	return w.cur.path
+}
+
+// Stat returns info for the most recent file or directory
+// visited by a call to Step.
+func (w *Walker) Stat() os.FileInfo {
+	return w.cur.info
+}
+
+// Err returns the error, if any, for the most recent attempt
+// by Step to visit a file or directory. If a directory has
+// an error, w will not descend into that directory.
+func (w *Walker) Err() error {
+	return w.cur.err
+}
+
+// SkipDir causes the currently visited directory to be skipped.
+// If w is not on a directory, SkipDir has no effect.
+func (w *Walker) SkipDir() {
+	w.descend = false
+}
diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go b/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
index 3a9cc1036..02b3515bd 100644
--- a/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
+++ b/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.15.6
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.20.1
 // source: core.proto
 
 package proto
@@ -807,6 +807,69 @@ func (x *Order) GetV2Authorizations() []int64 {
 	return nil
 }
 
+type CRLEntry struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Serial    string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
+	Reason    int32  `protobuf:"varint,2,opt,name=reason,proto3" json:"reason,omitempty"`
+	RevokedAt int64  `protobuf:"varint,3,opt,name=revokedAt,proto3" json:"revokedAt,omitempty"` // Unix timestamp (nanoseconds)
+}
+
+func (x *CRLEntry) Reset() {
+	*x = CRLEntry{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_core_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CRLEntry) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CRLEntry) ProtoMessage() {}
+
+func (x *CRLEntry) ProtoReflect() protoreflect.Message {
+	mi := &file_core_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CRLEntry.ProtoReflect.Descriptor instead.
+func (*CRLEntry) Descriptor() ([]byte, []int) {
+	return file_core_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *CRLEntry) GetSerial() string {
+	if x != nil {
+		return x.Serial
+	}
+	return ""
+}
+
+func (x *CRLEntry) GetReason() int32 {
+	if x != nil {
+		return x.Reason
+	}
+	return 0
+}
+
+func (x *CRLEntry) GetRevokedAt() int64 {
+	if x != nil {
+		return x.RevokedAt
+	}
+	return 0
+}
+
 var File_core_proto protoreflect.FileDescriptor
 
 var file_core_proto_rawDesc = []byte{
@@ -935,10 +998,16 @@ var file_core_proto_rawDesc = []byte{
 	0x64, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, 0x32, 0x41,
 	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x04, 0x08,
-	0x06, 0x10, 0x07, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
-	0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f,
-	0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x06, 0x10, 0x07, 0x22, 0x58, 0x0a, 0x08, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f,
+	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12,
+	0x1c, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x03, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x42, 0x2b, 0x5a,
+	0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73,
+	0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f,
+	0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
 }
 
 var (
@@ -953,7 +1022,7 @@ func file_core_proto_rawDescGZIP() []byte {
 	return file_core_proto_rawDescData
 }
 
-var file_core_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
+var file_core_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
 var file_core_proto_goTypes = []interface{}{
 	(*Challenge)(nil),         // 0: core.Challenge
 	(*ValidationRecord)(nil),  // 1: core.ValidationRecord
@@ -963,6 +1032,7 @@ var file_core_proto_goTypes = []interface{}{
 	(*Registration)(nil),      // 5: core.Registration
 	(*Authorization)(nil),     // 6: core.Authorization
 	(*Order)(nil),             // 7: core.Order
+	(*CRLEntry)(nil),          // 8: core.CRLEntry
 }
 var file_core_proto_depIdxs = []int32{
 	1, // 0: core.Challenge.validationrecords:type_name -> core.ValidationRecord
@@ -1078,6 +1148,18 @@ func file_core_proto_init() {
 				return nil
 			}
 		}
+		file_core_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CRLEntry); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -1085,7 +1167,7 @@ func file_core_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_core_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   8,
+			NumMessages:   9,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.proto b/vendor/github.com/letsencrypt/boulder/core/proto/core.proto
index 06abe5e99..946bb16c8 100644
--- a/vendor/github.com/letsencrypt/boulder/core/proto/core.proto
+++ b/vendor/github.com/letsencrypt/boulder/core/proto/core.proto
@@ -93,3 +93,9 @@ message Order {
   int64 created = 10;
   repeated int64 v2Authorizations = 11;
 }
+
+message CRLEntry {
+  string serial = 1;
+  int32 reason = 2;
+  int64 revokedAt = 3; // Unix timestamp (nanoseconds)
+}
diff --git a/vendor/github.com/letsencrypt/boulder/errors/errors.go b/vendor/github.com/letsencrypt/boulder/errors/errors.go
index 3ca9988a6..861d54ad1 100644
--- a/vendor/github.com/letsencrypt/boulder/errors/errors.go
+++ b/vendor/github.com/letsencrypt/boulder/errors/errors.go
@@ -1,3 +1,13 @@
+// Package errors provides internal-facing error types for use in Boulder. Many
+// of these are transformed directly into Problem Details documents by the WFE.
+// Some, like NotFound, may be handled internally. We avoid using Problem
+// Details documents as part of our internal error system to avoid layering
+// confusions.
+//
+// These errors are specifically for use in errors that cross RPC boundaries.
+// An error type that does not need to be passed through an RPC can use a plain
+// Go type locally. Our gRPC code is aware of these error types and will
+// serialize and deserialize them automatically.
 package errors
 
 import (
@@ -12,7 +22,10 @@ import (
 // BoulderError wrapping one of these types.
 type ErrorType int
 
+// These numeric constants are used when sending berrors through gRPC.
 const (
+	// InternalServer is deprecated. Instead, pass a plain Go error. That will get
+	// turned into a probs.InternalServerError by the WFE.
 	InternalServer ErrorType = iota
 	_
 	Malformed
@@ -101,6 +114,20 @@ func RateLimitError(msg string, args ...interface{}) error {
 	}
 }
 
+func DuplicateCertificateError(msg string, args ...interface{}) error {
+	return &BoulderError{
+		Type:   RateLimit,
+		Detail: fmt.Sprintf(msg+": see https://letsencrypt.org/docs/duplicate-certificate-limit/", args...),
+	}
+}
+
+func FailedValidationError(msg string, args ...interface{}) error {
+	return &BoulderError{
+		Type:   RateLimit,
+		Detail: fmt.Sprintf(msg+": see https://letsencrypt.org/docs/failed-validation-limit/", args...),
+	}
+}
+
 func RejectedIdentifierError(msg string, args ...interface{}) error {
 	return New(RejectedIdentifier, msg, args...)
 }
diff --git a/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go b/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
index b3b68b705..b8f425090 100644
--- a/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
+++ b/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
@@ -15,27 +15,35 @@ func _() {
 	_ = x[StoreIssuerInfo-4]
 	_ = x[StreamlineOrderAndAuthzs-5]
 	_ = x[V1DisableNewValidations-6]
-	_ = x[CAAValidationMethods-7]
-	_ = x[CAAAccountURI-8]
-	_ = x[EnforceMultiVA-9]
-	_ = x[MultiVAFullResults-10]
-	_ = x[MandatoryPOSTAsGET-11]
-	_ = x[AllowV1Registration-12]
-	_ = x[StoreRevokerInfo-13]
-	_ = x[RestrictRSAKeySizes-14]
-	_ = x[FasterNewOrdersRateLimit-15]
-	_ = x[ECDSAForAll-16]
-	_ = x[ServeRenewalInfo-17]
-	_ = x[GetAuthzReadOnly-18]
-	_ = x[GetAuthzUseIndex-19]
-	_ = x[CheckFailedAuthorizationsFirst-20]
-	_ = x[AllowReRevocation-21]
-	_ = x[MozRevocationReasons-22]
+	_ = x[ExpirationMailerDontLookTwice-7]
+	_ = x[CAAValidationMethods-8]
+	_ = x[CAAAccountURI-9]
+	_ = x[EnforceMultiVA-10]
+	_ = x[MultiVAFullResults-11]
+	_ = x[MandatoryPOSTAsGET-12]
+	_ = x[AllowV1Registration-13]
+	_ = x[StoreRevokerInfo-14]
+	_ = x[RestrictRSAKeySizes-15]
+	_ = x[FasterNewOrdersRateLimit-16]
+	_ = x[ECDSAForAll-17]
+	_ = x[ServeRenewalInfo-18]
+	_ = x[GetAuthzReadOnly-19]
+	_ = x[GetAuthzUseIndex-20]
+	_ = x[CheckFailedAuthorizationsFirst-21]
+	_ = x[AllowReRevocation-22]
+	_ = x[MozRevocationReasons-23]
+	_ = x[OldTLSOutbound-24]
+	_ = x[OldTLSInbound-25]
+	_ = x[SHA1CSRs-26]
+	_ = x[AllowUnrecognizedFeatures-27]
+	_ = x[RejectDuplicateCSRExtensions-28]
+	_ = x[ROCSPStage1-29]
+	_ = x[ROCSPStage2-30]
 }
 
-const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoStreamlineOrderAndAuthzsV1DisableNewValidationsCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimitECDSAForAllServeRenewalInfoGetAuthzReadOnlyGetAuthzUseIndexCheckFailedAuthorizationsFirstAllowReRevocationMozRevocationReasons"
+const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoStreamlineOrderAndAuthzsV1DisableNewValidationsExpirationMailerDontLookTwiceCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimitECDSAForAllServeRenewalInfoGetAuthzReadOnlyGetAuthzUseIndexCheckFailedAuthorizationsFirstAllowReRevocationMozRevocationReasonsOldTLSOutboundOldTLSInboundSHA1CSRsAllowUnrecognizedFeaturesRejectDuplicateCSRExtensionsROCSPStage1ROCSPStage2"
 
-var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 105, 128, 148, 161, 175, 193, 211, 230, 246, 265, 289, 300, 316, 332, 348, 378, 395, 415}
+var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 105, 128, 157, 177, 190, 204, 222, 240, 259, 275, 294, 318, 329, 345, 361, 377, 407, 424, 444, 458, 471, 479, 504, 532, 543, 554}
 
 func (i FeatureFlag) String() string {
 	if i < 0 || i >= FeatureFlag(len(_FeatureFlag_index)-1) {
diff --git a/vendor/github.com/letsencrypt/boulder/features/features.go b/vendor/github.com/letsencrypt/boulder/features/features.go
index 4608d1d63..ca4be39ab 100644
--- a/vendor/github.com/letsencrypt/boulder/features/features.go
+++ b/vendor/github.com/letsencrypt/boulder/features/features.go
@@ -4,6 +4,7 @@ package features
 
 import (
 	"fmt"
+	"strings"
 	"sync"
 )
 
@@ -18,6 +19,7 @@ const (
 	StoreIssuerInfo
 	StreamlineOrderAndAuthzs
 	V1DisableNewValidations
+	ExpirationMailerDontLookTwice
 
 	//   Currently in-use features
 	// Check CAA and respect validationmethods parameter.
@@ -77,6 +79,32 @@ const (
 	//   with the certificate's keypair, the cert will be revoked with reason
 	//   keyCompromise, regardless of what revocation reason they request.
 	MozRevocationReasons
+	// OldTLSOutbound allows the VA to negotiate TLS 1.0 and TLS 1.1 during
+	// HTTPS redirects. When it is set to false, the VA will only connect to
+	// HTTPS servers that support TLS 1.2 or above.
+	OldTLSOutbound
+	// OldTLSInbound controls whether the WFE rejects inbound requests using
+	// TLS 1.0 and TLS 1.1. Because WFE does not terminate TLS in production,
+	// we rely on the TLS-Version header (set by our reverse proxy).
+	OldTLSInbound
+	// SHA1CSRs controls whether the /acme/finalize endpoint rejects CSRs that
+	// are self-signed using SHA1.
+	SHA1CSRs
+	// AllowUnrecognizedFeatures is internal to the features package: if true,
+	// skip error when unrecognized feature flag names are passed.
+	AllowUnrecognizedFeatures
+	// RejectDuplicateCSRExtensions enables verification that submitted CSRs do
+	// not contain duplicate extensions. This behavior will be on by default in
+	// go1.19.
+	RejectDuplicateCSRExtensions
+
+	// ROCSPStage1 enables querying Redis, live-signing response, and storing
+	// to Redis, but doesn't serve responses from Redis.
+	ROCSPStage1
+	// ROCSPStage2 enables querying Redis, live-signing a response, and storing
+	// to Redis, and does serve responses from Redis when appropriate (when
+	// they are fresh, and agree with MariaDB's status for the certificate).
+	ROCSPStage2
 )
 
 // List of features and their default value, protected by fMu
@@ -104,6 +132,14 @@ var features = map[FeatureFlag]bool{
 	CheckFailedAuthorizationsFirst: false,
 	AllowReRevocation:              false,
 	MozRevocationReasons:           false,
+	OldTLSOutbound:                 true,
+	OldTLSInbound:                  true,
+	SHA1CSRs:                       true,
+	AllowUnrecognizedFeatures:      false,
+	ExpirationMailerDontLookTwice:  false,
+	RejectDuplicateCSRExtensions:   false,
+	ROCSPStage1:                    false,
+	ROCSPStage2:                    false,
 }
 
 var fMu = new(sync.RWMutex)
@@ -120,17 +156,24 @@ func init() {
 }
 
 // Set accepts a list of features and whether they should
-// be enabled or disabled, it will return a error if passed
-// a feature name that it doesn't know
+// be enabled or disabled. In the presence of unrecognized
+// flags, it will return an error or not depending on the
+// value of AllowUnrecognizedFeatures.
 func Set(featureSet map[string]bool) error {
 	fMu.Lock()
 	defer fMu.Unlock()
+	var unknown []string
 	for n, v := range featureSet {
 		f, present := nameToFeature[n]
-		if !present {
-			return fmt.Errorf("feature '%s' doesn't exist", n)
+		if present {
+			features[f] = v
+		} else {
+			unknown = append(unknown, n)
 		}
-		features[f] = v
+	}
+	if len(unknown) > 0 && !features[AllowUnrecognizedFeatures] {
+		return fmt.Errorf("unrecognized feature flag names: %s",
+			strings.Join(unknown, ", "))
 	}
 	return nil
 }
diff --git a/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go b/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
index 3457f5b12..acaab2522 100644
--- a/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
+++ b/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
@@ -10,7 +10,7 @@ import (
 
 	"github.com/letsencrypt/boulder/core"
 
-	yaml "gopkg.in/yaml.v2"
+	yaml "gopkg.in/yaml.v3"
 )
 
 // blockedKeys is a type for maintaining a map of SHA256 hashes
diff --git a/vendor/github.com/letsencrypt/boulder/revocation/reasons.go b/vendor/github.com/letsencrypt/boulder/revocation/reasons.go
index a5b3f0807..50f556be0 100644
--- a/vendor/github.com/letsencrypt/boulder/revocation/reasons.go
+++ b/vendor/github.com/letsencrypt/boulder/revocation/reasons.go
@@ -31,7 +31,6 @@ var ReasonToString = map[Reason]string{
 var UserAllowedReasons = map[Reason]struct{}{
 	ocsp.Unspecified:          {},
 	ocsp.KeyCompromise:        {},
-	ocsp.AffiliationChanged:   {},
 	ocsp.Superseded:           {},
 	ocsp.CessationOfOperation: {},
 }
@@ -42,7 +41,6 @@ var UserAllowedReasons = map[Reason]struct{}{
 var AdminAllowedReasons = map[Reason]struct{}{
 	ocsp.Unspecified:          {},
 	ocsp.KeyCompromise:        {},
-	ocsp.AffiliationChanged:   {},
 	ocsp.Superseded:           {},
 	ocsp.CessationOfOperation: {},
 	ocsp.PrivilegeWithdrawn:   {},
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
index b88df399a..6bb28e0f2 100644
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
+++ b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.15.6
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.20.1
 // source: sa.proto
 
 package proto
@@ -565,6 +565,53 @@ func (x *Count) GetCount() int64 {
 	return 0
 }
 
+type Timestamps struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Timestamps []int64 `protobuf:"varint,1,rep,packed,name=timestamps,proto3" json:"timestamps,omitempty"` // Unix timestamp (nanoseconds)
+}
+
+func (x *Timestamps) Reset() {
+	*x = Timestamps{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sa_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Timestamps) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Timestamps) ProtoMessage() {}
+
+func (x *Timestamps) ProtoReflect() protoreflect.Message {
+	mi := &file_sa_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Timestamps.ProtoReflect.Descriptor instead.
+func (*Timestamps) Descriptor() ([]byte, []int) {
+	return file_sa_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *Timestamps) GetTimestamps() []int64 {
+	if x != nil {
+		return x.Timestamps
+	}
+	return nil
+}
+
 type CountCertificatesByNamesRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -577,7 +624,7 @@ type CountCertificatesByNamesRequest struct {
 func (x *CountCertificatesByNamesRequest) Reset() {
 	*x = CountCertificatesByNamesRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[10]
+		mi := &file_sa_proto_msgTypes[11]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -590,7 +637,7 @@ func (x *CountCertificatesByNamesRequest) String() string {
 func (*CountCertificatesByNamesRequest) ProtoMessage() {}
 
 func (x *CountCertificatesByNamesRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[10]
+	mi := &file_sa_proto_msgTypes[11]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -603,7 +650,7 @@ func (x *CountCertificatesByNamesRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CountCertificatesByNamesRequest.ProtoReflect.Descriptor instead.
 func (*CountCertificatesByNamesRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{10}
+	return file_sa_proto_rawDescGZIP(), []int{11}
 }
 
 func (x *CountCertificatesByNamesRequest) GetRange() *Range {
@@ -631,7 +678,7 @@ type CountByNames struct {
 func (x *CountByNames) Reset() {
 	*x = CountByNames{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[11]
+		mi := &file_sa_proto_msgTypes[12]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -644,7 +691,7 @@ func (x *CountByNames) String() string {
 func (*CountByNames) ProtoMessage() {}
 
 func (x *CountByNames) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[11]
+	mi := &file_sa_proto_msgTypes[12]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -657,7 +704,7 @@ func (x *CountByNames) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CountByNames.ProtoReflect.Descriptor instead.
 func (*CountByNames) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{11}
+	return file_sa_proto_rawDescGZIP(), []int{12}
 }
 
 func (x *CountByNames) GetCounts() map[string]int64 {
@@ -679,7 +726,7 @@ type CountRegistrationsByIPRequest struct {
 func (x *CountRegistrationsByIPRequest) Reset() {
 	*x = CountRegistrationsByIPRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[12]
+		mi := &file_sa_proto_msgTypes[13]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -692,7 +739,7 @@ func (x *CountRegistrationsByIPRequest) String() string {
 func (*CountRegistrationsByIPRequest) ProtoMessage() {}
 
 func (x *CountRegistrationsByIPRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[12]
+	mi := &file_sa_proto_msgTypes[13]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -705,7 +752,7 @@ func (x *CountRegistrationsByIPRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CountRegistrationsByIPRequest.ProtoReflect.Descriptor instead.
 func (*CountRegistrationsByIPRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{12}
+	return file_sa_proto_rawDescGZIP(), []int{13}
 }
 
 func (x *CountRegistrationsByIPRequest) GetIp() []byte {
@@ -736,7 +783,7 @@ type CountInvalidAuthorizationsRequest struct {
 func (x *CountInvalidAuthorizationsRequest) Reset() {
 	*x = CountInvalidAuthorizationsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[13]
+		mi := &file_sa_proto_msgTypes[14]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -749,7 +796,7 @@ func (x *CountInvalidAuthorizationsRequest) String() string {
 func (*CountInvalidAuthorizationsRequest) ProtoMessage() {}
 
 func (x *CountInvalidAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[13]
+	mi := &file_sa_proto_msgTypes[14]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -762,7 +809,7 @@ func (x *CountInvalidAuthorizationsRequest) ProtoReflect() protoreflect.Message
 
 // Deprecated: Use CountInvalidAuthorizationsRequest.ProtoReflect.Descriptor instead.
 func (*CountInvalidAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{13}
+	return file_sa_proto_rawDescGZIP(), []int{14}
 }
 
 func (x *CountInvalidAuthorizationsRequest) GetRegistrationID() int64 {
@@ -798,7 +845,7 @@ type CountOrdersRequest struct {
 func (x *CountOrdersRequest) Reset() {
 	*x = CountOrdersRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[14]
+		mi := &file_sa_proto_msgTypes[15]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -811,7 +858,7 @@ func (x *CountOrdersRequest) String() string {
 func (*CountOrdersRequest) ProtoMessage() {}
 
 func (x *CountOrdersRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[14]
+	mi := &file_sa_proto_msgTypes[15]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -824,7 +871,7 @@ func (x *CountOrdersRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CountOrdersRequest.ProtoReflect.Descriptor instead.
 func (*CountOrdersRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{14}
+	return file_sa_proto_rawDescGZIP(), []int{15}
 }
 
 func (x *CountOrdersRequest) GetAccountID() int64 {
@@ -853,7 +900,7 @@ type CountFQDNSetsRequest struct {
 func (x *CountFQDNSetsRequest) Reset() {
 	*x = CountFQDNSetsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[15]
+		mi := &file_sa_proto_msgTypes[16]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -866,7 +913,7 @@ func (x *CountFQDNSetsRequest) String() string {
 func (*CountFQDNSetsRequest) ProtoMessage() {}
 
 func (x *CountFQDNSetsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[15]
+	mi := &file_sa_proto_msgTypes[16]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -879,7 +926,7 @@ func (x *CountFQDNSetsRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CountFQDNSetsRequest.ProtoReflect.Descriptor instead.
 func (*CountFQDNSetsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{15}
+	return file_sa_proto_rawDescGZIP(), []int{16}
 }
 
 func (x *CountFQDNSetsRequest) GetWindow() int64 {
@@ -907,7 +954,7 @@ type FQDNSetExistsRequest struct {
 func (x *FQDNSetExistsRequest) Reset() {
 	*x = FQDNSetExistsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[16]
+		mi := &file_sa_proto_msgTypes[17]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -920,7 +967,7 @@ func (x *FQDNSetExistsRequest) String() string {
 func (*FQDNSetExistsRequest) ProtoMessage() {}
 
 func (x *FQDNSetExistsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[16]
+	mi := &file_sa_proto_msgTypes[17]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -933,7 +980,7 @@ func (x *FQDNSetExistsRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use FQDNSetExistsRequest.ProtoReflect.Descriptor instead.
 func (*FQDNSetExistsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{16}
+	return file_sa_proto_rawDescGZIP(), []int{17}
 }
 
 func (x *FQDNSetExistsRequest) GetDomains() []string {
@@ -955,7 +1002,7 @@ type PreviousCertificateExistsRequest struct {
 func (x *PreviousCertificateExistsRequest) Reset() {
 	*x = PreviousCertificateExistsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[17]
+		mi := &file_sa_proto_msgTypes[18]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -968,7 +1015,7 @@ func (x *PreviousCertificateExistsRequest) String() string {
 func (*PreviousCertificateExistsRequest) ProtoMessage() {}
 
 func (x *PreviousCertificateExistsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[17]
+	mi := &file_sa_proto_msgTypes[18]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -981,7 +1028,7 @@ func (x *PreviousCertificateExistsRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PreviousCertificateExistsRequest.ProtoReflect.Descriptor instead.
 func (*PreviousCertificateExistsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{17}
+	return file_sa_proto_rawDescGZIP(), []int{18}
 }
 
 func (x *PreviousCertificateExistsRequest) GetDomain() string {
@@ -1009,7 +1056,7 @@ type Exists struct {
 func (x *Exists) Reset() {
 	*x = Exists{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[18]
+		mi := &file_sa_proto_msgTypes[19]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1022,7 +1069,7 @@ func (x *Exists) String() string {
 func (*Exists) ProtoMessage() {}
 
 func (x *Exists) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[18]
+	mi := &file_sa_proto_msgTypes[19]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1035,7 +1082,7 @@ func (x *Exists) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Exists.ProtoReflect.Descriptor instead.
 func (*Exists) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{18}
+	return file_sa_proto_rawDescGZIP(), []int{19}
 }
 
 func (x *Exists) GetExists() bool {
@@ -1059,7 +1106,7 @@ type AddSerialRequest struct {
 func (x *AddSerialRequest) Reset() {
 	*x = AddSerialRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[19]
+		mi := &file_sa_proto_msgTypes[20]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1072,7 +1119,7 @@ func (x *AddSerialRequest) String() string {
 func (*AddSerialRequest) ProtoMessage() {}
 
 func (x *AddSerialRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[19]
+	mi := &file_sa_proto_msgTypes[20]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1085,7 +1132,7 @@ func (x *AddSerialRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AddSerialRequest.ProtoReflect.Descriptor instead.
 func (*AddSerialRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{19}
+	return file_sa_proto_rawDescGZIP(), []int{20}
 }
 
 func (x *AddSerialRequest) GetRegID() int64 {
@@ -1136,7 +1183,7 @@ type AddCertificateRequest struct {
 func (x *AddCertificateRequest) Reset() {
 	*x = AddCertificateRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[20]
+		mi := &file_sa_proto_msgTypes[21]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1149,7 +1196,7 @@ func (x *AddCertificateRequest) String() string {
 func (*AddCertificateRequest) ProtoMessage() {}
 
 func (x *AddCertificateRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[20]
+	mi := &file_sa_proto_msgTypes[21]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1162,7 +1209,7 @@ func (x *AddCertificateRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AddCertificateRequest.ProtoReflect.Descriptor instead.
 func (*AddCertificateRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{20}
+	return file_sa_proto_rawDescGZIP(), []int{21}
 }
 
 func (x *AddCertificateRequest) GetDer() []byte {
@@ -1211,7 +1258,7 @@ type AddCertificateResponse struct {
 func (x *AddCertificateResponse) Reset() {
 	*x = AddCertificateResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[21]
+		mi := &file_sa_proto_msgTypes[22]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1224,7 +1271,7 @@ func (x *AddCertificateResponse) String() string {
 func (*AddCertificateResponse) ProtoMessage() {}
 
 func (x *AddCertificateResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[21]
+	mi := &file_sa_proto_msgTypes[22]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1237,7 +1284,7 @@ func (x *AddCertificateResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AddCertificateResponse.ProtoReflect.Descriptor instead.
 func (*AddCertificateResponse) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{21}
+	return file_sa_proto_rawDescGZIP(), []int{22}
 }
 
 func (x *AddCertificateResponse) GetDigest() string {
@@ -1258,7 +1305,7 @@ type OrderRequest struct {
 func (x *OrderRequest) Reset() {
 	*x = OrderRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[22]
+		mi := &file_sa_proto_msgTypes[23]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1271,7 +1318,7 @@ func (x *OrderRequest) String() string {
 func (*OrderRequest) ProtoMessage() {}
 
 func (x *OrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[22]
+	mi := &file_sa_proto_msgTypes[23]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1284,7 +1331,7 @@ func (x *OrderRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use OrderRequest.ProtoReflect.Descriptor instead.
 func (*OrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{22}
+	return file_sa_proto_rawDescGZIP(), []int{23}
 }
 
 func (x *OrderRequest) GetId() int64 {
@@ -1308,7 +1355,7 @@ type NewOrderRequest struct {
 func (x *NewOrderRequest) Reset() {
 	*x = NewOrderRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[23]
+		mi := &file_sa_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1321,7 +1368,7 @@ func (x *NewOrderRequest) String() string {
 func (*NewOrderRequest) ProtoMessage() {}
 
 func (x *NewOrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[23]
+	mi := &file_sa_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1334,7 +1381,7 @@ func (x *NewOrderRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use NewOrderRequest.ProtoReflect.Descriptor instead.
 func (*NewOrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{23}
+	return file_sa_proto_rawDescGZIP(), []int{24}
 }
 
 func (x *NewOrderRequest) GetRegistrationID() int64 {
@@ -1377,7 +1424,7 @@ type NewOrderAndAuthzsRequest struct {
 func (x *NewOrderAndAuthzsRequest) Reset() {
 	*x = NewOrderAndAuthzsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[24]
+		mi := &file_sa_proto_msgTypes[25]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1390,7 +1437,7 @@ func (x *NewOrderAndAuthzsRequest) String() string {
 func (*NewOrderAndAuthzsRequest) ProtoMessage() {}
 
 func (x *NewOrderAndAuthzsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[24]
+	mi := &file_sa_proto_msgTypes[25]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1403,7 +1450,7 @@ func (x *NewOrderAndAuthzsRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use NewOrderAndAuthzsRequest.ProtoReflect.Descriptor instead.
 func (*NewOrderAndAuthzsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{24}
+	return file_sa_proto_rawDescGZIP(), []int{25}
 }
 
 func (x *NewOrderAndAuthzsRequest) GetNewOrder() *NewOrderRequest {
@@ -1432,7 +1479,7 @@ type SetOrderErrorRequest struct {
 func (x *SetOrderErrorRequest) Reset() {
 	*x = SetOrderErrorRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[25]
+		mi := &file_sa_proto_msgTypes[26]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1445,7 +1492,7 @@ func (x *SetOrderErrorRequest) String() string {
 func (*SetOrderErrorRequest) ProtoMessage() {}
 
 func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[25]
+	mi := &file_sa_proto_msgTypes[26]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1458,7 +1505,7 @@ func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SetOrderErrorRequest.ProtoReflect.Descriptor instead.
 func (*SetOrderErrorRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{25}
+	return file_sa_proto_rawDescGZIP(), []int{26}
 }
 
 func (x *SetOrderErrorRequest) GetId() int64 {
@@ -1487,7 +1534,7 @@ type GetValidOrderAuthorizationsRequest struct {
 func (x *GetValidOrderAuthorizationsRequest) Reset() {
 	*x = GetValidOrderAuthorizationsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[26]
+		mi := &file_sa_proto_msgTypes[27]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1500,7 +1547,7 @@ func (x *GetValidOrderAuthorizationsRequest) String() string {
 func (*GetValidOrderAuthorizationsRequest) ProtoMessage() {}
 
 func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[26]
+	mi := &file_sa_proto_msgTypes[27]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1513,7 +1560,7 @@ func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message
 
 // Deprecated: Use GetValidOrderAuthorizationsRequest.ProtoReflect.Descriptor instead.
 func (*GetValidOrderAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{26}
+	return file_sa_proto_rawDescGZIP(), []int{27}
 }
 
 func (x *GetValidOrderAuthorizationsRequest) GetId() int64 {
@@ -1542,7 +1589,7 @@ type GetOrderForNamesRequest struct {
 func (x *GetOrderForNamesRequest) Reset() {
 	*x = GetOrderForNamesRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[27]
+		mi := &file_sa_proto_msgTypes[28]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1555,7 +1602,7 @@ func (x *GetOrderForNamesRequest) String() string {
 func (*GetOrderForNamesRequest) ProtoMessage() {}
 
 func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[27]
+	mi := &file_sa_proto_msgTypes[28]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1568,7 +1615,7 @@ func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetOrderForNamesRequest.ProtoReflect.Descriptor instead.
 func (*GetOrderForNamesRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{27}
+	return file_sa_proto_rawDescGZIP(), []int{28}
 }
 
 func (x *GetOrderForNamesRequest) GetAcctID() int64 {
@@ -1597,7 +1644,7 @@ type FinalizeOrderRequest struct {
 func (x *FinalizeOrderRequest) Reset() {
 	*x = FinalizeOrderRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[28]
+		mi := &file_sa_proto_msgTypes[29]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1610,7 +1657,7 @@ func (x *FinalizeOrderRequest) String() string {
 func (*FinalizeOrderRequest) ProtoMessage() {}
 
 func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[28]
+	mi := &file_sa_proto_msgTypes[29]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1623,7 +1670,7 @@ func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead.
 func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{28}
+	return file_sa_proto_rawDescGZIP(), []int{29}
 }
 
 func (x *FinalizeOrderRequest) GetId() int64 {
@@ -1653,7 +1700,7 @@ type GetAuthorizationsRequest struct {
 func (x *GetAuthorizationsRequest) Reset() {
 	*x = GetAuthorizationsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[29]
+		mi := &file_sa_proto_msgTypes[30]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1666,7 +1713,7 @@ func (x *GetAuthorizationsRequest) String() string {
 func (*GetAuthorizationsRequest) ProtoMessage() {}
 
 func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[29]
+	mi := &file_sa_proto_msgTypes[30]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1679,7 +1726,7 @@ func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetAuthorizationsRequest.ProtoReflect.Descriptor instead.
 func (*GetAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{29}
+	return file_sa_proto_rawDescGZIP(), []int{30}
 }
 
 func (x *GetAuthorizationsRequest) GetRegistrationID() int64 {
@@ -1714,7 +1761,7 @@ type Authorizations struct {
 func (x *Authorizations) Reset() {
 	*x = Authorizations{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[30]
+		mi := &file_sa_proto_msgTypes[31]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1727,7 +1774,7 @@ func (x *Authorizations) String() string {
 func (*Authorizations) ProtoMessage() {}
 
 func (x *Authorizations) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[30]
+	mi := &file_sa_proto_msgTypes[31]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1740,7 +1787,7 @@ func (x *Authorizations) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Authorizations.ProtoReflect.Descriptor instead.
 func (*Authorizations) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{30}
+	return file_sa_proto_rawDescGZIP(), []int{31}
 }
 
 func (x *Authorizations) GetAuthz() []*Authorizations_MapElement {
@@ -1761,7 +1808,7 @@ type AddPendingAuthorizationsRequest struct {
 func (x *AddPendingAuthorizationsRequest) Reset() {
 	*x = AddPendingAuthorizationsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[31]
+		mi := &file_sa_proto_msgTypes[32]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1774,7 +1821,7 @@ func (x *AddPendingAuthorizationsRequest) String() string {
 func (*AddPendingAuthorizationsRequest) ProtoMessage() {}
 
 func (x *AddPendingAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[31]
+	mi := &file_sa_proto_msgTypes[32]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1787,7 +1834,7 @@ func (x *AddPendingAuthorizationsRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AddPendingAuthorizationsRequest.ProtoReflect.Descriptor instead.
 func (*AddPendingAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{31}
+	return file_sa_proto_rawDescGZIP(), []int{32}
 }
 
 func (x *AddPendingAuthorizationsRequest) GetAuthz() []*proto.Authorization {
@@ -1808,7 +1855,7 @@ type AuthorizationIDs struct {
 func (x *AuthorizationIDs) Reset() {
 	*x = AuthorizationIDs{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[32]
+		mi := &file_sa_proto_msgTypes[33]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1821,7 +1868,7 @@ func (x *AuthorizationIDs) String() string {
 func (*AuthorizationIDs) ProtoMessage() {}
 
 func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[32]
+	mi := &file_sa_proto_msgTypes[33]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1834,7 +1881,7 @@ func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthorizationIDs.ProtoReflect.Descriptor instead.
 func (*AuthorizationIDs) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{32}
+	return file_sa_proto_rawDescGZIP(), []int{33}
 }
 
 func (x *AuthorizationIDs) GetIds() []string {
@@ -1855,7 +1902,7 @@ type AuthorizationID2 struct {
 func (x *AuthorizationID2) Reset() {
 	*x = AuthorizationID2{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[33]
+		mi := &file_sa_proto_msgTypes[34]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1868,7 +1915,7 @@ func (x *AuthorizationID2) String() string {
 func (*AuthorizationID2) ProtoMessage() {}
 
 func (x *AuthorizationID2) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[33]
+	mi := &file_sa_proto_msgTypes[34]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1881,7 +1928,7 @@ func (x *AuthorizationID2) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthorizationID2.ProtoReflect.Descriptor instead.
 func (*AuthorizationID2) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{33}
+	return file_sa_proto_rawDescGZIP(), []int{34}
 }
 
 func (x *AuthorizationID2) GetId() int64 {
@@ -1902,7 +1949,7 @@ type Authorization2IDs struct {
 func (x *Authorization2IDs) Reset() {
 	*x = Authorization2IDs{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[34]
+		mi := &file_sa_proto_msgTypes[35]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1915,7 +1962,7 @@ func (x *Authorization2IDs) String() string {
 func (*Authorization2IDs) ProtoMessage() {}
 
 func (x *Authorization2IDs) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[34]
+	mi := &file_sa_proto_msgTypes[35]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1928,7 +1975,7 @@ func (x *Authorization2IDs) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Authorization2IDs.ProtoReflect.Descriptor instead.
 func (*Authorization2IDs) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{34}
+	return file_sa_proto_rawDescGZIP(), []int{35}
 }
 
 func (x *Authorization2IDs) GetIds() []int64 {
@@ -1948,12 +1995,13 @@ type RevokeCertificateRequest struct {
 	Date     int64  `protobuf:"varint,3,opt,name=date,proto3" json:"date,omitempty"`         // Unix timestamp (nanoseconds)
 	Backdate int64  `protobuf:"varint,5,opt,name=backdate,proto3" json:"backdate,omitempty"` // Unix timestamp (nanoseconds)
 	Response []byte `protobuf:"bytes,4,opt,name=response,proto3" json:"response,omitempty"`
+	IssuerID int64  `protobuf:"varint,6,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
 }
 
 func (x *RevokeCertificateRequest) Reset() {
 	*x = RevokeCertificateRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[35]
+		mi := &file_sa_proto_msgTypes[36]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1966,7 +2014,7 @@ func (x *RevokeCertificateRequest) String() string {
 func (*RevokeCertificateRequest) ProtoMessage() {}
 
 func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[35]
+	mi := &file_sa_proto_msgTypes[36]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1979,7 +2027,7 @@ func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RevokeCertificateRequest.ProtoReflect.Descriptor instead.
 func (*RevokeCertificateRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{35}
+	return file_sa_proto_rawDescGZIP(), []int{36}
 }
 
 func (x *RevokeCertificateRequest) GetSerial() string {
@@ -2017,6 +2065,13 @@ func (x *RevokeCertificateRequest) GetResponse() []byte {
 	return nil
 }
 
+func (x *RevokeCertificateRequest) GetIssuerID() int64 {
+	if x != nil {
+		return x.IssuerID
+	}
+	return 0
+}
+
 type FinalizeAuthorizationRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -2034,7 +2089,7 @@ type FinalizeAuthorizationRequest struct {
 func (x *FinalizeAuthorizationRequest) Reset() {
 	*x = FinalizeAuthorizationRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[36]
+		mi := &file_sa_proto_msgTypes[37]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2047,7 +2102,7 @@ func (x *FinalizeAuthorizationRequest) String() string {
 func (*FinalizeAuthorizationRequest) ProtoMessage() {}
 
 func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[36]
+	mi := &file_sa_proto_msgTypes[37]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2060,7 +2115,7 @@ func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use FinalizeAuthorizationRequest.ProtoReflect.Descriptor instead.
 func (*FinalizeAuthorizationRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{36}
+	return file_sa_proto_rawDescGZIP(), []int{37}
 }
 
 func (x *FinalizeAuthorizationRequest) GetId() int64 {
@@ -2127,7 +2182,7 @@ type AddBlockedKeyRequest struct {
 func (x *AddBlockedKeyRequest) Reset() {
 	*x = AddBlockedKeyRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[37]
+		mi := &file_sa_proto_msgTypes[38]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2140,7 +2195,7 @@ func (x *AddBlockedKeyRequest) String() string {
 func (*AddBlockedKeyRequest) ProtoMessage() {}
 
 func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[37]
+	mi := &file_sa_proto_msgTypes[38]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2153,7 +2208,7 @@ func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AddBlockedKeyRequest.ProtoReflect.Descriptor instead.
 func (*AddBlockedKeyRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{37}
+	return file_sa_proto_rawDescGZIP(), []int{38}
 }
 
 func (x *AddBlockedKeyRequest) GetKeyHash() []byte {
@@ -2202,7 +2257,7 @@ type KeyBlockedRequest struct {
 func (x *KeyBlockedRequest) Reset() {
 	*x = KeyBlockedRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[38]
+		mi := &file_sa_proto_msgTypes[39]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2215,7 +2270,7 @@ func (x *KeyBlockedRequest) String() string {
 func (*KeyBlockedRequest) ProtoMessage() {}
 
 func (x *KeyBlockedRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[38]
+	mi := &file_sa_proto_msgTypes[39]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2228,7 +2283,7 @@ func (x *KeyBlockedRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use KeyBlockedRequest.ProtoReflect.Descriptor instead.
 func (*KeyBlockedRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{38}
+	return file_sa_proto_rawDescGZIP(), []int{39}
 }
 
 func (x *KeyBlockedRequest) GetKeyHash() []byte {
@@ -2238,6 +2293,274 @@ func (x *KeyBlockedRequest) GetKeyHash() []byte {
 	return nil
 }
 
+type Incident struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Id          int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
+	SerialTable string `protobuf:"bytes,2,opt,name=serialTable,proto3" json:"serialTable,omitempty"`
+	Url         string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"`
+	RenewBy     int64  `protobuf:"varint,4,opt,name=renewBy,proto3" json:"renewBy,omitempty"` // Unix timestamp (nanoseconds)
+	Enabled     bool   `protobuf:"varint,5,opt,name=enabled,proto3" json:"enabled,omitempty"`
+}
+
+func (x *Incident) Reset() {
+	*x = Incident{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sa_proto_msgTypes[40]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Incident) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Incident) ProtoMessage() {}
+
+func (x *Incident) ProtoReflect() protoreflect.Message {
+	mi := &file_sa_proto_msgTypes[40]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Incident.ProtoReflect.Descriptor instead.
+func (*Incident) Descriptor() ([]byte, []int) {
+	return file_sa_proto_rawDescGZIP(), []int{40}
+}
+
+func (x *Incident) GetId() int64 {
+	if x != nil {
+		return x.Id
+	}
+	return 0
+}
+
+func (x *Incident) GetSerialTable() string {
+	if x != nil {
+		return x.SerialTable
+	}
+	return ""
+}
+
+func (x *Incident) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+func (x *Incident) GetRenewBy() int64 {
+	if x != nil {
+		return x.RenewBy
+	}
+	return 0
+}
+
+func (x *Incident) GetEnabled() bool {
+	if x != nil {
+		return x.Enabled
+	}
+	return false
+}
+
+type SerialsForIncidentRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	IncidentTable string `protobuf:"bytes,1,opt,name=incidentTable,proto3" json:"incidentTable,omitempty"`
+}
+
+func (x *SerialsForIncidentRequest) Reset() {
+	*x = SerialsForIncidentRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sa_proto_msgTypes[41]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SerialsForIncidentRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SerialsForIncidentRequest) ProtoMessage() {}
+
+func (x *SerialsForIncidentRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sa_proto_msgTypes[41]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SerialsForIncidentRequest.ProtoReflect.Descriptor instead.
+func (*SerialsForIncidentRequest) Descriptor() ([]byte, []int) {
+	return file_sa_proto_rawDescGZIP(), []int{41}
+}
+
+func (x *SerialsForIncidentRequest) GetIncidentTable() string {
+	if x != nil {
+		return x.IncidentTable
+	}
+	return ""
+}
+
+type IncidentSerial struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Serial         string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
+	RegistrationID int64  `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
+	OrderID        int64  `protobuf:"varint,3,opt,name=orderID,proto3" json:"orderID,omitempty"`
+	LastNoticeSent int64  `protobuf:"varint,4,opt,name=lastNoticeSent,proto3" json:"lastNoticeSent,omitempty"` // Unix timestamp (nanoseconds)
+}
+
+func (x *IncidentSerial) Reset() {
+	*x = IncidentSerial{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sa_proto_msgTypes[42]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *IncidentSerial) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*IncidentSerial) ProtoMessage() {}
+
+func (x *IncidentSerial) ProtoReflect() protoreflect.Message {
+	mi := &file_sa_proto_msgTypes[42]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use IncidentSerial.ProtoReflect.Descriptor instead.
+func (*IncidentSerial) Descriptor() ([]byte, []int) {
+	return file_sa_proto_rawDescGZIP(), []int{42}
+}
+
+func (x *IncidentSerial) GetSerial() string {
+	if x != nil {
+		return x.Serial
+	}
+	return ""
+}
+
+func (x *IncidentSerial) GetRegistrationID() int64 {
+	if x != nil {
+		return x.RegistrationID
+	}
+	return 0
+}
+
+func (x *IncidentSerial) GetOrderID() int64 {
+	if x != nil {
+		return x.OrderID
+	}
+	return 0
+}
+
+func (x *IncidentSerial) GetLastNoticeSent() int64 {
+	if x != nil {
+		return x.LastNoticeSent
+	}
+	return 0
+}
+
+type GetRevokedCertsRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	IssuerNameID  int64 `protobuf:"varint,1,opt,name=issuerNameID,proto3" json:"issuerNameID,omitempty"`
+	ExpiresAfter  int64 `protobuf:"varint,2,opt,name=expiresAfter,proto3" json:"expiresAfter,omitempty"`   // Unix timestamp (nanoseconds), inclusive
+	ExpiresBefore int64 `protobuf:"varint,3,opt,name=expiresBefore,proto3" json:"expiresBefore,omitempty"` // Unix timestamp (nanoseconds), exclusive
+	RevokedBefore int64 `protobuf:"varint,4,opt,name=revokedBefore,proto3" json:"revokedBefore,omitempty"` // Unix timestamp (nanoseconds)
+}
+
+func (x *GetRevokedCertsRequest) Reset() {
+	*x = GetRevokedCertsRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sa_proto_msgTypes[43]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetRevokedCertsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetRevokedCertsRequest) ProtoMessage() {}
+
+func (x *GetRevokedCertsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sa_proto_msgTypes[43]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetRevokedCertsRequest.ProtoReflect.Descriptor instead.
+func (*GetRevokedCertsRequest) Descriptor() ([]byte, []int) {
+	return file_sa_proto_rawDescGZIP(), []int{43}
+}
+
+func (x *GetRevokedCertsRequest) GetIssuerNameID() int64 {
+	if x != nil {
+		return x.IssuerNameID
+	}
+	return 0
+}
+
+func (x *GetRevokedCertsRequest) GetExpiresAfter() int64 {
+	if x != nil {
+		return x.ExpiresAfter
+	}
+	return 0
+}
+
+func (x *GetRevokedCertsRequest) GetExpiresBefore() int64 {
+	if x != nil {
+		return x.ExpiresBefore
+	}
+	return 0
+}
+
+func (x *GetRevokedCertsRequest) GetRevokedBefore() int64 {
+	if x != nil {
+		return x.RevokedBefore
+	}
+	return 0
+}
+
 type ValidAuthorizations_MapElement struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -2250,7 +2573,7 @@ type ValidAuthorizations_MapElement struct {
 func (x *ValidAuthorizations_MapElement) Reset() {
 	*x = ValidAuthorizations_MapElement{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[39]
+		mi := &file_sa_proto_msgTypes[44]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2263,7 +2586,7 @@ func (x *ValidAuthorizations_MapElement) String() string {
 func (*ValidAuthorizations_MapElement) ProtoMessage() {}
 
 func (x *ValidAuthorizations_MapElement) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[39]
+	mi := &file_sa_proto_msgTypes[44]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2305,7 +2628,7 @@ type Authorizations_MapElement struct {
 func (x *Authorizations_MapElement) Reset() {
 	*x = Authorizations_MapElement{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[41]
+		mi := &file_sa_proto_msgTypes[46]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2318,7 +2641,7 @@ func (x *Authorizations_MapElement) String() string {
 func (*Authorizations_MapElement) ProtoMessage() {}
 
 func (x *Authorizations_MapElement) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[41]
+	mi := &file_sa_proto_msgTypes[46]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2331,7 +2654,7 @@ func (x *Authorizations_MapElement) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Authorizations_MapElement.ProtoReflect.Descriptor instead.
 func (*Authorizations_MapElement) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{30, 0}
+	return file_sa_proto_rawDescGZIP(), []int{31, 0}
 }
 
 func (x *Authorizations_MapElement) GetDomain() string {
@@ -2407,227 +2730,269 @@ var file_sa_proto_rawDesc = []byte{
 	0x74, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x6c, 0x61, 0x74, 0x65,
 	0x73, 0x74, 0x22, 0x1d, 0x0a, 0x05, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x63,
 	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e,
-	0x74, 0x22, 0x58, 0x0a, 0x1f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05,
-	0x72, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x7f, 0x0a, 0x0c, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x06, 0x63,
-	0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x2e, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
-	0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x50, 0x0a, 0x1d,
-	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a,
-	0x02, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x69, 0x70, 0x12, 0x1f, 0x0a,
-	0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73,
-	0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x88,
-	0x01, 0x0a, 0x21, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08,
-	0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
-	0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67,
-	0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e,
-	0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x53, 0x0a, 0x12, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x1c, 0x0a, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x44, 0x12, 0x1f, 0x0a,
-	0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73,
-	0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x48,
-	0x0a, 0x14, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18,
-	0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52,
-	0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x22, 0x30, 0x0a, 0x14, 0x46, 0x51, 0x44, 0x4e,
-	0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x22, 0x50, 0x0a, 0x20, 0x50, 0x72,
-	0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x22, 0x20, 0x0a, 0x06,
-	0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x74,
-	0x0a, 0x10, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69,
-	0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c,
-	0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78,
-	0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70,
-	0x69, 0x72, 0x65, 0x73, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10,
-	0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72,
-	0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73,
-	0x73, 0x75, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75,
-	0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x22, 0x30,
-	0x0a, 0x16, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65,
-	0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74,
-	0x22, 0x1e, 0x0a, 0x0c, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64,
-	0x22, 0x95, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07,
-	0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65,
-	0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x10,
-	0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x04, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x7e, 0x0a, 0x18, 0x4e, 0x65, 0x77, 0x4f,
-	0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f,
-	0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x08, 0x6e, 0x65, 0x77,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x31, 0x0a, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68,
-	0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6e,
-	0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x22, 0x52, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x4f,
-	0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64,
-	0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65,
-	0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x4c, 0x0a, 0x22,
-	0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74,
+	0x74, 0x22, 0x2c, 0x0a, 0x0a, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x12,
+	0x1e, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x18, 0x01, 0x20,
+	0x03, 0x28, 0x03, 0x52, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x22,
+	0x58, 0x0a, 0x1f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61,
+	0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x7f, 0x0a, 0x0c, 0x43, 0x6f, 0x75,
+	0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x06, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
+	0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x1a,
+	0x39, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
+	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x50, 0x0a, 0x1d, 0x43, 0x6f,
+	0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69,
+	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x69, 0x70, 0x12, 0x1f, 0x0a, 0x05, 0x72,
+	0x61, 0x6e, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x88, 0x01, 0x0a,
+	0x21, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74,
 	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x22, 0x47, 0x0a, 0x17, 0x47, 0x65,
-	0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x12, 0x14, 0x0a,
-	0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61,
-	0x6d, 0x65, 0x73, 0x22, 0x54, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f,
-	0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69,
-	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x11, 0x63,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x6e, 0x0a, 0x18, 0x47, 0x65, 0x74,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a,
-	0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07,
-	0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x6f, 0x77, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x6e, 0x6f, 0x77, 0x22, 0x96, 0x01, 0x0a, 0x0e, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x05,
-	0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x73, 0x61,
-	0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
-	0x4d, 0x61, 0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68,
-	0x7a, 0x1a, 0x4f, 0x0a, 0x0a, 0x4d, 0x61, 0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12,
-	0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74,
-	0x68, 0x7a, 0x22, 0x4c, 0x0a, 0x1f, 0x41, 0x64, 0x64, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68,
+	0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69,
+	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f,
+	0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f,
+	0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65,
+	0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x53, 0x0a, 0x12, 0x43, 0x6f, 0x75, 0x6e, 0x74,
+	0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a,
+	0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x44, 0x12, 0x1f, 0x0a, 0x05, 0x72,
+	0x61, 0x6e, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x48, 0x0a, 0x14,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x0a, 0x07,
+	0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64,
+	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x22, 0x30, 0x0a, 0x14, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65,
+	0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18,
+	0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x22, 0x50, 0x0a, 0x20, 0x50, 0x72, 0x65, 0x76,
+	0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45,
+	0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06,
+	0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f,
+	0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x78,
+	0x69, 0x73, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x74, 0x0a, 0x10,
+	0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x18,
+	0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69,
+	0x72, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72,
+	0x65, 0x73, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03,
+	0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x14,
+	0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72,
+	0x65, 0x67, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75,
+	0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64,
+	0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01,
+	0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x22, 0x30, 0x0a, 0x16,
+	0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x1e,
+	0x0a, 0x0c, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e,
+	0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x95,
+	0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69,
+	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78,
+	0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70,
+	0x69, 0x72, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32,
+	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04,
+	0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x7e, 0x0a, 0x18, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64,
+	0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x2f, 0x0a, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64,
+	0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72,
+	0x64, 0x65, 0x72, 0x12, 0x31, 0x0a, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75,
+	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6e, 0x65, 0x77,
+	0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x22, 0x52, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64,
+	0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e,
+	0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2a,
+	0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e,
+	0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61,
+	0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x4c, 0x0a, 0x22, 0x47, 0x65,
+	0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64,
+	0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x22, 0x47, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4f,
+	0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x6e,
+	0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65,
+	0x73, 0x22, 0x54, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64,
+	0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x6e, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x41, 0x75,
+	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67,
+	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x64,
+	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f,
+	0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x03, 0x52, 0x03, 0x6e, 0x6f, 0x77, 0x22, 0x96, 0x01, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68,
+	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x05, 0x61, 0x75,
+	0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x41,
+	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x61,
+	0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x1a,
+	0x4f, 0x0a, 0x0a, 0x4d, 0x61, 0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a,
+	0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64,
+	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68,
 	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a,
-	0x22, 0x24, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x49, 0x44, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22, 0x22, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x25, 0x0a, 0x11, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x49, 0x44, 0x73, 0x12,
-	0x10, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x03, 0x52, 0x03, 0x69, 0x64,
-	0x73, 0x22, 0x96, 0x01, 0x0a, 0x18, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x12,
-	0x0a, 0x04, 0x64, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x64, 0x61,
-	0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a,
-	0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c,
-	0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xa6, 0x02, 0x0a, 0x1c, 0x46,
-	0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69,
-	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x1c, 0x0a,
-	0x09, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x09, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x12, 0x44, 0x0a, 0x11, 0x76,
-	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73,
-	0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x56, 0x61,
-	0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x11,
-	0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64,
-	0x73, 0x12, 0x3e, 0x0a, 0x0f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45,
-	0x72, 0x72, 0x6f, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73,
-	0x52, 0x0f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f,
-	0x72, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74,
-	0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65,
-	0x64, 0x41, 0x74, 0x22, 0x96, 0x01, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, 0x63, 0x6b,
-	0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07,
-	0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b,
-	0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x61, 0x64, 0x64, 0x65, 0x64, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x61, 0x64, 0x64, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c,
-	0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x22, 0x2d, 0x0a, 0x11,
-	0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x18, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0c, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x32, 0xcd, 0x15, 0x0a, 0x10,
-	0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
-	0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x3c, 0x0a,
-	0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57,
-	0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x35, 0x0a, 0x11, 0x47,
-	0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
-	0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x12, 0x2e, 0x73,
-	0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
-	0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c,
-	0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x34, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x50, 0x72, 0x65, 0x63,
+	0x22, 0x4c, 0x0a, 0x1f, 0x41, 0x64, 0x64, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75,
+	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
+	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0x24,
+	0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49,
+	0x44, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x03, 0x69, 0x64, 0x73, 0x22, 0x22, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x25, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x68,
+	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x49, 0x44, 0x73, 0x12, 0x10, 0x0a,
+	0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x03, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22,
+	0xb2, 0x01, 0x0a, 0x18, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06,
+	0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65,
+	0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04,
+	0x64, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x64, 0x61, 0x74, 0x65,
+	0x12, 0x1a, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01,
+	0x28, 0x03, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08,
+	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08,
+	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75,
+	0x65, 0x72, 0x49, 0x44, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75,
+	0x65, 0x72, 0x49, 0x44, 0x22, 0xa6, 0x02, 0x0a, 0x1c, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a,
+	0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a,
+	0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07,
+	0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x74, 0x74, 0x65, 0x6d,
+	0x70, 0x74, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x74, 0x74, 0x65,
+	0x6d, 0x70, 0x74, 0x65, 0x64, 0x12, 0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x16, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x3e, 0x0a, 0x0f, 0x76,
+	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62,
+	0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x0f, 0x76, 0x61, 0x6c, 0x69,
+	0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x61,
+	0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x22, 0x96, 0x01,
+	0x0a, 0x14, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73,
+	0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68,
+	0x12, 0x14, 0x0a, 0x05, 0x61, 0x64, 0x64, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x05, 0x61, 0x64, 0x64, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18,
+	0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f,
+	0x6b, 0x65, 0x64, 0x42, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x72, 0x65, 0x76,
+	0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x22, 0x2d, 0x0a, 0x11, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f,
+	0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6b,
+	0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b, 0x65,
+	0x79, 0x48, 0x61, 0x73, 0x68, 0x22, 0x82, 0x01, 0x0a, 0x08, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65,
+	0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02,
+	0x69, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54, 0x61, 0x62, 0x6c,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54,
+	0x61, 0x62, 0x6c, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42,
+	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42, 0x79,
+	0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x41, 0x0a, 0x19, 0x53, 0x65,
+	0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x69, 0x6e, 0x63, 0x69, 0x64,
+	0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d,
+	0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x22, 0x92, 0x01,
+	0x0a, 0x0e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c,
+	0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69,
+	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44,
+	0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x26, 0x0a, 0x0e, 0x6c, 0x61,
+	0x73, 0x74, 0x4e, 0x6f, 0x74, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x03, 0x52, 0x0e, 0x6c, 0x61, 0x73, 0x74, 0x4e, 0x6f, 0x74, 0x69, 0x63, 0x65, 0x53, 0x65,
+	0x6e, 0x74, 0x22, 0xac, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65,
+	0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a,
+	0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49,
+	0x44, 0x12, 0x22, 0x0a, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x66, 0x74, 0x65,
+	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73,
+	0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73,
+	0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x65, 0x78,
+	0x70, 0x69, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x72,
+	0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72,
+	0x65, 0x32, 0xa7, 0x17, 0x0a, 0x10, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74,
+	0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67,
+	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52,
+	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e,
+	0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61,
+	0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f,
+	0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
+	0x00, 0x12, 0x35, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69,
+	0x61, 0x6c, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x43,
 	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e,
 	0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47,
-	0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a,
-	0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x53, 0x0a, 0x18, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42,
-	0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e,
-	0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x00, 0x12,
-	0x48, 0x0a, 0x16, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x12, 0x21, 0x2e, 0x73, 0x61, 0x2e, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73,
-	0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x4d, 0x0a, 0x1b, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42,
-	0x79, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x21, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x32, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x12, 0x16, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x36, 0x0a, 0x0d,
-	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x12, 0x18, 0x2e,
-	0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x34, 0x0a, 0x11, 0x47,
+	0x65, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63,
+	0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22,
+	0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53,
+	0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00,
+	0x12, 0x53, 0x0a, 0x18, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23, 0x2e, 0x73,
+	0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61,
+	0x6d, 0x65, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x16, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65,
+	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x12,
+	0x21, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12,
+	0x4d, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x21,
+	0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x32,
+	0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x12, 0x16, 0x2e,
+	0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74,
+	0x22, 0x00, 0x12, 0x36, 0x0a, 0x0d, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53,
+	0x65, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51,
+	0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e,
+	0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x1a, 0x46, 0x51,
+	0x44, 0x4e, 0x53, 0x65, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x46,
+	0x6f, 0x72, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f,
+	0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x73, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45,
 	0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x51, 0x44, 0x4e, 0x53,
 	0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
 	0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4f, 0x0a,
@@ -2673,7 +3038,16 @@ var file_sa_proto_rawDesc = []byte{
 	0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0a, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f,
 	0x63, 0x6b, 0x65, 0x64, 0x12, 0x15, 0x2e, 0x73, 0x61, 0x2e, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f,
 	0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61,
-	0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77,
+	0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x12, 0x53, 0x65, 0x72,
+	0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x12,
+	0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49,
+	0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12,
+	0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x69,
+	0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x41, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76,
+	0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x2e, 0x73, 0x61, 0x2e, 0x47,
+	0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, 0x30, 0x01, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77,
 	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63,
 	0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
 	0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
@@ -2773,7 +3147,7 @@ func file_sa_proto_rawDescGZIP() []byte {
 	return file_sa_proto_rawDescData
 }
 
-var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 42)
+var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 47)
 var file_sa_proto_goTypes = []interface{}{
 	(*RegistrationID)(nil),                     // 0: sa.RegistrationID
 	(*JSONWebKey)(nil),                         // 1: sa.JSONWebKey
@@ -2785,145 +3159,157 @@ var file_sa_proto_goTypes = []interface{}{
 	(*SerialMetadata)(nil),                     // 7: sa.SerialMetadata
 	(*Range)(nil),                              // 8: sa.Range
 	(*Count)(nil),                              // 9: sa.Count
-	(*CountCertificatesByNamesRequest)(nil),    // 10: sa.CountCertificatesByNamesRequest
-	(*CountByNames)(nil),                       // 11: sa.CountByNames
-	(*CountRegistrationsByIPRequest)(nil),      // 12: sa.CountRegistrationsByIPRequest
-	(*CountInvalidAuthorizationsRequest)(nil),  // 13: sa.CountInvalidAuthorizationsRequest
-	(*CountOrdersRequest)(nil),                 // 14: sa.CountOrdersRequest
-	(*CountFQDNSetsRequest)(nil),               // 15: sa.CountFQDNSetsRequest
-	(*FQDNSetExistsRequest)(nil),               // 16: sa.FQDNSetExistsRequest
-	(*PreviousCertificateExistsRequest)(nil),   // 17: sa.PreviousCertificateExistsRequest
-	(*Exists)(nil),                             // 18: sa.Exists
-	(*AddSerialRequest)(nil),                   // 19: sa.AddSerialRequest
-	(*AddCertificateRequest)(nil),              // 20: sa.AddCertificateRequest
-	(*AddCertificateResponse)(nil),             // 21: sa.AddCertificateResponse
-	(*OrderRequest)(nil),                       // 22: sa.OrderRequest
-	(*NewOrderRequest)(nil),                    // 23: sa.NewOrderRequest
-	(*NewOrderAndAuthzsRequest)(nil),           // 24: sa.NewOrderAndAuthzsRequest
-	(*SetOrderErrorRequest)(nil),               // 25: sa.SetOrderErrorRequest
-	(*GetValidOrderAuthorizationsRequest)(nil), // 26: sa.GetValidOrderAuthorizationsRequest
-	(*GetOrderForNamesRequest)(nil),            // 27: sa.GetOrderForNamesRequest
-	(*FinalizeOrderRequest)(nil),               // 28: sa.FinalizeOrderRequest
-	(*GetAuthorizationsRequest)(nil),           // 29: sa.GetAuthorizationsRequest
-	(*Authorizations)(nil),                     // 30: sa.Authorizations
-	(*AddPendingAuthorizationsRequest)(nil),    // 31: sa.AddPendingAuthorizationsRequest
-	(*AuthorizationIDs)(nil),                   // 32: sa.AuthorizationIDs
-	(*AuthorizationID2)(nil),                   // 33: sa.AuthorizationID2
-	(*Authorization2IDs)(nil),                  // 34: sa.Authorization2IDs
-	(*RevokeCertificateRequest)(nil),           // 35: sa.RevokeCertificateRequest
-	(*FinalizeAuthorizationRequest)(nil),       // 36: sa.FinalizeAuthorizationRequest
-	(*AddBlockedKeyRequest)(nil),               // 37: sa.AddBlockedKeyRequest
-	(*KeyBlockedRequest)(nil),                  // 38: sa.KeyBlockedRequest
-	(*ValidAuthorizations_MapElement)(nil),     // 39: sa.ValidAuthorizations.MapElement
-	nil,                                        // 40: sa.CountByNames.CountsEntry
-	(*Authorizations_MapElement)(nil),          // 41: sa.Authorizations.MapElement
-	(*proto.Authorization)(nil),                // 42: core.Authorization
-	(*proto.ProblemDetails)(nil),               // 43: core.ProblemDetails
-	(*proto.ValidationRecord)(nil),             // 44: core.ValidationRecord
-	(*proto.Registration)(nil),                 // 45: core.Registration
-	(*proto.Certificate)(nil),                  // 46: core.Certificate
-	(*proto.CertificateStatus)(nil),            // 47: core.CertificateStatus
-	(*emptypb.Empty)(nil),                      // 48: google.protobuf.Empty
-	(*proto.Order)(nil),                        // 49: core.Order
+	(*Timestamps)(nil),                         // 10: sa.Timestamps
+	(*CountCertificatesByNamesRequest)(nil),    // 11: sa.CountCertificatesByNamesRequest
+	(*CountByNames)(nil),                       // 12: sa.CountByNames
+	(*CountRegistrationsByIPRequest)(nil),      // 13: sa.CountRegistrationsByIPRequest
+	(*CountInvalidAuthorizationsRequest)(nil),  // 14: sa.CountInvalidAuthorizationsRequest
+	(*CountOrdersRequest)(nil),                 // 15: sa.CountOrdersRequest
+	(*CountFQDNSetsRequest)(nil),               // 16: sa.CountFQDNSetsRequest
+	(*FQDNSetExistsRequest)(nil),               // 17: sa.FQDNSetExistsRequest
+	(*PreviousCertificateExistsRequest)(nil),   // 18: sa.PreviousCertificateExistsRequest
+	(*Exists)(nil),                             // 19: sa.Exists
+	(*AddSerialRequest)(nil),                   // 20: sa.AddSerialRequest
+	(*AddCertificateRequest)(nil),              // 21: sa.AddCertificateRequest
+	(*AddCertificateResponse)(nil),             // 22: sa.AddCertificateResponse
+	(*OrderRequest)(nil),                       // 23: sa.OrderRequest
+	(*NewOrderRequest)(nil),                    // 24: sa.NewOrderRequest
+	(*NewOrderAndAuthzsRequest)(nil),           // 25: sa.NewOrderAndAuthzsRequest
+	(*SetOrderErrorRequest)(nil),               // 26: sa.SetOrderErrorRequest
+	(*GetValidOrderAuthorizationsRequest)(nil), // 27: sa.GetValidOrderAuthorizationsRequest
+	(*GetOrderForNamesRequest)(nil),            // 28: sa.GetOrderForNamesRequest
+	(*FinalizeOrderRequest)(nil),               // 29: sa.FinalizeOrderRequest
+	(*GetAuthorizationsRequest)(nil),           // 30: sa.GetAuthorizationsRequest
+	(*Authorizations)(nil),                     // 31: sa.Authorizations
+	(*AddPendingAuthorizationsRequest)(nil),    // 32: sa.AddPendingAuthorizationsRequest
+	(*AuthorizationIDs)(nil),                   // 33: sa.AuthorizationIDs
+	(*AuthorizationID2)(nil),                   // 34: sa.AuthorizationID2
+	(*Authorization2IDs)(nil),                  // 35: sa.Authorization2IDs
+	(*RevokeCertificateRequest)(nil),           // 36: sa.RevokeCertificateRequest
+	(*FinalizeAuthorizationRequest)(nil),       // 37: sa.FinalizeAuthorizationRequest
+	(*AddBlockedKeyRequest)(nil),               // 38: sa.AddBlockedKeyRequest
+	(*KeyBlockedRequest)(nil),                  // 39: sa.KeyBlockedRequest
+	(*Incident)(nil),                           // 40: sa.Incident
+	(*SerialsForIncidentRequest)(nil),          // 41: sa.SerialsForIncidentRequest
+	(*IncidentSerial)(nil),                     // 42: sa.IncidentSerial
+	(*GetRevokedCertsRequest)(nil),             // 43: sa.GetRevokedCertsRequest
+	(*ValidAuthorizations_MapElement)(nil),     // 44: sa.ValidAuthorizations.MapElement
+	nil,                                        // 45: sa.CountByNames.CountsEntry
+	(*Authorizations_MapElement)(nil),          // 46: sa.Authorizations.MapElement
+	(*proto.Authorization)(nil),                // 47: core.Authorization
+	(*proto.ProblemDetails)(nil),               // 48: core.ProblemDetails
+	(*proto.ValidationRecord)(nil),             // 49: core.ValidationRecord
+	(*proto.Registration)(nil),                 // 50: core.Registration
+	(*proto.Certificate)(nil),                  // 51: core.Certificate
+	(*proto.CertificateStatus)(nil),            // 52: core.CertificateStatus
+	(*proto.CRLEntry)(nil),                     // 53: core.CRLEntry
+	(*emptypb.Empty)(nil),                      // 54: google.protobuf.Empty
+	(*proto.Order)(nil),                        // 55: core.Order
 }
 var file_sa_proto_depIdxs = []int32{
-	39, // 0: sa.ValidAuthorizations.valid:type_name -> sa.ValidAuthorizations.MapElement
+	44, // 0: sa.ValidAuthorizations.valid:type_name -> sa.ValidAuthorizations.MapElement
 	8,  // 1: sa.CountCertificatesByNamesRequest.range:type_name -> sa.Range
-	40, // 2: sa.CountByNames.counts:type_name -> sa.CountByNames.CountsEntry
+	45, // 2: sa.CountByNames.counts:type_name -> sa.CountByNames.CountsEntry
 	8,  // 3: sa.CountRegistrationsByIPRequest.range:type_name -> sa.Range
 	8,  // 4: sa.CountInvalidAuthorizationsRequest.range:type_name -> sa.Range
 	8,  // 5: sa.CountOrdersRequest.range:type_name -> sa.Range
-	23, // 6: sa.NewOrderAndAuthzsRequest.newOrder:type_name -> sa.NewOrderRequest
-	42, // 7: sa.NewOrderAndAuthzsRequest.newAuthzs:type_name -> core.Authorization
-	43, // 8: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails
-	41, // 9: sa.Authorizations.authz:type_name -> sa.Authorizations.MapElement
-	42, // 10: sa.AddPendingAuthorizationsRequest.authz:type_name -> core.Authorization
-	44, // 11: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord
-	43, // 12: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails
-	42, // 13: sa.ValidAuthorizations.MapElement.authz:type_name -> core.Authorization
-	42, // 14: sa.Authorizations.MapElement.authz:type_name -> core.Authorization
+	24, // 6: sa.NewOrderAndAuthzsRequest.newOrder:type_name -> sa.NewOrderRequest
+	47, // 7: sa.NewOrderAndAuthzsRequest.newAuthzs:type_name -> core.Authorization
+	48, // 8: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails
+	46, // 9: sa.Authorizations.authz:type_name -> sa.Authorizations.MapElement
+	47, // 10: sa.AddPendingAuthorizationsRequest.authz:type_name -> core.Authorization
+	49, // 11: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord
+	48, // 12: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails
+	47, // 13: sa.ValidAuthorizations.MapElement.authz:type_name -> core.Authorization
+	47, // 14: sa.Authorizations.MapElement.authz:type_name -> core.Authorization
 	0,  // 15: sa.StorageAuthority.GetRegistration:input_type -> sa.RegistrationID
 	1,  // 16: sa.StorageAuthority.GetRegistrationByKey:input_type -> sa.JSONWebKey
 	6,  // 17: sa.StorageAuthority.GetSerialMetadata:input_type -> sa.Serial
 	6,  // 18: sa.StorageAuthority.GetCertificate:input_type -> sa.Serial
 	6,  // 19: sa.StorageAuthority.GetPrecertificate:input_type -> sa.Serial
 	6,  // 20: sa.StorageAuthority.GetCertificateStatus:input_type -> sa.Serial
-	10, // 21: sa.StorageAuthority.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
-	12, // 22: sa.StorageAuthority.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
-	12, // 23: sa.StorageAuthority.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
-	14, // 24: sa.StorageAuthority.CountOrders:input_type -> sa.CountOrdersRequest
-	15, // 25: sa.StorageAuthority.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
-	16, // 26: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
-	17, // 27: sa.StorageAuthority.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
-	33, // 28: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2
-	29, // 29: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
-	3,  // 30: sa.StorageAuthority.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
-	0,  // 31: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID
-	26, // 32: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
-	13, // 33: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
-	4,  // 34: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
-	38, // 35: sa.StorageAuthority.KeyBlocked:input_type -> sa.KeyBlockedRequest
-	45, // 36: sa.StorageAuthority.NewRegistration:input_type -> core.Registration
-	45, // 37: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration
-	20, // 38: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest
-	20, // 39: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest
-	19, // 40: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest
-	0,  // 41: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID
-	23, // 42: sa.StorageAuthority.NewOrder:input_type -> sa.NewOrderRequest
-	24, // 43: sa.StorageAuthority.NewOrderAndAuthzs:input_type -> sa.NewOrderAndAuthzsRequest
-	22, // 44: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest
-	25, // 45: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest
-	28, // 46: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest
-	22, // 47: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest
-	27, // 48: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
-	35, // 49: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest
-	35, // 50: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest
-	31, // 51: sa.StorageAuthority.NewAuthorizations2:input_type -> sa.AddPendingAuthorizationsRequest
-	36, // 52: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest
-	33, // 53: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2
-	37, // 54: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest
-	45, // 55: sa.StorageAuthority.GetRegistration:output_type -> core.Registration
-	45, // 56: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration
-	7,  // 57: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata
-	46, // 58: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate
-	46, // 59: sa.StorageAuthority.GetPrecertificate:output_type -> core.Certificate
-	47, // 60: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus
-	11, // 61: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames
-	9,  // 62: sa.StorageAuthority.CountRegistrationsByIP:output_type -> sa.Count
-	9,  // 63: sa.StorageAuthority.CountRegistrationsByIPRange:output_type -> sa.Count
-	9,  // 64: sa.StorageAuthority.CountOrders:output_type -> sa.Count
-	9,  // 65: sa.StorageAuthority.CountFQDNSets:output_type -> sa.Count
-	18, // 66: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists
-	18, // 67: sa.StorageAuthority.PreviousCertificateExists:output_type -> sa.Exists
-	42, // 68: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization
-	30, // 69: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations
-	42, // 70: sa.StorageAuthority.GetPendingAuthorization2:output_type -> core.Authorization
-	9,  // 71: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count
-	30, // 72: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
-	9,  // 73: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count
-	30, // 74: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations
-	18, // 75: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists
-	45, // 76: sa.StorageAuthority.NewRegistration:output_type -> core.Registration
-	48, // 77: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty
-	21, // 78: sa.StorageAuthority.AddCertificate:output_type -> sa.AddCertificateResponse
-	48, // 79: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty
-	48, // 80: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty
-	48, // 81: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
-	49, // 82: sa.StorageAuthority.NewOrder:output_type -> core.Order
-	49, // 83: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order
-	48, // 84: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty
-	48, // 85: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty
-	48, // 86: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty
-	49, // 87: sa.StorageAuthority.GetOrder:output_type -> core.Order
-	49, // 88: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order
-	48, // 89: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty
-	48, // 90: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty
-	34, // 91: sa.StorageAuthority.NewAuthorizations2:output_type -> sa.Authorization2IDs
-	48, // 92: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty
-	48, // 93: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty
-	48, // 94: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty
-	55, // [55:95] is the sub-list for method output_type
-	15, // [15:55] is the sub-list for method input_type
+	11, // 21: sa.StorageAuthority.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
+	13, // 22: sa.StorageAuthority.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
+	13, // 23: sa.StorageAuthority.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
+	15, // 24: sa.StorageAuthority.CountOrders:input_type -> sa.CountOrdersRequest
+	16, // 25: sa.StorageAuthority.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
+	16, // 26: sa.StorageAuthority.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest
+	17, // 27: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
+	18, // 28: sa.StorageAuthority.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
+	34, // 29: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2
+	30, // 30: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
+	3,  // 31: sa.StorageAuthority.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
+	0,  // 32: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID
+	27, // 33: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
+	14, // 34: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
+	4,  // 35: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
+	39, // 36: sa.StorageAuthority.KeyBlocked:input_type -> sa.KeyBlockedRequest
+	41, // 37: sa.StorageAuthority.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest
+	43, // 38: sa.StorageAuthority.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest
+	50, // 39: sa.StorageAuthority.NewRegistration:input_type -> core.Registration
+	50, // 40: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration
+	21, // 41: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest
+	21, // 42: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest
+	20, // 43: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest
+	0,  // 44: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID
+	24, // 45: sa.StorageAuthority.NewOrder:input_type -> sa.NewOrderRequest
+	25, // 46: sa.StorageAuthority.NewOrderAndAuthzs:input_type -> sa.NewOrderAndAuthzsRequest
+	23, // 47: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest
+	26, // 48: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest
+	29, // 49: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest
+	23, // 50: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest
+	28, // 51: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
+	36, // 52: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest
+	36, // 53: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest
+	32, // 54: sa.StorageAuthority.NewAuthorizations2:input_type -> sa.AddPendingAuthorizationsRequest
+	37, // 55: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest
+	34, // 56: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2
+	38, // 57: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest
+	50, // 58: sa.StorageAuthority.GetRegistration:output_type -> core.Registration
+	50, // 59: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration
+	7,  // 60: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata
+	51, // 61: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate
+	51, // 62: sa.StorageAuthority.GetPrecertificate:output_type -> core.Certificate
+	52, // 63: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus
+	12, // 64: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames
+	9,  // 65: sa.StorageAuthority.CountRegistrationsByIP:output_type -> sa.Count
+	9,  // 66: sa.StorageAuthority.CountRegistrationsByIPRange:output_type -> sa.Count
+	9,  // 67: sa.StorageAuthority.CountOrders:output_type -> sa.Count
+	9,  // 68: sa.StorageAuthority.CountFQDNSets:output_type -> sa.Count
+	10, // 69: sa.StorageAuthority.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps
+	19, // 70: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists
+	19, // 71: sa.StorageAuthority.PreviousCertificateExists:output_type -> sa.Exists
+	47, // 72: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization
+	31, // 73: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations
+	47, // 74: sa.StorageAuthority.GetPendingAuthorization2:output_type -> core.Authorization
+	9,  // 75: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count
+	31, // 76: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
+	9,  // 77: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count
+	31, // 78: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations
+	19, // 79: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists
+	42, // 80: sa.StorageAuthority.SerialsForIncident:output_type -> sa.IncidentSerial
+	53, // 81: sa.StorageAuthority.GetRevokedCerts:output_type -> core.CRLEntry
+	50, // 82: sa.StorageAuthority.NewRegistration:output_type -> core.Registration
+	54, // 83: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty
+	22, // 84: sa.StorageAuthority.AddCertificate:output_type -> sa.AddCertificateResponse
+	54, // 85: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty
+	54, // 86: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty
+	54, // 87: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
+	55, // 88: sa.StorageAuthority.NewOrder:output_type -> core.Order
+	55, // 89: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order
+	54, // 90: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty
+	54, // 91: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty
+	54, // 92: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty
+	55, // 93: sa.StorageAuthority.GetOrder:output_type -> core.Order
+	55, // 94: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order
+	54, // 95: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty
+	54, // 96: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty
+	35, // 97: sa.StorageAuthority.NewAuthorizations2:output_type -> sa.Authorization2IDs
+	54, // 98: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty
+	54, // 99: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty
+	54, // 100: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty
+	58, // [58:101] is the sub-list for method output_type
+	15, // [15:58] is the sub-list for method input_type
 	15, // [15:15] is the sub-list for extension type_name
 	15, // [15:15] is the sub-list for extension extendee
 	0,  // [0:15] is the sub-list for field type_name
@@ -3056,7 +3442,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountCertificatesByNamesRequest); i {
+			switch v := v.(*Timestamps); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3068,7 +3454,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountByNames); i {
+			switch v := v.(*CountCertificatesByNamesRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3080,7 +3466,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountRegistrationsByIPRequest); i {
+			switch v := v.(*CountByNames); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3092,7 +3478,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountInvalidAuthorizationsRequest); i {
+			switch v := v.(*CountRegistrationsByIPRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3104,7 +3490,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountOrdersRequest); i {
+			switch v := v.(*CountInvalidAuthorizationsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3116,7 +3502,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountFQDNSetsRequest); i {
+			switch v := v.(*CountOrdersRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3128,7 +3514,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FQDNSetExistsRequest); i {
+			switch v := v.(*CountFQDNSetsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3140,7 +3526,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PreviousCertificateExistsRequest); i {
+			switch v := v.(*FQDNSetExistsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3152,7 +3538,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Exists); i {
+			switch v := v.(*PreviousCertificateExistsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3164,7 +3550,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddSerialRequest); i {
+			switch v := v.(*Exists); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3176,7 +3562,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddCertificateRequest); i {
+			switch v := v.(*AddSerialRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3188,7 +3574,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddCertificateResponse); i {
+			switch v := v.(*AddCertificateRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3200,7 +3586,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OrderRequest); i {
+			switch v := v.(*AddCertificateResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3212,7 +3598,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NewOrderRequest); i {
+			switch v := v.(*OrderRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3224,7 +3610,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NewOrderAndAuthzsRequest); i {
+			switch v := v.(*NewOrderRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3236,7 +3622,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SetOrderErrorRequest); i {
+			switch v := v.(*NewOrderAndAuthzsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3248,7 +3634,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetValidOrderAuthorizationsRequest); i {
+			switch v := v.(*SetOrderErrorRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3260,7 +3646,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetOrderForNamesRequest); i {
+			switch v := v.(*GetValidOrderAuthorizationsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3272,7 +3658,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FinalizeOrderRequest); i {
+			switch v := v.(*GetOrderForNamesRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3284,7 +3670,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetAuthorizationsRequest); i {
+			switch v := v.(*FinalizeOrderRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3296,7 +3682,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorizations); i {
+			switch v := v.(*GetAuthorizationsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3308,7 +3694,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddPendingAuthorizationsRequest); i {
+			switch v := v.(*Authorizations); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3320,7 +3706,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationIDs); i {
+			switch v := v.(*AddPendingAuthorizationsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3332,7 +3718,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationID2); i {
+			switch v := v.(*AuthorizationIDs); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3344,7 +3730,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorization2IDs); i {
+			switch v := v.(*AuthorizationID2); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3356,7 +3742,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RevokeCertificateRequest); i {
+			switch v := v.(*Authorization2IDs); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3368,7 +3754,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FinalizeAuthorizationRequest); i {
+			switch v := v.(*RevokeCertificateRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3380,7 +3766,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddBlockedKeyRequest); i {
+			switch v := v.(*FinalizeAuthorizationRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3392,7 +3778,7 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*KeyBlockedRequest); i {
+			switch v := v.(*AddBlockedKeyRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3404,7 +3790,19 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ValidAuthorizations_MapElement); i {
+			switch v := v.(*KeyBlockedRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sa_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Incident); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3416,6 +3814,54 @@ func file_sa_proto_init() {
 			}
 		}
 		file_sa_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SerialsForIncidentRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sa_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*IncidentSerial); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sa_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetRevokedCertsRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sa_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidAuthorizations_MapElement); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sa_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Authorizations_MapElement); i {
 			case 0:
 				return &v.state
@@ -3434,7 +3880,7 @@ func file_sa_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_sa_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   42,
+			NumMessages:   47,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
index 25d2d6434..6eafefbe4 100644
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
+++ b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
@@ -21,6 +21,7 @@ service StorageAuthority {
   // Return a count of authorizations with status "invalid" that belong to
   // a given registration ID and expire in the given time range.
   rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
+  rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {}
   rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {}
   rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
   rpc GetAuthorization2(AuthorizationID2) returns (core.Authorization) {}
@@ -31,6 +32,8 @@ service StorageAuthority {
   rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {}
   rpc GetValidAuthorizations2(GetValidAuthorizationsRequest) returns (Authorizations) {}
   rpc KeyBlocked(KeyBlockedRequest) returns (Exists) {}
+  rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {}
+  rpc GetRevokedCerts(GetRevokedCertsRequest) returns (stream core.CRLEntry) {}
   // Adders
   rpc NewRegistration(core.Registration) returns (core.Registration) {}
   rpc UpdateRegistration(core.Registration) returns (google.protobuf.Empty) {}
@@ -107,6 +110,10 @@ message Count {
   int64 count = 1;
 }
 
+message Timestamps {
+	repeated int64 timestamps = 1; // Unix timestamp (nanoseconds)
+}
+
 message CountCertificatesByNamesRequest {
   Range range = 1;
   repeated string names = 2;
@@ -247,6 +254,7 @@ message RevokeCertificateRequest {
   int64 date = 3; // Unix timestamp (nanoseconds)
   int64 backdate = 5; // Unix timestamp (nanoseconds)
   bytes response = 4;
+  int64 issuerID = 6;
 }
 
 message FinalizeAuthorizationRequest {
@@ -270,3 +278,29 @@ message AddBlockedKeyRequest {
 message KeyBlockedRequest {
   bytes keyHash = 1;
 }
+
+message Incident {
+  int64 id = 1;
+  string serialTable = 2;
+  string url = 3;
+  int64 renewBy = 4; // Unix timestamp (nanoseconds)
+  bool enabled = 5;
+}
+
+message SerialsForIncidentRequest {
+  string incidentTable = 1;
+}
+
+message IncidentSerial {
+  string serial = 1;
+  int64 registrationID = 2;
+  int64 orderID = 3;
+  int64 lastNoticeSent = 4; // Unix timestamp (nanoseconds)
+}
+
+message GetRevokedCertsRequest {
+  int64 issuerNameID = 1;
+  int64 expiresAfter = 2; // Unix timestamp (nanoseconds), inclusive
+  int64 expiresBefore = 3; // Unix timestamp (nanoseconds), exclusive
+  int64 revokedBefore = 4; // Unix timestamp (nanoseconds)
+}
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go b/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
index 3aae5354b..7534016eb 100644
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
+++ b/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.20.1
+// source: sa.proto
 
 package proto
 
@@ -34,6 +38,7 @@ type StorageAuthorityClient interface {
 	// Return a count of authorizations with status "invalid" that belong to
 	// a given registration ID and expire in the given time range.
 	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
+	FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error)
 	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
 	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
 	GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error)
@@ -44,6 +49,8 @@ type StorageAuthorityClient interface {
 	CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
 	GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
 	KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error)
+	SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthority_SerialsForIncidentClient, error)
+	GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthority_GetRevokedCertsClient, error)
 	// Adders
 	NewRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*proto.Registration, error)
 	UpdateRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*emptypb.Empty, error)
@@ -173,6 +180,15 @@ func (c *storageAuthorityClient) CountFQDNSets(ctx context.Context, in *CountFQD
 	return out, nil
 }
 
+func (c *storageAuthorityClient) FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error) {
+	out := new(Timestamps)
+	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FQDNSetTimestampsForWindow", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 func (c *storageAuthorityClient) FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
 	out := new(Exists)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FQDNSetExists", in, out, opts...)
@@ -263,6 +279,70 @@ func (c *storageAuthorityClient) KeyBlocked(ctx context.Context, in *KeyBlockedR
 	return out, nil
 }
 
+func (c *storageAuthorityClient) SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthority_SerialsForIncidentClient, error) {
+	stream, err := c.cc.NewStream(ctx, &StorageAuthority_ServiceDesc.Streams[0], "/sa.StorageAuthority/SerialsForIncident", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &storageAuthoritySerialsForIncidentClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type StorageAuthority_SerialsForIncidentClient interface {
+	Recv() (*IncidentSerial, error)
+	grpc.ClientStream
+}
+
+type storageAuthoritySerialsForIncidentClient struct {
+	grpc.ClientStream
+}
+
+func (x *storageAuthoritySerialsForIncidentClient) Recv() (*IncidentSerial, error) {
+	m := new(IncidentSerial)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (c *storageAuthorityClient) GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthority_GetRevokedCertsClient, error) {
+	stream, err := c.cc.NewStream(ctx, &StorageAuthority_ServiceDesc.Streams[1], "/sa.StorageAuthority/GetRevokedCerts", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &storageAuthorityGetRevokedCertsClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type StorageAuthority_GetRevokedCertsClient interface {
+	Recv() (*proto.CRLEntry, error)
+	grpc.ClientStream
+}
+
+type storageAuthorityGetRevokedCertsClient struct {
+	grpc.ClientStream
+}
+
+func (x *storageAuthorityGetRevokedCertsClient) Recv() (*proto.CRLEntry, error) {
+	m := new(proto.CRLEntry)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
 func (c *storageAuthorityClient) NewRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*proto.Registration, error) {
 	out := new(proto.Registration)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewRegistration", in, out, opts...)
@@ -452,6 +532,7 @@ type StorageAuthorityServer interface {
 	// Return a count of authorizations with status "invalid" that belong to
 	// a given registration ID and expire in the given time range.
 	CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error)
+	FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error)
 	FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error)
 	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
 	GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error)
@@ -462,6 +543,8 @@ type StorageAuthorityServer interface {
 	CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error)
 	GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error)
 	KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error)
+	SerialsForIncident(*SerialsForIncidentRequest, StorageAuthority_SerialsForIncidentServer) error
+	GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthority_GetRevokedCertsServer) error
 	// Adders
 	NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error)
 	UpdateRegistration(context.Context, *proto.Registration) (*emptypb.Empty, error)
@@ -522,6 +605,9 @@ func (UnimplementedStorageAuthorityServer) CountOrders(context.Context, *CountOr
 func (UnimplementedStorageAuthorityServer) CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method CountFQDNSets not implemented")
 }
+func (UnimplementedStorageAuthorityServer) FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetTimestampsForWindow not implemented")
+}
 func (UnimplementedStorageAuthorityServer) FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetExists not implemented")
 }
@@ -552,6 +638,12 @@ func (UnimplementedStorageAuthorityServer) GetValidAuthorizations2(context.Conte
 func (UnimplementedStorageAuthorityServer) KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method KeyBlocked not implemented")
 }
+func (UnimplementedStorageAuthorityServer) SerialsForIncident(*SerialsForIncidentRequest, StorageAuthority_SerialsForIncidentServer) error {
+	return status.Errorf(codes.Unimplemented, "method SerialsForIncident not implemented")
+}
+func (UnimplementedStorageAuthorityServer) GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthority_GetRevokedCertsServer) error {
+	return status.Errorf(codes.Unimplemented, "method GetRevokedCerts not implemented")
+}
 func (UnimplementedStorageAuthorityServer) NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method NewRegistration not implemented")
 }
@@ -820,6 +912,24 @@ func _StorageAuthority_CountFQDNSets_Handler(srv interface{}, ctx context.Contex
 	return interceptor(ctx, in, info, handler)
 }
 
+func _StorageAuthority_FQDNSetTimestampsForWindow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CountFQDNSetsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(StorageAuthorityServer).FQDNSetTimestampsForWindow(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/sa.StorageAuthority/FQDNSetTimestampsForWindow",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(StorageAuthorityServer).FQDNSetTimestampsForWindow(ctx, req.(*CountFQDNSetsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 func _StorageAuthority_FQDNSetExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(FQDNSetExistsRequest)
 	if err := dec(in); err != nil {
@@ -1000,6 +1110,48 @@ func _StorageAuthority_KeyBlocked_Handler(srv interface{}, ctx context.Context,
 	return interceptor(ctx, in, info, handler)
 }
 
+func _StorageAuthority_SerialsForIncident_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(SerialsForIncidentRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(StorageAuthorityServer).SerialsForIncident(m, &storageAuthoritySerialsForIncidentServer{stream})
+}
+
+type StorageAuthority_SerialsForIncidentServer interface {
+	Send(*IncidentSerial) error
+	grpc.ServerStream
+}
+
+type storageAuthoritySerialsForIncidentServer struct {
+	grpc.ServerStream
+}
+
+func (x *storageAuthoritySerialsForIncidentServer) Send(m *IncidentSerial) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func _StorageAuthority_GetRevokedCerts_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(GetRevokedCertsRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(StorageAuthorityServer).GetRevokedCerts(m, &storageAuthorityGetRevokedCertsServer{stream})
+}
+
+type StorageAuthority_GetRevokedCertsServer interface {
+	Send(*proto.CRLEntry) error
+	grpc.ServerStream
+}
+
+type storageAuthorityGetRevokedCertsServer struct {
+	grpc.ServerStream
+}
+
+func (x *storageAuthorityGetRevokedCertsServer) Send(m *proto.CRLEntry) error {
+	return x.ServerStream.SendMsg(m)
+}
+
 func _StorageAuthority_NewRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(proto.Registration)
 	if err := dec(in); err != nil {
@@ -1394,6 +1546,10 @@ var StorageAuthority_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _StorageAuthority_CountFQDNSets_Handler,
 		},
 		{
+			MethodName: "FQDNSetTimestampsForWindow",
+			Handler:    _StorageAuthority_FQDNSetTimestampsForWindow_Handler,
+		},
+		{
 			MethodName: "FQDNSetExists",
 			Handler:    _StorageAuthority_FQDNSetExists_Handler,
 		},
@@ -1510,6 +1666,17 @@ var StorageAuthority_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _StorageAuthority_AddBlockedKey_Handler,
 		},
 	},
-	Streams:  []grpc.StreamDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "SerialsForIncident",
+			Handler:       _StorageAuthority_SerialsForIncident_Handler,
+			ServerStreams: true,
+		},
+		{
+			StreamName:    "GetRevokedCerts",
+			Handler:       _StorageAuthority_GetRevokedCerts_Handler,
+			ServerStreams: true,
+		},
+	},
 	Metadata: "sa.proto",
 }
diff --git a/vendor/github.com/manifoldco/promptui/go.mod b/vendor/github.com/manifoldco/promptui/go.mod
deleted file mode 100644
index a69023954..000000000
--- a/vendor/github.com/manifoldco/promptui/go.mod
+++ /dev/null
@@ -1,10 +0,0 @@
-module github.com/manifoldco/promptui
-
-go 1.12
-
-require (
-	github.com/chzyer/logex v1.1.10 // indirect
-	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
-	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
-	golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b // indirect
-)
diff --git a/vendor/github.com/manifoldco/promptui/go.sum b/vendor/github.com/manifoldco/promptui/go.sum
deleted file mode 100644
index fcb24c854..000000000
--- a/vendor/github.com/manifoldco/promptui/go.sum
+++ /dev/null
@@ -1,8 +0,0 @@
-github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b h1:MQE+LT/ABUuuvEZ+YQAMSXindAdUh7slEmAkup74op4=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
diff --git a/vendor/github.com/mattn/go-isatty/go.mod b/vendor/github.com/mattn/go-isatty/go.mod
deleted file mode 100644
index c9a20b7f3..000000000
--- a/vendor/github.com/mattn/go-isatty/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/mattn/go-isatty
-
-go 1.12
-
-require golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
diff --git a/vendor/github.com/mattn/go-isatty/go.sum b/vendor/github.com/mattn/go-isatty/go.sum
deleted file mode 100644
index 912e29cbc..000000000
--- a/vendor/github.com/mattn/go-isatty/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42 h1:vEOn+mP2zCOVzKckCZy6YsCtDblrpj/w7B9nxGNELpg=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/mattn/go-runewidth/go.mod b/vendor/github.com/mattn/go-runewidth/go.mod
deleted file mode 100644
index 62dba1bfc..000000000
--- a/vendor/github.com/mattn/go-runewidth/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/mattn/go-runewidth
-
-go 1.9
-
-require github.com/rivo/uniseg v0.2.0
diff --git a/vendor/github.com/mattn/go-runewidth/go.sum b/vendor/github.com/mattn/go-runewidth/go.sum
deleted file mode 100644
index 03f902d56..000000000
--- a/vendor/github.com/mattn/go-runewidth/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
diff --git a/vendor/github.com/mattn/go-shellwords/go.mod b/vendor/github.com/mattn/go-shellwords/go.mod
deleted file mode 100644
index 927c8c7d6..000000000
--- a/vendor/github.com/mattn/go-shellwords/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/mattn/go-shellwords
-
-go 1.13
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE b/vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE
deleted file mode 100644
index 8dada3eda..000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE b/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE
deleted file mode 100644
index 5d8cb5b72..000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE
+++ /dev/null
@@ -1 +0,0 @@
-Copyright 2012 Matt T. Proud (matt.proud@gmail.com)
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore
deleted file mode 100644
index e16fb946b..000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-cover.dat
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile
deleted file mode 100644
index 81be21437..000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-all:
-
-cover:
-	go test -cover -v -coverprofile=cover.dat ./...
-	go tool cover -func cover.dat
-
-.PHONY: cover
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
deleted file mode 100644
index 258c0636a..000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package pbutil
-
-import (
-	"encoding/binary"
-	"errors"
-	"io"
-
-	"github.com/golang/protobuf/proto"
-)
-
-var errInvalidVarint = errors.New("invalid varint32 encountered")
-
-// ReadDelimited decodes a message from the provided length-delimited stream,
-// where the length is encoded as 32-bit varint prefix to the message body.
-// It returns the total number of bytes read and any applicable error.  This is
-// roughly equivalent to the companion Java API's
-// MessageLite#parseDelimitedFrom.  As per the reader contract, this function
-// calls r.Read repeatedly as required until exactly one message including its
-// prefix is read and decoded (or an error has occurred).  The function never
-// reads more bytes from the stream than required.  The function never returns
-// an error if a message has been read and decoded correctly, even if the end
-// of the stream has been reached in doing so.  In that case, any subsequent
-// calls return (0, io.EOF).
-func ReadDelimited(r io.Reader, m proto.Message) (n int, err error) {
-	// Per AbstractParser#parsePartialDelimitedFrom with
-	// CodedInputStream#readRawVarint32.
-	var headerBuf [binary.MaxVarintLen32]byte
-	var bytesRead, varIntBytes int
-	var messageLength uint64
-	for varIntBytes == 0 { // i.e. no varint has been decoded yet.
-		if bytesRead >= len(headerBuf) {
-			return bytesRead, errInvalidVarint
-		}
-		// We have to read byte by byte here to avoid reading more bytes
-		// than required. Each read byte is appended to what we have
-		// read before.
-		newBytesRead, err := r.Read(headerBuf[bytesRead : bytesRead+1])
-		if newBytesRead == 0 {
-			if err != nil {
-				return bytesRead, err
-			}
-			// A Reader should not return (0, nil), but if it does,
-			// it should be treated as no-op (according to the
-			// Reader contract). So let's go on...
-			continue
-		}
-		bytesRead += newBytesRead
-		// Now present everything read so far to the varint decoder and
-		// see if a varint can be decoded already.
-		messageLength, varIntBytes = proto.DecodeVarint(headerBuf[:bytesRead])
-	}
-
-	messageBuf := make([]byte, messageLength)
-	newBytesRead, err := io.ReadFull(r, messageBuf)
-	bytesRead += newBytesRead
-	if err != nil {
-		return bytesRead, err
-	}
-
-	return bytesRead, proto.Unmarshal(messageBuf, m)
-}
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go
deleted file mode 100644
index c318385cb..000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package pbutil provides record length-delimited Protocol Buffer streaming.
-package pbutil
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
deleted file mode 100644
index 8fb59ad22..000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package pbutil
-
-import (
-	"encoding/binary"
-	"io"
-
-	"github.com/golang/protobuf/proto"
-)
-
-// WriteDelimited encodes and dumps a message to the provided writer prefixed
-// with a 32-bit varint indicating the length of the encoded message, producing
-// a length-delimited record stream, which can be used to chain together
-// encoded messages of the same type together in a file.  It returns the total
-// number of bytes written and any applicable error.  This is roughly
-// equivalent to the companion Java API's MessageLite#writeDelimitedTo.
-func WriteDelimited(w io.Writer, m proto.Message) (n int, err error) {
-	buffer, err := proto.Marshal(m)
-	if err != nil {
-		return 0, err
-	}
-
-	var buf [binary.MaxVarintLen32]byte
-	encodedLength := binary.PutUvarint(buf[:], uint64(len(buffer)))
-
-	sync, err := w.Write(buf[:encodedLength])
-	if err != nil {
-		return sync, err
-	}
-
-	n, err = w.Write(buffer)
-	return n + sync, err
-}
diff --git a/vendor/github.com/miekg/pkcs11/go.mod b/vendor/github.com/miekg/pkcs11/go.mod
deleted file mode 100644
index 704296fc9..000000000
--- a/vendor/github.com/miekg/pkcs11/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/miekg/pkcs11
-
-go 1.12
diff --git a/vendor/github.com/moby/sys/mount/go.mod b/vendor/github.com/moby/sys/mount/go.mod
deleted file mode 100644
index f02197926..000000000
--- a/vendor/github.com/moby/sys/mount/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module github.com/moby/sys/mount
-
-go 1.16
-
-require (
-	github.com/moby/sys/mountinfo v0.6.2
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
-)
diff --git a/vendor/github.com/moby/sys/mount/go.sum b/vendor/github.com/moby/sys/mount/go.sum
deleted file mode 100644
index a2d6c47a1..000000000
--- a/vendor/github.com/moby/sys/mount/go.sum
+++ /dev/null
@@ -1,4 +0,0 @@
-github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
-github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/vendor/github.com/moby/sys/mountinfo/go.mod b/vendor/github.com/moby/sys/mountinfo/go.mod
deleted file mode 100644
index e1bcdfe79..000000000
--- a/vendor/github.com/moby/sys/mountinfo/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/moby/sys/mountinfo
-
-go 1.16
-
-require golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
diff --git a/vendor/github.com/moby/sys/mountinfo/go.sum b/vendor/github.com/moby/sys/mountinfo/go.sum
deleted file mode 100644
index af14a66ec..000000000
--- a/vendor/github.com/moby/sys/mountinfo/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/vendor/github.com/moby/term/go.mod b/vendor/github.com/moby/term/go.mod
deleted file mode 100644
index 541f2d429..000000000
--- a/vendor/github.com/moby/term/go.mod
+++ /dev/null
@@ -1,12 +0,0 @@
-module github.com/moby/term
-
-go 1.13
-
-require (
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
-	github.com/creack/pty v1.1.11
-	github.com/google/go-cmp v0.4.0
-	github.com/pkg/errors v0.9.1 // indirect
-	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
-	gotest.tools/v3 v3.0.2
-)
diff --git a/vendor/github.com/moby/term/go.sum b/vendor/github.com/moby/term/go.sum
deleted file mode 100644
index f270b174c..000000000
--- a/vendor/github.com/moby/term/go.sum
+++ /dev/null
@@ -1,23 +0,0 @@
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
-github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gotest.tools/v3 v3.0.2 h1:kG1BFyqVHuQoVQiR1bWGnfz/fmHvvuiSPIV7rvl360E=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
diff --git a/vendor/github.com/modern-go/reflect2/go.mod b/vendor/github.com/modern-go/reflect2/go.mod
deleted file mode 100644
index 9057e9b33..000000000
--- a/vendor/github.com/modern-go/reflect2/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/modern-go/reflect2
-
-go 1.12
diff --git a/vendor/github.com/nxadm/tail/go.mod b/vendor/github.com/nxadm/tail/go.mod
deleted file mode 100644
index 5de9a6061..000000000
--- a/vendor/github.com/nxadm/tail/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module github.com/nxadm/tail
-
-go 1.13
-
-require (
-	github.com/fsnotify/fsnotify v1.4.9
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
-)
diff --git a/vendor/github.com/nxadm/tail/go.sum b/vendor/github.com/nxadm/tail/go.sum
deleted file mode 100644
index 3485daedb..000000000
--- a/vendor/github.com/nxadm/tail/go.sum
+++ /dev/null
@@ -1,6 +0,0 @@
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9 h1:L2auWcuQIvxz9xSEqzESnV/QN/gNRXNApHi3fYwl2w0=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
diff --git a/vendor/github.com/onsi/ginkgo/go.mod b/vendor/github.com/onsi/ginkgo/go.mod
deleted file mode 100644
index 171144326..000000000
--- a/vendor/github.com/onsi/ginkgo/go.mod
+++ /dev/null
@@ -1,13 +0,0 @@
-module github.com/onsi/ginkgo
-
-go 1.16
-
-require (
-	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
-	github.com/nxadm/tail v1.4.8
-	github.com/onsi/gomega v1.10.1
-	golang.org/x/sys v0.0.0-20210112080510-489259a85091
-	golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e
-)
-
-retract v1.16.3 // git tag accidentally associated with incorrect git commit
diff --git a/vendor/github.com/onsi/ginkgo/go.sum b/vendor/github.com/onsi/ginkgo/go.sum
deleted file mode 100644
index 5c5c3c502..000000000
--- a/vendor/github.com/onsi/ginkgo/go.sum
+++ /dev/null
@@ -1,86 +0,0 @@
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091 h1:DMyOG0U+gKfu8JZzg2UQe9MeaC1X+xQWlAKcRnjxjCw=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e h1:4nW4NLDYnU28ojHaHO8OVxFHk/aQ33U01a9cjED+pzE=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md
index 4375bbc64..06065866b 100644
--- a/vendor/github.com/onsi/gomega/CHANGELOG.md
+++ b/vendor/github.com/onsi/gomega/CHANGELOG.md
@@ -1,3 +1,49 @@
+## 1.20.2
+
+## Fixes
+- label specs that rely on remote access; bump timeout on short-circuit test to make it less flaky [35eeadf]
+- gexec: allow more headroom for SIGABRT-related unit tests (#581) [5b78f40]
+- Enable reading from a closed gbytes.Buffer (#575) [061fd26]
+
+## Maintenance
+- Bump github.com/onsi/ginkgo/v2 from 2.1.5 to 2.1.6 (#583) [55d895b]
+- Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.5 (#582) [346de7c]
+
+## 1.20.1
+
+## Fixes
+- fix false positive gleaks when using ginkgo -p (#577) [cb46517]
+- Fix typos in gomega_dsl.go (#569) [5f71ed2]
+- don't panic on Eventually(nil), fixing #555 (#567) [9d1186f]
+- vet optional description args in assertions, fixing #560 (#566) [8e37808]
+
+## Maintenance
+- test: add new Go 1.19 to test matrix (#571) [40d7efe]
+- Bump tzinfo from 1.2.9 to 1.2.10 in /docs (#564) [5f26371]
+
+## 1.20.0
+
+## Features
+- New [`gleak`](https://onsi.github.io/gomega/#codegleakcode-finding-leaked-goroutines) experimental goroutine leak detection package! (#538) [85ba7bc]
+- New `BeComparableTo` matcher(#546) that uses `gocmp` to make comparisons [e77ea75]
+- New `HaveExistingField` matcher (#553) [fd130e1]
+- Document how to wrap Gomega (#539) [56714a4]
+
+## Fixes
+- Support pointer receivers in HaveField; fixes #543 (#544) [8dab36e]
+
+## Maintenance
+- Bump various dependencies:
+    - Upgrade to yaml.v3 (#556) [f5a83b1]
+    - Bump github/codeql-action from 1 to 2 (#549) [52f5adf]
+    - Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#551) [5f3942d]
+    - Bump nokogiri from 1.13.4 to 1.13.6 in /docs (#554) [eb4b4c2]
+    - Use latest ginkgo (#535) [1c29028]
+    - Bump nokogiri from 1.13.3 to 1.13.4 in /docs (#541) [1ce84d5]
+    - Bump actions/setup-go from 2 to 3 (#540) [755485e]
+    - Bump nokogiri from 1.12.5 to 1.13.3 in /docs (#522) [4fbb0dc]
+    - Bump actions/checkout from 2 to 3 (#526) [ac49202]
+
 ## 1.19.0
 
 ## Features
diff --git a/vendor/github.com/onsi/gomega/gbytes/buffer.go b/vendor/github.com/onsi/gomega/gbytes/buffer.go
index 809f3c543..6f77b2371 100644
--- a/vendor/github.com/onsi/gomega/gbytes/buffer.go
+++ b/vendor/github.com/onsi/gomega/gbytes/buffer.go
@@ -87,17 +87,11 @@ func (b *Buffer) Write(p []byte) (n int, err error) {
 /*
 Read implements the io.Reader interface. It advances the
 cursor as it reads.
-
-Returns an error if called after Close.
 */
 func (b *Buffer) Read(d []byte) (int, error) {
 	b.lock.Lock()
 	defer b.lock.Unlock()
 
-	if b.closed {
-		return 0, errors.New("attempt to read from closed buffer")
-	}
-
 	if uint64(len(b.contents)) <= b.readCursor {
 		return 0, io.EOF
 	}
diff --git a/vendor/github.com/onsi/gomega/go.mod b/vendor/github.com/onsi/gomega/go.mod
deleted file mode 100644
index 276ffb167..000000000
--- a/vendor/github.com/onsi/gomega/go.mod
+++ /dev/null
@@ -1,16 +0,0 @@
-module github.com/onsi/gomega
-
-go 1.18
-
-require (
-	github.com/golang/protobuf v1.5.2
-	github.com/onsi/ginkgo/v2 v2.1.3
-	golang.org/x/net v0.0.0-20220225172249-27dd8689420f
-	gopkg.in/yaml.v2 v2.4.0
-)
-
-require (
-	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
-	golang.org/x/text v0.3.7 // indirect
-	google.golang.org/protobuf v1.26.0 // indirect
-)
diff --git a/vendor/github.com/onsi/gomega/go.sum b/vendor/github.com/onsi/gomega/go.sum
deleted file mode 100644
index 256e91607..000000000
--- a/vendor/github.com/onsi/gomega/go.sum
+++ /dev/null
@@ -1,101 +0,0 @@
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
-github.com/onsi/ginkgo/v2 v2.1.3 h1:e/3Cwtogj0HA+25nMP1jCMDIf8RtRYbGwGGuBIFztkc=
-github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go
index dcb7e8879..60b1687ed 100644
--- a/vendor/github.com/onsi/gomega/gomega_dsl.go
+++ b/vendor/github.com/onsi/gomega/gomega_dsl.go
@@ -22,7 +22,7 @@ import (
 	"github.com/onsi/gomega/types"
 )
 
-const GOMEGA_VERSION = "1.19.0"
+const GOMEGA_VERSION = "1.20.2"
 
 const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler.
 If you're using Ginkgo then you probably forgot to put your assertion in an It().
@@ -34,7 +34,7 @@ Depending on your vendoring solution you may be inadvertently importing gomega a
 // to abstract between the standard package-level function implementations
 // and alternatives like *WithT.
 //
-// The types in the top-level DSL have gotten a bit messy due to earlier depracations that avoid stuttering
+// The types in the top-level DSL have gotten a bit messy due to earlier deprecations that avoid stuttering
 // and due to an accidental use of a concrete type (*WithT) in an earlier release.
 //
 // As of 1.15 both the WithT and Ginkgo variants of Gomega are implemented by the same underlying object
@@ -83,7 +83,7 @@ func internalGomega(g Gomega) *internal.Gomega {
 	return g.(*internal.Gomega)
 }
 
-// NewWithT takes a *testing.T and returngs a `gomega.WithT` allowing you to use `Expect`, `Eventually`, and `Consistently` along with
+// NewWithT takes a *testing.T and returns a `gomega.WithT` allowing you to use `Expect`, `Eventually`, and `Consistently` along with
 // Gomega's rich ecosystem of matchers in standard `testing` test suits.
 //
 //    func TestFarmHasCow(t *testing.T) {
@@ -120,7 +120,7 @@ func RegisterTestingT(t types.GomegaTestingT) {
 
 // InterceptGomegaFailures runs a given callback and returns an array of
 // failure messages generated by any Gomega assertions within the callback.
-// Exeuction continues after the first failure allowing users to collect all failures
+// Execution continues after the first failure allowing users to collect all failures
 // in the callback.
 //
 // This is most useful when testing custom matchers, but can also be used to check
@@ -247,7 +247,7 @@ There are several examples of values that can change over time.  These can be pa
 
 will poll the channel repeatedly until it is closed.  In this example `Eventually` will block until either the specified timeout of 50ms has elapsed or the channel is closed, whichever comes first.
 
-Several Gomega libraries allow you to use Eventually in this way.  For example, the gomega/gexec package allows you to block until a *gexec.Session exits successfuly via:
+Several Gomega libraries allow you to use Eventually in this way.  For example, the gomega/gexec package allows you to block until a *gexec.Session exits successfully via:
 
     Eventually(session).Should(gexec.Exit(0))
 
@@ -276,7 +276,7 @@ For example:
 
  will repeatedly poll client.FetchCount until the BeNumerically matcher is satisfied.  (Note that this example could have been written as Eventually(client.FetchCount).Should(BeNumerically(">=", 17)))
 
-If multple values are returned by the function, Eventually will pass the first value to the matcher and require that all others are zero-valued.  This allows you to pass Eventually a function that returns a value and an error - a common patternin Go.
+If multiple values are returned by the function, Eventually will pass the first value to the matcher and require that all others are zero-valued.  This allows you to pass Eventually a function that returns a value and an error - a common pattern in Go.
 
 For example, consider a method that returns a value and an error:
     func FetchFromDB() (string, error)
@@ -292,7 +292,7 @@ It is important to note that the function passed into Eventually is invoked *syn
 
 When testing complex systems it can be valuable to assert that a _set_ of assertions passes Eventually.  Eventually supports this by accepting functions that take a single Gomega argument and return zero or more values.
 
-Here's an example that makes some asssertions and returns a value and error:
+Here's an example that makes some assertions and returns a value and error:
 
 	Eventually(func(g Gomega) (Widget, error) {
 		ids, err := client.FetchIDs()
@@ -343,7 +343,7 @@ Consistently, like Eventually, enables making assertions on asynchronous behavio
 
 Consistently blocks when called for a specified duration.  During that duration Consistently repeatedly polls its matcher and ensures that it is satisfied.  If the matcher is consistently satisfied, then Consistently will pass.  Otherwise Consistently will fail.
 
-Both the total waiting duration and the polling interval are configurable as optional arguments.  The first optional arugment is the duration that Consistently will run for (defaults to 100ms), and the second argument is the polling interval (defaults to 10ms).  As with Eventually, these intervals can be passed in as time.Duration, parsable duration strings or an integer or float number of seconds.
+Both the total waiting duration and the polling interval are configurable as optional arguments.  The first optional argument is the duration that Consistently will run for (defaults to 100ms), and the second argument is the polling interval (defaults to 10ms).  As with Eventually, these intervals can be passed in as time.Duration, parsable duration strings or an integer or float number of seconds.
 
 Consistently accepts the same three categories of actual as Eventually, check the Eventually docs to learn more.
 
diff --git a/vendor/github.com/onsi/gomega/internal/assertion.go b/vendor/github.com/onsi/gomega/internal/assertion.go
index b3c26889a..7b7bdd149 100644
--- a/vendor/github.com/onsi/gomega/internal/assertion.go
+++ b/vendor/github.com/onsi/gomega/internal/assertion.go
@@ -45,26 +45,31 @@ func (assertion *Assertion) Error() types.Assertion {
 
 func (assertion *Assertion) Should(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool {
 	assertion.g.THelper()
+	vetOptionalDescription("Assertion", optionalDescription...)
 	return assertion.vet(assertion, optionalDescription...) && assertion.match(matcher, true, optionalDescription...)
 }
 
 func (assertion *Assertion) ShouldNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool {
 	assertion.g.THelper()
+	vetOptionalDescription("Assertion", optionalDescription...)
 	return assertion.vet(assertion, optionalDescription...) && assertion.match(matcher, false, optionalDescription...)
 }
 
 func (assertion *Assertion) To(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool {
 	assertion.g.THelper()
+	vetOptionalDescription("Assertion", optionalDescription...)
 	return assertion.vet(assertion, optionalDescription...) && assertion.match(matcher, true, optionalDescription...)
 }
 
 func (assertion *Assertion) ToNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool {
 	assertion.g.THelper()
+	vetOptionalDescription("Assertion", optionalDescription...)
 	return assertion.vet(assertion, optionalDescription...) && assertion.match(matcher, false, optionalDescription...)
 }
 
 func (assertion *Assertion) NotTo(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool {
 	assertion.g.THelper()
+	vetOptionalDescription("Assertion", optionalDescription...)
 	return assertion.vet(assertion, optionalDescription...) && assertion.match(matcher, false, optionalDescription...)
 }
 
diff --git a/vendor/github.com/onsi/gomega/internal/async_assertion.go b/vendor/github.com/onsi/gomega/internal/async_assertion.go
index 99f4ebcfe..126bbcb3f 100644
--- a/vendor/github.com/onsi/gomega/internal/async_assertion.go
+++ b/vendor/github.com/onsi/gomega/internal/async_assertion.go
@@ -40,7 +40,7 @@ func NewAsyncAssertion(asyncType AsyncAssertionType, actualInput interface{}, g
 	}
 
 	switch actualType := reflect.TypeOf(actualInput); {
-	case actualType.Kind() != reflect.Func:
+	case actualInput == nil || actualType.Kind() != reflect.Func:
 		out.actualValue = actualInput
 	case actualType.NumIn() == 0 && actualType.NumOut() > 0:
 		out.actualIsFunc = true
@@ -104,11 +104,13 @@ func (assertion *AsyncAssertion) WithPolling(interval time.Duration) types.Async
 
 func (assertion *AsyncAssertion) Should(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool {
 	assertion.g.THelper()
+	vetOptionalDescription("Asynchronous assertion", optionalDescription...)
 	return assertion.match(matcher, true, optionalDescription...)
 }
 
 func (assertion *AsyncAssertion) ShouldNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool {
 	assertion.g.THelper()
+	vetOptionalDescription("Asynchronous assertion", optionalDescription...)
 	return assertion.match(matcher, false, optionalDescription...)
 }
 
diff --git a/vendor/github.com/onsi/gomega/internal/vetoptdesc.go b/vendor/github.com/onsi/gomega/internal/vetoptdesc.go
new file mode 100644
index 000000000..f29587641
--- /dev/null
+++ b/vendor/github.com/onsi/gomega/internal/vetoptdesc.go
@@ -0,0 +1,22 @@
+package internal
+
+import (
+	"fmt"
+
+	"github.com/onsi/gomega/types"
+)
+
+// vetOptionalDescription vets the optional description args: if it finds any
+// Gomega matcher at the beginning it panics. This allows for rendering Gomega
+// matchers as part of an optional Description, as long as they're not in the
+// first slot.
+func vetOptionalDescription(assertion string, optionalDescription ...interface{}) {
+	if len(optionalDescription) == 0 {
+		return
+	}
+	if _, isGomegaMatcher := optionalDescription[0].(types.GomegaMatcher); isGomegaMatcher {
+		panic(fmt.Sprintf("%s has a GomegaMatcher as the first element of optionalDescription.\n\t"+
+			"Do you mean to use And/Or/SatisfyAll/SatisfyAny to combine multiple matchers?",
+			assertion))
+	}
+}
diff --git a/vendor/github.com/onsi/gomega/matchers.go b/vendor/github.com/onsi/gomega/matchers.go
index b58dd67cb..d6a099060 100644
--- a/vendor/github.com/onsi/gomega/matchers.go
+++ b/vendor/github.com/onsi/gomega/matchers.go
@@ -3,6 +3,7 @@ package gomega
 import (
 	"time"
 
+	"github.com/google/go-cmp/cmp"
 	"github.com/onsi/gomega/matchers"
 	"github.com/onsi/gomega/types"
 )
@@ -26,6 +27,15 @@ func BeEquivalentTo(expected interface{}) types.GomegaMatcher {
 	}
 }
 
+//BeComparableTo uses gocmp.Equal to compare. You can pass cmp.Option as options.
+//It is an error for actual and expected to be nil.  Use BeNil() instead.
+func BeComparableTo(expected interface{}, opts ...cmp.Option) types.GomegaMatcher {
+	return &matchers.BeComparableToMatcher{
+		Expected: expected,
+		Options:  opts,
+	}
+}
+
 //BeIdenticalTo uses the == operator to compare actual with expected.
 //BeIdenticalTo is strict about types when performing comparisons.
 //It is an error for both actual and expected to be nil.  Use BeNil() instead.
@@ -394,6 +404,19 @@ func HaveField(field string, expected interface{}) types.GomegaMatcher {
 	}
 }
 
+// HaveExistingField succeeds if actual is a struct and the specified field
+// exists.
+//
+// HaveExistingField can be combined with HaveField in order to cover use cases
+// with optional fields. HaveField alone would trigger an error in such situations.
+//
+//     Expect(MrHarmless).NotTo(And(HaveExistingField("Title"), HaveField("Title", "Supervillain")))
+func HaveExistingField(field string) types.GomegaMatcher {
+	return &matchers.HaveExistingFieldMatcher{
+		Field: field,
+	}
+}
+
 // HaveValue applies the given matcher to the value of actual, optionally and
 // repeatedly dereferencing pointers or taking the concrete value of interfaces.
 // Thus, the matcher will always be applied to non-pointer and non-interface
diff --git a/vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go b/vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go
new file mode 100644
index 000000000..8ab4bb919
--- /dev/null
+++ b/vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go
@@ -0,0 +1,49 @@
+package matchers
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/onsi/gomega/format"
+)
+
+type BeComparableToMatcher struct {
+	Expected interface{}
+	Options  cmp.Options
+}
+
+func (matcher *BeComparableToMatcher) Match(actual interface{}) (success bool, matchErr error) {
+	if actual == nil && matcher.Expected == nil {
+		return false, fmt.Errorf("Refusing to compare <nil> to <nil>.\nBe explicit and use BeNil() instead.  This is to avoid mistakes where both sides of an assertion are erroneously uninitialized.")
+	}
+	// Shortcut for byte slices.
+	// Comparing long byte slices with reflect.DeepEqual is very slow,
+	// so use bytes.Equal if actual and expected are both byte slices.
+	if actualByteSlice, ok := actual.([]byte); ok {
+		if expectedByteSlice, ok := matcher.Expected.([]byte); ok {
+			return bytes.Equal(actualByteSlice, expectedByteSlice), nil
+		}
+	}
+
+	defer func() {
+		if r := recover(); r != nil {
+			success = false
+			if err, ok := r.(error); ok {
+				matchErr = err
+			} else if errMsg, ok := r.(string); ok {
+				matchErr = fmt.Errorf(errMsg)
+			}
+		}
+	}()
+
+	return cmp.Equal(actual, matcher.Expected, matcher.Options...), nil
+}
+
+func (matcher *BeComparableToMatcher) FailureMessage(actual interface{}) (message string) {
+	return cmp.Diff(matcher.Expected, actual, matcher.Options)
+}
+
+func (matcher *BeComparableToMatcher) NegatedFailureMessage(actual interface{}) (message string) {
+	return format.Message(actual, "not to equal", matcher.Expected)
+}
diff --git a/vendor/github.com/onsi/gomega/matchers/have_existing_field_matcher.go b/vendor/github.com/onsi/gomega/matchers/have_existing_field_matcher.go
new file mode 100644
index 000000000..b57018745
--- /dev/null
+++ b/vendor/github.com/onsi/gomega/matchers/have_existing_field_matcher.go
@@ -0,0 +1,36 @@
+package matchers
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/onsi/gomega/format"
+)
+
+type HaveExistingFieldMatcher struct {
+	Field string
+}
+
+func (matcher *HaveExistingFieldMatcher) Match(actual interface{}) (success bool, err error) {
+	// we don't care about the field's actual value, just about any error in
+	// trying to find the field (or method).
+	_, err = extractField(actual, matcher.Field, "HaveExistingField")
+	if err == nil {
+		return true, nil
+	}
+	var mferr missingFieldError
+	if errors.As(err, &mferr) {
+		// missing field errors aren't errors in this context, but instead
+		// unsuccessful matches.
+		return false, nil
+	}
+	return false, err
+}
+
+func (matcher *HaveExistingFieldMatcher) FailureMessage(actual interface{}) (message string) {
+	return fmt.Sprintf("Expected\n%s\nto have field '%s'", format.Object(actual, 1), matcher.Field)
+}
+
+func (matcher *HaveExistingFieldMatcher) NegatedFailureMessage(actual interface{}) (message string) {
+	return fmt.Sprintf("Expected\n%s\nnot to have field '%s'", format.Object(actual, 1), matcher.Field)
+}
diff --git a/vendor/github.com/onsi/gomega/matchers/have_field.go b/vendor/github.com/onsi/gomega/matchers/have_field.go
index e1fe934d5..6989f78c4 100644
--- a/vendor/github.com/onsi/gomega/matchers/have_field.go
+++ b/vendor/github.com/onsi/gomega/matchers/have_field.go
@@ -8,7 +8,16 @@ import (
 	"github.com/onsi/gomega/format"
 )
 
-func extractField(actual interface{}, field string) (interface{}, error) {
+// missingFieldError represents a missing field extraction error that
+// HaveExistingFieldMatcher can ignore, as opposed to other, sever field
+// extraction errors, such as nil pointers, et cetera.
+type missingFieldError string
+
+func (e missingFieldError) Error() string {
+	return string(e)
+}
+
+func extractField(actual interface{}, field string, matchername string) (interface{}, error) {
 	fields := strings.SplitN(field, ".", 2)
 	actualValue := reflect.ValueOf(actual)
 
@@ -16,36 +25,39 @@ func extractField(actual interface{}, field string) (interface{}, error) {
 		actualValue = actualValue.Elem()
 	}
 	if actualValue == (reflect.Value{}) {
-		return nil, fmt.Errorf("HaveField encountered nil while dereferencing a pointer of type %T.", actual)
+		return nil, fmt.Errorf("%s encountered nil while dereferencing a pointer of type %T.", matchername, actual)
 	}
 
 	if actualValue.Kind() != reflect.Struct {
-		return nil, fmt.Errorf("HaveField encountered:\n%s\nWhich is not a struct.", format.Object(actual, 1))
+		return nil, fmt.Errorf("%s encountered:\n%s\nWhich is not a struct.", matchername, format.Object(actual, 1))
 	}
 
 	var extractedValue reflect.Value
 
 	if strings.HasSuffix(fields[0], "()") {
 		extractedValue = actualValue.MethodByName(strings.TrimSuffix(fields[0], "()"))
+		if extractedValue == (reflect.Value{}) && actualValue.CanAddr() {
+			extractedValue = actualValue.Addr().MethodByName(strings.TrimSuffix(fields[0], "()"))
+		}
 		if extractedValue == (reflect.Value{}) {
-			return nil, fmt.Errorf("HaveField could not find method named '%s' in struct of type %T.", fields[0], actual)
+			return nil, missingFieldError(fmt.Sprintf("%s could not find method named '%s' in struct of type %T.", matchername, fields[0], actual))
 		}
 		t := extractedValue.Type()
 		if t.NumIn() != 0 || t.NumOut() != 1 {
-			return nil, fmt.Errorf("HaveField found an invalid method named '%s' in struct of type %T.\nMethods must take no arguments and return exactly one value.", fields[0], actual)
+			return nil, fmt.Errorf("%s found an invalid method named '%s' in struct of type %T.\nMethods must take no arguments and return exactly one value.", matchername, fields[0], actual)
 		}
 		extractedValue = extractedValue.Call([]reflect.Value{})[0]
 	} else {
 		extractedValue = actualValue.FieldByName(fields[0])
 		if extractedValue == (reflect.Value{}) {
-			return nil, fmt.Errorf("HaveField could not find field named '%s' in struct:\n%s", fields[0], format.Object(actual, 1))
+			return nil, missingFieldError(fmt.Sprintf("%s could not find field named '%s' in struct:\n%s", matchername, fields[0], format.Object(actual, 1)))
 		}
 	}
 
 	if len(fields) == 1 {
 		return extractedValue.Interface(), nil
 	} else {
-		return extractField(extractedValue.Interface(), fields[1])
+		return extractField(extractedValue.Interface(), fields[1], matchername)
 	}
 }
 
@@ -58,7 +70,7 @@ type HaveFieldMatcher struct {
 }
 
 func (matcher *HaveFieldMatcher) Match(actual interface{}) (success bool, err error) {
-	matcher.extractedField, err = extractField(actual, matcher.Field)
+	matcher.extractedField, err = extractField(actual, matcher.Field, "HaveField")
 	if err != nil {
 		return false, err
 	}
diff --git a/vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go b/vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go
index 0c83c2b63..2cb6b47db 100644
--- a/vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go
+++ b/vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 
 	"github.com/onsi/gomega/format"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 )
 
 type MatchYAMLMatcher struct {
diff --git a/vendor/github.com/opencontainers/go-digest/go.mod b/vendor/github.com/opencontainers/go-digest/go.mod
deleted file mode 100644
index cf5d7b1d2..000000000
--- a/vendor/github.com/opencontainers/go-digest/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/opencontainers/go-digest
-
-go 1.13
diff --git a/vendor/github.com/openshift/imagebuilder/go.mod b/vendor/github.com/openshift/imagebuilder/go.mod
deleted file mode 100644
index 72dc62448..000000000
--- a/vendor/github.com/openshift/imagebuilder/go.mod
+++ /dev/null
@@ -1,18 +0,0 @@
-module github.com/openshift/imagebuilder
-
-go 1.16
-
-require (
-	github.com/containerd/containerd v1.5.9
-	github.com/containers/storage v1.37.0
-	github.com/docker/distribution v2.7.1+incompatible
-	github.com/docker/docker v20.10.12+incompatible
-	github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 // indirect
-	github.com/fsouza/go-dockerclient v1.7.7
-	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.7.0
-	golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d // indirect
-	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
-	k8s.io/klog v1.0.0
-)
diff --git a/vendor/github.com/openshift/imagebuilder/go.sum b/vendor/github.com/openshift/imagebuilder/go.sum
deleted file mode 100644
index 612540261..000000000
--- a/vendor/github.com/openshift/imagebuilder/go.sum
+++ /dev/null
@@ -1,1003 +0,0 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.22/go.mod h1:91uVCVzvX2QD16sMCenoxxXo6L1wJnLMX2PSufFMtF0=
-github.com/Microsoft/hcsshim v0.8.23 h1:47MSwtKGXet80aIn+7h4YI6fwPmwIghAnsx2aOUrG2M=
-github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1 h1:iJnMvco9XGvKUvNQkv88bE4uJXxRQH18efbKo9w5vHQ=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4=
-github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/stargz-snapshotter/estargz v0.9.0/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/storage v1.37.0 h1:HVhDsur6sx889ZIZ1d1kEiOzv3gsr5q0diX2VZmOdSg=
-github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
-github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U=
-github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 h1:IPrmumsT9t5BS7XcPhgsCTlkWbYg80SEXUzDpReaU6Y=
-github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11/go.mod h1:a6bNUGTbQBsY6VRHTr4h/rkOXjl244DyRD0tx3fgq4Q=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsouza/go-dockerclient v1.7.7 h1:/pLili4Sj42vpzNkjqag8vpsN0ObuusT1EH/MvGX9+4=
-github.com/fsouza/go-dockerclient v1.7.7/go.mod h1:njNCXvoZj3sLPjf3yO0DPHf1mdLdCPDYPc14GskKA4Y=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
-github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/sys/mount v0.2.0 h1:WhCW5B355jtxndN5ovugJlMFJawbUODuW8fSnEH6SSM=
-github.com/moby/sys/mount v0.2.0/go.mod h1:aAivFE2LB3W4bACsUXChRHQ0qKWsetY4Y9V7sxOougM=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1 h1:1O+1cHA1aujwEwwVMa2Xm2l+gIpUHyd3+D+d7LZh1kM=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
-github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.0.3 h1:1hbqejyQWCJBvtKAfdO0b1FmaEf2z/bxnjqbARass5k=
-github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
-github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs=
-golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE=
-golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.2 h1:EQyQC3sa8M+p6Ulc8yy9SWSS2GVwyRc83gAbG8lrl4o=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/vendor/github.com/pkg/sftp/.gitignore b/vendor/github.com/pkg/sftp/.gitignore
new file mode 100644
index 000000000..caf2dca22
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/.gitignore
@@ -0,0 +1,10 @@
+.*.swo
+.*.swp
+
+server_standalone/server_standalone
+
+examples/*/id_rsa
+examples/*/id_rsa.pub
+
+memprofile.out
+memprofile.svg
diff --git a/vendor/github.com/pkg/sftp/CONTRIBUTORS b/vendor/github.com/pkg/sftp/CONTRIBUTORS
new file mode 100644
index 000000000..5c7196ae6
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/CONTRIBUTORS
@@ -0,0 +1,3 @@
+Dave Cheney <dave@cheney.net>
+Saulius Gurklys <s4uliu5@gmail.com>
+John Eikenberry <jae@zhar.net>
diff --git a/vendor/github.com/pkg/sftp/LICENSE b/vendor/github.com/pkg/sftp/LICENSE
new file mode 100644
index 000000000..b7b53921e
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/LICENSE
@@ -0,0 +1,9 @@
+Copyright (c) 2013, Dave Cheney
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/pkg/sftp/Makefile b/vendor/github.com/pkg/sftp/Makefile
new file mode 100644
index 000000000..4d3a00799
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/Makefile
@@ -0,0 +1,27 @@
+.PHONY: integration integration_w_race benchmark
+
+integration:
+	go test -integration -v ./...
+	go test -testserver -v ./...
+	go test -integration -testserver -v ./...
+	go test -integration -allocator -v ./...
+	go test -testserver -allocator -v ./...
+	go test -integration -testserver -allocator -v ./...
+
+integration_w_race:
+	go test -race -integration -v ./...
+	go test -race -testserver -v ./...
+	go test -race -integration -testserver -v ./...
+	go test -race -integration -allocator -v ./...
+	go test -race -testserver -allocator -v ./...
+	go test -race -integration -allocator -testserver -v ./...
+
+COUNT ?= 1
+BENCHMARK_PATTERN ?= "."
+
+benchmark:
+	go test -integration -run=NONE -bench=$(BENCHMARK_PATTERN) -benchmem -count=$(COUNT)
+
+benchmark_w_memprofile:
+	go test -integration -run=NONE -bench=$(BENCHMARK_PATTERN) -benchmem -count=$(COUNT) -memprofile memprofile.out
+	go tool pprof -svg -output=memprofile.svg memprofile.out
diff --git a/vendor/github.com/pkg/sftp/README.md b/vendor/github.com/pkg/sftp/README.md
new file mode 100644
index 000000000..5e78cd396
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/README.md
@@ -0,0 +1,44 @@
+sftp
+----
+
+The `sftp` package provides support for file system operations on remote ssh
+servers using the SFTP subsystem. It also implements an SFTP server for serving
+files from the filesystem.
+
+![CI Status](https://github.com/pkg/sftp/workflows/CI/badge.svg?branch=master&event=push) [![Go Reference](https://pkg.go.dev/badge/github.com/pkg/sftp.svg)](https://pkg.go.dev/github.com/pkg/sftp)
+
+usage and examples
+------------------
+
+See [https://pkg.go.dev/github.com/pkg/sftp](https://pkg.go.dev/github.com/pkg/sftp) for
+examples and usage.
+
+The basic operation of the package mirrors the facilities of the
+[os](http://golang.org/pkg/os) package.
+
+The Walker interface for directory traversal is heavily inspired by Keith
+Rarick's [fs](https://pkg.go.dev/github.com/kr/fs) package.
+
+roadmap
+-------
+
+* There is way too much duplication in the Client methods. If there was an
+  unmarshal(interface{}) method this would reduce a heap of the duplication.
+
+contributing
+------------
+
+We welcome pull requests, bug fixes and issue reports.
+
+Before proposing a large change, first please discuss your change by raising an
+issue.
+
+For API/code bugs, please include a small, self contained code example to
+reproduce the issue. For pull requests, remember test coverage.
+
+We try to handle issues and pull requests with a 0 open philosophy. That means
+we will try to address the submission as soon as possible and will work toward
+a resolution. If progress can no longer be made (eg. unreproducible bug) or
+stops (eg. unresponsive submitter), we will close the bug.
+
+Thanks.
diff --git a/vendor/github.com/pkg/sftp/allocator.go b/vendor/github.com/pkg/sftp/allocator.go
new file mode 100644
index 000000000..3e67e5433
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/allocator.go
@@ -0,0 +1,96 @@
+package sftp
+
+import (
+	"sync"
+)
+
+type allocator struct {
+	sync.Mutex
+	available [][]byte
+	// map key is the request order
+	used map[uint32][][]byte
+}
+
+func newAllocator() *allocator {
+	return &allocator{
+		// micro optimization: initialize available pages with an initial capacity
+		available: make([][]byte, 0, SftpServerWorkerCount*2),
+		used:      make(map[uint32][][]byte),
+	}
+}
+
+// GetPage returns a previously allocated and unused []byte or create a new one.
+// The slice have a fixed size = maxMsgLength, this value is suitable for both
+// receiving new packets and reading the files to serve
+func (a *allocator) GetPage(requestOrderID uint32) []byte {
+	a.Lock()
+	defer a.Unlock()
+
+	var result []byte
+
+	// get an available page and remove it from the available ones.
+	if len(a.available) > 0 {
+		truncLength := len(a.available) - 1
+		result = a.available[truncLength]
+
+		a.available[truncLength] = nil          // clear out the internal pointer
+		a.available = a.available[:truncLength] // truncate the slice
+	}
+
+	// no preallocated slice found, just allocate a new one
+	if result == nil {
+		result = make([]byte, maxMsgLength)
+	}
+
+	// put result in used pages
+	a.used[requestOrderID] = append(a.used[requestOrderID], result)
+
+	return result
+}
+
+// ReleasePages marks unused all pages in use for the given requestID
+func (a *allocator) ReleasePages(requestOrderID uint32) {
+	a.Lock()
+	defer a.Unlock()
+
+	if used := a.used[requestOrderID]; len(used) > 0 {
+		a.available = append(a.available, used...)
+	}
+	delete(a.used, requestOrderID)
+}
+
+// Free removes all the used and available pages.
+// Call this method when the allocator is not needed anymore
+func (a *allocator) Free() {
+	a.Lock()
+	defer a.Unlock()
+
+	a.available = nil
+	a.used = make(map[uint32][][]byte)
+}
+
+func (a *allocator) countUsedPages() int {
+	a.Lock()
+	defer a.Unlock()
+
+	num := 0
+	for _, p := range a.used {
+		num += len(p)
+	}
+	return num
+}
+
+func (a *allocator) countAvailablePages() int {
+	a.Lock()
+	defer a.Unlock()
+
+	return len(a.available)
+}
+
+func (a *allocator) isRequestOrderIDUsed(requestOrderID uint32) bool {
+	a.Lock()
+	defer a.Unlock()
+
+	_, ok := a.used[requestOrderID]
+	return ok
+}
diff --git a/vendor/github.com/pkg/sftp/attrs.go b/vendor/github.com/pkg/sftp/attrs.go
new file mode 100644
index 000000000..2bb2d5764
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/attrs.go
@@ -0,0 +1,90 @@
+package sftp
+
+// ssh_FXP_ATTRS support
+// see http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-5
+
+import (
+	"os"
+	"time"
+)
+
+const (
+	sshFileXferAttrSize        = 0x00000001
+	sshFileXferAttrUIDGID      = 0x00000002
+	sshFileXferAttrPermissions = 0x00000004
+	sshFileXferAttrACmodTime   = 0x00000008
+	sshFileXferAttrExtended    = 0x80000000
+
+	sshFileXferAttrAll = sshFileXferAttrSize | sshFileXferAttrUIDGID | sshFileXferAttrPermissions |
+		sshFileXferAttrACmodTime | sshFileXferAttrExtended
+)
+
+// fileInfo is an artificial type designed to satisfy os.FileInfo.
+type fileInfo struct {
+	name string
+	stat *FileStat
+}
+
+// Name returns the base name of the file.
+func (fi *fileInfo) Name() string { return fi.name }
+
+// Size returns the length in bytes for regular files; system-dependent for others.
+func (fi *fileInfo) Size() int64 { return int64(fi.stat.Size) }
+
+// Mode returns file mode bits.
+func (fi *fileInfo) Mode() os.FileMode { return toFileMode(fi.stat.Mode) }
+
+// ModTime returns the last modification time of the file.
+func (fi *fileInfo) ModTime() time.Time { return time.Unix(int64(fi.stat.Mtime), 0) }
+
+// IsDir returns true if the file is a directory.
+func (fi *fileInfo) IsDir() bool { return fi.Mode().IsDir() }
+
+func (fi *fileInfo) Sys() interface{} { return fi.stat }
+
+// FileStat holds the original unmarshalled values from a call to READDIR or
+// *STAT. It is exported for the purposes of accessing the raw values via
+// os.FileInfo.Sys(). It is also used server side to store the unmarshalled
+// values for SetStat.
+type FileStat struct {
+	Size     uint64
+	Mode     uint32
+	Mtime    uint32
+	Atime    uint32
+	UID      uint32
+	GID      uint32
+	Extended []StatExtended
+}
+
+// StatExtended contains additional, extended information for a FileStat.
+type StatExtended struct {
+	ExtType string
+	ExtData string
+}
+
+func fileInfoFromStat(stat *FileStat, name string) os.FileInfo {
+	return &fileInfo{
+		name: name,
+		stat: stat,
+	}
+}
+
+func fileStatFromInfo(fi os.FileInfo) (uint32, *FileStat) {
+	mtime := fi.ModTime().Unix()
+	atime := mtime
+	var flags uint32 = sshFileXferAttrSize |
+		sshFileXferAttrPermissions |
+		sshFileXferAttrACmodTime
+
+	fileStat := &FileStat{
+		Size:  uint64(fi.Size()),
+		Mode:  fromFileMode(fi.Mode()),
+		Mtime: uint32(mtime),
+		Atime: uint32(atime),
+	}
+
+	// os specific file stat decoding
+	fileStatFromInfoOs(fi, &flags, fileStat)
+
+	return flags, fileStat
+}
diff --git a/vendor/github.com/pkg/sftp/attrs_stubs.go b/vendor/github.com/pkg/sftp/attrs_stubs.go
new file mode 100644
index 000000000..c01f33677
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/attrs_stubs.go
@@ -0,0 +1,11 @@
+// +build plan9 windows android
+
+package sftp
+
+import (
+	"os"
+)
+
+func fileStatFromInfoOs(fi os.FileInfo, flags *uint32, fileStat *FileStat) {
+	// todo
+}
diff --git a/vendor/github.com/pkg/sftp/attrs_unix.go b/vendor/github.com/pkg/sftp/attrs_unix.go
new file mode 100644
index 000000000..d1f445241
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/attrs_unix.go
@@ -0,0 +1,16 @@
+// +build darwin dragonfly freebsd !android,linux netbsd openbsd solaris aix js
+
+package sftp
+
+import (
+	"os"
+	"syscall"
+)
+
+func fileStatFromInfoOs(fi os.FileInfo, flags *uint32, fileStat *FileStat) {
+	if statt, ok := fi.Sys().(*syscall.Stat_t); ok {
+		*flags |= sshFileXferAttrUIDGID
+		fileStat.UID = statt.Uid
+		fileStat.GID = statt.Gid
+	}
+}
diff --git a/vendor/github.com/pkg/sftp/client.go b/vendor/github.com/pkg/sftp/client.go
new file mode 100644
index 000000000..9e0b61645
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/client.go
@@ -0,0 +1,1977 @@
+package sftp
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+	"math"
+	"os"
+	"path"
+	"sync"
+	"sync/atomic"
+	"syscall"
+	"time"
+
+	"github.com/kr/fs"
+	"golang.org/x/crypto/ssh"
+)
+
+var (
+	// ErrInternalInconsistency indicates the packets sent and the data queued to be
+	// written to the file don't match up. It is an unusual error and usually is
+	// caused by bad behavior server side or connection issues. The error is
+	// limited in scope to the call where it happened, the client object is still
+	// OK to use as long as the connection is still open.
+	ErrInternalInconsistency = errors.New("internal inconsistency")
+	// InternalInconsistency alias for ErrInternalInconsistency.
+	//
+	// Deprecated: please use ErrInternalInconsistency
+	InternalInconsistency = ErrInternalInconsistency
+)
+
+// A ClientOption is a function which applies configuration to a Client.
+type ClientOption func(*Client) error
+
+// MaxPacketChecked sets the maximum size of the payload, measured in bytes.
+// This option only accepts sizes servers should support, ie. <= 32768 bytes.
+//
+// If you get the error "failed to send packet header: EOF" when copying a
+// large file, try lowering this number.
+//
+// The default packet size is 32768 bytes.
+func MaxPacketChecked(size int) ClientOption {
+	return func(c *Client) error {
+		if size < 1 {
+			return errors.New("size must be greater or equal to 1")
+		}
+		if size > 32768 {
+			return errors.New("sizes larger than 32KB might not work with all servers")
+		}
+		c.maxPacket = size
+		return nil
+	}
+}
+
+// MaxPacketUnchecked sets the maximum size of the payload, measured in bytes.
+// It accepts sizes larger than the 32768 bytes all servers should support.
+// Only use a setting higher than 32768 if your application always connects to
+// the same server or after sufficiently broad testing.
+//
+// If you get the error "failed to send packet header: EOF" when copying a
+// large file, try lowering this number.
+//
+// The default packet size is 32768 bytes.
+func MaxPacketUnchecked(size int) ClientOption {
+	return func(c *Client) error {
+		if size < 1 {
+			return errors.New("size must be greater or equal to 1")
+		}
+		c.maxPacket = size
+		return nil
+	}
+}
+
+// MaxPacket sets the maximum size of the payload, measured in bytes.
+// This option only accepts sizes servers should support, ie. <= 32768 bytes.
+// This is a synonym for MaxPacketChecked that provides backward compatibility.
+//
+// If you get the error "failed to send packet header: EOF" when copying a
+// large file, try lowering this number.
+//
+// The default packet size is 32768 bytes.
+func MaxPacket(size int) ClientOption {
+	return MaxPacketChecked(size)
+}
+
+// MaxConcurrentRequestsPerFile sets the maximum concurrent requests allowed for a single file.
+//
+// The default maximum concurrent requests is 64.
+func MaxConcurrentRequestsPerFile(n int) ClientOption {
+	return func(c *Client) error {
+		if n < 1 {
+			return errors.New("n must be greater or equal to 1")
+		}
+		c.maxConcurrentRequests = n
+		return nil
+	}
+}
+
+// UseConcurrentWrites allows the Client to perform concurrent Writes.
+//
+// Using concurrency while doing writes, requires special consideration.
+// A write to a later offset in a file after an error,
+// could end up with a file length longer than what was successfully written.
+//
+// When using this option, if you receive an error during `io.Copy` or `io.WriteTo`,
+// you may need to `Truncate` the target Writer to avoid “holes� in the data written.
+func UseConcurrentWrites(value bool) ClientOption {
+	return func(c *Client) error {
+		c.useConcurrentWrites = value
+		return nil
+	}
+}
+
+// UseConcurrentReads allows the Client to perform concurrent Reads.
+//
+// Concurrent reads are generally safe to use and not using them will degrade
+// performance, so this option is enabled by default.
+//
+// When enabled, WriteTo will use Stat/Fstat to get the file size and determines
+// how many concurrent workers to use.
+// Some "read once" servers will delete the file if they receive a stat call on an
+// open file and then the download will fail.
+// Disabling concurrent reads you will be able to download files from these servers.
+// If concurrent reads are disabled, the UseFstat option is ignored.
+func UseConcurrentReads(value bool) ClientOption {
+	return func(c *Client) error {
+		c.disableConcurrentReads = !value
+		return nil
+	}
+}
+
+// UseFstat sets whether to use Fstat or Stat when File.WriteTo is called
+// (usually when copying files).
+// Some servers limit the amount of open files and calling Stat after opening
+// the file will throw an error From the server. Setting this flag will call
+// Fstat instead of Stat which is suppose to be called on an open file handle.
+//
+// It has been found that that with IBM Sterling SFTP servers which have
+// "extractability" level set to 1 which means only 1 file can be opened at
+// any given time.
+//
+// If the server you are working with still has an issue with both Stat and
+// Fstat calls you can always open a file and read it until the end.
+//
+// Another reason to read the file until its end and Fstat doesn't work is
+// that in some servers, reading a full file will automatically delete the
+// file as some of these mainframes map the file to a message in a queue.
+// Once the file has been read it will get deleted.
+func UseFstat(value bool) ClientOption {
+	return func(c *Client) error {
+		c.useFstat = value
+		return nil
+	}
+}
+
+// Client represents an SFTP session on a *ssh.ClientConn SSH connection.
+// Multiple Clients can be active on a single SSH connection, and a Client
+// may be called concurrently from multiple Goroutines.
+//
+// Client implements the github.com/kr/fs.FileSystem interface.
+type Client struct {
+	clientConn
+
+	ext map[string]string // Extensions (name -> data).
+
+	maxPacket             int // max packet size read or written.
+	maxConcurrentRequests int
+	nextid                uint32
+
+	// write concurrency is… error prone.
+	// Default behavior should be to not use it.
+	useConcurrentWrites    bool
+	useFstat               bool
+	disableConcurrentReads bool
+}
+
+// NewClient creates a new SFTP client on conn, using zero or more option
+// functions.
+func NewClient(conn *ssh.Client, opts ...ClientOption) (*Client, error) {
+	s, err := conn.NewSession()
+	if err != nil {
+		return nil, err
+	}
+	if err := s.RequestSubsystem("sftp"); err != nil {
+		return nil, err
+	}
+	pw, err := s.StdinPipe()
+	if err != nil {
+		return nil, err
+	}
+	pr, err := s.StdoutPipe()
+	if err != nil {
+		return nil, err
+	}
+
+	return NewClientPipe(pr, pw, opts...)
+}
+
+// NewClientPipe creates a new SFTP client given a Reader and a WriteCloser.
+// This can be used for connecting to an SFTP server over TCP/TLS or by using
+// the system's ssh client program (e.g. via exec.Command).
+func NewClientPipe(rd io.Reader, wr io.WriteCloser, opts ...ClientOption) (*Client, error) {
+	sftp := &Client{
+		clientConn: clientConn{
+			conn: conn{
+				Reader:      rd,
+				WriteCloser: wr,
+			},
+			inflight: make(map[uint32]chan<- result),
+			closed:   make(chan struct{}),
+		},
+
+		ext: make(map[string]string),
+
+		maxPacket:             1 << 15,
+		maxConcurrentRequests: 64,
+	}
+
+	for _, opt := range opts {
+		if err := opt(sftp); err != nil {
+			wr.Close()
+			return nil, err
+		}
+	}
+
+	if err := sftp.sendInit(); err != nil {
+		wr.Close()
+		return nil, err
+	}
+	if err := sftp.recvVersion(); err != nil {
+		wr.Close()
+		return nil, err
+	}
+
+	sftp.clientConn.wg.Add(1)
+	go sftp.loop()
+
+	return sftp, nil
+}
+
+// Create creates the named file mode 0666 (before umask), truncating it if it
+// already exists. If successful, methods on the returned File can be used for
+// I/O; the associated file descriptor has mode O_RDWR. If you need more
+// control over the flags/mode used to open the file see client.OpenFile.
+//
+// Note that some SFTP servers (eg. AWS Transfer) do not support opening files
+// read/write at the same time. For those services you will need to use
+// `client.OpenFile(os.O_WRONLY|os.O_CREATE|os.O_TRUNC)`.
+func (c *Client) Create(path string) (*File, error) {
+	return c.open(path, flags(os.O_RDWR|os.O_CREATE|os.O_TRUNC))
+}
+
+const sftpProtocolVersion = 3 // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
+
+func (c *Client) sendInit() error {
+	return c.clientConn.conn.sendPacket(&sshFxInitPacket{
+		Version: sftpProtocolVersion, // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
+	})
+}
+
+// returns the next value of c.nextid
+func (c *Client) nextID() uint32 {
+	return atomic.AddUint32(&c.nextid, 1)
+}
+
+func (c *Client) recvVersion() error {
+	typ, data, err := c.recvPacket(0)
+	if err != nil {
+		return err
+	}
+	if typ != sshFxpVersion {
+		return &unexpectedPacketErr{sshFxpVersion, typ}
+	}
+
+	version, data, err := unmarshalUint32Safe(data)
+	if err != nil {
+		return err
+	}
+	if version != sftpProtocolVersion {
+		return &unexpectedVersionErr{sftpProtocolVersion, version}
+	}
+
+	for len(data) > 0 {
+		var ext extensionPair
+		ext, data, err = unmarshalExtensionPair(data)
+		if err != nil {
+			return err
+		}
+		c.ext[ext.Name] = ext.Data
+	}
+
+	return nil
+}
+
+// HasExtension checks whether the server supports a named extension.
+//
+// The first return value is the extension data reported by the server
+// (typically a version number).
+func (c *Client) HasExtension(name string) (string, bool) {
+	data, ok := c.ext[name]
+	return data, ok
+}
+
+// Walk returns a new Walker rooted at root.
+func (c *Client) Walk(root string) *fs.Walker {
+	return fs.WalkFS(root, c)
+}
+
+// ReadDir reads the directory named by dirname and returns a list of
+// directory entries.
+func (c *Client) ReadDir(p string) ([]os.FileInfo, error) {
+	handle, err := c.opendir(p)
+	if err != nil {
+		return nil, err
+	}
+	defer c.close(handle) // this has to defer earlier than the lock below
+	var attrs []os.FileInfo
+	var done = false
+	for !done {
+		id := c.nextID()
+		typ, data, err1 := c.sendPacket(nil, &sshFxpReaddirPacket{
+			ID:     id,
+			Handle: handle,
+		})
+		if err1 != nil {
+			err = err1
+			done = true
+			break
+		}
+		switch typ {
+		case sshFxpName:
+			sid, data := unmarshalUint32(data)
+			if sid != id {
+				return nil, &unexpectedIDErr{id, sid}
+			}
+			count, data := unmarshalUint32(data)
+			for i := uint32(0); i < count; i++ {
+				var filename string
+				filename, data = unmarshalString(data)
+				_, data = unmarshalString(data) // discard longname
+				var attr *FileStat
+				attr, data = unmarshalAttrs(data)
+				if filename == "." || filename == ".." {
+					continue
+				}
+				attrs = append(attrs, fileInfoFromStat(attr, path.Base(filename)))
+			}
+		case sshFxpStatus:
+			// TODO(dfc) scope warning!
+			err = normaliseError(unmarshalStatus(id, data))
+			done = true
+		default:
+			return nil, unimplementedPacketErr(typ)
+		}
+	}
+	if err == io.EOF {
+		err = nil
+	}
+	return attrs, err
+}
+
+func (c *Client) opendir(path string) (string, error) {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpOpendirPacket{
+		ID:   id,
+		Path: path,
+	})
+	if err != nil {
+		return "", err
+	}
+	switch typ {
+	case sshFxpHandle:
+		sid, data := unmarshalUint32(data)
+		if sid != id {
+			return "", &unexpectedIDErr{id, sid}
+		}
+		handle, _ := unmarshalString(data)
+		return handle, nil
+	case sshFxpStatus:
+		return "", normaliseError(unmarshalStatus(id, data))
+	default:
+		return "", unimplementedPacketErr(typ)
+	}
+}
+
+// Stat returns a FileInfo structure describing the file specified by path 'p'.
+// If 'p' is a symbolic link, the returned FileInfo structure describes the referent file.
+func (c *Client) Stat(p string) (os.FileInfo, error) {
+	fs, err := c.stat(p)
+	if err != nil {
+		return nil, err
+	}
+	return fileInfoFromStat(fs, path.Base(p)), nil
+}
+
+// Lstat returns a FileInfo structure describing the file specified by path 'p'.
+// If 'p' is a symbolic link, the returned FileInfo structure describes the symbolic link.
+func (c *Client) Lstat(p string) (os.FileInfo, error) {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpLstatPacket{
+		ID:   id,
+		Path: p,
+	})
+	if err != nil {
+		return nil, err
+	}
+	switch typ {
+	case sshFxpAttrs:
+		sid, data := unmarshalUint32(data)
+		if sid != id {
+			return nil, &unexpectedIDErr{id, sid}
+		}
+		attr, _ := unmarshalAttrs(data)
+		return fileInfoFromStat(attr, path.Base(p)), nil
+	case sshFxpStatus:
+		return nil, normaliseError(unmarshalStatus(id, data))
+	default:
+		return nil, unimplementedPacketErr(typ)
+	}
+}
+
+// ReadLink reads the target of a symbolic link.
+func (c *Client) ReadLink(p string) (string, error) {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpReadlinkPacket{
+		ID:   id,
+		Path: p,
+	})
+	if err != nil {
+		return "", err
+	}
+	switch typ {
+	case sshFxpName:
+		sid, data := unmarshalUint32(data)
+		if sid != id {
+			return "", &unexpectedIDErr{id, sid}
+		}
+		count, data := unmarshalUint32(data)
+		if count != 1 {
+			return "", unexpectedCount(1, count)
+		}
+		filename, _ := unmarshalString(data) // ignore dummy attributes
+		return filename, nil
+	case sshFxpStatus:
+		return "", normaliseError(unmarshalStatus(id, data))
+	default:
+		return "", unimplementedPacketErr(typ)
+	}
+}
+
+// Link creates a hard link at 'newname', pointing at the same inode as 'oldname'
+func (c *Client) Link(oldname, newname string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpHardlinkPacket{
+		ID:      id,
+		Oldpath: oldname,
+		Newpath: newname,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// Symlink creates a symbolic link at 'newname', pointing at target 'oldname'
+func (c *Client) Symlink(oldname, newname string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpSymlinkPacket{
+		ID:         id,
+		Linkpath:   newname,
+		Targetpath: oldname,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+func (c *Client) setfstat(handle string, flags uint32, attrs interface{}) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpFsetstatPacket{
+		ID:     id,
+		Handle: handle,
+		Flags:  flags,
+		Attrs:  attrs,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// setstat is a convience wrapper to allow for changing of various parts of the file descriptor.
+func (c *Client) setstat(path string, flags uint32, attrs interface{}) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpSetstatPacket{
+		ID:    id,
+		Path:  path,
+		Flags: flags,
+		Attrs: attrs,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// Chtimes changes the access and modification times of the named file.
+func (c *Client) Chtimes(path string, atime time.Time, mtime time.Time) error {
+	type times struct {
+		Atime uint32
+		Mtime uint32
+	}
+	attrs := times{uint32(atime.Unix()), uint32(mtime.Unix())}
+	return c.setstat(path, sshFileXferAttrACmodTime, attrs)
+}
+
+// Chown changes the user and group owners of the named file.
+func (c *Client) Chown(path string, uid, gid int) error {
+	type owner struct {
+		UID uint32
+		GID uint32
+	}
+	attrs := owner{uint32(uid), uint32(gid)}
+	return c.setstat(path, sshFileXferAttrUIDGID, attrs)
+}
+
+// Chmod changes the permissions of the named file.
+//
+// Chmod does not apply a umask, because even retrieving the umask is not
+// possible in a portable way without causing a race condition. Callers
+// should mask off umask bits, if desired.
+func (c *Client) Chmod(path string, mode os.FileMode) error {
+	return c.setstat(path, sshFileXferAttrPermissions, toChmodPerm(mode))
+}
+
+// Truncate sets the size of the named file. Although it may be safely assumed
+// that if the size is less than its current size it will be truncated to fit,
+// the SFTP protocol does not specify what behavior the server should do when setting
+// size greater than the current size.
+func (c *Client) Truncate(path string, size int64) error {
+	return c.setstat(path, sshFileXferAttrSize, uint64(size))
+}
+
+// Open opens the named file for reading. If successful, methods on the
+// returned file can be used for reading; the associated file descriptor
+// has mode O_RDONLY.
+func (c *Client) Open(path string) (*File, error) {
+	return c.open(path, flags(os.O_RDONLY))
+}
+
+// OpenFile is the generalized open call; most users will use Open or
+// Create instead. It opens the named file with specified flag (O_RDONLY
+// etc.). If successful, methods on the returned File can be used for I/O.
+func (c *Client) OpenFile(path string, f int) (*File, error) {
+	return c.open(path, flags(f))
+}
+
+func (c *Client) open(path string, pflags uint32) (*File, error) {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpOpenPacket{
+		ID:     id,
+		Path:   path,
+		Pflags: pflags,
+	})
+	if err != nil {
+		return nil, err
+	}
+	switch typ {
+	case sshFxpHandle:
+		sid, data := unmarshalUint32(data)
+		if sid != id {
+			return nil, &unexpectedIDErr{id, sid}
+		}
+		handle, _ := unmarshalString(data)
+		return &File{c: c, path: path, handle: handle}, nil
+	case sshFxpStatus:
+		return nil, normaliseError(unmarshalStatus(id, data))
+	default:
+		return nil, unimplementedPacketErr(typ)
+	}
+}
+
+// close closes a handle handle previously returned in the response
+// to SSH_FXP_OPEN or SSH_FXP_OPENDIR. The handle becomes invalid
+// immediately after this request has been sent.
+func (c *Client) close(handle string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpClosePacket{
+		ID:     id,
+		Handle: handle,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+func (c *Client) stat(path string) (*FileStat, error) {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpStatPacket{
+		ID:   id,
+		Path: path,
+	})
+	if err != nil {
+		return nil, err
+	}
+	switch typ {
+	case sshFxpAttrs:
+		sid, data := unmarshalUint32(data)
+		if sid != id {
+			return nil, &unexpectedIDErr{id, sid}
+		}
+		attr, _ := unmarshalAttrs(data)
+		return attr, nil
+	case sshFxpStatus:
+		return nil, normaliseError(unmarshalStatus(id, data))
+	default:
+		return nil, unimplementedPacketErr(typ)
+	}
+}
+
+func (c *Client) fstat(handle string) (*FileStat, error) {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpFstatPacket{
+		ID:     id,
+		Handle: handle,
+	})
+	if err != nil {
+		return nil, err
+	}
+	switch typ {
+	case sshFxpAttrs:
+		sid, data := unmarshalUint32(data)
+		if sid != id {
+			return nil, &unexpectedIDErr{id, sid}
+		}
+		attr, _ := unmarshalAttrs(data)
+		return attr, nil
+	case sshFxpStatus:
+		return nil, normaliseError(unmarshalStatus(id, data))
+	default:
+		return nil, unimplementedPacketErr(typ)
+	}
+}
+
+// StatVFS retrieves VFS statistics from a remote host.
+//
+// It implements the statvfs@openssh.com SSH_FXP_EXTENDED feature
+// from http://www.opensource.apple.com/source/OpenSSH/OpenSSH-175/openssh/PROTOCOL?txt.
+func (c *Client) StatVFS(path string) (*StatVFS, error) {
+	// send the StatVFS packet to the server
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpStatvfsPacket{
+		ID:   id,
+		Path: path,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	switch typ {
+	// server responded with valid data
+	case sshFxpExtendedReply:
+		var response StatVFS
+		err = binary.Read(bytes.NewReader(data), binary.BigEndian, &response)
+		if err != nil {
+			return nil, errors.New("can not parse reply")
+		}
+
+		return &response, nil
+
+	// the resquest failed
+	case sshFxpStatus:
+		return nil, normaliseError(unmarshalStatus(id, data))
+
+	default:
+		return nil, unimplementedPacketErr(typ)
+	}
+}
+
+// Join joins any number of path elements into a single path, adding a
+// separating slash if necessary. The result is Cleaned; in particular, all
+// empty strings are ignored.
+func (c *Client) Join(elem ...string) string { return path.Join(elem...) }
+
+// Remove removes the specified file or directory. An error will be returned if no
+// file or directory with the specified path exists, or if the specified directory
+// is not empty.
+func (c *Client) Remove(path string) error {
+	err := c.removeFile(path)
+	// some servers, *cough* osx *cough*, return EPERM, not ENODIR.
+	// serv-u returns ssh_FX_FILE_IS_A_DIRECTORY
+	// EPERM is converted to os.ErrPermission so it is not a StatusError
+	if err, ok := err.(*StatusError); ok {
+		switch err.Code {
+		case sshFxFailure, sshFxFileIsADirectory:
+			return c.RemoveDirectory(path)
+		}
+	}
+	if os.IsPermission(err) {
+		return c.RemoveDirectory(path)
+	}
+	return err
+}
+
+func (c *Client) removeFile(path string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpRemovePacket{
+		ID:       id,
+		Filename: path,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// RemoveDirectory removes a directory path.
+func (c *Client) RemoveDirectory(path string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpRmdirPacket{
+		ID:   id,
+		Path: path,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// Rename renames a file.
+func (c *Client) Rename(oldname, newname string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpRenamePacket{
+		ID:      id,
+		Oldpath: oldname,
+		Newpath: newname,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// PosixRename renames a file using the posix-rename@openssh.com extension
+// which will replace newname if it already exists.
+func (c *Client) PosixRename(oldname, newname string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpPosixRenamePacket{
+		ID:      id,
+		Oldpath: oldname,
+		Newpath: newname,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// RealPath can be used to have the server canonicalize any given path name to an absolute path.
+//
+// This is useful for converting path names containing ".." components,
+// or relative pathnames without a leading slash into absolute paths.
+func (c *Client) RealPath(path string) (string, error) {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpRealpathPacket{
+		ID:   id,
+		Path: path,
+	})
+	if err != nil {
+		return "", err
+	}
+	switch typ {
+	case sshFxpName:
+		sid, data := unmarshalUint32(data)
+		if sid != id {
+			return "", &unexpectedIDErr{id, sid}
+		}
+		count, data := unmarshalUint32(data)
+		if count != 1 {
+			return "", unexpectedCount(1, count)
+		}
+		filename, _ := unmarshalString(data) // ignore attributes
+		return filename, nil
+	case sshFxpStatus:
+		return "", normaliseError(unmarshalStatus(id, data))
+	default:
+		return "", unimplementedPacketErr(typ)
+	}
+}
+
+// Getwd returns the current working directory of the server. Operations
+// involving relative paths will be based at this location.
+func (c *Client) Getwd() (string, error) {
+	return c.RealPath(".")
+}
+
+// Mkdir creates the specified directory. An error will be returned if a file or
+// directory with the specified path already exists, or if the directory's
+// parent folder does not exist (the method cannot create complete paths).
+func (c *Client) Mkdir(path string) error {
+	id := c.nextID()
+	typ, data, err := c.sendPacket(nil, &sshFxpMkdirPacket{
+		ID:   id,
+		Path: path,
+	})
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return unimplementedPacketErr(typ)
+	}
+}
+
+// MkdirAll creates a directory named path, along with any necessary parents,
+// and returns nil, or else returns an error.
+// If path is already a directory, MkdirAll does nothing and returns nil.
+// If path contains a regular file, an error is returned
+func (c *Client) MkdirAll(path string) error {
+	// Most of this code mimics https://golang.org/src/os/path.go?s=514:561#L13
+	// Fast path: if we can tell whether path is a directory or file, stop with success or error.
+	dir, err := c.Stat(path)
+	if err == nil {
+		if dir.IsDir() {
+			return nil
+		}
+		return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR}
+	}
+
+	// Slow path: make sure parent exists and then call Mkdir for path.
+	i := len(path)
+	for i > 0 && path[i-1] == '/' { // Skip trailing path separator.
+		i--
+	}
+
+	j := i
+	for j > 0 && path[j-1] != '/' { // Scan backward over element.
+		j--
+	}
+
+	if j > 1 {
+		// Create parent
+		err = c.MkdirAll(path[0 : j-1])
+		if err != nil {
+			return err
+		}
+	}
+
+	// Parent now exists; invoke Mkdir and use its result.
+	err = c.Mkdir(path)
+	if err != nil {
+		// Handle arguments like "foo/." by
+		// double-checking that directory doesn't exist.
+		dir, err1 := c.Lstat(path)
+		if err1 == nil && dir.IsDir() {
+			return nil
+		}
+		return err
+	}
+	return nil
+}
+
+// File represents a remote file.
+type File struct {
+	c      *Client
+	path   string
+	handle string
+
+	mu     sync.Mutex
+	offset int64 // current offset within remote file
+}
+
+// Close closes the File, rendering it unusable for I/O. It returns an
+// error, if any.
+func (f *File) Close() error {
+	return f.c.close(f.handle)
+}
+
+// Name returns the name of the file as presented to Open or Create.
+func (f *File) Name() string {
+	return f.path
+}
+
+// Read reads up to len(b) bytes from the File. It returns the number of bytes
+// read and an error, if any. Read follows io.Reader semantics, so when Read
+// encounters an error or EOF condition after successfully reading n > 0 bytes,
+// it returns the number of bytes read.
+//
+// To maximise throughput for transferring the entire file (especially
+// over high latency links) it is recommended to use WriteTo rather
+// than calling Read multiple times. io.Copy will do this
+// automatically.
+func (f *File) Read(b []byte) (int, error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	n, err := f.ReadAt(b, f.offset)
+	f.offset += int64(n)
+	return n, err
+}
+
+// readChunkAt attempts to read the whole entire length of the buffer from the file starting at the offset.
+// It will continue progressively reading into the buffer until it fills the whole buffer, or an error occurs.
+func (f *File) readChunkAt(ch chan result, b []byte, off int64) (n int, err error) {
+	for err == nil && n < len(b) {
+		id := f.c.nextID()
+		typ, data, err := f.c.sendPacket(ch, &sshFxpReadPacket{
+			ID:     id,
+			Handle: f.handle,
+			Offset: uint64(off) + uint64(n),
+			Len:    uint32(len(b) - n),
+		})
+		if err != nil {
+			return n, err
+		}
+
+		switch typ {
+		case sshFxpStatus:
+			return n, normaliseError(unmarshalStatus(id, data))
+
+		case sshFxpData:
+			sid, data := unmarshalUint32(data)
+			if id != sid {
+				return n, &unexpectedIDErr{id, sid}
+			}
+
+			l, data := unmarshalUint32(data)
+			n += copy(b[n:], data[:l])
+
+		default:
+			return n, unimplementedPacketErr(typ)
+		}
+	}
+
+	return
+}
+
+func (f *File) readAtSequential(b []byte, off int64) (read int, err error) {
+	for read < len(b) {
+		rb := b[read:]
+		if len(rb) > f.c.maxPacket {
+			rb = rb[:f.c.maxPacket]
+		}
+		n, err := f.readChunkAt(nil, rb, off+int64(read))
+		if n < 0 {
+			panic("sftp.File: returned negative count from readChunkAt")
+		}
+		if n > 0 {
+			read += n
+		}
+		if err != nil {
+			return read, err
+		}
+	}
+	return read, nil
+}
+
+// ReadAt reads up to len(b) byte from the File at a given offset `off`. It returns
+// the number of bytes read and an error, if any. ReadAt follows io.ReaderAt semantics,
+// so the file offset is not altered during the read.
+func (f *File) ReadAt(b []byte, off int64) (int, error) {
+	if len(b) <= f.c.maxPacket {
+		// This should be able to be serviced with 1/2 requests.
+		// So, just do it directly.
+		return f.readChunkAt(nil, b, off)
+	}
+
+	if f.c.disableConcurrentReads {
+		return f.readAtSequential(b, off)
+	}
+
+	// Split the read into multiple maxPacket-sized concurrent reads bounded by maxConcurrentRequests.
+	// This allows writes with a suitably large buffer to transfer data at a much faster rate
+	// by overlapping round trip times.
+
+	cancel := make(chan struct{})
+
+	concurrency := len(b)/f.c.maxPacket + 1
+	if concurrency > f.c.maxConcurrentRequests || concurrency < 1 {
+		concurrency = f.c.maxConcurrentRequests
+	}
+
+	resPool := newResChanPool(concurrency)
+
+	type work struct {
+		id  uint32
+		res chan result
+
+		b   []byte
+		off int64
+	}
+	workCh := make(chan work)
+
+	// Slice: cut up the Read into any number of buffers of length <= f.c.maxPacket, and at appropriate offsets.
+	go func() {
+		defer close(workCh)
+
+		b := b
+		offset := off
+		chunkSize := f.c.maxPacket
+
+		for len(b) > 0 {
+			rb := b
+			if len(rb) > chunkSize {
+				rb = rb[:chunkSize]
+			}
+
+			id := f.c.nextID()
+			res := resPool.Get()
+
+			f.c.dispatchRequest(res, &sshFxpReadPacket{
+				ID:     id,
+				Handle: f.handle,
+				Offset: uint64(offset),
+				Len:    uint32(chunkSize),
+			})
+
+			select {
+			case workCh <- work{id, res, rb, offset}:
+			case <-cancel:
+				return
+			}
+
+			offset += int64(len(rb))
+			b = b[len(rb):]
+		}
+	}()
+
+	type rErr struct {
+		off int64
+		err error
+	}
+	errCh := make(chan rErr)
+
+	var wg sync.WaitGroup
+	wg.Add(concurrency)
+	for i := 0; i < concurrency; i++ {
+		// Map_i: each worker gets work, and then performs the Read into its buffer from its respective offset.
+		go func() {
+			defer wg.Done()
+
+			for packet := range workCh {
+				var n int
+
+				s := <-packet.res
+				resPool.Put(packet.res)
+
+				err := s.err
+				if err == nil {
+					switch s.typ {
+					case sshFxpStatus:
+						err = normaliseError(unmarshalStatus(packet.id, s.data))
+
+					case sshFxpData:
+						sid, data := unmarshalUint32(s.data)
+						if packet.id != sid {
+							err = &unexpectedIDErr{packet.id, sid}
+
+						} else {
+							l, data := unmarshalUint32(data)
+							n = copy(packet.b, data[:l])
+
+							// For normal disk files, it is guaranteed that this will read
+							// the specified number of bytes, or up to end of file.
+							// This implies, if we have a short read, that means EOF.
+							if n < len(packet.b) {
+								err = io.EOF
+							}
+						}
+
+					default:
+						err = unimplementedPacketErr(s.typ)
+					}
+				}
+
+				if err != nil {
+					// return the offset as the start + how much we read before the error.
+					errCh <- rErr{packet.off + int64(n), err}
+					return
+				}
+			}
+		}()
+	}
+
+	// Wait for long tail, before closing results.
+	go func() {
+		wg.Wait()
+		close(errCh)
+	}()
+
+	// Reduce: collect all the results into a relevant return: the earliest offset to return an error.
+	firstErr := rErr{math.MaxInt64, nil}
+	for rErr := range errCh {
+		if rErr.off <= firstErr.off {
+			firstErr = rErr
+		}
+
+		select {
+		case <-cancel:
+		default:
+			// stop any more work from being distributed. (Just in case.)
+			close(cancel)
+		}
+	}
+
+	if firstErr.err != nil {
+		// firstErr.err != nil if and only if firstErr.off > our starting offset.
+		return int(firstErr.off - off), firstErr.err
+	}
+
+	// As per spec for io.ReaderAt, we return nil error if and only if we read everything.
+	return len(b), nil
+}
+
+// writeToSequential implements WriteTo, but works sequentially with no parallelism.
+func (f *File) writeToSequential(w io.Writer) (written int64, err error) {
+	b := make([]byte, f.c.maxPacket)
+	ch := make(chan result, 1) // reusable channel
+
+	for {
+		n, err := f.readChunkAt(ch, b, f.offset)
+		if n < 0 {
+			panic("sftp.File: returned negative count from readChunkAt")
+		}
+
+		if n > 0 {
+			f.offset += int64(n)
+
+			m, err := w.Write(b[:n])
+			written += int64(m)
+
+			if err != nil {
+				return written, err
+			}
+		}
+
+		if err != nil {
+			if err == io.EOF {
+				return written, nil // return nil explicitly.
+			}
+
+			return written, err
+		}
+	}
+}
+
+// WriteTo writes the file to the given Writer.
+// The return value is the number of bytes written.
+// Any error encountered during the write is also returned.
+//
+// This method is preferred over calling Read multiple times
+// to maximise throughput for transferring the entire file,
+// especially over high latency links.
+func (f *File) WriteTo(w io.Writer) (written int64, err error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	if f.c.disableConcurrentReads {
+		return f.writeToSequential(w)
+	}
+
+	// For concurrency, we want to guess how many concurrent workers we should use.
+	var fileStat *FileStat
+	if f.c.useFstat {
+		fileStat, err = f.c.fstat(f.handle)
+	} else {
+		fileStat, err = f.c.stat(f.path)
+	}
+	if err != nil {
+		return 0, err
+	}
+
+	fileSize := fileStat.Size
+	if fileSize <= uint64(f.c.maxPacket) || !isRegular(fileStat.Mode) {
+		// only regular files are guaranteed to return (full read) xor (partial read, next error)
+		return f.writeToSequential(w)
+	}
+
+	concurrency64 := fileSize/uint64(f.c.maxPacket) + 1 // a bad guess, but better than no guess
+	if concurrency64 > uint64(f.c.maxConcurrentRequests) || concurrency64 < 1 {
+		concurrency64 = uint64(f.c.maxConcurrentRequests)
+	}
+	// Now that concurrency64 is saturated to an int value, we know this assignment cannot possibly overflow.
+	concurrency := int(concurrency64)
+
+	chunkSize := f.c.maxPacket
+	pool := newBufPool(concurrency, chunkSize)
+	resPool := newResChanPool(concurrency)
+
+	cancel := make(chan struct{})
+	var wg sync.WaitGroup
+	defer func() {
+		// Once the writing Reduce phase has ended, all the feed work needs to unconditionally stop.
+		close(cancel)
+
+		// We want to wait until all outstanding goroutines with an `f` or `f.c` reference have completed.
+		// Just to be sure we don’t orphan any goroutines any hanging references.
+		wg.Wait()
+	}()
+
+	type writeWork struct {
+		b   []byte
+		off int64
+		err error
+
+		next chan writeWork
+	}
+	writeCh := make(chan writeWork)
+
+	type readWork struct {
+		id  uint32
+		res chan result
+		off int64
+
+		cur, next chan writeWork
+	}
+	readCh := make(chan readWork)
+
+	// Slice: hand out chunks of work on demand, with a `cur` and `next` channel built-in for sequencing.
+	go func() {
+		defer close(readCh)
+
+		off := f.offset
+
+		cur := writeCh
+		for {
+			id := f.c.nextID()
+			res := resPool.Get()
+
+			next := make(chan writeWork)
+			readWork := readWork{
+				id:  id,
+				res: res,
+				off: off,
+
+				cur:  cur,
+				next: next,
+			}
+
+			f.c.dispatchRequest(res, &sshFxpReadPacket{
+				ID:     id,
+				Handle: f.handle,
+				Offset: uint64(off),
+				Len:    uint32(chunkSize),
+			})
+
+			select {
+			case readCh <- readWork:
+			case <-cancel:
+				return
+			}
+
+			off += int64(chunkSize)
+			cur = next
+		}
+	}()
+
+	wg.Add(concurrency)
+	for i := 0; i < concurrency; i++ {
+		// Map_i: each worker gets readWork, and does the Read into a buffer at the given offset.
+		go func() {
+			defer wg.Done()
+
+			for readWork := range readCh {
+				var b []byte
+				var n int
+
+				s := <-readWork.res
+				resPool.Put(readWork.res)
+
+				err := s.err
+				if err == nil {
+					switch s.typ {
+					case sshFxpStatus:
+						err = normaliseError(unmarshalStatus(readWork.id, s.data))
+
+					case sshFxpData:
+						sid, data := unmarshalUint32(s.data)
+						if readWork.id != sid {
+							err = &unexpectedIDErr{readWork.id, sid}
+
+						} else {
+							l, data := unmarshalUint32(data)
+							b = pool.Get()[:l]
+							n = copy(b, data[:l])
+							b = b[:n]
+						}
+
+					default:
+						err = unimplementedPacketErr(s.typ)
+					}
+				}
+
+				writeWork := writeWork{
+					b:   b,
+					off: readWork.off,
+					err: err,
+
+					next: readWork.next,
+				}
+
+				select {
+				case readWork.cur <- writeWork:
+				case <-cancel:
+					return
+				}
+
+				if err != nil {
+					return
+				}
+			}
+		}()
+	}
+
+	// Reduce: serialize the results from the reads into sequential writes.
+	cur := writeCh
+	for {
+		packet, ok := <-cur
+		if !ok {
+			return written, errors.New("sftp.File.WriteTo: unexpectedly closed channel")
+		}
+
+		// Because writes are serialized, this will always be the last successfully read byte.
+		f.offset = packet.off + int64(len(packet.b))
+
+		if len(packet.b) > 0 {
+			n, err := w.Write(packet.b)
+			written += int64(n)
+			if err != nil {
+				return written, err
+			}
+		}
+
+		if packet.err != nil {
+			if packet.err == io.EOF {
+				return written, nil
+			}
+
+			return written, packet.err
+		}
+
+		pool.Put(packet.b)
+		cur = packet.next
+	}
+}
+
+// Stat returns the FileInfo structure describing file. If there is an
+// error.
+func (f *File) Stat() (os.FileInfo, error) {
+	fs, err := f.c.fstat(f.handle)
+	if err != nil {
+		return nil, err
+	}
+	return fileInfoFromStat(fs, path.Base(f.path)), nil
+}
+
+// Write writes len(b) bytes to the File. It returns the number of bytes
+// written and an error, if any. Write returns a non-nil error when n !=
+// len(b).
+//
+// To maximise throughput for transferring the entire file (especially
+// over high latency links) it is recommended to use ReadFrom rather
+// than calling Write multiple times. io.Copy will do this
+// automatically.
+func (f *File) Write(b []byte) (int, error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	n, err := f.WriteAt(b, f.offset)
+	f.offset += int64(n)
+	return n, err
+}
+
+func (f *File) writeChunkAt(ch chan result, b []byte, off int64) (int, error) {
+	typ, data, err := f.c.sendPacket(ch, &sshFxpWritePacket{
+		ID:     f.c.nextID(),
+		Handle: f.handle,
+		Offset: uint64(off),
+		Length: uint32(len(b)),
+		Data:   b,
+	})
+	if err != nil {
+		return 0, err
+	}
+
+	switch typ {
+	case sshFxpStatus:
+		id, _ := unmarshalUint32(data)
+		err := normaliseError(unmarshalStatus(id, data))
+		if err != nil {
+			return 0, err
+		}
+
+	default:
+		return 0, unimplementedPacketErr(typ)
+	}
+
+	return len(b), nil
+}
+
+// writeAtConcurrent implements WriterAt, but works concurrently rather than sequentially.
+func (f *File) writeAtConcurrent(b []byte, off int64) (int, error) {
+	// Split the write into multiple maxPacket sized concurrent writes
+	// bounded by maxConcurrentRequests. This allows writes with a suitably
+	// large buffer to transfer data at a much faster rate due to
+	// overlapping round trip times.
+
+	cancel := make(chan struct{})
+
+	type work struct {
+		id  uint32
+		res chan result
+
+		off int64
+	}
+	workCh := make(chan work)
+
+	concurrency := len(b)/f.c.maxPacket + 1
+	if concurrency > f.c.maxConcurrentRequests || concurrency < 1 {
+		concurrency = f.c.maxConcurrentRequests
+	}
+
+	pool := newResChanPool(concurrency)
+
+	// Slice: cut up the Read into any number of buffers of length <= f.c.maxPacket, and at appropriate offsets.
+	go func() {
+		defer close(workCh)
+
+		var read int
+		chunkSize := f.c.maxPacket
+
+		for read < len(b) {
+			wb := b[read:]
+			if len(wb) > chunkSize {
+				wb = wb[:chunkSize]
+			}
+
+			id := f.c.nextID()
+			res := pool.Get()
+			off := off + int64(read)
+
+			f.c.dispatchRequest(res, &sshFxpWritePacket{
+				ID:     id,
+				Handle: f.handle,
+				Offset: uint64(off),
+				Length: uint32(len(wb)),
+				Data:   wb,
+			})
+
+			select {
+			case workCh <- work{id, res, off}:
+			case <-cancel:
+				return
+			}
+
+			read += len(wb)
+		}
+	}()
+
+	type wErr struct {
+		off int64
+		err error
+	}
+	errCh := make(chan wErr)
+
+	var wg sync.WaitGroup
+	wg.Add(concurrency)
+	for i := 0; i < concurrency; i++ {
+		// Map_i: each worker gets work, and does the Write from each buffer to its respective offset.
+		go func() {
+			defer wg.Done()
+
+			for work := range workCh {
+				s := <-work.res
+				pool.Put(work.res)
+
+				err := s.err
+				if err == nil {
+					switch s.typ {
+					case sshFxpStatus:
+						err = normaliseError(unmarshalStatus(work.id, s.data))
+					default:
+						err = unimplementedPacketErr(s.typ)
+					}
+				}
+
+				if err != nil {
+					errCh <- wErr{work.off, err}
+				}
+			}
+		}()
+	}
+
+	// Wait for long tail, before closing results.
+	go func() {
+		wg.Wait()
+		close(errCh)
+	}()
+
+	// Reduce: collect all the results into a relevant return: the earliest offset to return an error.
+	firstErr := wErr{math.MaxInt64, nil}
+	for wErr := range errCh {
+		if wErr.off <= firstErr.off {
+			firstErr = wErr
+		}
+
+		select {
+		case <-cancel:
+		default:
+			// stop any more work from being distributed. (Just in case.)
+			close(cancel)
+		}
+	}
+
+	if firstErr.err != nil {
+		// firstErr.err != nil if and only if firstErr.off >= our starting offset.
+		return int(firstErr.off - off), firstErr.err
+	}
+
+	return len(b), nil
+}
+
+// WriteAt writes up to len(b) byte to the File at a given offset `off`. It returns
+// the number of bytes written and an error, if any. WriteAt follows io.WriterAt semantics,
+// so the file offset is not altered during the write.
+func (f *File) WriteAt(b []byte, off int64) (written int, err error) {
+	if len(b) <= f.c.maxPacket {
+		// We can do this in one write.
+		return f.writeChunkAt(nil, b, off)
+	}
+
+	if f.c.useConcurrentWrites {
+		return f.writeAtConcurrent(b, off)
+	}
+
+	ch := make(chan result, 1) // reusable channel
+
+	chunkSize := f.c.maxPacket
+
+	for written < len(b) {
+		wb := b[written:]
+		if len(wb) > chunkSize {
+			wb = wb[:chunkSize]
+		}
+
+		n, err := f.writeChunkAt(ch, wb, off+int64(written))
+		if n > 0 {
+			written += n
+		}
+
+		if err != nil {
+			return written, err
+		}
+	}
+
+	return len(b), nil
+}
+
+// ReadFromWithConcurrency implements ReaderFrom,
+// but uses the given concurrency to issue multiple requests at the same time.
+//
+// Giving a concurrency of less than one will default to the Client’s max concurrency.
+//
+// Otherwise, the given concurrency will be capped by the Client's max concurrency.
+func (f *File) ReadFromWithConcurrency(r io.Reader, concurrency int) (read int64, err error) {
+	// Split the write into multiple maxPacket sized concurrent writes.
+	// This allows writes with a suitably large reader
+	// to transfer data at a much faster rate due to overlapping round trip times.
+
+	cancel := make(chan struct{})
+
+	type work struct {
+		id  uint32
+		res chan result
+
+		off int64
+	}
+	workCh := make(chan work)
+
+	type rwErr struct {
+		off int64
+		err error
+	}
+	errCh := make(chan rwErr)
+
+	if concurrency > f.c.maxConcurrentRequests || concurrency < 1 {
+		concurrency = f.c.maxConcurrentRequests
+	}
+
+	pool := newResChanPool(concurrency)
+
+	// Slice: cut up the Read into any number of buffers of length <= f.c.maxPacket, and at appropriate offsets.
+	go func() {
+		defer close(workCh)
+
+		b := make([]byte, f.c.maxPacket)
+		off := f.offset
+
+		for {
+			n, err := r.Read(b)
+
+			if n > 0 {
+				read += int64(n)
+
+				id := f.c.nextID()
+				res := pool.Get()
+
+				f.c.dispatchRequest(res, &sshFxpWritePacket{
+					ID:     id,
+					Handle: f.handle,
+					Offset: uint64(off),
+					Length: uint32(n),
+					Data:   b,
+				})
+
+				select {
+				case workCh <- work{id, res, off}:
+				case <-cancel:
+					return
+				}
+
+				off += int64(n)
+			}
+
+			if err != nil {
+				if err != io.EOF {
+					errCh <- rwErr{off, err}
+				}
+				return
+			}
+		}
+	}()
+
+	var wg sync.WaitGroup
+	wg.Add(concurrency)
+	for i := 0; i < concurrency; i++ {
+		// Map_i: each worker gets work, and does the Write from each buffer to its respective offset.
+		go func() {
+			defer wg.Done()
+
+			for work := range workCh {
+				s := <-work.res
+				pool.Put(work.res)
+
+				err := s.err
+				if err == nil {
+					switch s.typ {
+					case sshFxpStatus:
+						err = normaliseError(unmarshalStatus(work.id, s.data))
+					default:
+						err = unimplementedPacketErr(s.typ)
+					}
+				}
+
+				if err != nil {
+					errCh <- rwErr{work.off, err}
+				}
+			}
+		}()
+	}
+
+	// Wait for long tail, before closing results.
+	go func() {
+		wg.Wait()
+		close(errCh)
+	}()
+
+	// Reduce: Collect all the results into a relevant return: the earliest offset to return an error.
+	firstErr := rwErr{math.MaxInt64, nil}
+	for rwErr := range errCh {
+		if rwErr.off <= firstErr.off {
+			firstErr = rwErr
+		}
+
+		select {
+		case <-cancel:
+		default:
+			// stop any more work from being distributed.
+			close(cancel)
+		}
+	}
+
+	if firstErr.err != nil {
+		// firstErr.err != nil if and only if firstErr.off is a valid offset.
+		//
+		// firstErr.off will then be the lesser of:
+		// * the offset of the first error from writing,
+		// * the last successfully read offset.
+		//
+		// This could be less than the last successfully written offset,
+		// which is the whole reason for the UseConcurrentWrites() ClientOption.
+		//
+		// Callers are responsible for truncating any SFTP files to a safe length.
+		f.offset = firstErr.off
+
+		// ReadFrom is defined to return the read bytes, regardless of any writer errors.
+		return read, firstErr.err
+	}
+
+	f.offset += read
+	return read, nil
+}
+
+// ReadFrom reads data from r until EOF and writes it to the file. The return
+// value is the number of bytes read. Any error except io.EOF encountered
+// during the read is also returned.
+//
+// This method is preferred over calling Write multiple times
+// to maximise throughput for transferring the entire file,
+// especially over high-latency links.
+func (f *File) ReadFrom(r io.Reader) (int64, error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	if f.c.useConcurrentWrites {
+		var remain int64
+		switch r := r.(type) {
+		case interface{ Len() int }:
+			remain = int64(r.Len())
+
+		case interface{ Size() int64 }:
+			remain = r.Size()
+
+		case *io.LimitedReader:
+			remain = r.N
+
+		case interface{ Stat() (os.FileInfo, error) }:
+			info, err := r.Stat()
+			if err == nil {
+				remain = info.Size()
+			}
+		}
+
+		if remain < 0 {
+			// We can strongly assert that we want default max concurrency here.
+			return f.ReadFromWithConcurrency(r, f.c.maxConcurrentRequests)
+		}
+
+		if remain > int64(f.c.maxPacket) {
+			// Otherwise, only use concurrency, if it would be at least two packets.
+
+			// This is the best reasonable guess we can make.
+			concurrency64 := remain/int64(f.c.maxPacket) + 1
+
+			// We need to cap this value to an `int` size value to avoid overflow on 32-bit machines.
+			// So, we may as well pre-cap it to `f.c.maxConcurrentRequests`.
+			if concurrency64 > int64(f.c.maxConcurrentRequests) {
+				concurrency64 = int64(f.c.maxConcurrentRequests)
+			}
+
+			return f.ReadFromWithConcurrency(r, int(concurrency64))
+		}
+	}
+
+	ch := make(chan result, 1) // reusable channel
+
+	b := make([]byte, f.c.maxPacket)
+
+	var read int64
+	for {
+		n, err := r.Read(b)
+		if n < 0 {
+			panic("sftp.File: reader returned negative count from Read")
+		}
+
+		if n > 0 {
+			read += int64(n)
+
+			m, err2 := f.writeChunkAt(ch, b[:n], f.offset)
+			f.offset += int64(m)
+
+			if err == nil {
+				err = err2
+			}
+		}
+
+		if err != nil {
+			if err == io.EOF {
+				return read, nil // return nil explicitly.
+			}
+
+			return read, err
+		}
+	}
+}
+
+// Seek implements io.Seeker by setting the client offset for the next Read or
+// Write. It returns the next offset read. Seeking before or after the end of
+// the file is undefined. Seeking relative to the end calls Stat.
+func (f *File) Seek(offset int64, whence int) (int64, error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	switch whence {
+	case io.SeekStart:
+	case io.SeekCurrent:
+		offset += f.offset
+	case io.SeekEnd:
+		fi, err := f.Stat()
+		if err != nil {
+			return f.offset, err
+		}
+		offset += fi.Size()
+	default:
+		return f.offset, unimplementedSeekWhence(whence)
+	}
+
+	if offset < 0 {
+		return f.offset, os.ErrInvalid
+	}
+
+	f.offset = offset
+	return f.offset, nil
+}
+
+// Chown changes the uid/gid of the current file.
+func (f *File) Chown(uid, gid int) error {
+	return f.c.Chown(f.path, uid, gid)
+}
+
+// Chmod changes the permissions of the current file.
+//
+// See Client.Chmod for details.
+func (f *File) Chmod(mode os.FileMode) error {
+	return f.c.setfstat(f.handle, sshFileXferAttrPermissions, toChmodPerm(mode))
+}
+
+// Sync requests a flush of the contents of a File to stable storage.
+//
+// Sync requires the server to support the fsync@openssh.com extension.
+func (f *File) Sync() error {
+	id := f.c.nextID()
+	typ, data, err := f.c.sendPacket(nil, &sshFxpFsyncPacket{
+		ID:     id,
+		Handle: f.handle,
+	})
+
+	switch {
+	case err != nil:
+		return err
+	case typ == sshFxpStatus:
+		return normaliseError(unmarshalStatus(id, data))
+	default:
+		return &unexpectedPacketErr{want: sshFxpStatus, got: typ}
+	}
+}
+
+// Truncate sets the size of the current file. Although it may be safely assumed
+// that if the size is less than its current size it will be truncated to fit,
+// the SFTP protocol does not specify what behavior the server should do when setting
+// size greater than the current size.
+// We send a SSH_FXP_FSETSTAT here since we have a file handle
+func (f *File) Truncate(size int64) error {
+	return f.c.setfstat(f.handle, sshFileXferAttrSize, uint64(size))
+}
+
+// normaliseError normalises an error into a more standard form that can be
+// checked against stdlib errors like io.EOF or os.ErrNotExist.
+func normaliseError(err error) error {
+	switch err := err.(type) {
+	case *StatusError:
+		switch err.Code {
+		case sshFxEOF:
+			return io.EOF
+		case sshFxNoSuchFile:
+			return os.ErrNotExist
+		case sshFxPermissionDenied:
+			return os.ErrPermission
+		case sshFxOk:
+			return nil
+		default:
+			return err
+		}
+	default:
+		return err
+	}
+}
+
+// flags converts the flags passed to OpenFile into ssh flags.
+// Unsupported flags are ignored.
+func flags(f int) uint32 {
+	var out uint32
+	switch f & os.O_WRONLY {
+	case os.O_WRONLY:
+		out |= sshFxfWrite
+	case os.O_RDONLY:
+		out |= sshFxfRead
+	}
+	if f&os.O_RDWR == os.O_RDWR {
+		out |= sshFxfRead | sshFxfWrite
+	}
+	if f&os.O_APPEND == os.O_APPEND {
+		out |= sshFxfAppend
+	}
+	if f&os.O_CREATE == os.O_CREATE {
+		out |= sshFxfCreat
+	}
+	if f&os.O_TRUNC == os.O_TRUNC {
+		out |= sshFxfTrunc
+	}
+	if f&os.O_EXCL == os.O_EXCL {
+		out |= sshFxfExcl
+	}
+	return out
+}
+
+// toChmodPerm converts Go permission bits to POSIX permission bits.
+//
+// This differs from fromFileMode in that we preserve the POSIX versions of
+// setuid, setgid and sticky in m, because we've historically supported those
+// bits, and we mask off any non-permission bits.
+func toChmodPerm(m os.FileMode) (perm uint32) {
+	const mask = os.ModePerm | s_ISUID | s_ISGID | s_ISVTX
+	perm = uint32(m & mask)
+
+	if m&os.ModeSetuid != 0 {
+		perm |= s_ISUID
+	}
+	if m&os.ModeSetgid != 0 {
+		perm |= s_ISGID
+	}
+	if m&os.ModeSticky != 0 {
+		perm |= s_ISVTX
+	}
+
+	return perm
+}
diff --git a/vendor/github.com/pkg/sftp/conn.go b/vendor/github.com/pkg/sftp/conn.go
new file mode 100644
index 000000000..7d9514237
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/conn.go
@@ -0,0 +1,189 @@
+package sftp
+
+import (
+	"encoding"
+	"fmt"
+	"io"
+	"sync"
+)
+
+// conn implements a bidirectional channel on which client and server
+// connections are multiplexed.
+type conn struct {
+	io.Reader
+	io.WriteCloser
+	// this is the same allocator used in packet manager
+	alloc      *allocator
+	sync.Mutex // used to serialise writes to sendPacket
+}
+
+// the orderID is used in server mode if the allocator is enabled.
+// For the client mode just pass 0
+func (c *conn) recvPacket(orderID uint32) (uint8, []byte, error) {
+	return recvPacket(c, c.alloc, orderID)
+}
+
+func (c *conn) sendPacket(m encoding.BinaryMarshaler) error {
+	c.Lock()
+	defer c.Unlock()
+
+	return sendPacket(c, m)
+}
+
+func (c *conn) Close() error {
+	c.Lock()
+	defer c.Unlock()
+	return c.WriteCloser.Close()
+}
+
+type clientConn struct {
+	conn
+	wg sync.WaitGroup
+
+	sync.Mutex                          // protects inflight
+	inflight   map[uint32]chan<- result // outstanding requests
+
+	closed chan struct{}
+	err    error
+}
+
+// Wait blocks until the conn has shut down, and return the error
+// causing the shutdown. It can be called concurrently from multiple
+// goroutines.
+func (c *clientConn) Wait() error {
+	<-c.closed
+	return c.err
+}
+
+// Close closes the SFTP session.
+func (c *clientConn) Close() error {
+	defer c.wg.Wait()
+	return c.conn.Close()
+}
+
+func (c *clientConn) loop() {
+	defer c.wg.Done()
+	err := c.recv()
+	if err != nil {
+		c.broadcastErr(err)
+	}
+}
+
+// recv continuously reads from the server and forwards responses to the
+// appropriate channel.
+func (c *clientConn) recv() error {
+	defer c.conn.Close()
+
+	for {
+		typ, data, err := c.recvPacket(0)
+		if err != nil {
+			return err
+		}
+		sid, _, err := unmarshalUint32Safe(data)
+		if err != nil {
+			return err
+		}
+
+		ch, ok := c.getChannel(sid)
+		if !ok {
+			// This is an unexpected occurrence. Send the error
+			// back to all listeners so that they terminate
+			// gracefully.
+			return fmt.Errorf("sid not found: %d", sid)
+		}
+
+		ch <- result{typ: typ, data: data}
+	}
+}
+
+func (c *clientConn) putChannel(ch chan<- result, sid uint32) bool {
+	c.Lock()
+	defer c.Unlock()
+
+	select {
+	case <-c.closed:
+		// already closed with broadcastErr, return error on chan.
+		ch <- result{err: ErrSSHFxConnectionLost}
+		return false
+	default:
+	}
+
+	c.inflight[sid] = ch
+	return true
+}
+
+func (c *clientConn) getChannel(sid uint32) (chan<- result, bool) {
+	c.Lock()
+	defer c.Unlock()
+
+	ch, ok := c.inflight[sid]
+	delete(c.inflight, sid)
+
+	return ch, ok
+}
+
+// result captures the result of receiving the a packet from the server
+type result struct {
+	typ  byte
+	data []byte
+	err  error
+}
+
+type idmarshaler interface {
+	id() uint32
+	encoding.BinaryMarshaler
+}
+
+func (c *clientConn) sendPacket(ch chan result, p idmarshaler) (byte, []byte, error) {
+	if cap(ch) < 1 {
+		ch = make(chan result, 1)
+	}
+
+	c.dispatchRequest(ch, p)
+	s := <-ch
+	return s.typ, s.data, s.err
+}
+
+// dispatchRequest should ideally only be called by race-detection tests outside of this file,
+// where you have to ensure two packets are in flight sequentially after each other.
+func (c *clientConn) dispatchRequest(ch chan<- result, p idmarshaler) {
+	sid := p.id()
+
+	if !c.putChannel(ch, sid) {
+		// already closed.
+		return
+	}
+
+	if err := c.conn.sendPacket(p); err != nil {
+		if ch, ok := c.getChannel(sid); ok {
+			ch <- result{err: err}
+		}
+	}
+}
+
+// broadcastErr sends an error to all goroutines waiting for a response.
+func (c *clientConn) broadcastErr(err error) {
+	c.Lock()
+	defer c.Unlock()
+
+	bcastRes := result{err: ErrSSHFxConnectionLost}
+	for sid, ch := range c.inflight {
+		ch <- bcastRes
+
+		// Replace the chan in inflight,
+		// we have hijacked this chan,
+		// and this guarantees always-only-once sending.
+		c.inflight[sid] = make(chan<- result, 1)
+	}
+
+	c.err = err
+	close(c.closed)
+}
+
+type serverConn struct {
+	conn
+}
+
+func (s *serverConn) sendError(id uint32, err error) error {
+	return s.sendPacket(statusFromError(id, err))
+}
diff --git a/vendor/github.com/pkg/sftp/debug.go b/vendor/github.com/pkg/sftp/debug.go
new file mode 100644
index 000000000..3e264abe3
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/debug.go
@@ -0,0 +1,9 @@
+// +build debug
+
+package sftp
+
+import "log"
+
+func debug(fmt string, args ...interface{}) {
+	log.Printf(fmt, args...)
+}
diff --git a/vendor/github.com/pkg/sftp/fuzz.go b/vendor/github.com/pkg/sftp/fuzz.go
new file mode 100644
index 000000000..169aebc28
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/fuzz.go
@@ -0,0 +1,22 @@
+// +build gofuzz
+
+package sftp
+
+import "bytes"
+
+type sinkfuzz struct{}
+
+func (*sinkfuzz) Close() error                { return nil }
+func (*sinkfuzz) Write(p []byte) (int, error) { return len(p), nil }
+
+var devnull = &sinkfuzz{}
+
+// To run: go-fuzz-build && go-fuzz
+func Fuzz(data []byte) int {
+	c, err := NewClientPipe(bytes.NewReader(data), devnull)
+	if err != nil {
+		return 0
+	}
+	c.Close()
+	return 1
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/attrs.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/attrs.go
new file mode 100644
index 000000000..eed61bfc6
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/attrs.go
@@ -0,0 +1,325 @@
+package filexfer
+
+// Attributes related flags.
+const (
+	AttrSize        = 1 << iota // SSH_FILEXFER_ATTR_SIZE
+	AttrUIDGID                  // SSH_FILEXFER_ATTR_UIDGID
+	AttrPermissions             // SSH_FILEXFER_ATTR_PERMISSIONS
+	AttrACModTime               // SSH_FILEXFER_ACMODTIME
+
+	AttrExtended = 1 << 31 // SSH_FILEXFER_ATTR_EXTENDED
+)
+
+// Attributes defines the file attributes type defined in draft-ietf-secsh-filexfer-02
+//
+// Defined in: https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-5
+type Attributes struct {
+	Flags uint32
+
+	// AttrSize
+	Size uint64
+
+	// AttrUIDGID
+	UID uint32
+	GID uint32
+
+	// AttrPermissions
+	Permissions FileMode
+
+	// AttrACmodTime
+	ATime uint32
+	MTime uint32
+
+	// AttrExtended
+	ExtendedAttributes []ExtendedAttribute
+}
+
+// GetSize returns the Size field and a bool that is true if and only if the value is valid/defined.
+func (a *Attributes) GetSize() (size uint64, ok bool) {
+	return a.Size, a.Flags&AttrSize != 0
+}
+
+// SetSize is a convenience function that sets the Size field,
+// and marks the field as valid/defined in Flags.
+func (a *Attributes) SetSize(size uint64) {
+	a.Flags |= AttrSize
+	a.Size = size
+}
+
+// GetUIDGID returns the UID and GID fields and a bool that is true if and only if the values are valid/defined.
+func (a *Attributes) GetUIDGID() (uid, gid uint32, ok bool) {
+	return a.UID, a.GID, a.Flags&AttrUIDGID != 0
+}
+
+// SetUIDGID is a convenience function that sets the UID and GID fields,
+// and marks the fields as valid/defined in Flags.
+func (a *Attributes) SetUIDGID(uid, gid uint32) {
+	a.Flags |= AttrUIDGID
+	a.UID = uid
+	a.GID = gid
+}
+
+// GetPermissions returns the Permissions field and a bool that is true if and only if the value is valid/defined.
+func (a *Attributes) GetPermissions() (perms FileMode, ok bool) {
+	return a.Permissions, a.Flags&AttrPermissions != 0
+}
+
+// SetPermissions is a convenience function that sets the Permissions field,
+// and marks the field as valid/defined in Flags.
+func (a *Attributes) SetPermissions(perms FileMode) {
+	a.Flags |= AttrPermissions
+	a.Permissions = perms
+}
+
+// GetACModTime returns the ATime and MTime fields and a bool that is true if and only if the values are valid/defined.
+func (a *Attributes) GetACModTime() (atime, mtime uint32, ok bool) {
+	return a.ATime, a.MTime, a.Flags&AttrACModTime != 0
+}
+
+// SetACModTime is a convenience function that sets the ATime and MTime fields,
+// and marks the fields as valid/defined in Flags.
+func (a *Attributes) SetACModTime(atime, mtime uint32) {
+	a.Flags |= AttrACModTime
+	a.ATime = atime
+	a.MTime = mtime
+}
+
+// Len returns the number of bytes a would marshal into.
+func (a *Attributes) Len() int {
+	length := 4
+
+	if a.Flags&AttrSize != 0 {
+		length += 8
+	}
+
+	if a.Flags&AttrUIDGID != 0 {
+		length += 4 + 4
+	}
+
+	if a.Flags&AttrPermissions != 0 {
+		length += 4
+	}
+
+	if a.Flags&AttrACModTime != 0 {
+		length += 4 + 4
+	}
+
+	if a.Flags&AttrExtended != 0 {
+		length += 4
+
+		for _, ext := range a.ExtendedAttributes {
+			length += ext.Len()
+		}
+	}
+
+	return length
+}
+
+// MarshalInto marshals e onto the end of the given Buffer.
+func (a *Attributes) MarshalInto(b *Buffer) {
+	b.AppendUint32(a.Flags)
+
+	if a.Flags&AttrSize != 0 {
+		b.AppendUint64(a.Size)
+	}
+
+	if a.Flags&AttrUIDGID != 0 {
+		b.AppendUint32(a.UID)
+		b.AppendUint32(a.GID)
+	}
+
+	if a.Flags&AttrPermissions != 0 {
+		b.AppendUint32(uint32(a.Permissions))
+	}
+
+	if a.Flags&AttrACModTime != 0 {
+		b.AppendUint32(a.ATime)
+		b.AppendUint32(a.MTime)
+	}
+
+	if a.Flags&AttrExtended != 0 {
+		b.AppendUint32(uint32(len(a.ExtendedAttributes)))
+
+		for _, ext := range a.ExtendedAttributes {
+			ext.MarshalInto(b)
+		}
+	}
+}
+
+// MarshalBinary returns a as the binary encoding of a.
+func (a *Attributes) MarshalBinary() ([]byte, error) {
+	buf := NewBuffer(make([]byte, 0, a.Len()))
+	a.MarshalInto(buf)
+	return buf.Bytes(), nil
+}
+
+// UnmarshalFrom unmarshals an Attributes from the given Buffer into e.
+//
+// NOTE: The values of fields not covered in the a.Flags are explicitly undefined.
+func (a *Attributes) UnmarshalFrom(b *Buffer) (err error) {
+	flags, err := b.ConsumeUint32()
+	if err != nil {
+		return err
+	}
+
+	return a.XXX_UnmarshalByFlags(flags, b)
+}
+
+// XXX_UnmarshalByFlags uses the pre-existing a.Flags field to determine which fields to decode.
+// DO NOT USE THIS: it is an anti-corruption function to implement existing internal usage in pkg/sftp.
+// This function is not a part of any compatibility promise.
+func (a *Attributes) XXX_UnmarshalByFlags(flags uint32, b *Buffer) (err error) {
+	a.Flags = flags
+
+	// Short-circuit dummy attributes.
+	if a.Flags == 0 {
+		return nil
+	}
+
+	if a.Flags&AttrSize != 0 {
+		if a.Size, err = b.ConsumeUint64(); err != nil {
+			return err
+		}
+	}
+
+	if a.Flags&AttrUIDGID != 0 {
+		if a.UID, err = b.ConsumeUint32(); err != nil {
+			return err
+		}
+
+		if a.GID, err = b.ConsumeUint32(); err != nil {
+			return err
+		}
+	}
+
+	if a.Flags&AttrPermissions != 0 {
+		m, err := b.ConsumeUint32()
+		if err != nil {
+			return err
+		}
+
+		a.Permissions = FileMode(m)
+	}
+
+	if a.Flags&AttrACModTime != 0 {
+		if a.ATime, err = b.ConsumeUint32(); err != nil {
+			return err
+		}
+
+		if a.MTime, err = b.ConsumeUint32(); err != nil {
+			return err
+		}
+	}
+
+	if a.Flags&AttrExtended != 0 {
+		count, err := b.ConsumeUint32()
+		if err != nil {
+			return err
+		}
+
+		a.ExtendedAttributes = make([]ExtendedAttribute, count)
+		for i := range a.ExtendedAttributes {
+			a.ExtendedAttributes[i].UnmarshalFrom(b)
+		}
+	}
+
+	return nil
+}
+
+// UnmarshalBinary decodes the binary encoding of Attributes into e.
+func (a *Attributes) UnmarshalBinary(data []byte) error {
+	return a.UnmarshalFrom(NewBuffer(data))
+}
+
+// ExtendedAttribute defines the extended file attribute type defined in draft-ietf-secsh-filexfer-02
+//
+// Defined in: https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-5
+type ExtendedAttribute struct {
+	Type string
+	Data string
+}
+
+// Len returns the number of bytes e would marshal into.
+func (e *ExtendedAttribute) Len() int {
+	return 4 + len(e.Type) + 4 + len(e.Data)
+}
+
+// MarshalInto marshals e onto the end of the given Buffer.
+func (e *ExtendedAttribute) MarshalInto(b *Buffer) {
+	b.AppendString(e.Type)
+	b.AppendString(e.Data)
+}
+
+// MarshalBinary returns e as the binary encoding of e.
+func (e *ExtendedAttribute) MarshalBinary() ([]byte, error) {
+	buf := NewBuffer(make([]byte, 0, e.Len()))
+	e.MarshalInto(buf)
+	return buf.Bytes(), nil
+}
+
+// UnmarshalFrom unmarshals an ExtendedAattribute from the given Buffer into e.
+func (e *ExtendedAttribute) UnmarshalFrom(b *Buffer) (err error) {
+	if e.Type, err = b.ConsumeString(); err != nil {
+		return err
+	}
+
+	if e.Data, err = b.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// UnmarshalBinary decodes the binary encoding of ExtendedAttribute into e.
+func (e *ExtendedAttribute) UnmarshalBinary(data []byte) error {
+	return e.UnmarshalFrom(NewBuffer(data))
+}
+
+// NameEntry implements the SSH_FXP_NAME repeated data type from draft-ietf-secsh-filexfer-02
+//
+// This type is incompatible with versions 4 or higher.
+type NameEntry struct {
+	Filename string
+	Longname string
+	Attrs    Attributes
+}
+
+// Len returns the number of bytes e would marshal into.
+func (e *NameEntry) Len() int {
+	return 4 + len(e.Filename) + 4 + len(e.Longname) + e.Attrs.Len()
+}
+
+// MarshalInto marshals e onto the end of the given Buffer.
+func (e *NameEntry) MarshalInto(b *Buffer) {
+	b.AppendString(e.Filename)
+	b.AppendString(e.Longname)
+
+	e.Attrs.MarshalInto(b)
+}
+
+// MarshalBinary returns e as the binary encoding of e.
+func (e *NameEntry) MarshalBinary() ([]byte, error) {
+	buf := NewBuffer(make([]byte, 0, e.Len()))
+	e.MarshalInto(buf)
+	return buf.Bytes(), nil
+}
+
+// UnmarshalFrom unmarshals an NameEntry from the given Buffer into e.
+//
+// NOTE: The values of fields not covered in the a.Flags are explicitly undefined.
+func (e *NameEntry) UnmarshalFrom(b *Buffer) (err error) {
+	if e.Filename, err = b.ConsumeString(); err != nil {
+		return err
+	}
+
+	if e.Longname, err = b.ConsumeString(); err != nil {
+		return err
+	}
+
+	return e.Attrs.UnmarshalFrom(b)
+}
+
+// UnmarshalBinary decodes the binary encoding of NameEntry into e.
+func (e *NameEntry) UnmarshalBinary(data []byte) error {
+	return e.UnmarshalFrom(NewBuffer(data))
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/buffer.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/buffer.go
new file mode 100644
index 000000000..a6086036e
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/buffer.go
@@ -0,0 +1,293 @@
+package filexfer
+
+import (
+	"encoding/binary"
+	"errors"
+)
+
+// Various encoding errors.
+var (
+	ErrShortPacket = errors.New("packet too short")
+	ErrLongPacket  = errors.New("packet too long")
+)
+
+// Buffer wraps up the various encoding details of the SSH format.
+//
+// Data types are encoded as per section 4 from https://tools.ietf.org/html/draft-ietf-secsh-architecture-09#page-8
+type Buffer struct {
+	b   []byte
+	off int
+}
+
+// NewBuffer creates and initializes a new buffer using buf as its initial contents.
+// The new buffer takes ownership of buf, and the caller should not use buf after this call.
+//
+// In most cases, new(Buffer) (or just declaring a Buffer variable) is sufficient to initialize a Buffer.
+func NewBuffer(buf []byte) *Buffer {
+	return &Buffer{
+		b: buf,
+	}
+}
+
+// NewMarshalBuffer creates a new Buffer ready to start marshaling a Packet into.
+// It preallocates enough space for uint32(length), uint8(type), uint32(request-id) and size more bytes.
+func NewMarshalBuffer(size int) *Buffer {
+	return NewBuffer(make([]byte, 4+1+4+size))
+}
+
+// Bytes returns a slice of length b.Len() holding the unconsumed bytes in the Buffer.
+// The slice is valid for use only until the next buffer modification
+// (that is, only until the next call to an Append or Consume method).
+func (b *Buffer) Bytes() []byte {
+	return b.b[b.off:]
+}
+
+// Len returns the number of unconsumed bytes in the buffer.
+func (b *Buffer) Len() int { return len(b.b) - b.off }
+
+// Cap returns the capacity of the buffer’s underlying byte slice,
+// that is, the total space allocated for the buffer’s data.
+func (b *Buffer) Cap() int { return cap(b.b) }
+
+// Reset resets the buffer to be empty, but it retains the underlying storage for use by future Appends.
+func (b *Buffer) Reset() {
+	b.b = b.b[:0]
+	b.off = 0
+}
+
+// StartPacket resets and initializes the buffer to be ready to start marshaling a packet into.
+// It truncates the buffer, reserves space for uint32(length), then appends the given packetType and requestID.
+func (b *Buffer) StartPacket(packetType PacketType, requestID uint32) {
+	b.b, b.off = append(b.b[:0], make([]byte, 4)...), 0
+
+	b.AppendUint8(uint8(packetType))
+	b.AppendUint32(requestID)
+}
+
+// Packet finalizes the packet started from StartPacket.
+// It is expected that this will end the ownership of the underlying byte-slice,
+// and so the returned byte-slices may be reused the same as any other byte-slice,
+// the caller should not use this buffer after this call.
+//
+// It writes the packet body length into the first four bytes of the buffer in network byte order (big endian).
+// The packet body length is the length of this buffer less the 4-byte length itself, plus the length of payload.
+//
+// It is assumed that no Consume methods have been called on this buffer,
+// and so it returns the whole underlying slice.
+func (b *Buffer) Packet(payload []byte) (header, payloadPassThru []byte, err error) {
+	b.PutLength(len(b.b) - 4 + len(payload))
+
+	return b.b, payload, nil
+}
+
+// ConsumeUint8 consumes a single byte from the buffer.
+// If the buffer does not have enough data, it will return ErrShortPacket.
+func (b *Buffer) ConsumeUint8() (uint8, error) {
+	if b.Len() < 1 {
+		return 0, ErrShortPacket
+	}
+
+	var v uint8
+	v, b.off = b.b[b.off], b.off+1
+	return v, nil
+}
+
+// AppendUint8 appends a single byte into the buffer.
+func (b *Buffer) AppendUint8(v uint8) {
+	b.b = append(b.b, v)
+}
+
+// ConsumeBool consumes a single byte from the buffer, and returns true if that byte is non-zero.
+// If the buffer does not have enough data, it will return ErrShortPacket.
+func (b *Buffer) ConsumeBool() (bool, error) {
+	v, err := b.ConsumeUint8()
+	if err != nil {
+		return false, err
+	}
+
+	return v != 0, nil
+}
+
+// AppendBool appends a single bool into the buffer.
+// It encodes it as a single byte, with false as 0, and true as 1.
+func (b *Buffer) AppendBool(v bool) {
+	if v {
+		b.AppendUint8(1)
+	} else {
+		b.AppendUint8(0)
+	}
+}
+
+// ConsumeUint16 consumes a single uint16 from the buffer, in network byte order (big-endian).
+// If the buffer does not have enough data, it will return ErrShortPacket.
+func (b *Buffer) ConsumeUint16() (uint16, error) {
+	if b.Len() < 2 {
+		return 0, ErrShortPacket
+	}
+
+	v := binary.BigEndian.Uint16(b.b[b.off:])
+	b.off += 2
+	return v, nil
+}
+
+// AppendUint16 appends single uint16 into the buffer, in network byte order (big-endian).
+func (b *Buffer) AppendUint16(v uint16) {
+	b.b = append(b.b,
+		byte(v>>8),
+		byte(v>>0),
+	)
+}
+
+// unmarshalUint32 is used internally to read the packet length.
+// It is unsafe, and so not exported.
+// Even within this package, its use should be avoided.
+func unmarshalUint32(b []byte) uint32 {
+	return binary.BigEndian.Uint32(b[:4])
+}
+
+// ConsumeUint32 consumes a single uint32 from the buffer, in network byte order (big-endian).
+// If the buffer does not have enough data, it will return ErrShortPacket.
+func (b *Buffer) ConsumeUint32() (uint32, error) {
+	if b.Len() < 4 {
+		return 0, ErrShortPacket
+	}
+
+	v := binary.BigEndian.Uint32(b.b[b.off:])
+	b.off += 4
+	return v, nil
+}
+
+// AppendUint32 appends a single uint32 into the buffer, in network byte order (big-endian).
+func (b *Buffer) AppendUint32(v uint32) {
+	b.b = append(b.b,
+		byte(v>>24),
+		byte(v>>16),
+		byte(v>>8),
+		byte(v>>0),
+	)
+}
+
+// ConsumeUint64 consumes a single uint64 from the buffer, in network byte order (big-endian).
+// If the buffer does not have enough data, it will return ErrShortPacket.
+func (b *Buffer) ConsumeUint64() (uint64, error) {
+	if b.Len() < 8 {
+		return 0, ErrShortPacket
+	}
+
+	v := binary.BigEndian.Uint64(b.b[b.off:])
+	b.off += 8
+	return v, nil
+}
+
+// AppendUint64 appends a single uint64 into the buffer, in network byte order (big-endian).
+func (b *Buffer) AppendUint64(v uint64) {
+	b.b = append(b.b,
+		byte(v>>56),
+		byte(v>>48),
+		byte(v>>40),
+		byte(v>>32),
+		byte(v>>24),
+		byte(v>>16),
+		byte(v>>8),
+		byte(v>>0),
+	)
+}
+
+// ConsumeInt64 consumes a single int64 from the buffer, in network byte order (big-endian) with two’s complement.
+// If the buffer does not have enough data, it will return ErrShortPacket.
+func (b *Buffer) ConsumeInt64() (int64, error) {
+	u, err := b.ConsumeUint64()
+	if err != nil {
+		return 0, err
+	}
+
+	return int64(u), err
+}
+
+// AppendInt64 appends a single int64 into the buffer, in network byte order (big-endian) with two’s complement.
+func (b *Buffer) AppendInt64(v int64) {
+	b.AppendUint64(uint64(v))
+}
+
+// ConsumeByteSlice consumes a single string of raw binary data from the buffer.
+// A string is a uint32 length, followed by that number of raw bytes.
+// If the buffer does not have enough data, or defines a length larger than available, it will return ErrShortPacket.
+//
+// The returned slice aliases the buffer contents, and is valid only as long as the buffer is not reused
+// (that is, only until the next call to Reset, PutLength, StartPacket, or UnmarshalBinary).
+//
+// In no case will any Consume calls return overlapping slice aliases,
+// and Append calls are guaranteed to not disturb this slice alias.
+func (b *Buffer) ConsumeByteSlice() ([]byte, error) {
+	length, err := b.ConsumeUint32()
+	if err != nil {
+		return nil, err
+	}
+
+	if b.Len() < int(length) {
+		return nil, ErrShortPacket
+	}
+
+	v := b.b[b.off:]
+	if len(v) > int(length) {
+		v = v[:length:length]
+	}
+	b.off += int(length)
+	return v, nil
+}
+
+// AppendByteSlice appends a single string of raw binary data into the buffer.
+// A string is a uint32 length, followed by that number of raw bytes.
+func (b *Buffer) AppendByteSlice(v []byte) {
+	b.AppendUint32(uint32(len(v)))
+	b.b = append(b.b, v...)
+}
+
+// ConsumeString consumes a single string of binary data from the buffer.
+// A string is a uint32 length, followed by that number of raw bytes.
+// If the buffer does not have enough data, or defines a length larger than available, it will return ErrShortPacket.
+//
+// NOTE: Go implicitly assumes that strings contain UTF-8 encoded data.
+// All caveats on using arbitrary binary data in Go strings applies.
+func (b *Buffer) ConsumeString() (string, error) {
+	v, err := b.ConsumeByteSlice()
+	if err != nil {
+		return "", err
+	}
+
+	return string(v), nil
+}
+
+// AppendString appends a single string of binary data into the buffer.
+// A string is a uint32 length, followed by that number of raw bytes.
+func (b *Buffer) AppendString(v string) {
+	b.AppendByteSlice([]byte(v))
+}
+
+// PutLength writes the given size into the first four bytes of the buffer in network byte order (big endian).
+func (b *Buffer) PutLength(size int) {
+	if len(b.b) < 4 {
+		b.b = append(b.b, make([]byte, 4-len(b.b))...)
+	}
+
+	binary.BigEndian.PutUint32(b.b, uint32(size))
+}
+
+// MarshalBinary returns a clone of the full internal buffer.
+func (b *Buffer) MarshalBinary() ([]byte, error) {
+	clone := make([]byte, len(b.b))
+	n := copy(clone, b.b)
+	return clone[:n], nil
+}
+
+// UnmarshalBinary sets the internal buffer of b to be a clone of data, and zeros the internal offset.
+func (b *Buffer) UnmarshalBinary(data []byte) error {
+	if grow := len(data) - len(b.b); grow > 0 {
+		b.b = append(b.b, make([]byte, grow)...)
+	}
+
+	n := copy(b.b, data)
+	b.b = b.b[:n]
+	b.off = 0
+	return nil
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/extended_packets.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/extended_packets.go
new file mode 100644
index 000000000..6b7b2cef4
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/extended_packets.go
@@ -0,0 +1,142 @@
+package filexfer
+
+import (
+	"encoding"
+	"sync"
+)
+
+// ExtendedData aliases the untyped interface composition of encoding.BinaryMarshaler and encoding.BinaryUnmarshaler.
+type ExtendedData = interface {
+	encoding.BinaryMarshaler
+	encoding.BinaryUnmarshaler
+}
+
+// ExtendedDataConstructor defines a function that returns a new(ArbitraryExtendedPacket).
+type ExtendedDataConstructor func() ExtendedData
+
+var extendedPacketTypes = struct {
+	mu           sync.RWMutex
+	constructors map[string]ExtendedDataConstructor
+}{
+	constructors: make(map[string]ExtendedDataConstructor),
+}
+
+// RegisterExtendedPacketType defines a specific ExtendedDataConstructor for the given extension string.
+func RegisterExtendedPacketType(extension string, constructor ExtendedDataConstructor) {
+	extendedPacketTypes.mu.Lock()
+	defer extendedPacketTypes.mu.Unlock()
+
+	if _, exist := extendedPacketTypes.constructors[extension]; exist {
+		panic("encoding/ssh/filexfer: multiple registration of extended packet type " + extension)
+	}
+
+	extendedPacketTypes.constructors[extension] = constructor
+}
+
+func newExtendedPacket(extension string) ExtendedData {
+	extendedPacketTypes.mu.RLock()
+	defer extendedPacketTypes.mu.RUnlock()
+
+	if f := extendedPacketTypes.constructors[extension]; f != nil {
+		return f()
+	}
+
+	return new(Buffer)
+}
+
+// ExtendedPacket defines the SSH_FXP_CLOSE packet.
+type ExtendedPacket struct {
+	ExtendedRequest string
+
+	Data ExtendedData
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *ExtendedPacket) Type() PacketType {
+	return PacketTypeExtended
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+//
+// The Data is marshaled into binary, and returned as the payload.
+func (p *ExtendedPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.ExtendedRequest) // string(extended-request)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeExtended, reqid)
+	buf.AppendString(p.ExtendedRequest)
+
+	if p.Data != nil {
+		payload, err = p.Data.MarshalBinary()
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+//
+// If p.Data is nil, and the extension has been registered, a new type will be made from the registration.
+// If the extension has not been registered, then a new Buffer will be allocated.
+// Then the request-specific-data will be unmarshaled from the rest of the buffer.
+func (p *ExtendedPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.ExtendedRequest, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if p.Data == nil {
+		p.Data = newExtendedPacket(p.ExtendedRequest)
+	}
+
+	return p.Data.UnmarshalBinary(buf.Bytes())
+}
+
+// ExtendedReplyPacket defines the SSH_FXP_CLOSE packet.
+type ExtendedReplyPacket struct {
+	Data ExtendedData
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *ExtendedReplyPacket) Type() PacketType {
+	return PacketTypeExtendedReply
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+//
+// The Data is marshaled into binary, and returned as the payload.
+func (p *ExtendedReplyPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		buf = NewMarshalBuffer(0)
+	}
+
+	buf.StartPacket(PacketTypeExtendedReply, reqid)
+
+	if p.Data != nil {
+		payload, err = p.Data.MarshalBinary()
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+//
+// If p.Data is nil, and there is request-specific-data,
+// then the request-specific-data will be wrapped in a Buffer and assigned to p.Data.
+func (p *ExtendedReplyPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Data == nil {
+		p.Data = new(Buffer)
+	}
+
+	return p.Data.UnmarshalBinary(buf.Bytes())
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/extensions.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/extensions.go
new file mode 100644
index 000000000..11c0b99c2
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/extensions.go
@@ -0,0 +1,46 @@
+package filexfer
+
+// ExtensionPair defines the extension-pair type defined in draft-ietf-secsh-filexfer-13.
+// This type is backwards-compatible with how draft-ietf-secsh-filexfer-02 defines extensions.
+//
+// Defined in: https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-4.2
+type ExtensionPair struct {
+	Name string
+	Data string
+}
+
+// Len returns the number of bytes e would marshal into.
+func (e *ExtensionPair) Len() int {
+	return 4 + len(e.Name) + 4 + len(e.Data)
+}
+
+// MarshalInto marshals e onto the end of the given Buffer.
+func (e *ExtensionPair) MarshalInto(buf *Buffer) {
+	buf.AppendString(e.Name)
+	buf.AppendString(e.Data)
+}
+
+// MarshalBinary returns e as the binary encoding of e.
+func (e *ExtensionPair) MarshalBinary() ([]byte, error) {
+	buf := NewBuffer(make([]byte, 0, e.Len()))
+	e.MarshalInto(buf)
+	return buf.Bytes(), nil
+}
+
+// UnmarshalFrom unmarshals an ExtensionPair from the given Buffer into e.
+func (e *ExtensionPair) UnmarshalFrom(buf *Buffer) (err error) {
+	if e.Name, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if e.Data, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// UnmarshalBinary decodes the binary encoding of ExtensionPair into e.
+func (e *ExtensionPair) UnmarshalBinary(data []byte) error {
+	return e.UnmarshalFrom(NewBuffer(data))
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/filexfer.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/filexfer.go
new file mode 100644
index 000000000..1e5abf746
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/filexfer.go
@@ -0,0 +1,54 @@
+// Package filexfer implements the wire encoding for secsh-filexfer as described in https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
+package filexfer
+
+// PacketMarshaller narrowly defines packets that will only be transmitted.
+//
+// ExtendedPacket types will often only implement this interface,
+// since decoding the whole packet body of an ExtendedPacket can only be done dependent on the ExtendedRequest field.
+type PacketMarshaller interface {
+	// MarshalPacket is the primary intended way to encode a packet.
+	// The request-id for the packet is set from reqid.
+	//
+	// An optional buffer may be given in b.
+	// If the buffer has a minimum capacity, it shall be truncated and used to marshal the header into.
+	// The minimum capacity for the packet must be a constant expression, and should be at least 9.
+	//
+	// It shall return the main body of the encoded packet in header,
+	// and may optionally return an additional payload to be written immediately after the header.
+	//
+	// It shall encode in the first 4-bytes of the header the proper length of the rest of the header+payload.
+	MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error)
+}
+
+// Packet defines the behavior of a full generic SFTP packet.
+//
+// InitPacket, and VersionPacket are not generic SFTP packets, and instead implement (Un)MarshalBinary.
+//
+// ExtendedPacket types should not iplement this interface,
+// since decoding the whole packet body of an ExtendedPacket can only be done dependent on the ExtendedRequest field.
+type Packet interface {
+	PacketMarshaller
+
+	// Type returns the SSH_FXP_xy value associated with the specific packet.
+	Type() PacketType
+
+	// UnmarshalPacketBody decodes a packet body from the given Buffer.
+	// It is assumed that the common header values of the length, type and request-id have already been consumed.
+	//
+	// Implementations should not alias the given Buffer,
+	// instead they can consider prepopulating an internal buffer as a hint,
+	// and copying into that buffer if it has sufficient length.
+	UnmarshalPacketBody(buf *Buffer) error
+}
+
+// ComposePacket converts returns from MarshalPacket into an equivalent call to MarshalBinary.
+func ComposePacket(header, payload []byte, err error) ([]byte, error) {
+	return append(header, payload...), err
+}
+
+// Default length values,
+// Defined in draft-ietf-secsh-filexfer-02 section 3.
+const (
+	DefaultMaxPacketLength = 34000
+	DefaultMaxDataLength   = 32768
+)
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/fx.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/fx.go
new file mode 100644
index 000000000..48f869861
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/fx.go
@@ -0,0 +1,147 @@
+package filexfer
+
+import (
+	"fmt"
+)
+
+// Status defines the SFTP error codes used in SSH_FXP_STATUS response packets.
+type Status uint32
+
+// Defines the various SSH_FX_* values.
+const (
+	// see draft-ietf-secsh-filexfer-02
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-7
+	StatusOK = Status(iota)
+	StatusEOF
+	StatusNoSuchFile
+	StatusPermissionDenied
+	StatusFailure
+	StatusBadMessage
+	StatusNoConnection
+	StatusConnectionLost
+	StatusOPUnsupported
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-03#section-7
+	StatusV4InvalidHandle
+	StatusV4NoSuchPath
+	StatusV4FileAlreadyExists
+	StatusV4WriteProtect
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-7
+	StatusV4NoMedia
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-05#section-7
+	StatusV5NoSpaceOnFilesystem
+	StatusV5QuotaExceeded
+	StatusV5UnknownPrincipal
+	StatusV5LockConflict
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-06#section-8
+	StatusV6DirNotEmpty
+	StatusV6NotADirectory
+	StatusV6InvalidFilename
+	StatusV6LinkLoop
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-07#section-8
+	StatusV6CannotDelete
+	StatusV6InvalidParameter
+	StatusV6FileIsADirectory
+	StatusV6ByteRangeLockConflict
+	StatusV6ByteRangeLockRefused
+	StatusV6DeletePending
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-08#section-8.1
+	StatusV6FileCorrupt
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-10#section-9.1
+	StatusV6OwnerInvalid
+	StatusV6GroupInvalid
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1
+	StatusV6NoMatchingByteRangeLock
+)
+
+func (s Status) Error() string {
+	return s.String()
+}
+
+// Is returns true if the target is the same Status code,
+// or target is a StatusPacket with the same Status code.
+func (s Status) Is(target error) bool {
+	if target, ok := target.(*StatusPacket); ok {
+		return target.StatusCode == s
+	}
+
+	return s == target
+}
+
+func (s Status) String() string {
+	switch s {
+	case StatusOK:
+		return "SSH_FX_OK"
+	case StatusEOF:
+		return "SSH_FX_EOF"
+	case StatusNoSuchFile:
+		return "SSH_FX_NO_SUCH_FILE"
+	case StatusPermissionDenied:
+		return "SSH_FX_PERMISSION_DENIED"
+	case StatusFailure:
+		return "SSH_FX_FAILURE"
+	case StatusBadMessage:
+		return "SSH_FX_BAD_MESSAGE"
+	case StatusNoConnection:
+		return "SSH_FX_NO_CONNECTION"
+	case StatusConnectionLost:
+		return "SSH_FX_CONNECTION_LOST"
+	case StatusOPUnsupported:
+		return "SSH_FX_OP_UNSUPPORTED"
+	case StatusV4InvalidHandle:
+		return "SSH_FX_INVALID_HANDLE"
+	case StatusV4NoSuchPath:
+		return "SSH_FX_NO_SUCH_PATH"
+	case StatusV4FileAlreadyExists:
+		return "SSH_FX_FILE_ALREADY_EXISTS"
+	case StatusV4WriteProtect:
+		return "SSH_FX_WRITE_PROTECT"
+	case StatusV4NoMedia:
+		return "SSH_FX_NO_MEDIA"
+	case StatusV5NoSpaceOnFilesystem:
+		return "SSH_FX_NO_SPACE_ON_FILESYSTEM"
+	case StatusV5QuotaExceeded:
+		return "SSH_FX_QUOTA_EXCEEDED"
+	case StatusV5UnknownPrincipal:
+		return "SSH_FX_UNKNOWN_PRINCIPAL"
+	case StatusV5LockConflict:
+		return "SSH_FX_LOCK_CONFLICT"
+	case StatusV6DirNotEmpty:
+		return "SSH_FX_DIR_NOT_EMPTY"
+	case StatusV6NotADirectory:
+		return "SSH_FX_NOT_A_DIRECTORY"
+	case StatusV6InvalidFilename:
+		return "SSH_FX_INVALID_FILENAME"
+	case StatusV6LinkLoop:
+		return "SSH_FX_LINK_LOOP"
+	case StatusV6CannotDelete:
+		return "SSH_FX_CANNOT_DELETE"
+	case StatusV6InvalidParameter:
+		return "SSH_FX_INVALID_PARAMETER"
+	case StatusV6FileIsADirectory:
+		return "SSH_FX_FILE_IS_A_DIRECTORY"
+	case StatusV6ByteRangeLockConflict:
+		return "SSH_FX_BYTE_RANGE_LOCK_CONFLICT"
+	case StatusV6ByteRangeLockRefused:
+		return "SSH_FX_BYTE_RANGE_LOCK_REFUSED"
+	case StatusV6DeletePending:
+		return "SSH_FX_DELETE_PENDING"
+	case StatusV6FileCorrupt:
+		return "SSH_FX_FILE_CORRUPT"
+	case StatusV6OwnerInvalid:
+		return "SSH_FX_OWNER_INVALID"
+	case StatusV6GroupInvalid:
+		return "SSH_FX_GROUP_INVALID"
+	case StatusV6NoMatchingByteRangeLock:
+		return "SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK"
+	default:
+		return fmt.Sprintf("SSH_FX_UNKNOWN(%d)", s)
+	}
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/fxp.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/fxp.go
new file mode 100644
index 000000000..15caf6d28
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/fxp.go
@@ -0,0 +1,124 @@
+package filexfer
+
+import (
+	"fmt"
+)
+
+// PacketType defines the various SFTP packet types.
+type PacketType uint8
+
+// Request packet types.
+const (
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-3
+	PacketTypeInit = PacketType(iota + 1)
+	PacketTypeVersion
+	PacketTypeOpen
+	PacketTypeClose
+	PacketTypeRead
+	PacketTypeWrite
+	PacketTypeLStat
+	PacketTypeFStat
+	PacketTypeSetstat
+	PacketTypeFSetstat
+	PacketTypeOpenDir
+	PacketTypeReadDir
+	PacketTypeRemove
+	PacketTypeMkdir
+	PacketTypeRmdir
+	PacketTypeRealPath
+	PacketTypeStat
+	PacketTypeRename
+	PacketTypeReadLink
+	PacketTypeSymlink
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-07#section-3.3
+	PacketTypeV6Link
+
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-08#section-3.3
+	PacketTypeV6Block
+	PacketTypeV6Unblock
+)
+
+// Response packet types.
+const (
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-3
+	PacketTypeStatus = PacketType(iota + 101)
+	PacketTypeHandle
+	PacketTypeData
+	PacketTypeName
+	PacketTypeAttrs
+)
+
+// Extended packet types.
+const (
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-3
+	PacketTypeExtended = PacketType(iota + 200)
+	PacketTypeExtendedReply
+)
+
+func (f PacketType) String() string {
+	switch f {
+	case PacketTypeInit:
+		return "SSH_FXP_INIT"
+	case PacketTypeVersion:
+		return "SSH_FXP_VERSION"
+	case PacketTypeOpen:
+		return "SSH_FXP_OPEN"
+	case PacketTypeClose:
+		return "SSH_FXP_CLOSE"
+	case PacketTypeRead:
+		return "SSH_FXP_READ"
+	case PacketTypeWrite:
+		return "SSH_FXP_WRITE"
+	case PacketTypeLStat:
+		return "SSH_FXP_LSTAT"
+	case PacketTypeFStat:
+		return "SSH_FXP_FSTAT"
+	case PacketTypeSetstat:
+		return "SSH_FXP_SETSTAT"
+	case PacketTypeFSetstat:
+		return "SSH_FXP_FSETSTAT"
+	case PacketTypeOpenDir:
+		return "SSH_FXP_OPENDIR"
+	case PacketTypeReadDir:
+		return "SSH_FXP_READDIR"
+	case PacketTypeRemove:
+		return "SSH_FXP_REMOVE"
+	case PacketTypeMkdir:
+		return "SSH_FXP_MKDIR"
+	case PacketTypeRmdir:
+		return "SSH_FXP_RMDIR"
+	case PacketTypeRealPath:
+		return "SSH_FXP_REALPATH"
+	case PacketTypeStat:
+		return "SSH_FXP_STAT"
+	case PacketTypeRename:
+		return "SSH_FXP_RENAME"
+	case PacketTypeReadLink:
+		return "SSH_FXP_READLINK"
+	case PacketTypeSymlink:
+		return "SSH_FXP_SYMLINK"
+	case PacketTypeV6Link:
+		return "SSH_FXP_LINK"
+	case PacketTypeV6Block:
+		return "SSH_FXP_BLOCK"
+	case PacketTypeV6Unblock:
+		return "SSH_FXP_UNBLOCK"
+	case PacketTypeStatus:
+		return "SSH_FXP_STATUS"
+	case PacketTypeHandle:
+		return "SSH_FXP_HANDLE"
+	case PacketTypeData:
+		return "SSH_FXP_DATA"
+	case PacketTypeName:
+		return "SSH_FXP_NAME"
+	case PacketTypeAttrs:
+		return "SSH_FXP_ATTRS"
+	case PacketTypeExtended:
+		return "SSH_FXP_EXTENDED"
+	case PacketTypeExtendedReply:
+		return "SSH_FXP_EXTENDED_REPLY"
+	default:
+		return fmt.Sprintf("SSH_FXP_UNKNOWN(%d)", f)
+	}
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/handle_packets.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/handle_packets.go
new file mode 100644
index 000000000..a14277128
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/handle_packets.go
@@ -0,0 +1,249 @@
+package filexfer
+
+// ClosePacket defines the SSH_FXP_CLOSE packet.
+type ClosePacket struct {
+	Handle string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *ClosePacket) Type() PacketType {
+	return PacketTypeClose
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *ClosePacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Handle) // string(handle)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeClose, reqid)
+	buf.AppendString(p.Handle)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *ClosePacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Handle, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ReadPacket defines the SSH_FXP_READ packet.
+type ReadPacket struct {
+	Handle string
+	Offset uint64
+	Len    uint32
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *ReadPacket) Type() PacketType {
+	return PacketTypeRead
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *ReadPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		// string(handle) + uint64(offset) + uint32(len)
+		size := 4 + len(p.Handle) + 8 + 4
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeRead, reqid)
+	buf.AppendString(p.Handle)
+	buf.AppendUint64(p.Offset)
+	buf.AppendUint32(p.Len)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *ReadPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Handle, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if p.Offset, err = buf.ConsumeUint64(); err != nil {
+		return err
+	}
+
+	if p.Len, err = buf.ConsumeUint32(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// WritePacket defines the SSH_FXP_WRITE packet.
+type WritePacket struct {
+	Handle string
+	Offset uint64
+	Data   []byte
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *WritePacket) Type() PacketType {
+	return PacketTypeWrite
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *WritePacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		// string(handle) + uint64(offset) + uint32(len(data)); data content in payload
+		size := 4 + len(p.Handle) + 8 + 4
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeWrite, reqid)
+	buf.AppendString(p.Handle)
+	buf.AppendUint64(p.Offset)
+	buf.AppendUint32(uint32(len(p.Data)))
+
+	return buf.Packet(p.Data)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+//
+// If p.Data is already populated, and of sufficient length to hold the data,
+// then this will copy the data into that byte slice.
+//
+// If p.Data has a length insufficient to hold the data,
+// then this will make a new slice of sufficient length, and copy the data into that.
+//
+// This means this _does not_ alias any of the data buffer that is passed in.
+func (p *WritePacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Handle, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if p.Offset, err = buf.ConsumeUint64(); err != nil {
+		return err
+	}
+
+	data, err := buf.ConsumeByteSlice()
+	if err != nil {
+		return err
+	}
+
+	if len(p.Data) < len(data) {
+		p.Data = make([]byte, len(data))
+	}
+
+	n := copy(p.Data, data)
+	p.Data = p.Data[:n]
+	return nil
+}
+
+// FStatPacket defines the SSH_FXP_FSTAT packet.
+type FStatPacket struct {
+	Handle string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *FStatPacket) Type() PacketType {
+	return PacketTypeFStat
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *FStatPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Handle) // string(handle)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeFStat, reqid)
+	buf.AppendString(p.Handle)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *FStatPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Handle, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// FSetstatPacket defines the SSH_FXP_FSETSTAT packet.
+type FSetstatPacket struct {
+	Handle string
+	Attrs  Attributes
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *FSetstatPacket) Type() PacketType {
+	return PacketTypeFSetstat
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *FSetstatPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Handle) + p.Attrs.Len() // string(handle) + ATTRS(attrs)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeFSetstat, reqid)
+	buf.AppendString(p.Handle)
+
+	p.Attrs.MarshalInto(buf)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *FSetstatPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Handle, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return p.Attrs.UnmarshalFrom(buf)
+}
+
+// ReadDirPacket defines the SSH_FXP_READDIR packet.
+type ReadDirPacket struct {
+	Handle string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *ReadDirPacket) Type() PacketType {
+	return PacketTypeReadDir
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *ReadDirPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Handle) // string(handle)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeReadDir, reqid)
+	buf.AppendString(p.Handle)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *ReadDirPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Handle, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/init_packets.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/init_packets.go
new file mode 100644
index 000000000..b0bc6f505
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/init_packets.go
@@ -0,0 +1,99 @@
+package filexfer
+
+// InitPacket defines the SSH_FXP_INIT packet.
+type InitPacket struct {
+	Version    uint32
+	Extensions []*ExtensionPair
+}
+
+// MarshalBinary returns p as the binary encoding of p.
+func (p *InitPacket) MarshalBinary() ([]byte, error) {
+	size := 1 + 4 // byte(type) + uint32(version)
+
+	for _, ext := range p.Extensions {
+		size += ext.Len()
+	}
+
+	b := NewBuffer(make([]byte, 4, 4+size))
+	b.AppendUint8(uint8(PacketTypeInit))
+	b.AppendUint32(p.Version)
+
+	for _, ext := range p.Extensions {
+		ext.MarshalInto(b)
+	}
+
+	b.PutLength(size)
+
+	return b.Bytes(), nil
+}
+
+// UnmarshalBinary unmarshals a full raw packet out of the given data.
+// It is assumed that the uint32(length) has already been consumed to receive the data.
+// It is also assumed that the uint8(type) has already been consumed to which packet to unmarshal into.
+func (p *InitPacket) UnmarshalBinary(data []byte) (err error) {
+	buf := NewBuffer(data)
+
+	if p.Version, err = buf.ConsumeUint32(); err != nil {
+		return err
+	}
+
+	for buf.Len() > 0 {
+		var ext ExtensionPair
+		if err := ext.UnmarshalFrom(buf); err != nil {
+			return err
+		}
+
+		p.Extensions = append(p.Extensions, &ext)
+	}
+
+	return nil
+}
+
+// VersionPacket defines the SSH_FXP_VERSION packet.
+type VersionPacket struct {
+	Version    uint32
+	Extensions []*ExtensionPair
+}
+
+// MarshalBinary returns p as the binary encoding of p.
+func (p *VersionPacket) MarshalBinary() ([]byte, error) {
+	size := 1 + 4 // byte(type) + uint32(version)
+
+	for _, ext := range p.Extensions {
+		size += ext.Len()
+	}
+
+	b := NewBuffer(make([]byte, 4, 4+size))
+	b.AppendUint8(uint8(PacketTypeVersion))
+	b.AppendUint32(p.Version)
+
+	for _, ext := range p.Extensions {
+		ext.MarshalInto(b)
+	}
+
+	b.PutLength(size)
+
+	return b.Bytes(), nil
+}
+
+// UnmarshalBinary unmarshals a full raw packet out of the given data.
+// It is assumed that the uint32(length) has already been consumed to receive the data.
+// It is also assumed that the uint8(type) has already been consumed to which packet to unmarshal into.
+func (p *VersionPacket) UnmarshalBinary(data []byte) (err error) {
+	buf := NewBuffer(data)
+
+	if p.Version, err = buf.ConsumeUint32(); err != nil {
+		return err
+	}
+
+	for buf.Len() > 0 {
+		var ext ExtensionPair
+		if err := ext.UnmarshalFrom(buf); err != nil {
+			return err
+		}
+
+		p.Extensions = append(p.Extensions, &ext)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/open_packets.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/open_packets.go
new file mode 100644
index 000000000..135871142
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/open_packets.go
@@ -0,0 +1,89 @@
+package filexfer
+
+// SSH_FXF_* flags.
+const (
+	FlagRead      = 1 << iota // SSH_FXF_READ
+	FlagWrite                 // SSH_FXF_WRITE
+	FlagAppend                // SSH_FXF_APPEND
+	FlagCreate                // SSH_FXF_CREAT
+	FlagTruncate              // SSH_FXF_TRUNC
+	FlagExclusive             // SSH_FXF_EXCL
+)
+
+// OpenPacket defines the SSH_FXP_OPEN packet.
+type OpenPacket struct {
+	Filename string
+	PFlags   uint32
+	Attrs    Attributes
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *OpenPacket) Type() PacketType {
+	return PacketTypeOpen
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *OpenPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		// string(filename) + uint32(pflags) + ATTRS(attrs)
+		size := 4 + len(p.Filename) + 4 + p.Attrs.Len()
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeOpen, reqid)
+	buf.AppendString(p.Filename)
+	buf.AppendUint32(p.PFlags)
+
+	p.Attrs.MarshalInto(buf)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *OpenPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Filename, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if p.PFlags, err = buf.ConsumeUint32(); err != nil {
+		return err
+	}
+
+	return p.Attrs.UnmarshalFrom(buf)
+}
+
+// OpenDirPacket defines the SSH_FXP_OPENDIR packet.
+type OpenDirPacket struct {
+	Path string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *OpenDirPacket) Type() PacketType {
+	return PacketTypeOpenDir
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *OpenDirPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) // string(path)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeOpenDir, reqid)
+	buf.AppendString(p.Path)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *OpenDirPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/packets.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/packets.go
new file mode 100644
index 000000000..3f24e9c22
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/packets.go
@@ -0,0 +1,323 @@
+package filexfer
+
+import (
+	"errors"
+	"fmt"
+	"io"
+)
+
+// smallBufferSize is an initial allocation minimal capacity.
+const smallBufferSize = 64
+
+func newPacketFromType(typ PacketType) (Packet, error) {
+	switch typ {
+	case PacketTypeOpen:
+		return new(OpenPacket), nil
+	case PacketTypeClose:
+		return new(ClosePacket), nil
+	case PacketTypeRead:
+		return new(ReadPacket), nil
+	case PacketTypeWrite:
+		return new(WritePacket), nil
+	case PacketTypeLStat:
+		return new(LStatPacket), nil
+	case PacketTypeFStat:
+		return new(FStatPacket), nil
+	case PacketTypeSetstat:
+		return new(SetstatPacket), nil
+	case PacketTypeFSetstat:
+		return new(FSetstatPacket), nil
+	case PacketTypeOpenDir:
+		return new(OpenDirPacket), nil
+	case PacketTypeReadDir:
+		return new(ReadDirPacket), nil
+	case PacketTypeRemove:
+		return new(RemovePacket), nil
+	case PacketTypeMkdir:
+		return new(MkdirPacket), nil
+	case PacketTypeRmdir:
+		return new(RmdirPacket), nil
+	case PacketTypeRealPath:
+		return new(RealPathPacket), nil
+	case PacketTypeStat:
+		return new(StatPacket), nil
+	case PacketTypeRename:
+		return new(RenamePacket), nil
+	case PacketTypeReadLink:
+		return new(ReadLinkPacket), nil
+	case PacketTypeSymlink:
+		return new(SymlinkPacket), nil
+	case PacketTypeExtended:
+		return new(ExtendedPacket), nil
+	default:
+		return nil, fmt.Errorf("unexpected request packet type: %v", typ)
+	}
+}
+
+// RawPacket implements the general packet format from draft-ietf-secsh-filexfer-02
+//
+// RawPacket is intended for use in clients receiving responses,
+// where a response will be expected to be of a limited number of types,
+// and unmarshaling unknown/unexpected response packets is unnecessary.
+//
+// For servers expecting to receive arbitrary request packet types,
+// use RequestPacket.
+//
+// Defined in https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-3
+type RawPacket struct {
+	PacketType PacketType
+	RequestID  uint32
+
+	Data Buffer
+}
+
+// Type returns the Type field defining the SSH_FXP_xy type for this packet.
+func (p *RawPacket) Type() PacketType {
+	return p.PacketType
+}
+
+// Reset clears the pointers and reference-semantic variables of RawPacket,
+// releasing underlying resources, and making them and the RawPacket suitable to be reused,
+// so long as no other references have been kept.
+func (p *RawPacket) Reset() {
+	p.Data = Buffer{}
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+//
+// The internal p.RequestID is overridden by the reqid argument.
+func (p *RawPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		buf = NewMarshalBuffer(0)
+	}
+
+	buf.StartPacket(p.PacketType, reqid)
+
+	return buf.Packet(p.Data.Bytes())
+}
+
+// MarshalBinary returns p as the binary encoding of p.
+//
+// This is a convenience implementation primarily intended for tests,
+// because it is inefficient with allocations.
+func (p *RawPacket) MarshalBinary() ([]byte, error) {
+	return ComposePacket(p.MarshalPacket(p.RequestID, nil))
+}
+
+// UnmarshalFrom decodes a RawPacket from the given Buffer into p.
+//
+// The Data field will alias the passed in Buffer,
+// so the buffer passed in should not be reused before RawPacket.Reset().
+func (p *RawPacket) UnmarshalFrom(buf *Buffer) error {
+	typ, err := buf.ConsumeUint8()
+	if err != nil {
+		return err
+	}
+
+	p.PacketType = PacketType(typ)
+
+	if p.RequestID, err = buf.ConsumeUint32(); err != nil {
+		return err
+	}
+
+	p.Data = *buf
+	return nil
+}
+
+// UnmarshalBinary decodes a full raw packet out of the given data.
+// It is assumed that the uint32(length) has already been consumed to receive the data.
+//
+// This is a convenience implementation primarily intended for tests,
+// because this must clone the given data byte slice,
+// as Data is not allowed to alias any part of the data byte slice.
+func (p *RawPacket) UnmarshalBinary(data []byte) error {
+	clone := make([]byte, len(data))
+	n := copy(clone, data)
+	return p.UnmarshalFrom(NewBuffer(clone[:n]))
+}
+
+// readPacket reads a uint32 length-prefixed binary data packet from r.
+// using the given byte slice as a backing array.
+//
+// If the packet length read from r is bigger than maxPacketLength,
+// or greater than math.MaxInt32 on a 32-bit implementation,
+// then a `ErrLongPacket` error will be returned.
+//
+// If the given byte slice is insufficient to hold the packet,
+// then it will be extended to fill the packet size.
+func readPacket(r io.Reader, b []byte, maxPacketLength uint32) ([]byte, error) {
+	if cap(b) < 4 {
+		// We will need allocate our own buffer just for reading the packet length.
+
+		// However, we don’t really want to allocate an extremely narrow buffer (4-bytes),
+		// and cause unnecessary allocation churn from both length reads and small packet reads,
+		// so we use smallBufferSize from the bytes package as a reasonable guess.
+
+		// But if callers really do want to force narrow throw-away allocation of every packet body,
+		// they can do so with a buffer of capacity 4.
+		b = make([]byte, smallBufferSize)
+	}
+
+	if _, err := io.ReadFull(r, b[:4]); err != nil {
+		return nil, err
+	}
+
+	length := unmarshalUint32(b)
+	if int(length) < 5 {
+		// Must have at least uint8(type) and uint32(request-id)
+
+		if int(length) < 0 {
+			// Only possible when strconv.IntSize == 32,
+			// the packet length is longer than math.MaxInt32,
+			// and thus longer than any possible slice.
+			return nil, ErrLongPacket
+		}
+
+		return nil, ErrShortPacket
+	}
+	if length > maxPacketLength {
+		return nil, ErrLongPacket
+	}
+
+	if int(length) > cap(b) {
+		// We know int(length) must be positive, because of tests above.
+		b = make([]byte, length)
+	}
+
+	n, err := io.ReadFull(r, b[:length])
+	return b[:n], err
+}
+
+// ReadFrom provides a simple functional packet reader,
+// using the given byte slice as a backing array.
+//
+// To protect against potential denial of service attacks,
+// if the read packet length is longer than maxPacketLength,
+// then no packet data will be read, and ErrLongPacket will be returned.
+// (On 32-bit int architectures, all packets >= 2^31 in length
+// will return ErrLongPacket regardless of maxPacketLength.)
+//
+// If the read packet length is longer than cap(b),
+// then a throw-away slice will allocated to meet the exact packet length.
+// This can be used to limit the length of reused buffers,
+// while still allowing reception of occasional large packets.
+//
+// The Data field may alias the passed in byte slice,
+// so the byte slice passed in should not be reused before RawPacket.Reset().
+func (p *RawPacket) ReadFrom(r io.Reader, b []byte, maxPacketLength uint32) error {
+	b, err := readPacket(r, b, maxPacketLength)
+	if err != nil {
+		return err
+	}
+
+	return p.UnmarshalFrom(NewBuffer(b))
+}
+
+// RequestPacket implements the general packet format from draft-ietf-secsh-filexfer-02
+// but also automatically decode/encodes valid request packets (2 < type < 100 || type == 200).
+//
+// RequestPacket is intended for use in servers receiving requests,
+// where any arbitrary request may be received, and so decoding them automatically
+// is useful.
+//
+// For clients expecting to receive specific response packet types,
+// where automatic unmarshaling of the packet body does not make sense,
+// use RawPacket.
+//
+// Defined in https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-3
+type RequestPacket struct {
+	RequestID uint32
+
+	Request Packet
+}
+
+// Type returns the SSH_FXP_xy value associated with the underlying packet.
+func (p *RequestPacket) Type() PacketType {
+	return p.Request.Type()
+}
+
+// Reset clears the pointers and reference-semantic variables in RequestPacket,
+// releasing underlying resources, and making them and the RequestPacket suitable to be reused,
+// so long as no other references have been kept.
+func (p *RequestPacket) Reset() {
+	p.Request = nil
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+//
+// The internal p.RequestID is overridden by the reqid argument.
+func (p *RequestPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	if p.Request == nil {
+		return nil, nil, errors.New("empty request packet")
+	}
+
+	return p.Request.MarshalPacket(reqid, b)
+}
+
+// MarshalBinary returns p as the binary encoding of p.
+//
+// This is a convenience implementation primarily intended for tests,
+// because it is inefficient with allocations.
+func (p *RequestPacket) MarshalBinary() ([]byte, error) {
+	return ComposePacket(p.MarshalPacket(p.RequestID, nil))
+}
+
+// UnmarshalFrom decodes a RequestPacket from the given Buffer into p.
+//
+// The Request field may alias the passed in Buffer, (e.g. SSH_FXP_WRITE),
+// so the buffer passed in should not be reused before RequestPacket.Reset().
+func (p *RequestPacket) UnmarshalFrom(buf *Buffer) error {
+	typ, err := buf.ConsumeUint8()
+	if err != nil {
+		return err
+	}
+
+	p.Request, err = newPacketFromType(PacketType(typ))
+	if err != nil {
+		return err
+	}
+
+	if p.RequestID, err = buf.ConsumeUint32(); err != nil {
+		return err
+	}
+
+	return p.Request.UnmarshalPacketBody(buf)
+}
+
+// UnmarshalBinary decodes a full request packet out of the given data.
+// It is assumed that the uint32(length) has already been consumed to receive the data.
+//
+// This is a convenience implementation primarily intended for tests,
+// because this must clone the given data byte slice,
+// as Request is not allowed to alias any part of the data byte slice.
+func (p *RequestPacket) UnmarshalBinary(data []byte) error {
+	clone := make([]byte, len(data))
+	n := copy(clone, data)
+	return p.UnmarshalFrom(NewBuffer(clone[:n]))
+}
+
+// ReadFrom provides a simple functional packet reader,
+// using the given byte slice as a backing array.
+//
+// To protect against potential denial of service attacks,
+// if the read packet length is longer than maxPacketLength,
+// then no packet data will be read, and ErrLongPacket will be returned.
+// (On 32-bit int architectures, all packets >= 2^31 in length
+// will return ErrLongPacket regardless of maxPacketLength.)
+//
+// If the read packet length is longer than cap(b),
+// then a throw-away slice will allocated to meet the exact packet length.
+// This can be used to limit the length of reused buffers,
+// while still allowing reception of occasional large packets.
+//
+// The Request field may alias the passed in byte slice,
+// so the byte slice passed in should not be reused before RawPacket.Reset().
+func (p *RequestPacket) ReadFrom(r io.Reader, b []byte, maxPacketLength uint32) error {
+	b, err := readPacket(r, b, maxPacketLength)
+	if err != nil {
+		return err
+	}
+
+	return p.UnmarshalFrom(NewBuffer(b))
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/path_packets.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/path_packets.go
new file mode 100644
index 000000000..e6f692d9f
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/path_packets.go
@@ -0,0 +1,368 @@
+package filexfer
+
+// LStatPacket defines the SSH_FXP_LSTAT packet.
+type LStatPacket struct {
+	Path string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *LStatPacket) Type() PacketType {
+	return PacketTypeLStat
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *LStatPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) // string(path)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeLStat, reqid)
+	buf.AppendString(p.Path)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *LStatPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// SetstatPacket defines the SSH_FXP_SETSTAT packet.
+type SetstatPacket struct {
+	Path  string
+	Attrs Attributes
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *SetstatPacket) Type() PacketType {
+	return PacketTypeSetstat
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *SetstatPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) + p.Attrs.Len() // string(path) + ATTRS(attrs)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeSetstat, reqid)
+	buf.AppendString(p.Path)
+
+	p.Attrs.MarshalInto(buf)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *SetstatPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return p.Attrs.UnmarshalFrom(buf)
+}
+
+// RemovePacket defines the SSH_FXP_REMOVE packet.
+type RemovePacket struct {
+	Path string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *RemovePacket) Type() PacketType {
+	return PacketTypeRemove
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *RemovePacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) // string(path)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeRemove, reqid)
+	buf.AppendString(p.Path)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *RemovePacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MkdirPacket defines the SSH_FXP_MKDIR packet.
+type MkdirPacket struct {
+	Path  string
+	Attrs Attributes
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *MkdirPacket) Type() PacketType {
+	return PacketTypeMkdir
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *MkdirPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) + p.Attrs.Len() // string(path) + ATTRS(attrs)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeMkdir, reqid)
+	buf.AppendString(p.Path)
+
+	p.Attrs.MarshalInto(buf)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *MkdirPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return p.Attrs.UnmarshalFrom(buf)
+}
+
+// RmdirPacket defines the SSH_FXP_RMDIR packet.
+type RmdirPacket struct {
+	Path string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *RmdirPacket) Type() PacketType {
+	return PacketTypeRmdir
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *RmdirPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) // string(path)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeRmdir, reqid)
+	buf.AppendString(p.Path)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *RmdirPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RealPathPacket defines the SSH_FXP_REALPATH packet.
+type RealPathPacket struct {
+	Path string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *RealPathPacket) Type() PacketType {
+	return PacketTypeRealPath
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *RealPathPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) // string(path)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeRealPath, reqid)
+	buf.AppendString(p.Path)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *RealPathPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// StatPacket defines the SSH_FXP_STAT packet.
+type StatPacket struct {
+	Path string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *StatPacket) Type() PacketType {
+	return PacketTypeStat
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *StatPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) // string(path)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeStat, reqid)
+	buf.AppendString(p.Path)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *StatPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RenamePacket defines the SSH_FXP_RENAME packet.
+type RenamePacket struct {
+	OldPath string
+	NewPath string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *RenamePacket) Type() PacketType {
+	return PacketTypeRename
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *RenamePacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		// string(oldpath) + string(newpath)
+		size := 4 + len(p.OldPath) + 4 + len(p.NewPath)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeRename, reqid)
+	buf.AppendString(p.OldPath)
+	buf.AppendString(p.NewPath)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *RenamePacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.OldPath, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if p.NewPath, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ReadLinkPacket defines the SSH_FXP_READLINK packet.
+type ReadLinkPacket struct {
+	Path string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *ReadLinkPacket) Type() PacketType {
+	return PacketTypeReadLink
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *ReadLinkPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Path) // string(path)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeReadLink, reqid)
+	buf.AppendString(p.Path)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *ReadLinkPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Path, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// SymlinkPacket defines the SSH_FXP_SYMLINK packet.
+//
+// The order of the arguments to the SSH_FXP_SYMLINK method was inadvertently reversed.
+// Unfortunately, the reversal was not noticed until the server was widely deployed.
+// Covered in Section 3.1 of https://github.com/openssh/openssh-portable/blob/master/PROTOCOL
+type SymlinkPacket struct {
+	LinkPath   string
+	TargetPath string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *SymlinkPacket) Type() PacketType {
+	return PacketTypeSymlink
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *SymlinkPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		// string(targetpath) + string(linkpath)
+		size := 4 + len(p.TargetPath) + 4 + len(p.LinkPath)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeSymlink, reqid)
+
+	// Arguments were inadvertently reversed.
+	buf.AppendString(p.TargetPath)
+	buf.AppendString(p.LinkPath)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *SymlinkPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	// Arguments were inadvertently reversed.
+	if p.TargetPath, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if p.LinkPath, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/permissions.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/permissions.go
new file mode 100644
index 000000000..2fe63d591
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/permissions.go
@@ -0,0 +1,114 @@
+package filexfer
+
+// FileMode represents a file’s mode and permission bits.
+// The bits are defined according to POSIX standards,
+// and may not apply to the OS being built for.
+type FileMode uint32
+
+// Permission flags, defined here to avoid potential inconsistencies in individual OS implementations.
+const (
+	ModePerm       FileMode = 0o0777 // S_IRWXU | S_IRWXG | S_IRWXO
+	ModeUserRead   FileMode = 0o0400 // S_IRUSR
+	ModeUserWrite  FileMode = 0o0200 // S_IWUSR
+	ModeUserExec   FileMode = 0o0100 // S_IXUSR
+	ModeGroupRead  FileMode = 0o0040 // S_IRGRP
+	ModeGroupWrite FileMode = 0o0020 // S_IWGRP
+	ModeGroupExec  FileMode = 0o0010 // S_IXGRP
+	ModeOtherRead  FileMode = 0o0004 // S_IROTH
+	ModeOtherWrite FileMode = 0o0002 // S_IWOTH
+	ModeOtherExec  FileMode = 0o0001 // S_IXOTH
+
+	ModeSetUID FileMode = 0o4000 // S_ISUID
+	ModeSetGID FileMode = 0o2000 // S_ISGID
+	ModeSticky FileMode = 0o1000 // S_ISVTX
+
+	ModeType       FileMode = 0xF000 // S_IFMT
+	ModeNamedPipe  FileMode = 0x1000 // S_IFIFO
+	ModeCharDevice FileMode = 0x2000 // S_IFCHR
+	ModeDir        FileMode = 0x4000 // S_IFDIR
+	ModeDevice     FileMode = 0x6000 // S_IFBLK
+	ModeRegular    FileMode = 0x8000 // S_IFREG
+	ModeSymlink    FileMode = 0xA000 // S_IFLNK
+	ModeSocket     FileMode = 0xC000 // S_IFSOCK
+)
+
+// IsDir reports whether m describes a directory.
+// That is, it tests for m.Type() == ModeDir.
+func (m FileMode) IsDir() bool {
+	return (m & ModeType) == ModeDir
+}
+
+// IsRegular reports whether m describes a regular file.
+// That is, it tests for m.Type() == ModeRegular
+func (m FileMode) IsRegular() bool {
+	return (m & ModeType) == ModeRegular
+}
+
+// Perm returns the POSIX permission bits in m (m & ModePerm).
+func (m FileMode) Perm() FileMode {
+	return (m & ModePerm)
+}
+
+// Type returns the type bits in m (m & ModeType).
+func (m FileMode) Type() FileMode {
+	return (m & ModeType)
+}
+
+// String returns a `-rwxrwxrwx` style string representing the `ls -l` POSIX permissions string.
+func (m FileMode) String() string {
+	var buf [10]byte
+
+	switch m.Type() {
+	case ModeRegular:
+		buf[0] = '-'
+	case ModeDir:
+		buf[0] = 'd'
+	case ModeSymlink:
+		buf[0] = 'l'
+	case ModeDevice:
+		buf[0] = 'b'
+	case ModeCharDevice:
+		buf[0] = 'c'
+	case ModeNamedPipe:
+		buf[0] = 'p'
+	case ModeSocket:
+		buf[0] = 's'
+	default:
+		buf[0] = '?'
+	}
+
+	const rwx = "rwxrwxrwx"
+	for i, c := range rwx {
+		if m&(1<<uint(9-1-i)) != 0 {
+			buf[i+1] = byte(c)
+		} else {
+			buf[i+1] = '-'
+		}
+	}
+
+	if m&ModeSetUID != 0 {
+		if buf[3] == 'x' {
+			buf[3] = 's'
+		} else {
+			buf[3] = 'S'
+		}
+	}
+
+	if m&ModeSetGID != 0 {
+		if buf[6] == 'x' {
+			buf[6] = 's'
+		} else {
+			buf[6] = 'S'
+		}
+	}
+
+	if m&ModeSticky != 0 {
+		if buf[9] == 'x' {
+			buf[9] = 't'
+		} else {
+			buf[9] = 'T'
+		}
+	}
+
+	return string(buf[:])
+}
diff --git a/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/response_packets.go b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/response_packets.go
new file mode 100644
index 000000000..7a9b3eae8
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/internal/encoding/ssh/filexfer/response_packets.go
@@ -0,0 +1,243 @@
+package filexfer
+
+import (
+	"fmt"
+)
+
+// StatusPacket defines the SSH_FXP_STATUS packet.
+//
+// Specified in https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-7
+type StatusPacket struct {
+	StatusCode   Status
+	ErrorMessage string
+	LanguageTag  string
+}
+
+// Error makes StatusPacket an error type.
+func (p *StatusPacket) Error() string {
+	if p.ErrorMessage == "" {
+		return "sftp: " + p.StatusCode.String()
+	}
+
+	return fmt.Sprintf("sftp: %q (%s)", p.ErrorMessage, p.StatusCode)
+}
+
+// Is returns true if target is a StatusPacket with the same StatusCode,
+// or target is a Status code which is the same as SatusCode.
+func (p *StatusPacket) Is(target error) bool {
+	if target, ok := target.(*StatusPacket); ok {
+		return p.StatusCode == target.StatusCode
+	}
+
+	return p.StatusCode == target
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *StatusPacket) Type() PacketType {
+	return PacketTypeStatus
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *StatusPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		// uint32(error/status code) + string(error message) + string(language tag)
+		size := 4 + 4 + len(p.ErrorMessage) + 4 + len(p.LanguageTag)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeStatus, reqid)
+	buf.AppendUint32(uint32(p.StatusCode))
+	buf.AppendString(p.ErrorMessage)
+	buf.AppendString(p.LanguageTag)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *StatusPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	statusCode, err := buf.ConsumeUint32()
+	if err != nil {
+		return err
+	}
+	p.StatusCode = Status(statusCode)
+
+	if p.ErrorMessage, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	if p.LanguageTag, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// HandlePacket defines the SSH_FXP_HANDLE packet.
+type HandlePacket struct {
+	Handle string
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *HandlePacket) Type() PacketType {
+	return PacketTypeHandle
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *HandlePacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 + len(p.Handle) // string(handle)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeHandle, reqid)
+	buf.AppendString(p.Handle)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *HandlePacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	if p.Handle, err = buf.ConsumeString(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DataPacket defines the SSH_FXP_DATA packet.
+type DataPacket struct {
+	Data []byte
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *DataPacket) Type() PacketType {
+	return PacketTypeData
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *DataPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 // uint32(len(data)); data content in payload
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeData, reqid)
+	buf.AppendUint32(uint32(len(p.Data)))
+
+	return buf.Packet(p.Data)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+//
+// If p.Data is already populated, and of sufficient length to hold the data,
+// then this will copy the data into that byte slice.
+//
+// If p.Data has a length insufficient to hold the data,
+// then this will make a new slice of sufficient length, and copy the data into that.
+//
+// This means this _does not_ alias any of the data buffer that is passed in.
+func (p *DataPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	data, err := buf.ConsumeByteSlice()
+	if err != nil {
+		return err
+	}
+
+	if len(p.Data) < len(data) {
+		p.Data = make([]byte, len(data))
+	}
+
+	n := copy(p.Data, data)
+	p.Data = p.Data[:n]
+	return nil
+}
+
+// NamePacket defines the SSH_FXP_NAME packet.
+type NamePacket struct {
+	Entries []*NameEntry
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *NamePacket) Type() PacketType {
+	return PacketTypeName
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *NamePacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := 4 // uint32(len(entries))
+
+		for _, e := range p.Entries {
+			size += e.Len()
+		}
+
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeName, reqid)
+	buf.AppendUint32(uint32(len(p.Entries)))
+
+	for _, e := range p.Entries {
+		e.MarshalInto(buf)
+	}
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *NamePacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	count, err := buf.ConsumeUint32()
+	if err != nil {
+		return err
+	}
+
+	p.Entries = make([]*NameEntry, 0, count)
+
+	for i := uint32(0); i < count; i++ {
+		var e NameEntry
+		if err := e.UnmarshalFrom(buf); err != nil {
+			return err
+		}
+
+		p.Entries = append(p.Entries, &e)
+	}
+
+	return nil
+}
+
+// AttrsPacket defines the SSH_FXP_ATTRS packet.
+type AttrsPacket struct {
+	Attrs Attributes
+}
+
+// Type returns the SSH_FXP_xy value associated with this packet type.
+func (p *AttrsPacket) Type() PacketType {
+	return PacketTypeAttrs
+}
+
+// MarshalPacket returns p as a two-part binary encoding of p.
+func (p *AttrsPacket) MarshalPacket(reqid uint32, b []byte) (header, payload []byte, err error) {
+	buf := NewBuffer(b)
+	if buf.Cap() < 9 {
+		size := p.Attrs.Len() // ATTRS(attrs)
+		buf = NewMarshalBuffer(size)
+	}
+
+	buf.StartPacket(PacketTypeAttrs, reqid)
+	p.Attrs.MarshalInto(buf)
+
+	return buf.Packet(payload)
+}
+
+// UnmarshalPacketBody unmarshals the packet body from the given Buffer.
+// It is assumed that the uint32(request-id) has already been consumed.
+func (p *AttrsPacket) UnmarshalPacketBody(buf *Buffer) (err error) {
+	return p.Attrs.UnmarshalFrom(buf)
+}
diff --git a/vendor/github.com/pkg/sftp/ls_formatting.go b/vendor/github.com/pkg/sftp/ls_formatting.go
new file mode 100644
index 000000000..e083e22a4
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/ls_formatting.go
@@ -0,0 +1,81 @@
+package sftp
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/user"
+	"strconv"
+	"time"
+
+	sshfx "github.com/pkg/sftp/internal/encoding/ssh/filexfer"
+)
+
+func lsFormatID(id uint32) string {
+	return strconv.FormatUint(uint64(id), 10)
+}
+
+type osIDLookup struct{}
+
+func (osIDLookup) Filelist(*Request) (ListerAt, error) {
+	return nil, errors.New("unimplemented stub")
+}
+
+func (osIDLookup) LookupUserName(uid string) string {
+	u, err := user.LookupId(uid)
+	if err != nil {
+		return uid
+	}
+
+	return u.Username
+}
+
+func (osIDLookup) LookupGroupName(gid string) string {
+	g, err := user.LookupGroupId(gid)
+	if err != nil {
+		return gid
+	}
+
+	return g.Name
+}
+
+// runLs formats the FileInfo as per `ls -l` style, which is in the 'longname' field of a SSH_FXP_NAME entry.
+// This is a fairly simple implementation, just enough to look close to openssh in simple cases.
+func runLs(idLookup NameLookupFileLister, dirent os.FileInfo) string {
+	// example from openssh sftp server:
+	// crw-rw-rw-    1 root     wheel           0 Jul 31 20:52 ttyvd
+	// format:
+	// {directory / char device / etc}{rwxrwxrwx}  {number of links} owner group size month day [time (this year) | year (otherwise)] name
+
+	symPerms := sshfx.FileMode(fromFileMode(dirent.Mode())).String()
+
+	var numLinks uint64 = 1
+	uid, gid := "0", "0"
+
+	switch sys := dirent.Sys().(type) {
+	case *sshfx.Attributes:
+		uid = lsFormatID(sys.UID)
+		gid = lsFormatID(sys.GID)
+	case *FileStat:
+		uid = lsFormatID(sys.UID)
+		gid = lsFormatID(sys.GID)
+	default:
+		numLinks, uid, gid = lsLinksUIDGID(dirent)
+	}
+
+	if idLookup != nil {
+		uid, gid = idLookup.LookupUserName(uid), idLookup.LookupGroupName(gid)
+	}
+
+	mtime := dirent.ModTime()
+	date := mtime.Format("Jan 2")
+
+	var yearOrTime string
+	if mtime.Before(time.Now().AddDate(0, -6, 0)) {
+		yearOrTime = mtime.Format("2006")
+	} else {
+		yearOrTime = mtime.Format("15:04")
+	}
+
+	return fmt.Sprintf("%s %4d %-8s %-8s %8d %s %5s %s", symPerms, numLinks, uid, gid, dirent.Size(), date, yearOrTime, dirent.Name())
+}
diff --git a/vendor/github.com/pkg/sftp/ls_plan9.go b/vendor/github.com/pkg/sftp/ls_plan9.go
new file mode 100644
index 000000000..a16a3ea06
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/ls_plan9.go
@@ -0,0 +1,21 @@
+// +build plan9
+
+package sftp
+
+import (
+	"os"
+	"syscall"
+)
+
+func lsLinksUIDGID(fi os.FileInfo) (numLinks uint64, uid, gid string) {
+	numLinks = 1
+	uid, gid = "0", "0"
+
+	switch sys := fi.Sys().(type) {
+	case *syscall.Dir:
+		uid = sys.Uid
+		gid = sys.Gid
+	}
+
+	return numLinks, uid, gid
+}
diff --git a/vendor/github.com/pkg/sftp/ls_stub.go b/vendor/github.com/pkg/sftp/ls_stub.go
new file mode 100644
index 000000000..6dec39378
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/ls_stub.go
@@ -0,0 +1,11 @@
+// +build windows android
+
+package sftp
+
+import (
+	"os"
+)
+
+func lsLinksUIDGID(fi os.FileInfo) (numLinks uint64, uid, gid string) {
+	return 1, "0", "0"
+}
diff --git a/vendor/github.com/pkg/sftp/ls_unix.go b/vendor/github.com/pkg/sftp/ls_unix.go
new file mode 100644
index 000000000..59ccffde5
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/ls_unix.go
@@ -0,0 +1,23 @@
+// +build aix darwin dragonfly freebsd !android,linux netbsd openbsd solaris js
+
+package sftp
+
+import (
+	"os"
+	"syscall"
+)
+
+func lsLinksUIDGID(fi os.FileInfo) (numLinks uint64, uid, gid string) {
+	numLinks = 1
+	uid, gid = "0", "0"
+
+	switch sys := fi.Sys().(type) {
+	case *syscall.Stat_t:
+		numLinks = uint64(sys.Nlink)
+		uid = lsFormatID(sys.Uid)
+		gid = lsFormatID(sys.Gid)
+	default:
+	}
+
+	return numLinks, uid, gid
+}
diff --git a/vendor/github.com/pkg/sftp/match.go b/vendor/github.com/pkg/sftp/match.go
new file mode 100644
index 000000000..875006afd
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/match.go
@@ -0,0 +1,137 @@
+package sftp
+
+import (
+	"path"
+	"strings"
+)
+
+// ErrBadPattern indicates a globbing pattern was malformed.
+var ErrBadPattern = path.ErrBadPattern
+
+// Match reports whether name matches the shell pattern.
+//
+// This is an alias for path.Match from the standard library,
+// offered so that callers need not import the path package.
+// For details, see https://golang.org/pkg/path/#Match.
+func Match(pattern, name string) (matched bool, err error) {
+	return path.Match(pattern, name)
+}
+
+// detect if byte(char) is path separator
+func isPathSeparator(c byte) bool {
+	return c == '/'
+}
+
+// Split splits the path p immediately following the final slash,
+// separating it into a directory and file name component.
+//
+// This is an alias for path.Split from the standard library,
+// offered so that callers need not import the path package.
+// For details, see https://golang.org/pkg/path/#Split.
+func Split(p string) (dir, file string) {
+	return path.Split(p)
+}
+
+// Glob returns the names of all files matching pattern or nil
+// if there is no matching file. The syntax of patterns is the same
+// as in Match. The pattern may describe hierarchical names such as
+// /usr/*/bin/ed.
+//
+// Glob ignores file system errors such as I/O errors reading directories.
+// The only possible returned error is ErrBadPattern, when pattern
+// is malformed.
+func (c *Client) Glob(pattern string) (matches []string, err error) {
+	if !hasMeta(pattern) {
+		file, err := c.Lstat(pattern)
+		if err != nil {
+			return nil, nil
+		}
+		dir, _ := Split(pattern)
+		dir = cleanGlobPath(dir)
+		return []string{Join(dir, file.Name())}, nil
+	}
+
+	dir, file := Split(pattern)
+	dir = cleanGlobPath(dir)
+
+	if !hasMeta(dir) {
+		return c.glob(dir, file, nil)
+	}
+
+	// Prevent infinite recursion. See issue 15879.
+	if dir == pattern {
+		return nil, ErrBadPattern
+	}
+
+	var m []string
+	m, err = c.Glob(dir)
+	if err != nil {
+		return
+	}
+	for _, d := range m {
+		matches, err = c.glob(d, file, matches)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+// cleanGlobPath prepares path for glob matching.
+func cleanGlobPath(path string) string {
+	switch path {
+	case "":
+		return "."
+	case "/":
+		return path
+	default:
+		return path[0 : len(path)-1] // chop off trailing separator
+	}
+}
+
+// glob searches for files matching pattern in the directory dir
+// and appends them to matches. If the directory cannot be
+// opened, it returns the existing matches. New matches are
+// added in lexicographical order.
+func (c *Client) glob(dir, pattern string, matches []string) (m []string, e error) {
+	m = matches
+	fi, err := c.Stat(dir)
+	if err != nil {
+		return
+	}
+	if !fi.IsDir() {
+		return
+	}
+	names, err := c.ReadDir(dir)
+	if err != nil {
+		return
+	}
+	//sort.Strings(names)
+
+	for _, n := range names {
+		matched, err := Match(pattern, n.Name())
+		if err != nil {
+			return m, err
+		}
+		if matched {
+			m = append(m, Join(dir, n.Name()))
+		}
+	}
+	return
+}
+
+// Join joins any number of path elements into a single path, separating
+// them with slashes.
+//
+// This is an alias for path.Join from the standard library,
+// offered so that callers need not import the path package.
+// For details, see https://golang.org/pkg/path/#Join.
+func Join(elem ...string) string {
+	return path.Join(elem...)
+}
+
+// hasMeta reports whether path contains any of the magic characters
+// recognized by Match.
+func hasMeta(path string) bool {
+	return strings.ContainsAny(path, "\\*?[")
+}
diff --git a/vendor/github.com/pkg/sftp/packet-manager.go b/vendor/github.com/pkg/sftp/packet-manager.go
new file mode 100644
index 000000000..c740c4c8c
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/packet-manager.go
@@ -0,0 +1,216 @@
+package sftp
+
+import (
+	"encoding"
+	"sort"
+	"sync"
+)
+
+// The goal of the packetManager is to keep the outgoing packets in the same
+// order as the incoming as is requires by section 7 of the RFC.
+
+type packetManager struct {
+	requests    chan orderedPacket
+	responses   chan orderedPacket
+	fini        chan struct{}
+	incoming    orderedPackets
+	outgoing    orderedPackets
+	sender      packetSender // connection object
+	working     *sync.WaitGroup
+	packetCount uint32
+	// it is not nil if the allocator is enabled
+	alloc *allocator
+}
+
+type packetSender interface {
+	sendPacket(encoding.BinaryMarshaler) error
+}
+
+func newPktMgr(sender packetSender) *packetManager {
+	s := &packetManager{
+		requests:  make(chan orderedPacket, SftpServerWorkerCount),
+		responses: make(chan orderedPacket, SftpServerWorkerCount),
+		fini:      make(chan struct{}),
+		incoming:  make([]orderedPacket, 0, SftpServerWorkerCount),
+		outgoing:  make([]orderedPacket, 0, SftpServerWorkerCount),
+		sender:    sender,
+		working:   &sync.WaitGroup{},
+	}
+	go s.controller()
+	return s
+}
+
+//// packet ordering
+func (s *packetManager) newOrderID() uint32 {
+	s.packetCount++
+	return s.packetCount
+}
+
+// returns the next orderID without incrementing it.
+// This is used before receiving a new packet, with the allocator enabled, to associate
+// the slice allocated for the received packet with the orderID that will be used to mark
+// the allocated slices for reuse once the request is served
+func (s *packetManager) getNextOrderID() uint32 {
+	return s.packetCount + 1
+}
+
+type orderedRequest struct {
+	requestPacket
+	orderid uint32
+}
+
+func (s *packetManager) newOrderedRequest(p requestPacket) orderedRequest {
+	return orderedRequest{requestPacket: p, orderid: s.newOrderID()}
+}
+func (p orderedRequest) orderID() uint32       { return p.orderid }
+func (p orderedRequest) setOrderID(oid uint32) { p.orderid = oid }
+
+type orderedResponse struct {
+	responsePacket
+	orderid uint32
+}
+
+func (s *packetManager) newOrderedResponse(p responsePacket, id uint32,
+) orderedResponse {
+	return orderedResponse{responsePacket: p, orderid: id}
+}
+func (p orderedResponse) orderID() uint32       { return p.orderid }
+func (p orderedResponse) setOrderID(oid uint32) { p.orderid = oid }
+
+type orderedPacket interface {
+	id() uint32
+	orderID() uint32
+}
+type orderedPackets []orderedPacket
+
+func (o orderedPackets) Sort() {
+	sort.Slice(o, func(i, j int) bool {
+		return o[i].orderID() < o[j].orderID()
+	})
+}
+
+//// packet registry
+// register incoming packets to be handled
+func (s *packetManager) incomingPacket(pkt orderedRequest) {
+	s.working.Add(1)
+	s.requests <- pkt
+}
+
+// register outgoing packets as being ready
+func (s *packetManager) readyPacket(pkt orderedResponse) {
+	s.responses <- pkt
+	s.working.Done()
+}
+
+// shut down packetManager controller
+func (s *packetManager) close() {
+	// pause until current packets are processed
+	s.working.Wait()
+	close(s.fini)
+}
+
+// Passed a worker function, returns a channel for incoming packets.
+// Keep process packet responses in the order they are received while
+// maximizing throughput of file transfers.
+func (s *packetManager) workerChan(runWorker func(chan orderedRequest),
+) chan orderedRequest {
+	// multiple workers for faster read/writes
+	rwChan := make(chan orderedRequest, SftpServerWorkerCount)
+	for i := 0; i < SftpServerWorkerCount; i++ {
+		runWorker(rwChan)
+	}
+
+	// single worker to enforce sequential processing of everything else
+	cmdChan := make(chan orderedRequest)
+	runWorker(cmdChan)
+
+	pktChan := make(chan orderedRequest, SftpServerWorkerCount)
+	go func() {
+		for pkt := range pktChan {
+			switch pkt.requestPacket.(type) {
+			case *sshFxpReadPacket, *sshFxpWritePacket:
+				s.incomingPacket(pkt)
+				rwChan <- pkt
+				continue
+			case *sshFxpClosePacket:
+				// wait for reads/writes to finish when file is closed
+				// incomingPacket() call must occur after this
+				s.working.Wait()
+			}
+			s.incomingPacket(pkt)
+			// all non-RW use sequential cmdChan
+			cmdChan <- pkt
+		}
+		close(rwChan)
+		close(cmdChan)
+		s.close()
+	}()
+
+	return pktChan
+}
+
+// process packets
+func (s *packetManager) controller() {
+	for {
+		select {
+		case pkt := <-s.requests:
+			debug("incoming id (oid): %v (%v)", pkt.id(), pkt.orderID())
+			s.incoming = append(s.incoming, pkt)
+			s.incoming.Sort()
+		case pkt := <-s.responses:
+			debug("outgoing id (oid): %v (%v)", pkt.id(), pkt.orderID())
+			s.outgoing = append(s.outgoing, pkt)
+			s.outgoing.Sort()
+		case <-s.fini:
+			return
+		}
+		s.maybeSendPackets()
+	}
+}
+
+// send as many packets as are ready
+func (s *packetManager) maybeSendPackets() {
+	for {
+		if len(s.outgoing) == 0 || len(s.incoming) == 0 {
+			debug("break! -- outgoing: %v; incoming: %v",
+				len(s.outgoing), len(s.incoming))
+			break
+		}
+		out := s.outgoing[0]
+		in := s.incoming[0]
+		// debug("incoming: %v", ids(s.incoming))
+		// debug("outgoing: %v", ids(s.outgoing))
+		if in.orderID() == out.orderID() {
+			debug("Sending packet: %v", out.id())
+			s.sender.sendPacket(out.(encoding.BinaryMarshaler))
+			if s.alloc != nil {
+				// mark for reuse the slices allocated for this request
+				s.alloc.ReleasePages(in.orderID())
+			}
+			// pop off heads
+			copy(s.incoming, s.incoming[1:])            // shift left
+			s.incoming[len(s.incoming)-1] = nil         // clear last
+			s.incoming = s.incoming[:len(s.incoming)-1] // remove last
+			copy(s.outgoing, s.outgoing[1:])            // shift left
+			s.outgoing[len(s.outgoing)-1] = nil         // clear last
+			s.outgoing = s.outgoing[:len(s.outgoing)-1] // remove last
+		} else {
+			break
+		}
+	}
+}
+
+// func oids(o []orderedPacket) []uint32 {
+// 	res := make([]uint32, 0, len(o))
+// 	for _, v := range o {
+// 		res = append(res, v.orderId())
+// 	}
+// 	return res
+// }
+// func ids(o []orderedPacket) []uint32 {
+// 	res := make([]uint32, 0, len(o))
+// 	for _, v := range o {
+// 		res = append(res, v.id())
+// 	}
+// 	return res
+// }
diff --git a/vendor/github.com/pkg/sftp/packet-typing.go b/vendor/github.com/pkg/sftp/packet-typing.go
new file mode 100644
index 000000000..f4f905295
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/packet-typing.go
@@ -0,0 +1,135 @@
+package sftp
+
+import (
+	"encoding"
+	"fmt"
+)
+
+// all incoming packets
+type requestPacket interface {
+	encoding.BinaryUnmarshaler
+	id() uint32
+}
+
+type responsePacket interface {
+	encoding.BinaryMarshaler
+	id() uint32
+}
+
+// interfaces to group types
+type hasPath interface {
+	requestPacket
+	getPath() string
+}
+
+type hasHandle interface {
+	requestPacket
+	getHandle() string
+}
+
+type notReadOnly interface {
+	notReadOnly()
+}
+
+//// define types by adding methods
+// hasPath
+func (p *sshFxpLstatPacket) getPath() string    { return p.Path }
+func (p *sshFxpStatPacket) getPath() string     { return p.Path }
+func (p *sshFxpRmdirPacket) getPath() string    { return p.Path }
+func (p *sshFxpReadlinkPacket) getPath() string { return p.Path }
+func (p *sshFxpRealpathPacket) getPath() string { return p.Path }
+func (p *sshFxpMkdirPacket) getPath() string    { return p.Path }
+func (p *sshFxpSetstatPacket) getPath() string  { return p.Path }
+func (p *sshFxpStatvfsPacket) getPath() string  { return p.Path }
+func (p *sshFxpRemovePacket) getPath() string   { return p.Filename }
+func (p *sshFxpRenamePacket) getPath() string   { return p.Oldpath }
+func (p *sshFxpSymlinkPacket) getPath() string  { return p.Targetpath }
+func (p *sshFxpOpendirPacket) getPath() string  { return p.Path }
+func (p *sshFxpOpenPacket) getPath() string     { return p.Path }
+
+func (p *sshFxpExtendedPacketPosixRename) getPath() string { return p.Oldpath }
+func (p *sshFxpExtendedPacketHardlink) getPath() string    { return p.Oldpath }
+
+// getHandle
+func (p *sshFxpFstatPacket) getHandle() string    { return p.Handle }
+func (p *sshFxpFsetstatPacket) getHandle() string { return p.Handle }
+func (p *sshFxpReadPacket) getHandle() string     { return p.Handle }
+func (p *sshFxpWritePacket) getHandle() string    { return p.Handle }
+func (p *sshFxpReaddirPacket) getHandle() string  { return p.Handle }
+func (p *sshFxpClosePacket) getHandle() string    { return p.Handle }
+
+// notReadOnly
+func (p *sshFxpWritePacket) notReadOnly()               {}
+func (p *sshFxpSetstatPacket) notReadOnly()             {}
+func (p *sshFxpFsetstatPacket) notReadOnly()            {}
+func (p *sshFxpRemovePacket) notReadOnly()              {}
+func (p *sshFxpMkdirPacket) notReadOnly()               {}
+func (p *sshFxpRmdirPacket) notReadOnly()               {}
+func (p *sshFxpRenamePacket) notReadOnly()              {}
+func (p *sshFxpSymlinkPacket) notReadOnly()             {}
+func (p *sshFxpExtendedPacketPosixRename) notReadOnly() {}
+func (p *sshFxpExtendedPacketHardlink) notReadOnly()    {}
+
+// some packets with ID are missing id()
+func (p *sshFxpDataPacket) id() uint32   { return p.ID }
+func (p *sshFxpStatusPacket) id() uint32 { return p.ID }
+func (p *sshFxpStatResponse) id() uint32 { return p.ID }
+func (p *sshFxpNamePacket) id() uint32   { return p.ID }
+func (p *sshFxpHandlePacket) id() uint32 { return p.ID }
+func (p *StatVFS) id() uint32            { return p.ID }
+func (p *sshFxVersionPacket) id() uint32 { return 0 }
+
+// take raw incoming packet data and build packet objects
+func makePacket(p rxPacket) (requestPacket, error) {
+	var pkt requestPacket
+	switch p.pktType {
+	case sshFxpInit:
+		pkt = &sshFxInitPacket{}
+	case sshFxpLstat:
+		pkt = &sshFxpLstatPacket{}
+	case sshFxpOpen:
+		pkt = &sshFxpOpenPacket{}
+	case sshFxpClose:
+		pkt = &sshFxpClosePacket{}
+	case sshFxpRead:
+		pkt = &sshFxpReadPacket{}
+	case sshFxpWrite:
+		pkt = &sshFxpWritePacket{}
+	case sshFxpFstat:
+		pkt = &sshFxpFstatPacket{}
+	case sshFxpSetstat:
+		pkt = &sshFxpSetstatPacket{}
+	case sshFxpFsetstat:
+		pkt = &sshFxpFsetstatPacket{}
+	case sshFxpOpendir:
+		pkt = &sshFxpOpendirPacket{}
+	case sshFxpReaddir:
+		pkt = &sshFxpReaddirPacket{}
+	case sshFxpRemove:
+		pkt = &sshFxpRemovePacket{}
+	case sshFxpMkdir:
+		pkt = &sshFxpMkdirPacket{}
+	case sshFxpRmdir:
+		pkt = &sshFxpRmdirPacket{}
+	case sshFxpRealpath:
+		pkt = &sshFxpRealpathPacket{}
+	case sshFxpStat:
+		pkt = &sshFxpStatPacket{}
+	case sshFxpRename:
+		pkt = &sshFxpRenamePacket{}
+	case sshFxpReadlink:
+		pkt = &sshFxpReadlinkPacket{}
+	case sshFxpSymlink:
+		pkt = &sshFxpSymlinkPacket{}
+	case sshFxpExtended:
+		pkt = &sshFxpExtendedPacket{}
+	default:
+		return nil, fmt.Errorf("unhandled packet type: %s", p.pktType)
+	}
+	if err := pkt.UnmarshalBinary(p.pktBytes); err != nil {
+		// Return partially unpacked packet to allow callers to return
+		// error messages appropriately with necessary id() method.
+		return pkt, err
+	}
+	return pkt, nil
+}
diff --git a/vendor/github.com/pkg/sftp/packet.go b/vendor/github.com/pkg/sftp/packet.go
new file mode 100644
index 000000000..4059cf8e0
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/packet.go
@@ -0,0 +1,1276 @@
+package sftp
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"reflect"
+)
+
+var (
+	errLongPacket            = errors.New("packet too long")
+	errShortPacket           = errors.New("packet too short")
+	errUnknownExtendedPacket = errors.New("unknown extended packet")
+)
+
+const (
+	maxMsgLength           = 256 * 1024
+	debugDumpTxPacket      = false
+	debugDumpRxPacket      = false
+	debugDumpTxPacketBytes = false
+	debugDumpRxPacketBytes = false
+)
+
+func marshalUint32(b []byte, v uint32) []byte {
+	return append(b, byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+func marshalUint64(b []byte, v uint64) []byte {
+	return marshalUint32(marshalUint32(b, uint32(v>>32)), uint32(v))
+}
+
+func marshalString(b []byte, v string) []byte {
+	return append(marshalUint32(b, uint32(len(v))), v...)
+}
+
+func marshalFileInfo(b []byte, fi os.FileInfo) []byte {
+	// attributes variable struct, and also variable per protocol version
+	// spec version 3 attributes:
+	// uint32   flags
+	// uint64   size           present only if flag SSH_FILEXFER_ATTR_SIZE
+	// uint32   uid            present only if flag SSH_FILEXFER_ATTR_UIDGID
+	// uint32   gid            present only if flag SSH_FILEXFER_ATTR_UIDGID
+	// uint32   permissions    present only if flag SSH_FILEXFER_ATTR_PERMISSIONS
+	// uint32   atime          present only if flag SSH_FILEXFER_ACMODTIME
+	// uint32   mtime          present only if flag SSH_FILEXFER_ACMODTIME
+	// uint32   extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED
+	// string   extended_type
+	// string   extended_data
+	// ...      more extended data (extended_type - extended_data pairs),
+	// 	   so that number of pairs equals extended_count
+
+	flags, fileStat := fileStatFromInfo(fi)
+
+	b = marshalUint32(b, flags)
+	if flags&sshFileXferAttrSize != 0 {
+		b = marshalUint64(b, fileStat.Size)
+	}
+	if flags&sshFileXferAttrUIDGID != 0 {
+		b = marshalUint32(b, fileStat.UID)
+		b = marshalUint32(b, fileStat.GID)
+	}
+	if flags&sshFileXferAttrPermissions != 0 {
+		b = marshalUint32(b, fileStat.Mode)
+	}
+	if flags&sshFileXferAttrACmodTime != 0 {
+		b = marshalUint32(b, fileStat.Atime)
+		b = marshalUint32(b, fileStat.Mtime)
+	}
+
+	return b
+}
+
+func marshalStatus(b []byte, err StatusError) []byte {
+	b = marshalUint32(b, err.Code)
+	b = marshalString(b, err.msg)
+	b = marshalString(b, err.lang)
+	return b
+}
+
+func marshal(b []byte, v interface{}) []byte {
+	if v == nil {
+		return b
+	}
+	switch v := v.(type) {
+	case uint8:
+		return append(b, v)
+	case uint32:
+		return marshalUint32(b, v)
+	case uint64:
+		return marshalUint64(b, v)
+	case string:
+		return marshalString(b, v)
+	case os.FileInfo:
+		return marshalFileInfo(b, v)
+	default:
+		switch d := reflect.ValueOf(v); d.Kind() {
+		case reflect.Struct:
+			for i, n := 0, d.NumField(); i < n; i++ {
+				b = marshal(b, d.Field(i).Interface())
+			}
+			return b
+		case reflect.Slice:
+			for i, n := 0, d.Len(); i < n; i++ {
+				b = marshal(b, d.Index(i).Interface())
+			}
+			return b
+		default:
+			panic(fmt.Sprintf("marshal(%#v): cannot handle type %T", v, v))
+		}
+	}
+}
+
+func unmarshalUint32(b []byte) (uint32, []byte) {
+	v := uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
+	return v, b[4:]
+}
+
+func unmarshalUint32Safe(b []byte) (uint32, []byte, error) {
+	var v uint32
+	if len(b) < 4 {
+		return 0, nil, errShortPacket
+	}
+	v, b = unmarshalUint32(b)
+	return v, b, nil
+}
+
+func unmarshalUint64(b []byte) (uint64, []byte) {
+	h, b := unmarshalUint32(b)
+	l, b := unmarshalUint32(b)
+	return uint64(h)<<32 | uint64(l), b
+}
+
+func unmarshalUint64Safe(b []byte) (uint64, []byte, error) {
+	var v uint64
+	if len(b) < 8 {
+		return 0, nil, errShortPacket
+	}
+	v, b = unmarshalUint64(b)
+	return v, b, nil
+}
+
+func unmarshalString(b []byte) (string, []byte) {
+	n, b := unmarshalUint32(b)
+	return string(b[:n]), b[n:]
+}
+
+func unmarshalStringSafe(b []byte) (string, []byte, error) {
+	n, b, err := unmarshalUint32Safe(b)
+	if err != nil {
+		return "", nil, err
+	}
+	if int64(n) > int64(len(b)) {
+		return "", nil, errShortPacket
+	}
+	return string(b[:n]), b[n:], nil
+}
+
+func unmarshalAttrs(b []byte) (*FileStat, []byte) {
+	flags, b := unmarshalUint32(b)
+	return unmarshalFileStat(flags, b)
+}
+
+func unmarshalFileStat(flags uint32, b []byte) (*FileStat, []byte) {
+	var fs FileStat
+	if flags&sshFileXferAttrSize == sshFileXferAttrSize {
+		fs.Size, b, _ = unmarshalUint64Safe(b)
+	}
+	if flags&sshFileXferAttrUIDGID == sshFileXferAttrUIDGID {
+		fs.UID, b, _ = unmarshalUint32Safe(b)
+	}
+	if flags&sshFileXferAttrUIDGID == sshFileXferAttrUIDGID {
+		fs.GID, b, _ = unmarshalUint32Safe(b)
+	}
+	if flags&sshFileXferAttrPermissions == sshFileXferAttrPermissions {
+		fs.Mode, b, _ = unmarshalUint32Safe(b)
+	}
+	if flags&sshFileXferAttrACmodTime == sshFileXferAttrACmodTime {
+		fs.Atime, b, _ = unmarshalUint32Safe(b)
+		fs.Mtime, b, _ = unmarshalUint32Safe(b)
+	}
+	if flags&sshFileXferAttrExtended == sshFileXferAttrExtended {
+		var count uint32
+		count, b, _ = unmarshalUint32Safe(b)
+		ext := make([]StatExtended, count)
+		for i := uint32(0); i < count; i++ {
+			var typ string
+			var data string
+			typ, b, _ = unmarshalStringSafe(b)
+			data, b, _ = unmarshalStringSafe(b)
+			ext[i] = StatExtended{
+				ExtType: typ,
+				ExtData: data,
+			}
+		}
+		fs.Extended = ext
+	}
+	return &fs, b
+}
+
+func unmarshalStatus(id uint32, data []byte) error {
+	sid, data := unmarshalUint32(data)
+	if sid != id {
+		return &unexpectedIDErr{id, sid}
+	}
+	code, data := unmarshalUint32(data)
+	msg, data, _ := unmarshalStringSafe(data)
+	lang, _, _ := unmarshalStringSafe(data)
+	return &StatusError{
+		Code: code,
+		msg:  msg,
+		lang: lang,
+	}
+}
+
+type packetMarshaler interface {
+	marshalPacket() (header, payload []byte, err error)
+}
+
+func marshalPacket(m encoding.BinaryMarshaler) (header, payload []byte, err error) {
+	if m, ok := m.(packetMarshaler); ok {
+		return m.marshalPacket()
+	}
+
+	header, err = m.MarshalBinary()
+	return
+}
+
+// sendPacket marshals p according to RFC 4234.
+func sendPacket(w io.Writer, m encoding.BinaryMarshaler) error {
+	header, payload, err := marshalPacket(m)
+	if err != nil {
+		return fmt.Errorf("binary marshaller failed: %w", err)
+	}
+
+	length := len(header) + len(payload) - 4 // subtract the uint32(length) from the start
+	if debugDumpTxPacketBytes {
+		debug("send packet: %s %d bytes %x%x", fxp(header[4]), length, header[5:], payload)
+	} else if debugDumpTxPacket {
+		debug("send packet: %s %d bytes", fxp(header[4]), length)
+	}
+
+	binary.BigEndian.PutUint32(header[:4], uint32(length))
+
+	if _, err := w.Write(header); err != nil {
+		return fmt.Errorf("failed to send packet: %w", err)
+	}
+
+	if len(payload) > 0 {
+		if _, err := w.Write(payload); err != nil {
+			return fmt.Errorf("failed to send packet payload: %w", err)
+		}
+	}
+
+	return nil
+}
+
+func recvPacket(r io.Reader, alloc *allocator, orderID uint32) (uint8, []byte, error) {
+	var b []byte
+	if alloc != nil {
+		b = alloc.GetPage(orderID)
+	} else {
+		b = make([]byte, 4)
+	}
+	if _, err := io.ReadFull(r, b[:4]); err != nil {
+		return 0, nil, err
+	}
+	length, _ := unmarshalUint32(b)
+	if length > maxMsgLength {
+		debug("recv packet %d bytes too long", length)
+		return 0, nil, errLongPacket
+	}
+	if length == 0 {
+		debug("recv packet of 0 bytes too short")
+		return 0, nil, errShortPacket
+	}
+	if alloc == nil {
+		b = make([]byte, length)
+	}
+	if _, err := io.ReadFull(r, b[:length]); err != nil {
+		debug("recv packet %d bytes: err %v", length, err)
+		return 0, nil, err
+	}
+	if debugDumpRxPacketBytes {
+		debug("recv packet: %s %d bytes %x", fxp(b[0]), length, b[1:length])
+	} else if debugDumpRxPacket {
+		debug("recv packet: %s %d bytes", fxp(b[0]), length)
+	}
+	return b[0], b[1:length], nil
+}
+
+type extensionPair struct {
+	Name string
+	Data string
+}
+
+func unmarshalExtensionPair(b []byte) (extensionPair, []byte, error) {
+	var ep extensionPair
+	var err error
+	ep.Name, b, err = unmarshalStringSafe(b)
+	if err != nil {
+		return ep, b, err
+	}
+	ep.Data, b, err = unmarshalStringSafe(b)
+	return ep, b, err
+}
+
+// Here starts the definition of packets along with their MarshalBinary
+// implementations.
+// Manually writing the marshalling logic wins us a lot of time and
+// allocation.
+
+type sshFxInitPacket struct {
+	Version    uint32
+	Extensions []extensionPair
+}
+
+func (p *sshFxInitPacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 // uint32(length) + byte(type) + uint32(version)
+	for _, e := range p.Extensions {
+		l += 4 + len(e.Name) + 4 + len(e.Data)
+	}
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpInit)
+	b = marshalUint32(b, p.Version)
+
+	for _, e := range p.Extensions {
+		b = marshalString(b, e.Name)
+		b = marshalString(b, e.Data)
+	}
+
+	return b, nil
+}
+
+func (p *sshFxInitPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.Version, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	}
+	for len(b) > 0 {
+		var ep extensionPair
+		ep, b, err = unmarshalExtensionPair(b)
+		if err != nil {
+			return err
+		}
+		p.Extensions = append(p.Extensions, ep)
+	}
+	return nil
+}
+
+type sshFxVersionPacket struct {
+	Version    uint32
+	Extensions []sshExtensionPair
+}
+
+type sshExtensionPair struct {
+	Name, Data string
+}
+
+func (p *sshFxVersionPacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 // uint32(length) + byte(type) + uint32(version)
+	for _, e := range p.Extensions {
+		l += 4 + len(e.Name) + 4 + len(e.Data)
+	}
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpVersion)
+	b = marshalUint32(b, p.Version)
+
+	for _, e := range p.Extensions {
+		b = marshalString(b, e.Name)
+		b = marshalString(b, e.Data)
+	}
+
+	return b, nil
+}
+
+func marshalIDStringPacket(packetType byte, id uint32, str string) ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(str)
+
+	b := make([]byte, 4, l)
+	b = append(b, packetType)
+	b = marshalUint32(b, id)
+	b = marshalString(b, str)
+
+	return b, nil
+}
+
+func unmarshalIDString(b []byte, id *uint32, str *string) error {
+	var err error
+	*id, b, err = unmarshalUint32Safe(b)
+	if err != nil {
+		return err
+	}
+	*str, _, err = unmarshalStringSafe(b)
+	return err
+}
+
+type sshFxpReaddirPacket struct {
+	ID     uint32
+	Handle string
+}
+
+func (p *sshFxpReaddirPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpReaddirPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpReaddir, p.ID, p.Handle)
+}
+
+func (p *sshFxpReaddirPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Handle)
+}
+
+type sshFxpOpendirPacket struct {
+	ID   uint32
+	Path string
+}
+
+func (p *sshFxpOpendirPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpOpendirPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpOpendir, p.ID, p.Path)
+}
+
+func (p *sshFxpOpendirPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Path)
+}
+
+type sshFxpLstatPacket struct {
+	ID   uint32
+	Path string
+}
+
+func (p *sshFxpLstatPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpLstatPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpLstat, p.ID, p.Path)
+}
+
+func (p *sshFxpLstatPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Path)
+}
+
+type sshFxpStatPacket struct {
+	ID   uint32
+	Path string
+}
+
+func (p *sshFxpStatPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpStatPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpStat, p.ID, p.Path)
+}
+
+func (p *sshFxpStatPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Path)
+}
+
+type sshFxpFstatPacket struct {
+	ID     uint32
+	Handle string
+}
+
+func (p *sshFxpFstatPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpFstatPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpFstat, p.ID, p.Handle)
+}
+
+func (p *sshFxpFstatPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Handle)
+}
+
+type sshFxpClosePacket struct {
+	ID     uint32
+	Handle string
+}
+
+func (p *sshFxpClosePacket) id() uint32 { return p.ID }
+
+func (p *sshFxpClosePacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpClose, p.ID, p.Handle)
+}
+
+func (p *sshFxpClosePacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Handle)
+}
+
+type sshFxpRemovePacket struct {
+	ID       uint32
+	Filename string
+}
+
+func (p *sshFxpRemovePacket) id() uint32 { return p.ID }
+
+func (p *sshFxpRemovePacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpRemove, p.ID, p.Filename)
+}
+
+func (p *sshFxpRemovePacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Filename)
+}
+
+type sshFxpRmdirPacket struct {
+	ID   uint32
+	Path string
+}
+
+func (p *sshFxpRmdirPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpRmdirPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpRmdir, p.ID, p.Path)
+}
+
+func (p *sshFxpRmdirPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Path)
+}
+
+type sshFxpSymlinkPacket struct {
+	ID         uint32
+	Targetpath string
+	Linkpath   string
+}
+
+func (p *sshFxpSymlinkPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpSymlinkPacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Targetpath) +
+		4 + len(p.Linkpath)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpSymlink)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Targetpath)
+	b = marshalString(b, p.Linkpath)
+
+	return b, nil
+}
+
+func (p *sshFxpSymlinkPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Targetpath, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Linkpath, _, err = unmarshalStringSafe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+type sshFxpHardlinkPacket struct {
+	ID      uint32
+	Oldpath string
+	Newpath string
+}
+
+func (p *sshFxpHardlinkPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpHardlinkPacket) MarshalBinary() ([]byte, error) {
+	const ext = "hardlink@openssh.com"
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(ext) +
+		4 + len(p.Oldpath) +
+		4 + len(p.Newpath)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpExtended)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, ext)
+	b = marshalString(b, p.Oldpath)
+	b = marshalString(b, p.Newpath)
+
+	return b, nil
+}
+
+type sshFxpReadlinkPacket struct {
+	ID   uint32
+	Path string
+}
+
+func (p *sshFxpReadlinkPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpReadlinkPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpReadlink, p.ID, p.Path)
+}
+
+func (p *sshFxpReadlinkPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Path)
+}
+
+type sshFxpRealpathPacket struct {
+	ID   uint32
+	Path string
+}
+
+func (p *sshFxpRealpathPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpRealpathPacket) MarshalBinary() ([]byte, error) {
+	return marshalIDStringPacket(sshFxpRealpath, p.ID, p.Path)
+}
+
+func (p *sshFxpRealpathPacket) UnmarshalBinary(b []byte) error {
+	return unmarshalIDString(b, &p.ID, &p.Path)
+}
+
+type sshFxpNameAttr struct {
+	Name     string
+	LongName string
+	Attrs    []interface{}
+}
+
+func (p *sshFxpNameAttr) MarshalBinary() ([]byte, error) {
+	var b []byte
+	b = marshalString(b, p.Name)
+	b = marshalString(b, p.LongName)
+	for _, attr := range p.Attrs {
+		b = marshal(b, attr)
+	}
+	return b, nil
+}
+
+type sshFxpNamePacket struct {
+	ID        uint32
+	NameAttrs []*sshFxpNameAttr
+}
+
+func (p *sshFxpNamePacket) marshalPacket() ([]byte, []byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpName)
+	b = marshalUint32(b, p.ID)
+	b = marshalUint32(b, uint32(len(p.NameAttrs)))
+
+	var payload []byte
+	for _, na := range p.NameAttrs {
+		ab, err := na.MarshalBinary()
+		if err != nil {
+			return nil, nil, err
+		}
+
+		payload = append(payload, ab...)
+	}
+
+	return b, payload, nil
+}
+
+func (p *sshFxpNamePacket) MarshalBinary() ([]byte, error) {
+	header, payload, err := p.marshalPacket()
+	return append(header, payload...), err
+}
+
+type sshFxpOpenPacket struct {
+	ID     uint32
+	Path   string
+	Pflags uint32
+	Flags  uint32 // ignored
+}
+
+func (p *sshFxpOpenPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpOpenPacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Path) +
+		4 + 4
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpOpen)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Path)
+	b = marshalUint32(b, p.Pflags)
+	b = marshalUint32(b, p.Flags)
+
+	return b, nil
+}
+
+func (p *sshFxpOpenPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Path, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Pflags, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Flags, _, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+type sshFxpReadPacket struct {
+	ID     uint32
+	Len    uint32
+	Offset uint64
+	Handle string
+}
+
+func (p *sshFxpReadPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpReadPacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Handle) +
+		8 + 4 // uint64 + uint32
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpRead)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Handle)
+	b = marshalUint64(b, p.Offset)
+	b = marshalUint32(b, p.Len)
+
+	return b, nil
+}
+
+func (p *sshFxpReadPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Handle, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Offset, b, err = unmarshalUint64Safe(b); err != nil {
+		return err
+	} else if p.Len, _, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+// We need allocate bigger slices with extra capacity to avoid a re-allocation in sshFxpDataPacket.MarshalBinary
+// So, we need: uint32(length) + byte(type) + uint32(id) + uint32(data_length)
+const dataHeaderLen = 4 + 1 + 4 + 4
+
+func (p *sshFxpReadPacket) getDataSlice(alloc *allocator, orderID uint32) []byte {
+	dataLen := p.Len
+	if dataLen > maxTxPacket {
+		dataLen = maxTxPacket
+	}
+
+	if alloc != nil {
+		// GetPage returns a slice with capacity = maxMsgLength this is enough to avoid new allocations in
+		// sshFxpDataPacket.MarshalBinary
+		return alloc.GetPage(orderID)[:dataLen]
+	}
+
+	// allocate with extra space for the header
+	return make([]byte, dataLen, dataLen+dataHeaderLen)
+}
+
+type sshFxpRenamePacket struct {
+	ID      uint32
+	Oldpath string
+	Newpath string
+}
+
+func (p *sshFxpRenamePacket) id() uint32 { return p.ID }
+
+func (p *sshFxpRenamePacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Oldpath) +
+		4 + len(p.Newpath)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpRename)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Oldpath)
+	b = marshalString(b, p.Newpath)
+
+	return b, nil
+}
+
+func (p *sshFxpRenamePacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Oldpath, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Newpath, _, err = unmarshalStringSafe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+type sshFxpPosixRenamePacket struct {
+	ID      uint32
+	Oldpath string
+	Newpath string
+}
+
+func (p *sshFxpPosixRenamePacket) id() uint32 { return p.ID }
+
+func (p *sshFxpPosixRenamePacket) MarshalBinary() ([]byte, error) {
+	const ext = "posix-rename@openssh.com"
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(ext) +
+		4 + len(p.Oldpath) +
+		4 + len(p.Newpath)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpExtended)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, ext)
+	b = marshalString(b, p.Oldpath)
+	b = marshalString(b, p.Newpath)
+
+	return b, nil
+}
+
+type sshFxpWritePacket struct {
+	ID     uint32
+	Length uint32
+	Offset uint64
+	Handle string
+	Data   []byte
+}
+
+func (p *sshFxpWritePacket) id() uint32 { return p.ID }
+
+func (p *sshFxpWritePacket) marshalPacket() ([]byte, []byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Handle) +
+		8 + // uint64
+		4
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpWrite)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Handle)
+	b = marshalUint64(b, p.Offset)
+	b = marshalUint32(b, p.Length)
+
+	return b, p.Data, nil
+}
+
+func (p *sshFxpWritePacket) MarshalBinary() ([]byte, error) {
+	header, payload, err := p.marshalPacket()
+	return append(header, payload...), err
+}
+
+func (p *sshFxpWritePacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Handle, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Offset, b, err = unmarshalUint64Safe(b); err != nil {
+		return err
+	} else if p.Length, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if uint32(len(b)) < p.Length {
+		return errShortPacket
+	}
+
+	p.Data = b[:p.Length]
+	return nil
+}
+
+type sshFxpMkdirPacket struct {
+	ID    uint32
+	Flags uint32 // ignored
+	Path  string
+}
+
+func (p *sshFxpMkdirPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpMkdirPacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Path) +
+		4 // uint32
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpMkdir)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Path)
+	b = marshalUint32(b, p.Flags)
+
+	return b, nil
+}
+
+func (p *sshFxpMkdirPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Path, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Flags, _, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+type sshFxpSetstatPacket struct {
+	ID    uint32
+	Flags uint32
+	Path  string
+	Attrs interface{}
+}
+
+type sshFxpFsetstatPacket struct {
+	ID     uint32
+	Flags  uint32
+	Handle string
+	Attrs  interface{}
+}
+
+func (p *sshFxpSetstatPacket) id() uint32  { return p.ID }
+func (p *sshFxpFsetstatPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpSetstatPacket) marshalPacket() ([]byte, []byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Path) +
+		4 // uint32
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpSetstat)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Path)
+	b = marshalUint32(b, p.Flags)
+
+	payload := marshal(nil, p.Attrs)
+
+	return b, payload, nil
+}
+
+func (p *sshFxpSetstatPacket) MarshalBinary() ([]byte, error) {
+	header, payload, err := p.marshalPacket()
+	return append(header, payload...), err
+}
+
+func (p *sshFxpFsetstatPacket) marshalPacket() ([]byte, []byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Handle) +
+		4 // uint32
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpFsetstat)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Handle)
+	b = marshalUint32(b, p.Flags)
+
+	payload := marshal(nil, p.Attrs)
+
+	return b, payload, nil
+}
+
+func (p *sshFxpFsetstatPacket) MarshalBinary() ([]byte, error) {
+	header, payload, err := p.marshalPacket()
+	return append(header, payload...), err
+}
+
+func (p *sshFxpSetstatPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Path, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Flags, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	}
+	p.Attrs = b
+	return nil
+}
+
+func (p *sshFxpFsetstatPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Handle, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Flags, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	}
+	p.Attrs = b
+	return nil
+}
+
+type sshFxpHandlePacket struct {
+	ID     uint32
+	Handle string
+}
+
+func (p *sshFxpHandlePacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(p.Handle)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpHandle)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, p.Handle)
+
+	return b, nil
+}
+
+type sshFxpStatusPacket struct {
+	ID uint32
+	StatusError
+}
+
+func (p *sshFxpStatusPacket) MarshalBinary() ([]byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 +
+		4 + len(p.StatusError.msg) +
+		4 + len(p.StatusError.lang)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpStatus)
+	b = marshalUint32(b, p.ID)
+	b = marshalStatus(b, p.StatusError)
+
+	return b, nil
+}
+
+type sshFxpDataPacket struct {
+	ID     uint32
+	Length uint32
+	Data   []byte
+}
+
+func (p *sshFxpDataPacket) marshalPacket() ([]byte, []byte, error) {
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpData)
+	b = marshalUint32(b, p.ID)
+	b = marshalUint32(b, p.Length)
+
+	return b, p.Data, nil
+}
+
+// MarshalBinary encodes the receiver into a binary form and returns the result.
+// To avoid a new allocation the Data slice must have a capacity >= Length + 9
+//
+// This is hand-coded rather than just append(header, payload...),
+// in order to try and reuse the r.Data backing store in the packet.
+func (p *sshFxpDataPacket) MarshalBinary() ([]byte, error) {
+	b := append(p.Data, make([]byte, dataHeaderLen)...)
+	copy(b[dataHeaderLen:], p.Data[:p.Length])
+	// b[0:4] will be overwritten with the length in sendPacket
+	b[4] = sshFxpData
+	binary.BigEndian.PutUint32(b[5:9], p.ID)
+	binary.BigEndian.PutUint32(b[9:13], p.Length)
+	return b, nil
+}
+
+func (p *sshFxpDataPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.Length, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if uint32(len(b)) < p.Length {
+		return errShortPacket
+	}
+
+	p.Data = b[:p.Length]
+	return nil
+}
+
+type sshFxpStatvfsPacket struct {
+	ID   uint32
+	Path string
+}
+
+func (p *sshFxpStatvfsPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpStatvfsPacket) MarshalBinary() ([]byte, error) {
+	const ext = "statvfs@openssh.com"
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(ext) +
+		4 + len(p.Path)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpExtended)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, ext)
+	b = marshalString(b, p.Path)
+
+	return b, nil
+}
+
+// A StatVFS contains statistics about a filesystem.
+type StatVFS struct {
+	ID      uint32
+	Bsize   uint64 /* file system block size */
+	Frsize  uint64 /* fundamental fs block size */
+	Blocks  uint64 /* number of blocks (unit f_frsize) */
+	Bfree   uint64 /* free blocks in file system */
+	Bavail  uint64 /* free blocks for non-root */
+	Files   uint64 /* total file inodes */
+	Ffree   uint64 /* free file inodes */
+	Favail  uint64 /* free file inodes for to non-root */
+	Fsid    uint64 /* file system id */
+	Flag    uint64 /* bit mask of f_flag values */
+	Namemax uint64 /* maximum filename length */
+}
+
+// TotalSpace calculates the amount of total space in a filesystem.
+func (p *StatVFS) TotalSpace() uint64 {
+	return p.Frsize * p.Blocks
+}
+
+// FreeSpace calculates the amount of free space in a filesystem.
+func (p *StatVFS) FreeSpace() uint64 {
+	return p.Frsize * p.Bfree
+}
+
+// marshalPacket converts to ssh_FXP_EXTENDED_REPLY packet binary format
+func (p *StatVFS) marshalPacket() ([]byte, []byte, error) {
+	header := []byte{0, 0, 0, 0, sshFxpExtendedReply}
+
+	var buf bytes.Buffer
+	err := binary.Write(&buf, binary.BigEndian, p)
+
+	return header, buf.Bytes(), err
+}
+
+// MarshalBinary encodes the StatVFS as an SSH_FXP_EXTENDED_REPLY packet.
+func (p *StatVFS) MarshalBinary() ([]byte, error) {
+	header, payload, err := p.marshalPacket()
+	return append(header, payload...), err
+}
+
+type sshFxpFsyncPacket struct {
+	ID     uint32
+	Handle string
+}
+
+func (p *sshFxpFsyncPacket) id() uint32 { return p.ID }
+
+func (p *sshFxpFsyncPacket) MarshalBinary() ([]byte, error) {
+	const ext = "fsync@openssh.com"
+	l := 4 + 1 + 4 + // uint32(length) + byte(type) + uint32(id)
+		4 + len(ext) +
+		4 + len(p.Handle)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpExtended)
+	b = marshalUint32(b, p.ID)
+	b = marshalString(b, ext)
+	b = marshalString(b, p.Handle)
+
+	return b, nil
+}
+
+type sshFxpExtendedPacket struct {
+	ID              uint32
+	ExtendedRequest string
+	SpecificPacket  interface {
+		serverRespondablePacket
+		readonly() bool
+	}
+}
+
+func (p *sshFxpExtendedPacket) id() uint32 { return p.ID }
+func (p *sshFxpExtendedPacket) readonly() bool {
+	if p.SpecificPacket == nil {
+		return true
+	}
+	return p.SpecificPacket.readonly()
+}
+
+func (p *sshFxpExtendedPacket) respond(svr *Server) responsePacket {
+	if p.SpecificPacket == nil {
+		return statusFromError(p.ID, nil)
+	}
+	return p.SpecificPacket.respond(svr)
+}
+
+func (p *sshFxpExtendedPacket) UnmarshalBinary(b []byte) error {
+	var err error
+	bOrig := b
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.ExtendedRequest, _, err = unmarshalStringSafe(b); err != nil {
+		return err
+	}
+
+	// specific unmarshalling
+	switch p.ExtendedRequest {
+	case "statvfs@openssh.com":
+		p.SpecificPacket = &sshFxpExtendedPacketStatVFS{}
+	case "posix-rename@openssh.com":
+		p.SpecificPacket = &sshFxpExtendedPacketPosixRename{}
+	case "hardlink@openssh.com":
+		p.SpecificPacket = &sshFxpExtendedPacketHardlink{}
+	default:
+		return fmt.Errorf("packet type %v: %w", p.SpecificPacket, errUnknownExtendedPacket)
+	}
+
+	return p.SpecificPacket.UnmarshalBinary(bOrig)
+}
+
+type sshFxpExtendedPacketStatVFS struct {
+	ID              uint32
+	ExtendedRequest string
+	Path            string
+}
+
+func (p *sshFxpExtendedPacketStatVFS) id() uint32     { return p.ID }
+func (p *sshFxpExtendedPacketStatVFS) readonly() bool { return true }
+func (p *sshFxpExtendedPacketStatVFS) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.ExtendedRequest, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Path, _, err = unmarshalStringSafe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+type sshFxpExtendedPacketPosixRename struct {
+	ID              uint32
+	ExtendedRequest string
+	Oldpath         string
+	Newpath         string
+}
+
+func (p *sshFxpExtendedPacketPosixRename) id() uint32     { return p.ID }
+func (p *sshFxpExtendedPacketPosixRename) readonly() bool { return false }
+func (p *sshFxpExtendedPacketPosixRename) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.ExtendedRequest, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Oldpath, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Newpath, _, err = unmarshalStringSafe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (p *sshFxpExtendedPacketPosixRename) respond(s *Server) responsePacket {
+	err := os.Rename(toLocalPath(p.Oldpath), toLocalPath(p.Newpath))
+	return statusFromError(p.ID, err)
+}
+
+type sshFxpExtendedPacketHardlink struct {
+	ID              uint32
+	ExtendedRequest string
+	Oldpath         string
+	Newpath         string
+}
+
+// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL
+func (p *sshFxpExtendedPacketHardlink) id() uint32     { return p.ID }
+func (p *sshFxpExtendedPacketHardlink) readonly() bool { return true }
+func (p *sshFxpExtendedPacketHardlink) UnmarshalBinary(b []byte) error {
+	var err error
+	if p.ID, b, err = unmarshalUint32Safe(b); err != nil {
+		return err
+	} else if p.ExtendedRequest, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Oldpath, b, err = unmarshalStringSafe(b); err != nil {
+		return err
+	} else if p.Newpath, _, err = unmarshalStringSafe(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (p *sshFxpExtendedPacketHardlink) respond(s *Server) responsePacket {
+	err := os.Link(toLocalPath(p.Oldpath), toLocalPath(p.Newpath))
+	return statusFromError(p.ID, err)
+}
diff --git a/vendor/github.com/pkg/sftp/pool.go b/vendor/github.com/pkg/sftp/pool.go
new file mode 100644
index 000000000..361262906
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/pool.go
@@ -0,0 +1,79 @@
+package sftp
+
+// bufPool provides a pool of byte-slices to be reused in various parts of the package.
+// It is safe to use concurrently through a pointer.
+type bufPool struct {
+	ch   chan []byte
+	blen int
+}
+
+func newBufPool(depth, bufLen int) *bufPool {
+	return &bufPool{
+		ch:   make(chan []byte, depth),
+		blen: bufLen,
+	}
+}
+
+func (p *bufPool) Get() []byte {
+	if p.blen <= 0 {
+		panic("bufPool: new buffer creation length must be greater than zero")
+	}
+
+	for {
+		select {
+		case b := <-p.ch:
+			if cap(b) < p.blen {
+				// just in case: throw away any buffer with insufficient capacity.
+				continue
+			}
+
+			return b[:p.blen]
+
+		default:
+			return make([]byte, p.blen)
+		}
+	}
+}
+
+func (p *bufPool) Put(b []byte) {
+	if p == nil {
+		// functional default: no reuse.
+		return
+	}
+
+	if cap(b) < p.blen || cap(b) > p.blen*2 {
+		// DO NOT reuse buffers with insufficient capacity.
+		// This could cause panics when resizing to p.blen.
+
+		// DO NOT reuse buffers with excessive capacity.
+		// This could cause memory leaks.
+		return
+	}
+
+	select {
+	case p.ch <- b:
+	default:
+	}
+}
+
+type resChanPool chan chan result
+
+func newResChanPool(depth int) resChanPool {
+	return make(chan chan result, depth)
+}
+
+func (p resChanPool) Get() chan result {
+	select {
+	case ch := <-p:
+		return ch
+	default:
+		return make(chan result, 1)
+	}
+}
+
+func (p resChanPool) Put(ch chan result) {
+	select {
+	case p <- ch:
+	default:
+	}
+}
diff --git a/vendor/github.com/pkg/sftp/release.go b/vendor/github.com/pkg/sftp/release.go
new file mode 100644
index 000000000..b695528fd
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/release.go
@@ -0,0 +1,5 @@
+// +build !debug
+
+package sftp
+
+func debug(fmt string, args ...interface{}) {}
diff --git a/vendor/github.com/pkg/sftp/request-attrs.go b/vendor/github.com/pkg/sftp/request-attrs.go
new file mode 100644
index 000000000..b5c95b4ad
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-attrs.go
@@ -0,0 +1,63 @@
+package sftp
+
+// Methods on the Request object to make working with the Flags bitmasks and
+// Attr(ibutes) byte blob easier. Use Pflags() when working with an Open/Write
+// request and AttrFlags() and Attributes() when working with SetStat requests.
+import "os"
+
+// FileOpenFlags defines Open and Write Flags. Correlate directly with with os.OpenFile flags
+// (https://golang.org/pkg/os/#pkg-constants).
+type FileOpenFlags struct {
+	Read, Write, Append, Creat, Trunc, Excl bool
+}
+
+func newFileOpenFlags(flags uint32) FileOpenFlags {
+	return FileOpenFlags{
+		Read:   flags&sshFxfRead != 0,
+		Write:  flags&sshFxfWrite != 0,
+		Append: flags&sshFxfAppend != 0,
+		Creat:  flags&sshFxfCreat != 0,
+		Trunc:  flags&sshFxfTrunc != 0,
+		Excl:   flags&sshFxfExcl != 0,
+	}
+}
+
+// Pflags converts the bitmap/uint32 from SFTP Open packet pflag values,
+// into a FileOpenFlags struct with booleans set for flags set in bitmap.
+func (r *Request) Pflags() FileOpenFlags {
+	return newFileOpenFlags(r.Flags)
+}
+
+// FileAttrFlags that indicate whether SFTP file attributes were passed. When a flag is
+// true the corresponding attribute should be available from the FileStat
+// object returned by Attributes method. Used with SetStat.
+type FileAttrFlags struct {
+	Size, UidGid, Permissions, Acmodtime bool
+}
+
+func newFileAttrFlags(flags uint32) FileAttrFlags {
+	return FileAttrFlags{
+		Size:        (flags & sshFileXferAttrSize) != 0,
+		UidGid:      (flags & sshFileXferAttrUIDGID) != 0,
+		Permissions: (flags & sshFileXferAttrPermissions) != 0,
+		Acmodtime:   (flags & sshFileXferAttrACmodTime) != 0,
+	}
+}
+
+// AttrFlags returns a FileAttrFlags boolean struct based on the
+// bitmap/uint32 file attribute flags from the SFTP packaet.
+func (r *Request) AttrFlags() FileAttrFlags {
+	return newFileAttrFlags(r.Flags)
+}
+
+// FileMode returns the Mode SFTP file attributes wrapped as os.FileMode
+func (a FileStat) FileMode() os.FileMode {
+	return os.FileMode(a.Mode)
+}
+
+// Attributes parses file attributes byte blob and return them in a
+// FileStat object.
+func (r *Request) Attributes() *FileStat {
+	fs, _ := unmarshalFileStat(r.Flags, r.Attrs)
+	return fs
+}
diff --git a/vendor/github.com/pkg/sftp/request-errors.go b/vendor/github.com/pkg/sftp/request-errors.go
new file mode 100644
index 000000000..6505b5c74
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-errors.go
@@ -0,0 +1,54 @@
+package sftp
+
+type fxerr uint32
+
+// Error types that match the SFTP's SSH_FXP_STATUS codes. Gives you more
+// direct control of the errors being sent vs. letting the library work them
+// out from the standard os/io errors.
+const (
+	ErrSSHFxOk               = fxerr(sshFxOk)
+	ErrSSHFxEOF              = fxerr(sshFxEOF)
+	ErrSSHFxNoSuchFile       = fxerr(sshFxNoSuchFile)
+	ErrSSHFxPermissionDenied = fxerr(sshFxPermissionDenied)
+	ErrSSHFxFailure          = fxerr(sshFxFailure)
+	ErrSSHFxBadMessage       = fxerr(sshFxBadMessage)
+	ErrSSHFxNoConnection     = fxerr(sshFxNoConnection)
+	ErrSSHFxConnectionLost   = fxerr(sshFxConnectionLost)
+	ErrSSHFxOpUnsupported    = fxerr(sshFxOPUnsupported)
+)
+
+// Deprecated error types, these are aliases for the new ones, please use the new ones directly
+const (
+	ErrSshFxOk               = ErrSSHFxOk
+	ErrSshFxEof              = ErrSSHFxEOF
+	ErrSshFxNoSuchFile       = ErrSSHFxNoSuchFile
+	ErrSshFxPermissionDenied = ErrSSHFxPermissionDenied
+	ErrSshFxFailure          = ErrSSHFxFailure
+	ErrSshFxBadMessage       = ErrSSHFxBadMessage
+	ErrSshFxNoConnection     = ErrSSHFxNoConnection
+	ErrSshFxConnectionLost   = ErrSSHFxConnectionLost
+	ErrSshFxOpUnsupported    = ErrSSHFxOpUnsupported
+)
+
+func (e fxerr) Error() string {
+	switch e {
+	case ErrSSHFxOk:
+		return "OK"
+	case ErrSSHFxEOF:
+		return "EOF"
+	case ErrSSHFxNoSuchFile:
+		return "no such file"
+	case ErrSSHFxPermissionDenied:
+		return "permission denied"
+	case ErrSSHFxBadMessage:
+		return "bad message"
+	case ErrSSHFxNoConnection:
+		return "no connection"
+	case ErrSSHFxConnectionLost:
+		return "connection lost"
+	case ErrSSHFxOpUnsupported:
+		return "operation unsupported"
+	default:
+		return "failure"
+	}
+}
diff --git a/vendor/github.com/pkg/sftp/request-example.go b/vendor/github.com/pkg/sftp/request-example.go
new file mode 100644
index 000000000..ba22bcd0f
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-example.go
@@ -0,0 +1,666 @@
+package sftp
+
+// This serves as an example of how to implement the request server handler as
+// well as a dummy backend for testing. It implements an in-memory backend that
+// works as a very simple filesystem with simple flat key-value lookup system.
+
+import (
+	"errors"
+	"io"
+	"os"
+	"path"
+	"sort"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+)
+
+const maxSymlinkFollows = 5
+
+var errTooManySymlinks = errors.New("too many symbolic links")
+
+// InMemHandler returns a Hanlders object with the test handlers.
+func InMemHandler() Handlers {
+	root := &root{
+		rootFile: &memFile{name: "/", modtime: time.Now(), isdir: true},
+		files:    make(map[string]*memFile),
+	}
+	return Handlers{root, root, root, root}
+}
+
+// Example Handlers
+func (fs *root) Fileread(r *Request) (io.ReaderAt, error) {
+	flags := r.Pflags()
+	if !flags.Read {
+		// sanity check
+		return nil, os.ErrInvalid
+	}
+
+	return fs.OpenFile(r)
+}
+
+func (fs *root) Filewrite(r *Request) (io.WriterAt, error) {
+	flags := r.Pflags()
+	if !flags.Write {
+		// sanity check
+		return nil, os.ErrInvalid
+	}
+
+	return fs.OpenFile(r)
+}
+
+func (fs *root) OpenFile(r *Request) (WriterAtReaderAt, error) {
+	if fs.mockErr != nil {
+		return nil, fs.mockErr
+	}
+	_ = r.WithContext(r.Context()) // initialize context for deadlock testing
+
+	fs.mu.Lock()
+	defer fs.mu.Unlock()
+
+	return fs.openfile(r.Filepath, r.Flags)
+}
+
+func (fs *root) putfile(pathname string, file *memFile) error {
+	pathname, err := fs.canonName(pathname)
+	if err != nil {
+		return err
+	}
+
+	if !strings.HasPrefix(pathname, "/") {
+		return os.ErrInvalid
+	}
+
+	if _, err := fs.lfetch(pathname); err != os.ErrNotExist {
+		return os.ErrExist
+	}
+
+	file.name = pathname
+	fs.files[pathname] = file
+
+	return nil
+}
+
+func (fs *root) openfile(pathname string, flags uint32) (*memFile, error) {
+	pflags := newFileOpenFlags(flags)
+
+	file, err := fs.fetch(pathname)
+	if err == os.ErrNotExist {
+		if !pflags.Creat {
+			return nil, os.ErrNotExist
+		}
+
+		var count int
+		// You can create files through dangling symlinks.
+		link, err := fs.lfetch(pathname)
+		for err == nil && link.symlink != "" {
+			if pflags.Excl {
+				// unless you also passed in O_EXCL
+				return nil, os.ErrInvalid
+			}
+
+			if count++; count > maxSymlinkFollows {
+				return nil, errTooManySymlinks
+			}
+
+			pathname = link.symlink
+			link, err = fs.lfetch(pathname)
+		}
+
+		file := &memFile{
+			modtime: time.Now(),
+		}
+
+		if err := fs.putfile(pathname, file); err != nil {
+			return nil, err
+		}
+
+		return file, nil
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if pflags.Creat && pflags.Excl {
+		return nil, os.ErrExist
+	}
+
+	if file.IsDir() {
+		return nil, os.ErrInvalid
+	}
+
+	if pflags.Trunc {
+		if err := file.Truncate(0); err != nil {
+			return nil, err
+		}
+	}
+
+	return file, nil
+}
+
+func (fs *root) Filecmd(r *Request) error {
+	if fs.mockErr != nil {
+		return fs.mockErr
+	}
+	_ = r.WithContext(r.Context()) // initialize context for deadlock testing
+
+	fs.mu.Lock()
+	defer fs.mu.Unlock()
+
+	switch r.Method {
+	case "Setstat":
+		file, err := fs.openfile(r.Filepath, sshFxfWrite)
+		if err != nil {
+			return err
+		}
+
+		if r.AttrFlags().Size {
+			return file.Truncate(int64(r.Attributes().Size))
+		}
+
+		return nil
+
+	case "Rename":
+		// SFTP-v2: "It is an error if there already exists a file with the name specified by newpath."
+		// This varies from the POSIX specification, which allows limited replacement of target files.
+		if fs.exists(r.Target) {
+			return os.ErrExist
+		}
+
+		return fs.rename(r.Filepath, r.Target)
+
+	case "Rmdir":
+		return fs.rmdir(r.Filepath)
+
+	case "Remove":
+		// IEEE 1003.1 remove explicitly can unlink files and remove empty directories.
+		// We use instead here the semantics of unlink, which is allowed to be restricted against directories.
+		return fs.unlink(r.Filepath)
+
+	case "Mkdir":
+		return fs.mkdir(r.Filepath)
+
+	case "Link":
+		return fs.link(r.Filepath, r.Target)
+
+	case "Symlink":
+		// NOTE: r.Filepath is the target, and r.Target is the linkpath.
+		return fs.symlink(r.Filepath, r.Target)
+	}
+
+	return errors.New("unsupported")
+}
+
+func (fs *root) rename(oldpath, newpath string) error {
+	file, err := fs.lfetch(oldpath)
+	if err != nil {
+		return err
+	}
+
+	newpath, err = fs.canonName(newpath)
+	if err != nil {
+		return err
+	}
+
+	if !strings.HasPrefix(newpath, "/") {
+		return os.ErrInvalid
+	}
+
+	target, err := fs.lfetch(newpath)
+	if err != os.ErrNotExist {
+		if target == file {
+			// IEEE 1003.1: if oldpath and newpath are the same directory entry,
+			// then return no error, and perform no further action.
+			return nil
+		}
+
+		switch {
+		case file.IsDir():
+			// IEEE 1003.1: if oldpath is a directory, and newpath exists,
+			// then newpath must be a directory, and empty.
+			// It is to be removed prior to rename.
+			if err := fs.rmdir(newpath); err != nil {
+				return err
+			}
+
+		case target.IsDir():
+			// IEEE 1003.1: if oldpath is not a directory, and newpath exists,
+			// then newpath may not be a directory.
+			return syscall.EISDIR
+		}
+	}
+
+	fs.files[newpath] = file
+
+	if file.IsDir() {
+		dirprefix := file.name + "/"
+
+		for name, file := range fs.files {
+			if strings.HasPrefix(name, dirprefix) {
+				newname := path.Join(newpath, strings.TrimPrefix(name, dirprefix))
+
+				fs.files[newname] = file
+				file.name = newname
+				delete(fs.files, name)
+			}
+		}
+	}
+
+	file.name = newpath
+	delete(fs.files, oldpath)
+
+	return nil
+}
+
+func (fs *root) PosixRename(r *Request) error {
+	if fs.mockErr != nil {
+		return fs.mockErr
+	}
+	_ = r.WithContext(r.Context()) // initialize context for deadlock testing
+
+	fs.mu.Lock()
+	defer fs.mu.Unlock()
+
+	return fs.rename(r.Filepath, r.Target)
+}
+
+func (fs *root) StatVFS(r *Request) (*StatVFS, error) {
+	if fs.mockErr != nil {
+		return nil, fs.mockErr
+	}
+
+	return getStatVFSForPath(r.Filepath)
+}
+
+func (fs *root) mkdir(pathname string) error {
+	dir := &memFile{
+		modtime: time.Now(),
+		isdir:   true,
+	}
+
+	return fs.putfile(pathname, dir)
+}
+
+func (fs *root) rmdir(pathname string) error {
+	// IEEE 1003.1: If pathname is a symlink, then rmdir should fail with ENOTDIR.
+	dir, err := fs.lfetch(pathname)
+	if err != nil {
+		return err
+	}
+
+	if !dir.IsDir() {
+		return syscall.ENOTDIR
+	}
+
+	// use the dir‘s internal name not the pathname we passed in.
+	// the dir.name is always the canonical name of a directory.
+	pathname = dir.name
+
+	for name := range fs.files {
+		if path.Dir(name) == pathname {
+			return errors.New("directory not empty")
+		}
+	}
+
+	delete(fs.files, pathname)
+
+	return nil
+}
+
+func (fs *root) link(oldpath, newpath string) error {
+	file, err := fs.lfetch(oldpath)
+	if err != nil {
+		return err
+	}
+
+	if file.IsDir() {
+		return errors.New("hard link not allowed for directory")
+	}
+
+	return fs.putfile(newpath, file)
+}
+
+// symlink() creates a symbolic link named `linkpath` which contains the string `target`.
+// NOTE! This would be called with `symlink(req.Filepath, req.Target)` due to different semantics.
+func (fs *root) symlink(target, linkpath string) error {
+	link := &memFile{
+		modtime: time.Now(),
+		symlink: target,
+	}
+
+	return fs.putfile(linkpath, link)
+}
+
+func (fs *root) unlink(pathname string) error {
+	// does not follow symlinks!
+	file, err := fs.lfetch(pathname)
+	if err != nil {
+		return err
+	}
+
+	if file.IsDir() {
+		// IEEE 1003.1: implementations may opt out of allowing the unlinking of directories.
+		// SFTP-v2: SSH_FXP_REMOVE may not remove directories.
+		return os.ErrInvalid
+	}
+
+	// DO NOT use the file’s internal name.
+	// because of hard-links files cannot have a single canonical name.
+	delete(fs.files, pathname)
+
+	return nil
+}
+
+type listerat []os.FileInfo
+
+// Modeled after strings.Reader's ReadAt() implementation
+func (f listerat) ListAt(ls []os.FileInfo, offset int64) (int, error) {
+	var n int
+	if offset >= int64(len(f)) {
+		return 0, io.EOF
+	}
+	n = copy(ls, f[offset:])
+	if n < len(ls) {
+		return n, io.EOF
+	}
+	return n, nil
+}
+
+func (fs *root) Filelist(r *Request) (ListerAt, error) {
+	if fs.mockErr != nil {
+		return nil, fs.mockErr
+	}
+	_ = r.WithContext(r.Context()) // initialize context for deadlock testing
+
+	fs.mu.Lock()
+	defer fs.mu.Unlock()
+
+	switch r.Method {
+	case "List":
+		files, err := fs.readdir(r.Filepath)
+		if err != nil {
+			return nil, err
+		}
+		return listerat(files), nil
+
+	case "Stat":
+		file, err := fs.fetch(r.Filepath)
+		if err != nil {
+			return nil, err
+		}
+		return listerat{file}, nil
+
+	case "Readlink":
+		symlink, err := fs.readlink(r.Filepath)
+		if err != nil {
+			return nil, err
+		}
+
+		// SFTP-v2: The server will respond with a SSH_FXP_NAME packet containing only
+		// one name and a dummy attributes value.
+		return listerat{
+			&memFile{
+				name: symlink,
+				err:  os.ErrNotExist, // prevent accidental use as a reader/writer.
+			},
+		}, nil
+	}
+
+	return nil, errors.New("unsupported")
+}
+
+func (fs *root) readdir(pathname string) ([]os.FileInfo, error) {
+	dir, err := fs.fetch(pathname)
+	if err != nil {
+		return nil, err
+	}
+
+	if !dir.IsDir() {
+		return nil, syscall.ENOTDIR
+	}
+
+	var files []os.FileInfo
+
+	for name, file := range fs.files {
+		if path.Dir(name) == dir.name {
+			files = append(files, file)
+		}
+	}
+
+	sort.Slice(files, func(i, j int) bool { return files[i].Name() < files[j].Name() })
+
+	return files, nil
+}
+
+func (fs *root) readlink(pathname string) (string, error) {
+	file, err := fs.lfetch(pathname)
+	if err != nil {
+		return "", err
+	}
+
+	if file.symlink == "" {
+		return "", os.ErrInvalid
+	}
+
+	return file.symlink, nil
+}
+
+// implements LstatFileLister interface
+func (fs *root) Lstat(r *Request) (ListerAt, error) {
+	if fs.mockErr != nil {
+		return nil, fs.mockErr
+	}
+	_ = r.WithContext(r.Context()) // initialize context for deadlock testing
+
+	fs.mu.Lock()
+	defer fs.mu.Unlock()
+
+	file, err := fs.lfetch(r.Filepath)
+	if err != nil {
+		return nil, err
+	}
+	return listerat{file}, nil
+}
+
+// implements RealpathFileLister interface
+func (fs *root) Realpath(p string) string {
+	if fs.startDirectory == "" || fs.startDirectory == "/" {
+		return cleanPath(p)
+	}
+	return cleanPathWithBase(fs.startDirectory, p)
+}
+
+// In memory file-system-y thing that the Hanlders live on
+type root struct {
+	rootFile       *memFile
+	mockErr        error
+	startDirectory string
+
+	mu    sync.Mutex
+	files map[string]*memFile
+}
+
+// Set a mocked error that the next handler call will return.
+// Set to nil to reset for no error.
+func (fs *root) returnErr(err error) {
+	fs.mockErr = err
+}
+
+func (fs *root) lfetch(path string) (*memFile, error) {
+	if path == "/" {
+		return fs.rootFile, nil
+	}
+
+	file, ok := fs.files[path]
+	if file == nil {
+		if ok {
+			delete(fs.files, path)
+		}
+
+		return nil, os.ErrNotExist
+	}
+
+	return file, nil
+}
+
+// canonName returns the “canonical� name of a file, that is:
+// if the directory of the pathname is a symlink, it follows that symlink to the valid directory name.
+// this is relatively easy, since `dir.name` will be the only valid canonical path for a directory.
+func (fs *root) canonName(pathname string) (string, error) {
+	dirname, filename := path.Dir(pathname), path.Base(pathname)
+
+	dir, err := fs.fetch(dirname)
+	if err != nil {
+		return "", err
+	}
+
+	if !dir.IsDir() {
+		return "", syscall.ENOTDIR
+	}
+
+	return path.Join(dir.name, filename), nil
+}
+
+func (fs *root) exists(path string) bool {
+	path, err := fs.canonName(path)
+	if err != nil {
+		return false
+	}
+
+	_, err = fs.lfetch(path)
+
+	return err != os.ErrNotExist
+}
+
+func (fs *root) fetch(path string) (*memFile, error) {
+	file, err := fs.lfetch(path)
+	if err != nil {
+		return nil, err
+	}
+
+	var count int
+	for file.symlink != "" {
+		if count++; count > maxSymlinkFollows {
+			return nil, errTooManySymlinks
+		}
+
+		file, err = fs.lfetch(file.symlink)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return file, nil
+}
+
+// Implements os.FileInfo, io.ReaderAt and io.WriterAt interfaces.
+// These are the 3 interfaces necessary for the Handlers.
+// Implements the optional interface TransferError.
+type memFile struct {
+	name    string
+	modtime time.Time
+	symlink string
+	isdir   bool
+
+	mu      sync.RWMutex
+	content []byte
+	err     error
+}
+
+// These are helper functions, they must be called while holding the memFile.mu mutex
+func (f *memFile) size() int64  { return int64(len(f.content)) }
+func (f *memFile) grow(n int64) { f.content = append(f.content, make([]byte, n)...) }
+
+// Have memFile fulfill os.FileInfo interface
+func (f *memFile) Name() string { return path.Base(f.name) }
+func (f *memFile) Size() int64 {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	return f.size()
+}
+func (f *memFile) Mode() os.FileMode {
+	if f.isdir {
+		return os.FileMode(0755) | os.ModeDir
+	}
+	if f.symlink != "" {
+		return os.FileMode(0777) | os.ModeSymlink
+	}
+	return os.FileMode(0644)
+}
+func (f *memFile) ModTime() time.Time { return f.modtime }
+func (f *memFile) IsDir() bool        { return f.isdir }
+func (f *memFile) Sys() interface{} {
+	return fakeFileInfoSys()
+}
+
+func (f *memFile) ReadAt(b []byte, off int64) (int, error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	if f.err != nil {
+		return 0, f.err
+	}
+
+	if off < 0 {
+		return 0, errors.New("memFile.ReadAt: negative offset")
+	}
+
+	if off >= f.size() {
+		return 0, io.EOF
+	}
+
+	n := copy(b, f.content[off:])
+	if n < len(b) {
+		return n, io.EOF
+	}
+
+	return n, nil
+}
+
+func (f *memFile) WriteAt(b []byte, off int64) (int, error) {
+	// fmt.Println(string(p), off)
+	// mimic write delays, should be optional
+	time.Sleep(time.Microsecond * time.Duration(len(b)))
+
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	if f.err != nil {
+		return 0, f.err
+	}
+
+	grow := int64(len(b)) + off - f.size()
+	if grow > 0 {
+		f.grow(grow)
+	}
+
+	return copy(f.content[off:], b), nil
+}
+
+func (f *memFile) Truncate(size int64) error {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	if f.err != nil {
+		return f.err
+	}
+
+	grow := size - f.size()
+	if grow <= 0 {
+		f.content = f.content[:size]
+	} else {
+		f.grow(grow)
+	}
+
+	return nil
+}
+
+func (f *memFile) TransferError(err error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	f.err = err
+}
diff --git a/vendor/github.com/pkg/sftp/request-interfaces.go b/vendor/github.com/pkg/sftp/request-interfaces.go
new file mode 100644
index 000000000..e5dc49bb1
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-interfaces.go
@@ -0,0 +1,123 @@
+package sftp
+
+import (
+	"io"
+	"os"
+)
+
+// WriterAtReaderAt defines the interface to return when a file is to
+// be opened for reading and writing
+type WriterAtReaderAt interface {
+	io.WriterAt
+	io.ReaderAt
+}
+
+// Interfaces are differentiated based on required returned values.
+// All input arguments are to be pulled from Request (the only arg).
+
+// The Handler interfaces all take the Request object as its only argument.
+// All the data you should need to handle the call are in the Request object.
+// The request.Method attribute is initially the most important one as it
+// determines which Handler gets called.
+
+// FileReader should return an io.ReaderAt for the filepath
+// Note in cases of an error, the error text will be sent to the client.
+// Called for Methods: Get
+type FileReader interface {
+	Fileread(*Request) (io.ReaderAt, error)
+}
+
+// FileWriter should return an io.WriterAt for the filepath.
+//
+// The request server code will call Close() on the returned io.WriterAt
+// ojbect if an io.Closer type assertion succeeds.
+// Note in cases of an error, the error text will be sent to the client.
+// Note when receiving an Append flag it is important to not open files using
+// O_APPEND if you plan to use WriteAt, as they conflict.
+// Called for Methods: Put, Open
+type FileWriter interface {
+	Filewrite(*Request) (io.WriterAt, error)
+}
+
+// OpenFileWriter is a FileWriter that implements the generic OpenFile method.
+// You need to implement this optional interface if you want to be able
+// to read and write from/to the same handle.
+// Called for Methods: Open
+type OpenFileWriter interface {
+	FileWriter
+	OpenFile(*Request) (WriterAtReaderAt, error)
+}
+
+// FileCmder should return an error
+// Note in cases of an error, the error text will be sent to the client.
+// Called for Methods: Setstat, Rename, Rmdir, Mkdir, Link, Symlink, Remove
+type FileCmder interface {
+	Filecmd(*Request) error
+}
+
+// PosixRenameFileCmder is a FileCmder that implements the PosixRename method.
+// If this interface is implemented PosixRename requests will call it
+// otherwise they will be handled in the same way as Rename
+type PosixRenameFileCmder interface {
+	FileCmder
+	PosixRename(*Request) error
+}
+
+// StatVFSFileCmder is a FileCmder that implements the StatVFS method.
+// You need to implement this interface if you want to handle statvfs requests.
+// Please also be sure that the statvfs@openssh.com extension is enabled
+type StatVFSFileCmder interface {
+	FileCmder
+	StatVFS(*Request) (*StatVFS, error)
+}
+
+// FileLister should return an object that fulfils the ListerAt interface
+// Note in cases of an error, the error text will be sent to the client.
+// Called for Methods: List, Stat, Readlink
+type FileLister interface {
+	Filelist(*Request) (ListerAt, error)
+}
+
+// LstatFileLister is a FileLister that implements the Lstat method.
+// If this interface is implemented Lstat requests will call it
+// otherwise they will be handled in the same way as Stat
+type LstatFileLister interface {
+	FileLister
+	Lstat(*Request) (ListerAt, error)
+}
+
+// RealPathFileLister is a FileLister that implements the Realpath method.
+// We use "/" as start directory for relative paths, implementing this
+// interface you can customize the start directory.
+// You have to return an absolute POSIX path.
+//
+// Deprecated: if you want to set a start directory use WithStartDirectory RequestServerOption instead.
+type RealPathFileLister interface {
+	FileLister
+	RealPath(string) string
+}
+
+// NameLookupFileLister is a FileLister that implmeents the LookupUsername and LookupGroupName methods.
+// If this interface is implemented, then longname ls formatting will use these to convert usernames and groupnames.
+type NameLookupFileLister interface {
+	FileLister
+	LookupUserName(string) string
+	LookupGroupName(string) string
+}
+
+// ListerAt does for file lists what io.ReaderAt does for files.
+// ListAt should return the number of entries copied and an io.EOF
+// error if at end of list. This is testable by comparing how many you
+// copied to how many could be copied (eg. n < len(ls) below).
+// The copy() builtin is best for the copying.
+// Note in cases of an error, the error text will be sent to the client.
+type ListerAt interface {
+	ListAt([]os.FileInfo, int64) (int, error)
+}
+
+// TransferError is an optional interface that readerAt and writerAt
+// can implement to be notified about the error causing Serve() to exit
+// with the request still open
+type TransferError interface {
+	TransferError(err error)
+}
diff --git a/vendor/github.com/pkg/sftp/request-plan9.go b/vendor/github.com/pkg/sftp/request-plan9.go
new file mode 100644
index 000000000..2444da593
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-plan9.go
@@ -0,0 +1,34 @@
+// +build plan9
+
+package sftp
+
+import (
+	"path"
+	"path/filepath"
+	"syscall"
+)
+
+func fakeFileInfoSys() interface{} {
+	return &syscall.Dir{}
+}
+
+func testOsSys(sys interface{}) error {
+	return nil
+}
+
+func toLocalPath(p string) string {
+	lp := filepath.FromSlash(p)
+
+	if path.IsAbs(p) {
+		tmp := lp[1:]
+
+		if filepath.IsAbs(tmp) {
+			// If the FromSlash without any starting slashes is absolute,
+			// then we have a filepath encoded with a prefix '/'.
+			// e.g. "/#s/boot" to "#s/boot"
+			return tmp
+		}
+	}
+
+	return lp
+}
diff --git a/vendor/github.com/pkg/sftp/request-readme.md b/vendor/github.com/pkg/sftp/request-readme.md
new file mode 100644
index 000000000..f887274dc
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-readme.md
@@ -0,0 +1,53 @@
+# Request Based SFTP API
+
+The request based API allows for custom backends in a way similar to the http
+package. In order to create a backend you need to implement 4 handler
+interfaces; one for reading, one for writing, one for misc commands and one for
+listing files. Each has 1 required method and in each case those methods take
+the Request as the only parameter and they each return something different.
+These 4 interfaces are enough to handle all the SFTP traffic in a simplified
+manner.
+
+The Request structure has 5 public fields which you will deal with.
+
+- Method (string) - string name of incoming call
+- Filepath (string) - POSIX path of file to act on
+- Flags (uint32) - 32bit bitmask value of file open/create flags
+- Attrs ([]byte) - byte string of file attribute data
+- Target (string) - target path for renames and sym-links
+
+Below are the methods and a brief description of what they need to do.
+
+### Fileread(*Request) (io.Reader, error)
+
+Handler for "Get" method and returns an io.Reader for the file which the server
+then sends to the client.
+
+### Filewrite(*Request) (io.Writer, error)
+
+Handler for "Put" method and returns an io.Writer for the file which the server
+then writes the uploaded file to. The file opening "pflags" are currently
+preserved in the Request.Flags field as a 32bit bitmask value. See the [SFTP
+spec](https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02#section-6.3) for
+details.
+
+###    Filecmd(*Request) error
+
+Handles "SetStat", "Rename", "Rmdir", "Mkdir"  and "Symlink" methods. Makes the
+appropriate changes and returns nil for success or an filesystem like error
+(eg. os.ErrNotExist). The attributes are currently propagated in their raw form
+([]byte) and will need to be unmarshalled to be useful. See the respond method
+on sshFxpSetstatPacket for example of you might want to do this.
+
+### Fileinfo(*Request) ([]os.FileInfo, error)
+
+Handles "List", "Stat", "Readlink" methods. Gathers/creates FileInfo structs
+with the data on the files and returns in a list (list of 1 for Stat and
+Readlink).
+
+
+## TODO
+
+- Add support for API users to see trace/debugging info of what is going on
+inside SFTP server.
+- Unmarshal the file attributes into a structure on the Request object.
diff --git a/vendor/github.com/pkg/sftp/request-server.go b/vendor/github.com/pkg/sftp/request-server.go
new file mode 100644
index 000000000..b7dadd6c1
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-server.go
@@ -0,0 +1,328 @@
+package sftp
+
+import (
+	"context"
+	"errors"
+	"io"
+	"path"
+	"path/filepath"
+	"strconv"
+	"sync"
+)
+
+var maxTxPacket uint32 = 1 << 15
+
+// Handlers contains the 4 SFTP server request handlers.
+type Handlers struct {
+	FileGet  FileReader
+	FilePut  FileWriter
+	FileCmd  FileCmder
+	FileList FileLister
+}
+
+// RequestServer abstracts the sftp protocol with an http request-like protocol
+type RequestServer struct {
+	Handlers Handlers
+
+	*serverConn
+	pktMgr *packetManager
+
+	startDirectory string
+
+	mu           sync.RWMutex
+	handleCount  int
+	openRequests map[string]*Request
+}
+
+// A RequestServerOption is a function which applies configuration to a RequestServer.
+type RequestServerOption func(*RequestServer)
+
+// WithRSAllocator enable the allocator.
+// After processing a packet we keep in memory the allocated slices
+// and we reuse them for new packets.
+// The allocator is experimental
+func WithRSAllocator() RequestServerOption {
+	return func(rs *RequestServer) {
+		alloc := newAllocator()
+		rs.pktMgr.alloc = alloc
+		rs.conn.alloc = alloc
+	}
+}
+
+// WithStartDirectory sets a start directory to use as base for relative paths.
+// If unset the default is "/"
+func WithStartDirectory(startDirectory string) RequestServerOption {
+	return func(rs *RequestServer) {
+		rs.startDirectory = cleanPath(startDirectory)
+	}
+}
+
+// NewRequestServer creates/allocates/returns new RequestServer.
+// Normally there will be one server per user-session.
+func NewRequestServer(rwc io.ReadWriteCloser, h Handlers, options ...RequestServerOption) *RequestServer {
+	svrConn := &serverConn{
+		conn: conn{
+			Reader:      rwc,
+			WriteCloser: rwc,
+		},
+	}
+	rs := &RequestServer{
+		Handlers: h,
+
+		serverConn: svrConn,
+		pktMgr:     newPktMgr(svrConn),
+
+		startDirectory: "/",
+
+		openRequests: make(map[string]*Request),
+	}
+
+	for _, o := range options {
+		o(rs)
+	}
+	return rs
+}
+
+// New Open packet/Request
+func (rs *RequestServer) nextRequest(r *Request) string {
+	rs.mu.Lock()
+	defer rs.mu.Unlock()
+
+	rs.handleCount++
+
+	r.handle = strconv.Itoa(rs.handleCount)
+	rs.openRequests[r.handle] = r
+
+	return r.handle
+}
+
+// Returns Request from openRequests, bool is false if it is missing.
+//
+// The Requests in openRequests work essentially as open file descriptors that
+// you can do different things with. What you are doing with it are denoted by
+// the first packet of that type (read/write/etc).
+func (rs *RequestServer) getRequest(handle string) (*Request, bool) {
+	rs.mu.RLock()
+	defer rs.mu.RUnlock()
+
+	r, ok := rs.openRequests[handle]
+	return r, ok
+}
+
+// Close the Request and clear from openRequests map
+func (rs *RequestServer) closeRequest(handle string) error {
+	rs.mu.Lock()
+	defer rs.mu.Unlock()
+
+	if r, ok := rs.openRequests[handle]; ok {
+		delete(rs.openRequests, handle)
+		return r.close()
+	}
+
+	return EBADF
+}
+
+// Close the read/write/closer to trigger exiting the main server loop
+func (rs *RequestServer) Close() error { return rs.conn.Close() }
+
+func (rs *RequestServer) serveLoop(pktChan chan<- orderedRequest) error {
+	defer close(pktChan) // shuts down sftpServerWorkers
+
+	var err error
+	var pkt requestPacket
+	var pktType uint8
+	var pktBytes []byte
+
+	for {
+		pktType, pktBytes, err = rs.serverConn.recvPacket(rs.pktMgr.getNextOrderID())
+		if err != nil {
+			// we don't care about releasing allocated pages here, the server will quit and the allocator freed
+			return err
+		}
+
+		pkt, err = makePacket(rxPacket{fxp(pktType), pktBytes})
+		if err != nil {
+			switch {
+			case errors.Is(err, errUnknownExtendedPacket):
+				// do nothing
+			default:
+				debug("makePacket err: %v", err)
+				rs.conn.Close() // shuts down recvPacket
+				return err
+			}
+		}
+
+		pktChan <- rs.pktMgr.newOrderedRequest(pkt)
+	}
+}
+
+// Serve requests for user session
+func (rs *RequestServer) Serve() error {
+	defer func() {
+		if rs.pktMgr.alloc != nil {
+			rs.pktMgr.alloc.Free()
+		}
+	}()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	var wg sync.WaitGroup
+	runWorker := func(ch chan orderedRequest) {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := rs.packetWorker(ctx, ch); err != nil {
+				rs.conn.Close() // shuts down recvPacket
+			}
+		}()
+	}
+	pktChan := rs.pktMgr.workerChan(runWorker)
+
+	err := rs.serveLoop(pktChan)
+
+	wg.Wait() // wait for all workers to exit
+
+	rs.mu.Lock()
+	defer rs.mu.Unlock()
+
+	// make sure all open requests are properly closed
+	// (eg. possible on dropped connections, client crashes, etc.)
+	for handle, req := range rs.openRequests {
+		if err == io.EOF {
+			err = io.ErrUnexpectedEOF
+		}
+		req.transferError(err)
+
+		delete(rs.openRequests, handle)
+		req.close()
+	}
+
+	return err
+}
+
+func (rs *RequestServer) packetWorker(ctx context.Context, pktChan chan orderedRequest) error {
+	for pkt := range pktChan {
+		orderID := pkt.orderID()
+		if epkt, ok := pkt.requestPacket.(*sshFxpExtendedPacket); ok {
+			if epkt.SpecificPacket != nil {
+				pkt.requestPacket = epkt.SpecificPacket
+			}
+		}
+
+		var rpkt responsePacket
+		switch pkt := pkt.requestPacket.(type) {
+		case *sshFxInitPacket:
+			rpkt = &sshFxVersionPacket{Version: sftpProtocolVersion, Extensions: sftpExtensions}
+		case *sshFxpClosePacket:
+			handle := pkt.getHandle()
+			rpkt = statusFromError(pkt.ID, rs.closeRequest(handle))
+		case *sshFxpRealpathPacket:
+			var realPath string
+			if realPather, ok := rs.Handlers.FileList.(RealPathFileLister); ok {
+				realPath = realPather.RealPath(pkt.getPath())
+			} else {
+				realPath = cleanPathWithBase(rs.startDirectory, pkt.getPath())
+			}
+			rpkt = cleanPacketPath(pkt, realPath)
+		case *sshFxpOpendirPacket:
+			request := requestFromPacket(ctx, pkt, rs.startDirectory)
+			handle := rs.nextRequest(request)
+			rpkt = request.opendir(rs.Handlers, pkt)
+			if _, ok := rpkt.(*sshFxpHandlePacket); !ok {
+				// if we return an error we have to remove the handle from the active ones
+				rs.closeRequest(handle)
+			}
+		case *sshFxpOpenPacket:
+			request := requestFromPacket(ctx, pkt, rs.startDirectory)
+			handle := rs.nextRequest(request)
+			rpkt = request.open(rs.Handlers, pkt)
+			if _, ok := rpkt.(*sshFxpHandlePacket); !ok {
+				// if we return an error we have to remove the handle from the active ones
+				rs.closeRequest(handle)
+			}
+		case *sshFxpFstatPacket:
+			handle := pkt.getHandle()
+			request, ok := rs.getRequest(handle)
+			if !ok {
+				rpkt = statusFromError(pkt.ID, EBADF)
+			} else {
+				request = &Request{
+					Method:   "Stat",
+					Filepath: cleanPathWithBase(rs.startDirectory, request.Filepath),
+				}
+				rpkt = request.call(rs.Handlers, pkt, rs.pktMgr.alloc, orderID)
+			}
+		case *sshFxpFsetstatPacket:
+			handle := pkt.getHandle()
+			request, ok := rs.getRequest(handle)
+			if !ok {
+				rpkt = statusFromError(pkt.ID, EBADF)
+			} else {
+				request = &Request{
+					Method:   "Setstat",
+					Filepath: cleanPathWithBase(rs.startDirectory, request.Filepath),
+				}
+				rpkt = request.call(rs.Handlers, pkt, rs.pktMgr.alloc, orderID)
+			}
+		case *sshFxpExtendedPacketPosixRename:
+			request := &Request{
+				Method:   "PosixRename",
+				Filepath: cleanPathWithBase(rs.startDirectory, pkt.Oldpath),
+				Target:   cleanPathWithBase(rs.startDirectory, pkt.Newpath),
+			}
+			rpkt = request.call(rs.Handlers, pkt, rs.pktMgr.alloc, orderID)
+		case *sshFxpExtendedPacketStatVFS:
+			request := &Request{
+				Method:   "StatVFS",
+				Filepath: cleanPathWithBase(rs.startDirectory, pkt.Path),
+			}
+			rpkt = request.call(rs.Handlers, pkt, rs.pktMgr.alloc, orderID)
+		case hasHandle:
+			handle := pkt.getHandle()
+			request, ok := rs.getRequest(handle)
+			if !ok {
+				rpkt = statusFromError(pkt.id(), EBADF)
+			} else {
+				rpkt = request.call(rs.Handlers, pkt, rs.pktMgr.alloc, orderID)
+			}
+		case hasPath:
+			request := requestFromPacket(ctx, pkt, rs.startDirectory)
+			rpkt = request.call(rs.Handlers, pkt, rs.pktMgr.alloc, orderID)
+			request.close()
+		default:
+			rpkt = statusFromError(pkt.id(), ErrSSHFxOpUnsupported)
+		}
+
+		rs.pktMgr.readyPacket(
+			rs.pktMgr.newOrderedResponse(rpkt, orderID))
+	}
+	return nil
+}
+
+// clean and return name packet for file
+func cleanPacketPath(pkt *sshFxpRealpathPacket, realPath string) responsePacket {
+	return &sshFxpNamePacket{
+		ID: pkt.id(),
+		NameAttrs: []*sshFxpNameAttr{
+			{
+				Name:     realPath,
+				LongName: realPath,
+				Attrs:    emptyFileStat,
+			},
+		},
+	}
+}
+
+// Makes sure we have a clean POSIX (/) absolute path to work with
+func cleanPath(p string) string {
+	return cleanPathWithBase("/", p)
+}
+
+func cleanPathWithBase(base, p string) string {
+	p = filepath.ToSlash(filepath.Clean(p))
+	if !path.IsAbs(p) {
+		return path.Join(base, p)
+	}
+	return p
+}
diff --git a/vendor/github.com/pkg/sftp/request-unix.go b/vendor/github.com/pkg/sftp/request-unix.go
new file mode 100644
index 000000000..50b08a38d
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request-unix.go
@@ -0,0 +1,27 @@
+// +build !windows,!plan9
+
+package sftp
+
+import (
+	"errors"
+	"syscall"
+)
+
+func fakeFileInfoSys() interface{} {
+	return &syscall.Stat_t{Uid: 65534, Gid: 65534}
+}
+
+func testOsSys(sys interface{}) error {
+	fstat := sys.(*FileStat)
+	if fstat.UID != uint32(65534) {
+		return errors.New("Uid failed to match")
+	}
+	if fstat.GID != uint32(65534) {
+		return errors.New("Gid failed to match")
+	}
+	return nil
+}
+
+func toLocalPath(p string) string {
+	return p
+}
diff --git a/vendor/github.com/pkg/sftp/request.go b/vendor/github.com/pkg/sftp/request.go
new file mode 100644
index 000000000..116c27aab
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request.go
@@ -0,0 +1,630 @@
+package sftp
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"sync"
+	"syscall"
+)
+
+// MaxFilelist is the max number of files to return in a readdir batch.
+var MaxFilelist int64 = 100
+
+// state encapsulates the reader/writer/readdir from handlers.
+type state struct {
+	mu sync.RWMutex
+
+	writerAt         io.WriterAt
+	readerAt         io.ReaderAt
+	writerAtReaderAt WriterAtReaderAt
+	listerAt         ListerAt
+	lsoffset         int64
+}
+
+// copy returns a shallow copy the state.
+// This is broken out to specific fields,
+// because we have to copy around the mutex in state.
+func (s *state) copy() state {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return state{
+		writerAt:         s.writerAt,
+		readerAt:         s.readerAt,
+		writerAtReaderAt: s.writerAtReaderAt,
+		listerAt:         s.listerAt,
+		lsoffset:         s.lsoffset,
+	}
+}
+
+func (s *state) setReaderAt(rd io.ReaderAt) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.readerAt = rd
+}
+
+func (s *state) getReaderAt() io.ReaderAt {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.readerAt
+}
+
+func (s *state) setWriterAt(rd io.WriterAt) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.writerAt = rd
+}
+
+func (s *state) getWriterAt() io.WriterAt {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.writerAt
+}
+
+func (s *state) setWriterAtReaderAt(rw WriterAtReaderAt) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.writerAtReaderAt = rw
+}
+
+func (s *state) getWriterAtReaderAt() WriterAtReaderAt {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.writerAtReaderAt
+}
+
+func (s *state) getAllReaderWriters() (io.ReaderAt, io.WriterAt, WriterAtReaderAt) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.readerAt, s.writerAt, s.writerAtReaderAt
+}
+
+// Returns current offset for file list
+func (s *state) lsNext() int64 {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.lsoffset
+}
+
+// Increases next offset
+func (s *state) lsInc(offset int64) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.lsoffset += offset
+}
+
+// manage file read/write state
+func (s *state) setListerAt(la ListerAt) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.listerAt = la
+}
+
+func (s *state) getListerAt() ListerAt {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.listerAt
+}
+
+// Request contains the data and state for the incoming service request.
+type Request struct {
+	// Get, Put, Setstat, Stat, Rename, Remove
+	// Rmdir, Mkdir, List, Readlink, Link, Symlink
+	Method   string
+	Filepath string
+	Flags    uint32
+	Attrs    []byte // convert to sub-struct
+	Target   string // for renames and sym-links
+	handle   string
+
+	// reader/writer/readdir from handlers
+	state
+
+	// context lasts duration of request
+	ctx       context.Context
+	cancelCtx context.CancelFunc
+}
+
+// NewRequest creates a new Request object.
+func NewRequest(method, path string) *Request {
+	return &Request{
+		Method:   method,
+		Filepath: cleanPath(path),
+	}
+}
+
+// copy returns a shallow copy of existing request.
+// This is broken out to specific fields,
+// because we have to copy around the mutex in state.
+func (r *Request) copy() *Request {
+	return &Request{
+		Method:   r.Method,
+		Filepath: r.Filepath,
+		Flags:    r.Flags,
+		Attrs:    r.Attrs,
+		Target:   r.Target,
+		handle:   r.handle,
+
+		state: r.state.copy(),
+
+		ctx:       r.ctx,
+		cancelCtx: r.cancelCtx,
+	}
+}
+
+// New Request initialized based on packet data
+func requestFromPacket(ctx context.Context, pkt hasPath, baseDir string) *Request {
+	request := &Request{
+		Method:   requestMethod(pkt),
+		Filepath: cleanPathWithBase(baseDir, pkt.getPath()),
+	}
+	request.ctx, request.cancelCtx = context.WithCancel(ctx)
+
+	switch p := pkt.(type) {
+	case *sshFxpOpenPacket:
+		request.Flags = p.Pflags
+	case *sshFxpSetstatPacket:
+		request.Flags = p.Flags
+		request.Attrs = p.Attrs.([]byte)
+	case *sshFxpRenamePacket:
+		request.Target = cleanPathWithBase(baseDir, p.Newpath)
+	case *sshFxpSymlinkPacket:
+		// NOTE: given a POSIX compliant signature: symlink(target, linkpath string)
+		// this makes Request.Target the linkpath, and Request.Filepath the target.
+		request.Target = cleanPathWithBase(baseDir, p.Linkpath)
+	case *sshFxpExtendedPacketHardlink:
+		request.Target = cleanPathWithBase(baseDir, p.Newpath)
+	}
+	return request
+}
+
+// Context returns the request's context. To change the context,
+// use WithContext.
+//
+// The returned context is always non-nil; it defaults to the
+// background context.
+//
+// For incoming server requests, the context is canceled when the
+// request is complete or the client's connection closes.
+func (r *Request) Context() context.Context {
+	if r.ctx != nil {
+		return r.ctx
+	}
+	return context.Background()
+}
+
+// WithContext returns a copy of r with its context changed to ctx.
+// The provided ctx must be non-nil.
+func (r *Request) WithContext(ctx context.Context) *Request {
+	if ctx == nil {
+		panic("nil context")
+	}
+	r2 := r.copy()
+	r2.ctx = ctx
+	r2.cancelCtx = nil
+	return r2
+}
+
+// Close reader/writer if possible
+func (r *Request) close() error {
+	defer func() {
+		if r.cancelCtx != nil {
+			r.cancelCtx()
+		}
+	}()
+
+	rd, wr, rw := r.getAllReaderWriters()
+
+	var err error
+
+	// Close errors on a Writer are far more likely to be the important one.
+	// As they can be information that there was a loss of data.
+	if c, ok := wr.(io.Closer); ok {
+		if err2 := c.Close(); err == nil {
+			// update error if it is still nil
+			err = err2
+		}
+	}
+
+	if c, ok := rw.(io.Closer); ok {
+		if err2 := c.Close(); err == nil {
+			// update error if it is still nil
+			err = err2
+
+			r.setWriterAtReaderAt(nil)
+		}
+	}
+
+	if c, ok := rd.(io.Closer); ok {
+		if err2 := c.Close(); err == nil {
+			// update error if it is still nil
+			err = err2
+		}
+	}
+
+	return err
+}
+
+// Notify transfer error if any
+func (r *Request) transferError(err error) {
+	if err == nil {
+		return
+	}
+
+	rd, wr, rw := r.getAllReaderWriters()
+
+	if t, ok := wr.(TransferError); ok {
+		t.TransferError(err)
+	}
+
+	if t, ok := rw.(TransferError); ok {
+		t.TransferError(err)
+	}
+
+	if t, ok := rd.(TransferError); ok {
+		t.TransferError(err)
+	}
+}
+
+// called from worker to handle packet/request
+func (r *Request) call(handlers Handlers, pkt requestPacket, alloc *allocator, orderID uint32) responsePacket {
+	switch r.Method {
+	case "Get":
+		return fileget(handlers.FileGet, r, pkt, alloc, orderID)
+	case "Put":
+		return fileput(handlers.FilePut, r, pkt, alloc, orderID)
+	case "Open":
+		return fileputget(handlers.FilePut, r, pkt, alloc, orderID)
+	case "Setstat", "Rename", "Rmdir", "Mkdir", "Link", "Symlink", "Remove", "PosixRename", "StatVFS":
+		return filecmd(handlers.FileCmd, r, pkt)
+	case "List":
+		return filelist(handlers.FileList, r, pkt)
+	case "Stat", "Lstat", "Readlink":
+		return filestat(handlers.FileList, r, pkt)
+	default:
+		return statusFromError(pkt.id(), fmt.Errorf("unexpected method: %s", r.Method))
+	}
+}
+
+// Additional initialization for Open packets
+func (r *Request) open(h Handlers, pkt requestPacket) responsePacket {
+	flags := r.Pflags()
+
+	id := pkt.id()
+
+	switch {
+	case flags.Write, flags.Append, flags.Creat, flags.Trunc:
+		if flags.Read {
+			if openFileWriter, ok := h.FilePut.(OpenFileWriter); ok {
+				r.Method = "Open"
+				rw, err := openFileWriter.OpenFile(r)
+				if err != nil {
+					return statusFromError(id, err)
+				}
+
+				r.setWriterAtReaderAt(rw)
+
+				return &sshFxpHandlePacket{
+					ID:     id,
+					Handle: r.handle,
+				}
+			}
+		}
+
+		r.Method = "Put"
+		wr, err := h.FilePut.Filewrite(r)
+		if err != nil {
+			return statusFromError(id, err)
+		}
+
+		r.setWriterAt(wr)
+
+	case flags.Read:
+		r.Method = "Get"
+		rd, err := h.FileGet.Fileread(r)
+		if err != nil {
+			return statusFromError(id, err)
+		}
+
+		r.setReaderAt(rd)
+
+	default:
+		return statusFromError(id, errors.New("bad file flags"))
+	}
+
+	return &sshFxpHandlePacket{
+		ID:     id,
+		Handle: r.handle,
+	}
+}
+
+func (r *Request) opendir(h Handlers, pkt requestPacket) responsePacket {
+	r.Method = "List"
+	la, err := h.FileList.Filelist(r)
+	if err != nil {
+		return statusFromError(pkt.id(), wrapPathError(r.Filepath, err))
+	}
+
+	r.setListerAt(la)
+
+	return &sshFxpHandlePacket{
+		ID:     pkt.id(),
+		Handle: r.handle,
+	}
+}
+
+// wrap FileReader handler
+func fileget(h FileReader, r *Request, pkt requestPacket, alloc *allocator, orderID uint32) responsePacket {
+	rd := r.getReaderAt()
+	if rd == nil {
+		return statusFromError(pkt.id(), errors.New("unexpected read packet"))
+	}
+
+	data, offset, _ := packetData(pkt, alloc, orderID)
+
+	n, err := rd.ReadAt(data, offset)
+	// only return EOF error if no data left to read
+	if err != nil && (err != io.EOF || n == 0) {
+		return statusFromError(pkt.id(), err)
+	}
+
+	return &sshFxpDataPacket{
+		ID:     pkt.id(),
+		Length: uint32(n),
+		Data:   data[:n],
+	}
+}
+
+// wrap FileWriter handler
+func fileput(h FileWriter, r *Request, pkt requestPacket, alloc *allocator, orderID uint32) responsePacket {
+	wr := r.getWriterAt()
+	if wr == nil {
+		return statusFromError(pkt.id(), errors.New("unexpected write packet"))
+	}
+
+	data, offset, _ := packetData(pkt, alloc, orderID)
+
+	_, err := wr.WriteAt(data, offset)
+	return statusFromError(pkt.id(), err)
+}
+
+// wrap OpenFileWriter handler
+func fileputget(h FileWriter, r *Request, pkt requestPacket, alloc *allocator, orderID uint32) responsePacket {
+	rw := r.getWriterAtReaderAt()
+	if rw == nil {
+		return statusFromError(pkt.id(), errors.New("unexpected write and read packet"))
+	}
+
+	switch p := pkt.(type) {
+	case *sshFxpReadPacket:
+		data, offset := p.getDataSlice(alloc, orderID), int64(p.Offset)
+
+		n, err := rw.ReadAt(data, offset)
+		// only return EOF error if no data left to read
+		if err != nil && (err != io.EOF || n == 0) {
+			return statusFromError(pkt.id(), err)
+		}
+
+		return &sshFxpDataPacket{
+			ID:     pkt.id(),
+			Length: uint32(n),
+			Data:   data[:n],
+		}
+
+	case *sshFxpWritePacket:
+		data, offset := p.Data, int64(p.Offset)
+
+		_, err := rw.WriteAt(data, offset)
+		return statusFromError(pkt.id(), err)
+
+	default:
+		return statusFromError(pkt.id(), errors.New("unexpected packet type for read or write"))
+	}
+}
+
+// file data for additional read/write packets
+func packetData(p requestPacket, alloc *allocator, orderID uint32) (data []byte, offset int64, length uint32) {
+	switch p := p.(type) {
+	case *sshFxpReadPacket:
+		return p.getDataSlice(alloc, orderID), int64(p.Offset), p.Len
+	case *sshFxpWritePacket:
+		return p.Data, int64(p.Offset), p.Length
+	}
+	return
+}
+
+// wrap FileCmder handler
+func filecmd(h FileCmder, r *Request, pkt requestPacket) responsePacket {
+	switch p := pkt.(type) {
+	case *sshFxpFsetstatPacket:
+		r.Flags = p.Flags
+		r.Attrs = p.Attrs.([]byte)
+	}
+
+	switch r.Method {
+	case "PosixRename":
+		if posixRenamer, ok := h.(PosixRenameFileCmder); ok {
+			err := posixRenamer.PosixRename(r)
+			return statusFromError(pkt.id(), err)
+		}
+
+		// PosixRenameFileCmder not implemented handle this request as a Rename
+		r.Method = "Rename"
+		err := h.Filecmd(r)
+		return statusFromError(pkt.id(), err)
+
+	case "StatVFS":
+		if statVFSCmdr, ok := h.(StatVFSFileCmder); ok {
+			stat, err := statVFSCmdr.StatVFS(r)
+			if err != nil {
+				return statusFromError(pkt.id(), err)
+			}
+			stat.ID = pkt.id()
+			return stat
+		}
+
+		return statusFromError(pkt.id(), ErrSSHFxOpUnsupported)
+	}
+
+	err := h.Filecmd(r)
+	return statusFromError(pkt.id(), err)
+}
+
+// wrap FileLister handler
+func filelist(h FileLister, r *Request, pkt requestPacket) responsePacket {
+	lister := r.getListerAt()
+	if lister == nil {
+		return statusFromError(pkt.id(), errors.New("unexpected dir packet"))
+	}
+
+	offset := r.lsNext()
+	finfo := make([]os.FileInfo, MaxFilelist)
+	n, err := lister.ListAt(finfo, offset)
+	r.lsInc(int64(n))
+	// ignore EOF as we only return it when there are no results
+	finfo = finfo[:n] // avoid need for nil tests below
+
+	switch r.Method {
+	case "List":
+		if err != nil && (err != io.EOF || n == 0) {
+			return statusFromError(pkt.id(), err)
+		}
+
+		nameAttrs := make([]*sshFxpNameAttr, 0, len(finfo))
+
+		// If the type conversion fails, we get untyped `nil`,
+		// which is handled by not looking up any names.
+		idLookup, _ := h.(NameLookupFileLister)
+
+		for _, fi := range finfo {
+			nameAttrs = append(nameAttrs, &sshFxpNameAttr{
+				Name:     fi.Name(),
+				LongName: runLs(idLookup, fi),
+				Attrs:    []interface{}{fi},
+			})
+		}
+
+		return &sshFxpNamePacket{
+			ID:        pkt.id(),
+			NameAttrs: nameAttrs,
+		}
+
+	default:
+		err = fmt.Errorf("unexpected method: %s", r.Method)
+		return statusFromError(pkt.id(), err)
+	}
+}
+
+func filestat(h FileLister, r *Request, pkt requestPacket) responsePacket {
+	var lister ListerAt
+	var err error
+
+	if r.Method == "Lstat" {
+		if lstatFileLister, ok := h.(LstatFileLister); ok {
+			lister, err = lstatFileLister.Lstat(r)
+		} else {
+			// LstatFileLister not implemented handle this request as a Stat
+			r.Method = "Stat"
+			lister, err = h.Filelist(r)
+		}
+	} else {
+		lister, err = h.Filelist(r)
+	}
+	if err != nil {
+		return statusFromError(pkt.id(), err)
+	}
+	finfo := make([]os.FileInfo, 1)
+	n, err := lister.ListAt(finfo, 0)
+	finfo = finfo[:n] // avoid need for nil tests below
+
+	switch r.Method {
+	case "Stat", "Lstat":
+		if err != nil && err != io.EOF {
+			return statusFromError(pkt.id(), err)
+		}
+		if n == 0 {
+			err = &os.PathError{
+				Op:   strings.ToLower(r.Method),
+				Path: r.Filepath,
+				Err:  syscall.ENOENT,
+			}
+			return statusFromError(pkt.id(), err)
+		}
+		return &sshFxpStatResponse{
+			ID:   pkt.id(),
+			info: finfo[0],
+		}
+	case "Readlink":
+		if err != nil && err != io.EOF {
+			return statusFromError(pkt.id(), err)
+		}
+		if n == 0 {
+			err = &os.PathError{
+				Op:   "readlink",
+				Path: r.Filepath,
+				Err:  syscall.ENOENT,
+			}
+			return statusFromError(pkt.id(), err)
+		}
+		filename := finfo[0].Name()
+		return &sshFxpNamePacket{
+			ID: pkt.id(),
+			NameAttrs: []*sshFxpNameAttr{
+				{
+					Name:     filename,
+					LongName: filename,
+					Attrs:    emptyFileStat,
+				},
+			},
+		}
+	default:
+		err = fmt.Errorf("unexpected method: %s", r.Method)
+		return statusFromError(pkt.id(), err)
+	}
+}
+
+// init attributes of request object from packet data
+func requestMethod(p requestPacket) (method string) {
+	switch p.(type) {
+	case *sshFxpReadPacket, *sshFxpWritePacket, *sshFxpOpenPacket:
+		// set in open() above
+	case *sshFxpOpendirPacket, *sshFxpReaddirPacket:
+		// set in opendir() above
+	case *sshFxpSetstatPacket, *sshFxpFsetstatPacket:
+		method = "Setstat"
+	case *sshFxpRenamePacket:
+		method = "Rename"
+	case *sshFxpSymlinkPacket:
+		method = "Symlink"
+	case *sshFxpRemovePacket:
+		method = "Remove"
+	case *sshFxpStatPacket, *sshFxpFstatPacket:
+		method = "Stat"
+	case *sshFxpLstatPacket:
+		method = "Lstat"
+	case *sshFxpRmdirPacket:
+		method = "Rmdir"
+	case *sshFxpReadlinkPacket:
+		method = "Readlink"
+	case *sshFxpMkdirPacket:
+		method = "Mkdir"
+	case *sshFxpExtendedPacketHardlink:
+		method = "Link"
+	}
+	return method
+}
diff --git a/vendor/github.com/pkg/sftp/request_windows.go b/vendor/github.com/pkg/sftp/request_windows.go
new file mode 100644
index 000000000..1f6d3df17
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/request_windows.go
@@ -0,0 +1,44 @@
+package sftp
+
+import (
+	"path"
+	"path/filepath"
+	"syscall"
+)
+
+func fakeFileInfoSys() interface{} {
+	return syscall.Win32FileAttributeData{}
+}
+
+func testOsSys(sys interface{}) error {
+	return nil
+}
+
+func toLocalPath(p string) string {
+	lp := filepath.FromSlash(p)
+
+	if path.IsAbs(p) {
+		tmp := lp
+		for len(tmp) > 0 && tmp[0] == '\\' {
+			tmp = tmp[1:]
+		}
+
+		if filepath.IsAbs(tmp) {
+			// If the FromSlash without any starting slashes is absolute,
+			// then we have a filepath encoded with a prefix '/'.
+			// e.g. "/C:/Windows" to "C:\\Windows"
+			return tmp
+		}
+
+		tmp += "\\"
+
+		if filepath.IsAbs(tmp) {
+			// If the FromSlash without any starting slashes but with extra end slash is absolute,
+			// then we have a filepath encoded with a prefix '/' and a dropped '/' at the end.
+			// e.g. "/C:" to "C:\\"
+			return tmp
+		}
+	}
+
+	return lp
+}
diff --git a/vendor/github.com/pkg/sftp/server.go b/vendor/github.com/pkg/sftp/server.go
new file mode 100644
index 000000000..529052b44
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/server.go
@@ -0,0 +1,616 @@
+package sftp
+
+// sftp server counterpart
+
+import (
+	"encoding"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strconv"
+	"sync"
+	"syscall"
+	"time"
+)
+
+const (
+	// SftpServerWorkerCount defines the number of workers for the SFTP server
+	SftpServerWorkerCount = 8
+)
+
+// Server is an SSH File Transfer Protocol (sftp) server.
+// This is intended to provide the sftp subsystem to an ssh server daemon.
+// This implementation currently supports most of sftp server protocol version 3,
+// as specified at http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
+type Server struct {
+	*serverConn
+	debugStream   io.Writer
+	readOnly      bool
+	pktMgr        *packetManager
+	openFiles     map[string]*os.File
+	openFilesLock sync.RWMutex
+	handleCount   int
+}
+
+func (svr *Server) nextHandle(f *os.File) string {
+	svr.openFilesLock.Lock()
+	defer svr.openFilesLock.Unlock()
+	svr.handleCount++
+	handle := strconv.Itoa(svr.handleCount)
+	svr.openFiles[handle] = f
+	return handle
+}
+
+func (svr *Server) closeHandle(handle string) error {
+	svr.openFilesLock.Lock()
+	defer svr.openFilesLock.Unlock()
+	if f, ok := svr.openFiles[handle]; ok {
+		delete(svr.openFiles, handle)
+		return f.Close()
+	}
+
+	return EBADF
+}
+
+func (svr *Server) getHandle(handle string) (*os.File, bool) {
+	svr.openFilesLock.RLock()
+	defer svr.openFilesLock.RUnlock()
+	f, ok := svr.openFiles[handle]
+	return f, ok
+}
+
+type serverRespondablePacket interface {
+	encoding.BinaryUnmarshaler
+	id() uint32
+	respond(svr *Server) responsePacket
+}
+
+// NewServer creates a new Server instance around the provided streams, serving
+// content from the root of the filesystem.  Optionally, ServerOption
+// functions may be specified to further configure the Server.
+//
+// A subsequent call to Serve() is required to begin serving files over SFTP.
+func NewServer(rwc io.ReadWriteCloser, options ...ServerOption) (*Server, error) {
+	svrConn := &serverConn{
+		conn: conn{
+			Reader:      rwc,
+			WriteCloser: rwc,
+		},
+	}
+	s := &Server{
+		serverConn:  svrConn,
+		debugStream: ioutil.Discard,
+		pktMgr:      newPktMgr(svrConn),
+		openFiles:   make(map[string]*os.File),
+	}
+
+	for _, o := range options {
+		if err := o(s); err != nil {
+			return nil, err
+		}
+	}
+
+	return s, nil
+}
+
+// A ServerOption is a function which applies configuration to a Server.
+type ServerOption func(*Server) error
+
+// WithDebug enables Server debugging output to the supplied io.Writer.
+func WithDebug(w io.Writer) ServerOption {
+	return func(s *Server) error {
+		s.debugStream = w
+		return nil
+	}
+}
+
+// ReadOnly configures a Server to serve files in read-only mode.
+func ReadOnly() ServerOption {
+	return func(s *Server) error {
+		s.readOnly = true
+		return nil
+	}
+}
+
+// WithAllocator enable the allocator.
+// After processing a packet we keep in memory the allocated slices
+// and we reuse them for new packets.
+// The allocator is experimental
+func WithAllocator() ServerOption {
+	return func(s *Server) error {
+		alloc := newAllocator()
+		s.pktMgr.alloc = alloc
+		s.conn.alloc = alloc
+		return nil
+	}
+}
+
+type rxPacket struct {
+	pktType  fxp
+	pktBytes []byte
+}
+
+// Up to N parallel servers
+func (svr *Server) sftpServerWorker(pktChan chan orderedRequest) error {
+	for pkt := range pktChan {
+		// readonly checks
+		readonly := true
+		switch pkt := pkt.requestPacket.(type) {
+		case notReadOnly:
+			readonly = false
+		case *sshFxpOpenPacket:
+			readonly = pkt.readonly()
+		case *sshFxpExtendedPacket:
+			readonly = pkt.readonly()
+		}
+
+		// If server is operating read-only and a write operation is requested,
+		// return permission denied
+		if !readonly && svr.readOnly {
+			svr.pktMgr.readyPacket(
+				svr.pktMgr.newOrderedResponse(statusFromError(pkt.id(), syscall.EPERM), pkt.orderID()),
+			)
+			continue
+		}
+
+		if err := handlePacket(svr, pkt); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func handlePacket(s *Server, p orderedRequest) error {
+	var rpkt responsePacket
+	orderID := p.orderID()
+	switch p := p.requestPacket.(type) {
+	case *sshFxInitPacket:
+		rpkt = &sshFxVersionPacket{
+			Version:    sftpProtocolVersion,
+			Extensions: sftpExtensions,
+		}
+	case *sshFxpStatPacket:
+		// stat the requested file
+		info, err := os.Stat(toLocalPath(p.Path))
+		rpkt = &sshFxpStatResponse{
+			ID:   p.ID,
+			info: info,
+		}
+		if err != nil {
+			rpkt = statusFromError(p.ID, err)
+		}
+	case *sshFxpLstatPacket:
+		// stat the requested file
+		info, err := os.Lstat(toLocalPath(p.Path))
+		rpkt = &sshFxpStatResponse{
+			ID:   p.ID,
+			info: info,
+		}
+		if err != nil {
+			rpkt = statusFromError(p.ID, err)
+		}
+	case *sshFxpFstatPacket:
+		f, ok := s.getHandle(p.Handle)
+		var err error = EBADF
+		var info os.FileInfo
+		if ok {
+			info, err = f.Stat()
+			rpkt = &sshFxpStatResponse{
+				ID:   p.ID,
+				info: info,
+			}
+		}
+		if err != nil {
+			rpkt = statusFromError(p.ID, err)
+		}
+	case *sshFxpMkdirPacket:
+		// TODO FIXME: ignore flags field
+		err := os.Mkdir(toLocalPath(p.Path), 0755)
+		rpkt = statusFromError(p.ID, err)
+	case *sshFxpRmdirPacket:
+		err := os.Remove(toLocalPath(p.Path))
+		rpkt = statusFromError(p.ID, err)
+	case *sshFxpRemovePacket:
+		err := os.Remove(toLocalPath(p.Filename))
+		rpkt = statusFromError(p.ID, err)
+	case *sshFxpRenamePacket:
+		err := os.Rename(toLocalPath(p.Oldpath), toLocalPath(p.Newpath))
+		rpkt = statusFromError(p.ID, err)
+	case *sshFxpSymlinkPacket:
+		err := os.Symlink(toLocalPath(p.Targetpath), toLocalPath(p.Linkpath))
+		rpkt = statusFromError(p.ID, err)
+	case *sshFxpClosePacket:
+		rpkt = statusFromError(p.ID, s.closeHandle(p.Handle))
+	case *sshFxpReadlinkPacket:
+		f, err := os.Readlink(toLocalPath(p.Path))
+		rpkt = &sshFxpNamePacket{
+			ID: p.ID,
+			NameAttrs: []*sshFxpNameAttr{
+				{
+					Name:     f,
+					LongName: f,
+					Attrs:    emptyFileStat,
+				},
+			},
+		}
+		if err != nil {
+			rpkt = statusFromError(p.ID, err)
+		}
+	case *sshFxpRealpathPacket:
+		f, err := filepath.Abs(toLocalPath(p.Path))
+		f = cleanPath(f)
+		rpkt = &sshFxpNamePacket{
+			ID: p.ID,
+			NameAttrs: []*sshFxpNameAttr{
+				{
+					Name:     f,
+					LongName: f,
+					Attrs:    emptyFileStat,
+				},
+			},
+		}
+		if err != nil {
+			rpkt = statusFromError(p.ID, err)
+		}
+	case *sshFxpOpendirPacket:
+		p.Path = toLocalPath(p.Path)
+
+		if stat, err := os.Stat(p.Path); err != nil {
+			rpkt = statusFromError(p.ID, err)
+		} else if !stat.IsDir() {
+			rpkt = statusFromError(p.ID, &os.PathError{
+				Path: p.Path, Err: syscall.ENOTDIR})
+		} else {
+			rpkt = (&sshFxpOpenPacket{
+				ID:     p.ID,
+				Path:   p.Path,
+				Pflags: sshFxfRead,
+			}).respond(s)
+		}
+	case *sshFxpReadPacket:
+		var err error = EBADF
+		f, ok := s.getHandle(p.Handle)
+		if ok {
+			err = nil
+			data := p.getDataSlice(s.pktMgr.alloc, orderID)
+			n, _err := f.ReadAt(data, int64(p.Offset))
+			if _err != nil && (_err != io.EOF || n == 0) {
+				err = _err
+			}
+			rpkt = &sshFxpDataPacket{
+				ID:     p.ID,
+				Length: uint32(n),
+				Data:   data[:n],
+				// do not use data[:n:n] here to clamp the capacity, we allocated extra capacity above to avoid reallocations
+			}
+		}
+		if err != nil {
+			rpkt = statusFromError(p.ID, err)
+		}
+
+	case *sshFxpWritePacket:
+		f, ok := s.getHandle(p.Handle)
+		var err error = EBADF
+		if ok {
+			_, err = f.WriteAt(p.Data, int64(p.Offset))
+		}
+		rpkt = statusFromError(p.ID, err)
+	case *sshFxpExtendedPacket:
+		if p.SpecificPacket == nil {
+			rpkt = statusFromError(p.ID, ErrSSHFxOpUnsupported)
+		} else {
+			rpkt = p.respond(s)
+		}
+	case serverRespondablePacket:
+		rpkt = p.respond(s)
+	default:
+		return fmt.Errorf("unexpected packet type %T", p)
+	}
+
+	s.pktMgr.readyPacket(s.pktMgr.newOrderedResponse(rpkt, orderID))
+	return nil
+}
+
+// Serve serves SFTP connections until the streams stop or the SFTP subsystem
+// is stopped.
+func (svr *Server) Serve() error {
+	defer func() {
+		if svr.pktMgr.alloc != nil {
+			svr.pktMgr.alloc.Free()
+		}
+	}()
+	var wg sync.WaitGroup
+	runWorker := func(ch chan orderedRequest) {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := svr.sftpServerWorker(ch); err != nil {
+				svr.conn.Close() // shuts down recvPacket
+			}
+		}()
+	}
+	pktChan := svr.pktMgr.workerChan(runWorker)
+
+	var err error
+	var pkt requestPacket
+	var pktType uint8
+	var pktBytes []byte
+	for {
+		pktType, pktBytes, err = svr.serverConn.recvPacket(svr.pktMgr.getNextOrderID())
+		if err != nil {
+			// we don't care about releasing allocated pages here, the server will quit and the allocator freed
+			break
+		}
+
+		pkt, err = makePacket(rxPacket{fxp(pktType), pktBytes})
+		if err != nil {
+			switch {
+			case errors.Is(err, errUnknownExtendedPacket):
+				//if err := svr.serverConn.sendError(pkt, ErrSshFxOpUnsupported); err != nil {
+				//	debug("failed to send err packet: %v", err)
+				//	svr.conn.Close() // shuts down recvPacket
+				//	break
+				//}
+			default:
+				debug("makePacket err: %v", err)
+				svr.conn.Close() // shuts down recvPacket
+				break
+			}
+		}
+
+		pktChan <- svr.pktMgr.newOrderedRequest(pkt)
+	}
+
+	close(pktChan) // shuts down sftpServerWorkers
+	wg.Wait()      // wait for all workers to exit
+
+	// close any still-open files
+	for handle, file := range svr.openFiles {
+		fmt.Fprintf(svr.debugStream, "sftp server file with handle %q left open: %v\n", handle, file.Name())
+		file.Close()
+	}
+	return err // error from recvPacket
+}
+
+type ider interface {
+	id() uint32
+}
+
+// The init packet has no ID, so we just return a zero-value ID
+func (p *sshFxInitPacket) id() uint32 { return 0 }
+
+type sshFxpStatResponse struct {
+	ID   uint32
+	info os.FileInfo
+}
+
+func (p *sshFxpStatResponse) marshalPacket() ([]byte, []byte, error) {
+	l := 4 + 1 + 4 // uint32(length) + byte(type) + uint32(id)
+
+	b := make([]byte, 4, l)
+	b = append(b, sshFxpAttrs)
+	b = marshalUint32(b, p.ID)
+
+	var payload []byte
+	payload = marshalFileInfo(payload, p.info)
+
+	return b, payload, nil
+}
+
+func (p *sshFxpStatResponse) MarshalBinary() ([]byte, error) {
+	header, payload, err := p.marshalPacket()
+	return append(header, payload...), err
+}
+
+var emptyFileStat = []interface{}{uint32(0)}
+
+func (p *sshFxpOpenPacket) readonly() bool {
+	return !p.hasPflags(sshFxfWrite)
+}
+
+func (p *sshFxpOpenPacket) hasPflags(flags ...uint32) bool {
+	for _, f := range flags {
+		if p.Pflags&f == 0 {
+			return false
+		}
+	}
+	return true
+}
+
+func (p *sshFxpOpenPacket) respond(svr *Server) responsePacket {
+	var osFlags int
+	if p.hasPflags(sshFxfRead, sshFxfWrite) {
+		osFlags |= os.O_RDWR
+	} else if p.hasPflags(sshFxfWrite) {
+		osFlags |= os.O_WRONLY
+	} else if p.hasPflags(sshFxfRead) {
+		osFlags |= os.O_RDONLY
+	} else {
+		// how are they opening?
+		return statusFromError(p.ID, syscall.EINVAL)
+	}
+
+	// Don't use O_APPEND flag as it conflicts with WriteAt.
+	// The sshFxfAppend flag is a no-op here as the client sends the offsets.
+
+	if p.hasPflags(sshFxfCreat) {
+		osFlags |= os.O_CREATE
+	}
+	if p.hasPflags(sshFxfTrunc) {
+		osFlags |= os.O_TRUNC
+	}
+	if p.hasPflags(sshFxfExcl) {
+		osFlags |= os.O_EXCL
+	}
+
+	f, err := os.OpenFile(toLocalPath(p.Path), osFlags, 0644)
+	if err != nil {
+		return statusFromError(p.ID, err)
+	}
+
+	handle := svr.nextHandle(f)
+	return &sshFxpHandlePacket{ID: p.ID, Handle: handle}
+}
+
+func (p *sshFxpReaddirPacket) respond(svr *Server) responsePacket {
+	f, ok := svr.getHandle(p.Handle)
+	if !ok {
+		return statusFromError(p.ID, EBADF)
+	}
+
+	dirents, err := f.Readdir(128)
+	if err != nil {
+		return statusFromError(p.ID, err)
+	}
+
+	idLookup := osIDLookup{}
+
+	ret := &sshFxpNamePacket{ID: p.ID}
+	for _, dirent := range dirents {
+		ret.NameAttrs = append(ret.NameAttrs, &sshFxpNameAttr{
+			Name:     dirent.Name(),
+			LongName: runLs(idLookup, dirent),
+			Attrs:    []interface{}{dirent},
+		})
+	}
+	return ret
+}
+
+func (p *sshFxpSetstatPacket) respond(svr *Server) responsePacket {
+	// additional unmarshalling is required for each possibility here
+	b := p.Attrs.([]byte)
+	var err error
+
+	p.Path = toLocalPath(p.Path)
+
+	debug("setstat name \"%s\"", p.Path)
+	if (p.Flags & sshFileXferAttrSize) != 0 {
+		var size uint64
+		if size, b, err = unmarshalUint64Safe(b); err == nil {
+			err = os.Truncate(p.Path, int64(size))
+		}
+	}
+	if (p.Flags & sshFileXferAttrPermissions) != 0 {
+		var mode uint32
+		if mode, b, err = unmarshalUint32Safe(b); err == nil {
+			err = os.Chmod(p.Path, os.FileMode(mode))
+		}
+	}
+	if (p.Flags & sshFileXferAttrACmodTime) != 0 {
+		var atime uint32
+		var mtime uint32
+		if atime, b, err = unmarshalUint32Safe(b); err != nil {
+		} else if mtime, b, err = unmarshalUint32Safe(b); err != nil {
+		} else {
+			atimeT := time.Unix(int64(atime), 0)
+			mtimeT := time.Unix(int64(mtime), 0)
+			err = os.Chtimes(p.Path, atimeT, mtimeT)
+		}
+	}
+	if (p.Flags & sshFileXferAttrUIDGID) != 0 {
+		var uid uint32
+		var gid uint32
+		if uid, b, err = unmarshalUint32Safe(b); err != nil {
+		} else if gid, _, err = unmarshalUint32Safe(b); err != nil {
+		} else {
+			err = os.Chown(p.Path, int(uid), int(gid))
+		}
+	}
+
+	return statusFromError(p.ID, err)
+}
+
+func (p *sshFxpFsetstatPacket) respond(svr *Server) responsePacket {
+	f, ok := svr.getHandle(p.Handle)
+	if !ok {
+		return statusFromError(p.ID, EBADF)
+	}
+
+	// additional unmarshalling is required for each possibility here
+	b := p.Attrs.([]byte)
+	var err error
+
+	debug("fsetstat name \"%s\"", f.Name())
+	if (p.Flags & sshFileXferAttrSize) != 0 {
+		var size uint64
+		if size, b, err = unmarshalUint64Safe(b); err == nil {
+			err = f.Truncate(int64(size))
+		}
+	}
+	if (p.Flags & sshFileXferAttrPermissions) != 0 {
+		var mode uint32
+		if mode, b, err = unmarshalUint32Safe(b); err == nil {
+			err = f.Chmod(os.FileMode(mode))
+		}
+	}
+	if (p.Flags & sshFileXferAttrACmodTime) != 0 {
+		var atime uint32
+		var mtime uint32
+		if atime, b, err = unmarshalUint32Safe(b); err != nil {
+		} else if mtime, b, err = unmarshalUint32Safe(b); err != nil {
+		} else {
+			atimeT := time.Unix(int64(atime), 0)
+			mtimeT := time.Unix(int64(mtime), 0)
+			err = os.Chtimes(f.Name(), atimeT, mtimeT)
+		}
+	}
+	if (p.Flags & sshFileXferAttrUIDGID) != 0 {
+		var uid uint32
+		var gid uint32
+		if uid, b, err = unmarshalUint32Safe(b); err != nil {
+		} else if gid, _, err = unmarshalUint32Safe(b); err != nil {
+		} else {
+			err = f.Chown(int(uid), int(gid))
+		}
+	}
+
+	return statusFromError(p.ID, err)
+}
+
+func statusFromError(id uint32, err error) *sshFxpStatusPacket {
+	ret := &sshFxpStatusPacket{
+		ID: id,
+		StatusError: StatusError{
+			// sshFXOk               = 0
+			// sshFXEOF              = 1
+			// sshFXNoSuchFile       = 2 ENOENT
+			// sshFXPermissionDenied = 3
+			// sshFXFailure          = 4
+			// sshFXBadMessage       = 5
+			// sshFXNoConnection     = 6
+			// sshFXConnectionLost   = 7
+			// sshFXOPUnsupported    = 8
+			Code: sshFxOk,
+		},
+	}
+	if err == nil {
+		return ret
+	}
+
+	debug("statusFromError: error is %T %#v", err, err)
+	ret.StatusError.Code = sshFxFailure
+	ret.StatusError.msg = err.Error()
+
+	if os.IsNotExist(err) {
+		ret.StatusError.Code = sshFxNoSuchFile
+		return ret
+	}
+	if code, ok := translateSyscallError(err); ok {
+		ret.StatusError.Code = code
+		return ret
+	}
+
+	switch e := err.(type) {
+	case fxerr:
+		ret.StatusError.Code = uint32(e)
+	default:
+		if e == io.EOF {
+			ret.StatusError.Code = sshFxEOF
+		}
+	}
+
+	return ret
+}
diff --git a/vendor/github.com/pkg/sftp/server_statvfs_darwin.go b/vendor/github.com/pkg/sftp/server_statvfs_darwin.go
new file mode 100644
index 000000000..8c01dac52
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/server_statvfs_darwin.go
@@ -0,0 +1,21 @@
+package sftp
+
+import (
+	"syscall"
+)
+
+func statvfsFromStatfst(stat *syscall.Statfs_t) (*StatVFS, error) {
+	return &StatVFS{
+		Bsize:   uint64(stat.Bsize),
+		Frsize:  uint64(stat.Bsize), // fragment size is a linux thing; use block size here
+		Blocks:  stat.Blocks,
+		Bfree:   stat.Bfree,
+		Bavail:  stat.Bavail,
+		Files:   stat.Files,
+		Ffree:   stat.Ffree,
+		Favail:  stat.Ffree,                                                      // not sure how to calculate Favail
+		Fsid:    uint64(uint64(stat.Fsid.Val[1])<<32 | uint64(stat.Fsid.Val[0])), // endianness?
+		Flag:    uint64(stat.Flags),                                              // assuming POSIX?
+		Namemax: 1024,                                                            // man 2 statfs shows: #define MAXPATHLEN      1024
+	}, nil
+}
diff --git a/vendor/github.com/pkg/sftp/server_statvfs_impl.go b/vendor/github.com/pkg/sftp/server_statvfs_impl.go
new file mode 100644
index 000000000..94b6d832c
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/server_statvfs_impl.go
@@ -0,0 +1,29 @@
+// +build darwin linux
+
+// fill in statvfs structure with OS specific values
+// Statfs_t is different per-kernel, and only exists on some unixes (not Solaris for instance)
+
+package sftp
+
+import (
+	"syscall"
+)
+
+func (p *sshFxpExtendedPacketStatVFS) respond(svr *Server) responsePacket {
+	retPkt, err := getStatVFSForPath(p.Path)
+	if err != nil {
+		return statusFromError(p.ID, err)
+	}
+	retPkt.ID = p.ID
+
+	return retPkt
+}
+
+func getStatVFSForPath(name string) (*StatVFS, error) {
+	var stat syscall.Statfs_t
+	if err := syscall.Statfs(name, &stat); err != nil {
+		return nil, err
+	}
+
+	return statvfsFromStatfst(&stat)
+}
diff --git a/vendor/github.com/pkg/sftp/server_statvfs_linux.go b/vendor/github.com/pkg/sftp/server_statvfs_linux.go
new file mode 100644
index 000000000..1d180d47c
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/server_statvfs_linux.go
@@ -0,0 +1,22 @@
+// +build linux
+
+package sftp
+
+import (
+	"syscall"
+)
+
+func statvfsFromStatfst(stat *syscall.Statfs_t) (*StatVFS, error) {
+	return &StatVFS{
+		Bsize:   uint64(stat.Bsize),
+		Frsize:  uint64(stat.Frsize),
+		Blocks:  stat.Blocks,
+		Bfree:   stat.Bfree,
+		Bavail:  stat.Bavail,
+		Files:   stat.Files,
+		Ffree:   stat.Ffree,
+		Favail:  stat.Ffree,         // not sure how to calculate Favail
+		Flag:    uint64(stat.Flags), // assuming POSIX?
+		Namemax: uint64(stat.Namelen),
+	}, nil
+}
diff --git a/vendor/github.com/pkg/sftp/server_statvfs_plan9.go b/vendor/github.com/pkg/sftp/server_statvfs_plan9.go
new file mode 100644
index 000000000..e71a27d37
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/server_statvfs_plan9.go
@@ -0,0 +1,13 @@
+package sftp
+
+import (
+	"syscall"
+)
+
+func (p *sshFxpExtendedPacketStatVFS) respond(svr *Server) responsePacket {
+	return statusFromError(p.ID, syscall.EPLAN9)
+}
+
+func getStatVFSForPath(name string) (*StatVFS, error) {
+	return nil, syscall.EPLAN9
+}
diff --git a/vendor/github.com/pkg/sftp/server_statvfs_stubs.go b/vendor/github.com/pkg/sftp/server_statvfs_stubs.go
new file mode 100644
index 000000000..fbf49068f
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/server_statvfs_stubs.go
@@ -0,0 +1,15 @@
+// +build !darwin,!linux,!plan9
+
+package sftp
+
+import (
+	"syscall"
+)
+
+func (p *sshFxpExtendedPacketStatVFS) respond(svr *Server) responsePacket {
+	return statusFromError(p.ID, syscall.ENOTSUP)
+}
+
+func getStatVFSForPath(name string) (*StatVFS, error) {
+	return nil, syscall.ENOTSUP
+}
diff --git a/vendor/github.com/pkg/sftp/sftp.go b/vendor/github.com/pkg/sftp/sftp.go
new file mode 100644
index 000000000..9a63c39dc
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/sftp.go
@@ -0,0 +1,258 @@
+// Package sftp implements the SSH File Transfer Protocol as described in
+// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
+package sftp
+
+import (
+	"fmt"
+)
+
+const (
+	sshFxpInit          = 1
+	sshFxpVersion       = 2
+	sshFxpOpen          = 3
+	sshFxpClose         = 4
+	sshFxpRead          = 5
+	sshFxpWrite         = 6
+	sshFxpLstat         = 7
+	sshFxpFstat         = 8
+	sshFxpSetstat       = 9
+	sshFxpFsetstat      = 10
+	sshFxpOpendir       = 11
+	sshFxpReaddir       = 12
+	sshFxpRemove        = 13
+	sshFxpMkdir         = 14
+	sshFxpRmdir         = 15
+	sshFxpRealpath      = 16
+	sshFxpStat          = 17
+	sshFxpRename        = 18
+	sshFxpReadlink      = 19
+	sshFxpSymlink       = 20
+	sshFxpStatus        = 101
+	sshFxpHandle        = 102
+	sshFxpData          = 103
+	sshFxpName          = 104
+	sshFxpAttrs         = 105
+	sshFxpExtended      = 200
+	sshFxpExtendedReply = 201
+)
+
+const (
+	sshFxOk               = 0
+	sshFxEOF              = 1
+	sshFxNoSuchFile       = 2
+	sshFxPermissionDenied = 3
+	sshFxFailure          = 4
+	sshFxBadMessage       = 5
+	sshFxNoConnection     = 6
+	sshFxConnectionLost   = 7
+	sshFxOPUnsupported    = 8
+
+	// see draft-ietf-secsh-filexfer-13
+	// https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-9.1
+	sshFxInvalidHandle           = 9
+	sshFxNoSuchPath              = 10
+	sshFxFileAlreadyExists       = 11
+	sshFxWriteProtect            = 12
+	sshFxNoMedia                 = 13
+	sshFxNoSpaceOnFilesystem     = 14
+	sshFxQuotaExceeded           = 15
+	sshFxUnknownPrincipal        = 16
+	sshFxLockConflict            = 17
+	sshFxDirNotEmpty             = 18
+	sshFxNotADirectory           = 19
+	sshFxInvalidFilename         = 20
+	sshFxLinkLoop                = 21
+	sshFxCannotDelete            = 22
+	sshFxInvalidParameter        = 23
+	sshFxFileIsADirectory        = 24
+	sshFxByteRangeLockConflict   = 25
+	sshFxByteRangeLockRefused    = 26
+	sshFxDeletePending           = 27
+	sshFxFileCorrupt             = 28
+	sshFxOwnerInvalid            = 29
+	sshFxGroupInvalid            = 30
+	sshFxNoMatchingByteRangeLock = 31
+)
+
+const (
+	sshFxfRead   = 0x00000001
+	sshFxfWrite  = 0x00000002
+	sshFxfAppend = 0x00000004
+	sshFxfCreat  = 0x00000008
+	sshFxfTrunc  = 0x00000010
+	sshFxfExcl   = 0x00000020
+)
+
+var (
+	// supportedSFTPExtensions defines the supported extensions
+	supportedSFTPExtensions = []sshExtensionPair{
+		{"hardlink@openssh.com", "1"},
+		{"posix-rename@openssh.com", "1"},
+		{"statvfs@openssh.com", "2"},
+	}
+	sftpExtensions = supportedSFTPExtensions
+)
+
+type fxp uint8
+
+func (f fxp) String() string {
+	switch f {
+	case sshFxpInit:
+		return "SSH_FXP_INIT"
+	case sshFxpVersion:
+		return "SSH_FXP_VERSION"
+	case sshFxpOpen:
+		return "SSH_FXP_OPEN"
+	case sshFxpClose:
+		return "SSH_FXP_CLOSE"
+	case sshFxpRead:
+		return "SSH_FXP_READ"
+	case sshFxpWrite:
+		return "SSH_FXP_WRITE"
+	case sshFxpLstat:
+		return "SSH_FXP_LSTAT"
+	case sshFxpFstat:
+		return "SSH_FXP_FSTAT"
+	case sshFxpSetstat:
+		return "SSH_FXP_SETSTAT"
+	case sshFxpFsetstat:
+		return "SSH_FXP_FSETSTAT"
+	case sshFxpOpendir:
+		return "SSH_FXP_OPENDIR"
+	case sshFxpReaddir:
+		return "SSH_FXP_READDIR"
+	case sshFxpRemove:
+		return "SSH_FXP_REMOVE"
+	case sshFxpMkdir:
+		return "SSH_FXP_MKDIR"
+	case sshFxpRmdir:
+		return "SSH_FXP_RMDIR"
+	case sshFxpRealpath:
+		return "SSH_FXP_REALPATH"
+	case sshFxpStat:
+		return "SSH_FXP_STAT"
+	case sshFxpRename:
+		return "SSH_FXP_RENAME"
+	case sshFxpReadlink:
+		return "SSH_FXP_READLINK"
+	case sshFxpSymlink:
+		return "SSH_FXP_SYMLINK"
+	case sshFxpStatus:
+		return "SSH_FXP_STATUS"
+	case sshFxpHandle:
+		return "SSH_FXP_HANDLE"
+	case sshFxpData:
+		return "SSH_FXP_DATA"
+	case sshFxpName:
+		return "SSH_FXP_NAME"
+	case sshFxpAttrs:
+		return "SSH_FXP_ATTRS"
+	case sshFxpExtended:
+		return "SSH_FXP_EXTENDED"
+	case sshFxpExtendedReply:
+		return "SSH_FXP_EXTENDED_REPLY"
+	default:
+		return "unknown"
+	}
+}
+
+type fx uint8
+
+func (f fx) String() string {
+	switch f {
+	case sshFxOk:
+		return "SSH_FX_OK"
+	case sshFxEOF:
+		return "SSH_FX_EOF"
+	case sshFxNoSuchFile:
+		return "SSH_FX_NO_SUCH_FILE"
+	case sshFxPermissionDenied:
+		return "SSH_FX_PERMISSION_DENIED"
+	case sshFxFailure:
+		return "SSH_FX_FAILURE"
+	case sshFxBadMessage:
+		return "SSH_FX_BAD_MESSAGE"
+	case sshFxNoConnection:
+		return "SSH_FX_NO_CONNECTION"
+	case sshFxConnectionLost:
+		return "SSH_FX_CONNECTION_LOST"
+	case sshFxOPUnsupported:
+		return "SSH_FX_OP_UNSUPPORTED"
+	default:
+		return "unknown"
+	}
+}
+
+type unexpectedPacketErr struct {
+	want, got uint8
+}
+
+func (u *unexpectedPacketErr) Error() string {
+	return fmt.Sprintf("sftp: unexpected packet: want %v, got %v", fxp(u.want), fxp(u.got))
+}
+
+func unimplementedPacketErr(u uint8) error {
+	return fmt.Errorf("sftp: unimplemented packet type: got %v", fxp(u))
+}
+
+type unexpectedIDErr struct{ want, got uint32 }
+
+func (u *unexpectedIDErr) Error() string {
+	return fmt.Sprintf("sftp: unexpected id: want %d, got %d", u.want, u.got)
+}
+
+func unimplementedSeekWhence(whence int) error {
+	return fmt.Errorf("sftp: unimplemented seek whence %d", whence)
+}
+
+func unexpectedCount(want, got uint32) error {
+	return fmt.Errorf("sftp: unexpected count: want %d, got %d", want, got)
+}
+
+type unexpectedVersionErr struct{ want, got uint32 }
+
+func (u *unexpectedVersionErr) Error() string {
+	return fmt.Sprintf("sftp: unexpected server version: want %v, got %v", u.want, u.got)
+}
+
+// A StatusError is returned when an SFTP operation fails, and provides
+// additional information about the failure.
+type StatusError struct {
+	Code      uint32
+	msg, lang string
+}
+
+func (s *StatusError) Error() string {
+	return fmt.Sprintf("sftp: %q (%v)", s.msg, fx(s.Code))
+}
+
+// FxCode returns the error code typed to match against the exported codes
+func (s *StatusError) FxCode() fxerr {
+	return fxerr(s.Code)
+}
+
+func getSupportedExtensionByName(extensionName string) (sshExtensionPair, error) {
+	for _, supportedExtension := range supportedSFTPExtensions {
+		if supportedExtension.Name == extensionName {
+			return supportedExtension, nil
+		}
+	}
+	return sshExtensionPair{}, fmt.Errorf("unsupported extension: %s", extensionName)
+}
+
+// SetSFTPExtensions allows to customize the supported server extensions.
+// See the variable supportedSFTPExtensions for supported extensions.
+// This method accepts a slice of sshExtensionPair names for example 'hardlink@openssh.com'.
+// If an invalid extension is given an error will be returned and nothing will be changed
+func SetSFTPExtensions(extensions ...string) error {
+	tempExtensions := []sshExtensionPair{}
+	for _, extension := range extensions {
+		sftpExtension, err := getSupportedExtensionByName(extension)
+		if err != nil {
+			return err
+		}
+		tempExtensions = append(tempExtensions, sftpExtension)
+	}
+	sftpExtensions = tempExtensions
+	return nil
+}
diff --git a/vendor/github.com/pkg/sftp/stat_plan9.go b/vendor/github.com/pkg/sftp/stat_plan9.go
new file mode 100644
index 000000000..761abdf56
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/stat_plan9.go
@@ -0,0 +1,103 @@
+package sftp
+
+import (
+	"os"
+	"syscall"
+)
+
+var EBADF = syscall.NewError("fd out of range or not open")
+
+func wrapPathError(filepath string, err error) error {
+	if errno, ok := err.(syscall.ErrorString); ok {
+		return &os.PathError{Path: filepath, Err: errno}
+	}
+	return err
+}
+
+// translateErrno translates a syscall error number to a SFTP error code.
+func translateErrno(errno syscall.ErrorString) uint32 {
+	switch errno {
+	case "":
+		return sshFxOk
+	case syscall.ENOENT:
+		return sshFxNoSuchFile
+	case syscall.EPERM:
+		return sshFxPermissionDenied
+	}
+
+	return sshFxFailure
+}
+
+func translateSyscallError(err error) (uint32, bool) {
+	switch e := err.(type) {
+	case syscall.ErrorString:
+		return translateErrno(e), true
+	case *os.PathError:
+		debug("statusFromError,pathError: error is %T %#v", e.Err, e.Err)
+		if errno, ok := e.Err.(syscall.ErrorString); ok {
+			return translateErrno(errno), true
+		}
+	}
+	return 0, false
+}
+
+// isRegular returns true if the mode describes a regular file.
+func isRegular(mode uint32) bool {
+	return mode&S_IFMT == syscall.S_IFREG
+}
+
+// toFileMode converts sftp filemode bits to the os.FileMode specification
+func toFileMode(mode uint32) os.FileMode {
+	var fm = os.FileMode(mode & 0777)
+
+	switch mode & S_IFMT {
+	case syscall.S_IFBLK:
+		fm |= os.ModeDevice
+	case syscall.S_IFCHR:
+		fm |= os.ModeDevice | os.ModeCharDevice
+	case syscall.S_IFDIR:
+		fm |= os.ModeDir
+	case syscall.S_IFIFO:
+		fm |= os.ModeNamedPipe
+	case syscall.S_IFLNK:
+		fm |= os.ModeSymlink
+	case syscall.S_IFREG:
+		// nothing to do
+	case syscall.S_IFSOCK:
+		fm |= os.ModeSocket
+	}
+
+	return fm
+}
+
+// fromFileMode converts from the os.FileMode specification to sftp filemode bits
+func fromFileMode(mode os.FileMode) uint32 {
+	ret := uint32(mode & os.ModePerm)
+
+	switch mode & os.ModeType {
+	case os.ModeDevice | os.ModeCharDevice:
+		ret |= syscall.S_IFCHR
+	case os.ModeDevice:
+		ret |= syscall.S_IFBLK
+	case os.ModeDir:
+		ret |= syscall.S_IFDIR
+	case os.ModeNamedPipe:
+		ret |= syscall.S_IFIFO
+	case os.ModeSymlink:
+		ret |= syscall.S_IFLNK
+	case 0:
+		ret |= syscall.S_IFREG
+	case os.ModeSocket:
+		ret |= syscall.S_IFSOCK
+	}
+
+	return ret
+}
+
+// Plan 9 doesn't have setuid, setgid or sticky, but a Plan 9 client should
+// be able to send these bits to a POSIX server.
+const (
+	s_ISUID = 04000
+	s_ISGID = 02000
+	s_ISVTX = 01000
+)
diff --git a/vendor/github.com/pkg/sftp/stat_posix.go b/vendor/github.com/pkg/sftp/stat_posix.go
new file mode 100644
index 000000000..5b870e23c
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/stat_posix.go
@@ -0,0 +1,124 @@
+//go:build !plan9
+// +build !plan9
+
+package sftp
+
+import (
+	"os"
+	"syscall"
+)
+
+const EBADF = syscall.EBADF
+
+func wrapPathError(filepath string, err error) error {
+	if errno, ok := err.(syscall.Errno); ok {
+		return &os.PathError{Path: filepath, Err: errno}
+	}
+	return err
+}
+
+// translateErrno translates a syscall error number to a SFTP error code.
+func translateErrno(errno syscall.Errno) uint32 {
+	switch errno {
+	case 0:
+		return sshFxOk
+	case syscall.ENOENT:
+		return sshFxNoSuchFile
+	case syscall.EACCES, syscall.EPERM:
+		return sshFxPermissionDenied
+	}
+
+	return sshFxFailure
+}
+
+func translateSyscallError(err error) (uint32, bool) {
+	switch e := err.(type) {
+	case syscall.Errno:
+		return translateErrno(e), true
+	case *os.PathError:
+		debug("statusFromError,pathError: error is %T %#v", e.Err, e.Err)
+		if errno, ok := e.Err.(syscall.Errno); ok {
+			return translateErrno(errno), true
+		}
+	}
+	return 0, false
+}
+
+// isRegular returns true if the mode describes a regular file.
+func isRegular(mode uint32) bool {
+	return mode&S_IFMT == syscall.S_IFREG
+}
+
+// toFileMode converts sftp filemode bits to the os.FileMode specification
+func toFileMode(mode uint32) os.FileMode {
+	var fm = os.FileMode(mode & 0777)
+
+	switch mode & S_IFMT {
+	case syscall.S_IFBLK:
+		fm |= os.ModeDevice
+	case syscall.S_IFCHR:
+		fm |= os.ModeDevice | os.ModeCharDevice
+	case syscall.S_IFDIR:
+		fm |= os.ModeDir
+	case syscall.S_IFIFO:
+		fm |= os.ModeNamedPipe
+	case syscall.S_IFLNK:
+		fm |= os.ModeSymlink
+	case syscall.S_IFREG:
+		// nothing to do
+	case syscall.S_IFSOCK:
+		fm |= os.ModeSocket
+	}
+
+	if mode&syscall.S_ISUID != 0 {
+		fm |= os.ModeSetuid
+	}
+	if mode&syscall.S_ISGID != 0 {
+		fm |= os.ModeSetgid
+	}
+	if mode&syscall.S_ISVTX != 0 {
+		fm |= os.ModeSticky
+	}
+
+	return fm
+}
+
+// fromFileMode converts from the os.FileMode specification to sftp filemode bits
+func fromFileMode(mode os.FileMode) uint32 {
+	ret := uint32(mode & os.ModePerm)
+
+	switch mode & os.ModeType {
+	case os.ModeDevice | os.ModeCharDevice:
+		ret |= syscall.S_IFCHR
+	case os.ModeDevice:
+		ret |= syscall.S_IFBLK
+	case os.ModeDir:
+		ret |= syscall.S_IFDIR
+	case os.ModeNamedPipe:
+		ret |= syscall.S_IFIFO
+	case os.ModeSymlink:
+		ret |= syscall.S_IFLNK
+	case 0:
+		ret |= syscall.S_IFREG
+	case os.ModeSocket:
+		ret |= syscall.S_IFSOCK
+	}
+
+	if mode&os.ModeSetuid != 0 {
+		ret |= syscall.S_ISUID
+	}
+	if mode&os.ModeSetgid != 0 {
+		ret |= syscall.S_ISGID
+	}
+	if mode&os.ModeSticky != 0 {
+		ret |= syscall.S_ISVTX
+	}
+
+	return ret
+}
+
+const (
+	s_ISUID = syscall.S_ISUID
+	s_ISGID = syscall.S_ISGID
+	s_ISVTX = syscall.S_ISVTX
+)
diff --git a/vendor/github.com/pkg/sftp/syscall_fixed.go b/vendor/github.com/pkg/sftp/syscall_fixed.go
new file mode 100644
index 000000000..d40457776
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/syscall_fixed.go
@@ -0,0 +1,9 @@
+// +build plan9 windows js,wasm
+
+// Go defines S_IFMT on windows, plan9 and js/wasm as 0x1f000 instead of
+// 0xf000. None of the the other S_IFxyz values include the "1" (in 0x1f000)
+// which prevents them from matching the bitmask.
+
+package sftp
+
+const S_IFMT = 0xf000
diff --git a/vendor/github.com/pkg/sftp/syscall_good.go b/vendor/github.com/pkg/sftp/syscall_good.go
new file mode 100644
index 000000000..4c2b240cf
--- /dev/null
+++ b/vendor/github.com/pkg/sftp/syscall_good.go
@@ -0,0 +1,8 @@
+// +build !plan9,!windows
+// +build !js !wasm
+
+package sftp
+
+import "syscall"
+
+const S_IFMT = syscall.S_IFMT
diff --git a/vendor/github.com/proglottis/gpgme/go.mod b/vendor/github.com/proglottis/gpgme/go.mod
deleted file mode 100644
index 5badc8e69..000000000
--- a/vendor/github.com/proglottis/gpgme/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/proglottis/gpgme
-
-go 1.11
diff --git a/vendor/github.com/prometheus/client_golang/LICENSE b/vendor/github.com/prometheus/client_golang/LICENSE
deleted file mode 100644
index 261eeb9e9..000000000
--- a/vendor/github.com/prometheus/client_golang/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/prometheus/client_golang/NOTICE b/vendor/github.com/prometheus/client_golang/NOTICE
deleted file mode 100644
index dd878a30e..000000000
--- a/vendor/github.com/prometheus/client_golang/NOTICE
+++ /dev/null
@@ -1,23 +0,0 @@
-Prometheus instrumentation library for Go applications
-Copyright 2012-2015 The Prometheus Authors
-
-This product includes software developed at
-SoundCloud Ltd. (http://soundcloud.com/).
-
-
-The following components are included in this product:
-
-perks - a fork of https://github.com/bmizerany/perks
-https://github.com/beorn7/perks
-Copyright 2013-2015 Blake Mizerany, Björn Rabenstein
-See https://github.com/beorn7/perks/blob/master/README.md for license details.
-
-Go support for Protocol Buffers - Google's data interchange format
-http://github.com/golang/protobuf/
-Copyright 2010 The Go Authors
-See source code for license details.
-
-Support for streaming Protocol Buffer messages for the Go language (golang).
-https://github.com/matttproud/golang_protobuf_extensions
-Copyright 2013 Matt T. Proud
-Licensed under the Apache License, Version 2.0
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/.gitignore b/vendor/github.com/prometheus/client_golang/prometheus/.gitignore
deleted file mode 100644
index 3460f0346..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-command-line-arguments.test
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/README.md b/vendor/github.com/prometheus/client_golang/prometheus/README.md
deleted file mode 100644
index c67ff1b7f..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/README.md
+++ /dev/null
@@ -1 +0,0 @@
-See [![Go Reference](https://pkg.go.dev/badge/github.com/prometheus/client_golang/prometheus.svg)](https://pkg.go.dev/github.com/prometheus/client_golang/prometheus).
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/build_info_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/build_info_collector.go
deleted file mode 100644
index 450189f35..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/build_info_collector.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2021 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import "runtime/debug"
-
-// NewBuildInfoCollector is the obsolete version of collectors.NewBuildInfoCollector.
-// See there for documentation.
-//
-// Deprecated: Use collectors.NewBuildInfoCollector instead.
-func NewBuildInfoCollector() Collector {
-	path, version, sum := "unknown", "unknown", "unknown"
-	if bi, ok := debug.ReadBuildInfo(); ok {
-		path = bi.Main.Path
-		version = bi.Main.Version
-		sum = bi.Main.Sum
-	}
-	c := &selfCollector{MustNewConstMetric(
-		NewDesc(
-			"go_build_info",
-			"Build information about the main Go module.",
-			nil, Labels{"path": path, "version": version, "checksum": sum},
-		),
-		GaugeValue, 1)}
-	c.init(c.self)
-	return c
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collector.go b/vendor/github.com/prometheus/client_golang/prometheus/collector.go
deleted file mode 100644
index ac1ca3cf5..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/collector.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-// Collector is the interface implemented by anything that can be used by
-// Prometheus to collect metrics. A Collector has to be registered for
-// collection. See Registerer.Register.
-//
-// The stock metrics provided by this package (Gauge, Counter, Summary,
-// Histogram, Untyped) are also Collectors (which only ever collect one metric,
-// namely itself). An implementer of Collector may, however, collect multiple
-// metrics in a coordinated fashion and/or create metrics on the fly. Examples
-// for collectors already implemented in this library are the metric vectors
-// (i.e. collection of multiple instances of the same Metric but with different
-// label values) like GaugeVec or SummaryVec, and the ExpvarCollector.
-type Collector interface {
-	// Describe sends the super-set of all possible descriptors of metrics
-	// collected by this Collector to the provided channel and returns once
-	// the last descriptor has been sent. The sent descriptors fulfill the
-	// consistency and uniqueness requirements described in the Desc
-	// documentation.
-	//
-	// It is valid if one and the same Collector sends duplicate
-	// descriptors. Those duplicates are simply ignored. However, two
-	// different Collectors must not send duplicate descriptors.
-	//
-	// Sending no descriptor at all marks the Collector as “unchecked�,
-	// i.e. no checks will be performed at registration time, and the
-	// Collector may yield any Metric it sees fit in its Collect method.
-	//
-	// This method idempotently sends the same descriptors throughout the
-	// lifetime of the Collector. It may be called concurrently and
-	// therefore must be implemented in a concurrency safe way.
-	//
-	// If a Collector encounters an error while executing this method, it
-	// must send an invalid descriptor (created with NewInvalidDesc) to
-	// signal the error to the registry.
-	Describe(chan<- *Desc)
-	// Collect is called by the Prometheus registry when collecting
-	// metrics. The implementation sends each collected metric via the
-	// provided channel and returns once the last metric has been sent. The
-	// descriptor of each sent metric is one of those returned by Describe
-	// (unless the Collector is unchecked, see above). Returned metrics that
-	// share the same descriptor must differ in their variable label
-	// values.
-	//
-	// This method may be called concurrently and must therefore be
-	// implemented in a concurrency safe way. Blocking occurs at the expense
-	// of total performance of rendering all registered metrics. Ideally,
-	// Collector implementations support concurrent readers.
-	Collect(chan<- Metric)
-}
-
-// DescribeByCollect is a helper to implement the Describe method of a custom
-// Collector. It collects the metrics from the provided Collector and sends
-// their descriptors to the provided channel.
-//
-// If a Collector collects the same metrics throughout its lifetime, its
-// Describe method can simply be implemented as:
-//
-//   func (c customCollector) Describe(ch chan<- *Desc) {
-//   	DescribeByCollect(c, ch)
-//   }
-//
-// However, this will not work if the metrics collected change dynamically over
-// the lifetime of the Collector in a way that their combined set of descriptors
-// changes as well. The shortcut implementation will then violate the contract
-// of the Describe method. If a Collector sometimes collects no metrics at all
-// (for example vectors like CounterVec, GaugeVec, etc., which only collect
-// metrics after a metric with a fully specified label set has been accessed),
-// it might even get registered as an unchecked Collector (cf. the Register
-// method of the Registerer interface). Hence, only use this shortcut
-// implementation of Describe if you are certain to fulfill the contract.
-//
-// The Collector example demonstrates a use of DescribeByCollect.
-func DescribeByCollect(c Collector, descs chan<- *Desc) {
-	metrics := make(chan Metric)
-	go func() {
-		c.Collect(metrics)
-		close(metrics)
-	}()
-	for m := range metrics {
-		descs <- m.Desc()
-	}
-}
-
-// selfCollector implements Collector for a single Metric so that the Metric
-// collects itself. Add it as an anonymous field to a struct that implements
-// Metric, and call init with the Metric itself as an argument.
-type selfCollector struct {
-	self Metric
-}
-
-// init provides the selfCollector with a reference to the metric it is supposed
-// to collect. It is usually called within the factory function to create a
-// metric. See example.
-func (c *selfCollector) init(self Metric) {
-	c.self = self
-}
-
-// Describe implements Collector.
-func (c *selfCollector) Describe(ch chan<- *Desc) {
-	ch <- c.self.Desc()
-}
-
-// Collect implements Collector.
-func (c *selfCollector) Collect(ch chan<- Metric) {
-	ch <- c.self
-}
-
-// collectorMetric is a metric that is also a collector.
-// Because of selfCollector, most (if not all) Metrics in
-// this package are also collectors.
-type collectorMetric interface {
-	Metric
-	Collector
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/counter.go b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
deleted file mode 100644
index 00d70f09b..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/counter.go
+++ /dev/null
@@ -1,325 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"errors"
-	"math"
-	"sync/atomic"
-	"time"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// Counter is a Metric that represents a single numerical value that only ever
-// goes up. That implies that it cannot be used to count items whose number can
-// also go down, e.g. the number of currently running goroutines. Those
-// "counters" are represented by Gauges.
-//
-// A Counter is typically used to count requests served, tasks completed, errors
-// occurred, etc.
-//
-// To create Counter instances, use NewCounter.
-type Counter interface {
-	Metric
-	Collector
-
-	// Inc increments the counter by 1. Use Add to increment it by arbitrary
-	// non-negative values.
-	Inc()
-	// Add adds the given value to the counter. It panics if the value is <
-	// 0.
-	Add(float64)
-}
-
-// ExemplarAdder is implemented by Counters that offer the option of adding a
-// value to the Counter together with an exemplar. Its AddWithExemplar method
-// works like the Add method of the Counter interface but also replaces the
-// currently saved exemplar (if any) with a new one, created from the provided
-// value, the current time as timestamp, and the provided labels. Empty Labels
-// will lead to a valid (label-less) exemplar. But if Labels is nil, the current
-// exemplar is left in place. AddWithExemplar panics if the value is < 0, if any
-// of the provided labels are invalid, or if the provided labels contain more
-// than 64 runes in total.
-type ExemplarAdder interface {
-	AddWithExemplar(value float64, exemplar Labels)
-}
-
-// CounterOpts is an alias for Opts. See there for doc comments.
-type CounterOpts Opts
-
-// NewCounter creates a new Counter based on the provided CounterOpts.
-//
-// The returned implementation also implements ExemplarAdder. It is safe to
-// perform the corresponding type assertion.
-//
-// The returned implementation tracks the counter value in two separate
-// variables, a float64 and a uint64. The latter is used to track calls of the
-// Inc method and calls of the Add method with a value that can be represented
-// as a uint64. This allows atomic increments of the counter with optimal
-// performance. (It is common to have an Inc call in very hot execution paths.)
-// Both internal tracking values are added up in the Write method. This has to
-// be taken into account when it comes to precision and overflow behavior.
-func NewCounter(opts CounterOpts) Counter {
-	desc := NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		nil,
-		opts.ConstLabels,
-	)
-	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: time.Now}
-	result.init(result) // Init self-collection.
-	return result
-}
-
-type counter struct {
-	// valBits contains the bits of the represented float64 value, while
-	// valInt stores values that are exact integers. Both have to go first
-	// in the struct to guarantee alignment for atomic operations.
-	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
-	valBits uint64
-	valInt  uint64
-
-	selfCollector
-	desc *Desc
-
-	labelPairs []*dto.LabelPair
-	exemplar   atomic.Value // Containing nil or a *dto.Exemplar.
-
-	now func() time.Time // To mock out time.Now() for testing.
-}
-
-func (c *counter) Desc() *Desc {
-	return c.desc
-}
-
-func (c *counter) Add(v float64) {
-	if v < 0 {
-		panic(errors.New("counter cannot decrease in value"))
-	}
-
-	ival := uint64(v)
-	if float64(ival) == v {
-		atomic.AddUint64(&c.valInt, ival)
-		return
-	}
-
-	for {
-		oldBits := atomic.LoadUint64(&c.valBits)
-		newBits := math.Float64bits(math.Float64frombits(oldBits) + v)
-		if atomic.CompareAndSwapUint64(&c.valBits, oldBits, newBits) {
-			return
-		}
-	}
-}
-
-func (c *counter) AddWithExemplar(v float64, e Labels) {
-	c.Add(v)
-	c.updateExemplar(v, e)
-}
-
-func (c *counter) Inc() {
-	atomic.AddUint64(&c.valInt, 1)
-}
-
-func (c *counter) get() float64 {
-	fval := math.Float64frombits(atomic.LoadUint64(&c.valBits))
-	ival := atomic.LoadUint64(&c.valInt)
-	return fval + float64(ival)
-}
-
-func (c *counter) Write(out *dto.Metric) error {
-	val := c.get()
-
-	var exemplar *dto.Exemplar
-	if e := c.exemplar.Load(); e != nil {
-		exemplar = e.(*dto.Exemplar)
-	}
-
-	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out)
-}
-
-func (c *counter) updateExemplar(v float64, l Labels) {
-	if l == nil {
-		return
-	}
-	e, err := newExemplar(v, c.now(), l)
-	if err != nil {
-		panic(err)
-	}
-	c.exemplar.Store(e)
-}
-
-// CounterVec is a Collector that bundles a set of Counters that all share the
-// same Desc, but have different values for their variable labels. This is used
-// if you want to count the same thing partitioned by various dimensions
-// (e.g. number of HTTP requests, partitioned by response code and
-// method). Create instances with NewCounterVec.
-type CounterVec struct {
-	*MetricVec
-}
-
-// NewCounterVec creates a new CounterVec based on the provided CounterOpts and
-// partitioned by the given label names.
-func NewCounterVec(opts CounterOpts, labelNames []string) *CounterVec {
-	desc := NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		labelNames,
-		opts.ConstLabels,
-	)
-	return &CounterVec{
-		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, lvs))
-			}
-			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: time.Now}
-			result.init(result) // Init self-collection.
-			return result
-		}),
-	}
-}
-
-// GetMetricWithLabelValues returns the Counter for the given slice of label
-// values (same order as the variable labels in Desc). If that combination of
-// label values is accessed for the first time, a new Counter is created.
-//
-// It is possible to call this method without using the returned Counter to only
-// create the new Counter but leave it at its starting value 0. See also the
-// SummaryVec example.
-//
-// Keeping the Counter for later use is possible (and should be considered if
-// performance is critical), but keep in mind that Reset, DeleteLabelValues and
-// Delete can be used to delete the Counter from the CounterVec. In that case,
-// the Counter will still exist, but it will not be exported anymore, even if a
-// Counter with the same label values is created later.
-//
-// An error is returned if the number of label values is not the same as the
-// number of variable labels in Desc (minus any curried labels).
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
-// an alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-// See also the GaugeVec example.
-func (v *CounterVec) GetMetricWithLabelValues(lvs ...string) (Counter, error) {
-	metric, err := v.MetricVec.GetMetricWithLabelValues(lvs...)
-	if metric != nil {
-		return metric.(Counter), err
-	}
-	return nil, err
-}
-
-// GetMetricWith returns the Counter for the given Labels map (the label names
-// must match those of the variable labels in Desc). If that label map is
-// accessed for the first time, a new Counter is created. Implications of
-// creating a Counter without using it and keeping the Counter for later use are
-// the same as for GetMetricWithLabelValues.
-//
-// An error is returned if the number and names of the Labels are inconsistent
-// with those of the variable labels in Desc (minus any curried labels).
-//
-// This method is used for the same purpose as
-// GetMetricWithLabelValues(...string). See there for pros and cons of the two
-// methods.
-func (v *CounterVec) GetMetricWith(labels Labels) (Counter, error) {
-	metric, err := v.MetricVec.GetMetricWith(labels)
-	if metric != nil {
-		return metric.(Counter), err
-	}
-	return nil, err
-}
-
-// WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. Not returning an
-// error allows shortcuts like
-//     myVec.WithLabelValues("404", "GET").Add(42)
-func (v *CounterVec) WithLabelValues(lvs ...string) Counter {
-	c, err := v.GetMetricWithLabelValues(lvs...)
-	if err != nil {
-		panic(err)
-	}
-	return c
-}
-
-// With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. Not returning an error allows shortcuts like
-//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Add(42)
-func (v *CounterVec) With(labels Labels) Counter {
-	c, err := v.GetMetricWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return c
-}
-
-// CurryWith returns a vector curried with the provided labels, i.e. the
-// returned vector has those labels pre-set for all labeled operations performed
-// on it. The cardinality of the curried vector is reduced accordingly. The
-// order of the remaining labels stays the same (just with the curried labels
-// taken out of the sequence – which is relevant for the
-// (GetMetric)WithLabelValues methods). It is possible to curry a curried
-// vector, but only with labels not yet used for currying before.
-//
-// The metrics contained in the CounterVec are shared between the curried and
-// uncurried vectors. They are just accessed differently. Curried and uncurried
-// vectors behave identically in terms of collection. Only one must be
-// registered with a given registry (usually the uncurried version). The Reset
-// method deletes all metrics, even if called on a curried vector.
-func (v *CounterVec) CurryWith(labels Labels) (*CounterVec, error) {
-	vec, err := v.MetricVec.CurryWith(labels)
-	if vec != nil {
-		return &CounterVec{vec}, err
-	}
-	return nil, err
-}
-
-// MustCurryWith works as CurryWith but panics where CurryWith would have
-// returned an error.
-func (v *CounterVec) MustCurryWith(labels Labels) *CounterVec {
-	vec, err := v.CurryWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return vec
-}
-
-// CounterFunc is a Counter whose value is determined at collect time by calling a
-// provided function.
-//
-// To create CounterFunc instances, use NewCounterFunc.
-type CounterFunc interface {
-	Metric
-	Collector
-}
-
-// NewCounterFunc creates a new CounterFunc based on the provided
-// CounterOpts. The value reported is determined by calling the given function
-// from within the Write method. Take into account that metric collection may
-// happen concurrently. If that results in concurrent calls to Write, like in
-// the case where a CounterFunc is directly registered with Prometheus, the
-// provided function must be concurrency-safe. The function should also honor
-// the contract for a Counter (values only go up, not down), but compliance will
-// not be checked.
-//
-// Check out the ExampleGaugeFunc examples for the similar GaugeFunc.
-func NewCounterFunc(opts CounterOpts, function func() float64) CounterFunc {
-	return newValueFunc(NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		nil,
-		opts.ConstLabels,
-	), CounterValue, function)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
deleted file mode 100644
index 4bb816ab7..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go
+++ /dev/null
@@ -1,186 +0,0 @@
-// Copyright 2016 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"errors"
-	"fmt"
-	"sort"
-	"strings"
-
-	"github.com/cespare/xxhash/v2"
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"github.com/prometheus/common/model"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// Desc is the descriptor used by every Prometheus Metric. It is essentially
-// the immutable meta-data of a Metric. The normal Metric implementations
-// included in this package manage their Desc under the hood. Users only have to
-// deal with Desc if they use advanced features like the ExpvarCollector or
-// custom Collectors and Metrics.
-//
-// Descriptors registered with the same registry have to fulfill certain
-// consistency and uniqueness criteria if they share the same fully-qualified
-// name: They must have the same help string and the same label names (aka label
-// dimensions) in each, constLabels and variableLabels, but they must differ in
-// the values of the constLabels.
-//
-// Descriptors that share the same fully-qualified names and the same label
-// values of their constLabels are considered equal.
-//
-// Use NewDesc to create new Desc instances.
-type Desc struct {
-	// fqName has been built from Namespace, Subsystem, and Name.
-	fqName string
-	// help provides some helpful information about this metric.
-	help string
-	// constLabelPairs contains precalculated DTO label pairs based on
-	// the constant labels.
-	constLabelPairs []*dto.LabelPair
-	// variableLabels contains names of labels for which the metric
-	// maintains variable values.
-	variableLabels []string
-	// id is a hash of the values of the ConstLabels and fqName. This
-	// must be unique among all registered descriptors and can therefore be
-	// used as an identifier of the descriptor.
-	id uint64
-	// dimHash is a hash of the label names (preset and variable) and the
-	// Help string. Each Desc with the same fqName must have the same
-	// dimHash.
-	dimHash uint64
-	// err is an error that occurred during construction. It is reported on
-	// registration time.
-	err error
-}
-
-// NewDesc allocates and initializes a new Desc. Errors are recorded in the Desc
-// and will be reported on registration time. variableLabels and constLabels can
-// be nil if no such labels should be set. fqName must not be empty.
-//
-// variableLabels only contain the label names. Their label values are variable
-// and therefore not part of the Desc. (They are managed within the Metric.)
-//
-// For constLabels, the label values are constant. Therefore, they are fully
-// specified in the Desc. See the Collector example for a usage pattern.
-func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *Desc {
-	d := &Desc{
-		fqName:         fqName,
-		help:           help,
-		variableLabels: variableLabels,
-	}
-	if !model.IsValidMetricName(model.LabelValue(fqName)) {
-		d.err = fmt.Errorf("%q is not a valid metric name", fqName)
-		return d
-	}
-	// labelValues contains the label values of const labels (in order of
-	// their sorted label names) plus the fqName (at position 0).
-	labelValues := make([]string, 1, len(constLabels)+1)
-	labelValues[0] = fqName
-	labelNames := make([]string, 0, len(constLabels)+len(variableLabels))
-	labelNameSet := map[string]struct{}{}
-	// First add only the const label names and sort them...
-	for labelName := range constLabels {
-		if !checkLabelName(labelName) {
-			d.err = fmt.Errorf("%q is not a valid label name for metric %q", labelName, fqName)
-			return d
-		}
-		labelNames = append(labelNames, labelName)
-		labelNameSet[labelName] = struct{}{}
-	}
-	sort.Strings(labelNames)
-	// ... so that we can now add const label values in the order of their names.
-	for _, labelName := range labelNames {
-		labelValues = append(labelValues, constLabels[labelName])
-	}
-	// Validate the const label values. They can't have a wrong cardinality, so
-	// use in len(labelValues) as expectedNumberOfValues.
-	if err := validateLabelValues(labelValues, len(labelValues)); err != nil {
-		d.err = err
-		return d
-	}
-	// Now add the variable label names, but prefix them with something that
-	// cannot be in a regular label name. That prevents matching the label
-	// dimension with a different mix between preset and variable labels.
-	for _, labelName := range variableLabels {
-		if !checkLabelName(labelName) {
-			d.err = fmt.Errorf("%q is not a valid label name for metric %q", labelName, fqName)
-			return d
-		}
-		labelNames = append(labelNames, "$"+labelName)
-		labelNameSet[labelName] = struct{}{}
-	}
-	if len(labelNames) != len(labelNameSet) {
-		d.err = errors.New("duplicate label names")
-		return d
-	}
-
-	xxh := xxhash.New()
-	for _, val := range labelValues {
-		xxh.WriteString(val)
-		xxh.Write(separatorByteSlice)
-	}
-	d.id = xxh.Sum64()
-	// Sort labelNames so that order doesn't matter for the hash.
-	sort.Strings(labelNames)
-	// Now hash together (in this order) the help string and the sorted
-	// label names.
-	xxh.Reset()
-	xxh.WriteString(help)
-	xxh.Write(separatorByteSlice)
-	for _, labelName := range labelNames {
-		xxh.WriteString(labelName)
-		xxh.Write(separatorByteSlice)
-	}
-	d.dimHash = xxh.Sum64()
-
-	d.constLabelPairs = make([]*dto.LabelPair, 0, len(constLabels))
-	for n, v := range constLabels {
-		d.constLabelPairs = append(d.constLabelPairs, &dto.LabelPair{
-			Name:  proto.String(n),
-			Value: proto.String(v),
-		})
-	}
-	sort.Sort(labelPairSorter(d.constLabelPairs))
-	return d
-}
-
-// NewInvalidDesc returns an invalid descriptor, i.e. a descriptor with the
-// provided error set. If a collector returning such a descriptor is registered,
-// registration will fail with the provided error. NewInvalidDesc can be used by
-// a Collector to signal inability to describe itself.
-func NewInvalidDesc(err error) *Desc {
-	return &Desc{
-		err: err,
-	}
-}
-
-func (d *Desc) String() string {
-	lpStrings := make([]string, 0, len(d.constLabelPairs))
-	for _, lp := range d.constLabelPairs {
-		lpStrings = append(
-			lpStrings,
-			fmt.Sprintf("%s=%q", lp.GetName(), lp.GetValue()),
-		)
-	}
-	return fmt.Sprintf(
-		"Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: %v}",
-		d.fqName,
-		d.help,
-		strings.Join(lpStrings, ","),
-		d.variableLabels,
-	)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/doc.go b/vendor/github.com/prometheus/client_golang/prometheus/doc.go
deleted file mode 100644
index 98450125d..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/doc.go
+++ /dev/null
@@ -1,199 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package prometheus is the core instrumentation package. It provides metrics
-// primitives to instrument code for monitoring. It also offers a registry for
-// metrics. Sub-packages allow to expose the registered metrics via HTTP
-// (package promhttp) or push them to a Pushgateway (package push). There is
-// also a sub-package promauto, which provides metrics constructors with
-// automatic registration.
-//
-// All exported functions and methods are safe to be used concurrently unless
-// specified otherwise.
-//
-// A Basic Example
-//
-// As a starting point, a very basic usage example:
-//
-//    package main
-//
-//    import (
-//    	"log"
-//    	"net/http"
-//
-//    	"github.com/prometheus/client_golang/prometheus"
-//    	"github.com/prometheus/client_golang/prometheus/promhttp"
-//    )
-//
-//    var (
-//    	cpuTemp = prometheus.NewGauge(prometheus.GaugeOpts{
-//    		Name: "cpu_temperature_celsius",
-//    		Help: "Current temperature of the CPU.",
-//    	})
-//    	hdFailures = prometheus.NewCounterVec(
-//    		prometheus.CounterOpts{
-//    			Name: "hd_errors_total",
-//    			Help: "Number of hard-disk errors.",
-//    		},
-//    		[]string{"device"},
-//    	)
-//    )
-//
-//    func init() {
-//    	// Metrics have to be registered to be exposed:
-//    	prometheus.MustRegister(cpuTemp)
-//    	prometheus.MustRegister(hdFailures)
-//    }
-//
-//    func main() {
-//    	cpuTemp.Set(65.3)
-//    	hdFailures.With(prometheus.Labels{"device":"/dev/sda"}).Inc()
-//
-//    	// The Handler function provides a default handler to expose metrics
-//    	// via an HTTP server. "/metrics" is the usual endpoint for that.
-//    	http.Handle("/metrics", promhttp.Handler())
-//    	log.Fatal(http.ListenAndServe(":8080", nil))
-//    }
-//
-//
-// This is a complete program that exports two metrics, a Gauge and a Counter,
-// the latter with a label attached to turn it into a (one-dimensional) vector.
-//
-// Metrics
-//
-// The number of exported identifiers in this package might appear a bit
-// overwhelming. However, in addition to the basic plumbing shown in the example
-// above, you only need to understand the different metric types and their
-// vector versions for basic usage. Furthermore, if you are not concerned with
-// fine-grained control of when and how to register metrics with the registry,
-// have a look at the promauto package, which will effectively allow you to
-// ignore registration altogether in simple cases.
-//
-// Above, you have already touched the Counter and the Gauge. There are two more
-// advanced metric types: the Summary and Histogram. A more thorough description
-// of those four metric types can be found in the Prometheus docs:
-// https://prometheus.io/docs/concepts/metric_types/
-//
-// In addition to the fundamental metric types Gauge, Counter, Summary, and
-// Histogram, a very important part of the Prometheus data model is the
-// partitioning of samples along dimensions called labels, which results in
-// metric vectors. The fundamental types are GaugeVec, CounterVec, SummaryVec,
-// and HistogramVec.
-//
-// While only the fundamental metric types implement the Metric interface, both
-// the metrics and their vector versions implement the Collector interface. A
-// Collector manages the collection of a number of Metrics, but for convenience,
-// a Metric can also “collect itself�. Note that Gauge, Counter, Summary, and
-// Histogram are interfaces themselves while GaugeVec, CounterVec, SummaryVec,
-// and HistogramVec are not.
-//
-// To create instances of Metrics and their vector versions, you need a suitable
-// …Opts struct, i.e. GaugeOpts, CounterOpts, SummaryOpts, or HistogramOpts.
-//
-// Custom Collectors and constant Metrics
-//
-// While you could create your own implementations of Metric, most likely you
-// will only ever implement the Collector interface on your own. At a first
-// glance, a custom Collector seems handy to bundle Metrics for common
-// registration (with the prime example of the different metric vectors above,
-// which bundle all the metrics of the same name but with different labels).
-//
-// There is a more involved use case, too: If you already have metrics
-// available, created outside of the Prometheus context, you don't need the
-// interface of the various Metric types. You essentially want to mirror the
-// existing numbers into Prometheus Metrics during collection. An own
-// implementation of the Collector interface is perfect for that. You can create
-// Metric instances “on the fly� using NewConstMetric, NewConstHistogram, and
-// NewConstSummary (and their respective Must… versions). NewConstMetric is used
-// for all metric types with just a float64 as their value: Counter, Gauge, and
-// a special “type� called Untyped. Use the latter if you are not sure if the
-// mirrored metric is a Counter or a Gauge. Creation of the Metric instance
-// happens in the Collect method. The Describe method has to return separate
-// Desc instances, representative of the “throw-away� metrics to be created
-// later.  NewDesc comes in handy to create those Desc instances. Alternatively,
-// you could return no Desc at all, which will mark the Collector “unchecked�.
-// No checks are performed at registration time, but metric consistency will
-// still be ensured at scrape time, i.e. any inconsistencies will lead to scrape
-// errors. Thus, with unchecked Collectors, the responsibility to not collect
-// metrics that lead to inconsistencies in the total scrape result lies with the
-// implementer of the Collector. While this is not a desirable state, it is
-// sometimes necessary. The typical use case is a situation where the exact
-// metrics to be returned by a Collector cannot be predicted at registration
-// time, but the implementer has sufficient knowledge of the whole system to
-// guarantee metric consistency.
-//
-// The Collector example illustrates the use case. You can also look at the
-// source code of the processCollector (mirroring process metrics), the
-// goCollector (mirroring Go metrics), or the expvarCollector (mirroring expvar
-// metrics) as examples that are used in this package itself.
-//
-// If you just need to call a function to get a single float value to collect as
-// a metric, GaugeFunc, CounterFunc, or UntypedFunc might be interesting
-// shortcuts.
-//
-// Advanced Uses of the Registry
-//
-// While MustRegister is the by far most common way of registering a Collector,
-// sometimes you might want to handle the errors the registration might cause.
-// As suggested by the name, MustRegister panics if an error occurs. With the
-// Register function, the error is returned and can be handled.
-//
-// An error is returned if the registered Collector is incompatible or
-// inconsistent with already registered metrics. The registry aims for
-// consistency of the collected metrics according to the Prometheus data model.
-// Inconsistencies are ideally detected at registration time, not at collect
-// time. The former will usually be detected at start-up time of a program,
-// while the latter will only happen at scrape time, possibly not even on the
-// first scrape if the inconsistency only becomes relevant later. That is the
-// main reason why a Collector and a Metric have to describe themselves to the
-// registry.
-//
-// So far, everything we did operated on the so-called default registry, as it
-// can be found in the global DefaultRegisterer variable. With NewRegistry, you
-// can create a custom registry, or you can even implement the Registerer or
-// Gatherer interfaces yourself. The methods Register and Unregister work in the
-// same way on a custom registry as the global functions Register and Unregister
-// on the default registry.
-//
-// There are a number of uses for custom registries: You can use registries with
-// special properties, see NewPedanticRegistry. You can avoid global state, as
-// it is imposed by the DefaultRegisterer. You can use multiple registries at
-// the same time to expose different metrics in different ways.  You can use
-// separate registries for testing purposes.
-//
-// Also note that the DefaultRegisterer comes registered with a Collector for Go
-// runtime metrics (via NewGoCollector) and a Collector for process metrics (via
-// NewProcessCollector). With a custom registry, you are in control and decide
-// yourself about the Collectors to register.
-//
-// HTTP Exposition
-//
-// The Registry implements the Gatherer interface. The caller of the Gather
-// method can then expose the gathered metrics in some way. Usually, the metrics
-// are served via HTTP on the /metrics endpoint. That's happening in the example
-// above. The tools to expose metrics via HTTP are in the promhttp sub-package.
-//
-// Pushing to the Pushgateway
-//
-// Function for pushing to the Pushgateway can be found in the push sub-package.
-//
-// Graphite Bridge
-//
-// Functions and examples to push metrics from a Gatherer to Graphite can be
-// found in the graphite sub-package.
-//
-// Other Means of Exposition
-//
-// More ways of exposing metrics can easily be added by following the approaches
-// of the existing implementations.
-package prometheus
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
deleted file mode 100644
index c41ab37f3..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
+++ /dev/null
@@ -1,86 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"encoding/json"
-	"expvar"
-)
-
-type expvarCollector struct {
-	exports map[string]*Desc
-}
-
-// NewExpvarCollector is the obsolete version of collectors.NewExpvarCollector.
-// See there for documentation.
-//
-// Deprecated: Use collectors.NewExpvarCollector instead.
-func NewExpvarCollector(exports map[string]*Desc) Collector {
-	return &expvarCollector{
-		exports: exports,
-	}
-}
-
-// Describe implements Collector.
-func (e *expvarCollector) Describe(ch chan<- *Desc) {
-	for _, desc := range e.exports {
-		ch <- desc
-	}
-}
-
-// Collect implements Collector.
-func (e *expvarCollector) Collect(ch chan<- Metric) {
-	for name, desc := range e.exports {
-		var m Metric
-		expVar := expvar.Get(name)
-		if expVar == nil {
-			continue
-		}
-		var v interface{}
-		labels := make([]string, len(desc.variableLabels))
-		if err := json.Unmarshal([]byte(expVar.String()), &v); err != nil {
-			ch <- NewInvalidMetric(desc, err)
-			continue
-		}
-		var processValue func(v interface{}, i int)
-		processValue = func(v interface{}, i int) {
-			if i >= len(labels) {
-				copiedLabels := append(make([]string, 0, len(labels)), labels...)
-				switch v := v.(type) {
-				case float64:
-					m = MustNewConstMetric(desc, UntypedValue, v, copiedLabels...)
-				case bool:
-					if v {
-						m = MustNewConstMetric(desc, UntypedValue, 1, copiedLabels...)
-					} else {
-						m = MustNewConstMetric(desc, UntypedValue, 0, copiedLabels...)
-					}
-				default:
-					return
-				}
-				ch <- m
-				return
-			}
-			vm, ok := v.(map[string]interface{})
-			if !ok {
-				return
-			}
-			for lv, val := range vm {
-				labels[i] = lv
-				processValue(val, i+1)
-			}
-		}
-		processValue(v, 0)
-	}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/fnv.go b/vendor/github.com/prometheus/client_golang/prometheus/fnv.go
deleted file mode 100644
index 3d383a735..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/fnv.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-// Inline and byte-free variant of hash/fnv's fnv64a.
-
-const (
-	offset64 = 14695981039346656037
-	prime64  = 1099511628211
-)
-
-// hashNew initializies a new fnv64a hash value.
-func hashNew() uint64 {
-	return offset64
-}
-
-// hashAdd adds a string to a fnv64a hash value, returning the updated hash.
-func hashAdd(h uint64, s string) uint64 {
-	for i := 0; i < len(s); i++ {
-		h ^= uint64(s[i])
-		h *= prime64
-	}
-	return h
-}
-
-// hashAddByte adds a byte to a fnv64a hash value, returning the updated hash.
-func hashAddByte(h uint64, b byte) uint64 {
-	h ^= uint64(b)
-	h *= prime64
-	return h
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
deleted file mode 100644
index bd0733d6a..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
+++ /dev/null
@@ -1,289 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"math"
-	"sync/atomic"
-	"time"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// Gauge is a Metric that represents a single numerical value that can
-// arbitrarily go up and down.
-//
-// A Gauge is typically used for measured values like temperatures or current
-// memory usage, but also "counts" that can go up and down, like the number of
-// running goroutines.
-//
-// To create Gauge instances, use NewGauge.
-type Gauge interface {
-	Metric
-	Collector
-
-	// Set sets the Gauge to an arbitrary value.
-	Set(float64)
-	// Inc increments the Gauge by 1. Use Add to increment it by arbitrary
-	// values.
-	Inc()
-	// Dec decrements the Gauge by 1. Use Sub to decrement it by arbitrary
-	// values.
-	Dec()
-	// Add adds the given value to the Gauge. (The value can be negative,
-	// resulting in a decrease of the Gauge.)
-	Add(float64)
-	// Sub subtracts the given value from the Gauge. (The value can be
-	// negative, resulting in an increase of the Gauge.)
-	Sub(float64)
-
-	// SetToCurrentTime sets the Gauge to the current Unix time in seconds.
-	SetToCurrentTime()
-}
-
-// GaugeOpts is an alias for Opts. See there for doc comments.
-type GaugeOpts Opts
-
-// NewGauge creates a new Gauge based on the provided GaugeOpts.
-//
-// The returned implementation is optimized for a fast Set method. If you have a
-// choice for managing the value of a Gauge via Set vs. Inc/Dec/Add/Sub, pick
-// the former. For example, the Inc method of the returned Gauge is slower than
-// the Inc method of a Counter returned by NewCounter. This matches the typical
-// scenarios for Gauges and Counters, where the former tends to be Set-heavy and
-// the latter Inc-heavy.
-func NewGauge(opts GaugeOpts) Gauge {
-	desc := NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		nil,
-		opts.ConstLabels,
-	)
-	result := &gauge{desc: desc, labelPairs: desc.constLabelPairs}
-	result.init(result) // Init self-collection.
-	return result
-}
-
-type gauge struct {
-	// valBits contains the bits of the represented float64 value. It has
-	// to go first in the struct to guarantee alignment for atomic
-	// operations.  http://golang.org/pkg/sync/atomic/#pkg-note-BUG
-	valBits uint64
-
-	selfCollector
-
-	desc       *Desc
-	labelPairs []*dto.LabelPair
-}
-
-func (g *gauge) Desc() *Desc {
-	return g.desc
-}
-
-func (g *gauge) Set(val float64) {
-	atomic.StoreUint64(&g.valBits, math.Float64bits(val))
-}
-
-func (g *gauge) SetToCurrentTime() {
-	g.Set(float64(time.Now().UnixNano()) / 1e9)
-}
-
-func (g *gauge) Inc() {
-	g.Add(1)
-}
-
-func (g *gauge) Dec() {
-	g.Add(-1)
-}
-
-func (g *gauge) Add(val float64) {
-	for {
-		oldBits := atomic.LoadUint64(&g.valBits)
-		newBits := math.Float64bits(math.Float64frombits(oldBits) + val)
-		if atomic.CompareAndSwapUint64(&g.valBits, oldBits, newBits) {
-			return
-		}
-	}
-}
-
-func (g *gauge) Sub(val float64) {
-	g.Add(val * -1)
-}
-
-func (g *gauge) Write(out *dto.Metric) error {
-	val := math.Float64frombits(atomic.LoadUint64(&g.valBits))
-	return populateMetric(GaugeValue, val, g.labelPairs, nil, out)
-}
-
-// GaugeVec is a Collector that bundles a set of Gauges that all share the same
-// Desc, but have different values for their variable labels. This is used if
-// you want to count the same thing partitioned by various dimensions
-// (e.g. number of operations queued, partitioned by user and operation
-// type). Create instances with NewGaugeVec.
-type GaugeVec struct {
-	*MetricVec
-}
-
-// NewGaugeVec creates a new GaugeVec based on the provided GaugeOpts and
-// partitioned by the given label names.
-func NewGaugeVec(opts GaugeOpts, labelNames []string) *GaugeVec {
-	desc := NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		labelNames,
-		opts.ConstLabels,
-	)
-	return &GaugeVec{
-		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, lvs))
-			}
-			result := &gauge{desc: desc, labelPairs: MakeLabelPairs(desc, lvs)}
-			result.init(result) // Init self-collection.
-			return result
-		}),
-	}
-}
-
-// GetMetricWithLabelValues returns the Gauge for the given slice of label
-// values (same order as the variable labels in Desc). If that combination of
-// label values is accessed for the first time, a new Gauge is created.
-//
-// It is possible to call this method without using the returned Gauge to only
-// create the new Gauge but leave it at its starting value 0. See also the
-// SummaryVec example.
-//
-// Keeping the Gauge for later use is possible (and should be considered if
-// performance is critical), but keep in mind that Reset, DeleteLabelValues and
-// Delete can be used to delete the Gauge from the GaugeVec. In that case, the
-// Gauge will still exist, but it will not be exported anymore, even if a
-// Gauge with the same label values is created later. See also the CounterVec
-// example.
-//
-// An error is returned if the number of label values is not the same as the
-// number of variable labels in Desc (minus any curried labels).
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
-// an alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-func (v *GaugeVec) GetMetricWithLabelValues(lvs ...string) (Gauge, error) {
-	metric, err := v.MetricVec.GetMetricWithLabelValues(lvs...)
-	if metric != nil {
-		return metric.(Gauge), err
-	}
-	return nil, err
-}
-
-// GetMetricWith returns the Gauge for the given Labels map (the label names
-// must match those of the variable labels in Desc). If that label map is
-// accessed for the first time, a new Gauge is created. Implications of
-// creating a Gauge without using it and keeping the Gauge for later use are
-// the same as for GetMetricWithLabelValues.
-//
-// An error is returned if the number and names of the Labels are inconsistent
-// with those of the variable labels in Desc (minus any curried labels).
-//
-// This method is used for the same purpose as
-// GetMetricWithLabelValues(...string). See there for pros and cons of the two
-// methods.
-func (v *GaugeVec) GetMetricWith(labels Labels) (Gauge, error) {
-	metric, err := v.MetricVec.GetMetricWith(labels)
-	if metric != nil {
-		return metric.(Gauge), err
-	}
-	return nil, err
-}
-
-// WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. Not returning an
-// error allows shortcuts like
-//     myVec.WithLabelValues("404", "GET").Add(42)
-func (v *GaugeVec) WithLabelValues(lvs ...string) Gauge {
-	g, err := v.GetMetricWithLabelValues(lvs...)
-	if err != nil {
-		panic(err)
-	}
-	return g
-}
-
-// With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. Not returning an error allows shortcuts like
-//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Add(42)
-func (v *GaugeVec) With(labels Labels) Gauge {
-	g, err := v.GetMetricWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return g
-}
-
-// CurryWith returns a vector curried with the provided labels, i.e. the
-// returned vector has those labels pre-set for all labeled operations performed
-// on it. The cardinality of the curried vector is reduced accordingly. The
-// order of the remaining labels stays the same (just with the curried labels
-// taken out of the sequence – which is relevant for the
-// (GetMetric)WithLabelValues methods). It is possible to curry a curried
-// vector, but only with labels not yet used for currying before.
-//
-// The metrics contained in the GaugeVec are shared between the curried and
-// uncurried vectors. They are just accessed differently. Curried and uncurried
-// vectors behave identically in terms of collection. Only one must be
-// registered with a given registry (usually the uncurried version). The Reset
-// method deletes all metrics, even if called on a curried vector.
-func (v *GaugeVec) CurryWith(labels Labels) (*GaugeVec, error) {
-	vec, err := v.MetricVec.CurryWith(labels)
-	if vec != nil {
-		return &GaugeVec{vec}, err
-	}
-	return nil, err
-}
-
-// MustCurryWith works as CurryWith but panics where CurryWith would have
-// returned an error.
-func (v *GaugeVec) MustCurryWith(labels Labels) *GaugeVec {
-	vec, err := v.CurryWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return vec
-}
-
-// GaugeFunc is a Gauge whose value is determined at collect time by calling a
-// provided function.
-//
-// To create GaugeFunc instances, use NewGaugeFunc.
-type GaugeFunc interface {
-	Metric
-	Collector
-}
-
-// NewGaugeFunc creates a new GaugeFunc based on the provided GaugeOpts. The
-// value reported is determined by calling the given function from within the
-// Write method. Take into account that metric collection may happen
-// concurrently. Therefore, it must be safe to call the provided function
-// concurrently.
-//
-// NewGaugeFunc is a good way to create an “info� style metric with a constant
-// value of 1. Example:
-// https://github.com/prometheus/common/blob/8558a5b7db3c84fa38b4766966059a7bd5bfa2ee/version/info.go#L36-L56
-func NewGaugeFunc(opts GaugeOpts, function func() float64) GaugeFunc {
-	return newValueFunc(NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		nil,
-		opts.ConstLabels,
-	), GaugeValue, function)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/go_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/go_collector.go
deleted file mode 100644
index 08195b410..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/go_collector.go
+++ /dev/null
@@ -1,285 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"runtime"
-	"runtime/debug"
-	"time"
-)
-
-func goRuntimeMemStats() memStatsMetrics {
-	return memStatsMetrics{
-		{
-			desc: NewDesc(
-				memstatNamespace("alloc_bytes"),
-				"Number of bytes allocated and still in use.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.Alloc) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("alloc_bytes_total"),
-				"Total number of bytes allocated, even if freed.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.TotalAlloc) },
-			valType: CounterValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("sys_bytes"),
-				"Number of bytes obtained from system.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.Sys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("lookups_total"),
-				"Total number of pointer lookups.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.Lookups) },
-			valType: CounterValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("mallocs_total"),
-				"Total number of mallocs.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.Mallocs) },
-			valType: CounterValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("frees_total"),
-				"Total number of frees.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.Frees) },
-			valType: CounterValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("heap_alloc_bytes"),
-				"Number of heap bytes allocated and still in use.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.HeapAlloc) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("heap_sys_bytes"),
-				"Number of heap bytes obtained from system.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.HeapSys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("heap_idle_bytes"),
-				"Number of heap bytes waiting to be used.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.HeapIdle) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("heap_inuse_bytes"),
-				"Number of heap bytes that are in use.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.HeapInuse) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("heap_released_bytes"),
-				"Number of heap bytes released to OS.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.HeapReleased) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("heap_objects"),
-				"Number of allocated objects.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.HeapObjects) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("stack_inuse_bytes"),
-				"Number of bytes in use by the stack allocator.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.StackInuse) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("stack_sys_bytes"),
-				"Number of bytes obtained from system for stack allocator.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.StackSys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("mspan_inuse_bytes"),
-				"Number of bytes in use by mspan structures.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.MSpanInuse) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("mspan_sys_bytes"),
-				"Number of bytes used for mspan structures obtained from system.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.MSpanSys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("mcache_inuse_bytes"),
-				"Number of bytes in use by mcache structures.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.MCacheInuse) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("mcache_sys_bytes"),
-				"Number of bytes used for mcache structures obtained from system.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.MCacheSys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("buck_hash_sys_bytes"),
-				"Number of bytes used by the profiling bucket hash table.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.BuckHashSys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("gc_sys_bytes"),
-				"Number of bytes used for garbage collection system metadata.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.GCSys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("other_sys_bytes"),
-				"Number of bytes used for other system allocations.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.OtherSys) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("next_gc_bytes"),
-				"Number of heap bytes when next garbage collection will take place.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return float64(ms.NextGC) },
-			valType: GaugeValue,
-		}, {
-			desc: NewDesc(
-				memstatNamespace("gc_cpu_fraction"),
-				"The fraction of this program's available CPU time used by the GC since the program started.",
-				nil, nil,
-			),
-			eval:    func(ms *runtime.MemStats) float64 { return ms.GCCPUFraction },
-			valType: GaugeValue,
-		},
-	}
-}
-
-type baseGoCollector struct {
-	goroutinesDesc *Desc
-	threadsDesc    *Desc
-	gcDesc         *Desc
-	gcLastTimeDesc *Desc
-	goInfoDesc     *Desc
-}
-
-func newBaseGoCollector() baseGoCollector {
-	return baseGoCollector{
-		goroutinesDesc: NewDesc(
-			"go_goroutines",
-			"Number of goroutines that currently exist.",
-			nil, nil),
-		threadsDesc: NewDesc(
-			"go_threads",
-			"Number of OS threads created.",
-			nil, nil),
-		gcDesc: NewDesc(
-			"go_gc_duration_seconds",
-			"A summary of the pause duration of garbage collection cycles.",
-			nil, nil),
-		gcLastTimeDesc: NewDesc(
-			memstatNamespace("last_gc_time_seconds"),
-			"Number of seconds since 1970 of last garbage collection.",
-			nil, nil),
-		goInfoDesc: NewDesc(
-			"go_info",
-			"Information about the Go environment.",
-			nil, Labels{"version": runtime.Version()}),
-	}
-}
-
-// Describe returns all descriptions of the collector.
-func (c *baseGoCollector) Describe(ch chan<- *Desc) {
-	ch <- c.goroutinesDesc
-	ch <- c.threadsDesc
-	ch <- c.gcDesc
-	ch <- c.gcLastTimeDesc
-	ch <- c.goInfoDesc
-}
-
-// Collect returns the current state of all metrics of the collector.
-func (c *baseGoCollector) Collect(ch chan<- Metric) {
-	ch <- MustNewConstMetric(c.goroutinesDesc, GaugeValue, float64(runtime.NumGoroutine()))
-	n, _ := runtime.ThreadCreateProfile(nil)
-	ch <- MustNewConstMetric(c.threadsDesc, GaugeValue, float64(n))
-
-	var stats debug.GCStats
-	stats.PauseQuantiles = make([]time.Duration, 5)
-	debug.ReadGCStats(&stats)
-
-	quantiles := make(map[float64]float64)
-	for idx, pq := range stats.PauseQuantiles[1:] {
-		quantiles[float64(idx+1)/float64(len(stats.PauseQuantiles)-1)] = pq.Seconds()
-	}
-	quantiles[0.0] = stats.PauseQuantiles[0].Seconds()
-	ch <- MustNewConstSummary(c.gcDesc, uint64(stats.NumGC), stats.PauseTotal.Seconds(), quantiles)
-	ch <- MustNewConstMetric(c.gcLastTimeDesc, GaugeValue, float64(stats.LastGC.UnixNano())/1e9)
-
-	ch <- MustNewConstMetric(c.goInfoDesc, GaugeValue, 1)
-}
-
-func memstatNamespace(s string) string {
-	return "go_memstats_" + s
-}
-
-// memStatsMetrics provide description, evaluator, runtime/metrics name, and
-// value type for memstat metrics.
-type memStatsMetrics []struct {
-	desc    *Desc
-	eval    func(*runtime.MemStats) float64
-	valType ValueType
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_go116.go b/vendor/github.com/prometheus/client_golang/prometheus/go_collector_go116.go
deleted file mode 100644
index 24526131e..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_go116.go
+++ /dev/null
@@ -1,107 +0,0 @@
-// Copyright 2021 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !go1.17
-// +build !go1.17
-
-package prometheus
-
-import (
-	"runtime"
-	"sync"
-	"time"
-)
-
-type goCollector struct {
-	base baseGoCollector
-
-	// ms... are memstats related.
-	msLast          *runtime.MemStats // Previously collected memstats.
-	msLastTimestamp time.Time
-	msMtx           sync.Mutex // Protects msLast and msLastTimestamp.
-	msMetrics       memStatsMetrics
-	msRead          func(*runtime.MemStats) // For mocking in tests.
-	msMaxWait       time.Duration           // Wait time for fresh memstats.
-	msMaxAge        time.Duration           // Maximum allowed age of old memstats.
-}
-
-// NewGoCollector is the obsolete version of collectors.NewGoCollector.
-// See there for documentation.
-//
-// Deprecated: Use collectors.NewGoCollector instead.
-func NewGoCollector() Collector {
-	return &goCollector{
-		base:      newBaseGoCollector(),
-		msLast:    &runtime.MemStats{},
-		msRead:    runtime.ReadMemStats,
-		msMaxWait: time.Second,
-		msMaxAge:  5 * time.Minute,
-		msMetrics: goRuntimeMemStats(),
-	}
-}
-
-// Describe returns all descriptions of the collector.
-func (c *goCollector) Describe(ch chan<- *Desc) {
-	c.base.Describe(ch)
-	for _, i := range c.msMetrics {
-		ch <- i.desc
-	}
-}
-
-// Collect returns the current state of all metrics of the collector.
-func (c *goCollector) Collect(ch chan<- Metric) {
-	var (
-		ms   = &runtime.MemStats{}
-		done = make(chan struct{})
-	)
-	// Start reading memstats first as it might take a while.
-	go func() {
-		c.msRead(ms)
-		c.msMtx.Lock()
-		c.msLast = ms
-		c.msLastTimestamp = time.Now()
-		c.msMtx.Unlock()
-		close(done)
-	}()
-
-	// Collect base non-memory metrics.
-	c.base.Collect(ch)
-
-	timer := time.NewTimer(c.msMaxWait)
-	select {
-	case <-done: // Our own ReadMemStats succeeded in time. Use it.
-		timer.Stop() // Important for high collection frequencies to not pile up timers.
-		c.msCollect(ch, ms)
-		return
-	case <-timer.C: // Time out, use last memstats if possible. Continue below.
-	}
-	c.msMtx.Lock()
-	if time.Since(c.msLastTimestamp) < c.msMaxAge {
-		// Last memstats are recent enough. Collect from them under the lock.
-		c.msCollect(ch, c.msLast)
-		c.msMtx.Unlock()
-		return
-	}
-	// If we are here, the last memstats are too old or don't exist. We have
-	// to wait until our own ReadMemStats finally completes. For that to
-	// happen, we have to release the lock.
-	c.msMtx.Unlock()
-	<-done
-	c.msCollect(ch, ms)
-}
-
-func (c *goCollector) msCollect(ch chan<- Metric, ms *runtime.MemStats) {
-	for _, i := range c.msMetrics {
-		ch <- MustNewConstMetric(i.desc, i.valType, i.eval(ms))
-	}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_go117.go b/vendor/github.com/prometheus/client_golang/prometheus/go_collector_go117.go
deleted file mode 100644
index d43bdcdda..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_go117.go
+++ /dev/null
@@ -1,408 +0,0 @@
-// Copyright 2021 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build go1.17
-// +build go1.17
-
-package prometheus
-
-import (
-	"math"
-	"runtime"
-	"runtime/metrics"
-	"strings"
-	"sync"
-
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"github.com/prometheus/client_golang/prometheus/internal"
-	dto "github.com/prometheus/client_model/go"
-)
-
-type goCollector struct {
-	base baseGoCollector
-
-	// mu protects updates to all fields ensuring a consistent
-	// snapshot is always produced by Collect.
-	mu sync.Mutex
-
-	// rm... fields all pertain to the runtime/metrics package.
-	rmSampleBuf []metrics.Sample
-	rmSampleMap map[string]*metrics.Sample
-	rmMetrics   []collectorMetric
-
-	// With Go 1.17, the runtime/metrics package was introduced.
-	// From that point on, metric names produced by the runtime/metrics
-	// package could be generated from runtime/metrics names. However,
-	// these differ from the old names for the same values.
-	//
-	// This field exist to export the same values under the old names
-	// as well.
-	msMetrics memStatsMetrics
-}
-
-// NewGoCollector is the obsolete version of collectors.NewGoCollector.
-// See there for documentation.
-//
-// Deprecated: Use collectors.NewGoCollector instead.
-func NewGoCollector() Collector {
-	descriptions := metrics.All()
-
-	// Collect all histogram samples so that we can get their buckets.
-	// The API guarantees that the buckets are always fixed for the lifetime
-	// of the process.
-	var histograms []metrics.Sample
-	for _, d := range descriptions {
-		if d.Kind == metrics.KindFloat64Histogram {
-			histograms = append(histograms, metrics.Sample{Name: d.Name})
-		}
-	}
-	metrics.Read(histograms)
-	bucketsMap := make(map[string][]float64)
-	for i := range histograms {
-		bucketsMap[histograms[i].Name] = histograms[i].Value.Float64Histogram().Buckets
-	}
-
-	// Generate a Desc and ValueType for each runtime/metrics metric.
-	metricSet := make([]collectorMetric, 0, len(descriptions))
-	sampleBuf := make([]metrics.Sample, 0, len(descriptions))
-	sampleMap := make(map[string]*metrics.Sample, len(descriptions))
-	for i := range descriptions {
-		d := &descriptions[i]
-		namespace, subsystem, name, ok := internal.RuntimeMetricsToProm(d)
-		if !ok {
-			// Just ignore this metric; we can't do anything with it here.
-			// If a user decides to use the latest version of Go, we don't want
-			// to fail here. This condition is tested elsewhere.
-			continue
-		}
-
-		// Set up sample buffer for reading, and a map
-		// for quick lookup of sample values.
-		sampleBuf = append(sampleBuf, metrics.Sample{Name: d.Name})
-		sampleMap[d.Name] = &sampleBuf[len(sampleBuf)-1]
-
-		var m collectorMetric
-		if d.Kind == metrics.KindFloat64Histogram {
-			_, hasSum := rmExactSumMap[d.Name]
-			unit := d.Name[strings.IndexRune(d.Name, ':')+1:]
-			m = newBatchHistogram(
-				NewDesc(
-					BuildFQName(namespace, subsystem, name),
-					d.Description,
-					nil,
-					nil,
-				),
-				internal.RuntimeMetricsBucketsForUnit(bucketsMap[d.Name], unit),
-				hasSum,
-			)
-		} else if d.Cumulative {
-			m = NewCounter(CounterOpts{
-				Namespace: namespace,
-				Subsystem: subsystem,
-				Name:      name,
-				Help:      d.Description,
-			})
-		} else {
-			m = NewGauge(GaugeOpts{
-				Namespace: namespace,
-				Subsystem: subsystem,
-				Name:      name,
-				Help:      d.Description,
-			})
-		}
-		metricSet = append(metricSet, m)
-	}
-	return &goCollector{
-		base:        newBaseGoCollector(),
-		rmSampleBuf: sampleBuf,
-		rmSampleMap: sampleMap,
-		rmMetrics:   metricSet,
-		msMetrics:   goRuntimeMemStats(),
-	}
-}
-
-// Describe returns all descriptions of the collector.
-func (c *goCollector) Describe(ch chan<- *Desc) {
-	c.base.Describe(ch)
-	for _, i := range c.msMetrics {
-		ch <- i.desc
-	}
-	for _, m := range c.rmMetrics {
-		ch <- m.Desc()
-	}
-}
-
-// Collect returns the current state of all metrics of the collector.
-func (c *goCollector) Collect(ch chan<- Metric) {
-	// Collect base non-memory metrics.
-	c.base.Collect(ch)
-
-	// Collect must be thread-safe, so prevent concurrent use of
-	// rmSampleBuf. Just read into rmSampleBuf but write all the data
-	// we get into our Metrics or MemStats.
-	//
-	// This lock also ensures that the Metrics we send out are all from
-	// the same updates, ensuring their mutual consistency insofar as
-	// is guaranteed by the runtime/metrics package.
-	//
-	// N.B. This locking is heavy-handed, but Collect is expected to be called
-	// relatively infrequently. Also the core operation here, metrics.Read,
-	// is fast (O(tens of microseconds)) so contention should certainly be
-	// low, though channel operations and any allocations may add to that.
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	// Populate runtime/metrics sample buffer.
-	metrics.Read(c.rmSampleBuf)
-
-	// Update all our metrics from rmSampleBuf.
-	for i, sample := range c.rmSampleBuf {
-		// N.B. switch on concrete type because it's significantly more efficient
-		// than checking for the Counter and Gauge interface implementations. In
-		// this case, we control all the types here.
-		switch m := c.rmMetrics[i].(type) {
-		case *counter:
-			// Guard against decreases. This should never happen, but a failure
-			// to do so will result in a panic, which is a harsh consequence for
-			// a metrics collection bug.
-			v0, v1 := m.get(), unwrapScalarRMValue(sample.Value)
-			if v1 > v0 {
-				m.Add(unwrapScalarRMValue(sample.Value) - m.get())
-			}
-			m.Collect(ch)
-		case *gauge:
-			m.Set(unwrapScalarRMValue(sample.Value))
-			m.Collect(ch)
-		case *batchHistogram:
-			m.update(sample.Value.Float64Histogram(), c.exactSumFor(sample.Name))
-			m.Collect(ch)
-		default:
-			panic("unexpected metric type")
-		}
-	}
-	// ms is a dummy MemStats that we populate ourselves so that we can
-	// populate the old metrics from it.
-	var ms runtime.MemStats
-	memStatsFromRM(&ms, c.rmSampleMap)
-	for _, i := range c.msMetrics {
-		ch <- MustNewConstMetric(i.desc, i.valType, i.eval(&ms))
-	}
-}
-
-// unwrapScalarRMValue unwraps a runtime/metrics value that is assumed
-// to be scalar and returns the equivalent float64 value. Panics if the
-// value is not scalar.
-func unwrapScalarRMValue(v metrics.Value) float64 {
-	switch v.Kind() {
-	case metrics.KindUint64:
-		return float64(v.Uint64())
-	case metrics.KindFloat64:
-		return v.Float64()
-	case metrics.KindBad:
-		// Unsupported metric.
-		//
-		// This should never happen because we always populate our metric
-		// set from the runtime/metrics package.
-		panic("unexpected unsupported metric")
-	default:
-		// Unsupported metric kind.
-		//
-		// This should never happen because we check for this during initialization
-		// and flag and filter metrics whose kinds we don't understand.
-		panic("unexpected unsupported metric kind")
-	}
-}
-
-var rmExactSumMap = map[string]string{
-	"/gc/heap/allocs-by-size:bytes": "/gc/heap/allocs:bytes",
-	"/gc/heap/frees-by-size:bytes":  "/gc/heap/frees:bytes",
-}
-
-// exactSumFor takes a runtime/metrics metric name (that is assumed to
-// be of kind KindFloat64Histogram) and returns its exact sum and whether
-// its exact sum exists.
-//
-// The runtime/metrics API for histograms doesn't currently expose exact
-// sums, but some of the other metrics are in fact exact sums of histograms.
-func (c *goCollector) exactSumFor(rmName string) float64 {
-	sumName, ok := rmExactSumMap[rmName]
-	if !ok {
-		return 0
-	}
-	s, ok := c.rmSampleMap[sumName]
-	if !ok {
-		return 0
-	}
-	return unwrapScalarRMValue(s.Value)
-}
-
-func memStatsFromRM(ms *runtime.MemStats, rm map[string]*metrics.Sample) {
-	lookupOrZero := func(name string) uint64 {
-		if s, ok := rm[name]; ok {
-			return s.Value.Uint64()
-		}
-		return 0
-	}
-
-	// Currently, MemStats adds tiny alloc count to both Mallocs AND Frees.
-	// The reason for this is because MemStats couldn't be extended at the time
-	// but there was a desire to have Mallocs at least be a little more representative,
-	// while having Mallocs - Frees still represent a live object count.
-	// Unfortunately, MemStats doesn't actually export a large allocation count,
-	// so it's impossible to pull this number out directly.
-	tinyAllocs := lookupOrZero("/gc/heap/tiny/allocs:objects")
-	ms.Mallocs = lookupOrZero("/gc/heap/allocs:objects") + tinyAllocs
-	ms.Frees = lookupOrZero("/gc/heap/frees:objects") + tinyAllocs
-
-	ms.TotalAlloc = lookupOrZero("/gc/heap/allocs:bytes")
-	ms.Sys = lookupOrZero("/memory/classes/total:bytes")
-	ms.Lookups = 0 // Already always zero.
-	ms.HeapAlloc = lookupOrZero("/memory/classes/heap/objects:bytes")
-	ms.Alloc = ms.HeapAlloc
-	ms.HeapInuse = ms.HeapAlloc + lookupOrZero("/memory/classes/heap/unused:bytes")
-	ms.HeapReleased = lookupOrZero("/memory/classes/heap/released:bytes")
-	ms.HeapIdle = ms.HeapReleased + lookupOrZero("/memory/classes/heap/free:bytes")
-	ms.HeapSys = ms.HeapInuse + ms.HeapIdle
-	ms.HeapObjects = lookupOrZero("/gc/heap/objects:objects")
-	ms.StackInuse = lookupOrZero("/memory/classes/heap/stacks:bytes")
-	ms.StackSys = ms.StackInuse + lookupOrZero("/memory/classes/os-stacks:bytes")
-	ms.MSpanInuse = lookupOrZero("/memory/classes/metadata/mspan/inuse:bytes")
-	ms.MSpanSys = ms.MSpanInuse + lookupOrZero("/memory/classes/metadata/mspan/free:bytes")
-	ms.MCacheInuse = lookupOrZero("/memory/classes/metadata/mcache/inuse:bytes")
-	ms.MCacheSys = ms.MCacheInuse + lookupOrZero("/memory/classes/metadata/mcache/free:bytes")
-	ms.BuckHashSys = lookupOrZero("/memory/classes/profiling/buckets:bytes")
-	ms.GCSys = lookupOrZero("/memory/classes/metadata/other:bytes")
-	ms.OtherSys = lookupOrZero("/memory/classes/other:bytes")
-	ms.NextGC = lookupOrZero("/gc/heap/goal:bytes")
-
-	// N.B. LastGC is omitted because runtime.GCStats already has this.
-	// See https://github.com/prometheus/client_golang/issues/842#issuecomment-861812034
-	// for more details.
-	ms.LastGC = 0
-
-	// N.B. GCCPUFraction is intentionally omitted. This metric is not useful,
-	// and often misleading due to the fact that it's an average over the lifetime
-	// of the process.
-	// See https://github.com/prometheus/client_golang/issues/842#issuecomment-861812034
-	// for more details.
-	ms.GCCPUFraction = 0
-}
-
-// batchHistogram is a mutable histogram that is updated
-// in batches.
-type batchHistogram struct {
-	selfCollector
-
-	// Static fields updated only once.
-	desc   *Desc
-	hasSum bool
-
-	// Because this histogram operates in batches, it just uses a
-	// single mutex for everything. updates are always serialized
-	// but Write calls may operate concurrently with updates.
-	// Contention between these two sources should be rare.
-	mu      sync.Mutex
-	buckets []float64 // Inclusive lower bounds, like runtime/metrics.
-	counts  []uint64
-	sum     float64 // Used if hasSum is true.
-}
-
-// newBatchHistogram creates a new batch histogram value with the given
-// Desc, buckets, and whether or not it has an exact sum available.
-//
-// buckets must always be from the runtime/metrics package, following
-// the same conventions.
-func newBatchHistogram(desc *Desc, buckets []float64, hasSum bool) *batchHistogram {
-	h := &batchHistogram{
-		desc:    desc,
-		buckets: buckets,
-		// Because buckets follows runtime/metrics conventions, there's
-		// 1 more value in the buckets list than there are buckets represented,
-		// because in runtime/metrics, the bucket values represent *boundaries*,
-		// and non-Inf boundaries are inclusive lower bounds for that bucket.
-		counts: make([]uint64, len(buckets)-1),
-		hasSum: hasSum,
-	}
-	h.init(h)
-	return h
-}
-
-// update updates the batchHistogram from a runtime/metrics histogram.
-//
-// sum must be provided if the batchHistogram was created to have an exact sum.
-// h.buckets must be a strict subset of his.Buckets.
-func (h *batchHistogram) update(his *metrics.Float64Histogram, sum float64) {
-	counts, buckets := his.Counts, his.Buckets
-
-	h.mu.Lock()
-	defer h.mu.Unlock()
-
-	// Clear buckets.
-	for i := range h.counts {
-		h.counts[i] = 0
-	}
-	// Copy and reduce buckets.
-	var j int
-	for i, count := range counts {
-		h.counts[j] += count
-		if buckets[i+1] == h.buckets[j+1] {
-			j++
-		}
-	}
-	if h.hasSum {
-		h.sum = sum
-	}
-}
-
-func (h *batchHistogram) Desc() *Desc {
-	return h.desc
-}
-
-func (h *batchHistogram) Write(out *dto.Metric) error {
-	h.mu.Lock()
-	defer h.mu.Unlock()
-
-	sum := float64(0)
-	if h.hasSum {
-		sum = h.sum
-	}
-	dtoBuckets := make([]*dto.Bucket, 0, len(h.counts))
-	totalCount := uint64(0)
-	for i, count := range h.counts {
-		totalCount += count
-		if !h.hasSum {
-			// N.B. This computed sum is an underestimate.
-			sum += h.buckets[i] * float64(count)
-		}
-
-		// Skip the +Inf bucket, but only for the bucket list.
-		// It must still count for sum and totalCount.
-		if math.IsInf(h.buckets[i+1], 1) {
-			break
-		}
-		// Float64Histogram's upper bound is exclusive, so make it inclusive
-		// by obtaining the next float64 value down, in order.
-		upperBound := math.Nextafter(h.buckets[i+1], h.buckets[i])
-		dtoBuckets = append(dtoBuckets, &dto.Bucket{
-			CumulativeCount: proto.Uint64(totalCount),
-			UpperBound:      proto.Float64(upperBound),
-		})
-	}
-	out.Histogram = &dto.Histogram{
-		Bucket:      dtoBuckets,
-		SampleCount: proto.Uint64(totalCount),
-		SampleSum:   proto.Float64(sum),
-	}
-	return nil
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
deleted file mode 100644
index 893802fd6..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
+++ /dev/null
@@ -1,670 +0,0 @@
-// Copyright 2015 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"fmt"
-	"math"
-	"runtime"
-	"sort"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// A Histogram counts individual observations from an event or sample stream in
-// configurable buckets. Similar to a summary, it also provides a sum of
-// observations and an observation count.
-//
-// On the Prometheus server, quantiles can be calculated from a Histogram using
-// the histogram_quantile function in the query language.
-//
-// Note that Histograms, in contrast to Summaries, can be aggregated with the
-// Prometheus query language (see the documentation for detailed
-// procedures). However, Histograms require the user to pre-define suitable
-// buckets, and they are in general less accurate. The Observe method of a
-// Histogram has a very low performance overhead in comparison with the Observe
-// method of a Summary.
-//
-// To create Histogram instances, use NewHistogram.
-type Histogram interface {
-	Metric
-	Collector
-
-	// Observe adds a single observation to the histogram. Observations are
-	// usually positive or zero. Negative observations are accepted but
-	// prevent current versions of Prometheus from properly detecting
-	// counter resets in the sum of observations. See
-	// https://prometheus.io/docs/practices/histograms/#count-and-sum-of-observations
-	// for details.
-	Observe(float64)
-}
-
-// bucketLabel is used for the label that defines the upper bound of a
-// bucket of a histogram ("le" -> "less or equal").
-const bucketLabel = "le"
-
-// DefBuckets are the default Histogram buckets. The default buckets are
-// tailored to broadly measure the response time (in seconds) of a network
-// service. Most likely, however, you will be required to define buckets
-// customized to your use case.
-var (
-	DefBuckets = []float64{.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10}
-
-	errBucketLabelNotAllowed = fmt.Errorf(
-		"%q is not allowed as label name in histograms", bucketLabel,
-	)
-)
-
-// LinearBuckets creates 'count' buckets, each 'width' wide, where the lowest
-// bucket has an upper bound of 'start'. The final +Inf bucket is not counted
-// and not included in the returned slice. The returned slice is meant to be
-// used for the Buckets field of HistogramOpts.
-//
-// The function panics if 'count' is zero or negative.
-func LinearBuckets(start, width float64, count int) []float64 {
-	if count < 1 {
-		panic("LinearBuckets needs a positive count")
-	}
-	buckets := make([]float64, count)
-	for i := range buckets {
-		buckets[i] = start
-		start += width
-	}
-	return buckets
-}
-
-// ExponentialBuckets creates 'count' buckets, where the lowest bucket has an
-// upper bound of 'start' and each following bucket's upper bound is 'factor'
-// times the previous bucket's upper bound. The final +Inf bucket is not counted
-// and not included in the returned slice. The returned slice is meant to be
-// used for the Buckets field of HistogramOpts.
-//
-// The function panics if 'count' is 0 or negative, if 'start' is 0 or negative,
-// or if 'factor' is less than or equal 1.
-func ExponentialBuckets(start, factor float64, count int) []float64 {
-	if count < 1 {
-		panic("ExponentialBuckets needs a positive count")
-	}
-	if start <= 0 {
-		panic("ExponentialBuckets needs a positive start value")
-	}
-	if factor <= 1 {
-		panic("ExponentialBuckets needs a factor greater than 1")
-	}
-	buckets := make([]float64, count)
-	for i := range buckets {
-		buckets[i] = start
-		start *= factor
-	}
-	return buckets
-}
-
-// ExponentialBucketsRange creates 'count' buckets, where the lowest bucket is
-// 'min' and the highest bucket is 'max'. The final +Inf bucket is not counted
-// and not included in the returned slice. The returned slice is meant to be
-// used for the Buckets field of HistogramOpts.
-//
-// The function panics if 'count' is 0 or negative, if 'min' is 0 or negative.
-func ExponentialBucketsRange(min, max float64, count int) []float64 {
-	if count < 1 {
-		panic("ExponentialBucketsRange count needs a positive count")
-	}
-	if min <= 0 {
-		panic("ExponentialBucketsRange min needs to be greater than 0")
-	}
-
-	// Formula for exponential buckets.
-	// max = min*growthFactor^(bucketCount-1)
-
-	// We know max/min and highest bucket. Solve for growthFactor.
-	growthFactor := math.Pow(max/min, 1.0/float64(count-1))
-
-	// Now that we know growthFactor, solve for each bucket.
-	buckets := make([]float64, count)
-	for i := 1; i <= count; i++ {
-		buckets[i-1] = min * math.Pow(growthFactor, float64(i-1))
-	}
-	return buckets
-}
-
-// HistogramOpts bundles the options for creating a Histogram metric. It is
-// mandatory to set Name to a non-empty string. All other fields are optional
-// and can safely be left at their zero value, although it is strongly
-// encouraged to set a Help string.
-type HistogramOpts struct {
-	// Namespace, Subsystem, and Name are components of the fully-qualified
-	// name of the Histogram (created by joining these components with
-	// "_"). Only Name is mandatory, the others merely help structuring the
-	// name. Note that the fully-qualified name of the Histogram must be a
-	// valid Prometheus metric name.
-	Namespace string
-	Subsystem string
-	Name      string
-
-	// Help provides information about this Histogram.
-	//
-	// Metrics with the same fully-qualified name must have the same Help
-	// string.
-	Help string
-
-	// ConstLabels are used to attach fixed labels to this metric. Metrics
-	// with the same fully-qualified name must have the same label names in
-	// their ConstLabels.
-	//
-	// ConstLabels are only used rarely. In particular, do not use them to
-	// attach the same labels to all your metrics. Those use cases are
-	// better covered by target labels set by the scraping Prometheus
-	// server, or by one specific metric (e.g. a build_info or a
-	// machine_role metric). See also
-	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
-	ConstLabels Labels
-
-	// Buckets defines the buckets into which observations are counted. Each
-	// element in the slice is the upper inclusive bound of a bucket. The
-	// values must be sorted in strictly increasing order. There is no need
-	// to add a highest bucket with +Inf bound, it will be added
-	// implicitly. The default value is DefBuckets.
-	Buckets []float64
-}
-
-// NewHistogram creates a new Histogram based on the provided HistogramOpts. It
-// panics if the buckets in HistogramOpts are not in strictly increasing order.
-//
-// The returned implementation also implements ExemplarObserver. It is safe to
-// perform the corresponding type assertion. Exemplars are tracked separately
-// for each bucket.
-func NewHistogram(opts HistogramOpts) Histogram {
-	return newHistogram(
-		NewDesc(
-			BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-			opts.Help,
-			nil,
-			opts.ConstLabels,
-		),
-		opts,
-	)
-}
-
-func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogram {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, labelValues))
-	}
-
-	for _, n := range desc.variableLabels {
-		if n == bucketLabel {
-			panic(errBucketLabelNotAllowed)
-		}
-	}
-	for _, lp := range desc.constLabelPairs {
-		if lp.GetName() == bucketLabel {
-			panic(errBucketLabelNotAllowed)
-		}
-	}
-
-	if len(opts.Buckets) == 0 {
-		opts.Buckets = DefBuckets
-	}
-
-	h := &histogram{
-		desc:        desc,
-		upperBounds: opts.Buckets,
-		labelPairs:  MakeLabelPairs(desc, labelValues),
-		counts:      [2]*histogramCounts{{}, {}},
-		now:         time.Now,
-	}
-	for i, upperBound := range h.upperBounds {
-		if i < len(h.upperBounds)-1 {
-			if upperBound >= h.upperBounds[i+1] {
-				panic(fmt.Errorf(
-					"histogram buckets must be in increasing order: %f >= %f",
-					upperBound, h.upperBounds[i+1],
-				))
-			}
-		} else {
-			if math.IsInf(upperBound, +1) {
-				// The +Inf bucket is implicit. Remove it here.
-				h.upperBounds = h.upperBounds[:i]
-			}
-		}
-	}
-	// Finally we know the final length of h.upperBounds and can make buckets
-	// for both counts as well as exemplars:
-	h.counts[0].buckets = make([]uint64, len(h.upperBounds))
-	h.counts[1].buckets = make([]uint64, len(h.upperBounds))
-	h.exemplars = make([]atomic.Value, len(h.upperBounds)+1)
-
-	h.init(h) // Init self-collection.
-	return h
-}
-
-type histogramCounts struct {
-	// sumBits contains the bits of the float64 representing the sum of all
-	// observations. sumBits and count have to go first in the struct to
-	// guarantee alignment for atomic operations.
-	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
-	sumBits uint64
-	count   uint64
-	buckets []uint64
-}
-
-type histogram struct {
-	// countAndHotIdx enables lock-free writes with use of atomic updates.
-	// The most significant bit is the hot index [0 or 1] of the count field
-	// below. Observe calls update the hot one. All remaining bits count the
-	// number of Observe calls. Observe starts by incrementing this counter,
-	// and finish by incrementing the count field in the respective
-	// histogramCounts, as a marker for completion.
-	//
-	// Calls of the Write method (which are non-mutating reads from the
-	// perspective of the histogram) swap the hot–cold under the writeMtx
-	// lock. A cooldown is awaited (while locked) by comparing the number of
-	// observations with the initiation count. Once they match, then the
-	// last observation on the now cool one has completed. All cool fields must
-	// be merged into the new hot before releasing writeMtx.
-	//
-	// Fields with atomic access first! See alignment constraint:
-	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
-	countAndHotIdx uint64
-
-	selfCollector
-	desc     *Desc
-	writeMtx sync.Mutex // Only used in the Write method.
-
-	// Two counts, one is "hot" for lock-free observations, the other is
-	// "cold" for writing out a dto.Metric. It has to be an array of
-	// pointers to guarantee 64bit alignment of the histogramCounts, see
-	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG.
-	counts [2]*histogramCounts
-
-	upperBounds []float64
-	labelPairs  []*dto.LabelPair
-	exemplars   []atomic.Value // One more than buckets (to include +Inf), each a *dto.Exemplar.
-
-	now func() time.Time // To mock out time.Now() for testing.
-}
-
-func (h *histogram) Desc() *Desc {
-	return h.desc
-}
-
-func (h *histogram) Observe(v float64) {
-	h.observe(v, h.findBucket(v))
-}
-
-func (h *histogram) ObserveWithExemplar(v float64, e Labels) {
-	i := h.findBucket(v)
-	h.observe(v, i)
-	h.updateExemplar(v, i, e)
-}
-
-func (h *histogram) Write(out *dto.Metric) error {
-	// For simplicity, we protect this whole method by a mutex. It is not in
-	// the hot path, i.e. Observe is called much more often than Write. The
-	// complication of making Write lock-free isn't worth it, if possible at
-	// all.
-	h.writeMtx.Lock()
-	defer h.writeMtx.Unlock()
-
-	// Adding 1<<63 switches the hot index (from 0 to 1 or from 1 to 0)
-	// without touching the count bits. See the struct comments for a full
-	// description of the algorithm.
-	n := atomic.AddUint64(&h.countAndHotIdx, 1<<63)
-	// count is contained unchanged in the lower 63 bits.
-	count := n & ((1 << 63) - 1)
-	// The most significant bit tells us which counts is hot. The complement
-	// is thus the cold one.
-	hotCounts := h.counts[n>>63]
-	coldCounts := h.counts[(^n)>>63]
-
-	// Await cooldown.
-	for count != atomic.LoadUint64(&coldCounts.count) {
-		runtime.Gosched() // Let observations get work done.
-	}
-
-	his := &dto.Histogram{
-		Bucket:      make([]*dto.Bucket, len(h.upperBounds)),
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
-	}
-	var cumCount uint64
-	for i, upperBound := range h.upperBounds {
-		cumCount += atomic.LoadUint64(&coldCounts.buckets[i])
-		his.Bucket[i] = &dto.Bucket{
-			CumulativeCount: proto.Uint64(cumCount),
-			UpperBound:      proto.Float64(upperBound),
-		}
-		if e := h.exemplars[i].Load(); e != nil {
-			his.Bucket[i].Exemplar = e.(*dto.Exemplar)
-		}
-	}
-	// If there is an exemplar for the +Inf bucket, we have to add that bucket explicitly.
-	if e := h.exemplars[len(h.upperBounds)].Load(); e != nil {
-		b := &dto.Bucket{
-			CumulativeCount: proto.Uint64(count),
-			UpperBound:      proto.Float64(math.Inf(1)),
-			Exemplar:        e.(*dto.Exemplar),
-		}
-		his.Bucket = append(his.Bucket, b)
-	}
-
-	out.Histogram = his
-	out.Label = h.labelPairs
-
-	// Finally add all the cold counts to the new hot counts and reset the cold counts.
-	atomic.AddUint64(&hotCounts.count, count)
-	atomic.StoreUint64(&coldCounts.count, 0)
-	for {
-		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
-		newBits := math.Float64bits(math.Float64frombits(oldBits) + his.GetSampleSum())
-		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
-			atomic.StoreUint64(&coldCounts.sumBits, 0)
-			break
-		}
-	}
-	for i := range h.upperBounds {
-		atomic.AddUint64(&hotCounts.buckets[i], atomic.LoadUint64(&coldCounts.buckets[i]))
-		atomic.StoreUint64(&coldCounts.buckets[i], 0)
-	}
-	return nil
-}
-
-// findBucket returns the index of the bucket for the provided value, or
-// len(h.upperBounds) for the +Inf bucket.
-func (h *histogram) findBucket(v float64) int {
-	// TODO(beorn7): For small numbers of buckets (<30), a linear search is
-	// slightly faster than the binary search. If we really care, we could
-	// switch from one search strategy to the other depending on the number
-	// of buckets.
-	//
-	// Microbenchmarks (BenchmarkHistogramNoLabels):
-	// 11 buckets: 38.3 ns/op linear - binary 48.7 ns/op
-	// 100 buckets: 78.1 ns/op linear - binary 54.9 ns/op
-	// 300 buckets: 154 ns/op linear - binary 61.6 ns/op
-	return sort.SearchFloat64s(h.upperBounds, v)
-}
-
-// observe is the implementation for Observe without the findBucket part.
-func (h *histogram) observe(v float64, bucket int) {
-	// We increment h.countAndHotIdx so that the counter in the lower
-	// 63 bits gets incremented. At the same time, we get the new value
-	// back, which we can use to find the currently-hot counts.
-	n := atomic.AddUint64(&h.countAndHotIdx, 1)
-	hotCounts := h.counts[n>>63]
-
-	if bucket < len(h.upperBounds) {
-		atomic.AddUint64(&hotCounts.buckets[bucket], 1)
-	}
-	for {
-		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
-		newBits := math.Float64bits(math.Float64frombits(oldBits) + v)
-		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
-			break
-		}
-	}
-	// Increment count last as we take it as a signal that the observation
-	// is complete.
-	atomic.AddUint64(&hotCounts.count, 1)
-}
-
-// updateExemplar replaces the exemplar for the provided bucket. With empty
-// labels, it's a no-op. It panics if any of the labels is invalid.
-func (h *histogram) updateExemplar(v float64, bucket int, l Labels) {
-	if l == nil {
-		return
-	}
-	e, err := newExemplar(v, h.now(), l)
-	if err != nil {
-		panic(err)
-	}
-	h.exemplars[bucket].Store(e)
-}
-
-// HistogramVec is a Collector that bundles a set of Histograms that all share the
-// same Desc, but have different values for their variable labels. This is used
-// if you want to count the same thing partitioned by various dimensions
-// (e.g. HTTP request latencies, partitioned by status code and method). Create
-// instances with NewHistogramVec.
-type HistogramVec struct {
-	*MetricVec
-}
-
-// NewHistogramVec creates a new HistogramVec based on the provided HistogramOpts and
-// partitioned by the given label names.
-func NewHistogramVec(opts HistogramOpts, labelNames []string) *HistogramVec {
-	desc := NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		labelNames,
-		opts.ConstLabels,
-	)
-	return &HistogramVec{
-		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			return newHistogram(desc, opts, lvs...)
-		}),
-	}
-}
-
-// GetMetricWithLabelValues returns the Histogram for the given slice of label
-// values (same order as the variable labels in Desc). If that combination of
-// label values is accessed for the first time, a new Histogram is created.
-//
-// It is possible to call this method without using the returned Histogram to only
-// create the new Histogram but leave it at its starting value, a Histogram without
-// any observations.
-//
-// Keeping the Histogram for later use is possible (and should be considered if
-// performance is critical), but keep in mind that Reset, DeleteLabelValues and
-// Delete can be used to delete the Histogram from the HistogramVec. In that case, the
-// Histogram will still exist, but it will not be exported anymore, even if a
-// Histogram with the same label values is created later. See also the CounterVec
-// example.
-//
-// An error is returned if the number of label values is not the same as the
-// number of variable labels in Desc (minus any curried labels).
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
-// an alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-// See also the GaugeVec example.
-func (v *HistogramVec) GetMetricWithLabelValues(lvs ...string) (Observer, error) {
-	metric, err := v.MetricVec.GetMetricWithLabelValues(lvs...)
-	if metric != nil {
-		return metric.(Observer), err
-	}
-	return nil, err
-}
-
-// GetMetricWith returns the Histogram for the given Labels map (the label names
-// must match those of the variable labels in Desc). If that label map is
-// accessed for the first time, a new Histogram is created. Implications of
-// creating a Histogram without using it and keeping the Histogram for later use
-// are the same as for GetMetricWithLabelValues.
-//
-// An error is returned if the number and names of the Labels are inconsistent
-// with those of the variable labels in Desc (minus any curried labels).
-//
-// This method is used for the same purpose as
-// GetMetricWithLabelValues(...string). See there for pros and cons of the two
-// methods.
-func (v *HistogramVec) GetMetricWith(labels Labels) (Observer, error) {
-	metric, err := v.MetricVec.GetMetricWith(labels)
-	if metric != nil {
-		return metric.(Observer), err
-	}
-	return nil, err
-}
-
-// WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. Not returning an
-// error allows shortcuts like
-//     myVec.WithLabelValues("404", "GET").Observe(42.21)
-func (v *HistogramVec) WithLabelValues(lvs ...string) Observer {
-	h, err := v.GetMetricWithLabelValues(lvs...)
-	if err != nil {
-		panic(err)
-	}
-	return h
-}
-
-// With works as GetMetricWith but panics where GetMetricWithLabels would have
-// returned an error. Not returning an error allows shortcuts like
-//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Observe(42.21)
-func (v *HistogramVec) With(labels Labels) Observer {
-	h, err := v.GetMetricWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return h
-}
-
-// CurryWith returns a vector curried with the provided labels, i.e. the
-// returned vector has those labels pre-set for all labeled operations performed
-// on it. The cardinality of the curried vector is reduced accordingly. The
-// order of the remaining labels stays the same (just with the curried labels
-// taken out of the sequence – which is relevant for the
-// (GetMetric)WithLabelValues methods). It is possible to curry a curried
-// vector, but only with labels not yet used for currying before.
-//
-// The metrics contained in the HistogramVec are shared between the curried and
-// uncurried vectors. They are just accessed differently. Curried and uncurried
-// vectors behave identically in terms of collection. Only one must be
-// registered with a given registry (usually the uncurried version). The Reset
-// method deletes all metrics, even if called on a curried vector.
-func (v *HistogramVec) CurryWith(labels Labels) (ObserverVec, error) {
-	vec, err := v.MetricVec.CurryWith(labels)
-	if vec != nil {
-		return &HistogramVec{vec}, err
-	}
-	return nil, err
-}
-
-// MustCurryWith works as CurryWith but panics where CurryWith would have
-// returned an error.
-func (v *HistogramVec) MustCurryWith(labels Labels) ObserverVec {
-	vec, err := v.CurryWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return vec
-}
-
-type constHistogram struct {
-	desc       *Desc
-	count      uint64
-	sum        float64
-	buckets    map[float64]uint64
-	labelPairs []*dto.LabelPair
-}
-
-func (h *constHistogram) Desc() *Desc {
-	return h.desc
-}
-
-func (h *constHistogram) Write(out *dto.Metric) error {
-	his := &dto.Histogram{}
-	buckets := make([]*dto.Bucket, 0, len(h.buckets))
-
-	his.SampleCount = proto.Uint64(h.count)
-	his.SampleSum = proto.Float64(h.sum)
-
-	for upperBound, count := range h.buckets {
-		buckets = append(buckets, &dto.Bucket{
-			CumulativeCount: proto.Uint64(count),
-			UpperBound:      proto.Float64(upperBound),
-		})
-	}
-
-	if len(buckets) > 0 {
-		sort.Sort(buckSort(buckets))
-	}
-	his.Bucket = buckets
-
-	out.Histogram = his
-	out.Label = h.labelPairs
-
-	return nil
-}
-
-// NewConstHistogram returns a metric representing a Prometheus histogram with
-// fixed values for the count, sum, and bucket counts. As those parameters
-// cannot be changed, the returned value does not implement the Histogram
-// interface (but only the Metric interface). Users of this package will not
-// have much use for it in regular operations. However, when implementing custom
-// Collectors, it is useful as a throw-away metric that is generated on the fly
-// to send it to Prometheus in the Collect method.
-//
-// buckets is a map of upper bounds to cumulative counts, excluding the +Inf
-// bucket.
-//
-// NewConstHistogram returns an error if the length of labelValues is not
-// consistent with the variable labels in Desc or if Desc is invalid.
-func NewConstHistogram(
-	desc *Desc,
-	count uint64,
-	sum float64,
-	buckets map[float64]uint64,
-	labelValues ...string,
-) (Metric, error) {
-	if desc.err != nil {
-		return nil, desc.err
-	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
-		return nil, err
-	}
-	return &constHistogram{
-		desc:       desc,
-		count:      count,
-		sum:        sum,
-		buckets:    buckets,
-		labelPairs: MakeLabelPairs(desc, labelValues),
-	}, nil
-}
-
-// MustNewConstHistogram is a version of NewConstHistogram that panics where
-// NewConstHistogram would have returned an error.
-func MustNewConstHistogram(
-	desc *Desc,
-	count uint64,
-	sum float64,
-	buckets map[float64]uint64,
-	labelValues ...string,
-) Metric {
-	m, err := NewConstHistogram(desc, count, sum, buckets, labelValues...)
-	if err != nil {
-		panic(err)
-	}
-	return m
-}
-
-type buckSort []*dto.Bucket
-
-func (s buckSort) Len() int {
-	return len(s)
-}
-
-func (s buckSort) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-func (s buckSort) Less(i, j int) bool {
-	return s[i].GetUpperBound() < s[j].GetUpperBound()
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go
deleted file mode 100644
index fe0a52180..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go
+++ /dev/null
@@ -1,142 +0,0 @@
-// Copyright 2021 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build go1.17
-// +build go1.17
-
-package internal
-
-import (
-	"math"
-	"path"
-	"runtime/metrics"
-	"strings"
-
-	"github.com/prometheus/common/model"
-)
-
-// RuntimeMetricsToProm produces a Prometheus metric name from a runtime/metrics
-// metric description and validates whether the metric is suitable for integration
-// with Prometheus.
-//
-// Returns false if a name could not be produced, or if Prometheus does not understand
-// the runtime/metrics Kind.
-//
-// Note that the main reason a name couldn't be produced is if the runtime/metrics
-// package exports a name with characters outside the valid Prometheus metric name
-// character set. This is theoretically possible, but should never happen in practice.
-// Still, don't rely on it.
-func RuntimeMetricsToProm(d *metrics.Description) (string, string, string, bool) {
-	namespace := "go"
-
-	comp := strings.SplitN(d.Name, ":", 2)
-	key := comp[0]
-	unit := comp[1]
-
-	// The last path element in the key is the name,
-	// the rest is the subsystem.
-	subsystem := path.Dir(key[1:] /* remove leading / */)
-	name := path.Base(key)
-
-	// subsystem is translated by replacing all / and - with _.
-	subsystem = strings.ReplaceAll(subsystem, "/", "_")
-	subsystem = strings.ReplaceAll(subsystem, "-", "_")
-
-	// unit is translated assuming that the unit contains no
-	// non-ASCII characters.
-	unit = strings.ReplaceAll(unit, "-", "_")
-	unit = strings.ReplaceAll(unit, "*", "_")
-	unit = strings.ReplaceAll(unit, "/", "_per_")
-
-	// name has - replaced with _ and is concatenated with the unit and
-	// other data.
-	name = strings.ReplaceAll(name, "-", "_")
-	name = name + "_" + unit
-	if d.Cumulative {
-		name = name + "_total"
-	}
-
-	valid := model.IsValidMetricName(model.LabelValue(namespace + "_" + subsystem + "_" + name))
-	switch d.Kind {
-	case metrics.KindUint64:
-	case metrics.KindFloat64:
-	case metrics.KindFloat64Histogram:
-	default:
-		valid = false
-	}
-	return namespace, subsystem, name, valid
-}
-
-// RuntimeMetricsBucketsForUnit takes a set of buckets obtained for a runtime/metrics histogram
-// type (so, lower-bound inclusive) and a unit from a runtime/metrics name, and produces
-// a reduced set of buckets. This function always removes any -Inf bucket as it's represented
-// as the bottom-most upper-bound inclusive bucket in Prometheus.
-func RuntimeMetricsBucketsForUnit(buckets []float64, unit string) []float64 {
-	switch unit {
-	case "bytes":
-		// Rebucket as powers of 2.
-		return rebucketExp(buckets, 2)
-	case "seconds":
-		// Rebucket as powers of 10 and then merge all buckets greater
-		// than 1 second into the +Inf bucket.
-		b := rebucketExp(buckets, 10)
-		for i := range b {
-			if b[i] <= 1 {
-				continue
-			}
-			b[i] = math.Inf(1)
-			b = b[:i+1]
-			break
-		}
-		return b
-	}
-	return buckets
-}
-
-// rebucketExp takes a list of bucket boundaries (lower bound inclusive) and
-// downsamples the buckets to those a multiple of base apart. The end result
-// is a roughly exponential (in many cases, perfectly exponential) bucketing
-// scheme.
-func rebucketExp(buckets []float64, base float64) []float64 {
-	bucket := buckets[0]
-	var newBuckets []float64
-	// We may see a -Inf here, in which case, add it and skip it
-	// since we risk producing NaNs otherwise.
-	//
-	// We need to preserve -Inf values to maintain runtime/metrics
-	// conventions. We'll strip it out later.
-	if bucket == math.Inf(-1) {
-		newBuckets = append(newBuckets, bucket)
-		buckets = buckets[1:]
-		bucket = buckets[0]
-	}
-	// From now on, bucket should always have a non-Inf value because
-	// Infs are only ever at the ends of the bucket lists, so
-	// arithmetic operations on it are non-NaN.
-	for i := 1; i < len(buckets); i++ {
-		if bucket >= 0 && buckets[i] < bucket*base {
-			// The next bucket we want to include is at least bucket*base.
-			continue
-		} else if bucket < 0 && buckets[i] < bucket/base {
-			// In this case the bucket we're targeting is negative, and since
-			// we're ascending through buckets here, we need to divide to get
-			// closer to zero exponentially.
-			continue
-		}
-		// The +Inf bucket will always be the last one, and we'll always
-		// end up including it here because bucket
-		newBuckets = append(newBuckets, bucket)
-		bucket = buckets[i]
-	}
-	return append(newBuckets, bucket)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/metric.go
deleted file mode 100644
index 351c26e1a..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/internal/metric.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package internal
-
-import (
-	"sort"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// metricSorter is a sortable slice of *dto.Metric.
-type metricSorter []*dto.Metric
-
-func (s metricSorter) Len() int {
-	return len(s)
-}
-
-func (s metricSorter) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-func (s metricSorter) Less(i, j int) bool {
-	if len(s[i].Label) != len(s[j].Label) {
-		// This should not happen. The metrics are
-		// inconsistent. However, we have to deal with the fact, as
-		// people might use custom collectors or metric family injection
-		// to create inconsistent metrics. So let's simply compare the
-		// number of labels in this case. That will still yield
-		// reproducible sorting.
-		return len(s[i].Label) < len(s[j].Label)
-	}
-	for n, lp := range s[i].Label {
-		vi := lp.GetValue()
-		vj := s[j].Label[n].GetValue()
-		if vi != vj {
-			return vi < vj
-		}
-	}
-
-	// We should never arrive here. Multiple metrics with the same
-	// label set in the same scrape will lead to undefined ingestion
-	// behavior. However, as above, we have to provide stable sorting
-	// here, even for inconsistent metrics. So sort equal metrics
-	// by their timestamp, with missing timestamps (implying "now")
-	// coming last.
-	if s[i].TimestampMs == nil {
-		return false
-	}
-	if s[j].TimestampMs == nil {
-		return true
-	}
-	return s[i].GetTimestampMs() < s[j].GetTimestampMs()
-}
-
-// NormalizeMetricFamilies returns a MetricFamily slice with empty
-// MetricFamilies pruned and the remaining MetricFamilies sorted by name within
-// the slice, with the contained Metrics sorted within each MetricFamily.
-func NormalizeMetricFamilies(metricFamiliesByName map[string]*dto.MetricFamily) []*dto.MetricFamily {
-	for _, mf := range metricFamiliesByName {
-		sort.Sort(metricSorter(mf.Metric))
-	}
-	names := make([]string, 0, len(metricFamiliesByName))
-	for name, mf := range metricFamiliesByName {
-		if len(mf.Metric) > 0 {
-			names = append(names, name)
-		}
-	}
-	sort.Strings(names)
-	result := make([]*dto.MetricFamily, 0, len(names))
-	for _, name := range names {
-		result = append(result, metricFamiliesByName[name])
-	}
-	return result
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/labels.go b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
deleted file mode 100644
index 2744443ac..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/labels.go
+++ /dev/null
@@ -1,87 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-	"unicode/utf8"
-
-	"github.com/prometheus/common/model"
-)
-
-// Labels represents a collection of label name -> value mappings. This type is
-// commonly used with the With(Labels) and GetMetricWith(Labels) methods of
-// metric vector Collectors, e.g.:
-//     myVec.With(Labels{"code": "404", "method": "GET"}).Add(42)
-//
-// The other use-case is the specification of constant label pairs in Opts or to
-// create a Desc.
-type Labels map[string]string
-
-// reservedLabelPrefix is a prefix which is not legal in user-supplied
-// label names.
-const reservedLabelPrefix = "__"
-
-var errInconsistentCardinality = errors.New("inconsistent label cardinality")
-
-func makeInconsistentCardinalityError(fqName string, labels, labelValues []string) error {
-	return fmt.Errorf(
-		"%s: %q has %d variable labels named %q but %d values %q were provided",
-		errInconsistentCardinality, fqName,
-		len(labels), labels,
-		len(labelValues), labelValues,
-	)
-}
-
-func validateValuesInLabels(labels Labels, expectedNumberOfValues int) error {
-	if len(labels) != expectedNumberOfValues {
-		return fmt.Errorf(
-			"%s: expected %d label values but got %d in %#v",
-			errInconsistentCardinality, expectedNumberOfValues,
-			len(labels), labels,
-		)
-	}
-
-	for name, val := range labels {
-		if !utf8.ValidString(val) {
-			return fmt.Errorf("label %s: value %q is not valid UTF-8", name, val)
-		}
-	}
-
-	return nil
-}
-
-func validateLabelValues(vals []string, expectedNumberOfValues int) error {
-	if len(vals) != expectedNumberOfValues {
-		return fmt.Errorf(
-			"%s: expected %d label values but got %d in %#v",
-			errInconsistentCardinality, expectedNumberOfValues,
-			len(vals), vals,
-		)
-	}
-
-	for _, val := range vals {
-		if !utf8.ValidString(val) {
-			return fmt.Errorf("label value %q is not valid UTF-8", val)
-		}
-	}
-
-	return nil
-}
-
-func checkLabelName(l string) bool {
-	return model.LabelName(l).IsValid() && !strings.HasPrefix(l, reservedLabelPrefix)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
deleted file mode 100644
index dc121910a..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go
+++ /dev/null
@@ -1,176 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"strings"
-	"time"
-
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"github.com/prometheus/common/model"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-var separatorByteSlice = []byte{model.SeparatorByte} // For convenient use with xxhash.
-
-// A Metric models a single sample value with its meta data being exported to
-// Prometheus. Implementations of Metric in this package are Gauge, Counter,
-// Histogram, Summary, and Untyped.
-type Metric interface {
-	// Desc returns the descriptor for the Metric. This method idempotently
-	// returns the same descriptor throughout the lifetime of the
-	// Metric. The returned descriptor is immutable by contract. A Metric
-	// unable to describe itself must return an invalid descriptor (created
-	// with NewInvalidDesc).
-	Desc() *Desc
-	// Write encodes the Metric into a "Metric" Protocol Buffer data
-	// transmission object.
-	//
-	// Metric implementations must observe concurrency safety as reads of
-	// this metric may occur at any time, and any blocking occurs at the
-	// expense of total performance of rendering all registered
-	// metrics. Ideally, Metric implementations should support concurrent
-	// readers.
-	//
-	// While populating dto.Metric, it is the responsibility of the
-	// implementation to ensure validity of the Metric protobuf (like valid
-	// UTF-8 strings or syntactically valid metric and label names). It is
-	// recommended to sort labels lexicographically. Callers of Write should
-	// still make sure of sorting if they depend on it.
-	Write(*dto.Metric) error
-	// TODO(beorn7): The original rationale of passing in a pre-allocated
-	// dto.Metric protobuf to save allocations has disappeared. The
-	// signature of this method should be changed to "Write() (*dto.Metric,
-	// error)".
-}
-
-// Opts bundles the options for creating most Metric types. Each metric
-// implementation XXX has its own XXXOpts type, but in most cases, it is just
-// an alias of this type (which might change when the requirement arises.)
-//
-// It is mandatory to set Name to a non-empty string. All other fields are
-// optional and can safely be left at their zero value, although it is strongly
-// encouraged to set a Help string.
-type Opts struct {
-	// Namespace, Subsystem, and Name are components of the fully-qualified
-	// name of the Metric (created by joining these components with
-	// "_"). Only Name is mandatory, the others merely help structuring the
-	// name. Note that the fully-qualified name of the metric must be a
-	// valid Prometheus metric name.
-	Namespace string
-	Subsystem string
-	Name      string
-
-	// Help provides information about this metric.
-	//
-	// Metrics with the same fully-qualified name must have the same Help
-	// string.
-	Help string
-
-	// ConstLabels are used to attach fixed labels to this metric. Metrics
-	// with the same fully-qualified name must have the same label names in
-	// their ConstLabels.
-	//
-	// ConstLabels are only used rarely. In particular, do not use them to
-	// attach the same labels to all your metrics. Those use cases are
-	// better covered by target labels set by the scraping Prometheus
-	// server, or by one specific metric (e.g. a build_info or a
-	// machine_role metric). See also
-	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
-	ConstLabels Labels
-}
-
-// BuildFQName joins the given three name components by "_". Empty name
-// components are ignored. If the name parameter itself is empty, an empty
-// string is returned, no matter what. Metric implementations included in this
-// library use this function internally to generate the fully-qualified metric
-// name from the name component in their Opts. Users of the library will only
-// need this function if they implement their own Metric or instantiate a Desc
-// (with NewDesc) directly.
-func BuildFQName(namespace, subsystem, name string) string {
-	if name == "" {
-		return ""
-	}
-	switch {
-	case namespace != "" && subsystem != "":
-		return strings.Join([]string{namespace, subsystem, name}, "_")
-	case namespace != "":
-		return strings.Join([]string{namespace, name}, "_")
-	case subsystem != "":
-		return strings.Join([]string{subsystem, name}, "_")
-	}
-	return name
-}
-
-// labelPairSorter implements sort.Interface. It is used to sort a slice of
-// dto.LabelPair pointers.
-type labelPairSorter []*dto.LabelPair
-
-func (s labelPairSorter) Len() int {
-	return len(s)
-}
-
-func (s labelPairSorter) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-func (s labelPairSorter) Less(i, j int) bool {
-	return s[i].GetName() < s[j].GetName()
-}
-
-type invalidMetric struct {
-	desc *Desc
-	err  error
-}
-
-// NewInvalidMetric returns a metric whose Write method always returns the
-// provided error. It is useful if a Collector finds itself unable to collect
-// a metric and wishes to report an error to the registry.
-func NewInvalidMetric(desc *Desc, err error) Metric {
-	return &invalidMetric{desc, err}
-}
-
-func (m *invalidMetric) Desc() *Desc { return m.desc }
-
-func (m *invalidMetric) Write(*dto.Metric) error { return m.err }
-
-type timestampedMetric struct {
-	Metric
-	t time.Time
-}
-
-func (m timestampedMetric) Write(pb *dto.Metric) error {
-	e := m.Metric.Write(pb)
-	pb.TimestampMs = proto.Int64(m.t.Unix()*1000 + int64(m.t.Nanosecond()/1000000))
-	return e
-}
-
-// NewMetricWithTimestamp returns a new Metric wrapping the provided Metric in a
-// way that it has an explicit timestamp set to the provided Time. This is only
-// useful in rare cases as the timestamp of a Prometheus metric should usually
-// be set by the Prometheus server during scraping. Exceptions include mirroring
-// metrics with given timestamps from other metric
-// sources.
-//
-// NewMetricWithTimestamp works best with MustNewConstMetric,
-// MustNewConstHistogram, and MustNewConstSummary, see example.
-//
-// Currently, the exposition formats used by Prometheus are limited to
-// millisecond resolution. Thus, the provided time will be rounded down to the
-// next full millisecond value.
-func NewMetricWithTimestamp(t time.Time, m Metric) Metric {
-	return timestampedMetric{Metric: m, t: t}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/observer.go b/vendor/github.com/prometheus/client_golang/prometheus/observer.go
deleted file mode 100644
index 44128016f..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/observer.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright 2017 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-// Observer is the interface that wraps the Observe method, which is used by
-// Histogram and Summary to add observations.
-type Observer interface {
-	Observe(float64)
-}
-
-// The ObserverFunc type is an adapter to allow the use of ordinary
-// functions as Observers. If f is a function with the appropriate
-// signature, ObserverFunc(f) is an Observer that calls f.
-//
-// This adapter is usually used in connection with the Timer type, and there are
-// two general use cases:
-//
-// The most common one is to use a Gauge as the Observer for a Timer.
-// See the "Gauge" Timer example.
-//
-// The more advanced use case is to create a function that dynamically decides
-// which Observer to use for observing the duration. See the "Complex" Timer
-// example.
-type ObserverFunc func(float64)
-
-// Observe calls f(value). It implements Observer.
-func (f ObserverFunc) Observe(value float64) {
-	f(value)
-}
-
-// ObserverVec is an interface implemented by `HistogramVec` and `SummaryVec`.
-type ObserverVec interface {
-	GetMetricWith(Labels) (Observer, error)
-	GetMetricWithLabelValues(lvs ...string) (Observer, error)
-	With(Labels) Observer
-	WithLabelValues(...string) Observer
-	CurryWith(Labels) (ObserverVec, error)
-	MustCurryWith(Labels) ObserverVec
-
-	Collector
-}
-
-// ExemplarObserver is implemented by Observers that offer the option of
-// observing a value together with an exemplar. Its ObserveWithExemplar method
-// works like the Observe method of an Observer but also replaces the currently
-// saved exemplar (if any) with a new one, created from the provided value, the
-// current time as timestamp, and the provided Labels. Empty Labels will lead to
-// a valid (label-less) exemplar. But if Labels is nil, the current exemplar is
-// left in place. ObserveWithExemplar panics if any of the provided labels are
-// invalid or if the provided labels contain more than 64 runes in total.
-type ExemplarObserver interface {
-	ObserveWithExemplar(value float64, exemplar Labels)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
deleted file mode 100644
index 5bfe0ff5b..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
+++ /dev/null
@@ -1,166 +0,0 @@
-// Copyright 2015 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"strconv"
-	"strings"
-)
-
-type processCollector struct {
-	collectFn       func(chan<- Metric)
-	pidFn           func() (int, error)
-	reportErrors    bool
-	cpuTotal        *Desc
-	openFDs, maxFDs *Desc
-	vsize, maxVsize *Desc
-	rss             *Desc
-	startTime       *Desc
-}
-
-// ProcessCollectorOpts defines the behavior of a process metrics collector
-// created with NewProcessCollector.
-type ProcessCollectorOpts struct {
-	// PidFn returns the PID of the process the collector collects metrics
-	// for. It is called upon each collection. By default, the PID of the
-	// current process is used, as determined on construction time by
-	// calling os.Getpid().
-	PidFn func() (int, error)
-	// If non-empty, each of the collected metrics is prefixed by the
-	// provided string and an underscore ("_").
-	Namespace string
-	// If true, any error encountered during collection is reported as an
-	// invalid metric (see NewInvalidMetric). Otherwise, errors are ignored
-	// and the collected metrics will be incomplete. (Possibly, no metrics
-	// will be collected at all.) While that's usually not desired, it is
-	// appropriate for the common "mix-in" of process metrics, where process
-	// metrics are nice to have, but failing to collect them should not
-	// disrupt the collection of the remaining metrics.
-	ReportErrors bool
-}
-
-// NewProcessCollector is the obsolete version of collectors.NewProcessCollector.
-// See there for documentation.
-//
-// Deprecated: Use collectors.NewProcessCollector instead.
-func NewProcessCollector(opts ProcessCollectorOpts) Collector {
-	ns := ""
-	if len(opts.Namespace) > 0 {
-		ns = opts.Namespace + "_"
-	}
-
-	c := &processCollector{
-		reportErrors: opts.ReportErrors,
-		cpuTotal: NewDesc(
-			ns+"process_cpu_seconds_total",
-			"Total user and system CPU time spent in seconds.",
-			nil, nil,
-		),
-		openFDs: NewDesc(
-			ns+"process_open_fds",
-			"Number of open file descriptors.",
-			nil, nil,
-		),
-		maxFDs: NewDesc(
-			ns+"process_max_fds",
-			"Maximum number of open file descriptors.",
-			nil, nil,
-		),
-		vsize: NewDesc(
-			ns+"process_virtual_memory_bytes",
-			"Virtual memory size in bytes.",
-			nil, nil,
-		),
-		maxVsize: NewDesc(
-			ns+"process_virtual_memory_max_bytes",
-			"Maximum amount of virtual memory available in bytes.",
-			nil, nil,
-		),
-		rss: NewDesc(
-			ns+"process_resident_memory_bytes",
-			"Resident memory size in bytes.",
-			nil, nil,
-		),
-		startTime: NewDesc(
-			ns+"process_start_time_seconds",
-			"Start time of the process since unix epoch in seconds.",
-			nil, nil,
-		),
-	}
-
-	if opts.PidFn == nil {
-		pid := os.Getpid()
-		c.pidFn = func() (int, error) { return pid, nil }
-	} else {
-		c.pidFn = opts.PidFn
-	}
-
-	// Set up process metric collection if supported by the runtime.
-	if canCollectProcess() {
-		c.collectFn = c.processCollect
-	} else {
-		c.collectFn = func(ch chan<- Metric) {
-			c.reportError(ch, nil, errors.New("process metrics not supported on this platform"))
-		}
-	}
-
-	return c
-}
-
-// Describe returns all descriptions of the collector.
-func (c *processCollector) Describe(ch chan<- *Desc) {
-	ch <- c.cpuTotal
-	ch <- c.openFDs
-	ch <- c.maxFDs
-	ch <- c.vsize
-	ch <- c.maxVsize
-	ch <- c.rss
-	ch <- c.startTime
-}
-
-// Collect returns the current state of all metrics of the collector.
-func (c *processCollector) Collect(ch chan<- Metric) {
-	c.collectFn(ch)
-}
-
-func (c *processCollector) reportError(ch chan<- Metric, desc *Desc, err error) {
-	if !c.reportErrors {
-		return
-	}
-	if desc == nil {
-		desc = NewInvalidDesc(err)
-	}
-	ch <- NewInvalidMetric(desc, err)
-}
-
-// NewPidFileFn returns a function that retrieves a pid from the specified file.
-// It is meant to be used for the PidFn field in ProcessCollectorOpts.
-func NewPidFileFn(pidFilePath string) func() (int, error) {
-	return func() (int, error) {
-		content, err := ioutil.ReadFile(pidFilePath)
-		if err != nil {
-			return 0, fmt.Errorf("can't read pid file %q: %+v", pidFilePath, err)
-		}
-		pid, err := strconv.Atoi(strings.TrimSpace(string(content)))
-		if err != nil {
-			return 0, fmt.Errorf("can't parse pid file %q: %+v", pidFilePath, err)
-		}
-
-		return pid, nil
-	}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
deleted file mode 100644
index 2dc3660da..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !windows
-// +build !windows
-
-package prometheus
-
-import (
-	"github.com/prometheus/procfs"
-)
-
-func canCollectProcess() bool {
-	_, err := procfs.NewDefaultFS()
-	return err == nil
-}
-
-func (c *processCollector) processCollect(ch chan<- Metric) {
-	pid, err := c.pidFn()
-	if err != nil {
-		c.reportError(ch, nil, err)
-		return
-	}
-
-	p, err := procfs.NewProc(pid)
-	if err != nil {
-		c.reportError(ch, nil, err)
-		return
-	}
-
-	if stat, err := p.Stat(); err == nil {
-		ch <- MustNewConstMetric(c.cpuTotal, CounterValue, stat.CPUTime())
-		ch <- MustNewConstMetric(c.vsize, GaugeValue, float64(stat.VirtualMemory()))
-		ch <- MustNewConstMetric(c.rss, GaugeValue, float64(stat.ResidentMemory()))
-		if startTime, err := stat.StartTime(); err == nil {
-			ch <- MustNewConstMetric(c.startTime, GaugeValue, startTime)
-		} else {
-			c.reportError(ch, c.startTime, err)
-		}
-	} else {
-		c.reportError(ch, nil, err)
-	}
-
-	if fds, err := p.FileDescriptorsLen(); err == nil {
-		ch <- MustNewConstMetric(c.openFDs, GaugeValue, float64(fds))
-	} else {
-		c.reportError(ch, c.openFDs, err)
-	}
-
-	if limits, err := p.Limits(); err == nil {
-		ch <- MustNewConstMetric(c.maxFDs, GaugeValue, float64(limits.OpenFiles))
-		ch <- MustNewConstMetric(c.maxVsize, GaugeValue, float64(limits.AddressSpace))
-	} else {
-		c.reportError(ch, nil, err)
-	}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
deleted file mode 100644
index f973398df..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
+++ /dev/null
@@ -1,116 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-func canCollectProcess() bool {
-	return true
-}
-
-var (
-	modpsapi    = syscall.NewLazyDLL("psapi.dll")
-	modkernel32 = syscall.NewLazyDLL("kernel32.dll")
-
-	procGetProcessMemoryInfo  = modpsapi.NewProc("GetProcessMemoryInfo")
-	procGetProcessHandleCount = modkernel32.NewProc("GetProcessHandleCount")
-)
-
-type processMemoryCounters struct {
-	// System interface description
-	// https://docs.microsoft.com/en-us/windows/desktop/api/psapi/ns-psapi-process_memory_counters_ex
-
-	// Refer to the Golang internal implementation
-	// https://golang.org/src/internal/syscall/windows/psapi_windows.go
-	_                          uint32
-	PageFaultCount             uint32
-	PeakWorkingSetSize         uintptr
-	WorkingSetSize             uintptr
-	QuotaPeakPagedPoolUsage    uintptr
-	QuotaPagedPoolUsage        uintptr
-	QuotaPeakNonPagedPoolUsage uintptr
-	QuotaNonPagedPoolUsage     uintptr
-	PagefileUsage              uintptr
-	PeakPagefileUsage          uintptr
-	PrivateUsage               uintptr
-}
-
-func getProcessMemoryInfo(handle windows.Handle) (processMemoryCounters, error) {
-	mem := processMemoryCounters{}
-	r1, _, err := procGetProcessMemoryInfo.Call(
-		uintptr(handle),
-		uintptr(unsafe.Pointer(&mem)),
-		uintptr(unsafe.Sizeof(mem)),
-	)
-	if r1 != 1 {
-		return mem, err
-	} else {
-		return mem, nil
-	}
-}
-
-func getProcessHandleCount(handle windows.Handle) (uint32, error) {
-	var count uint32
-	r1, _, err := procGetProcessHandleCount.Call(
-		uintptr(handle),
-		uintptr(unsafe.Pointer(&count)),
-	)
-	if r1 != 1 {
-		return 0, err
-	} else {
-		return count, nil
-	}
-}
-
-func (c *processCollector) processCollect(ch chan<- Metric) {
-	h, err := windows.GetCurrentProcess()
-	if err != nil {
-		c.reportError(ch, nil, err)
-		return
-	}
-
-	var startTime, exitTime, kernelTime, userTime windows.Filetime
-	err = windows.GetProcessTimes(h, &startTime, &exitTime, &kernelTime, &userTime)
-	if err != nil {
-		c.reportError(ch, nil, err)
-		return
-	}
-	ch <- MustNewConstMetric(c.startTime, GaugeValue, float64(startTime.Nanoseconds()/1e9))
-	ch <- MustNewConstMetric(c.cpuTotal, CounterValue, fileTimeToSeconds(kernelTime)+fileTimeToSeconds(userTime))
-
-	mem, err := getProcessMemoryInfo(h)
-	if err != nil {
-		c.reportError(ch, nil, err)
-		return
-	}
-	ch <- MustNewConstMetric(c.vsize, GaugeValue, float64(mem.PrivateUsage))
-	ch <- MustNewConstMetric(c.rss, GaugeValue, float64(mem.WorkingSetSize))
-
-	handles, err := getProcessHandleCount(h)
-	if err != nil {
-		c.reportError(ch, nil, err)
-		return
-	}
-	ch <- MustNewConstMetric(c.openFDs, GaugeValue, float64(handles))
-	ch <- MustNewConstMetric(c.maxFDs, GaugeValue, float64(16*1024*1024)) // Windows has a hard-coded max limit, not per-process.
-}
-
-func fileTimeToSeconds(ft windows.Filetime) float64 {
-	return float64(uint64(ft.HighDateTime)<<32+uint64(ft.LowDateTime)) / 1e7
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/delegator.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/delegator.go
deleted file mode 100644
index e7c0d0546..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/delegator.go
+++ /dev/null
@@ -1,368 +0,0 @@
-// Copyright 2017 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package promhttp
-
-import (
-	"bufio"
-	"io"
-	"net"
-	"net/http"
-)
-
-const (
-	closeNotifier = 1 << iota
-	flusher
-	hijacker
-	readerFrom
-	pusher
-)
-
-type delegator interface {
-	http.ResponseWriter
-
-	Status() int
-	Written() int64
-}
-
-type responseWriterDelegator struct {
-	http.ResponseWriter
-
-	status             int
-	written            int64
-	wroteHeader        bool
-	observeWriteHeader func(int)
-}
-
-func (r *responseWriterDelegator) Status() int {
-	return r.status
-}
-
-func (r *responseWriterDelegator) Written() int64 {
-	return r.written
-}
-
-func (r *responseWriterDelegator) WriteHeader(code int) {
-	if r.observeWriteHeader != nil && !r.wroteHeader {
-		// Only call observeWriteHeader for the 1st time. It's a bug if
-		// WriteHeader is called more than once, but we want to protect
-		// against it here. Note that we still delegate the WriteHeader
-		// to the original ResponseWriter to not mask the bug from it.
-		r.observeWriteHeader(code)
-	}
-	r.status = code
-	r.wroteHeader = true
-	r.ResponseWriter.WriteHeader(code)
-}
-
-func (r *responseWriterDelegator) Write(b []byte) (int, error) {
-	// If applicable, call WriteHeader here so that observeWriteHeader is
-	// handled appropriately.
-	if !r.wroteHeader {
-		r.WriteHeader(http.StatusOK)
-	}
-	n, err := r.ResponseWriter.Write(b)
-	r.written += int64(n)
-	return n, err
-}
-
-type closeNotifierDelegator struct{ *responseWriterDelegator }
-type flusherDelegator struct{ *responseWriterDelegator }
-type hijackerDelegator struct{ *responseWriterDelegator }
-type readerFromDelegator struct{ *responseWriterDelegator }
-type pusherDelegator struct{ *responseWriterDelegator }
-
-func (d closeNotifierDelegator) CloseNotify() <-chan bool {
-	//nolint:staticcheck // Ignore SA1019. http.CloseNotifier is deprecated but we keep it here to not break existing users.
-	return d.ResponseWriter.(http.CloseNotifier).CloseNotify()
-}
-func (d flusherDelegator) Flush() {
-	// If applicable, call WriteHeader here so that observeWriteHeader is
-	// handled appropriately.
-	if !d.wroteHeader {
-		d.WriteHeader(http.StatusOK)
-	}
-	d.ResponseWriter.(http.Flusher).Flush()
-}
-func (d hijackerDelegator) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	return d.ResponseWriter.(http.Hijacker).Hijack()
-}
-func (d readerFromDelegator) ReadFrom(re io.Reader) (int64, error) {
-	// If applicable, call WriteHeader here so that observeWriteHeader is
-	// handled appropriately.
-	if !d.wroteHeader {
-		d.WriteHeader(http.StatusOK)
-	}
-	n, err := d.ResponseWriter.(io.ReaderFrom).ReadFrom(re)
-	d.written += n
-	return n, err
-}
-func (d pusherDelegator) Push(target string, opts *http.PushOptions) error {
-	return d.ResponseWriter.(http.Pusher).Push(target, opts)
-}
-
-var pickDelegator = make([]func(*responseWriterDelegator) delegator, 32)
-
-func init() {
-	// TODO(beorn7): Code generation would help here.
-	pickDelegator[0] = func(d *responseWriterDelegator) delegator { // 0
-		return d
-	}
-	pickDelegator[closeNotifier] = func(d *responseWriterDelegator) delegator { // 1
-		return closeNotifierDelegator{d}
-	}
-	pickDelegator[flusher] = func(d *responseWriterDelegator) delegator { // 2
-		return flusherDelegator{d}
-	}
-	pickDelegator[flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 3
-		return struct {
-			*responseWriterDelegator
-			http.Flusher
-			http.CloseNotifier
-		}{d, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[hijacker] = func(d *responseWriterDelegator) delegator { // 4
-		return hijackerDelegator{d}
-	}
-	pickDelegator[hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 5
-		return struct {
-			*responseWriterDelegator
-			http.Hijacker
-			http.CloseNotifier
-		}{d, hijackerDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 6
-		return struct {
-			*responseWriterDelegator
-			http.Hijacker
-			http.Flusher
-		}{d, hijackerDelegator{d}, flusherDelegator{d}}
-	}
-	pickDelegator[hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 7
-		return struct {
-			*responseWriterDelegator
-			http.Hijacker
-			http.Flusher
-			http.CloseNotifier
-		}{d, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[readerFrom] = func(d *responseWriterDelegator) delegator { // 8
-		return readerFromDelegator{d}
-	}
-	pickDelegator[readerFrom+closeNotifier] = func(d *responseWriterDelegator) delegator { // 9
-		return struct {
-			*responseWriterDelegator
-			io.ReaderFrom
-			http.CloseNotifier
-		}{d, readerFromDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[readerFrom+flusher] = func(d *responseWriterDelegator) delegator { // 10
-		return struct {
-			*responseWriterDelegator
-			io.ReaderFrom
-			http.Flusher
-		}{d, readerFromDelegator{d}, flusherDelegator{d}}
-	}
-	pickDelegator[readerFrom+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 11
-		return struct {
-			*responseWriterDelegator
-			io.ReaderFrom
-			http.Flusher
-			http.CloseNotifier
-		}{d, readerFromDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[readerFrom+hijacker] = func(d *responseWriterDelegator) delegator { // 12
-		return struct {
-			*responseWriterDelegator
-			io.ReaderFrom
-			http.Hijacker
-		}{d, readerFromDelegator{d}, hijackerDelegator{d}}
-	}
-	pickDelegator[readerFrom+hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 13
-		return struct {
-			*responseWriterDelegator
-			io.ReaderFrom
-			http.Hijacker
-			http.CloseNotifier
-		}{d, readerFromDelegator{d}, hijackerDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[readerFrom+hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 14
-		return struct {
-			*responseWriterDelegator
-			io.ReaderFrom
-			http.Hijacker
-			http.Flusher
-		}{d, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}}
-	}
-	pickDelegator[readerFrom+hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 15
-		return struct {
-			*responseWriterDelegator
-			io.ReaderFrom
-			http.Hijacker
-			http.Flusher
-			http.CloseNotifier
-		}{d, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher] = func(d *responseWriterDelegator) delegator { // 16
-		return pusherDelegator{d}
-	}
-	pickDelegator[pusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 17
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher+flusher] = func(d *responseWriterDelegator) delegator { // 18
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			http.Flusher
-		}{d, pusherDelegator{d}, flusherDelegator{d}}
-	}
-	pickDelegator[pusher+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 19
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			http.Flusher
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher+hijacker] = func(d *responseWriterDelegator) delegator { // 20
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			http.Hijacker
-		}{d, pusherDelegator{d}, hijackerDelegator{d}}
-	}
-	pickDelegator[pusher+hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 21
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			http.Hijacker
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, hijackerDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher+hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 22
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			http.Hijacker
-			http.Flusher
-		}{d, pusherDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}}
-	}
-	pickDelegator[pusher+hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { //23
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			http.Hijacker
-			http.Flusher
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom] = func(d *responseWriterDelegator) delegator { // 24
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-		}{d, pusherDelegator{d}, readerFromDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom+closeNotifier] = func(d *responseWriterDelegator) delegator { // 25
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, readerFromDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom+flusher] = func(d *responseWriterDelegator) delegator { // 26
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-			http.Flusher
-		}{d, pusherDelegator{d}, readerFromDelegator{d}, flusherDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 27
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-			http.Flusher
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, readerFromDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom+hijacker] = func(d *responseWriterDelegator) delegator { // 28
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-			http.Hijacker
-		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom+hijacker+closeNotifier] = func(d *responseWriterDelegator) delegator { // 29
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-			http.Hijacker
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}, closeNotifierDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom+hijacker+flusher] = func(d *responseWriterDelegator) delegator { // 30
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-			http.Hijacker
-			http.Flusher
-		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}}
-	}
-	pickDelegator[pusher+readerFrom+hijacker+flusher+closeNotifier] = func(d *responseWriterDelegator) delegator { // 31
-		return struct {
-			*responseWriterDelegator
-			http.Pusher
-			io.ReaderFrom
-			http.Hijacker
-			http.Flusher
-			http.CloseNotifier
-		}{d, pusherDelegator{d}, readerFromDelegator{d}, hijackerDelegator{d}, flusherDelegator{d}, closeNotifierDelegator{d}}
-	}
-}
-
-func newDelegator(w http.ResponseWriter, observeWriteHeaderFunc func(int)) delegator {
-	d := &responseWriterDelegator{
-		ResponseWriter:     w,
-		observeWriteHeader: observeWriteHeaderFunc,
-	}
-
-	id := 0
-	//nolint:staticcheck // Ignore SA1019. http.CloseNotifier is deprecated but we keep it here to not break existing users.
-	if _, ok := w.(http.CloseNotifier); ok {
-		id += closeNotifier
-	}
-	if _, ok := w.(http.Flusher); ok {
-		id += flusher
-	}
-	if _, ok := w.(http.Hijacker); ok {
-		id += hijacker
-	}
-	if _, ok := w.(io.ReaderFrom); ok {
-		id += readerFrom
-	}
-	if _, ok := w.(http.Pusher); ok {
-		id += pusher
-	}
-
-	return pickDelegator[id](d)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
deleted file mode 100644
index d86d0cf4b..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
+++ /dev/null
@@ -1,383 +0,0 @@
-// Copyright 2016 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package promhttp provides tooling around HTTP servers and clients.
-//
-// First, the package allows the creation of http.Handler instances to expose
-// Prometheus metrics via HTTP. promhttp.Handler acts on the
-// prometheus.DefaultGatherer. With HandlerFor, you can create a handler for a
-// custom registry or anything that implements the Gatherer interface. It also
-// allows the creation of handlers that act differently on errors or allow to
-// log errors.
-//
-// Second, the package provides tooling to instrument instances of http.Handler
-// via middleware. Middleware wrappers follow the naming scheme
-// InstrumentHandlerX, where X describes the intended use of the middleware.
-// See each function's doc comment for specific details.
-//
-// Finally, the package allows for an http.RoundTripper to be instrumented via
-// middleware. Middleware wrappers follow the naming scheme
-// InstrumentRoundTripperX, where X describes the intended use of the
-// middleware. See each function's doc comment for specific details.
-package promhttp
-
-import (
-	"compress/gzip"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/prometheus/common/expfmt"
-
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-const (
-	contentTypeHeader     = "Content-Type"
-	contentEncodingHeader = "Content-Encoding"
-	acceptEncodingHeader  = "Accept-Encoding"
-)
-
-var gzipPool = sync.Pool{
-	New: func() interface{} {
-		return gzip.NewWriter(nil)
-	},
-}
-
-// Handler returns an http.Handler for the prometheus.DefaultGatherer, using
-// default HandlerOpts, i.e. it reports the first error as an HTTP error, it has
-// no error logging, and it applies compression if requested by the client.
-//
-// The returned http.Handler is already instrumented using the
-// InstrumentMetricHandler function and the prometheus.DefaultRegisterer. If you
-// create multiple http.Handlers by separate calls of the Handler function, the
-// metrics used for instrumentation will be shared between them, providing
-// global scrape counts.
-//
-// This function is meant to cover the bulk of basic use cases. If you are doing
-// anything that requires more customization (including using a non-default
-// Gatherer, different instrumentation, and non-default HandlerOpts), use the
-// HandlerFor function. See there for details.
-func Handler() http.Handler {
-	return InstrumentMetricHandler(
-		prometheus.DefaultRegisterer, HandlerFor(prometheus.DefaultGatherer, HandlerOpts{}),
-	)
-}
-
-// HandlerFor returns an uninstrumented http.Handler for the provided
-// Gatherer. The behavior of the Handler is defined by the provided
-// HandlerOpts. Thus, HandlerFor is useful to create http.Handlers for custom
-// Gatherers, with non-default HandlerOpts, and/or with custom (or no)
-// instrumentation. Use the InstrumentMetricHandler function to apply the same
-// kind of instrumentation as it is used by the Handler function.
-func HandlerFor(reg prometheus.Gatherer, opts HandlerOpts) http.Handler {
-	var (
-		inFlightSem chan struct{}
-		errCnt      = prometheus.NewCounterVec(
-			prometheus.CounterOpts{
-				Name: "promhttp_metric_handler_errors_total",
-				Help: "Total number of internal errors encountered by the promhttp metric handler.",
-			},
-			[]string{"cause"},
-		)
-	)
-
-	if opts.MaxRequestsInFlight > 0 {
-		inFlightSem = make(chan struct{}, opts.MaxRequestsInFlight)
-	}
-	if opts.Registry != nil {
-		// Initialize all possibilities that can occur below.
-		errCnt.WithLabelValues("gathering")
-		errCnt.WithLabelValues("encoding")
-		if err := opts.Registry.Register(errCnt); err != nil {
-			if are, ok := err.(prometheus.AlreadyRegisteredError); ok {
-				errCnt = are.ExistingCollector.(*prometheus.CounterVec)
-			} else {
-				panic(err)
-			}
-		}
-	}
-
-	h := http.HandlerFunc(func(rsp http.ResponseWriter, req *http.Request) {
-		if inFlightSem != nil {
-			select {
-			case inFlightSem <- struct{}{}: // All good, carry on.
-				defer func() { <-inFlightSem }()
-			default:
-				http.Error(rsp, fmt.Sprintf(
-					"Limit of concurrent requests reached (%d), try again later.", opts.MaxRequestsInFlight,
-				), http.StatusServiceUnavailable)
-				return
-			}
-		}
-		mfs, err := reg.Gather()
-		if err != nil {
-			if opts.ErrorLog != nil {
-				opts.ErrorLog.Println("error gathering metrics:", err)
-			}
-			errCnt.WithLabelValues("gathering").Inc()
-			switch opts.ErrorHandling {
-			case PanicOnError:
-				panic(err)
-			case ContinueOnError:
-				if len(mfs) == 0 {
-					// Still report the error if no metrics have been gathered.
-					httpError(rsp, err)
-					return
-				}
-			case HTTPErrorOnError:
-				httpError(rsp, err)
-				return
-			}
-		}
-
-		var contentType expfmt.Format
-		if opts.EnableOpenMetrics {
-			contentType = expfmt.NegotiateIncludingOpenMetrics(req.Header)
-		} else {
-			contentType = expfmt.Negotiate(req.Header)
-		}
-		header := rsp.Header()
-		header.Set(contentTypeHeader, string(contentType))
-
-		w := io.Writer(rsp)
-		if !opts.DisableCompression && gzipAccepted(req.Header) {
-			header.Set(contentEncodingHeader, "gzip")
-			gz := gzipPool.Get().(*gzip.Writer)
-			defer gzipPool.Put(gz)
-
-			gz.Reset(w)
-			defer gz.Close()
-
-			w = gz
-		}
-
-		enc := expfmt.NewEncoder(w, contentType)
-
-		// handleError handles the error according to opts.ErrorHandling
-		// and returns true if we have to abort after the handling.
-		handleError := func(err error) bool {
-			if err == nil {
-				return false
-			}
-			if opts.ErrorLog != nil {
-				opts.ErrorLog.Println("error encoding and sending metric family:", err)
-			}
-			errCnt.WithLabelValues("encoding").Inc()
-			switch opts.ErrorHandling {
-			case PanicOnError:
-				panic(err)
-			case HTTPErrorOnError:
-				// We cannot really send an HTTP error at this
-				// point because we most likely have written
-				// something to rsp already. But at least we can
-				// stop sending.
-				return true
-			}
-			// Do nothing in all other cases, including ContinueOnError.
-			return false
-		}
-
-		for _, mf := range mfs {
-			if handleError(enc.Encode(mf)) {
-				return
-			}
-		}
-		if closer, ok := enc.(expfmt.Closer); ok {
-			// This in particular takes care of the final "# EOF\n" line for OpenMetrics.
-			if handleError(closer.Close()) {
-				return
-			}
-		}
-	})
-
-	if opts.Timeout <= 0 {
-		return h
-	}
-	return http.TimeoutHandler(h, opts.Timeout, fmt.Sprintf(
-		"Exceeded configured timeout of %v.\n",
-		opts.Timeout,
-	))
-}
-
-// InstrumentMetricHandler is usually used with an http.Handler returned by the
-// HandlerFor function. It instruments the provided http.Handler with two
-// metrics: A counter vector "promhttp_metric_handler_requests_total" to count
-// scrapes partitioned by HTTP status code, and a gauge
-// "promhttp_metric_handler_requests_in_flight" to track the number of
-// simultaneous scrapes. This function idempotently registers collectors for
-// both metrics with the provided Registerer. It panics if the registration
-// fails. The provided metrics are useful to see how many scrapes hit the
-// monitored target (which could be from different Prometheus servers or other
-// scrapers), and how often they overlap (which would result in more than one
-// scrape in flight at the same time). Note that the scrapes-in-flight gauge
-// will contain the scrape by which it is exposed, while the scrape counter will
-// only get incremented after the scrape is complete (as only then the status
-// code is known). For tracking scrape durations, use the
-// "scrape_duration_seconds" gauge created by the Prometheus server upon each
-// scrape.
-func InstrumentMetricHandler(reg prometheus.Registerer, handler http.Handler) http.Handler {
-	cnt := prometheus.NewCounterVec(
-		prometheus.CounterOpts{
-			Name: "promhttp_metric_handler_requests_total",
-			Help: "Total number of scrapes by HTTP status code.",
-		},
-		[]string{"code"},
-	)
-	// Initialize the most likely HTTP status codes.
-	cnt.WithLabelValues("200")
-	cnt.WithLabelValues("500")
-	cnt.WithLabelValues("503")
-	if err := reg.Register(cnt); err != nil {
-		if are, ok := err.(prometheus.AlreadyRegisteredError); ok {
-			cnt = are.ExistingCollector.(*prometheus.CounterVec)
-		} else {
-			panic(err)
-		}
-	}
-
-	gge := prometheus.NewGauge(prometheus.GaugeOpts{
-		Name: "promhttp_metric_handler_requests_in_flight",
-		Help: "Current number of scrapes being served.",
-	})
-	if err := reg.Register(gge); err != nil {
-		if are, ok := err.(prometheus.AlreadyRegisteredError); ok {
-			gge = are.ExistingCollector.(prometheus.Gauge)
-		} else {
-			panic(err)
-		}
-	}
-
-	return InstrumentHandlerCounter(cnt, InstrumentHandlerInFlight(gge, handler))
-}
-
-// HandlerErrorHandling defines how a Handler serving metrics will handle
-// errors.
-type HandlerErrorHandling int
-
-// These constants cause handlers serving metrics to behave as described if
-// errors are encountered.
-const (
-	// Serve an HTTP status code 500 upon the first error
-	// encountered. Report the error message in the body. Note that HTTP
-	// errors cannot be served anymore once the beginning of a regular
-	// payload has been sent. Thus, in the (unlikely) case that encoding the
-	// payload into the negotiated wire format fails, serving the response
-	// will simply be aborted. Set an ErrorLog in HandlerOpts to detect
-	// those errors.
-	HTTPErrorOnError HandlerErrorHandling = iota
-	// Ignore errors and try to serve as many metrics as possible.  However,
-	// if no metrics can be served, serve an HTTP status code 500 and the
-	// last error message in the body. Only use this in deliberate "best
-	// effort" metrics collection scenarios. In this case, it is highly
-	// recommended to provide other means of detecting errors: By setting an
-	// ErrorLog in HandlerOpts, the errors are logged. By providing a
-	// Registry in HandlerOpts, the exposed metrics include an error counter
-	// "promhttp_metric_handler_errors_total", which can be used for
-	// alerts.
-	ContinueOnError
-	// Panic upon the first error encountered (useful for "crash only" apps).
-	PanicOnError
-)
-
-// Logger is the minimal interface HandlerOpts needs for logging. Note that
-// log.Logger from the standard library implements this interface, and it is
-// easy to implement by custom loggers, if they don't do so already anyway.
-type Logger interface {
-	Println(v ...interface{})
-}
-
-// HandlerOpts specifies options how to serve metrics via an http.Handler. The
-// zero value of HandlerOpts is a reasonable default.
-type HandlerOpts struct {
-	// ErrorLog specifies an optional Logger for errors collecting and
-	// serving metrics. If nil, errors are not logged at all. Note that the
-	// type of a reported error is often prometheus.MultiError, which
-	// formats into a multi-line error string. If you want to avoid the
-	// latter, create a Logger implementation that detects a
-	// prometheus.MultiError and formats the contained errors into one line.
-	ErrorLog Logger
-	// ErrorHandling defines how errors are handled. Note that errors are
-	// logged regardless of the configured ErrorHandling provided ErrorLog
-	// is not nil.
-	ErrorHandling HandlerErrorHandling
-	// If Registry is not nil, it is used to register a metric
-	// "promhttp_metric_handler_errors_total", partitioned by "cause". A
-	// failed registration causes a panic. Note that this error counter is
-	// different from the instrumentation you get from the various
-	// InstrumentHandler... helpers. It counts errors that don't necessarily
-	// result in a non-2xx HTTP status code. There are two typical cases:
-	// (1) Encoding errors that only happen after streaming of the HTTP body
-	// has already started (and the status code 200 has been sent). This
-	// should only happen with custom collectors. (2) Collection errors with
-	// no effect on the HTTP status code because ErrorHandling is set to
-	// ContinueOnError.
-	Registry prometheus.Registerer
-	// If DisableCompression is true, the handler will never compress the
-	// response, even if requested by the client.
-	DisableCompression bool
-	// The number of concurrent HTTP requests is limited to
-	// MaxRequestsInFlight. Additional requests are responded to with 503
-	// Service Unavailable and a suitable message in the body. If
-	// MaxRequestsInFlight is 0 or negative, no limit is applied.
-	MaxRequestsInFlight int
-	// If handling a request takes longer than Timeout, it is responded to
-	// with 503 ServiceUnavailable and a suitable Message. No timeout is
-	// applied if Timeout is 0 or negative. Note that with the current
-	// implementation, reaching the timeout simply ends the HTTP requests as
-	// described above (and even that only if sending of the body hasn't
-	// started yet), while the bulk work of gathering all the metrics keeps
-	// running in the background (with the eventual result to be thrown
-	// away). Until the implementation is improved, it is recommended to
-	// implement a separate timeout in potentially slow Collectors.
-	Timeout time.Duration
-	// If true, the experimental OpenMetrics encoding is added to the
-	// possible options during content negotiation. Note that Prometheus
-	// 2.5.0+ will negotiate OpenMetrics as first priority. OpenMetrics is
-	// the only way to transmit exemplars. However, the move to OpenMetrics
-	// is not completely transparent. Most notably, the values of "quantile"
-	// labels of Summaries and "le" labels of Histograms are formatted with
-	// a trailing ".0" if they would otherwise look like integer numbers
-	// (which changes the identity of the resulting series on the Prometheus
-	// server).
-	EnableOpenMetrics bool
-}
-
-// gzipAccepted returns whether the client will accept gzip-encoded content.
-func gzipAccepted(header http.Header) bool {
-	a := header.Get(acceptEncodingHeader)
-	parts := strings.Split(a, ",")
-	for _, part := range parts {
-		part = strings.TrimSpace(part)
-		if part == "gzip" || strings.HasPrefix(part, "gzip;") {
-			return true
-		}
-	}
-	return false
-}
-
-// httpError removes any content-encoding header and then calls http.Error with
-// the provided error and http.StatusInternalServerError. Error contents is
-// supposed to be uncompressed plain text. Same as with a plain http.Error, this
-// must not be called if the header or any payload has already been sent.
-func httpError(rsp http.ResponseWriter, err error) {
-	rsp.Header().Del(contentEncodingHeader)
-	http.Error(
-		rsp,
-		"An error has occurred while serving metrics:\n\n"+err.Error(),
-		http.StatusInternalServerError,
-	)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go
deleted file mode 100644
index 861b4d21c..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go
+++ /dev/null
@@ -1,235 +0,0 @@
-// Copyright 2017 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package promhttp
-
-import (
-	"crypto/tls"
-	"net/http"
-	"net/http/httptrace"
-	"time"
-
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-// The RoundTripperFunc type is an adapter to allow the use of ordinary
-// functions as RoundTrippers. If f is a function with the appropriate
-// signature, RountTripperFunc(f) is a RoundTripper that calls f.
-type RoundTripperFunc func(req *http.Request) (*http.Response, error)
-
-// RoundTrip implements the RoundTripper interface.
-func (rt RoundTripperFunc) RoundTrip(r *http.Request) (*http.Response, error) {
-	return rt(r)
-}
-
-// InstrumentRoundTripperInFlight is a middleware that wraps the provided
-// http.RoundTripper. It sets the provided prometheus.Gauge to the number of
-// requests currently handled by the wrapped http.RoundTripper.
-//
-// See the example for ExampleInstrumentRoundTripperDuration for example usage.
-func InstrumentRoundTripperInFlight(gauge prometheus.Gauge, next http.RoundTripper) RoundTripperFunc {
-	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
-		gauge.Inc()
-		defer gauge.Dec()
-		return next.RoundTrip(r)
-	})
-}
-
-// InstrumentRoundTripperCounter is a middleware that wraps the provided
-// http.RoundTripper to observe the request result with the provided CounterVec.
-// The CounterVec must have zero, one, or two non-const non-curried labels. For
-// those, the only allowed label names are "code" and "method". The function
-// panics otherwise. For the "method" label a predefined default label value set
-// is used to filter given values. Values besides predefined values will count
-// as `unknown` method.`WithExtraMethods` can be used to add more
-// methods to the set. Partitioning of the CounterVec happens by HTTP status code
-// and/or HTTP method if the respective instance label names are present in the
-// CounterVec. For unpartitioned counting, use a CounterVec with zero labels.
-//
-// If the wrapped RoundTripper panics or returns a non-nil error, the Counter
-// is not incremented.
-//
-// See the example for ExampleInstrumentRoundTripperDuration for example usage.
-func InstrumentRoundTripperCounter(counter *prometheus.CounterVec, next http.RoundTripper, opts ...Option) RoundTripperFunc {
-	rtOpts := &option{}
-	for _, o := range opts {
-		o(rtOpts)
-	}
-
-	code, method := checkLabels(counter)
-
-	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
-		resp, err := next.RoundTrip(r)
-		if err == nil {
-			counter.With(labels(code, method, r.Method, resp.StatusCode, rtOpts.extraMethods...)).Inc()
-		}
-		return resp, err
-	})
-}
-
-// InstrumentRoundTripperDuration is a middleware that wraps the provided
-// http.RoundTripper to observe the request duration with the provided
-// ObserverVec.  The ObserverVec must have zero, one, or two non-const
-// non-curried labels. For those, the only allowed label names are "code" and
-// "method". The function panics otherwise. For the "method" label a predefined
-// default label value set is used to filter given values. Values besides
-// predefined values will count as `unknown` method. `WithExtraMethods`
-// can be used to add more methods to the set. The Observe method of the Observer
-// in the ObserverVec is called with the request duration in
-// seconds. Partitioning happens by HTTP status code and/or HTTP method if the
-// respective instance label names are present in the ObserverVec. For
-// unpartitioned observations, use an ObserverVec with zero labels. Note that
-// partitioning of Histograms is expensive and should be used judiciously.
-//
-// If the wrapped RoundTripper panics or returns a non-nil error, no values are
-// reported.
-//
-// Note that this method is only guaranteed to never observe negative durations
-// if used with Go1.9+.
-func InstrumentRoundTripperDuration(obs prometheus.ObserverVec, next http.RoundTripper, opts ...Option) RoundTripperFunc {
-	rtOpts := &option{}
-	for _, o := range opts {
-		o(rtOpts)
-	}
-
-	code, method := checkLabels(obs)
-
-	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
-		start := time.Now()
-		resp, err := next.RoundTrip(r)
-		if err == nil {
-			obs.With(labels(code, method, r.Method, resp.StatusCode, rtOpts.extraMethods...)).Observe(time.Since(start).Seconds())
-		}
-		return resp, err
-	})
-}
-
-// InstrumentTrace is used to offer flexibility in instrumenting the available
-// httptrace.ClientTrace hook functions. Each function is passed a float64
-// representing the time in seconds since the start of the http request. A user
-// may choose to use separately buckets Histograms, or implement custom
-// instance labels on a per function basis.
-type InstrumentTrace struct {
-	GotConn              func(float64)
-	PutIdleConn          func(float64)
-	GotFirstResponseByte func(float64)
-	Got100Continue       func(float64)
-	DNSStart             func(float64)
-	DNSDone              func(float64)
-	ConnectStart         func(float64)
-	ConnectDone          func(float64)
-	TLSHandshakeStart    func(float64)
-	TLSHandshakeDone     func(float64)
-	WroteHeaders         func(float64)
-	Wait100Continue      func(float64)
-	WroteRequest         func(float64)
-}
-
-// InstrumentRoundTripperTrace is a middleware that wraps the provided
-// RoundTripper and reports times to hook functions provided in the
-// InstrumentTrace struct. Hook functions that are not present in the provided
-// InstrumentTrace struct are ignored. Times reported to the hook functions are
-// time since the start of the request. Only with Go1.9+, those times are
-// guaranteed to never be negative. (Earlier Go versions are not using a
-// monotonic clock.) Note that partitioning of Histograms is expensive and
-// should be used judiciously.
-//
-// For hook functions that receive an error as an argument, no observations are
-// made in the event of a non-nil error value.
-//
-// See the example for ExampleInstrumentRoundTripperDuration for example usage.
-func InstrumentRoundTripperTrace(it *InstrumentTrace, next http.RoundTripper) RoundTripperFunc {
-	return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
-		start := time.Now()
-
-		trace := &httptrace.ClientTrace{
-			GotConn: func(_ httptrace.GotConnInfo) {
-				if it.GotConn != nil {
-					it.GotConn(time.Since(start).Seconds())
-				}
-			},
-			PutIdleConn: func(err error) {
-				if err != nil {
-					return
-				}
-				if it.PutIdleConn != nil {
-					it.PutIdleConn(time.Since(start).Seconds())
-				}
-			},
-			DNSStart: func(_ httptrace.DNSStartInfo) {
-				if it.DNSStart != nil {
-					it.DNSStart(time.Since(start).Seconds())
-				}
-			},
-			DNSDone: func(_ httptrace.DNSDoneInfo) {
-				if it.DNSDone != nil {
-					it.DNSDone(time.Since(start).Seconds())
-				}
-			},
-			ConnectStart: func(_, _ string) {
-				if it.ConnectStart != nil {
-					it.ConnectStart(time.Since(start).Seconds())
-				}
-			},
-			ConnectDone: func(_, _ string, err error) {
-				if err != nil {
-					return
-				}
-				if it.ConnectDone != nil {
-					it.ConnectDone(time.Since(start).Seconds())
-				}
-			},
-			GotFirstResponseByte: func() {
-				if it.GotFirstResponseByte != nil {
-					it.GotFirstResponseByte(time.Since(start).Seconds())
-				}
-			},
-			Got100Continue: func() {
-				if it.Got100Continue != nil {
-					it.Got100Continue(time.Since(start).Seconds())
-				}
-			},
-			TLSHandshakeStart: func() {
-				if it.TLSHandshakeStart != nil {
-					it.TLSHandshakeStart(time.Since(start).Seconds())
-				}
-			},
-			TLSHandshakeDone: func(_ tls.ConnectionState, err error) {
-				if err != nil {
-					return
-				}
-				if it.TLSHandshakeDone != nil {
-					it.TLSHandshakeDone(time.Since(start).Seconds())
-				}
-			},
-			WroteHeaders: func() {
-				if it.WroteHeaders != nil {
-					it.WroteHeaders(time.Since(start).Seconds())
-				}
-			},
-			Wait100Continue: func() {
-				if it.Wait100Continue != nil {
-					it.Wait100Continue(time.Since(start).Seconds())
-				}
-			},
-			WroteRequest: func(_ httptrace.WroteRequestInfo) {
-				if it.WroteRequest != nil {
-					it.WroteRequest(time.Since(start).Seconds())
-				}
-			},
-		}
-		r = r.WithContext(httptrace.WithClientTrace(r.Context(), trace))
-
-		return next.RoundTrip(r)
-	})
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
deleted file mode 100644
index a23f0edc6..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
+++ /dev/null
@@ -1,517 +0,0 @@
-// Copyright 2017 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package promhttp
-
-import (
-	"errors"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	dto "github.com/prometheus/client_model/go"
-
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-// magicString is used for the hacky label test in checkLabels. Remove once fixed.
-const magicString = "zZgWfBxLqvG8kc8IMv3POi2Bb0tZI3vAnBx+gBaFi9FyPzB/CzKUer1yufDa"
-
-// InstrumentHandlerInFlight is a middleware that wraps the provided
-// http.Handler. It sets the provided prometheus.Gauge to the number of
-// requests currently handled by the wrapped http.Handler.
-//
-// See the example for InstrumentHandlerDuration for example usage.
-func InstrumentHandlerInFlight(g prometheus.Gauge, next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		g.Inc()
-		defer g.Dec()
-		next.ServeHTTP(w, r)
-	})
-}
-
-// InstrumentHandlerDuration is a middleware that wraps the provided
-// http.Handler to observe the request duration with the provided ObserverVec.
-// The ObserverVec must have valid metric and label names and must have zero,
-// one, or two non-const non-curried labels. For those, the only allowed label
-// names are "code" and "method". The function panics otherwise. For the "method"
-// label a predefined default label value set is used to filter given values.
-// Values besides predefined values will count as `unknown` method.
-//`WithExtraMethods` can be used to add more methods to the set. The Observe
-// method of the Observer in the ObserverVec is called with the request duration
-// in seconds. Partitioning happens by HTTP status code and/or HTTP method if
-// the respective instance label names are present in the ObserverVec. For
-// unpartitioned observations, use an ObserverVec with zero labels. Note that
-// partitioning of Histograms is expensive and should be used judiciously.
-//
-// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
-//
-// If the wrapped Handler panics, no values are reported.
-//
-// Note that this method is only guaranteed to never observe negative durations
-// if used with Go1.9+.
-func InstrumentHandlerDuration(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.HandlerFunc {
-	mwOpts := &option{}
-	for _, o := range opts {
-		o(mwOpts)
-	}
-
-	code, method := checkLabels(obs)
-
-	if code {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			now := time.Now()
-			d := newDelegator(w, nil)
-			next.ServeHTTP(d, r)
-
-			obs.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Observe(time.Since(now).Seconds())
-		})
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		now := time.Now()
-		next.ServeHTTP(w, r)
-		obs.With(labels(code, method, r.Method, 0, mwOpts.extraMethods...)).Observe(time.Since(now).Seconds())
-	})
-}
-
-// InstrumentHandlerCounter is a middleware that wraps the provided http.Handler
-// to observe the request result with the provided CounterVec. The CounterVec
-// must have valid metric and label names and must have zero, one, or two
-// non-const non-curried labels. For those, the only allowed label names are
-// "code" and "method". The function panics otherwise. For the "method"
-// label a predefined default label value set is used to filter given values.
-// Values besides predefined values will count as `unknown` method.
-// `WithExtraMethods` can be used to add more methods to the set. Partitioning of the
-// CounterVec happens by HTTP status code and/or HTTP method if the respective
-// instance label names are present in the CounterVec. For unpartitioned
-// counting, use a CounterVec with zero labels.
-//
-// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
-//
-// If the wrapped Handler panics, the Counter is not incremented.
-//
-// See the example for InstrumentHandlerDuration for example usage.
-func InstrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler, opts ...Option) http.HandlerFunc {
-	mwOpts := &option{}
-	for _, o := range opts {
-		o(mwOpts)
-	}
-
-	code, method := checkLabels(counter)
-
-	if code {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			d := newDelegator(w, nil)
-			next.ServeHTTP(d, r)
-			counter.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Inc()
-		})
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		next.ServeHTTP(w, r)
-		counter.With(labels(code, method, r.Method, 0, mwOpts.extraMethods...)).Inc()
-	})
-}
-
-// InstrumentHandlerTimeToWriteHeader is a middleware that wraps the provided
-// http.Handler to observe with the provided ObserverVec the request duration
-// until the response headers are written. The ObserverVec must have valid
-// metric and label names and must have zero, one, or two non-const non-curried
-// labels. For those, the only allowed label names are "code" and "method". The
-// function panics otherwise. For the "method" label a predefined default label
-// value set is used to filter given values. Values besides predefined values
-// will count as `unknown` method.`WithExtraMethods` can be used to add more
-// methods to the set. The Observe method of the Observer in the
-// ObserverVec is called with the request duration in seconds. Partitioning
-// happens by HTTP status code and/or HTTP method if the respective instance
-// label names are present in the ObserverVec. For unpartitioned observations,
-// use an ObserverVec with zero labels. Note that partitioning of Histograms is
-// expensive and should be used judiciously.
-//
-// If the wrapped Handler panics before calling WriteHeader, no value is
-// reported.
-//
-// Note that this method is only guaranteed to never observe negative durations
-// if used with Go1.9+.
-//
-// See the example for InstrumentHandlerDuration for example usage.
-func InstrumentHandlerTimeToWriteHeader(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.HandlerFunc {
-	mwOpts := &option{}
-	for _, o := range opts {
-		o(mwOpts)
-	}
-
-	code, method := checkLabels(obs)
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		now := time.Now()
-		d := newDelegator(w, func(status int) {
-			obs.With(labels(code, method, r.Method, status, mwOpts.extraMethods...)).Observe(time.Since(now).Seconds())
-		})
-		next.ServeHTTP(d, r)
-	})
-}
-
-// InstrumentHandlerRequestSize is a middleware that wraps the provided
-// http.Handler to observe the request size with the provided ObserverVec. The
-// ObserverVec must have valid metric and label names and must have zero, one,
-// or two non-const non-curried labels. For those, the only allowed label names
-// are "code" and "method". The function panics otherwise. For the "method"
-// label a predefined default label value set is used to filter given values.
-// Values besides predefined values will count as `unknown` method.
-// `WithExtraMethods` can be used to add more methods to the set. The Observe
-// method of the Observer in the ObserverVec is called with the request size in
-// bytes. Partitioning happens by HTTP status code and/or HTTP method if the
-// respective instance label names are present in the ObserverVec. For
-// unpartitioned observations, use an ObserverVec with zero labels. Note that
-// partitioning of Histograms is expensive and should be used judiciously.
-//
-// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
-//
-// If the wrapped Handler panics, no values are reported.
-//
-// See the example for InstrumentHandlerDuration for example usage.
-func InstrumentHandlerRequestSize(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.HandlerFunc {
-	mwOpts := &option{}
-	for _, o := range opts {
-		o(mwOpts)
-	}
-
-	code, method := checkLabels(obs)
-
-	if code {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			d := newDelegator(w, nil)
-			next.ServeHTTP(d, r)
-			size := computeApproximateRequestSize(r)
-			obs.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Observe(float64(size))
-		})
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		next.ServeHTTP(w, r)
-		size := computeApproximateRequestSize(r)
-		obs.With(labels(code, method, r.Method, 0, mwOpts.extraMethods...)).Observe(float64(size))
-	})
-}
-
-// InstrumentHandlerResponseSize is a middleware that wraps the provided
-// http.Handler to observe the response size with the provided ObserverVec. The
-// ObserverVec must have valid metric and label names and must have zero, one,
-// or two non-const non-curried labels. For those, the only allowed label names
-// are "code" and "method". The function panics otherwise. For the "method"
-// label a predefined default label value set is used to filter given values.
-// Values besides predefined values will count as `unknown` method.
-// `WithExtraMethods` can be used to add more methods to the set. The Observe
-// method of the Observer in the ObserverVec is called with the response size in
-// bytes. Partitioning happens by HTTP status code and/or HTTP method if the
-// respective instance label names are present in the ObserverVec. For
-// unpartitioned observations, use an ObserverVec with zero labels. Note that
-// partitioning of Histograms is expensive and should be used judiciously.
-//
-// If the wrapped Handler does not set a status code, a status code of 200 is assumed.
-//
-// If the wrapped Handler panics, no values are reported.
-//
-// See the example for InstrumentHandlerDuration for example usage.
-func InstrumentHandlerResponseSize(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.Handler {
-	mwOpts := &option{}
-	for _, o := range opts {
-		o(mwOpts)
-	}
-
-	code, method := checkLabels(obs)
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		d := newDelegator(w, nil)
-		next.ServeHTTP(d, r)
-		obs.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Observe(float64(d.Written()))
-	})
-}
-
-// checkLabels returns whether the provided Collector has a non-const,
-// non-curried label named "code" and/or "method". It panics if the provided
-// Collector does not have a Desc or has more than one Desc or its Desc is
-// invalid. It also panics if the Collector has any non-const, non-curried
-// labels that are not named "code" or "method".
-func checkLabels(c prometheus.Collector) (code bool, method bool) {
-	// TODO(beorn7): Remove this hacky way to check for instance labels
-	// once Descriptors can have their dimensionality queried.
-	var (
-		desc *prometheus.Desc
-		m    prometheus.Metric
-		pm   dto.Metric
-		lvs  []string
-	)
-
-	// Get the Desc from the Collector.
-	descc := make(chan *prometheus.Desc, 1)
-	c.Describe(descc)
-
-	select {
-	case desc = <-descc:
-	default:
-		panic("no description provided by collector")
-	}
-	select {
-	case <-descc:
-		panic("more than one description provided by collector")
-	default:
-	}
-
-	close(descc)
-
-	// Make sure the Collector has a valid Desc by registering it with a
-	// temporary registry.
-	prometheus.NewRegistry().MustRegister(c)
-
-	// Create a ConstMetric with the Desc. Since we don't know how many
-	// variable labels there are, try for as long as it needs.
-	for err := errors.New("dummy"); err != nil; lvs = append(lvs, magicString) {
-		m, err = prometheus.NewConstMetric(desc, prometheus.UntypedValue, 0, lvs...)
-	}
-
-	// Write out the metric into a proto message and look at the labels.
-	// If the value is not the magicString, it is a constLabel, which doesn't interest us.
-	// If the label is curried, it doesn't interest us.
-	// In all other cases, only "code" or "method" is allowed.
-	if err := m.Write(&pm); err != nil {
-		panic("error checking metric for labels")
-	}
-	for _, label := range pm.Label {
-		name, value := label.GetName(), label.GetValue()
-		if value != magicString || isLabelCurried(c, name) {
-			continue
-		}
-		switch name {
-		case "code":
-			code = true
-		case "method":
-			method = true
-		default:
-			panic("metric partitioned with non-supported labels")
-		}
-	}
-	return
-}
-
-func isLabelCurried(c prometheus.Collector, label string) bool {
-	// This is even hackier than the label test above.
-	// We essentially try to curry again and see if it works.
-	// But for that, we need to type-convert to the two
-	// types we use here, ObserverVec or *CounterVec.
-	switch v := c.(type) {
-	case *prometheus.CounterVec:
-		if _, err := v.CurryWith(prometheus.Labels{label: "dummy"}); err == nil {
-			return false
-		}
-	case prometheus.ObserverVec:
-		if _, err := v.CurryWith(prometheus.Labels{label: "dummy"}); err == nil {
-			return false
-		}
-	default:
-		panic("unsupported metric vec type")
-	}
-	return true
-}
-
-// emptyLabels is a one-time allocation for non-partitioned metrics to avoid
-// unnecessary allocations on each request.
-var emptyLabels = prometheus.Labels{}
-
-func labels(code, method bool, reqMethod string, status int, extraMethods ...string) prometheus.Labels {
-	if !(code || method) {
-		return emptyLabels
-	}
-	labels := prometheus.Labels{}
-
-	if code {
-		labels["code"] = sanitizeCode(status)
-	}
-	if method {
-		labels["method"] = sanitizeMethod(reqMethod, extraMethods...)
-	}
-
-	return labels
-}
-
-func computeApproximateRequestSize(r *http.Request) int {
-	s := 0
-	if r.URL != nil {
-		s += len(r.URL.String())
-	}
-
-	s += len(r.Method)
-	s += len(r.Proto)
-	for name, values := range r.Header {
-		s += len(name)
-		for _, value := range values {
-			s += len(value)
-		}
-	}
-	s += len(r.Host)
-
-	// N.B. r.Form and r.MultipartForm are assumed to be included in r.URL.
-
-	if r.ContentLength != -1 {
-		s += int(r.ContentLength)
-	}
-	return s
-}
-
-// If the wrapped http.Handler has a known method, it will be sanitized and returned.
-// Otherwise, "unknown" will be returned. The known method list can be extended
-// as needed by using extraMethods parameter.
-func sanitizeMethod(m string, extraMethods ...string) string {
-	// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods for
-	// the methods chosen as default.
-	switch m {
-	case "GET", "get":
-		return "get"
-	case "PUT", "put":
-		return "put"
-	case "HEAD", "head":
-		return "head"
-	case "POST", "post":
-		return "post"
-	case "DELETE", "delete":
-		return "delete"
-	case "CONNECT", "connect":
-		return "connect"
-	case "OPTIONS", "options":
-		return "options"
-	case "NOTIFY", "notify":
-		return "notify"
-	case "TRACE", "trace":
-		return "trace"
-	case "PATCH", "patch":
-		return "patch"
-	default:
-		for _, method := range extraMethods {
-			if strings.EqualFold(m, method) {
-				return strings.ToLower(m)
-			}
-		}
-		return "unknown"
-	}
-}
-
-// If the wrapped http.Handler has not set a status code, i.e. the value is
-// currently 0, sanitizeCode will return 200, for consistency with behavior in
-// the stdlib.
-func sanitizeCode(s int) string {
-	// See for accepted codes https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
-	switch s {
-	case 100:
-		return "100"
-	case 101:
-		return "101"
-
-	case 200, 0:
-		return "200"
-	case 201:
-		return "201"
-	case 202:
-		return "202"
-	case 203:
-		return "203"
-	case 204:
-		return "204"
-	case 205:
-		return "205"
-	case 206:
-		return "206"
-
-	case 300:
-		return "300"
-	case 301:
-		return "301"
-	case 302:
-		return "302"
-	case 304:
-		return "304"
-	case 305:
-		return "305"
-	case 307:
-		return "307"
-
-	case 400:
-		return "400"
-	case 401:
-		return "401"
-	case 402:
-		return "402"
-	case 403:
-		return "403"
-	case 404:
-		return "404"
-	case 405:
-		return "405"
-	case 406:
-		return "406"
-	case 407:
-		return "407"
-	case 408:
-		return "408"
-	case 409:
-		return "409"
-	case 410:
-		return "410"
-	case 411:
-		return "411"
-	case 412:
-		return "412"
-	case 413:
-		return "413"
-	case 414:
-		return "414"
-	case 415:
-		return "415"
-	case 416:
-		return "416"
-	case 417:
-		return "417"
-	case 418:
-		return "418"
-
-	case 500:
-		return "500"
-	case 501:
-		return "501"
-	case 502:
-		return "502"
-	case 503:
-		return "503"
-	case 504:
-		return "504"
-	case 505:
-		return "505"
-
-	case 428:
-		return "428"
-	case 429:
-		return "429"
-	case 431:
-		return "431"
-	case 511:
-		return "511"
-
-	default:
-		if s >= 100 && s <= 599 {
-			return strconv.Itoa(s)
-		}
-		return "unknown"
-	}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option.go
deleted file mode 100644
index 35e41bd1e..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2022 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package promhttp
-
-// Option are used to configure a middleware or round tripper..
-type Option func(*option)
-
-type option struct {
-	extraMethods []string
-}
-
-// WithExtraMethods adds additional HTTP methods to the list of allowed methods.
-// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods for the default list.
-//
-// See the example for ExampleInstrumentHandlerWithExtraMethods for example usage.
-func WithExtraMethods(methods ...string) Option {
-	return func(o *option) {
-		o.extraMethods = methods
-	}
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/registry.go b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
deleted file mode 100644
index 383a7f594..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/registry.go
+++ /dev/null
@@ -1,950 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"runtime"
-	"sort"
-	"strings"
-	"sync"
-	"unicode/utf8"
-
-	"github.com/cespare/xxhash/v2"
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"github.com/prometheus/common/expfmt"
-
-	dto "github.com/prometheus/client_model/go"
-
-	"github.com/prometheus/client_golang/prometheus/internal"
-)
-
-const (
-	// Capacity for the channel to collect metrics and descriptors.
-	capMetricChan = 1000
-	capDescChan   = 10
-)
-
-// DefaultRegisterer and DefaultGatherer are the implementations of the
-// Registerer and Gatherer interface a number of convenience functions in this
-// package act on. Initially, both variables point to the same Registry, which
-// has a process collector (currently on Linux only, see NewProcessCollector)
-// and a Go collector (see NewGoCollector, in particular the note about
-// stop-the-world implication with Go versions older than 1.9) already
-// registered. This approach to keep default instances as global state mirrors
-// the approach of other packages in the Go standard library. Note that there
-// are caveats. Change the variables with caution and only if you understand the
-// consequences. Users who want to avoid global state altogether should not use
-// the convenience functions and act on custom instances instead.
-var (
-	defaultRegistry              = NewRegistry()
-	DefaultRegisterer Registerer = defaultRegistry
-	DefaultGatherer   Gatherer   = defaultRegistry
-)
-
-func init() {
-	MustRegister(NewProcessCollector(ProcessCollectorOpts{}))
-	MustRegister(NewGoCollector())
-}
-
-// NewRegistry creates a new vanilla Registry without any Collectors
-// pre-registered.
-func NewRegistry() *Registry {
-	return &Registry{
-		collectorsByID:  map[uint64]Collector{},
-		descIDs:         map[uint64]struct{}{},
-		dimHashesByName: map[string]uint64{},
-	}
-}
-
-// NewPedanticRegistry returns a registry that checks during collection if each
-// collected Metric is consistent with its reported Desc, and if the Desc has
-// actually been registered with the registry. Unchecked Collectors (those whose
-// Describe method does not yield any descriptors) are excluded from the check.
-//
-// Usually, a Registry will be happy as long as the union of all collected
-// Metrics is consistent and valid even if some metrics are not consistent with
-// their own Desc or a Desc provided by their registered Collector. Well-behaved
-// Collectors and Metrics will only provide consistent Descs. This Registry is
-// useful to test the implementation of Collectors and Metrics.
-func NewPedanticRegistry() *Registry {
-	r := NewRegistry()
-	r.pedanticChecksEnabled = true
-	return r
-}
-
-// Registerer is the interface for the part of a registry in charge of
-// registering and unregistering. Users of custom registries should use
-// Registerer as type for registration purposes (rather than the Registry type
-// directly). In that way, they are free to use custom Registerer implementation
-// (e.g. for testing purposes).
-type Registerer interface {
-	// Register registers a new Collector to be included in metrics
-	// collection. It returns an error if the descriptors provided by the
-	// Collector are invalid or if they — in combination with descriptors of
-	// already registered Collectors — do not fulfill the consistency and
-	// uniqueness criteria described in the documentation of metric.Desc.
-	//
-	// If the provided Collector is equal to a Collector already registered
-	// (which includes the case of re-registering the same Collector), the
-	// returned error is an instance of AlreadyRegisteredError, which
-	// contains the previously registered Collector.
-	//
-	// A Collector whose Describe method does not yield any Desc is treated
-	// as unchecked. Registration will always succeed. No check for
-	// re-registering (see previous paragraph) is performed. Thus, the
-	// caller is responsible for not double-registering the same unchecked
-	// Collector, and for providing a Collector that will not cause
-	// inconsistent metrics on collection. (This would lead to scrape
-	// errors.)
-	Register(Collector) error
-	// MustRegister works like Register but registers any number of
-	// Collectors and panics upon the first registration that causes an
-	// error.
-	MustRegister(...Collector)
-	// Unregister unregisters the Collector that equals the Collector passed
-	// in as an argument.  (Two Collectors are considered equal if their
-	// Describe method yields the same set of descriptors.) The function
-	// returns whether a Collector was unregistered. Note that an unchecked
-	// Collector cannot be unregistered (as its Describe method does not
-	// yield any descriptor).
-	//
-	// Note that even after unregistering, it will not be possible to
-	// register a new Collector that is inconsistent with the unregistered
-	// Collector, e.g. a Collector collecting metrics with the same name but
-	// a different help string. The rationale here is that the same registry
-	// instance must only collect consistent metrics throughout its
-	// lifetime.
-	Unregister(Collector) bool
-}
-
-// Gatherer is the interface for the part of a registry in charge of gathering
-// the collected metrics into a number of MetricFamilies. The Gatherer interface
-// comes with the same general implication as described for the Registerer
-// interface.
-type Gatherer interface {
-	// Gather calls the Collect method of the registered Collectors and then
-	// gathers the collected metrics into a lexicographically sorted slice
-	// of uniquely named MetricFamily protobufs. Gather ensures that the
-	// returned slice is valid and self-consistent so that it can be used
-	// for valid exposition. As an exception to the strict consistency
-	// requirements described for metric.Desc, Gather will tolerate
-	// different sets of label names for metrics of the same metric family.
-	//
-	// Even if an error occurs, Gather attempts to gather as many metrics as
-	// possible. Hence, if a non-nil error is returned, the returned
-	// MetricFamily slice could be nil (in case of a fatal error that
-	// prevented any meaningful metric collection) or contain a number of
-	// MetricFamily protobufs, some of which might be incomplete, and some
-	// might be missing altogether. The returned error (which might be a
-	// MultiError) explains the details. Note that this is mostly useful for
-	// debugging purposes. If the gathered protobufs are to be used for
-	// exposition in actual monitoring, it is almost always better to not
-	// expose an incomplete result and instead disregard the returned
-	// MetricFamily protobufs in case the returned error is non-nil.
-	Gather() ([]*dto.MetricFamily, error)
-}
-
-// Register registers the provided Collector with the DefaultRegisterer.
-//
-// Register is a shortcut for DefaultRegisterer.Register(c). See there for more
-// details.
-func Register(c Collector) error {
-	return DefaultRegisterer.Register(c)
-}
-
-// MustRegister registers the provided Collectors with the DefaultRegisterer and
-// panics if any error occurs.
-//
-// MustRegister is a shortcut for DefaultRegisterer.MustRegister(cs...). See
-// there for more details.
-func MustRegister(cs ...Collector) {
-	DefaultRegisterer.MustRegister(cs...)
-}
-
-// Unregister removes the registration of the provided Collector from the
-// DefaultRegisterer.
-//
-// Unregister is a shortcut for DefaultRegisterer.Unregister(c). See there for
-// more details.
-func Unregister(c Collector) bool {
-	return DefaultRegisterer.Unregister(c)
-}
-
-// GathererFunc turns a function into a Gatherer.
-type GathererFunc func() ([]*dto.MetricFamily, error)
-
-// Gather implements Gatherer.
-func (gf GathererFunc) Gather() ([]*dto.MetricFamily, error) {
-	return gf()
-}
-
-// AlreadyRegisteredError is returned by the Register method if the Collector to
-// be registered has already been registered before, or a different Collector
-// that collects the same metrics has been registered before. Registration fails
-// in that case, but you can detect from the kind of error what has
-// happened. The error contains fields for the existing Collector and the
-// (rejected) new Collector that equals the existing one. This can be used to
-// find out if an equal Collector has been registered before and switch over to
-// using the old one, as demonstrated in the example.
-type AlreadyRegisteredError struct {
-	ExistingCollector, NewCollector Collector
-}
-
-func (err AlreadyRegisteredError) Error() string {
-	return "duplicate metrics collector registration attempted"
-}
-
-// MultiError is a slice of errors implementing the error interface. It is used
-// by a Gatherer to report multiple errors during MetricFamily gathering.
-type MultiError []error
-
-// Error formats the contained errors as a bullet point list, preceded by the
-// total number of errors. Note that this results in a multi-line string.
-func (errs MultiError) Error() string {
-	if len(errs) == 0 {
-		return ""
-	}
-	buf := &bytes.Buffer{}
-	fmt.Fprintf(buf, "%d error(s) occurred:", len(errs))
-	for _, err := range errs {
-		fmt.Fprintf(buf, "\n* %s", err)
-	}
-	return buf.String()
-}
-
-// Append appends the provided error if it is not nil.
-func (errs *MultiError) Append(err error) {
-	if err != nil {
-		*errs = append(*errs, err)
-	}
-}
-
-// MaybeUnwrap returns nil if len(errs) is 0. It returns the first and only
-// contained error as error if len(errs is 1). In all other cases, it returns
-// the MultiError directly. This is helpful for returning a MultiError in a way
-// that only uses the MultiError if needed.
-func (errs MultiError) MaybeUnwrap() error {
-	switch len(errs) {
-	case 0:
-		return nil
-	case 1:
-		return errs[0]
-	default:
-		return errs
-	}
-}
-
-// Registry registers Prometheus collectors, collects their metrics, and gathers
-// them into MetricFamilies for exposition. It implements both Registerer and
-// Gatherer. The zero value is not usable. Create instances with NewRegistry or
-// NewPedanticRegistry.
-type Registry struct {
-	mtx                   sync.RWMutex
-	collectorsByID        map[uint64]Collector // ID is a hash of the descIDs.
-	descIDs               map[uint64]struct{}
-	dimHashesByName       map[string]uint64
-	uncheckedCollectors   []Collector
-	pedanticChecksEnabled bool
-}
-
-// Register implements Registerer.
-func (r *Registry) Register(c Collector) error {
-	var (
-		descChan           = make(chan *Desc, capDescChan)
-		newDescIDs         = map[uint64]struct{}{}
-		newDimHashesByName = map[string]uint64{}
-		collectorID        uint64 // All desc IDs XOR'd together.
-		duplicateDescErr   error
-	)
-	go func() {
-		c.Describe(descChan)
-		close(descChan)
-	}()
-	r.mtx.Lock()
-	defer func() {
-		// Drain channel in case of premature return to not leak a goroutine.
-		for range descChan {
-		}
-		r.mtx.Unlock()
-	}()
-	// Conduct various tests...
-	for desc := range descChan {
-
-		// Is the descriptor valid at all?
-		if desc.err != nil {
-			return fmt.Errorf("descriptor %s is invalid: %s", desc, desc.err)
-		}
-
-		// Is the descID unique?
-		// (In other words: Is the fqName + constLabel combination unique?)
-		if _, exists := r.descIDs[desc.id]; exists {
-			duplicateDescErr = fmt.Errorf("descriptor %s already exists with the same fully-qualified name and const label values", desc)
-		}
-		// If it is not a duplicate desc in this collector, XOR it to
-		// the collectorID.  (We allow duplicate descs within the same
-		// collector, but their existence must be a no-op.)
-		if _, exists := newDescIDs[desc.id]; !exists {
-			newDescIDs[desc.id] = struct{}{}
-			collectorID ^= desc.id
-		}
-
-		// Are all the label names and the help string consistent with
-		// previous descriptors of the same name?
-		// First check existing descriptors...
-		if dimHash, exists := r.dimHashesByName[desc.fqName]; exists {
-			if dimHash != desc.dimHash {
-				return fmt.Errorf("a previously registered descriptor with the same fully-qualified name as %s has different label names or a different help string", desc)
-			}
-		} else {
-			// ...then check the new descriptors already seen.
-			if dimHash, exists := newDimHashesByName[desc.fqName]; exists {
-				if dimHash != desc.dimHash {
-					return fmt.Errorf("descriptors reported by collector have inconsistent label names or help strings for the same fully-qualified name, offender is %s", desc)
-				}
-			} else {
-				newDimHashesByName[desc.fqName] = desc.dimHash
-			}
-		}
-	}
-	// A Collector yielding no Desc at all is considered unchecked.
-	if len(newDescIDs) == 0 {
-		r.uncheckedCollectors = append(r.uncheckedCollectors, c)
-		return nil
-	}
-	if existing, exists := r.collectorsByID[collectorID]; exists {
-		switch e := existing.(type) {
-		case *wrappingCollector:
-			return AlreadyRegisteredError{
-				ExistingCollector: e.unwrapRecursively(),
-				NewCollector:      c,
-			}
-		default:
-			return AlreadyRegisteredError{
-				ExistingCollector: e,
-				NewCollector:      c,
-			}
-		}
-	}
-	// If the collectorID is new, but at least one of the descs existed
-	// before, we are in trouble.
-	if duplicateDescErr != nil {
-		return duplicateDescErr
-	}
-
-	// Only after all tests have passed, actually register.
-	r.collectorsByID[collectorID] = c
-	for hash := range newDescIDs {
-		r.descIDs[hash] = struct{}{}
-	}
-	for name, dimHash := range newDimHashesByName {
-		r.dimHashesByName[name] = dimHash
-	}
-	return nil
-}
-
-// Unregister implements Registerer.
-func (r *Registry) Unregister(c Collector) bool {
-	var (
-		descChan    = make(chan *Desc, capDescChan)
-		descIDs     = map[uint64]struct{}{}
-		collectorID uint64 // All desc IDs XOR'd together.
-	)
-	go func() {
-		c.Describe(descChan)
-		close(descChan)
-	}()
-	for desc := range descChan {
-		if _, exists := descIDs[desc.id]; !exists {
-			collectorID ^= desc.id
-			descIDs[desc.id] = struct{}{}
-		}
-	}
-
-	r.mtx.RLock()
-	if _, exists := r.collectorsByID[collectorID]; !exists {
-		r.mtx.RUnlock()
-		return false
-	}
-	r.mtx.RUnlock()
-
-	r.mtx.Lock()
-	defer r.mtx.Unlock()
-
-	delete(r.collectorsByID, collectorID)
-	for id := range descIDs {
-		delete(r.descIDs, id)
-	}
-	// dimHashesByName is left untouched as those must be consistent
-	// throughout the lifetime of a program.
-	return true
-}
-
-// MustRegister implements Registerer.
-func (r *Registry) MustRegister(cs ...Collector) {
-	for _, c := range cs {
-		if err := r.Register(c); err != nil {
-			panic(err)
-		}
-	}
-}
-
-// Gather implements Gatherer.
-func (r *Registry) Gather() ([]*dto.MetricFamily, error) {
-	var (
-		checkedMetricChan   = make(chan Metric, capMetricChan)
-		uncheckedMetricChan = make(chan Metric, capMetricChan)
-		metricHashes        = map[uint64]struct{}{}
-		wg                  sync.WaitGroup
-		errs                MultiError          // The collected errors to return in the end.
-		registeredDescIDs   map[uint64]struct{} // Only used for pedantic checks
-	)
-
-	r.mtx.RLock()
-	goroutineBudget := len(r.collectorsByID) + len(r.uncheckedCollectors)
-	metricFamiliesByName := make(map[string]*dto.MetricFamily, len(r.dimHashesByName))
-	checkedCollectors := make(chan Collector, len(r.collectorsByID))
-	uncheckedCollectors := make(chan Collector, len(r.uncheckedCollectors))
-	for _, collector := range r.collectorsByID {
-		checkedCollectors <- collector
-	}
-	for _, collector := range r.uncheckedCollectors {
-		uncheckedCollectors <- collector
-	}
-	// In case pedantic checks are enabled, we have to copy the map before
-	// giving up the RLock.
-	if r.pedanticChecksEnabled {
-		registeredDescIDs = make(map[uint64]struct{}, len(r.descIDs))
-		for id := range r.descIDs {
-			registeredDescIDs[id] = struct{}{}
-		}
-	}
-	r.mtx.RUnlock()
-
-	wg.Add(goroutineBudget)
-
-	collectWorker := func() {
-		for {
-			select {
-			case collector := <-checkedCollectors:
-				collector.Collect(checkedMetricChan)
-			case collector := <-uncheckedCollectors:
-				collector.Collect(uncheckedMetricChan)
-			default:
-				return
-			}
-			wg.Done()
-		}
-	}
-
-	// Start the first worker now to make sure at least one is running.
-	go collectWorker()
-	goroutineBudget--
-
-	// Close checkedMetricChan and uncheckedMetricChan once all collectors
-	// are collected.
-	go func() {
-		wg.Wait()
-		close(checkedMetricChan)
-		close(uncheckedMetricChan)
-	}()
-
-	// Drain checkedMetricChan and uncheckedMetricChan in case of premature return.
-	defer func() {
-		if checkedMetricChan != nil {
-			for range checkedMetricChan {
-			}
-		}
-		if uncheckedMetricChan != nil {
-			for range uncheckedMetricChan {
-			}
-		}
-	}()
-
-	// Copy the channel references so we can nil them out later to remove
-	// them from the select statements below.
-	cmc := checkedMetricChan
-	umc := uncheckedMetricChan
-
-	for {
-		select {
-		case metric, ok := <-cmc:
-			if !ok {
-				cmc = nil
-				break
-			}
-			errs.Append(processMetric(
-				metric, metricFamiliesByName,
-				metricHashes,
-				registeredDescIDs,
-			))
-		case metric, ok := <-umc:
-			if !ok {
-				umc = nil
-				break
-			}
-			errs.Append(processMetric(
-				metric, metricFamiliesByName,
-				metricHashes,
-				nil,
-			))
-		default:
-			if goroutineBudget <= 0 || len(checkedCollectors)+len(uncheckedCollectors) == 0 {
-				// All collectors are already being worked on or
-				// we have already as many goroutines started as
-				// there are collectors. Do the same as above,
-				// just without the default.
-				select {
-				case metric, ok := <-cmc:
-					if !ok {
-						cmc = nil
-						break
-					}
-					errs.Append(processMetric(
-						metric, metricFamiliesByName,
-						metricHashes,
-						registeredDescIDs,
-					))
-				case metric, ok := <-umc:
-					if !ok {
-						umc = nil
-						break
-					}
-					errs.Append(processMetric(
-						metric, metricFamiliesByName,
-						metricHashes,
-						nil,
-					))
-				}
-				break
-			}
-			// Start more workers.
-			go collectWorker()
-			goroutineBudget--
-			runtime.Gosched()
-		}
-		// Once both checkedMetricChan and uncheckdMetricChan are closed
-		// and drained, the contraption above will nil out cmc and umc,
-		// and then we can leave the collect loop here.
-		if cmc == nil && umc == nil {
-			break
-		}
-	}
-	return internal.NormalizeMetricFamilies(metricFamiliesByName), errs.MaybeUnwrap()
-}
-
-// WriteToTextfile calls Gather on the provided Gatherer, encodes the result in the
-// Prometheus text format, and writes it to a temporary file. Upon success, the
-// temporary file is renamed to the provided filename.
-//
-// This is intended for use with the textfile collector of the node exporter.
-// Note that the node exporter expects the filename to be suffixed with ".prom".
-func WriteToTextfile(filename string, g Gatherer) error {
-	tmp, err := ioutil.TempFile(filepath.Dir(filename), filepath.Base(filename))
-	if err != nil {
-		return err
-	}
-	defer os.Remove(tmp.Name())
-
-	mfs, err := g.Gather()
-	if err != nil {
-		return err
-	}
-	for _, mf := range mfs {
-		if _, err := expfmt.MetricFamilyToText(tmp, mf); err != nil {
-			return err
-		}
-	}
-	if err := tmp.Close(); err != nil {
-		return err
-	}
-
-	if err := os.Chmod(tmp.Name(), 0644); err != nil {
-		return err
-	}
-	return os.Rename(tmp.Name(), filename)
-}
-
-// processMetric is an internal helper method only used by the Gather method.
-func processMetric(
-	metric Metric,
-	metricFamiliesByName map[string]*dto.MetricFamily,
-	metricHashes map[uint64]struct{},
-	registeredDescIDs map[uint64]struct{},
-) error {
-	desc := metric.Desc()
-	// Wrapped metrics collected by an unchecked Collector can have an
-	// invalid Desc.
-	if desc.err != nil {
-		return desc.err
-	}
-	dtoMetric := &dto.Metric{}
-	if err := metric.Write(dtoMetric); err != nil {
-		return fmt.Errorf("error collecting metric %v: %s", desc, err)
-	}
-	metricFamily, ok := metricFamiliesByName[desc.fqName]
-	if ok { // Existing name.
-		if metricFamily.GetHelp() != desc.help {
-			return fmt.Errorf(
-				"collected metric %s %s has help %q but should have %q",
-				desc.fqName, dtoMetric, desc.help, metricFamily.GetHelp(),
-			)
-		}
-		// TODO(beorn7): Simplify switch once Desc has type.
-		switch metricFamily.GetType() {
-		case dto.MetricType_COUNTER:
-			if dtoMetric.Counter == nil {
-				return fmt.Errorf(
-					"collected metric %s %s should be a Counter",
-					desc.fqName, dtoMetric,
-				)
-			}
-		case dto.MetricType_GAUGE:
-			if dtoMetric.Gauge == nil {
-				return fmt.Errorf(
-					"collected metric %s %s should be a Gauge",
-					desc.fqName, dtoMetric,
-				)
-			}
-		case dto.MetricType_SUMMARY:
-			if dtoMetric.Summary == nil {
-				return fmt.Errorf(
-					"collected metric %s %s should be a Summary",
-					desc.fqName, dtoMetric,
-				)
-			}
-		case dto.MetricType_UNTYPED:
-			if dtoMetric.Untyped == nil {
-				return fmt.Errorf(
-					"collected metric %s %s should be Untyped",
-					desc.fqName, dtoMetric,
-				)
-			}
-		case dto.MetricType_HISTOGRAM:
-			if dtoMetric.Histogram == nil {
-				return fmt.Errorf(
-					"collected metric %s %s should be a Histogram",
-					desc.fqName, dtoMetric,
-				)
-			}
-		default:
-			panic("encountered MetricFamily with invalid type")
-		}
-	} else { // New name.
-		metricFamily = &dto.MetricFamily{}
-		metricFamily.Name = proto.String(desc.fqName)
-		metricFamily.Help = proto.String(desc.help)
-		// TODO(beorn7): Simplify switch once Desc has type.
-		switch {
-		case dtoMetric.Gauge != nil:
-			metricFamily.Type = dto.MetricType_GAUGE.Enum()
-		case dtoMetric.Counter != nil:
-			metricFamily.Type = dto.MetricType_COUNTER.Enum()
-		case dtoMetric.Summary != nil:
-			metricFamily.Type = dto.MetricType_SUMMARY.Enum()
-		case dtoMetric.Untyped != nil:
-			metricFamily.Type = dto.MetricType_UNTYPED.Enum()
-		case dtoMetric.Histogram != nil:
-			metricFamily.Type = dto.MetricType_HISTOGRAM.Enum()
-		default:
-			return fmt.Errorf("empty metric collected: %s", dtoMetric)
-		}
-		if err := checkSuffixCollisions(metricFamily, metricFamiliesByName); err != nil {
-			return err
-		}
-		metricFamiliesByName[desc.fqName] = metricFamily
-	}
-	if err := checkMetricConsistency(metricFamily, dtoMetric, metricHashes); err != nil {
-		return err
-	}
-	if registeredDescIDs != nil {
-		// Is the desc registered at all?
-		if _, exist := registeredDescIDs[desc.id]; !exist {
-			return fmt.Errorf(
-				"collected metric %s %s with unregistered descriptor %s",
-				metricFamily.GetName(), dtoMetric, desc,
-			)
-		}
-		if err := checkDescConsistency(metricFamily, dtoMetric, desc); err != nil {
-			return err
-		}
-	}
-	metricFamily.Metric = append(metricFamily.Metric, dtoMetric)
-	return nil
-}
-
-// Gatherers is a slice of Gatherer instances that implements the Gatherer
-// interface itself. Its Gather method calls Gather on all Gatherers in the
-// slice in order and returns the merged results. Errors returned from the
-// Gather calls are all returned in a flattened MultiError. Duplicate and
-// inconsistent Metrics are skipped (first occurrence in slice order wins) and
-// reported in the returned error.
-//
-// Gatherers can be used to merge the Gather results from multiple
-// Registries. It also provides a way to directly inject existing MetricFamily
-// protobufs into the gathering by creating a custom Gatherer with a Gather
-// method that simply returns the existing MetricFamily protobufs. Note that no
-// registration is involved (in contrast to Collector registration), so
-// obviously registration-time checks cannot happen. Any inconsistencies between
-// the gathered MetricFamilies are reported as errors by the Gather method, and
-// inconsistent Metrics are dropped. Invalid parts of the MetricFamilies
-// (e.g. syntactically invalid metric or label names) will go undetected.
-type Gatherers []Gatherer
-
-// Gather implements Gatherer.
-func (gs Gatherers) Gather() ([]*dto.MetricFamily, error) {
-	var (
-		metricFamiliesByName = map[string]*dto.MetricFamily{}
-		metricHashes         = map[uint64]struct{}{}
-		errs                 MultiError // The collected errors to return in the end.
-	)
-
-	for i, g := range gs {
-		mfs, err := g.Gather()
-		if err != nil {
-			if multiErr, ok := err.(MultiError); ok {
-				for _, err := range multiErr {
-					errs = append(errs, fmt.Errorf("[from Gatherer #%d] %s", i+1, err))
-				}
-			} else {
-				errs = append(errs, fmt.Errorf("[from Gatherer #%d] %s", i+1, err))
-			}
-		}
-		for _, mf := range mfs {
-			existingMF, exists := metricFamiliesByName[mf.GetName()]
-			if exists {
-				if existingMF.GetHelp() != mf.GetHelp() {
-					errs = append(errs, fmt.Errorf(
-						"gathered metric family %s has help %q but should have %q",
-						mf.GetName(), mf.GetHelp(), existingMF.GetHelp(),
-					))
-					continue
-				}
-				if existingMF.GetType() != mf.GetType() {
-					errs = append(errs, fmt.Errorf(
-						"gathered metric family %s has type %s but should have %s",
-						mf.GetName(), mf.GetType(), existingMF.GetType(),
-					))
-					continue
-				}
-			} else {
-				existingMF = &dto.MetricFamily{}
-				existingMF.Name = mf.Name
-				existingMF.Help = mf.Help
-				existingMF.Type = mf.Type
-				if err := checkSuffixCollisions(existingMF, metricFamiliesByName); err != nil {
-					errs = append(errs, err)
-					continue
-				}
-				metricFamiliesByName[mf.GetName()] = existingMF
-			}
-			for _, m := range mf.Metric {
-				if err := checkMetricConsistency(existingMF, m, metricHashes); err != nil {
-					errs = append(errs, err)
-					continue
-				}
-				existingMF.Metric = append(existingMF.Metric, m)
-			}
-		}
-	}
-	return internal.NormalizeMetricFamilies(metricFamiliesByName), errs.MaybeUnwrap()
-}
-
-// checkSuffixCollisions checks for collisions with the “magic� suffixes the
-// Prometheus text format and the internal metric representation of the
-// Prometheus server add while flattening Summaries and Histograms.
-func checkSuffixCollisions(mf *dto.MetricFamily, mfs map[string]*dto.MetricFamily) error {
-	var (
-		newName              = mf.GetName()
-		newType              = mf.GetType()
-		newNameWithoutSuffix = ""
-	)
-	switch {
-	case strings.HasSuffix(newName, "_count"):
-		newNameWithoutSuffix = newName[:len(newName)-6]
-	case strings.HasSuffix(newName, "_sum"):
-		newNameWithoutSuffix = newName[:len(newName)-4]
-	case strings.HasSuffix(newName, "_bucket"):
-		newNameWithoutSuffix = newName[:len(newName)-7]
-	}
-	if newNameWithoutSuffix != "" {
-		if existingMF, ok := mfs[newNameWithoutSuffix]; ok {
-			switch existingMF.GetType() {
-			case dto.MetricType_SUMMARY:
-				if !strings.HasSuffix(newName, "_bucket") {
-					return fmt.Errorf(
-						"collected metric named %q collides with previously collected summary named %q",
-						newName, newNameWithoutSuffix,
-					)
-				}
-			case dto.MetricType_HISTOGRAM:
-				return fmt.Errorf(
-					"collected metric named %q collides with previously collected histogram named %q",
-					newName, newNameWithoutSuffix,
-				)
-			}
-		}
-	}
-	if newType == dto.MetricType_SUMMARY || newType == dto.MetricType_HISTOGRAM {
-		if _, ok := mfs[newName+"_count"]; ok {
-			return fmt.Errorf(
-				"collected histogram or summary named %q collides with previously collected metric named %q",
-				newName, newName+"_count",
-			)
-		}
-		if _, ok := mfs[newName+"_sum"]; ok {
-			return fmt.Errorf(
-				"collected histogram or summary named %q collides with previously collected metric named %q",
-				newName, newName+"_sum",
-			)
-		}
-	}
-	if newType == dto.MetricType_HISTOGRAM {
-		if _, ok := mfs[newName+"_bucket"]; ok {
-			return fmt.Errorf(
-				"collected histogram named %q collides with previously collected metric named %q",
-				newName, newName+"_bucket",
-			)
-		}
-	}
-	return nil
-}
-
-// checkMetricConsistency checks if the provided Metric is consistent with the
-// provided MetricFamily. It also hashes the Metric labels and the MetricFamily
-// name. If the resulting hash is already in the provided metricHashes, an error
-// is returned. If not, it is added to metricHashes.
-func checkMetricConsistency(
-	metricFamily *dto.MetricFamily,
-	dtoMetric *dto.Metric,
-	metricHashes map[uint64]struct{},
-) error {
-	name := metricFamily.GetName()
-
-	// Type consistency with metric family.
-	if metricFamily.GetType() == dto.MetricType_GAUGE && dtoMetric.Gauge == nil ||
-		metricFamily.GetType() == dto.MetricType_COUNTER && dtoMetric.Counter == nil ||
-		metricFamily.GetType() == dto.MetricType_SUMMARY && dtoMetric.Summary == nil ||
-		metricFamily.GetType() == dto.MetricType_HISTOGRAM && dtoMetric.Histogram == nil ||
-		metricFamily.GetType() == dto.MetricType_UNTYPED && dtoMetric.Untyped == nil {
-		return fmt.Errorf(
-			"collected metric %q { %s} is not a %s",
-			name, dtoMetric, metricFamily.GetType(),
-		)
-	}
-
-	previousLabelName := ""
-	for _, labelPair := range dtoMetric.GetLabel() {
-		labelName := labelPair.GetName()
-		if labelName == previousLabelName {
-			return fmt.Errorf(
-				"collected metric %q { %s} has two or more labels with the same name: %s",
-				name, dtoMetric, labelName,
-			)
-		}
-		if !checkLabelName(labelName) {
-			return fmt.Errorf(
-				"collected metric %q { %s} has a label with an invalid name: %s",
-				name, dtoMetric, labelName,
-			)
-		}
-		if dtoMetric.Summary != nil && labelName == quantileLabel {
-			return fmt.Errorf(
-				"collected metric %q { %s} must not have an explicit %q label",
-				name, dtoMetric, quantileLabel,
-			)
-		}
-		if !utf8.ValidString(labelPair.GetValue()) {
-			return fmt.Errorf(
-				"collected metric %q { %s} has a label named %q whose value is not utf8: %#v",
-				name, dtoMetric, labelName, labelPair.GetValue())
-		}
-		previousLabelName = labelName
-	}
-
-	// Is the metric unique (i.e. no other metric with the same name and the same labels)?
-	h := xxhash.New()
-	h.WriteString(name)
-	h.Write(separatorByteSlice)
-	// Make sure label pairs are sorted. We depend on it for the consistency
-	// check.
-	if !sort.IsSorted(labelPairSorter(dtoMetric.Label)) {
-		// We cannot sort dtoMetric.Label in place as it is immutable by contract.
-		copiedLabels := make([]*dto.LabelPair, len(dtoMetric.Label))
-		copy(copiedLabels, dtoMetric.Label)
-		sort.Sort(labelPairSorter(copiedLabels))
-		dtoMetric.Label = copiedLabels
-	}
-	for _, lp := range dtoMetric.Label {
-		h.WriteString(lp.GetName())
-		h.Write(separatorByteSlice)
-		h.WriteString(lp.GetValue())
-		h.Write(separatorByteSlice)
-	}
-	hSum := h.Sum64()
-	if _, exists := metricHashes[hSum]; exists {
-		return fmt.Errorf(
-			"collected metric %q { %s} was collected before with the same name and label values",
-			name, dtoMetric,
-		)
-	}
-	metricHashes[hSum] = struct{}{}
-	return nil
-}
-
-func checkDescConsistency(
-	metricFamily *dto.MetricFamily,
-	dtoMetric *dto.Metric,
-	desc *Desc,
-) error {
-	// Desc help consistency with metric family help.
-	if metricFamily.GetHelp() != desc.help {
-		return fmt.Errorf(
-			"collected metric %s %s has help %q but should have %q",
-			metricFamily.GetName(), dtoMetric, metricFamily.GetHelp(), desc.help,
-		)
-	}
-
-	// Is the desc consistent with the content of the metric?
-	lpsFromDesc := make([]*dto.LabelPair, len(desc.constLabelPairs), len(dtoMetric.Label))
-	copy(lpsFromDesc, desc.constLabelPairs)
-	for _, l := range desc.variableLabels {
-		lpsFromDesc = append(lpsFromDesc, &dto.LabelPair{
-			Name: proto.String(l),
-		})
-	}
-	if len(lpsFromDesc) != len(dtoMetric.Label) {
-		return fmt.Errorf(
-			"labels in collected metric %s %s are inconsistent with descriptor %s",
-			metricFamily.GetName(), dtoMetric, desc,
-		)
-	}
-	sort.Sort(labelPairSorter(lpsFromDesc))
-	for i, lpFromDesc := range lpsFromDesc {
-		lpFromMetric := dtoMetric.Label[i]
-		if lpFromDesc.GetName() != lpFromMetric.GetName() ||
-			lpFromDesc.Value != nil && lpFromDesc.GetValue() != lpFromMetric.GetValue() {
-			return fmt.Errorf(
-				"labels in collected metric %s %s are inconsistent with descriptor %s",
-				metricFamily.GetName(), dtoMetric, desc,
-			)
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
deleted file mode 100644
index c5fa8ed7c..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go
+++ /dev/null
@@ -1,744 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"fmt"
-	"math"
-	"runtime"
-	"sort"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"github.com/beorn7/perks/quantile"
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// quantileLabel is used for the label that defines the quantile in a
-// summary.
-const quantileLabel = "quantile"
-
-// A Summary captures individual observations from an event or sample stream and
-// summarizes them in a manner similar to traditional summary statistics: 1. sum
-// of observations, 2. observation count, 3. rank estimations.
-//
-// A typical use-case is the observation of request latencies. By default, a
-// Summary provides the median, the 90th and the 99th percentile of the latency
-// as rank estimations. However, the default behavior will change in the
-// upcoming v1.0.0 of the library. There will be no rank estimations at all by
-// default. For a sane transition, it is recommended to set the desired rank
-// estimations explicitly.
-//
-// Note that the rank estimations cannot be aggregated in a meaningful way with
-// the Prometheus query language (i.e. you cannot average or add them). If you
-// need aggregatable quantiles (e.g. you want the 99th percentile latency of all
-// queries served across all instances of a service), consider the Histogram
-// metric type. See the Prometheus documentation for more details.
-//
-// To create Summary instances, use NewSummary.
-type Summary interface {
-	Metric
-	Collector
-
-	// Observe adds a single observation to the summary. Observations are
-	// usually positive or zero. Negative observations are accepted but
-	// prevent current versions of Prometheus from properly detecting
-	// counter resets in the sum of observations. See
-	// https://prometheus.io/docs/practices/histograms/#count-and-sum-of-observations
-	// for details.
-	Observe(float64)
-}
-
-var errQuantileLabelNotAllowed = fmt.Errorf(
-	"%q is not allowed as label name in summaries", quantileLabel,
-)
-
-// Default values for SummaryOpts.
-const (
-	// DefMaxAge is the default duration for which observations stay
-	// relevant.
-	DefMaxAge time.Duration = 10 * time.Minute
-	// DefAgeBuckets is the default number of buckets used to calculate the
-	// age of observations.
-	DefAgeBuckets = 5
-	// DefBufCap is the standard buffer size for collecting Summary observations.
-	DefBufCap = 500
-)
-
-// SummaryOpts bundles the options for creating a Summary metric. It is
-// mandatory to set Name to a non-empty string. While all other fields are
-// optional and can safely be left at their zero value, it is recommended to set
-// a help string and to explicitly set the Objectives field to the desired value
-// as the default value will change in the upcoming v1.0.0 of the library.
-type SummaryOpts struct {
-	// Namespace, Subsystem, and Name are components of the fully-qualified
-	// name of the Summary (created by joining these components with
-	// "_"). Only Name is mandatory, the others merely help structuring the
-	// name. Note that the fully-qualified name of the Summary must be a
-	// valid Prometheus metric name.
-	Namespace string
-	Subsystem string
-	Name      string
-
-	// Help provides information about this Summary.
-	//
-	// Metrics with the same fully-qualified name must have the same Help
-	// string.
-	Help string
-
-	// ConstLabels are used to attach fixed labels to this metric. Metrics
-	// with the same fully-qualified name must have the same label names in
-	// their ConstLabels.
-	//
-	// Due to the way a Summary is represented in the Prometheus text format
-	// and how it is handled by the Prometheus server internally, “quantile�
-	// is an illegal label name. Construction of a Summary or SummaryVec
-	// will panic if this label name is used in ConstLabels.
-	//
-	// ConstLabels are only used rarely. In particular, do not use them to
-	// attach the same labels to all your metrics. Those use cases are
-	// better covered by target labels set by the scraping Prometheus
-	// server, or by one specific metric (e.g. a build_info or a
-	// machine_role metric). See also
-	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
-	ConstLabels Labels
-
-	// Objectives defines the quantile rank estimates with their respective
-	// absolute error. If Objectives[q] = e, then the value reported for q
-	// will be the φ-quantile value for some φ between q-e and q+e.  The
-	// default value is an empty map, resulting in a summary without
-	// quantiles.
-	Objectives map[float64]float64
-
-	// MaxAge defines the duration for which an observation stays relevant
-	// for the summary. Only applies to pre-calculated quantiles, does not
-	// apply to _sum and _count. Must be positive. The default value is
-	// DefMaxAge.
-	MaxAge time.Duration
-
-	// AgeBuckets is the number of buckets used to exclude observations that
-	// are older than MaxAge from the summary. A higher number has a
-	// resource penalty, so only increase it if the higher resolution is
-	// really required. For very high observation rates, you might want to
-	// reduce the number of age buckets. With only one age bucket, you will
-	// effectively see a complete reset of the summary each time MaxAge has
-	// passed. The default value is DefAgeBuckets.
-	AgeBuckets uint32
-
-	// BufCap defines the default sample stream buffer size.  The default
-	// value of DefBufCap should suffice for most uses. If there is a need
-	// to increase the value, a multiple of 500 is recommended (because that
-	// is the internal buffer size of the underlying package
-	// "github.com/bmizerany/perks/quantile").
-	BufCap uint32
-}
-
-// Problem with the sliding-window decay algorithm... The Merge method of
-// perk/quantile is actually not working as advertised - and it might be
-// unfixable, as the underlying algorithm is apparently not capable of merging
-// summaries in the first place. To avoid using Merge, we are currently adding
-// observations to _each_ age bucket, i.e. the effort to add a sample is
-// essentially multiplied by the number of age buckets. When rotating age
-// buckets, we empty the previous head stream. On scrape time, we simply take
-// the quantiles from the head stream (no merging required). Result: More effort
-// on observation time, less effort on scrape time, which is exactly the
-// opposite of what we try to accomplish, but at least the results are correct.
-//
-// The quite elegant previous contraption to merge the age buckets efficiently
-// on scrape time (see code up commit 6b9530d72ea715f0ba612c0120e6e09fbf1d49d0)
-// can't be used anymore.
-
-// NewSummary creates a new Summary based on the provided SummaryOpts.
-func NewSummary(opts SummaryOpts) Summary {
-	return newSummary(
-		NewDesc(
-			BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-			opts.Help,
-			nil,
-			opts.ConstLabels,
-		),
-		opts,
-	)
-}
-
-func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, labelValues))
-	}
-
-	for _, n := range desc.variableLabels {
-		if n == quantileLabel {
-			panic(errQuantileLabelNotAllowed)
-		}
-	}
-	for _, lp := range desc.constLabelPairs {
-		if lp.GetName() == quantileLabel {
-			panic(errQuantileLabelNotAllowed)
-		}
-	}
-
-	if opts.Objectives == nil {
-		opts.Objectives = map[float64]float64{}
-	}
-
-	if opts.MaxAge < 0 {
-		panic(fmt.Errorf("illegal max age MaxAge=%v", opts.MaxAge))
-	}
-	if opts.MaxAge == 0 {
-		opts.MaxAge = DefMaxAge
-	}
-
-	if opts.AgeBuckets == 0 {
-		opts.AgeBuckets = DefAgeBuckets
-	}
-
-	if opts.BufCap == 0 {
-		opts.BufCap = DefBufCap
-	}
-
-	if len(opts.Objectives) == 0 {
-		// Use the lock-free implementation of a Summary without objectives.
-		s := &noObjectivesSummary{
-			desc:       desc,
-			labelPairs: MakeLabelPairs(desc, labelValues),
-			counts:     [2]*summaryCounts{{}, {}},
-		}
-		s.init(s) // Init self-collection.
-		return s
-	}
-
-	s := &summary{
-		desc: desc,
-
-		objectives:       opts.Objectives,
-		sortedObjectives: make([]float64, 0, len(opts.Objectives)),
-
-		labelPairs: MakeLabelPairs(desc, labelValues),
-
-		hotBuf:         make([]float64, 0, opts.BufCap),
-		coldBuf:        make([]float64, 0, opts.BufCap),
-		streamDuration: opts.MaxAge / time.Duration(opts.AgeBuckets),
-	}
-	s.headStreamExpTime = time.Now().Add(s.streamDuration)
-	s.hotBufExpTime = s.headStreamExpTime
-
-	for i := uint32(0); i < opts.AgeBuckets; i++ {
-		s.streams = append(s.streams, s.newStream())
-	}
-	s.headStream = s.streams[0]
-
-	for qu := range s.objectives {
-		s.sortedObjectives = append(s.sortedObjectives, qu)
-	}
-	sort.Float64s(s.sortedObjectives)
-
-	s.init(s) // Init self-collection.
-	return s
-}
-
-type summary struct {
-	selfCollector
-
-	bufMtx sync.Mutex // Protects hotBuf and hotBufExpTime.
-	mtx    sync.Mutex // Protects every other moving part.
-	// Lock bufMtx before mtx if both are needed.
-
-	desc *Desc
-
-	objectives       map[float64]float64
-	sortedObjectives []float64
-
-	labelPairs []*dto.LabelPair
-
-	sum float64
-	cnt uint64
-
-	hotBuf, coldBuf []float64
-
-	streams                          []*quantile.Stream
-	streamDuration                   time.Duration
-	headStream                       *quantile.Stream
-	headStreamIdx                    int
-	headStreamExpTime, hotBufExpTime time.Time
-}
-
-func (s *summary) Desc() *Desc {
-	return s.desc
-}
-
-func (s *summary) Observe(v float64) {
-	s.bufMtx.Lock()
-	defer s.bufMtx.Unlock()
-
-	now := time.Now()
-	if now.After(s.hotBufExpTime) {
-		s.asyncFlush(now)
-	}
-	s.hotBuf = append(s.hotBuf, v)
-	if len(s.hotBuf) == cap(s.hotBuf) {
-		s.asyncFlush(now)
-	}
-}
-
-func (s *summary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
-	qs := make([]*dto.Quantile, 0, len(s.objectives))
-
-	s.bufMtx.Lock()
-	s.mtx.Lock()
-	// Swap bufs even if hotBuf is empty to set new hotBufExpTime.
-	s.swapBufs(time.Now())
-	s.bufMtx.Unlock()
-
-	s.flushColdBuf()
-	sum.SampleCount = proto.Uint64(s.cnt)
-	sum.SampleSum = proto.Float64(s.sum)
-
-	for _, rank := range s.sortedObjectives {
-		var q float64
-		if s.headStream.Count() == 0 {
-			q = math.NaN()
-		} else {
-			q = s.headStream.Query(rank)
-		}
-		qs = append(qs, &dto.Quantile{
-			Quantile: proto.Float64(rank),
-			Value:    proto.Float64(q),
-		})
-	}
-
-	s.mtx.Unlock()
-
-	if len(qs) > 0 {
-		sort.Sort(quantSort(qs))
-	}
-	sum.Quantile = qs
-
-	out.Summary = sum
-	out.Label = s.labelPairs
-	return nil
-}
-
-func (s *summary) newStream() *quantile.Stream {
-	return quantile.NewTargeted(s.objectives)
-}
-
-// asyncFlush needs bufMtx locked.
-func (s *summary) asyncFlush(now time.Time) {
-	s.mtx.Lock()
-	s.swapBufs(now)
-
-	// Unblock the original goroutine that was responsible for the mutation
-	// that triggered the compaction.  But hold onto the global non-buffer
-	// state mutex until the operation finishes.
-	go func() {
-		s.flushColdBuf()
-		s.mtx.Unlock()
-	}()
-}
-
-// rotateStreams needs mtx AND bufMtx locked.
-func (s *summary) maybeRotateStreams() {
-	for !s.hotBufExpTime.Equal(s.headStreamExpTime) {
-		s.headStream.Reset()
-		s.headStreamIdx++
-		if s.headStreamIdx >= len(s.streams) {
-			s.headStreamIdx = 0
-		}
-		s.headStream = s.streams[s.headStreamIdx]
-		s.headStreamExpTime = s.headStreamExpTime.Add(s.streamDuration)
-	}
-}
-
-// flushColdBuf needs mtx locked.
-func (s *summary) flushColdBuf() {
-	for _, v := range s.coldBuf {
-		for _, stream := range s.streams {
-			stream.Insert(v)
-		}
-		s.cnt++
-		s.sum += v
-	}
-	s.coldBuf = s.coldBuf[0:0]
-	s.maybeRotateStreams()
-}
-
-// swapBufs needs mtx AND bufMtx locked, coldBuf must be empty.
-func (s *summary) swapBufs(now time.Time) {
-	if len(s.coldBuf) != 0 {
-		panic("coldBuf is not empty")
-	}
-	s.hotBuf, s.coldBuf = s.coldBuf, s.hotBuf
-	// hotBuf is now empty and gets new expiration set.
-	for now.After(s.hotBufExpTime) {
-		s.hotBufExpTime = s.hotBufExpTime.Add(s.streamDuration)
-	}
-}
-
-type summaryCounts struct {
-	// sumBits contains the bits of the float64 representing the sum of all
-	// observations. sumBits and count have to go first in the struct to
-	// guarantee alignment for atomic operations.
-	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
-	sumBits uint64
-	count   uint64
-}
-
-type noObjectivesSummary struct {
-	// countAndHotIdx enables lock-free writes with use of atomic updates.
-	// The most significant bit is the hot index [0 or 1] of the count field
-	// below. Observe calls update the hot one. All remaining bits count the
-	// number of Observe calls. Observe starts by incrementing this counter,
-	// and finish by incrementing the count field in the respective
-	// summaryCounts, as a marker for completion.
-	//
-	// Calls of the Write method (which are non-mutating reads from the
-	// perspective of the summary) swap the hot–cold under the writeMtx
-	// lock. A cooldown is awaited (while locked) by comparing the number of
-	// observations with the initiation count. Once they match, then the
-	// last observation on the now cool one has completed. All cool fields must
-	// be merged into the new hot before releasing writeMtx.
-
-	// Fields with atomic access first! See alignment constraint:
-	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG
-	countAndHotIdx uint64
-
-	selfCollector
-	desc     *Desc
-	writeMtx sync.Mutex // Only used in the Write method.
-
-	// Two counts, one is "hot" for lock-free observations, the other is
-	// "cold" for writing out a dto.Metric. It has to be an array of
-	// pointers to guarantee 64bit alignment of the histogramCounts, see
-	// http://golang.org/pkg/sync/atomic/#pkg-note-BUG.
-	counts [2]*summaryCounts
-
-	labelPairs []*dto.LabelPair
-}
-
-func (s *noObjectivesSummary) Desc() *Desc {
-	return s.desc
-}
-
-func (s *noObjectivesSummary) Observe(v float64) {
-	// We increment h.countAndHotIdx so that the counter in the lower
-	// 63 bits gets incremented. At the same time, we get the new value
-	// back, which we can use to find the currently-hot counts.
-	n := atomic.AddUint64(&s.countAndHotIdx, 1)
-	hotCounts := s.counts[n>>63]
-
-	for {
-		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
-		newBits := math.Float64bits(math.Float64frombits(oldBits) + v)
-		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
-			break
-		}
-	}
-	// Increment count last as we take it as a signal that the observation
-	// is complete.
-	atomic.AddUint64(&hotCounts.count, 1)
-}
-
-func (s *noObjectivesSummary) Write(out *dto.Metric) error {
-	// For simplicity, we protect this whole method by a mutex. It is not in
-	// the hot path, i.e. Observe is called much more often than Write. The
-	// complication of making Write lock-free isn't worth it, if possible at
-	// all.
-	s.writeMtx.Lock()
-	defer s.writeMtx.Unlock()
-
-	// Adding 1<<63 switches the hot index (from 0 to 1 or from 1 to 0)
-	// without touching the count bits. See the struct comments for a full
-	// description of the algorithm.
-	n := atomic.AddUint64(&s.countAndHotIdx, 1<<63)
-	// count is contained unchanged in the lower 63 bits.
-	count := n & ((1 << 63) - 1)
-	// The most significant bit tells us which counts is hot. The complement
-	// is thus the cold one.
-	hotCounts := s.counts[n>>63]
-	coldCounts := s.counts[(^n)>>63]
-
-	// Await cooldown.
-	for count != atomic.LoadUint64(&coldCounts.count) {
-		runtime.Gosched() // Let observations get work done.
-	}
-
-	sum := &dto.Summary{
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
-	}
-
-	out.Summary = sum
-	out.Label = s.labelPairs
-
-	// Finally add all the cold counts to the new hot counts and reset the cold counts.
-	atomic.AddUint64(&hotCounts.count, count)
-	atomic.StoreUint64(&coldCounts.count, 0)
-	for {
-		oldBits := atomic.LoadUint64(&hotCounts.sumBits)
-		newBits := math.Float64bits(math.Float64frombits(oldBits) + sum.GetSampleSum())
-		if atomic.CompareAndSwapUint64(&hotCounts.sumBits, oldBits, newBits) {
-			atomic.StoreUint64(&coldCounts.sumBits, 0)
-			break
-		}
-	}
-	return nil
-}
-
-type quantSort []*dto.Quantile
-
-func (s quantSort) Len() int {
-	return len(s)
-}
-
-func (s quantSort) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-func (s quantSort) Less(i, j int) bool {
-	return s[i].GetQuantile() < s[j].GetQuantile()
-}
-
-// SummaryVec is a Collector that bundles a set of Summaries that all share the
-// same Desc, but have different values for their variable labels. This is used
-// if you want to count the same thing partitioned by various dimensions
-// (e.g. HTTP request latencies, partitioned by status code and method). Create
-// instances with NewSummaryVec.
-type SummaryVec struct {
-	*MetricVec
-}
-
-// NewSummaryVec creates a new SummaryVec based on the provided SummaryOpts and
-// partitioned by the given label names.
-//
-// Due to the way a Summary is represented in the Prometheus text format and how
-// it is handled by the Prometheus server internally, “quantile� is an illegal
-// label name. NewSummaryVec will panic if this label name is used.
-func NewSummaryVec(opts SummaryOpts, labelNames []string) *SummaryVec {
-	for _, ln := range labelNames {
-		if ln == quantileLabel {
-			panic(errQuantileLabelNotAllowed)
-		}
-	}
-	desc := NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		labelNames,
-		opts.ConstLabels,
-	)
-	return &SummaryVec{
-		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			return newSummary(desc, opts, lvs...)
-		}),
-	}
-}
-
-// GetMetricWithLabelValues returns the Summary for the given slice of label
-// values (same order as the variable labels in Desc). If that combination of
-// label values is accessed for the first time, a new Summary is created.
-//
-// It is possible to call this method without using the returned Summary to only
-// create the new Summary but leave it at its starting value, a Summary without
-// any observations.
-//
-// Keeping the Summary for later use is possible (and should be considered if
-// performance is critical), but keep in mind that Reset, DeleteLabelValues and
-// Delete can be used to delete the Summary from the SummaryVec. In that case,
-// the Summary will still exist, but it will not be exported anymore, even if a
-// Summary with the same label values is created later. See also the CounterVec
-// example.
-//
-// An error is returned if the number of label values is not the same as the
-// number of variable labels in Desc (minus any curried labels).
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
-// an alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-// See also the GaugeVec example.
-func (v *SummaryVec) GetMetricWithLabelValues(lvs ...string) (Observer, error) {
-	metric, err := v.MetricVec.GetMetricWithLabelValues(lvs...)
-	if metric != nil {
-		return metric.(Observer), err
-	}
-	return nil, err
-}
-
-// GetMetricWith returns the Summary for the given Labels map (the label names
-// must match those of the variable labels in Desc). If that label map is
-// accessed for the first time, a new Summary is created. Implications of
-// creating a Summary without using it and keeping the Summary for later use are
-// the same as for GetMetricWithLabelValues.
-//
-// An error is returned if the number and names of the Labels are inconsistent
-// with those of the variable labels in Desc (minus any curried labels).
-//
-// This method is used for the same purpose as
-// GetMetricWithLabelValues(...string). See there for pros and cons of the two
-// methods.
-func (v *SummaryVec) GetMetricWith(labels Labels) (Observer, error) {
-	metric, err := v.MetricVec.GetMetricWith(labels)
-	if metric != nil {
-		return metric.(Observer), err
-	}
-	return nil, err
-}
-
-// WithLabelValues works as GetMetricWithLabelValues, but panics where
-// GetMetricWithLabelValues would have returned an error. Not returning an
-// error allows shortcuts like
-//     myVec.WithLabelValues("404", "GET").Observe(42.21)
-func (v *SummaryVec) WithLabelValues(lvs ...string) Observer {
-	s, err := v.GetMetricWithLabelValues(lvs...)
-	if err != nil {
-		panic(err)
-	}
-	return s
-}
-
-// With works as GetMetricWith, but panics where GetMetricWithLabels would have
-// returned an error. Not returning an error allows shortcuts like
-//     myVec.With(prometheus.Labels{"code": "404", "method": "GET"}).Observe(42.21)
-func (v *SummaryVec) With(labels Labels) Observer {
-	s, err := v.GetMetricWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return s
-}
-
-// CurryWith returns a vector curried with the provided labels, i.e. the
-// returned vector has those labels pre-set for all labeled operations performed
-// on it. The cardinality of the curried vector is reduced accordingly. The
-// order of the remaining labels stays the same (just with the curried labels
-// taken out of the sequence – which is relevant for the
-// (GetMetric)WithLabelValues methods). It is possible to curry a curried
-// vector, but only with labels not yet used for currying before.
-//
-// The metrics contained in the SummaryVec are shared between the curried and
-// uncurried vectors. They are just accessed differently. Curried and uncurried
-// vectors behave identically in terms of collection. Only one must be
-// registered with a given registry (usually the uncurried version). The Reset
-// method deletes all metrics, even if called on a curried vector.
-func (v *SummaryVec) CurryWith(labels Labels) (ObserverVec, error) {
-	vec, err := v.MetricVec.CurryWith(labels)
-	if vec != nil {
-		return &SummaryVec{vec}, err
-	}
-	return nil, err
-}
-
-// MustCurryWith works as CurryWith but panics where CurryWith would have
-// returned an error.
-func (v *SummaryVec) MustCurryWith(labels Labels) ObserverVec {
-	vec, err := v.CurryWith(labels)
-	if err != nil {
-		panic(err)
-	}
-	return vec
-}
-
-type constSummary struct {
-	desc       *Desc
-	count      uint64
-	sum        float64
-	quantiles  map[float64]float64
-	labelPairs []*dto.LabelPair
-}
-
-func (s *constSummary) Desc() *Desc {
-	return s.desc
-}
-
-func (s *constSummary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
-	qs := make([]*dto.Quantile, 0, len(s.quantiles))
-
-	sum.SampleCount = proto.Uint64(s.count)
-	sum.SampleSum = proto.Float64(s.sum)
-
-	for rank, q := range s.quantiles {
-		qs = append(qs, &dto.Quantile{
-			Quantile: proto.Float64(rank),
-			Value:    proto.Float64(q),
-		})
-	}
-
-	if len(qs) > 0 {
-		sort.Sort(quantSort(qs))
-	}
-	sum.Quantile = qs
-
-	out.Summary = sum
-	out.Label = s.labelPairs
-
-	return nil
-}
-
-// NewConstSummary returns a metric representing a Prometheus summary with fixed
-// values for the count, sum, and quantiles. As those parameters cannot be
-// changed, the returned value does not implement the Summary interface (but
-// only the Metric interface). Users of this package will not have much use for
-// it in regular operations. However, when implementing custom Collectors, it is
-// useful as a throw-away metric that is generated on the fly to send it to
-// Prometheus in the Collect method.
-//
-// quantiles maps ranks to quantile values. For example, a median latency of
-// 0.23s and a 99th percentile latency of 0.56s would be expressed as:
-//     map[float64]float64{0.5: 0.23, 0.99: 0.56}
-//
-// NewConstSummary returns an error if the length of labelValues is not
-// consistent with the variable labels in Desc or if Desc is invalid.
-func NewConstSummary(
-	desc *Desc,
-	count uint64,
-	sum float64,
-	quantiles map[float64]float64,
-	labelValues ...string,
-) (Metric, error) {
-	if desc.err != nil {
-		return nil, desc.err
-	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
-		return nil, err
-	}
-	return &constSummary{
-		desc:       desc,
-		count:      count,
-		sum:        sum,
-		quantiles:  quantiles,
-		labelPairs: MakeLabelPairs(desc, labelValues),
-	}, nil
-}
-
-// MustNewConstSummary is a version of NewConstSummary that panics where
-// NewConstMetric would have returned an error.
-func MustNewConstSummary(
-	desc *Desc,
-	count uint64,
-	sum float64,
-	quantiles map[float64]float64,
-	labelValues ...string,
-) Metric {
-	m, err := NewConstSummary(desc, count, sum, quantiles, labelValues...)
-	if err != nil {
-		panic(err)
-	}
-	return m
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/timer.go b/vendor/github.com/prometheus/client_golang/prometheus/timer.go
deleted file mode 100644
index 8d5f10523..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/timer.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2016 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import "time"
-
-// Timer is a helper type to time functions. Use NewTimer to create new
-// instances.
-type Timer struct {
-	begin    time.Time
-	observer Observer
-}
-
-// NewTimer creates a new Timer. The provided Observer is used to observe a
-// duration in seconds. Timer is usually used to time a function call in the
-// following way:
-//    func TimeMe() {
-//        timer := NewTimer(myHistogram)
-//        defer timer.ObserveDuration()
-//        // Do actual work.
-//    }
-func NewTimer(o Observer) *Timer {
-	return &Timer{
-		begin:    time.Now(),
-		observer: o,
-	}
-}
-
-// ObserveDuration records the duration passed since the Timer was created with
-// NewTimer. It calls the Observe method of the Observer provided during
-// construction with the duration in seconds as an argument. The observed
-// duration is also returned. ObserveDuration is usually called with a defer
-// statement.
-//
-// Note that this method is only guaranteed to never observe negative durations
-// if used with Go1.9+.
-func (t *Timer) ObserveDuration() time.Duration {
-	d := time.Since(t.begin)
-	if t.observer != nil {
-		t.observer.Observe(d.Seconds())
-	}
-	return d
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/untyped.go b/vendor/github.com/prometheus/client_golang/prometheus/untyped.go
deleted file mode 100644
index 0f9ce63f4..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/untyped.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-// UntypedOpts is an alias for Opts. See there for doc comments.
-type UntypedOpts Opts
-
-// UntypedFunc works like GaugeFunc but the collected metric is of type
-// "Untyped". UntypedFunc is useful to mirror an external metric of unknown
-// type.
-//
-// To create UntypedFunc instances, use NewUntypedFunc.
-type UntypedFunc interface {
-	Metric
-	Collector
-}
-
-// NewUntypedFunc creates a new UntypedFunc based on the provided
-// UntypedOpts. The value reported is determined by calling the given function
-// from within the Write method. Take into account that metric collection may
-// happen concurrently. If that results in concurrent calls to Write, like in
-// the case where an UntypedFunc is directly registered with Prometheus, the
-// provided function must be concurrency-safe.
-func NewUntypedFunc(opts UntypedOpts, function func() float64) UntypedFunc {
-	return newValueFunc(NewDesc(
-		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
-		opts.Help,
-		nil,
-		opts.ConstLabels,
-	), UntypedValue, function)
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/value.go b/vendor/github.com/prometheus/client_golang/prometheus/value.go
deleted file mode 100644
index b4e0ae11c..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/value.go
+++ /dev/null
@@ -1,212 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"fmt"
-	"sort"
-	"time"
-	"unicode/utf8"
-
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"google.golang.org/protobuf/types/known/timestamppb"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// ValueType is an enumeration of metric types that represent a simple value.
-type ValueType int
-
-// Possible values for the ValueType enum. Use UntypedValue to mark a metric
-// with an unknown type.
-const (
-	_ ValueType = iota
-	CounterValue
-	GaugeValue
-	UntypedValue
-)
-
-// valueFunc is a generic metric for simple values retrieved on collect time
-// from a function. It implements Metric and Collector. Its effective type is
-// determined by ValueType. This is a low-level building block used by the
-// library to back the implementations of CounterFunc, GaugeFunc, and
-// UntypedFunc.
-type valueFunc struct {
-	selfCollector
-
-	desc       *Desc
-	valType    ValueType
-	function   func() float64
-	labelPairs []*dto.LabelPair
-}
-
-// newValueFunc returns a newly allocated valueFunc with the given Desc and
-// ValueType. The value reported is determined by calling the given function
-// from within the Write method. Take into account that metric collection may
-// happen concurrently. If that results in concurrent calls to Write, like in
-// the case where a valueFunc is directly registered with Prometheus, the
-// provided function must be concurrency-safe.
-func newValueFunc(desc *Desc, valueType ValueType, function func() float64) *valueFunc {
-	result := &valueFunc{
-		desc:       desc,
-		valType:    valueType,
-		function:   function,
-		labelPairs: MakeLabelPairs(desc, nil),
-	}
-	result.init(result)
-	return result
-}
-
-func (v *valueFunc) Desc() *Desc {
-	return v.desc
-}
-
-func (v *valueFunc) Write(out *dto.Metric) error {
-	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out)
-}
-
-// NewConstMetric returns a metric with one fixed value that cannot be
-// changed. Users of this package will not have much use for it in regular
-// operations. However, when implementing custom Collectors, it is useful as a
-// throw-away metric that is generated on the fly to send it to Prometheus in
-// the Collect method. NewConstMetric returns an error if the length of
-// labelValues is not consistent with the variable labels in Desc or if Desc is
-// invalid.
-func NewConstMetric(desc *Desc, valueType ValueType, value float64, labelValues ...string) (Metric, error) {
-	if desc.err != nil {
-		return nil, desc.err
-	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
-		return nil, err
-	}
-	return &constMetric{
-		desc:       desc,
-		valType:    valueType,
-		val:        value,
-		labelPairs: MakeLabelPairs(desc, labelValues),
-	}, nil
-}
-
-// MustNewConstMetric is a version of NewConstMetric that panics where
-// NewConstMetric would have returned an error.
-func MustNewConstMetric(desc *Desc, valueType ValueType, value float64, labelValues ...string) Metric {
-	m, err := NewConstMetric(desc, valueType, value, labelValues...)
-	if err != nil {
-		panic(err)
-	}
-	return m
-}
-
-type constMetric struct {
-	desc       *Desc
-	valType    ValueType
-	val        float64
-	labelPairs []*dto.LabelPair
-}
-
-func (m *constMetric) Desc() *Desc {
-	return m.desc
-}
-
-func (m *constMetric) Write(out *dto.Metric) error {
-	return populateMetric(m.valType, m.val, m.labelPairs, nil, out)
-}
-
-func populateMetric(
-	t ValueType,
-	v float64,
-	labelPairs []*dto.LabelPair,
-	e *dto.Exemplar,
-	m *dto.Metric,
-) error {
-	m.Label = labelPairs
-	switch t {
-	case CounterValue:
-		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e}
-	case GaugeValue:
-		m.Gauge = &dto.Gauge{Value: proto.Float64(v)}
-	case UntypedValue:
-		m.Untyped = &dto.Untyped{Value: proto.Float64(v)}
-	default:
-		return fmt.Errorf("encountered unknown type %v", t)
-	}
-	return nil
-}
-
-// MakeLabelPairs is a helper function to create protobuf LabelPairs from the
-// variable and constant labels in the provided Desc. The values for the
-// variable labels are defined by the labelValues slice, which must be in the
-// same order as the corresponding variable labels in the Desc.
-//
-// This function is only needed for custom Metric implementations. See MetricVec
-// example.
-func MakeLabelPairs(desc *Desc, labelValues []string) []*dto.LabelPair {
-	totalLen := len(desc.variableLabels) + len(desc.constLabelPairs)
-	if totalLen == 0 {
-		// Super fast path.
-		return nil
-	}
-	if len(desc.variableLabels) == 0 {
-		// Moderately fast path.
-		return desc.constLabelPairs
-	}
-	labelPairs := make([]*dto.LabelPair, 0, totalLen)
-	for i, n := range desc.variableLabels {
-		labelPairs = append(labelPairs, &dto.LabelPair{
-			Name:  proto.String(n),
-			Value: proto.String(labelValues[i]),
-		})
-	}
-	labelPairs = append(labelPairs, desc.constLabelPairs...)
-	sort.Sort(labelPairSorter(labelPairs))
-	return labelPairs
-}
-
-// ExemplarMaxRunes is the max total number of runes allowed in exemplar labels.
-const ExemplarMaxRunes = 64
-
-// newExemplar creates a new dto.Exemplar from the provided values. An error is
-// returned if any of the label names or values are invalid or if the total
-// number of runes in the label names and values exceeds ExemplarMaxRunes.
-func newExemplar(value float64, ts time.Time, l Labels) (*dto.Exemplar, error) {
-	e := &dto.Exemplar{}
-	e.Value = proto.Float64(value)
-	tsProto := timestamppb.New(ts)
-	if err := tsProto.CheckValid(); err != nil {
-		return nil, err
-	}
-	e.Timestamp = tsProto
-	labelPairs := make([]*dto.LabelPair, 0, len(l))
-	var runes int
-	for name, value := range l {
-		if !checkLabelName(name) {
-			return nil, fmt.Errorf("exemplar label name %q is invalid", name)
-		}
-		runes += utf8.RuneCountInString(name)
-		if !utf8.ValidString(value) {
-			return nil, fmt.Errorf("exemplar label value %q is not valid UTF-8", value)
-		}
-		runes += utf8.RuneCountInString(value)
-		labelPairs = append(labelPairs, &dto.LabelPair{
-			Name:  proto.String(name),
-			Value: proto.String(value),
-		})
-	}
-	if runes > ExemplarMaxRunes {
-		return nil, fmt.Errorf("exemplar labels have %d runes, exceeding the limit of %d", runes, ExemplarMaxRunes)
-	}
-	e.Label = labelPairs
-	return e, nil
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vec.go b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
deleted file mode 100644
index 4ababe6c9..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/vec.go
+++ /dev/null
@@ -1,556 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"fmt"
-	"sync"
-
-	"github.com/prometheus/common/model"
-)
-
-// MetricVec is a Collector to bundle metrics of the same name that differ in
-// their label values. MetricVec is not used directly but as a building block
-// for implementations of vectors of a given metric type, like GaugeVec,
-// CounterVec, SummaryVec, and HistogramVec. It is exported so that it can be
-// used for custom Metric implementations.
-//
-// To create a FooVec for custom Metric Foo, embed a pointer to MetricVec in
-// FooVec and initialize it with NewMetricVec. Implement wrappers for
-// GetMetricWithLabelValues and GetMetricWith that return (Foo, error) rather
-// than (Metric, error). Similarly, create a wrapper for CurryWith that returns
-// (*FooVec, error) rather than (*MetricVec, error). It is recommended to also
-// add the convenience methods WithLabelValues, With, and MustCurryWith, which
-// panic instead of returning errors. See also the MetricVec example.
-type MetricVec struct {
-	*metricMap
-
-	curry []curriedLabelValue
-
-	// hashAdd and hashAddByte can be replaced for testing collision handling.
-	hashAdd     func(h uint64, s string) uint64
-	hashAddByte func(h uint64, b byte) uint64
-}
-
-// NewMetricVec returns an initialized metricVec.
-func NewMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *MetricVec {
-	return &MetricVec{
-		metricMap: &metricMap{
-			metrics:   map[uint64][]metricWithLabelValues{},
-			desc:      desc,
-			newMetric: newMetric,
-		},
-		hashAdd:     hashAdd,
-		hashAddByte: hashAddByte,
-	}
-}
-
-// DeleteLabelValues removes the metric where the variable labels are the same
-// as those passed in as labels (same order as the VariableLabels in Desc). It
-// returns true if a metric was deleted.
-//
-// It is not an error if the number of label values is not the same as the
-// number of VariableLabels in Desc. However, such inconsistent label count can
-// never match an actual metric, so the method will always return false in that
-// case.
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider Delete(Labels) as an
-// alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-// See also the CounterVec example.
-func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
-	h, err := m.hashLabelValues(lvs)
-	if err != nil {
-		return false
-	}
-
-	return m.metricMap.deleteByHashWithLabelValues(h, lvs, m.curry)
-}
-
-// Delete deletes the metric where the variable labels are the same as those
-// passed in as labels. It returns true if a metric was deleted.
-//
-// It is not an error if the number and names of the Labels are inconsistent
-// with those of the VariableLabels in Desc. However, such inconsistent Labels
-// can never match an actual metric, so the method will always return false in
-// that case.
-//
-// This method is used for the same purpose as DeleteLabelValues(...string). See
-// there for pros and cons of the two methods.
-func (m *MetricVec) Delete(labels Labels) bool {
-	h, err := m.hashLabels(labels)
-	if err != nil {
-		return false
-	}
-
-	return m.metricMap.deleteByHashWithLabels(h, labels, m.curry)
-}
-
-// Without explicit forwarding of Describe, Collect, Reset, those methods won't
-// show up in GoDoc.
-
-// Describe implements Collector.
-func (m *MetricVec) Describe(ch chan<- *Desc) { m.metricMap.Describe(ch) }
-
-// Collect implements Collector.
-func (m *MetricVec) Collect(ch chan<- Metric) { m.metricMap.Collect(ch) }
-
-// Reset deletes all metrics in this vector.
-func (m *MetricVec) Reset() { m.metricMap.Reset() }
-
-// CurryWith returns a vector curried with the provided labels, i.e. the
-// returned vector has those labels pre-set for all labeled operations performed
-// on it. The cardinality of the curried vector is reduced accordingly. The
-// order of the remaining labels stays the same (just with the curried labels
-// taken out of the sequence – which is relevant for the
-// (GetMetric)WithLabelValues methods). It is possible to curry a curried
-// vector, but only with labels not yet used for currying before.
-//
-// The metrics contained in the MetricVec are shared between the curried and
-// uncurried vectors. They are just accessed differently. Curried and uncurried
-// vectors behave identically in terms of collection. Only one must be
-// registered with a given registry (usually the uncurried version). The Reset
-// method deletes all metrics, even if called on a curried vector.
-//
-// Note that CurryWith is usually not called directly but through a wrapper
-// around MetricVec, implementing a vector for a specific Metric
-// implementation, for example GaugeVec.
-func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
-	var (
-		newCurry []curriedLabelValue
-		oldCurry = m.curry
-		iCurry   int
-	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label]
-		if iCurry < len(oldCurry) && oldCurry[iCurry].index == i {
-			if ok {
-				return nil, fmt.Errorf("label name %q is already curried", label)
-			}
-			newCurry = append(newCurry, oldCurry[iCurry])
-			iCurry++
-		} else {
-			if !ok {
-				continue // Label stays uncurried.
-			}
-			newCurry = append(newCurry, curriedLabelValue{i, val})
-		}
-	}
-	if l := len(oldCurry) + len(labels) - len(newCurry); l > 0 {
-		return nil, fmt.Errorf("%d unknown label(s) found during currying", l)
-	}
-
-	return &MetricVec{
-		metricMap:   m.metricMap,
-		curry:       newCurry,
-		hashAdd:     m.hashAdd,
-		hashAddByte: m.hashAddByte,
-	}, nil
-}
-
-// GetMetricWithLabelValues returns the Metric for the given slice of label
-// values (same order as the variable labels in Desc). If that combination of
-// label values is accessed for the first time, a new Metric is created (by
-// calling the newMetric function provided during construction of the
-// MetricVec).
-//
-// It is possible to call this method without using the returned Metric to only
-// create the new Metric but leave it in its initial state.
-//
-// Keeping the Metric for later use is possible (and should be considered if
-// performance is critical), but keep in mind that Reset, DeleteLabelValues and
-// Delete can be used to delete the Metric from the MetricVec. In that case, the
-// Metric will still exist, but it will not be exported anymore, even if a
-// Metric with the same label values is created later.
-//
-// An error is returned if the number of label values is not the same as the
-// number of variable labels in Desc (minus any curried labels).
-//
-// Note that for more than one label value, this method is prone to mistakes
-// caused by an incorrect order of arguments. Consider GetMetricWith(Labels) as
-// an alternative to avoid that type of mistake. For higher label numbers, the
-// latter has a much more readable (albeit more verbose) syntax, but it comes
-// with a performance overhead (for creating and processing the Labels map).
-//
-// Note that GetMetricWithLabelValues is usually not called directly but through
-// a wrapper around MetricVec, implementing a vector for a specific Metric
-// implementation, for example GaugeVec.
-func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) {
-	h, err := m.hashLabelValues(lvs)
-	if err != nil {
-		return nil, err
-	}
-
-	return m.metricMap.getOrCreateMetricWithLabelValues(h, lvs, m.curry), nil
-}
-
-// GetMetricWith returns the Metric for the given Labels map (the label names
-// must match those of the variable labels in Desc). If that label map is
-// accessed for the first time, a new Metric is created. Implications of
-// creating a Metric without using it and keeping the Metric for later use
-// are the same as for GetMetricWithLabelValues.
-//
-// An error is returned if the number and names of the Labels are inconsistent
-// with those of the variable labels in Desc (minus any curried labels).
-//
-// This method is used for the same purpose as
-// GetMetricWithLabelValues(...string). See there for pros and cons of the two
-// methods.
-//
-// Note that GetMetricWith is usually not called directly but through a wrapper
-// around MetricVec, implementing a vector for a specific Metric implementation,
-// for example GaugeVec.
-func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
-	h, err := m.hashLabels(labels)
-	if err != nil {
-		return nil, err
-	}
-
-	return m.metricMap.getOrCreateMetricWithLabels(h, labels, m.curry), nil
-}
-
-func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
-	if err := validateLabelValues(vals, len(m.desc.variableLabels)-len(m.curry)); err != nil {
-		return 0, err
-	}
-
-	var (
-		h             = hashNew()
-		curry         = m.curry
-		iVals, iCurry int
-	)
-	for i := 0; i < len(m.desc.variableLabels); i++ {
-		if iCurry < len(curry) && curry[iCurry].index == i {
-			h = m.hashAdd(h, curry[iCurry].value)
-			iCurry++
-		} else {
-			h = m.hashAdd(h, vals[iVals])
-			iVals++
-		}
-		h = m.hashAddByte(h, model.SeparatorByte)
-	}
-	return h, nil
-}
-
-func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
-	if err := validateValuesInLabels(labels, len(m.desc.variableLabels)-len(m.curry)); err != nil {
-		return 0, err
-	}
-
-	var (
-		h      = hashNew()
-		curry  = m.curry
-		iCurry int
-	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label]
-		if iCurry < len(curry) && curry[iCurry].index == i {
-			if ok {
-				return 0, fmt.Errorf("label name %q is already curried", label)
-			}
-			h = m.hashAdd(h, curry[iCurry].value)
-			iCurry++
-		} else {
-			if !ok {
-				return 0, fmt.Errorf("label name %q missing in label map", label)
-			}
-			h = m.hashAdd(h, val)
-		}
-		h = m.hashAddByte(h, model.SeparatorByte)
-	}
-	return h, nil
-}
-
-// metricWithLabelValues provides the metric and its label values for
-// disambiguation on hash collision.
-type metricWithLabelValues struct {
-	values []string
-	metric Metric
-}
-
-// curriedLabelValue sets the curried value for a label at the given index.
-type curriedLabelValue struct {
-	index int
-	value string
-}
-
-// metricMap is a helper for metricVec and shared between differently curried
-// metricVecs.
-type metricMap struct {
-	mtx       sync.RWMutex // Protects metrics.
-	metrics   map[uint64][]metricWithLabelValues
-	desc      *Desc
-	newMetric func(labelValues ...string) Metric
-}
-
-// Describe implements Collector. It will send exactly one Desc to the provided
-// channel.
-func (m *metricMap) Describe(ch chan<- *Desc) {
-	ch <- m.desc
-}
-
-// Collect implements Collector.
-func (m *metricMap) Collect(ch chan<- Metric) {
-	m.mtx.RLock()
-	defer m.mtx.RUnlock()
-
-	for _, metrics := range m.metrics {
-		for _, metric := range metrics {
-			ch <- metric.metric
-		}
-	}
-}
-
-// Reset deletes all metrics in this vector.
-func (m *metricMap) Reset() {
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-
-	for h := range m.metrics {
-		delete(m.metrics, h)
-	}
-}
-
-// deleteByHashWithLabelValues removes the metric from the hash bucket h. If
-// there are multiple matches in the bucket, use lvs to select a metric and
-// remove only that metric.
-func (m *metricMap) deleteByHashWithLabelValues(
-	h uint64, lvs []string, curry []curriedLabelValue,
-) bool {
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-
-	metrics, ok := m.metrics[h]
-	if !ok {
-		return false
-	}
-
-	i := findMetricWithLabelValues(metrics, lvs, curry)
-	if i >= len(metrics) {
-		return false
-	}
-
-	if len(metrics) > 1 {
-		old := metrics
-		m.metrics[h] = append(metrics[:i], metrics[i+1:]...)
-		old[len(old)-1] = metricWithLabelValues{}
-	} else {
-		delete(m.metrics, h)
-	}
-	return true
-}
-
-// deleteByHashWithLabels removes the metric from the hash bucket h. If there
-// are multiple matches in the bucket, use lvs to select a metric and remove
-// only that metric.
-func (m *metricMap) deleteByHashWithLabels(
-	h uint64, labels Labels, curry []curriedLabelValue,
-) bool {
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-
-	metrics, ok := m.metrics[h]
-	if !ok {
-		return false
-	}
-	i := findMetricWithLabels(m.desc, metrics, labels, curry)
-	if i >= len(metrics) {
-		return false
-	}
-
-	if len(metrics) > 1 {
-		old := metrics
-		m.metrics[h] = append(metrics[:i], metrics[i+1:]...)
-		old[len(old)-1] = metricWithLabelValues{}
-	} else {
-		delete(m.metrics, h)
-	}
-	return true
-}
-
-// getOrCreateMetricWithLabelValues retrieves the metric by hash and label value
-// or creates it and returns the new one.
-//
-// This function holds the mutex.
-func (m *metricMap) getOrCreateMetricWithLabelValues(
-	hash uint64, lvs []string, curry []curriedLabelValue,
-) Metric {
-	m.mtx.RLock()
-	metric, ok := m.getMetricWithHashAndLabelValues(hash, lvs, curry)
-	m.mtx.RUnlock()
-	if ok {
-		return metric
-	}
-
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-	metric, ok = m.getMetricWithHashAndLabelValues(hash, lvs, curry)
-	if !ok {
-		inlinedLVs := inlineLabelValues(lvs, curry)
-		metric = m.newMetric(inlinedLVs...)
-		m.metrics[hash] = append(m.metrics[hash], metricWithLabelValues{values: inlinedLVs, metric: metric})
-	}
-	return metric
-}
-
-// getOrCreateMetricWithLabelValues retrieves the metric by hash and label value
-// or creates it and returns the new one.
-//
-// This function holds the mutex.
-func (m *metricMap) getOrCreateMetricWithLabels(
-	hash uint64, labels Labels, curry []curriedLabelValue,
-) Metric {
-	m.mtx.RLock()
-	metric, ok := m.getMetricWithHashAndLabels(hash, labels, curry)
-	m.mtx.RUnlock()
-	if ok {
-		return metric
-	}
-
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-	metric, ok = m.getMetricWithHashAndLabels(hash, labels, curry)
-	if !ok {
-		lvs := extractLabelValues(m.desc, labels, curry)
-		metric = m.newMetric(lvs...)
-		m.metrics[hash] = append(m.metrics[hash], metricWithLabelValues{values: lvs, metric: metric})
-	}
-	return metric
-}
-
-// getMetricWithHashAndLabelValues gets a metric while handling possible
-// collisions in the hash space. Must be called while holding the read mutex.
-func (m *metricMap) getMetricWithHashAndLabelValues(
-	h uint64, lvs []string, curry []curriedLabelValue,
-) (Metric, bool) {
-	metrics, ok := m.metrics[h]
-	if ok {
-		if i := findMetricWithLabelValues(metrics, lvs, curry); i < len(metrics) {
-			return metrics[i].metric, true
-		}
-	}
-	return nil, false
-}
-
-// getMetricWithHashAndLabels gets a metric while handling possible collisions in
-// the hash space. Must be called while holding read mutex.
-func (m *metricMap) getMetricWithHashAndLabels(
-	h uint64, labels Labels, curry []curriedLabelValue,
-) (Metric, bool) {
-	metrics, ok := m.metrics[h]
-	if ok {
-		if i := findMetricWithLabels(m.desc, metrics, labels, curry); i < len(metrics) {
-			return metrics[i].metric, true
-		}
-	}
-	return nil, false
-}
-
-// findMetricWithLabelValues returns the index of the matching metric or
-// len(metrics) if not found.
-func findMetricWithLabelValues(
-	metrics []metricWithLabelValues, lvs []string, curry []curriedLabelValue,
-) int {
-	for i, metric := range metrics {
-		if matchLabelValues(metric.values, lvs, curry) {
-			return i
-		}
-	}
-	return len(metrics)
-}
-
-// findMetricWithLabels returns the index of the matching metric or len(metrics)
-// if not found.
-func findMetricWithLabels(
-	desc *Desc, metrics []metricWithLabelValues, labels Labels, curry []curriedLabelValue,
-) int {
-	for i, metric := range metrics {
-		if matchLabels(desc, metric.values, labels, curry) {
-			return i
-		}
-	}
-	return len(metrics)
-}
-
-func matchLabelValues(values []string, lvs []string, curry []curriedLabelValue) bool {
-	if len(values) != len(lvs)+len(curry) {
-		return false
-	}
-	var iLVs, iCurry int
-	for i, v := range values {
-		if iCurry < len(curry) && curry[iCurry].index == i {
-			if v != curry[iCurry].value {
-				return false
-			}
-			iCurry++
-			continue
-		}
-		if v != lvs[iLVs] {
-			return false
-		}
-		iLVs++
-	}
-	return true
-}
-
-func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabelValue) bool {
-	if len(values) != len(labels)+len(curry) {
-		return false
-	}
-	iCurry := 0
-	for i, k := range desc.variableLabels {
-		if iCurry < len(curry) && curry[iCurry].index == i {
-			if values[i] != curry[iCurry].value {
-				return false
-			}
-			iCurry++
-			continue
-		}
-		if values[i] != labels[k] {
-			return false
-		}
-	}
-	return true
-}
-
-func extractLabelValues(desc *Desc, labels Labels, curry []curriedLabelValue) []string {
-	labelValues := make([]string, len(labels)+len(curry))
-	iCurry := 0
-	for i, k := range desc.variableLabels {
-		if iCurry < len(curry) && curry[iCurry].index == i {
-			labelValues[i] = curry[iCurry].value
-			iCurry++
-			continue
-		}
-		labelValues[i] = labels[k]
-	}
-	return labelValues
-}
-
-func inlineLabelValues(lvs []string, curry []curriedLabelValue) []string {
-	labelValues := make([]string, len(lvs)+len(curry))
-	var iCurry, iLVs int
-	for i := range labelValues {
-		if iCurry < len(curry) && curry[iCurry].index == i {
-			labelValues[i] = curry[iCurry].value
-			iCurry++
-			continue
-		}
-		labelValues[i] = lvs[iLVs]
-		iLVs++
-	}
-	return labelValues
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/wrap.go b/vendor/github.com/prometheus/client_golang/prometheus/wrap.go
deleted file mode 100644
index 74ee93280..000000000
--- a/vendor/github.com/prometheus/client_golang/prometheus/wrap.go
+++ /dev/null
@@ -1,214 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package prometheus
-
-import (
-	"fmt"
-	"sort"
-
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// WrapRegistererWith returns a Registerer wrapping the provided
-// Registerer. Collectors registered with the returned Registerer will be
-// registered with the wrapped Registerer in a modified way. The modified
-// Collector adds the provided Labels to all Metrics it collects (as
-// ConstLabels). The Metrics collected by the unmodified Collector must not
-// duplicate any of those labels. Wrapping a nil value is valid, resulting
-// in a no-op Registerer.
-//
-// WrapRegistererWith provides a way to add fixed labels to a subset of
-// Collectors. It should not be used to add fixed labels to all metrics
-// exposed. See also
-// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
-//
-// Conflicts between Collectors registered through the original Registerer with
-// Collectors registered through the wrapping Registerer will still be
-// detected. Any AlreadyRegisteredError returned by the Register method of
-// either Registerer will contain the ExistingCollector in the form it was
-// provided to the respective registry.
-//
-// The Collector example demonstrates a use of WrapRegistererWith.
-func WrapRegistererWith(labels Labels, reg Registerer) Registerer {
-	return &wrappingRegisterer{
-		wrappedRegisterer: reg,
-		labels:            labels,
-	}
-}
-
-// WrapRegistererWithPrefix returns a Registerer wrapping the provided
-// Registerer. Collectors registered with the returned Registerer will be
-// registered with the wrapped Registerer in a modified way. The modified
-// Collector adds the provided prefix to the name of all Metrics it collects.
-// Wrapping a nil value is valid, resulting in a no-op Registerer.
-//
-// WrapRegistererWithPrefix is useful to have one place to prefix all metrics of
-// a sub-system. To make this work, register metrics of the sub-system with the
-// wrapping Registerer returned by WrapRegistererWithPrefix. It is rarely useful
-// to use the same prefix for all metrics exposed. In particular, do not prefix
-// metric names that are standardized across applications, as that would break
-// horizontal monitoring, for example the metrics provided by the Go collector
-// (see NewGoCollector) and the process collector (see NewProcessCollector). (In
-// fact, those metrics are already prefixed with “go_� or “process_�,
-// respectively.)
-//
-// Conflicts between Collectors registered through the original Registerer with
-// Collectors registered through the wrapping Registerer will still be
-// detected. Any AlreadyRegisteredError returned by the Register method of
-// either Registerer will contain the ExistingCollector in the form it was
-// provided to the respective registry.
-func WrapRegistererWithPrefix(prefix string, reg Registerer) Registerer {
-	return &wrappingRegisterer{
-		wrappedRegisterer: reg,
-		prefix:            prefix,
-	}
-}
-
-type wrappingRegisterer struct {
-	wrappedRegisterer Registerer
-	prefix            string
-	labels            Labels
-}
-
-func (r *wrappingRegisterer) Register(c Collector) error {
-	if r.wrappedRegisterer == nil {
-		return nil
-	}
-	return r.wrappedRegisterer.Register(&wrappingCollector{
-		wrappedCollector: c,
-		prefix:           r.prefix,
-		labels:           r.labels,
-	})
-}
-
-func (r *wrappingRegisterer) MustRegister(cs ...Collector) {
-	if r.wrappedRegisterer == nil {
-		return
-	}
-	for _, c := range cs {
-		if err := r.Register(c); err != nil {
-			panic(err)
-		}
-	}
-}
-
-func (r *wrappingRegisterer) Unregister(c Collector) bool {
-	if r.wrappedRegisterer == nil {
-		return false
-	}
-	return r.wrappedRegisterer.Unregister(&wrappingCollector{
-		wrappedCollector: c,
-		prefix:           r.prefix,
-		labels:           r.labels,
-	})
-}
-
-type wrappingCollector struct {
-	wrappedCollector Collector
-	prefix           string
-	labels           Labels
-}
-
-func (c *wrappingCollector) Collect(ch chan<- Metric) {
-	wrappedCh := make(chan Metric)
-	go func() {
-		c.wrappedCollector.Collect(wrappedCh)
-		close(wrappedCh)
-	}()
-	for m := range wrappedCh {
-		ch <- &wrappingMetric{
-			wrappedMetric: m,
-			prefix:        c.prefix,
-			labels:        c.labels,
-		}
-	}
-}
-
-func (c *wrappingCollector) Describe(ch chan<- *Desc) {
-	wrappedCh := make(chan *Desc)
-	go func() {
-		c.wrappedCollector.Describe(wrappedCh)
-		close(wrappedCh)
-	}()
-	for desc := range wrappedCh {
-		ch <- wrapDesc(desc, c.prefix, c.labels)
-	}
-}
-
-func (c *wrappingCollector) unwrapRecursively() Collector {
-	switch wc := c.wrappedCollector.(type) {
-	case *wrappingCollector:
-		return wc.unwrapRecursively()
-	default:
-		return wc
-	}
-}
-
-type wrappingMetric struct {
-	wrappedMetric Metric
-	prefix        string
-	labels        Labels
-}
-
-func (m *wrappingMetric) Desc() *Desc {
-	return wrapDesc(m.wrappedMetric.Desc(), m.prefix, m.labels)
-}
-
-func (m *wrappingMetric) Write(out *dto.Metric) error {
-	if err := m.wrappedMetric.Write(out); err != nil {
-		return err
-	}
-	if len(m.labels) == 0 {
-		// No wrapping labels.
-		return nil
-	}
-	for ln, lv := range m.labels {
-		out.Label = append(out.Label, &dto.LabelPair{
-			Name:  proto.String(ln),
-			Value: proto.String(lv),
-		})
-	}
-	sort.Sort(labelPairSorter(out.Label))
-	return nil
-}
-
-func wrapDesc(desc *Desc, prefix string, labels Labels) *Desc {
-	constLabels := Labels{}
-	for _, lp := range desc.constLabelPairs {
-		constLabels[*lp.Name] = *lp.Value
-	}
-	for ln, lv := range labels {
-		if _, alreadyUsed := constLabels[ln]; alreadyUsed {
-			return &Desc{
-				fqName:          desc.fqName,
-				help:            desc.help,
-				variableLabels:  desc.variableLabels,
-				constLabelPairs: desc.constLabelPairs,
-				err:             fmt.Errorf("attempted wrapping with already existing label name %q", ln),
-			}
-		}
-		constLabels[ln] = lv
-	}
-	// NewDesc will do remaining validations.
-	newDesc := NewDesc(prefix+desc.fqName, desc.help, desc.variableLabels, constLabels)
-	// Propagate errors if there was any. This will override any errer
-	// created by NewDesc above, i.e. earlier errors get precedence.
-	if desc.err != nil {
-		newDesc.err = desc.err
-	}
-	return newDesc
-}
diff --git a/vendor/github.com/prometheus/client_model/LICENSE b/vendor/github.com/prometheus/client_model/LICENSE
deleted file mode 100644
index 261eeb9e9..000000000
--- a/vendor/github.com/prometheus/client_model/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/prometheus/client_model/NOTICE b/vendor/github.com/prometheus/client_model/NOTICE
deleted file mode 100644
index 20110e410..000000000
--- a/vendor/github.com/prometheus/client_model/NOTICE
+++ /dev/null
@@ -1,5 +0,0 @@
-Data model artifacts for Prometheus.
-Copyright 2012-2015 The Prometheus Authors
-
-This product includes software developed at
-SoundCloud Ltd. (http://soundcloud.com/).
diff --git a/vendor/github.com/prometheus/client_model/go/metrics.pb.go b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
deleted file mode 100644
index 2f4930d9d..000000000
--- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go
+++ /dev/null
@@ -1,723 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: metrics.proto
-
-package io_prometheus_client
-
-import (
-	fmt "fmt"
-	proto "github.com/golang/protobuf/proto"
-	timestamp "github.com/golang/protobuf/ptypes/timestamp"
-	math "math"
-)
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
-
-type MetricType int32
-
-const (
-	MetricType_COUNTER   MetricType = 0
-	MetricType_GAUGE     MetricType = 1
-	MetricType_SUMMARY   MetricType = 2
-	MetricType_UNTYPED   MetricType = 3
-	MetricType_HISTOGRAM MetricType = 4
-)
-
-var MetricType_name = map[int32]string{
-	0: "COUNTER",
-	1: "GAUGE",
-	2: "SUMMARY",
-	3: "UNTYPED",
-	4: "HISTOGRAM",
-}
-
-var MetricType_value = map[string]int32{
-	"COUNTER":   0,
-	"GAUGE":     1,
-	"SUMMARY":   2,
-	"UNTYPED":   3,
-	"HISTOGRAM": 4,
-}
-
-func (x MetricType) Enum() *MetricType {
-	p := new(MetricType)
-	*p = x
-	return p
-}
-
-func (x MetricType) String() string {
-	return proto.EnumName(MetricType_name, int32(x))
-}
-
-func (x *MetricType) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(MetricType_value, data, "MetricType")
-	if err != nil {
-		return err
-	}
-	*x = MetricType(value)
-	return nil
-}
-
-func (MetricType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{0}
-}
-
-type LabelPair struct {
-	Name                 *string  `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Value                *string  `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *LabelPair) Reset()         { *m = LabelPair{} }
-func (m *LabelPair) String() string { return proto.CompactTextString(m) }
-func (*LabelPair) ProtoMessage()    {}
-func (*LabelPair) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{0}
-}
-
-func (m *LabelPair) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LabelPair.Unmarshal(m, b)
-}
-func (m *LabelPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LabelPair.Marshal(b, m, deterministic)
-}
-func (m *LabelPair) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LabelPair.Merge(m, src)
-}
-func (m *LabelPair) XXX_Size() int {
-	return xxx_messageInfo_LabelPair.Size(m)
-}
-func (m *LabelPair) XXX_DiscardUnknown() {
-	xxx_messageInfo_LabelPair.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LabelPair proto.InternalMessageInfo
-
-func (m *LabelPair) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-func (m *LabelPair) GetValue() string {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return ""
-}
-
-type Gauge struct {
-	Value                *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Gauge) Reset()         { *m = Gauge{} }
-func (m *Gauge) String() string { return proto.CompactTextString(m) }
-func (*Gauge) ProtoMessage()    {}
-func (*Gauge) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{1}
-}
-
-func (m *Gauge) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Gauge.Unmarshal(m, b)
-}
-func (m *Gauge) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Gauge.Marshal(b, m, deterministic)
-}
-func (m *Gauge) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Gauge.Merge(m, src)
-}
-func (m *Gauge) XXX_Size() int {
-	return xxx_messageInfo_Gauge.Size(m)
-}
-func (m *Gauge) XXX_DiscardUnknown() {
-	xxx_messageInfo_Gauge.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Gauge proto.InternalMessageInfo
-
-func (m *Gauge) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-type Counter struct {
-	Value                *float64  `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	Exemplar             *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
-	XXX_unrecognized     []byte    `json:"-"`
-	XXX_sizecache        int32     `json:"-"`
-}
-
-func (m *Counter) Reset()         { *m = Counter{} }
-func (m *Counter) String() string { return proto.CompactTextString(m) }
-func (*Counter) ProtoMessage()    {}
-func (*Counter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{2}
-}
-
-func (m *Counter) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Counter.Unmarshal(m, b)
-}
-func (m *Counter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Counter.Marshal(b, m, deterministic)
-}
-func (m *Counter) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Counter.Merge(m, src)
-}
-func (m *Counter) XXX_Size() int {
-	return xxx_messageInfo_Counter.Size(m)
-}
-func (m *Counter) XXX_DiscardUnknown() {
-	xxx_messageInfo_Counter.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Counter proto.InternalMessageInfo
-
-func (m *Counter) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-func (m *Counter) GetExemplar() *Exemplar {
-	if m != nil {
-		return m.Exemplar
-	}
-	return nil
-}
-
-type Quantile struct {
-	Quantile             *float64 `protobuf:"fixed64,1,opt,name=quantile" json:"quantile,omitempty"`
-	Value                *float64 `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Quantile) Reset()         { *m = Quantile{} }
-func (m *Quantile) String() string { return proto.CompactTextString(m) }
-func (*Quantile) ProtoMessage()    {}
-func (*Quantile) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{3}
-}
-
-func (m *Quantile) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Quantile.Unmarshal(m, b)
-}
-func (m *Quantile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Quantile.Marshal(b, m, deterministic)
-}
-func (m *Quantile) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Quantile.Merge(m, src)
-}
-func (m *Quantile) XXX_Size() int {
-	return xxx_messageInfo_Quantile.Size(m)
-}
-func (m *Quantile) XXX_DiscardUnknown() {
-	xxx_messageInfo_Quantile.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Quantile proto.InternalMessageInfo
-
-func (m *Quantile) GetQuantile() float64 {
-	if m != nil && m.Quantile != nil {
-		return *m.Quantile
-	}
-	return 0
-}
-
-func (m *Quantile) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-type Summary struct {
-	SampleCount          *uint64     `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
-	SampleSum            *float64    `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
-	Quantile             []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
-	XXX_unrecognized     []byte      `json:"-"`
-	XXX_sizecache        int32       `json:"-"`
-}
-
-func (m *Summary) Reset()         { *m = Summary{} }
-func (m *Summary) String() string { return proto.CompactTextString(m) }
-func (*Summary) ProtoMessage()    {}
-func (*Summary) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{4}
-}
-
-func (m *Summary) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Summary.Unmarshal(m, b)
-}
-func (m *Summary) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Summary.Marshal(b, m, deterministic)
-}
-func (m *Summary) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Summary.Merge(m, src)
-}
-func (m *Summary) XXX_Size() int {
-	return xxx_messageInfo_Summary.Size(m)
-}
-func (m *Summary) XXX_DiscardUnknown() {
-	xxx_messageInfo_Summary.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Summary proto.InternalMessageInfo
-
-func (m *Summary) GetSampleCount() uint64 {
-	if m != nil && m.SampleCount != nil {
-		return *m.SampleCount
-	}
-	return 0
-}
-
-func (m *Summary) GetSampleSum() float64 {
-	if m != nil && m.SampleSum != nil {
-		return *m.SampleSum
-	}
-	return 0
-}
-
-func (m *Summary) GetQuantile() []*Quantile {
-	if m != nil {
-		return m.Quantile
-	}
-	return nil
-}
-
-type Untyped struct {
-	Value                *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Untyped) Reset()         { *m = Untyped{} }
-func (m *Untyped) String() string { return proto.CompactTextString(m) }
-func (*Untyped) ProtoMessage()    {}
-func (*Untyped) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{5}
-}
-
-func (m *Untyped) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Untyped.Unmarshal(m, b)
-}
-func (m *Untyped) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Untyped.Marshal(b, m, deterministic)
-}
-func (m *Untyped) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Untyped.Merge(m, src)
-}
-func (m *Untyped) XXX_Size() int {
-	return xxx_messageInfo_Untyped.Size(m)
-}
-func (m *Untyped) XXX_DiscardUnknown() {
-	xxx_messageInfo_Untyped.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Untyped proto.InternalMessageInfo
-
-func (m *Untyped) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-type Histogram struct {
-	SampleCount          *uint64   `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
-	SampleSum            *float64  `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
-	Bucket               []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
-	XXX_unrecognized     []byte    `json:"-"`
-	XXX_sizecache        int32     `json:"-"`
-}
-
-func (m *Histogram) Reset()         { *m = Histogram{} }
-func (m *Histogram) String() string { return proto.CompactTextString(m) }
-func (*Histogram) ProtoMessage()    {}
-func (*Histogram) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{6}
-}
-
-func (m *Histogram) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Histogram.Unmarshal(m, b)
-}
-func (m *Histogram) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Histogram.Marshal(b, m, deterministic)
-}
-func (m *Histogram) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Histogram.Merge(m, src)
-}
-func (m *Histogram) XXX_Size() int {
-	return xxx_messageInfo_Histogram.Size(m)
-}
-func (m *Histogram) XXX_DiscardUnknown() {
-	xxx_messageInfo_Histogram.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Histogram proto.InternalMessageInfo
-
-func (m *Histogram) GetSampleCount() uint64 {
-	if m != nil && m.SampleCount != nil {
-		return *m.SampleCount
-	}
-	return 0
-}
-
-func (m *Histogram) GetSampleSum() float64 {
-	if m != nil && m.SampleSum != nil {
-		return *m.SampleSum
-	}
-	return 0
-}
-
-func (m *Histogram) GetBucket() []*Bucket {
-	if m != nil {
-		return m.Bucket
-	}
-	return nil
-}
-
-type Bucket struct {
-	CumulativeCount      *uint64   `protobuf:"varint,1,opt,name=cumulative_count,json=cumulativeCount" json:"cumulative_count,omitempty"`
-	UpperBound           *float64  `protobuf:"fixed64,2,opt,name=upper_bound,json=upperBound" json:"upper_bound,omitempty"`
-	Exemplar             *Exemplar `protobuf:"bytes,3,opt,name=exemplar" json:"exemplar,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
-	XXX_unrecognized     []byte    `json:"-"`
-	XXX_sizecache        int32     `json:"-"`
-}
-
-func (m *Bucket) Reset()         { *m = Bucket{} }
-func (m *Bucket) String() string { return proto.CompactTextString(m) }
-func (*Bucket) ProtoMessage()    {}
-func (*Bucket) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{7}
-}
-
-func (m *Bucket) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Bucket.Unmarshal(m, b)
-}
-func (m *Bucket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Bucket.Marshal(b, m, deterministic)
-}
-func (m *Bucket) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Bucket.Merge(m, src)
-}
-func (m *Bucket) XXX_Size() int {
-	return xxx_messageInfo_Bucket.Size(m)
-}
-func (m *Bucket) XXX_DiscardUnknown() {
-	xxx_messageInfo_Bucket.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Bucket proto.InternalMessageInfo
-
-func (m *Bucket) GetCumulativeCount() uint64 {
-	if m != nil && m.CumulativeCount != nil {
-		return *m.CumulativeCount
-	}
-	return 0
-}
-
-func (m *Bucket) GetUpperBound() float64 {
-	if m != nil && m.UpperBound != nil {
-		return *m.UpperBound
-	}
-	return 0
-}
-
-func (m *Bucket) GetExemplar() *Exemplar {
-	if m != nil {
-		return m.Exemplar
-	}
-	return nil
-}
-
-type Exemplar struct {
-	Label                []*LabelPair         `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
-	Value                *float64             `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
-	Timestamp            *timestamp.Timestamp `protobuf:"bytes,3,opt,name=timestamp" json:"timestamp,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
-	XXX_unrecognized     []byte               `json:"-"`
-	XXX_sizecache        int32                `json:"-"`
-}
-
-func (m *Exemplar) Reset()         { *m = Exemplar{} }
-func (m *Exemplar) String() string { return proto.CompactTextString(m) }
-func (*Exemplar) ProtoMessage()    {}
-func (*Exemplar) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{8}
-}
-
-func (m *Exemplar) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Exemplar.Unmarshal(m, b)
-}
-func (m *Exemplar) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Exemplar.Marshal(b, m, deterministic)
-}
-func (m *Exemplar) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Exemplar.Merge(m, src)
-}
-func (m *Exemplar) XXX_Size() int {
-	return xxx_messageInfo_Exemplar.Size(m)
-}
-func (m *Exemplar) XXX_DiscardUnknown() {
-	xxx_messageInfo_Exemplar.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Exemplar proto.InternalMessageInfo
-
-func (m *Exemplar) GetLabel() []*LabelPair {
-	if m != nil {
-		return m.Label
-	}
-	return nil
-}
-
-func (m *Exemplar) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-func (m *Exemplar) GetTimestamp() *timestamp.Timestamp {
-	if m != nil {
-		return m.Timestamp
-	}
-	return nil
-}
-
-type Metric struct {
-	Label                []*LabelPair `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
-	Gauge                *Gauge       `protobuf:"bytes,2,opt,name=gauge" json:"gauge,omitempty"`
-	Counter              *Counter     `protobuf:"bytes,3,opt,name=counter" json:"counter,omitempty"`
-	Summary              *Summary     `protobuf:"bytes,4,opt,name=summary" json:"summary,omitempty"`
-	Untyped              *Untyped     `protobuf:"bytes,5,opt,name=untyped" json:"untyped,omitempty"`
-	Histogram            *Histogram   `protobuf:"bytes,7,opt,name=histogram" json:"histogram,omitempty"`
-	TimestampMs          *int64       `protobuf:"varint,6,opt,name=timestamp_ms,json=timestampMs" json:"timestamp_ms,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *Metric) Reset()         { *m = Metric{} }
-func (m *Metric) String() string { return proto.CompactTextString(m) }
-func (*Metric) ProtoMessage()    {}
-func (*Metric) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{9}
-}
-
-func (m *Metric) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Metric.Unmarshal(m, b)
-}
-func (m *Metric) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Metric.Marshal(b, m, deterministic)
-}
-func (m *Metric) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Metric.Merge(m, src)
-}
-func (m *Metric) XXX_Size() int {
-	return xxx_messageInfo_Metric.Size(m)
-}
-func (m *Metric) XXX_DiscardUnknown() {
-	xxx_messageInfo_Metric.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Metric proto.InternalMessageInfo
-
-func (m *Metric) GetLabel() []*LabelPair {
-	if m != nil {
-		return m.Label
-	}
-	return nil
-}
-
-func (m *Metric) GetGauge() *Gauge {
-	if m != nil {
-		return m.Gauge
-	}
-	return nil
-}
-
-func (m *Metric) GetCounter() *Counter {
-	if m != nil {
-		return m.Counter
-	}
-	return nil
-}
-
-func (m *Metric) GetSummary() *Summary {
-	if m != nil {
-		return m.Summary
-	}
-	return nil
-}
-
-func (m *Metric) GetUntyped() *Untyped {
-	if m != nil {
-		return m.Untyped
-	}
-	return nil
-}
-
-func (m *Metric) GetHistogram() *Histogram {
-	if m != nil {
-		return m.Histogram
-	}
-	return nil
-}
-
-func (m *Metric) GetTimestampMs() int64 {
-	if m != nil && m.TimestampMs != nil {
-		return *m.TimestampMs
-	}
-	return 0
-}
-
-type MetricFamily struct {
-	Name                 *string     `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Help                 *string     `protobuf:"bytes,2,opt,name=help" json:"help,omitempty"`
-	Type                 *MetricType `protobuf:"varint,3,opt,name=type,enum=io.prometheus.client.MetricType" json:"type,omitempty"`
-	Metric               []*Metric   `protobuf:"bytes,4,rep,name=metric" json:"metric,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
-	XXX_unrecognized     []byte      `json:"-"`
-	XXX_sizecache        int32       `json:"-"`
-}
-
-func (m *MetricFamily) Reset()         { *m = MetricFamily{} }
-func (m *MetricFamily) String() string { return proto.CompactTextString(m) }
-func (*MetricFamily) ProtoMessage()    {}
-func (*MetricFamily) Descriptor() ([]byte, []int) {
-	return fileDescriptor_6039342a2ba47b72, []int{10}
-}
-
-func (m *MetricFamily) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_MetricFamily.Unmarshal(m, b)
-}
-func (m *MetricFamily) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_MetricFamily.Marshal(b, m, deterministic)
-}
-func (m *MetricFamily) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MetricFamily.Merge(m, src)
-}
-func (m *MetricFamily) XXX_Size() int {
-	return xxx_messageInfo_MetricFamily.Size(m)
-}
-func (m *MetricFamily) XXX_DiscardUnknown() {
-	xxx_messageInfo_MetricFamily.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_MetricFamily proto.InternalMessageInfo
-
-func (m *MetricFamily) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-func (m *MetricFamily) GetHelp() string {
-	if m != nil && m.Help != nil {
-		return *m.Help
-	}
-	return ""
-}
-
-func (m *MetricFamily) GetType() MetricType {
-	if m != nil && m.Type != nil {
-		return *m.Type
-	}
-	return MetricType_COUNTER
-}
-
-func (m *MetricFamily) GetMetric() []*Metric {
-	if m != nil {
-		return m.Metric
-	}
-	return nil
-}
-
-func init() {
-	proto.RegisterEnum("io.prometheus.client.MetricType", MetricType_name, MetricType_value)
-	proto.RegisterType((*LabelPair)(nil), "io.prometheus.client.LabelPair")
-	proto.RegisterType((*Gauge)(nil), "io.prometheus.client.Gauge")
-	proto.RegisterType((*Counter)(nil), "io.prometheus.client.Counter")
-	proto.RegisterType((*Quantile)(nil), "io.prometheus.client.Quantile")
-	proto.RegisterType((*Summary)(nil), "io.prometheus.client.Summary")
-	proto.RegisterType((*Untyped)(nil), "io.prometheus.client.Untyped")
-	proto.RegisterType((*Histogram)(nil), "io.prometheus.client.Histogram")
-	proto.RegisterType((*Bucket)(nil), "io.prometheus.client.Bucket")
-	proto.RegisterType((*Exemplar)(nil), "io.prometheus.client.Exemplar")
-	proto.RegisterType((*Metric)(nil), "io.prometheus.client.Metric")
-	proto.RegisterType((*MetricFamily)(nil), "io.prometheus.client.MetricFamily")
-}
-
-func init() { proto.RegisterFile("metrics.proto", fileDescriptor_6039342a2ba47b72) }
-
-var fileDescriptor_6039342a2ba47b72 = []byte{
-	// 665 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xcd, 0x6e, 0xd3, 0x4c,
-	0x14, 0xfd, 0xdc, 0x38, 0x3f, 0xbe, 0x69, 0x3f, 0xa2, 0x51, 0x17, 0x56, 0xa1, 0x24, 0x78, 0x55,
-	0x58, 0x38, 0xa2, 0x6a, 0x05, 0x2a, 0xb0, 0x68, 0x4b, 0x48, 0x91, 0x48, 0x5b, 0x26, 0xc9, 0xa2,
-	0xb0, 0x88, 0x1c, 0x77, 0x70, 0x2c, 0x3c, 0xb1, 0xb1, 0x67, 0x2a, 0xb2, 0x66, 0xc1, 0x16, 0x5e,
-	0x81, 0x17, 0x05, 0xcd, 0x8f, 0x6d, 0x2a, 0xb9, 0x95, 0x40, 0xec, 0x66, 0xee, 0x3d, 0xe7, 0xfa,
-	0xcc, 0xf8, 0x9c, 0x81, 0x0d, 0x4a, 0x58, 0x1a, 0xfa, 0x99, 0x9b, 0xa4, 0x31, 0x8b, 0xd1, 0x66,
-	0x18, 0x8b, 0x15, 0x25, 0x6c, 0x41, 0x78, 0xe6, 0xfa, 0x51, 0x48, 0x96, 0x6c, 0xab, 0x1b, 0xc4,
-	0x71, 0x10, 0x91, 0xbe, 0xc4, 0xcc, 0xf9, 0x87, 0x3e, 0x0b, 0x29, 0xc9, 0x98, 0x47, 0x13, 0x45,
-	0x73, 0xf6, 0xc1, 0x7a, 0xe3, 0xcd, 0x49, 0x74, 0xee, 0x85, 0x29, 0x42, 0x60, 0x2e, 0x3d, 0x4a,
-	0x6c, 0xa3, 0x67, 0xec, 0x58, 0x58, 0xae, 0xd1, 0x26, 0xd4, 0xaf, 0xbc, 0x88, 0x13, 0x7b, 0x4d,
-	0x16, 0xd5, 0xc6, 0xd9, 0x86, 0xfa, 0xd0, 0xe3, 0xc1, 0x6f, 0x6d, 0xc1, 0x31, 0xf2, 0xf6, 0x7b,
-	0x68, 0x1e, 0xc7, 0x7c, 0xc9, 0x48, 0x5a, 0x0d, 0x40, 0x07, 0xd0, 0x22, 0x9f, 0x09, 0x4d, 0x22,
-	0x2f, 0x95, 0x83, 0xdb, 0xbb, 0xf7, 0xdd, 0xaa, 0x03, 0xb8, 0x03, 0x8d, 0xc2, 0x05, 0xde, 0x79,
-	0x0e, 0xad, 0xb7, 0xdc, 0x5b, 0xb2, 0x30, 0x22, 0x68, 0x0b, 0x5a, 0x9f, 0xf4, 0x5a, 0x7f, 0xa0,
-	0xd8, 0x5f, 0x57, 0x5e, 0x48, 0xfb, 0x6a, 0x40, 0x73, 0xcc, 0x29, 0xf5, 0xd2, 0x15, 0x7a, 0x00,
-	0xeb, 0x99, 0x47, 0x93, 0x88, 0xcc, 0x7c, 0xa1, 0x56, 0x4e, 0x30, 0x71, 0x5b, 0xd5, 0xe4, 0x01,
-	0xd0, 0x36, 0x80, 0x86, 0x64, 0x9c, 0xea, 0x49, 0x96, 0xaa, 0x8c, 0x39, 0x15, 0xe7, 0x28, 0xbe,
-	0x5f, 0xeb, 0xd5, 0x6e, 0x3e, 0x47, 0xae, 0xb8, 0xd4, 0xe7, 0x74, 0xa1, 0x39, 0x5d, 0xb2, 0x55,
-	0x42, 0x2e, 0x6f, 0xb8, 0xc5, 0x2f, 0x06, 0x58, 0x27, 0x61, 0xc6, 0xe2, 0x20, 0xf5, 0xe8, 0x3f,
-	0x10, 0xbb, 0x07, 0x8d, 0x39, 0xf7, 0x3f, 0x12, 0xa6, 0xa5, 0xde, 0xab, 0x96, 0x7a, 0x24, 0x31,
-	0x58, 0x63, 0x9d, 0x6f, 0x06, 0x34, 0x54, 0x09, 0x3d, 0x84, 0x8e, 0xcf, 0x29, 0x8f, 0x3c, 0x16,
-	0x5e, 0x5d, 0x97, 0x71, 0xa7, 0xac, 0x2b, 0x29, 0x5d, 0x68, 0xf3, 0x24, 0x21, 0xe9, 0x6c, 0x1e,
-	0xf3, 0xe5, 0xa5, 0xd6, 0x02, 0xb2, 0x74, 0x24, 0x2a, 0xd7, 0x1c, 0x50, 0xfb, 0x43, 0x07, 0x7c,
-	0x37, 0xa0, 0x95, 0x97, 0xd1, 0x3e, 0xd4, 0x23, 0xe1, 0x60, 0xdb, 0x90, 0x87, 0xea, 0x56, 0x4f,
-	0x29, 0x4c, 0x8e, 0x15, 0xba, 0xda, 0x1d, 0xe8, 0x29, 0x58, 0x45, 0x42, 0xb4, 0xac, 0x2d, 0x57,
-	0x65, 0xc8, 0xcd, 0x33, 0xe4, 0x4e, 0x72, 0x04, 0x2e, 0xc1, 0xce, 0xcf, 0x35, 0x68, 0x8c, 0x64,
-	0x22, 0xff, 0x56, 0xd1, 0x63, 0xa8, 0x07, 0x22, 0x53, 0x3a, 0x10, 0x77, 0xab, 0x69, 0x32, 0x76,
-	0x58, 0x21, 0xd1, 0x13, 0x68, 0xfa, 0x2a, 0x67, 0x5a, 0xec, 0x76, 0x35, 0x49, 0x87, 0x11, 0xe7,
-	0x68, 0x41, 0xcc, 0x54, 0x08, 0x6c, 0xf3, 0x36, 0xa2, 0x4e, 0x0a, 0xce, 0xd1, 0x82, 0xc8, 0x95,
-	0x69, 0xed, 0xfa, 0x6d, 0x44, 0xed, 0x6c, 0x9c, 0xa3, 0xd1, 0x0b, 0xb0, 0x16, 0xb9, 0x97, 0xed,
-	0xa6, 0xa4, 0xde, 0x70, 0x31, 0x85, 0xe5, 0x71, 0xc9, 0x10, 0xee, 0x2f, 0xee, 0x7a, 0x46, 0x33,
-	0xbb, 0xd1, 0x33, 0x76, 0x6a, 0xb8, 0x5d, 0xd4, 0x46, 0x99, 0xf3, 0xc3, 0x80, 0x75, 0xf5, 0x07,
-	0x5e, 0x79, 0x34, 0x8c, 0x56, 0x95, 0xcf, 0x19, 0x02, 0x73, 0x41, 0xa2, 0x44, 0xbf, 0x66, 0x72,
-	0x8d, 0xf6, 0xc0, 0x14, 0x1a, 0xe5, 0x15, 0xfe, 0xbf, 0xdb, 0xab, 0x56, 0xa5, 0x26, 0x4f, 0x56,
-	0x09, 0xc1, 0x12, 0x2d, 0xd2, 0xa4, 0x5e, 0x60, 0xdb, 0xbc, 0x2d, 0x4d, 0x8a, 0x87, 0x35, 0xf6,
-	0xd1, 0x08, 0xa0, 0x9c, 0x84, 0xda, 0xd0, 0x3c, 0x3e, 0x9b, 0x9e, 0x4e, 0x06, 0xb8, 0xf3, 0x1f,
-	0xb2, 0xa0, 0x3e, 0x3c, 0x9c, 0x0e, 0x07, 0x1d, 0x43, 0xd4, 0xc7, 0xd3, 0xd1, 0xe8, 0x10, 0x5f,
-	0x74, 0xd6, 0xc4, 0x66, 0x7a, 0x3a, 0xb9, 0x38, 0x1f, 0xbc, 0xec, 0xd4, 0xd0, 0x06, 0x58, 0x27,
-	0xaf, 0xc7, 0x93, 0xb3, 0x21, 0x3e, 0x1c, 0x75, 0xcc, 0x23, 0x0c, 0x95, 0xef, 0xfe, 0xbb, 0x83,
-	0x20, 0x64, 0x0b, 0x3e, 0x77, 0xfd, 0x98, 0xf6, 0xcb, 0x6e, 0x5f, 0x75, 0x67, 0x34, 0xbe, 0x24,
-	0x51, 0x3f, 0x88, 0x9f, 0x85, 0xf1, 0xac, 0xec, 0xce, 0x54, 0xf7, 0x57, 0x00, 0x00, 0x00, 0xff,
-	0xff, 0xd0, 0x84, 0x91, 0x73, 0x59, 0x06, 0x00, 0x00,
-}
diff --git a/vendor/github.com/prometheus/common/LICENSE b/vendor/github.com/prometheus/common/LICENSE
deleted file mode 100644
index 261eeb9e9..000000000
--- a/vendor/github.com/prometheus/common/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/prometheus/common/NOTICE b/vendor/github.com/prometheus/common/NOTICE
deleted file mode 100644
index 636a2c1a5..000000000
--- a/vendor/github.com/prometheus/common/NOTICE
+++ /dev/null
@@ -1,5 +0,0 @@
-Common libraries shared by Prometheus Go components.
-Copyright 2015 The Prometheus Authors
-
-This product includes software developed at
-SoundCloud Ltd. (http://soundcloud.com/).
diff --git a/vendor/github.com/prometheus/common/expfmt/decode.go b/vendor/github.com/prometheus/common/expfmt/decode.go
deleted file mode 100644
index 7657f841d..000000000
--- a/vendor/github.com/prometheus/common/expfmt/decode.go
+++ /dev/null
@@ -1,429 +0,0 @@
-// Copyright 2015 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package expfmt
-
-import (
-	"fmt"
-	"io"
-	"math"
-	"mime"
-	"net/http"
-
-	dto "github.com/prometheus/client_model/go"
-
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
-	"github.com/prometheus/common/model"
-)
-
-// Decoder types decode an input stream into metric families.
-type Decoder interface {
-	Decode(*dto.MetricFamily) error
-}
-
-// DecodeOptions contains options used by the Decoder and in sample extraction.
-type DecodeOptions struct {
-	// Timestamp is added to each value from the stream that has no explicit timestamp set.
-	Timestamp model.Time
-}
-
-// ResponseFormat extracts the correct format from a HTTP response header.
-// If no matching format can be found FormatUnknown is returned.
-func ResponseFormat(h http.Header) Format {
-	ct := h.Get(hdrContentType)
-
-	mediatype, params, err := mime.ParseMediaType(ct)
-	if err != nil {
-		return FmtUnknown
-	}
-
-	const textType = "text/plain"
-
-	switch mediatype {
-	case ProtoType:
-		if p, ok := params["proto"]; ok && p != ProtoProtocol {
-			return FmtUnknown
-		}
-		if e, ok := params["encoding"]; ok && e != "delimited" {
-			return FmtUnknown
-		}
-		return FmtProtoDelim
-
-	case textType:
-		if v, ok := params["version"]; ok && v != TextVersion {
-			return FmtUnknown
-		}
-		return FmtText
-	}
-
-	return FmtUnknown
-}
-
-// NewDecoder returns a new decoder based on the given input format.
-// If the input format does not imply otherwise, a text format decoder is returned.
-func NewDecoder(r io.Reader, format Format) Decoder {
-	switch format {
-	case FmtProtoDelim:
-		return &protoDecoder{r: r}
-	}
-	return &textDecoder{r: r}
-}
-
-// protoDecoder implements the Decoder interface for protocol buffers.
-type protoDecoder struct {
-	r io.Reader
-}
-
-// Decode implements the Decoder interface.
-func (d *protoDecoder) Decode(v *dto.MetricFamily) error {
-	_, err := pbutil.ReadDelimited(d.r, v)
-	if err != nil {
-		return err
-	}
-	if !model.IsValidMetricName(model.LabelValue(v.GetName())) {
-		return fmt.Errorf("invalid metric name %q", v.GetName())
-	}
-	for _, m := range v.GetMetric() {
-		if m == nil {
-			continue
-		}
-		for _, l := range m.GetLabel() {
-			if l == nil {
-				continue
-			}
-			if !model.LabelValue(l.GetValue()).IsValid() {
-				return fmt.Errorf("invalid label value %q", l.GetValue())
-			}
-			if !model.LabelName(l.GetName()).IsValid() {
-				return fmt.Errorf("invalid label name %q", l.GetName())
-			}
-		}
-	}
-	return nil
-}
-
-// textDecoder implements the Decoder interface for the text protocol.
-type textDecoder struct {
-	r    io.Reader
-	p    TextParser
-	fams []*dto.MetricFamily
-}
-
-// Decode implements the Decoder interface.
-func (d *textDecoder) Decode(v *dto.MetricFamily) error {
-	// TODO(fabxc): Wrap this as a line reader to make streaming safer.
-	if len(d.fams) == 0 {
-		// No cached metric families, read everything and parse metrics.
-		fams, err := d.p.TextToMetricFamilies(d.r)
-		if err != nil {
-			return err
-		}
-		if len(fams) == 0 {
-			return io.EOF
-		}
-		d.fams = make([]*dto.MetricFamily, 0, len(fams))
-		for _, f := range fams {
-			d.fams = append(d.fams, f)
-		}
-	}
-
-	*v = *d.fams[0]
-	d.fams = d.fams[1:]
-
-	return nil
-}
-
-// SampleDecoder wraps a Decoder to extract samples from the metric families
-// decoded by the wrapped Decoder.
-type SampleDecoder struct {
-	Dec  Decoder
-	Opts *DecodeOptions
-
-	f dto.MetricFamily
-}
-
-// Decode calls the Decode method of the wrapped Decoder and then extracts the
-// samples from the decoded MetricFamily into the provided model.Vector.
-func (sd *SampleDecoder) Decode(s *model.Vector) error {
-	err := sd.Dec.Decode(&sd.f)
-	if err != nil {
-		return err
-	}
-	*s, err = extractSamples(&sd.f, sd.Opts)
-	return err
-}
-
-// ExtractSamples builds a slice of samples from the provided metric
-// families. If an error occurs during sample extraction, it continues to
-// extract from the remaining metric families. The returned error is the last
-// error that has occurred.
-func ExtractSamples(o *DecodeOptions, fams ...*dto.MetricFamily) (model.Vector, error) {
-	var (
-		all     model.Vector
-		lastErr error
-	)
-	for _, f := range fams {
-		some, err := extractSamples(f, o)
-		if err != nil {
-			lastErr = err
-			continue
-		}
-		all = append(all, some...)
-	}
-	return all, lastErr
-}
-
-func extractSamples(f *dto.MetricFamily, o *DecodeOptions) (model.Vector, error) {
-	switch f.GetType() {
-	case dto.MetricType_COUNTER:
-		return extractCounter(o, f), nil
-	case dto.MetricType_GAUGE:
-		return extractGauge(o, f), nil
-	case dto.MetricType_SUMMARY:
-		return extractSummary(o, f), nil
-	case dto.MetricType_UNTYPED:
-		return extractUntyped(o, f), nil
-	case dto.MetricType_HISTOGRAM:
-		return extractHistogram(o, f), nil
-	}
-	return nil, fmt.Errorf("expfmt.extractSamples: unknown metric family type %v", f.GetType())
-}
-
-func extractCounter(o *DecodeOptions, f *dto.MetricFamily) model.Vector {
-	samples := make(model.Vector, 0, len(f.Metric))
-
-	for _, m := range f.Metric {
-		if m.Counter == nil {
-			continue
-		}
-
-		lset := make(model.LabelSet, len(m.Label)+1)
-		for _, p := range m.Label {
-			lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-		}
-		lset[model.MetricNameLabel] = model.LabelValue(f.GetName())
-
-		smpl := &model.Sample{
-			Metric: model.Metric(lset),
-			Value:  model.SampleValue(m.Counter.GetValue()),
-		}
-
-		if m.TimestampMs != nil {
-			smpl.Timestamp = model.TimeFromUnixNano(*m.TimestampMs * 1000000)
-		} else {
-			smpl.Timestamp = o.Timestamp
-		}
-
-		samples = append(samples, smpl)
-	}
-
-	return samples
-}
-
-func extractGauge(o *DecodeOptions, f *dto.MetricFamily) model.Vector {
-	samples := make(model.Vector, 0, len(f.Metric))
-
-	for _, m := range f.Metric {
-		if m.Gauge == nil {
-			continue
-		}
-
-		lset := make(model.LabelSet, len(m.Label)+1)
-		for _, p := range m.Label {
-			lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-		}
-		lset[model.MetricNameLabel] = model.LabelValue(f.GetName())
-
-		smpl := &model.Sample{
-			Metric: model.Metric(lset),
-			Value:  model.SampleValue(m.Gauge.GetValue()),
-		}
-
-		if m.TimestampMs != nil {
-			smpl.Timestamp = model.TimeFromUnixNano(*m.TimestampMs * 1000000)
-		} else {
-			smpl.Timestamp = o.Timestamp
-		}
-
-		samples = append(samples, smpl)
-	}
-
-	return samples
-}
-
-func extractUntyped(o *DecodeOptions, f *dto.MetricFamily) model.Vector {
-	samples := make(model.Vector, 0, len(f.Metric))
-
-	for _, m := range f.Metric {
-		if m.Untyped == nil {
-			continue
-		}
-
-		lset := make(model.LabelSet, len(m.Label)+1)
-		for _, p := range m.Label {
-			lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-		}
-		lset[model.MetricNameLabel] = model.LabelValue(f.GetName())
-
-		smpl := &model.Sample{
-			Metric: model.Metric(lset),
-			Value:  model.SampleValue(m.Untyped.GetValue()),
-		}
-
-		if m.TimestampMs != nil {
-			smpl.Timestamp = model.TimeFromUnixNano(*m.TimestampMs * 1000000)
-		} else {
-			smpl.Timestamp = o.Timestamp
-		}
-
-		samples = append(samples, smpl)
-	}
-
-	return samples
-}
-
-func extractSummary(o *DecodeOptions, f *dto.MetricFamily) model.Vector {
-	samples := make(model.Vector, 0, len(f.Metric))
-
-	for _, m := range f.Metric {
-		if m.Summary == nil {
-			continue
-		}
-
-		timestamp := o.Timestamp
-		if m.TimestampMs != nil {
-			timestamp = model.TimeFromUnixNano(*m.TimestampMs * 1000000)
-		}
-
-		for _, q := range m.Summary.Quantile {
-			lset := make(model.LabelSet, len(m.Label)+2)
-			for _, p := range m.Label {
-				lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-			}
-			// BUG(matt): Update other names to "quantile".
-			lset[model.LabelName(model.QuantileLabel)] = model.LabelValue(fmt.Sprint(q.GetQuantile()))
-			lset[model.MetricNameLabel] = model.LabelValue(f.GetName())
-
-			samples = append(samples, &model.Sample{
-				Metric:    model.Metric(lset),
-				Value:     model.SampleValue(q.GetValue()),
-				Timestamp: timestamp,
-			})
-		}
-
-		lset := make(model.LabelSet, len(m.Label)+1)
-		for _, p := range m.Label {
-			lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-		}
-		lset[model.MetricNameLabel] = model.LabelValue(f.GetName() + "_sum")
-
-		samples = append(samples, &model.Sample{
-			Metric:    model.Metric(lset),
-			Value:     model.SampleValue(m.Summary.GetSampleSum()),
-			Timestamp: timestamp,
-		})
-
-		lset = make(model.LabelSet, len(m.Label)+1)
-		for _, p := range m.Label {
-			lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-		}
-		lset[model.MetricNameLabel] = model.LabelValue(f.GetName() + "_count")
-
-		samples = append(samples, &model.Sample{
-			Metric:    model.Metric(lset),
-			Value:     model.SampleValue(m.Summary.GetSampleCount()),
-			Timestamp: timestamp,
-		})
-	}
-
-	return samples
-}
-
-func extractHistogram(o *DecodeOptions, f *dto.MetricFamily) model.Vector {
-	samples := make(model.Vector, 0, len(f.Metric))
-
-	for _, m := range f.Metric {
-		if m.Histogram == nil {
-			continue
-		}
-
-		timestamp := o.Timestamp
-		if m.TimestampMs != nil {
-			timestamp = model.TimeFromUnixNano(*m.TimestampMs * 1000000)
-		}
-
-		infSeen := false
-
-		for _, q := range m.Histogram.Bucket {
-			lset := make(model.LabelSet, len(m.Label)+2)
-			for _, p := range m.Label {
-				lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-			}
-			lset[model.LabelName(model.BucketLabel)] = model.LabelValue(fmt.Sprint(q.GetUpperBound()))
-			lset[model.MetricNameLabel] = model.LabelValue(f.GetName() + "_bucket")
-
-			if math.IsInf(q.GetUpperBound(), +1) {
-				infSeen = true
-			}
-
-			samples = append(samples, &model.Sample{
-				Metric:    model.Metric(lset),
-				Value:     model.SampleValue(q.GetCumulativeCount()),
-				Timestamp: timestamp,
-			})
-		}
-
-		lset := make(model.LabelSet, len(m.Label)+1)
-		for _, p := range m.Label {
-			lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-		}
-		lset[model.MetricNameLabel] = model.LabelValue(f.GetName() + "_sum")
-
-		samples = append(samples, &model.Sample{
-			Metric:    model.Metric(lset),
-			Value:     model.SampleValue(m.Histogram.GetSampleSum()),
-			Timestamp: timestamp,
-		})
-
-		lset = make(model.LabelSet, len(m.Label)+1)
-		for _, p := range m.Label {
-			lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-		}
-		lset[model.MetricNameLabel] = model.LabelValue(f.GetName() + "_count")
-
-		count := &model.Sample{
-			Metric:    model.Metric(lset),
-			Value:     model.SampleValue(m.Histogram.GetSampleCount()),
-			Timestamp: timestamp,
-		}
-		samples = append(samples, count)
-
-		if !infSeen {
-			// Append an infinity bucket sample.
-			lset := make(model.LabelSet, len(m.Label)+2)
-			for _, p := range m.Label {
-				lset[model.LabelName(p.GetName())] = model.LabelValue(p.GetValue())
-			}
-			lset[model.LabelName(model.BucketLabel)] = model.LabelValue("+Inf")
-			lset[model.MetricNameLabel] = model.LabelValue(f.GetName() + "_bucket")
-
-			samples = append(samples, &model.Sample{
-				Metric:    model.Metric(lset),
-				Value:     count.Value,
-				Timestamp: timestamp,
-			})
-		}
-	}
-
-	return samples
-}
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
deleted file mode 100644
index 64dc0eb40..000000000
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ /dev/null
@@ -1,162 +0,0 @@
-// Copyright 2015 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package expfmt
-
-import (
-	"fmt"
-	"io"
-	"net/http"
-
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
-	"github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// Encoder types encode metric families into an underlying wire protocol.
-type Encoder interface {
-	Encode(*dto.MetricFamily) error
-}
-
-// Closer is implemented by Encoders that need to be closed to finalize
-// encoding. (For example, OpenMetrics needs a final `# EOF` line.)
-//
-// Note that all Encoder implementations returned from this package implement
-// Closer, too, even if the Close call is a no-op. This happens in preparation
-// for adding a Close method to the Encoder interface directly in a (mildly
-// breaking) release in the future.
-type Closer interface {
-	Close() error
-}
-
-type encoderCloser struct {
-	encode func(*dto.MetricFamily) error
-	close  func() error
-}
-
-func (ec encoderCloser) Encode(v *dto.MetricFamily) error {
-	return ec.encode(v)
-}
-
-func (ec encoderCloser) Close() error {
-	return ec.close()
-}
-
-// Negotiate returns the Content-Type based on the given Accept header. If no
-// appropriate accepted type is found, FmtText is returned (which is the
-// Prometheus text format). This function will never negotiate FmtOpenMetrics,
-// as the support is still experimental. To include the option to negotiate
-// FmtOpenMetrics, use NegotiateOpenMetrics.
-func Negotiate(h http.Header) Format {
-	for _, ac := range goautoneg.ParseAccept(h.Get(hdrAccept)) {
-		ver := ac.Params["version"]
-		if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
-			switch ac.Params["encoding"] {
-			case "delimited":
-				return FmtProtoDelim
-			case "text":
-				return FmtProtoText
-			case "compact-text":
-				return FmtProtoCompact
-			}
-		}
-		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
-			return FmtText
-		}
-	}
-	return FmtText
-}
-
-// NegotiateIncludingOpenMetrics works like Negotiate but includes
-// FmtOpenMetrics as an option for the result. Note that this function is
-// temporary and will disappear once FmtOpenMetrics is fully supported and as
-// such may be negotiated by the normal Negotiate function.
-func NegotiateIncludingOpenMetrics(h http.Header) Format {
-	for _, ac := range goautoneg.ParseAccept(h.Get(hdrAccept)) {
-		ver := ac.Params["version"]
-		if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
-			switch ac.Params["encoding"] {
-			case "delimited":
-				return FmtProtoDelim
-			case "text":
-				return FmtProtoText
-			case "compact-text":
-				return FmtProtoCompact
-			}
-		}
-		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
-			return FmtText
-		}
-		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion || ver == "") {
-			return FmtOpenMetrics
-		}
-	}
-	return FmtText
-}
-
-// NewEncoder returns a new encoder based on content type negotiation. All
-// Encoder implementations returned by NewEncoder also implement Closer, and
-// callers should always call the Close method. It is currently only required
-// for FmtOpenMetrics, but a future (breaking) release will add the Close method
-// to the Encoder interface directly. The current version of the Encoder
-// interface is kept for backwards compatibility.
-func NewEncoder(w io.Writer, format Format) Encoder {
-	switch format {
-	case FmtProtoDelim:
-		return encoderCloser{
-			encode: func(v *dto.MetricFamily) error {
-				_, err := pbutil.WriteDelimited(w, v)
-				return err
-			},
-			close: func() error { return nil },
-		}
-	case FmtProtoCompact:
-		return encoderCloser{
-			encode: func(v *dto.MetricFamily) error {
-				_, err := fmt.Fprintln(w, v.String())
-				return err
-			},
-			close: func() error { return nil },
-		}
-	case FmtProtoText:
-		return encoderCloser{
-			encode: func(v *dto.MetricFamily) error {
-				_, err := fmt.Fprintln(w, proto.MarshalTextString(v))
-				return err
-			},
-			close: func() error { return nil },
-		}
-	case FmtText:
-		return encoderCloser{
-			encode: func(v *dto.MetricFamily) error {
-				_, err := MetricFamilyToText(w, v)
-				return err
-			},
-			close: func() error { return nil },
-		}
-	case FmtOpenMetrics:
-		return encoderCloser{
-			encode: func(v *dto.MetricFamily) error {
-				_, err := MetricFamilyToOpenMetrics(w, v)
-				return err
-			},
-			close: func() error {
-				_, err := FinalizeOpenMetrics(w)
-				return err
-			},
-		}
-	}
-	panic(fmt.Errorf("expfmt.NewEncoder: unknown format %q", format))
-}
diff --git a/vendor/github.com/prometheus/common/expfmt/expfmt.go b/vendor/github.com/prometheus/common/expfmt/expfmt.go
deleted file mode 100644
index 0f176fa64..000000000
--- a/vendor/github.com/prometheus/common/expfmt/expfmt.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright 2015 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package expfmt contains tools for reading and writing Prometheus metrics.
-package expfmt
-
-// Format specifies the HTTP content type of the different wire protocols.
-type Format string
-
-// Constants to assemble the Content-Type values for the different wire protocols.
-const (
-	TextVersion        = "0.0.4"
-	ProtoType          = `application/vnd.google.protobuf`
-	ProtoProtocol      = `io.prometheus.client.MetricFamily`
-	ProtoFmt           = ProtoType + "; proto=" + ProtoProtocol + ";"
-	OpenMetricsType    = `application/openmetrics-text`
-	OpenMetricsVersion = "0.0.1"
-
-	// The Content-Type values for the different wire protocols.
-	FmtUnknown      Format = `<unknown>`
-	FmtText         Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
-	FmtProtoDelim   Format = ProtoFmt + ` encoding=delimited`
-	FmtProtoText    Format = ProtoFmt + ` encoding=text`
-	FmtProtoCompact Format = ProtoFmt + ` encoding=compact-text`
-	FmtOpenMetrics  Format = OpenMetricsType + `; version=` + OpenMetricsVersion + `; charset=utf-8`
-)
-
-const (
-	hdrContentType = "Content-Type"
-	hdrAccept      = "Accept"
-)
diff --git a/vendor/github.com/prometheus/common/expfmt/fuzz.go b/vendor/github.com/prometheus/common/expfmt/fuzz.go
deleted file mode 100644
index dc2eedeef..000000000
--- a/vendor/github.com/prometheus/common/expfmt/fuzz.go
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Build only when actually fuzzing
-// +build gofuzz
-
-package expfmt
-
-import "bytes"
-
-// Fuzz text metric parser with with github.com/dvyukov/go-fuzz:
-//
-//     go-fuzz-build github.com/prometheus/common/expfmt
-//     go-fuzz -bin expfmt-fuzz.zip -workdir fuzz
-//
-// Further input samples should go in the folder fuzz/corpus.
-func Fuzz(in []byte) int {
-	parser := TextParser{}
-	_, err := parser.TextToMetricFamilies(bytes.NewReader(in))
-
-	if err != nil {
-		return 0
-	}
-
-	return 1
-}
diff --git a/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go b/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
deleted file mode 100644
index 8a9313a3b..000000000
--- a/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
+++ /dev/null
@@ -1,527 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package expfmt
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"math"
-	"strconv"
-	"strings"
-
-	"github.com/golang/protobuf/ptypes"
-	"github.com/prometheus/common/model"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// MetricFamilyToOpenMetrics converts a MetricFamily proto message into the
-// OpenMetrics text format and writes the resulting lines to 'out'. It returns
-// the number of bytes written and any error encountered. The output will have
-// the same order as the input, no further sorting is performed. Furthermore,
-// this function assumes the input is already sanitized and does not perform any
-// sanity checks. If the input contains duplicate metrics or invalid metric or
-// label names, the conversion will result in invalid text format output.
-//
-// This function fulfills the type 'expfmt.encoder'.
-//
-// Note that OpenMetrics requires a final `# EOF` line. Since this function acts
-// on individual metric families, it is the responsibility of the caller to
-// append this line to 'out' once all metric families have been written.
-// Conveniently, this can be done by calling FinalizeOpenMetrics.
-//
-// The output should be fully OpenMetrics compliant. However, there are a few
-// missing features and peculiarities to avoid complications when switching from
-// Prometheus to OpenMetrics or vice versa:
-//
-// - Counters are expected to have the `_total` suffix in their metric name. In
-//   the output, the suffix will be truncated from the `# TYPE` and `# HELP`
-//   line. A counter with a missing `_total` suffix is not an error. However,
-//   its type will be set to `unknown` in that case to avoid invalid OpenMetrics
-//   output.
-//
-// - No support for the following (optional) features: `# UNIT` line, `_created`
-//   line, info type, stateset type, gaugehistogram type.
-//
-// - The size of exemplar labels is not checked (i.e. it's possible to create
-//   exemplars that are larger than allowed by the OpenMetrics specification).
-//
-// - The value of Counters is not checked. (OpenMetrics doesn't allow counters
-//   with a `NaN` value.)
-func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int, err error) {
-	name := in.GetName()
-	if name == "" {
-		return 0, fmt.Errorf("MetricFamily has no name: %s", in)
-	}
-
-	// Try the interface upgrade. If it doesn't work, we'll use a
-	// bufio.Writer from the sync.Pool.
-	w, ok := out.(enhancedWriter)
-	if !ok {
-		b := bufPool.Get().(*bufio.Writer)
-		b.Reset(out)
-		w = b
-		defer func() {
-			bErr := b.Flush()
-			if err == nil {
-				err = bErr
-			}
-			bufPool.Put(b)
-		}()
-	}
-
-	var (
-		n          int
-		metricType = in.GetType()
-		shortName  = name
-	)
-	if metricType == dto.MetricType_COUNTER && strings.HasSuffix(shortName, "_total") {
-		shortName = name[:len(name)-6]
-	}
-
-	// Comments, first HELP, then TYPE.
-	if in.Help != nil {
-		n, err = w.WriteString("# HELP ")
-		written += n
-		if err != nil {
-			return
-		}
-		n, err = w.WriteString(shortName)
-		written += n
-		if err != nil {
-			return
-		}
-		err = w.WriteByte(' ')
-		written++
-		if err != nil {
-			return
-		}
-		n, err = writeEscapedString(w, *in.Help, true)
-		written += n
-		if err != nil {
-			return
-		}
-		err = w.WriteByte('\n')
-		written++
-		if err != nil {
-			return
-		}
-	}
-	n, err = w.WriteString("# TYPE ")
-	written += n
-	if err != nil {
-		return
-	}
-	n, err = w.WriteString(shortName)
-	written += n
-	if err != nil {
-		return
-	}
-	switch metricType {
-	case dto.MetricType_COUNTER:
-		if strings.HasSuffix(name, "_total") {
-			n, err = w.WriteString(" counter\n")
-		} else {
-			n, err = w.WriteString(" unknown\n")
-		}
-	case dto.MetricType_GAUGE:
-		n, err = w.WriteString(" gauge\n")
-	case dto.MetricType_SUMMARY:
-		n, err = w.WriteString(" summary\n")
-	case dto.MetricType_UNTYPED:
-		n, err = w.WriteString(" unknown\n")
-	case dto.MetricType_HISTOGRAM:
-		n, err = w.WriteString(" histogram\n")
-	default:
-		return written, fmt.Errorf("unknown metric type %s", metricType.String())
-	}
-	written += n
-	if err != nil {
-		return
-	}
-
-	// Finally the samples, one line for each.
-	for _, metric := range in.Metric {
-		switch metricType {
-		case dto.MetricType_COUNTER:
-			if metric.Counter == nil {
-				return written, fmt.Errorf(
-					"expected counter in metric %s %s", name, metric,
-				)
-			}
-			// Note that we have ensured above that either the name
-			// ends on `_total` or that the rendered type is
-			// `unknown`. Therefore, no `_total` must be added here.
-			n, err = writeOpenMetricsSample(
-				w, name, "", metric, "", 0,
-				metric.Counter.GetValue(), 0, false,
-				metric.Counter.Exemplar,
-			)
-		case dto.MetricType_GAUGE:
-			if metric.Gauge == nil {
-				return written, fmt.Errorf(
-					"expected gauge in metric %s %s", name, metric,
-				)
-			}
-			n, err = writeOpenMetricsSample(
-				w, name, "", metric, "", 0,
-				metric.Gauge.GetValue(), 0, false,
-				nil,
-			)
-		case dto.MetricType_UNTYPED:
-			if metric.Untyped == nil {
-				return written, fmt.Errorf(
-					"expected untyped in metric %s %s", name, metric,
-				)
-			}
-			n, err = writeOpenMetricsSample(
-				w, name, "", metric, "", 0,
-				metric.Untyped.GetValue(), 0, false,
-				nil,
-			)
-		case dto.MetricType_SUMMARY:
-			if metric.Summary == nil {
-				return written, fmt.Errorf(
-					"expected summary in metric %s %s", name, metric,
-				)
-			}
-			for _, q := range metric.Summary.Quantile {
-				n, err = writeOpenMetricsSample(
-					w, name, "", metric,
-					model.QuantileLabel, q.GetQuantile(),
-					q.GetValue(), 0, false,
-					nil,
-				)
-				written += n
-				if err != nil {
-					return
-				}
-			}
-			n, err = writeOpenMetricsSample(
-				w, name, "_sum", metric, "", 0,
-				metric.Summary.GetSampleSum(), 0, false,
-				nil,
-			)
-			written += n
-			if err != nil {
-				return
-			}
-			n, err = writeOpenMetricsSample(
-				w, name, "_count", metric, "", 0,
-				0, metric.Summary.GetSampleCount(), true,
-				nil,
-			)
-		case dto.MetricType_HISTOGRAM:
-			if metric.Histogram == nil {
-				return written, fmt.Errorf(
-					"expected histogram in metric %s %s", name, metric,
-				)
-			}
-			infSeen := false
-			for _, b := range metric.Histogram.Bucket {
-				n, err = writeOpenMetricsSample(
-					w, name, "_bucket", metric,
-					model.BucketLabel, b.GetUpperBound(),
-					0, b.GetCumulativeCount(), true,
-					b.Exemplar,
-				)
-				written += n
-				if err != nil {
-					return
-				}
-				if math.IsInf(b.GetUpperBound(), +1) {
-					infSeen = true
-				}
-			}
-			if !infSeen {
-				n, err = writeOpenMetricsSample(
-					w, name, "_bucket", metric,
-					model.BucketLabel, math.Inf(+1),
-					0, metric.Histogram.GetSampleCount(), true,
-					nil,
-				)
-				written += n
-				if err != nil {
-					return
-				}
-			}
-			n, err = writeOpenMetricsSample(
-				w, name, "_sum", metric, "", 0,
-				metric.Histogram.GetSampleSum(), 0, false,
-				nil,
-			)
-			written += n
-			if err != nil {
-				return
-			}
-			n, err = writeOpenMetricsSample(
-				w, name, "_count", metric, "", 0,
-				0, metric.Histogram.GetSampleCount(), true,
-				nil,
-			)
-		default:
-			return written, fmt.Errorf(
-				"unexpected type in metric %s %s", name, metric,
-			)
-		}
-		written += n
-		if err != nil {
-			return
-		}
-	}
-	return
-}
-
-// FinalizeOpenMetrics writes the final `# EOF\n` line required by OpenMetrics.
-func FinalizeOpenMetrics(w io.Writer) (written int, err error) {
-	return w.Write([]byte("# EOF\n"))
-}
-
-// writeOpenMetricsSample writes a single sample in OpenMetrics text format to
-// w, given the metric name, the metric proto message itself, optionally an
-// additional label name with a float64 value (use empty string as label name if
-// not required), the value (optionally as float64 or uint64, determined by
-// useIntValue), and optionally an exemplar (use nil if not required). The
-// function returns the number of bytes written and any error encountered.
-func writeOpenMetricsSample(
-	w enhancedWriter,
-	name, suffix string,
-	metric *dto.Metric,
-	additionalLabelName string, additionalLabelValue float64,
-	floatValue float64, intValue uint64, useIntValue bool,
-	exemplar *dto.Exemplar,
-) (int, error) {
-	var written int
-	n, err := w.WriteString(name)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	if suffix != "" {
-		n, err = w.WriteString(suffix)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	n, err = writeOpenMetricsLabelPairs(
-		w, metric.Label, additionalLabelName, additionalLabelValue,
-	)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	err = w.WriteByte(' ')
-	written++
-	if err != nil {
-		return written, err
-	}
-	if useIntValue {
-		n, err = writeUint(w, intValue)
-	} else {
-		n, err = writeOpenMetricsFloat(w, floatValue)
-	}
-	written += n
-	if err != nil {
-		return written, err
-	}
-	if metric.TimestampMs != nil {
-		err = w.WriteByte(' ')
-		written++
-		if err != nil {
-			return written, err
-		}
-		// TODO(beorn7): Format this directly without converting to a float first.
-		n, err = writeOpenMetricsFloat(w, float64(*metric.TimestampMs)/1000)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	if exemplar != nil {
-		n, err = writeExemplar(w, exemplar)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	err = w.WriteByte('\n')
-	written++
-	if err != nil {
-		return written, err
-	}
-	return written, nil
-}
-
-// writeOpenMetricsLabelPairs works like writeOpenMetrics but formats the float
-// in OpenMetrics style.
-func writeOpenMetricsLabelPairs(
-	w enhancedWriter,
-	in []*dto.LabelPair,
-	additionalLabelName string, additionalLabelValue float64,
-) (int, error) {
-	if len(in) == 0 && additionalLabelName == "" {
-		return 0, nil
-	}
-	var (
-		written   int
-		separator byte = '{'
-	)
-	for _, lp := range in {
-		err := w.WriteByte(separator)
-		written++
-		if err != nil {
-			return written, err
-		}
-		n, err := w.WriteString(lp.GetName())
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = w.WriteString(`="`)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = writeEscapedString(w, lp.GetValue(), true)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		err = w.WriteByte('"')
-		written++
-		if err != nil {
-			return written, err
-		}
-		separator = ','
-	}
-	if additionalLabelName != "" {
-		err := w.WriteByte(separator)
-		written++
-		if err != nil {
-			return written, err
-		}
-		n, err := w.WriteString(additionalLabelName)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = w.WriteString(`="`)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = writeOpenMetricsFloat(w, additionalLabelValue)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		err = w.WriteByte('"')
-		written++
-		if err != nil {
-			return written, err
-		}
-	}
-	err := w.WriteByte('}')
-	written++
-	if err != nil {
-		return written, err
-	}
-	return written, nil
-}
-
-// writeExemplar writes the provided exemplar in OpenMetrics format to w. The
-// function returns the number of bytes written and any error encountered.
-func writeExemplar(w enhancedWriter, e *dto.Exemplar) (int, error) {
-	written := 0
-	n, err := w.WriteString(" # ")
-	written += n
-	if err != nil {
-		return written, err
-	}
-	n, err = writeOpenMetricsLabelPairs(w, e.Label, "", 0)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	err = w.WriteByte(' ')
-	written++
-	if err != nil {
-		return written, err
-	}
-	n, err = writeOpenMetricsFloat(w, e.GetValue())
-	written += n
-	if err != nil {
-		return written, err
-	}
-	if e.Timestamp != nil {
-		err = w.WriteByte(' ')
-		written++
-		if err != nil {
-			return written, err
-		}
-		ts, err := ptypes.Timestamp((*e).Timestamp)
-		if err != nil {
-			return written, err
-		}
-		// TODO(beorn7): Format this directly from components of ts to
-		// avoid overflow/underflow and precision issues of the float
-		// conversion.
-		n, err = writeOpenMetricsFloat(w, float64(ts.UnixNano())/1e9)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	return written, nil
-}
-
-// writeOpenMetricsFloat works like writeFloat but appends ".0" if the resulting
-// number would otherwise contain neither a "." nor an "e".
-func writeOpenMetricsFloat(w enhancedWriter, f float64) (int, error) {
-	switch {
-	case f == 1:
-		return w.WriteString("1.0")
-	case f == 0:
-		return w.WriteString("0.0")
-	case f == -1:
-		return w.WriteString("-1.0")
-	case math.IsNaN(f):
-		return w.WriteString("NaN")
-	case math.IsInf(f, +1):
-		return w.WriteString("+Inf")
-	case math.IsInf(f, -1):
-		return w.WriteString("-Inf")
-	default:
-		bp := numBufPool.Get().(*[]byte)
-		*bp = strconv.AppendFloat((*bp)[:0], f, 'g', -1, 64)
-		if !bytes.ContainsAny(*bp, "e.") {
-			*bp = append(*bp, '.', '0')
-		}
-		written, err := w.Write(*bp)
-		numBufPool.Put(bp)
-		return written, err
-	}
-}
-
-// writeUint is like writeInt just for uint64.
-func writeUint(w enhancedWriter, u uint64) (int, error) {
-	bp := numBufPool.Get().(*[]byte)
-	*bp = strconv.AppendUint((*bp)[:0], u, 10)
-	written, err := w.Write(*bp)
-	numBufPool.Put(bp)
-	return written, err
-}
diff --git a/vendor/github.com/prometheus/common/expfmt/text_create.go b/vendor/github.com/prometheus/common/expfmt/text_create.go
deleted file mode 100644
index 5ba503b06..000000000
--- a/vendor/github.com/prometheus/common/expfmt/text_create.go
+++ /dev/null
@@ -1,465 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package expfmt
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"math"
-	"strconv"
-	"strings"
-	"sync"
-
-	"github.com/prometheus/common/model"
-
-	dto "github.com/prometheus/client_model/go"
-)
-
-// enhancedWriter has all the enhanced write functions needed here. bufio.Writer
-// implements it.
-type enhancedWriter interface {
-	io.Writer
-	WriteRune(r rune) (n int, err error)
-	WriteString(s string) (n int, err error)
-	WriteByte(c byte) error
-}
-
-const (
-	initialNumBufSize = 24
-)
-
-var (
-	bufPool = sync.Pool{
-		New: func() interface{} {
-			return bufio.NewWriter(ioutil.Discard)
-		},
-	}
-	numBufPool = sync.Pool{
-		New: func() interface{} {
-			b := make([]byte, 0, initialNumBufSize)
-			return &b
-		},
-	}
-)
-
-// MetricFamilyToText converts a MetricFamily proto message into text format and
-// writes the resulting lines to 'out'. It returns the number of bytes written
-// and any error encountered. The output will have the same order as the input,
-// no further sorting is performed. Furthermore, this function assumes the input
-// is already sanitized and does not perform any sanity checks. If the input
-// contains duplicate metrics or invalid metric or label names, the conversion
-// will result in invalid text format output.
-//
-// This method fulfills the type 'prometheus.encoder'.
-func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (written int, err error) {
-	// Fail-fast checks.
-	if len(in.Metric) == 0 {
-		return 0, fmt.Errorf("MetricFamily has no metrics: %s", in)
-	}
-	name := in.GetName()
-	if name == "" {
-		return 0, fmt.Errorf("MetricFamily has no name: %s", in)
-	}
-
-	// Try the interface upgrade. If it doesn't work, we'll use a
-	// bufio.Writer from the sync.Pool.
-	w, ok := out.(enhancedWriter)
-	if !ok {
-		b := bufPool.Get().(*bufio.Writer)
-		b.Reset(out)
-		w = b
-		defer func() {
-			bErr := b.Flush()
-			if err == nil {
-				err = bErr
-			}
-			bufPool.Put(b)
-		}()
-	}
-
-	var n int
-
-	// Comments, first HELP, then TYPE.
-	if in.Help != nil {
-		n, err = w.WriteString("# HELP ")
-		written += n
-		if err != nil {
-			return
-		}
-		n, err = w.WriteString(name)
-		written += n
-		if err != nil {
-			return
-		}
-		err = w.WriteByte(' ')
-		written++
-		if err != nil {
-			return
-		}
-		n, err = writeEscapedString(w, *in.Help, false)
-		written += n
-		if err != nil {
-			return
-		}
-		err = w.WriteByte('\n')
-		written++
-		if err != nil {
-			return
-		}
-	}
-	n, err = w.WriteString("# TYPE ")
-	written += n
-	if err != nil {
-		return
-	}
-	n, err = w.WriteString(name)
-	written += n
-	if err != nil {
-		return
-	}
-	metricType := in.GetType()
-	switch metricType {
-	case dto.MetricType_COUNTER:
-		n, err = w.WriteString(" counter\n")
-	case dto.MetricType_GAUGE:
-		n, err = w.WriteString(" gauge\n")
-	case dto.MetricType_SUMMARY:
-		n, err = w.WriteString(" summary\n")
-	case dto.MetricType_UNTYPED:
-		n, err = w.WriteString(" untyped\n")
-	case dto.MetricType_HISTOGRAM:
-		n, err = w.WriteString(" histogram\n")
-	default:
-		return written, fmt.Errorf("unknown metric type %s", metricType.String())
-	}
-	written += n
-	if err != nil {
-		return
-	}
-
-	// Finally the samples, one line for each.
-	for _, metric := range in.Metric {
-		switch metricType {
-		case dto.MetricType_COUNTER:
-			if metric.Counter == nil {
-				return written, fmt.Errorf(
-					"expected counter in metric %s %s", name, metric,
-				)
-			}
-			n, err = writeSample(
-				w, name, "", metric, "", 0,
-				metric.Counter.GetValue(),
-			)
-		case dto.MetricType_GAUGE:
-			if metric.Gauge == nil {
-				return written, fmt.Errorf(
-					"expected gauge in metric %s %s", name, metric,
-				)
-			}
-			n, err = writeSample(
-				w, name, "", metric, "", 0,
-				metric.Gauge.GetValue(),
-			)
-		case dto.MetricType_UNTYPED:
-			if metric.Untyped == nil {
-				return written, fmt.Errorf(
-					"expected untyped in metric %s %s", name, metric,
-				)
-			}
-			n, err = writeSample(
-				w, name, "", metric, "", 0,
-				metric.Untyped.GetValue(),
-			)
-		case dto.MetricType_SUMMARY:
-			if metric.Summary == nil {
-				return written, fmt.Errorf(
-					"expected summary in metric %s %s", name, metric,
-				)
-			}
-			for _, q := range metric.Summary.Quantile {
-				n, err = writeSample(
-					w, name, "", metric,
-					model.QuantileLabel, q.GetQuantile(),
-					q.GetValue(),
-				)
-				written += n
-				if err != nil {
-					return
-				}
-			}
-			n, err = writeSample(
-				w, name, "_sum", metric, "", 0,
-				metric.Summary.GetSampleSum(),
-			)
-			written += n
-			if err != nil {
-				return
-			}
-			n, err = writeSample(
-				w, name, "_count", metric, "", 0,
-				float64(metric.Summary.GetSampleCount()),
-			)
-		case dto.MetricType_HISTOGRAM:
-			if metric.Histogram == nil {
-				return written, fmt.Errorf(
-					"expected histogram in metric %s %s", name, metric,
-				)
-			}
-			infSeen := false
-			for _, b := range metric.Histogram.Bucket {
-				n, err = writeSample(
-					w, name, "_bucket", metric,
-					model.BucketLabel, b.GetUpperBound(),
-					float64(b.GetCumulativeCount()),
-				)
-				written += n
-				if err != nil {
-					return
-				}
-				if math.IsInf(b.GetUpperBound(), +1) {
-					infSeen = true
-				}
-			}
-			if !infSeen {
-				n, err = writeSample(
-					w, name, "_bucket", metric,
-					model.BucketLabel, math.Inf(+1),
-					float64(metric.Histogram.GetSampleCount()),
-				)
-				written += n
-				if err != nil {
-					return
-				}
-			}
-			n, err = writeSample(
-				w, name, "_sum", metric, "", 0,
-				metric.Histogram.GetSampleSum(),
-			)
-			written += n
-			if err != nil {
-				return
-			}
-			n, err = writeSample(
-				w, name, "_count", metric, "", 0,
-				float64(metric.Histogram.GetSampleCount()),
-			)
-		default:
-			return written, fmt.Errorf(
-				"unexpected type in metric %s %s", name, metric,
-			)
-		}
-		written += n
-		if err != nil {
-			return
-		}
-	}
-	return
-}
-
-// writeSample writes a single sample in text format to w, given the metric
-// name, the metric proto message itself, optionally an additional label name
-// with a float64 value (use empty string as label name if not required), and
-// the value. The function returns the number of bytes written and any error
-// encountered.
-func writeSample(
-	w enhancedWriter,
-	name, suffix string,
-	metric *dto.Metric,
-	additionalLabelName string, additionalLabelValue float64,
-	value float64,
-) (int, error) {
-	var written int
-	n, err := w.WriteString(name)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	if suffix != "" {
-		n, err = w.WriteString(suffix)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	n, err = writeLabelPairs(
-		w, metric.Label, additionalLabelName, additionalLabelValue,
-	)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	err = w.WriteByte(' ')
-	written++
-	if err != nil {
-		return written, err
-	}
-	n, err = writeFloat(w, value)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	if metric.TimestampMs != nil {
-		err = w.WriteByte(' ')
-		written++
-		if err != nil {
-			return written, err
-		}
-		n, err = writeInt(w, *metric.TimestampMs)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	err = w.WriteByte('\n')
-	written++
-	if err != nil {
-		return written, err
-	}
-	return written, nil
-}
-
-// writeLabelPairs converts a slice of LabelPair proto messages plus the
-// explicitly given additional label pair into text formatted as required by the
-// text format and writes it to 'w'. An empty slice in combination with an empty
-// string 'additionalLabelName' results in nothing being written. Otherwise, the
-// label pairs are written, escaped as required by the text format, and enclosed
-// in '{...}'. The function returns the number of bytes written and any error
-// encountered.
-func writeLabelPairs(
-	w enhancedWriter,
-	in []*dto.LabelPair,
-	additionalLabelName string, additionalLabelValue float64,
-) (int, error) {
-	if len(in) == 0 && additionalLabelName == "" {
-		return 0, nil
-	}
-	var (
-		written   int
-		separator byte = '{'
-	)
-	for _, lp := range in {
-		err := w.WriteByte(separator)
-		written++
-		if err != nil {
-			return written, err
-		}
-		n, err := w.WriteString(lp.GetName())
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = w.WriteString(`="`)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = writeEscapedString(w, lp.GetValue(), true)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		err = w.WriteByte('"')
-		written++
-		if err != nil {
-			return written, err
-		}
-		separator = ','
-	}
-	if additionalLabelName != "" {
-		err := w.WriteByte(separator)
-		written++
-		if err != nil {
-			return written, err
-		}
-		n, err := w.WriteString(additionalLabelName)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = w.WriteString(`="`)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		n, err = writeFloat(w, additionalLabelValue)
-		written += n
-		if err != nil {
-			return written, err
-		}
-		err = w.WriteByte('"')
-		written++
-		if err != nil {
-			return written, err
-		}
-	}
-	err := w.WriteByte('}')
-	written++
-	if err != nil {
-		return written, err
-	}
-	return written, nil
-}
-
-// writeEscapedString replaces '\' by '\\', new line character by '\n', and - if
-// includeDoubleQuote is true - '"' by '\"'.
-var (
-	escaper       = strings.NewReplacer("\\", `\\`, "\n", `\n`)
-	quotedEscaper = strings.NewReplacer("\\", `\\`, "\n", `\n`, "\"", `\"`)
-)
-
-func writeEscapedString(w enhancedWriter, v string, includeDoubleQuote bool) (int, error) {
-	if includeDoubleQuote {
-		return quotedEscaper.WriteString(w, v)
-	}
-	return escaper.WriteString(w, v)
-}
-
-// writeFloat is equivalent to fmt.Fprint with a float64 argument but hardcodes
-// a few common cases for increased efficiency. For non-hardcoded cases, it uses
-// strconv.AppendFloat to avoid allocations, similar to writeInt.
-func writeFloat(w enhancedWriter, f float64) (int, error) {
-	switch {
-	case f == 1:
-		return 1, w.WriteByte('1')
-	case f == 0:
-		return 1, w.WriteByte('0')
-	case f == -1:
-		return w.WriteString("-1")
-	case math.IsNaN(f):
-		return w.WriteString("NaN")
-	case math.IsInf(f, +1):
-		return w.WriteString("+Inf")
-	case math.IsInf(f, -1):
-		return w.WriteString("-Inf")
-	default:
-		bp := numBufPool.Get().(*[]byte)
-		*bp = strconv.AppendFloat((*bp)[:0], f, 'g', -1, 64)
-		written, err := w.Write(*bp)
-		numBufPool.Put(bp)
-		return written, err
-	}
-}
-
-// writeInt is equivalent to fmt.Fprint with an int64 argument but uses
-// strconv.AppendInt with a byte slice taken from a sync.Pool to avoid
-// allocations.
-func writeInt(w enhancedWriter, i int64) (int, error) {
-	bp := numBufPool.Get().(*[]byte)
-	*bp = strconv.AppendInt((*bp)[:0], i, 10)
-	written, err := w.Write(*bp)
-	numBufPool.Put(bp)
-	return written, err
-}
diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go
deleted file mode 100644
index 84be0643e..000000000
--- a/vendor/github.com/prometheus/common/expfmt/text_parse.go
+++ /dev/null
@@ -1,775 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package expfmt
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"math"
-	"strconv"
-	"strings"
-
-	dto "github.com/prometheus/client_model/go"
-
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/prometheus/common/model"
-)
-
-// A stateFn is a function that represents a state in a state machine. By
-// executing it, the state is progressed to the next state. The stateFn returns
-// another stateFn, which represents the new state. The end state is represented
-// by nil.
-type stateFn func() stateFn
-
-// ParseError signals errors while parsing the simple and flat text-based
-// exchange format.
-type ParseError struct {
-	Line int
-	Msg  string
-}
-
-// Error implements the error interface.
-func (e ParseError) Error() string {
-	return fmt.Sprintf("text format parsing error in line %d: %s", e.Line, e.Msg)
-}
-
-// TextParser is used to parse the simple and flat text-based exchange format. Its
-// zero value is ready to use.
-type TextParser struct {
-	metricFamiliesByName map[string]*dto.MetricFamily
-	buf                  *bufio.Reader // Where the parsed input is read through.
-	err                  error         // Most recent error.
-	lineCount            int           // Tracks the line count for error messages.
-	currentByte          byte          // The most recent byte read.
-	currentToken         bytes.Buffer  // Re-used each time a token has to be gathered from multiple bytes.
-	currentMF            *dto.MetricFamily
-	currentMetric        *dto.Metric
-	currentLabelPair     *dto.LabelPair
-
-	// The remaining member variables are only used for summaries/histograms.
-	currentLabels map[string]string // All labels including '__name__' but excluding 'quantile'/'le'
-	// Summary specific.
-	summaries       map[uint64]*dto.Metric // Key is created with LabelsToSignature.
-	currentQuantile float64
-	// Histogram specific.
-	histograms    map[uint64]*dto.Metric // Key is created with LabelsToSignature.
-	currentBucket float64
-	// These tell us if the currently processed line ends on '_count' or
-	// '_sum' respectively and belong to a summary/histogram, representing the sample
-	// count and sum of that summary/histogram.
-	currentIsSummaryCount, currentIsSummarySum     bool
-	currentIsHistogramCount, currentIsHistogramSum bool
-}
-
-// TextToMetricFamilies reads 'in' as the simple and flat text-based exchange
-// format and creates MetricFamily proto messages. It returns the MetricFamily
-// proto messages in a map where the metric names are the keys, along with any
-// error encountered.
-//
-// If the input contains duplicate metrics (i.e. lines with the same metric name
-// and exactly the same label set), the resulting MetricFamily will contain
-// duplicate Metric proto messages. Similar is true for duplicate label
-// names. Checks for duplicates have to be performed separately, if required.
-// Also note that neither the metrics within each MetricFamily are sorted nor
-// the label pairs within each Metric. Sorting is not required for the most
-// frequent use of this method, which is sample ingestion in the Prometheus
-// server. However, for presentation purposes, you might want to sort the
-// metrics, and in some cases, you must sort the labels, e.g. for consumption by
-// the metric family injection hook of the Prometheus registry.
-//
-// Summaries and histograms are rather special beasts. You would probably not
-// use them in the simple text format anyway. This method can deal with
-// summaries and histograms if they are presented in exactly the way the
-// text.Create function creates them.
-//
-// This method must not be called concurrently. If you want to parse different
-// input concurrently, instantiate a separate Parser for each goroutine.
-func (p *TextParser) TextToMetricFamilies(in io.Reader) (map[string]*dto.MetricFamily, error) {
-	p.reset(in)
-	for nextState := p.startOfLine; nextState != nil; nextState = nextState() {
-		// Magic happens here...
-	}
-	// Get rid of empty metric families.
-	for k, mf := range p.metricFamiliesByName {
-		if len(mf.GetMetric()) == 0 {
-			delete(p.metricFamiliesByName, k)
-		}
-	}
-	// If p.err is io.EOF now, we have run into a premature end of the input
-	// stream. Turn this error into something nicer and more
-	// meaningful. (io.EOF is often used as a signal for the legitimate end
-	// of an input stream.)
-	if p.err == io.EOF {
-		p.parseError("unexpected end of input stream")
-	}
-	return p.metricFamiliesByName, p.err
-}
-
-func (p *TextParser) reset(in io.Reader) {
-	p.metricFamiliesByName = map[string]*dto.MetricFamily{}
-	if p.buf == nil {
-		p.buf = bufio.NewReader(in)
-	} else {
-		p.buf.Reset(in)
-	}
-	p.err = nil
-	p.lineCount = 0
-	if p.summaries == nil || len(p.summaries) > 0 {
-		p.summaries = map[uint64]*dto.Metric{}
-	}
-	if p.histograms == nil || len(p.histograms) > 0 {
-		p.histograms = map[uint64]*dto.Metric{}
-	}
-	p.currentQuantile = math.NaN()
-	p.currentBucket = math.NaN()
-}
-
-// startOfLine represents the state where the next byte read from p.buf is the
-// start of a line (or whitespace leading up to it).
-func (p *TextParser) startOfLine() stateFn {
-	p.lineCount++
-	if p.skipBlankTab(); p.err != nil {
-		// End of input reached. This is the only case where
-		// that is not an error but a signal that we are done.
-		p.err = nil
-		return nil
-	}
-	switch p.currentByte {
-	case '#':
-		return p.startComment
-	case '\n':
-		return p.startOfLine // Empty line, start the next one.
-	}
-	return p.readingMetricName
-}
-
-// startComment represents the state where the next byte read from p.buf is the
-// start of a comment (or whitespace leading up to it).
-func (p *TextParser) startComment() stateFn {
-	if p.skipBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentByte == '\n' {
-		return p.startOfLine
-	}
-	if p.readTokenUntilWhitespace(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	// If we have hit the end of line already, there is nothing left
-	// to do. This is not considered a syntax error.
-	if p.currentByte == '\n' {
-		return p.startOfLine
-	}
-	keyword := p.currentToken.String()
-	if keyword != "HELP" && keyword != "TYPE" {
-		// Generic comment, ignore by fast forwarding to end of line.
-		for p.currentByte != '\n' {
-			if p.currentByte, p.err = p.buf.ReadByte(); p.err != nil {
-				return nil // Unexpected end of input.
-			}
-		}
-		return p.startOfLine
-	}
-	// There is something. Next has to be a metric name.
-	if p.skipBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.readTokenAsMetricName(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentByte == '\n' {
-		// At the end of the line already.
-		// Again, this is not considered a syntax error.
-		return p.startOfLine
-	}
-	if !isBlankOrTab(p.currentByte) {
-		p.parseError("invalid metric name in comment")
-		return nil
-	}
-	p.setOrCreateCurrentMF()
-	if p.skipBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentByte == '\n' {
-		// At the end of the line already.
-		// Again, this is not considered a syntax error.
-		return p.startOfLine
-	}
-	switch keyword {
-	case "HELP":
-		return p.readingHelp
-	case "TYPE":
-		return p.readingType
-	}
-	panic(fmt.Sprintf("code error: unexpected keyword %q", keyword))
-}
-
-// readingMetricName represents the state where the last byte read (now in
-// p.currentByte) is the first byte of a metric name.
-func (p *TextParser) readingMetricName() stateFn {
-	if p.readTokenAsMetricName(); p.err != nil {
-		return nil
-	}
-	if p.currentToken.Len() == 0 {
-		p.parseError("invalid metric name")
-		return nil
-	}
-	p.setOrCreateCurrentMF()
-	// Now is the time to fix the type if it hasn't happened yet.
-	if p.currentMF.Type == nil {
-		p.currentMF.Type = dto.MetricType_UNTYPED.Enum()
-	}
-	p.currentMetric = &dto.Metric{}
-	// Do not append the newly created currentMetric to
-	// currentMF.Metric right now. First wait if this is a summary,
-	// and the metric exists already, which we can only know after
-	// having read all the labels.
-	if p.skipBlankTabIfCurrentBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	return p.readingLabels
-}
-
-// readingLabels represents the state where the last byte read (now in
-// p.currentByte) is either the first byte of the label set (i.e. a '{'), or the
-// first byte of the value (otherwise).
-func (p *TextParser) readingLabels() stateFn {
-	// Summaries/histograms are special. We have to reset the
-	// currentLabels map, currentQuantile and currentBucket before starting to
-	// read labels.
-	if p.currentMF.GetType() == dto.MetricType_SUMMARY || p.currentMF.GetType() == dto.MetricType_HISTOGRAM {
-		p.currentLabels = map[string]string{}
-		p.currentLabels[string(model.MetricNameLabel)] = p.currentMF.GetName()
-		p.currentQuantile = math.NaN()
-		p.currentBucket = math.NaN()
-	}
-	if p.currentByte != '{' {
-		return p.readingValue
-	}
-	return p.startLabelName
-}
-
-// startLabelName represents the state where the next byte read from p.buf is
-// the start of a label name (or whitespace leading up to it).
-func (p *TextParser) startLabelName() stateFn {
-	if p.skipBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentByte == '}' {
-		if p.skipBlankTab(); p.err != nil {
-			return nil // Unexpected end of input.
-		}
-		return p.readingValue
-	}
-	if p.readTokenAsLabelName(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentToken.Len() == 0 {
-		p.parseError(fmt.Sprintf("invalid label name for metric %q", p.currentMF.GetName()))
-		return nil
-	}
-	p.currentLabelPair = &dto.LabelPair{Name: proto.String(p.currentToken.String())}
-	if p.currentLabelPair.GetName() == string(model.MetricNameLabel) {
-		p.parseError(fmt.Sprintf("label name %q is reserved", model.MetricNameLabel))
-		return nil
-	}
-	// Special summary/histogram treatment. Don't add 'quantile' and 'le'
-	// labels to 'real' labels.
-	if !(p.currentMF.GetType() == dto.MetricType_SUMMARY && p.currentLabelPair.GetName() == model.QuantileLabel) &&
-		!(p.currentMF.GetType() == dto.MetricType_HISTOGRAM && p.currentLabelPair.GetName() == model.BucketLabel) {
-		p.currentMetric.Label = append(p.currentMetric.Label, p.currentLabelPair)
-	}
-	if p.skipBlankTabIfCurrentBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentByte != '=' {
-		p.parseError(fmt.Sprintf("expected '=' after label name, found %q", p.currentByte))
-		return nil
-	}
-	// Check for duplicate label names.
-	labels := make(map[string]struct{})
-	for _, l := range p.currentMetric.Label {
-		lName := l.GetName()
-		if _, exists := labels[lName]; !exists {
-			labels[lName] = struct{}{}
-		} else {
-			p.parseError(fmt.Sprintf("duplicate label names for metric %q", p.currentMF.GetName()))
-			return nil
-		}
-	}
-	return p.startLabelValue
-}
-
-// startLabelValue represents the state where the next byte read from p.buf is
-// the start of a (quoted) label value (or whitespace leading up to it).
-func (p *TextParser) startLabelValue() stateFn {
-	if p.skipBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentByte != '"' {
-		p.parseError(fmt.Sprintf("expected '\"' at start of label value, found %q", p.currentByte))
-		return nil
-	}
-	if p.readTokenAsLabelValue(); p.err != nil {
-		return nil
-	}
-	if !model.LabelValue(p.currentToken.String()).IsValid() {
-		p.parseError(fmt.Sprintf("invalid label value %q", p.currentToken.String()))
-		return nil
-	}
-	p.currentLabelPair.Value = proto.String(p.currentToken.String())
-	// Special treatment of summaries:
-	// - Quantile labels are special, will result in dto.Quantile later.
-	// - Other labels have to be added to currentLabels for signature calculation.
-	if p.currentMF.GetType() == dto.MetricType_SUMMARY {
-		if p.currentLabelPair.GetName() == model.QuantileLabel {
-			if p.currentQuantile, p.err = parseFloat(p.currentLabelPair.GetValue()); p.err != nil {
-				// Create a more helpful error message.
-				p.parseError(fmt.Sprintf("expected float as value for 'quantile' label, got %q", p.currentLabelPair.GetValue()))
-				return nil
-			}
-		} else {
-			p.currentLabels[p.currentLabelPair.GetName()] = p.currentLabelPair.GetValue()
-		}
-	}
-	// Similar special treatment of histograms.
-	if p.currentMF.GetType() == dto.MetricType_HISTOGRAM {
-		if p.currentLabelPair.GetName() == model.BucketLabel {
-			if p.currentBucket, p.err = parseFloat(p.currentLabelPair.GetValue()); p.err != nil {
-				// Create a more helpful error message.
-				p.parseError(fmt.Sprintf("expected float as value for 'le' label, got %q", p.currentLabelPair.GetValue()))
-				return nil
-			}
-		} else {
-			p.currentLabels[p.currentLabelPair.GetName()] = p.currentLabelPair.GetValue()
-		}
-	}
-	if p.skipBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	switch p.currentByte {
-	case ',':
-		return p.startLabelName
-
-	case '}':
-		if p.skipBlankTab(); p.err != nil {
-			return nil // Unexpected end of input.
-		}
-		return p.readingValue
-	default:
-		p.parseError(fmt.Sprintf("unexpected end of label value %q", p.currentLabelPair.GetValue()))
-		return nil
-	}
-}
-
-// readingValue represents the state where the last byte read (now in
-// p.currentByte) is the first byte of the sample value (i.e. a float).
-func (p *TextParser) readingValue() stateFn {
-	// When we are here, we have read all the labels, so for the
-	// special case of a summary/histogram, we can finally find out
-	// if the metric already exists.
-	if p.currentMF.GetType() == dto.MetricType_SUMMARY {
-		signature := model.LabelsToSignature(p.currentLabels)
-		if summary := p.summaries[signature]; summary != nil {
-			p.currentMetric = summary
-		} else {
-			p.summaries[signature] = p.currentMetric
-			p.currentMF.Metric = append(p.currentMF.Metric, p.currentMetric)
-		}
-	} else if p.currentMF.GetType() == dto.MetricType_HISTOGRAM {
-		signature := model.LabelsToSignature(p.currentLabels)
-		if histogram := p.histograms[signature]; histogram != nil {
-			p.currentMetric = histogram
-		} else {
-			p.histograms[signature] = p.currentMetric
-			p.currentMF.Metric = append(p.currentMF.Metric, p.currentMetric)
-		}
-	} else {
-		p.currentMF.Metric = append(p.currentMF.Metric, p.currentMetric)
-	}
-	if p.readTokenUntilWhitespace(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	value, err := parseFloat(p.currentToken.String())
-	if err != nil {
-		// Create a more helpful error message.
-		p.parseError(fmt.Sprintf("expected float as value, got %q", p.currentToken.String()))
-		return nil
-	}
-	switch p.currentMF.GetType() {
-	case dto.MetricType_COUNTER:
-		p.currentMetric.Counter = &dto.Counter{Value: proto.Float64(value)}
-	case dto.MetricType_GAUGE:
-		p.currentMetric.Gauge = &dto.Gauge{Value: proto.Float64(value)}
-	case dto.MetricType_UNTYPED:
-		p.currentMetric.Untyped = &dto.Untyped{Value: proto.Float64(value)}
-	case dto.MetricType_SUMMARY:
-		// *sigh*
-		if p.currentMetric.Summary == nil {
-			p.currentMetric.Summary = &dto.Summary{}
-		}
-		switch {
-		case p.currentIsSummaryCount:
-			p.currentMetric.Summary.SampleCount = proto.Uint64(uint64(value))
-		case p.currentIsSummarySum:
-			p.currentMetric.Summary.SampleSum = proto.Float64(value)
-		case !math.IsNaN(p.currentQuantile):
-			p.currentMetric.Summary.Quantile = append(
-				p.currentMetric.Summary.Quantile,
-				&dto.Quantile{
-					Quantile: proto.Float64(p.currentQuantile),
-					Value:    proto.Float64(value),
-				},
-			)
-		}
-	case dto.MetricType_HISTOGRAM:
-		// *sigh*
-		if p.currentMetric.Histogram == nil {
-			p.currentMetric.Histogram = &dto.Histogram{}
-		}
-		switch {
-		case p.currentIsHistogramCount:
-			p.currentMetric.Histogram.SampleCount = proto.Uint64(uint64(value))
-		case p.currentIsHistogramSum:
-			p.currentMetric.Histogram.SampleSum = proto.Float64(value)
-		case !math.IsNaN(p.currentBucket):
-			p.currentMetric.Histogram.Bucket = append(
-				p.currentMetric.Histogram.Bucket,
-				&dto.Bucket{
-					UpperBound:      proto.Float64(p.currentBucket),
-					CumulativeCount: proto.Uint64(uint64(value)),
-				},
-			)
-		}
-	default:
-		p.err = fmt.Errorf("unexpected type for metric name %q", p.currentMF.GetName())
-	}
-	if p.currentByte == '\n' {
-		return p.startOfLine
-	}
-	return p.startTimestamp
-}
-
-// startTimestamp represents the state where the next byte read from p.buf is
-// the start of the timestamp (or whitespace leading up to it).
-func (p *TextParser) startTimestamp() stateFn {
-	if p.skipBlankTab(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.readTokenUntilWhitespace(); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	timestamp, err := strconv.ParseInt(p.currentToken.String(), 10, 64)
-	if err != nil {
-		// Create a more helpful error message.
-		p.parseError(fmt.Sprintf("expected integer as timestamp, got %q", p.currentToken.String()))
-		return nil
-	}
-	p.currentMetric.TimestampMs = proto.Int64(timestamp)
-	if p.readTokenUntilNewline(false); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	if p.currentToken.Len() > 0 {
-		p.parseError(fmt.Sprintf("spurious string after timestamp: %q", p.currentToken.String()))
-		return nil
-	}
-	return p.startOfLine
-}
-
-// readingHelp represents the state where the last byte read (now in
-// p.currentByte) is the first byte of the docstring after 'HELP'.
-func (p *TextParser) readingHelp() stateFn {
-	if p.currentMF.Help != nil {
-		p.parseError(fmt.Sprintf("second HELP line for metric name %q", p.currentMF.GetName()))
-		return nil
-	}
-	// Rest of line is the docstring.
-	if p.readTokenUntilNewline(true); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	p.currentMF.Help = proto.String(p.currentToken.String())
-	return p.startOfLine
-}
-
-// readingType represents the state where the last byte read (now in
-// p.currentByte) is the first byte of the type hint after 'HELP'.
-func (p *TextParser) readingType() stateFn {
-	if p.currentMF.Type != nil {
-		p.parseError(fmt.Sprintf("second TYPE line for metric name %q, or TYPE reported after samples", p.currentMF.GetName()))
-		return nil
-	}
-	// Rest of line is the type.
-	if p.readTokenUntilNewline(false); p.err != nil {
-		return nil // Unexpected end of input.
-	}
-	metricType, ok := dto.MetricType_value[strings.ToUpper(p.currentToken.String())]
-	if !ok {
-		p.parseError(fmt.Sprintf("unknown metric type %q", p.currentToken.String()))
-		return nil
-	}
-	p.currentMF.Type = dto.MetricType(metricType).Enum()
-	return p.startOfLine
-}
-
-// parseError sets p.err to a ParseError at the current line with the given
-// message.
-func (p *TextParser) parseError(msg string) {
-	p.err = ParseError{
-		Line: p.lineCount,
-		Msg:  msg,
-	}
-}
-
-// skipBlankTab reads (and discards) bytes from p.buf until it encounters a byte
-// that is neither ' ' nor '\t'. That byte is left in p.currentByte.
-func (p *TextParser) skipBlankTab() {
-	for {
-		if p.currentByte, p.err = p.buf.ReadByte(); p.err != nil || !isBlankOrTab(p.currentByte) {
-			return
-		}
-	}
-}
-
-// skipBlankTabIfCurrentBlankTab works exactly as skipBlankTab but doesn't do
-// anything if p.currentByte is neither ' ' nor '\t'.
-func (p *TextParser) skipBlankTabIfCurrentBlankTab() {
-	if isBlankOrTab(p.currentByte) {
-		p.skipBlankTab()
-	}
-}
-
-// readTokenUntilWhitespace copies bytes from p.buf into p.currentToken.  The
-// first byte considered is the byte already read (now in p.currentByte).  The
-// first whitespace byte encountered is still copied into p.currentByte, but not
-// into p.currentToken.
-func (p *TextParser) readTokenUntilWhitespace() {
-	p.currentToken.Reset()
-	for p.err == nil && !isBlankOrTab(p.currentByte) && p.currentByte != '\n' {
-		p.currentToken.WriteByte(p.currentByte)
-		p.currentByte, p.err = p.buf.ReadByte()
-	}
-}
-
-// readTokenUntilNewline copies bytes from p.buf into p.currentToken.  The first
-// byte considered is the byte already read (now in p.currentByte).  The first
-// newline byte encountered is still copied into p.currentByte, but not into
-// p.currentToken. If recognizeEscapeSequence is true, two escape sequences are
-// recognized: '\\' translates into '\', and '\n' into a line-feed character.
-// All other escape sequences are invalid and cause an error.
-func (p *TextParser) readTokenUntilNewline(recognizeEscapeSequence bool) {
-	p.currentToken.Reset()
-	escaped := false
-	for p.err == nil {
-		if recognizeEscapeSequence && escaped {
-			switch p.currentByte {
-			case '\\':
-				p.currentToken.WriteByte(p.currentByte)
-			case 'n':
-				p.currentToken.WriteByte('\n')
-			default:
-				p.parseError(fmt.Sprintf("invalid escape sequence '\\%c'", p.currentByte))
-				return
-			}
-			escaped = false
-		} else {
-			switch p.currentByte {
-			case '\n':
-				return
-			case '\\':
-				escaped = true
-			default:
-				p.currentToken.WriteByte(p.currentByte)
-			}
-		}
-		p.currentByte, p.err = p.buf.ReadByte()
-	}
-}
-
-// readTokenAsMetricName copies a metric name from p.buf into p.currentToken.
-// The first byte considered is the byte already read (now in p.currentByte).
-// The first byte not part of a metric name is still copied into p.currentByte,
-// but not into p.currentToken.
-func (p *TextParser) readTokenAsMetricName() {
-	p.currentToken.Reset()
-	if !isValidMetricNameStart(p.currentByte) {
-		return
-	}
-	for {
-		p.currentToken.WriteByte(p.currentByte)
-		p.currentByte, p.err = p.buf.ReadByte()
-		if p.err != nil || !isValidMetricNameContinuation(p.currentByte) {
-			return
-		}
-	}
-}
-
-// readTokenAsLabelName copies a label name from p.buf into p.currentToken.
-// The first byte considered is the byte already read (now in p.currentByte).
-// The first byte not part of a label name is still copied into p.currentByte,
-// but not into p.currentToken.
-func (p *TextParser) readTokenAsLabelName() {
-	p.currentToken.Reset()
-	if !isValidLabelNameStart(p.currentByte) {
-		return
-	}
-	for {
-		p.currentToken.WriteByte(p.currentByte)
-		p.currentByte, p.err = p.buf.ReadByte()
-		if p.err != nil || !isValidLabelNameContinuation(p.currentByte) {
-			return
-		}
-	}
-}
-
-// readTokenAsLabelValue copies a label value from p.buf into p.currentToken.
-// In contrast to the other 'readTokenAs...' functions, which start with the
-// last read byte in p.currentByte, this method ignores p.currentByte and starts
-// with reading a new byte from p.buf. The first byte not part of a label value
-// is still copied into p.currentByte, but not into p.currentToken.
-func (p *TextParser) readTokenAsLabelValue() {
-	p.currentToken.Reset()
-	escaped := false
-	for {
-		if p.currentByte, p.err = p.buf.ReadByte(); p.err != nil {
-			return
-		}
-		if escaped {
-			switch p.currentByte {
-			case '"', '\\':
-				p.currentToken.WriteByte(p.currentByte)
-			case 'n':
-				p.currentToken.WriteByte('\n')
-			default:
-				p.parseError(fmt.Sprintf("invalid escape sequence '\\%c'", p.currentByte))
-				return
-			}
-			escaped = false
-			continue
-		}
-		switch p.currentByte {
-		case '"':
-			return
-		case '\n':
-			p.parseError(fmt.Sprintf("label value %q contains unescaped new-line", p.currentToken.String()))
-			return
-		case '\\':
-			escaped = true
-		default:
-			p.currentToken.WriteByte(p.currentByte)
-		}
-	}
-}
-
-func (p *TextParser) setOrCreateCurrentMF() {
-	p.currentIsSummaryCount = false
-	p.currentIsSummarySum = false
-	p.currentIsHistogramCount = false
-	p.currentIsHistogramSum = false
-	name := p.currentToken.String()
-	if p.currentMF = p.metricFamiliesByName[name]; p.currentMF != nil {
-		return
-	}
-	// Try out if this is a _sum or _count for a summary/histogram.
-	summaryName := summaryMetricName(name)
-	if p.currentMF = p.metricFamiliesByName[summaryName]; p.currentMF != nil {
-		if p.currentMF.GetType() == dto.MetricType_SUMMARY {
-			if isCount(name) {
-				p.currentIsSummaryCount = true
-			}
-			if isSum(name) {
-				p.currentIsSummarySum = true
-			}
-			return
-		}
-	}
-	histogramName := histogramMetricName(name)
-	if p.currentMF = p.metricFamiliesByName[histogramName]; p.currentMF != nil {
-		if p.currentMF.GetType() == dto.MetricType_HISTOGRAM {
-			if isCount(name) {
-				p.currentIsHistogramCount = true
-			}
-			if isSum(name) {
-				p.currentIsHistogramSum = true
-			}
-			return
-		}
-	}
-	p.currentMF = &dto.MetricFamily{Name: proto.String(name)}
-	p.metricFamiliesByName[name] = p.currentMF
-}
-
-func isValidLabelNameStart(b byte) bool {
-	return (b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_'
-}
-
-func isValidLabelNameContinuation(b byte) bool {
-	return isValidLabelNameStart(b) || (b >= '0' && b <= '9')
-}
-
-func isValidMetricNameStart(b byte) bool {
-	return isValidLabelNameStart(b) || b == ':'
-}
-
-func isValidMetricNameContinuation(b byte) bool {
-	return isValidLabelNameContinuation(b) || b == ':'
-}
-
-func isBlankOrTab(b byte) bool {
-	return b == ' ' || b == '\t'
-}
-
-func isCount(name string) bool {
-	return len(name) > 6 && name[len(name)-6:] == "_count"
-}
-
-func isSum(name string) bool {
-	return len(name) > 4 && name[len(name)-4:] == "_sum"
-}
-
-func isBucket(name string) bool {
-	return len(name) > 7 && name[len(name)-7:] == "_bucket"
-}
-
-func summaryMetricName(name string) string {
-	switch {
-	case isCount(name):
-		return name[:len(name)-6]
-	case isSum(name):
-		return name[:len(name)-4]
-	default:
-		return name
-	}
-}
-
-func histogramMetricName(name string) string {
-	switch {
-	case isCount(name):
-		return name[:len(name)-6]
-	case isSum(name):
-		return name[:len(name)-4]
-	case isBucket(name):
-		return name[:len(name)-7]
-	default:
-		return name
-	}
-}
-
-func parseFloat(s string) (float64, error) {
-	if strings.ContainsAny(s, "pP_") {
-		return 0, fmt.Errorf("unsupported character in float")
-	}
-	return strconv.ParseFloat(s, 64)
-}
diff --git a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt b/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt
deleted file mode 100644
index 7723656d5..000000000
--- a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt
+++ /dev/null
@@ -1,67 +0,0 @@
-PACKAGE
-
-package goautoneg
-import "bitbucket.org/ww/goautoneg"
-
-HTTP Content-Type Autonegotiation.
-
-The functions in this package implement the behaviour specified in
-http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
-
-Copyright (c) 2011, Open Knowledge Foundation Ltd.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    Redistributions of source code must retain the above copyright
-    notice, this list of conditions and the following disclaimer.
-
-    Redistributions in binary form must reproduce the above copyright
-    notice, this list of conditions and the following disclaimer in
-    the documentation and/or other materials provided with the
-    distribution.
-
-    Neither the name of the Open Knowledge Foundation Ltd. nor the
-    names of its contributors may be used to endorse or promote
-    products derived from this software without specific prior written
-    permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-FUNCTIONS
-
-func Negotiate(header string, alternatives []string) (content_type string)
-Negotiate the most appropriate content_type given the accept header
-and a list of alternatives.
-
-func ParseAccept(header string) (accept []Accept)
-Parse an Accept Header string returning a sorted list
-of clauses
-
-
-TYPES
-
-type Accept struct {
-    Type, SubType string
-    Q             float32
-    Params        map[string]string
-}
-Structure to represent a clause in an HTTP Accept Header
-
-
-SUBDIRECTORIES
-
-	.hg
diff --git a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go b/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go
deleted file mode 100644
index 26e92288c..000000000
--- a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
-Copyright (c) 2011, Open Knowledge Foundation Ltd.
-All rights reserved.
-
-HTTP Content-Type Autonegotiation.
-
-The functions in this package implement the behaviour specified in
-http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    Redistributions of source code must retain the above copyright
-    notice, this list of conditions and the following disclaimer.
-
-    Redistributions in binary form must reproduce the above copyright
-    notice, this list of conditions and the following disclaimer in
-    the documentation and/or other materials provided with the
-    distribution.
-
-    Neither the name of the Open Knowledge Foundation Ltd. nor the
-    names of its contributors may be used to endorse or promote
-    products derived from this software without specific prior written
-    permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-*/
-package goautoneg
-
-import (
-	"sort"
-	"strconv"
-	"strings"
-)
-
-// Structure to represent a clause in an HTTP Accept Header
-type Accept struct {
-	Type, SubType string
-	Q             float64
-	Params        map[string]string
-}
-
-// For internal use, so that we can use the sort interface
-type accept_slice []Accept
-
-func (accept accept_slice) Len() int {
-	slice := []Accept(accept)
-	return len(slice)
-}
-
-func (accept accept_slice) Less(i, j int) bool {
-	slice := []Accept(accept)
-	ai, aj := slice[i], slice[j]
-	if ai.Q > aj.Q {
-		return true
-	}
-	if ai.Type != "*" && aj.Type == "*" {
-		return true
-	}
-	if ai.SubType != "*" && aj.SubType == "*" {
-		return true
-	}
-	return false
-}
-
-func (accept accept_slice) Swap(i, j int) {
-	slice := []Accept(accept)
-	slice[i], slice[j] = slice[j], slice[i]
-}
-
-// Parse an Accept Header string returning a sorted list
-// of clauses
-func ParseAccept(header string) (accept []Accept) {
-	parts := strings.Split(header, ",")
-	accept = make([]Accept, 0, len(parts))
-	for _, part := range parts {
-		part := strings.Trim(part, " ")
-
-		a := Accept{}
-		a.Params = make(map[string]string)
-		a.Q = 1.0
-
-		mrp := strings.Split(part, ";")
-
-		media_range := mrp[0]
-		sp := strings.Split(media_range, "/")
-		a.Type = strings.Trim(sp[0], " ")
-
-		switch {
-		case len(sp) == 1 && a.Type == "*":
-			a.SubType = "*"
-		case len(sp) == 2:
-			a.SubType = strings.Trim(sp[1], " ")
-		default:
-			continue
-		}
-
-		if len(mrp) == 1 {
-			accept = append(accept, a)
-			continue
-		}
-
-		for _, param := range mrp[1:] {
-			sp := strings.SplitN(param, "=", 2)
-			if len(sp) != 2 {
-				continue
-			}
-			token := strings.Trim(sp[0], " ")
-			if token == "q" {
-				a.Q, _ = strconv.ParseFloat(sp[1], 32)
-			} else {
-				a.Params[token] = strings.Trim(sp[1], " ")
-			}
-		}
-
-		accept = append(accept, a)
-	}
-
-	slice := accept_slice(accept)
-	sort.Sort(slice)
-
-	return
-}
-
-// Negotiate the most appropriate content_type given the accept header
-// and a list of alternatives.
-func Negotiate(header string, alternatives []string) (content_type string) {
-	asp := make([][]string, 0, len(alternatives))
-	for _, ctype := range alternatives {
-		asp = append(asp, strings.SplitN(ctype, "/", 2))
-	}
-	for _, clause := range ParseAccept(header) {
-		for i, ctsp := range asp {
-			if clause.Type == ctsp[0] && clause.SubType == ctsp[1] {
-				content_type = alternatives[i]
-				return
-			}
-			if clause.Type == ctsp[0] && clause.SubType == "*" {
-				content_type = alternatives[i]
-				return
-			}
-			if clause.Type == "*" && clause.SubType == "*" {
-				content_type = alternatives[i]
-				return
-			}
-		}
-	}
-	return
-}
diff --git a/vendor/github.com/prometheus/common/model/alert.go b/vendor/github.com/prometheus/common/model/alert.go
deleted file mode 100644
index 35e739c7a..000000000
--- a/vendor/github.com/prometheus/common/model/alert.go
+++ /dev/null
@@ -1,136 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"fmt"
-	"time"
-)
-
-type AlertStatus string
-
-const (
-	AlertFiring   AlertStatus = "firing"
-	AlertResolved AlertStatus = "resolved"
-)
-
-// Alert is a generic representation of an alert in the Prometheus eco-system.
-type Alert struct {
-	// Label value pairs for purpose of aggregation, matching, and disposition
-	// dispatching. This must minimally include an "alertname" label.
-	Labels LabelSet `json:"labels"`
-
-	// Extra key/value information which does not define alert identity.
-	Annotations LabelSet `json:"annotations"`
-
-	// The known time range for this alert. Both ends are optional.
-	StartsAt     time.Time `json:"startsAt,omitempty"`
-	EndsAt       time.Time `json:"endsAt,omitempty"`
-	GeneratorURL string    `json:"generatorURL"`
-}
-
-// Name returns the name of the alert. It is equivalent to the "alertname" label.
-func (a *Alert) Name() string {
-	return string(a.Labels[AlertNameLabel])
-}
-
-// Fingerprint returns a unique hash for the alert. It is equivalent to
-// the fingerprint of the alert's label set.
-func (a *Alert) Fingerprint() Fingerprint {
-	return a.Labels.Fingerprint()
-}
-
-func (a *Alert) String() string {
-	s := fmt.Sprintf("%s[%s]", a.Name(), a.Fingerprint().String()[:7])
-	if a.Resolved() {
-		return s + "[resolved]"
-	}
-	return s + "[active]"
-}
-
-// Resolved returns true iff the activity interval ended in the past.
-func (a *Alert) Resolved() bool {
-	return a.ResolvedAt(time.Now())
-}
-
-// ResolvedAt returns true off the activity interval ended before
-// the given timestamp.
-func (a *Alert) ResolvedAt(ts time.Time) bool {
-	if a.EndsAt.IsZero() {
-		return false
-	}
-	return !a.EndsAt.After(ts)
-}
-
-// Status returns the status of the alert.
-func (a *Alert) Status() AlertStatus {
-	if a.Resolved() {
-		return AlertResolved
-	}
-	return AlertFiring
-}
-
-// Validate checks whether the alert data is inconsistent.
-func (a *Alert) Validate() error {
-	if a.StartsAt.IsZero() {
-		return fmt.Errorf("start time missing")
-	}
-	if !a.EndsAt.IsZero() && a.EndsAt.Before(a.StartsAt) {
-		return fmt.Errorf("start time must be before end time")
-	}
-	if err := a.Labels.Validate(); err != nil {
-		return fmt.Errorf("invalid label set: %s", err)
-	}
-	if len(a.Labels) == 0 {
-		return fmt.Errorf("at least one label pair required")
-	}
-	if err := a.Annotations.Validate(); err != nil {
-		return fmt.Errorf("invalid annotations: %s", err)
-	}
-	return nil
-}
-
-// Alert is a list of alerts that can be sorted in chronological order.
-type Alerts []*Alert
-
-func (as Alerts) Len() int      { return len(as) }
-func (as Alerts) Swap(i, j int) { as[i], as[j] = as[j], as[i] }
-
-func (as Alerts) Less(i, j int) bool {
-	if as[i].StartsAt.Before(as[j].StartsAt) {
-		return true
-	}
-	if as[i].EndsAt.Before(as[j].EndsAt) {
-		return true
-	}
-	return as[i].Fingerprint() < as[j].Fingerprint()
-}
-
-// HasFiring returns true iff one of the alerts is not resolved.
-func (as Alerts) HasFiring() bool {
-	for _, a := range as {
-		if !a.Resolved() {
-			return true
-		}
-	}
-	return false
-}
-
-// Status returns StatusFiring iff at least one of the alerts is firing.
-func (as Alerts) Status() AlertStatus {
-	if as.HasFiring() {
-		return AlertFiring
-	}
-	return AlertResolved
-}
diff --git a/vendor/github.com/prometheus/common/model/fingerprinting.go b/vendor/github.com/prometheus/common/model/fingerprinting.go
deleted file mode 100644
index fc4de4106..000000000
--- a/vendor/github.com/prometheus/common/model/fingerprinting.go
+++ /dev/null
@@ -1,105 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"fmt"
-	"strconv"
-)
-
-// Fingerprint provides a hash-capable representation of a Metric.
-// For our purposes, FNV-1A 64-bit is used.
-type Fingerprint uint64
-
-// FingerprintFromString transforms a string representation into a Fingerprint.
-func FingerprintFromString(s string) (Fingerprint, error) {
-	num, err := strconv.ParseUint(s, 16, 64)
-	return Fingerprint(num), err
-}
-
-// ParseFingerprint parses the input string into a fingerprint.
-func ParseFingerprint(s string) (Fingerprint, error) {
-	num, err := strconv.ParseUint(s, 16, 64)
-	if err != nil {
-		return 0, err
-	}
-	return Fingerprint(num), nil
-}
-
-func (f Fingerprint) String() string {
-	return fmt.Sprintf("%016x", uint64(f))
-}
-
-// Fingerprints represents a collection of Fingerprint subject to a given
-// natural sorting scheme. It implements sort.Interface.
-type Fingerprints []Fingerprint
-
-// Len implements sort.Interface.
-func (f Fingerprints) Len() int {
-	return len(f)
-}
-
-// Less implements sort.Interface.
-func (f Fingerprints) Less(i, j int) bool {
-	return f[i] < f[j]
-}
-
-// Swap implements sort.Interface.
-func (f Fingerprints) Swap(i, j int) {
-	f[i], f[j] = f[j], f[i]
-}
-
-// FingerprintSet is a set of Fingerprints.
-type FingerprintSet map[Fingerprint]struct{}
-
-// Equal returns true if both sets contain the same elements (and not more).
-func (s FingerprintSet) Equal(o FingerprintSet) bool {
-	if len(s) != len(o) {
-		return false
-	}
-
-	for k := range s {
-		if _, ok := o[k]; !ok {
-			return false
-		}
-	}
-
-	return true
-}
-
-// Intersection returns the elements contained in both sets.
-func (s FingerprintSet) Intersection(o FingerprintSet) FingerprintSet {
-	myLength, otherLength := len(s), len(o)
-	if myLength == 0 || otherLength == 0 {
-		return FingerprintSet{}
-	}
-
-	subSet := s
-	superSet := o
-
-	if otherLength < myLength {
-		subSet = o
-		superSet = s
-	}
-
-	out := FingerprintSet{}
-
-	for k := range subSet {
-		if _, ok := superSet[k]; ok {
-			out[k] = struct{}{}
-		}
-	}
-
-	return out
-}
diff --git a/vendor/github.com/prometheus/common/model/fnv.go b/vendor/github.com/prometheus/common/model/fnv.go
deleted file mode 100644
index 367afecd3..000000000
--- a/vendor/github.com/prometheus/common/model/fnv.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2015 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-// Inline and byte-free variant of hash/fnv's fnv64a.
-
-const (
-	offset64 = 14695981039346656037
-	prime64  = 1099511628211
-)
-
-// hashNew initializes a new fnv64a hash value.
-func hashNew() uint64 {
-	return offset64
-}
-
-// hashAdd adds a string to a fnv64a hash value, returning the updated hash.
-func hashAdd(h uint64, s string) uint64 {
-	for i := 0; i < len(s); i++ {
-		h ^= uint64(s[i])
-		h *= prime64
-	}
-	return h
-}
-
-// hashAddByte adds a byte to a fnv64a hash value, returning the updated hash.
-func hashAddByte(h uint64, b byte) uint64 {
-	h ^= uint64(b)
-	h *= prime64
-	return h
-}
diff --git a/vendor/github.com/prometheus/common/model/labels.go b/vendor/github.com/prometheus/common/model/labels.go
deleted file mode 100644
index ef8956335..000000000
--- a/vendor/github.com/prometheus/common/model/labels.go
+++ /dev/null
@@ -1,218 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"encoding/json"
-	"fmt"
-	"regexp"
-	"strings"
-	"unicode/utf8"
-)
-
-const (
-	// AlertNameLabel is the name of the label containing the an alert's name.
-	AlertNameLabel = "alertname"
-
-	// ExportedLabelPrefix is the prefix to prepend to the label names present in
-	// exported metrics if a label of the same name is added by the server.
-	ExportedLabelPrefix = "exported_"
-
-	// MetricNameLabel is the label name indicating the metric name of a
-	// timeseries.
-	MetricNameLabel = "__name__"
-
-	// SchemeLabel is the name of the label that holds the scheme on which to
-	// scrape a target.
-	SchemeLabel = "__scheme__"
-
-	// AddressLabel is the name of the label that holds the address of
-	// a scrape target.
-	AddressLabel = "__address__"
-
-	// MetricsPathLabel is the name of the label that holds the path on which to
-	// scrape a target.
-	MetricsPathLabel = "__metrics_path__"
-
-	// ScrapeIntervalLabel is the name of the label that holds the scrape interval
-	// used to scrape a target.
-	ScrapeIntervalLabel = "__scrape_interval__"
-
-	// ScrapeTimeoutLabel is the name of the label that holds the scrape
-	// timeout used to scrape a target.
-	ScrapeTimeoutLabel = "__scrape_timeout__"
-
-	// ReservedLabelPrefix is a prefix which is not legal in user-supplied
-	// label names.
-	ReservedLabelPrefix = "__"
-
-	// MetaLabelPrefix is a prefix for labels that provide meta information.
-	// Labels with this prefix are used for intermediate label processing and
-	// will not be attached to time series.
-	MetaLabelPrefix = "__meta_"
-
-	// TmpLabelPrefix is a prefix for temporary labels as part of relabelling.
-	// Labels with this prefix are used for intermediate label processing and
-	// will not be attached to time series. This is reserved for use in
-	// Prometheus configuration files by users.
-	TmpLabelPrefix = "__tmp_"
-
-	// ParamLabelPrefix is a prefix for labels that provide URL parameters
-	// used to scrape a target.
-	ParamLabelPrefix = "__param_"
-
-	// JobLabel is the label name indicating the job from which a timeseries
-	// was scraped.
-	JobLabel = "job"
-
-	// InstanceLabel is the label name used for the instance label.
-	InstanceLabel = "instance"
-
-	// BucketLabel is used for the label that defines the upper bound of a
-	// bucket of a histogram ("le" -> "less or equal").
-	BucketLabel = "le"
-
-	// QuantileLabel is used for the label that defines the quantile in a
-	// summary.
-	QuantileLabel = "quantile"
-)
-
-// LabelNameRE is a regular expression matching valid label names. Note that the
-// IsValid method of LabelName performs the same check but faster than a match
-// with this regular expression.
-var LabelNameRE = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$")
-
-// A LabelName is a key for a LabelSet or Metric.  It has a value associated
-// therewith.
-type LabelName string
-
-// IsValid is true iff the label name matches the pattern of LabelNameRE. This
-// method, however, does not use LabelNameRE for the check but a much faster
-// hardcoded implementation.
-func (ln LabelName) IsValid() bool {
-	if len(ln) == 0 {
-		return false
-	}
-	for i, b := range ln {
-		if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || (b >= '0' && b <= '9' && i > 0)) {
-			return false
-		}
-	}
-	return true
-}
-
-// UnmarshalYAML implements the yaml.Unmarshaler interface.
-func (ln *LabelName) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	var s string
-	if err := unmarshal(&s); err != nil {
-		return err
-	}
-	if !LabelName(s).IsValid() {
-		return fmt.Errorf("%q is not a valid label name", s)
-	}
-	*ln = LabelName(s)
-	return nil
-}
-
-// UnmarshalJSON implements the json.Unmarshaler interface.
-func (ln *LabelName) UnmarshalJSON(b []byte) error {
-	var s string
-	if err := json.Unmarshal(b, &s); err != nil {
-		return err
-	}
-	if !LabelName(s).IsValid() {
-		return fmt.Errorf("%q is not a valid label name", s)
-	}
-	*ln = LabelName(s)
-	return nil
-}
-
-// LabelNames is a sortable LabelName slice. In implements sort.Interface.
-type LabelNames []LabelName
-
-func (l LabelNames) Len() int {
-	return len(l)
-}
-
-func (l LabelNames) Less(i, j int) bool {
-	return l[i] < l[j]
-}
-
-func (l LabelNames) Swap(i, j int) {
-	l[i], l[j] = l[j], l[i]
-}
-
-func (l LabelNames) String() string {
-	labelStrings := make([]string, 0, len(l))
-	for _, label := range l {
-		labelStrings = append(labelStrings, string(label))
-	}
-	return strings.Join(labelStrings, ", ")
-}
-
-// A LabelValue is an associated value for a LabelName.
-type LabelValue string
-
-// IsValid returns true iff the string is a valid UTF8.
-func (lv LabelValue) IsValid() bool {
-	return utf8.ValidString(string(lv))
-}
-
-// LabelValues is a sortable LabelValue slice. It implements sort.Interface.
-type LabelValues []LabelValue
-
-func (l LabelValues) Len() int {
-	return len(l)
-}
-
-func (l LabelValues) Less(i, j int) bool {
-	return string(l[i]) < string(l[j])
-}
-
-func (l LabelValues) Swap(i, j int) {
-	l[i], l[j] = l[j], l[i]
-}
-
-// LabelPair pairs a name with a value.
-type LabelPair struct {
-	Name  LabelName
-	Value LabelValue
-}
-
-// LabelPairs is a sortable slice of LabelPair pointers. It implements
-// sort.Interface.
-type LabelPairs []*LabelPair
-
-func (l LabelPairs) Len() int {
-	return len(l)
-}
-
-func (l LabelPairs) Less(i, j int) bool {
-	switch {
-	case l[i].Name > l[j].Name:
-		return false
-	case l[i].Name < l[j].Name:
-		return true
-	case l[i].Value > l[j].Value:
-		return false
-	case l[i].Value < l[j].Value:
-		return true
-	default:
-		return false
-	}
-}
-
-func (l LabelPairs) Swap(i, j int) {
-	l[i], l[j] = l[j], l[i]
-}
diff --git a/vendor/github.com/prometheus/common/model/labelset.go b/vendor/github.com/prometheus/common/model/labelset.go
deleted file mode 100644
index 6eda08a73..000000000
--- a/vendor/github.com/prometheus/common/model/labelset.go
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"encoding/json"
-	"fmt"
-	"sort"
-	"strings"
-)
-
-// A LabelSet is a collection of LabelName and LabelValue pairs.  The LabelSet
-// may be fully-qualified down to the point where it may resolve to a single
-// Metric in the data store or not.  All operations that occur within the realm
-// of a LabelSet can emit a vector of Metric entities to which the LabelSet may
-// match.
-type LabelSet map[LabelName]LabelValue
-
-// Validate checks whether all names and values in the label set
-// are valid.
-func (ls LabelSet) Validate() error {
-	for ln, lv := range ls {
-		if !ln.IsValid() {
-			return fmt.Errorf("invalid name %q", ln)
-		}
-		if !lv.IsValid() {
-			return fmt.Errorf("invalid value %q", lv)
-		}
-	}
-	return nil
-}
-
-// Equal returns true iff both label sets have exactly the same key/value pairs.
-func (ls LabelSet) Equal(o LabelSet) bool {
-	if len(ls) != len(o) {
-		return false
-	}
-	for ln, lv := range ls {
-		olv, ok := o[ln]
-		if !ok {
-			return false
-		}
-		if olv != lv {
-			return false
-		}
-	}
-	return true
-}
-
-// Before compares the metrics, using the following criteria:
-//
-// If m has fewer labels than o, it is before o. If it has more, it is not.
-//
-// If the number of labels is the same, the superset of all label names is
-// sorted alphanumerically. The first differing label pair found in that order
-// determines the outcome: If the label does not exist at all in m, then m is
-// before o, and vice versa. Otherwise the label value is compared
-// alphanumerically.
-//
-// If m and o are equal, the method returns false.
-func (ls LabelSet) Before(o LabelSet) bool {
-	if len(ls) < len(o) {
-		return true
-	}
-	if len(ls) > len(o) {
-		return false
-	}
-
-	lns := make(LabelNames, 0, len(ls)+len(o))
-	for ln := range ls {
-		lns = append(lns, ln)
-	}
-	for ln := range o {
-		lns = append(lns, ln)
-	}
-	// It's probably not worth it to de-dup lns.
-	sort.Sort(lns)
-	for _, ln := range lns {
-		mlv, ok := ls[ln]
-		if !ok {
-			return true
-		}
-		olv, ok := o[ln]
-		if !ok {
-			return false
-		}
-		if mlv < olv {
-			return true
-		}
-		if mlv > olv {
-			return false
-		}
-	}
-	return false
-}
-
-// Clone returns a copy of the label set.
-func (ls LabelSet) Clone() LabelSet {
-	lsn := make(LabelSet, len(ls))
-	for ln, lv := range ls {
-		lsn[ln] = lv
-	}
-	return lsn
-}
-
-// Merge is a helper function to non-destructively merge two label sets.
-func (l LabelSet) Merge(other LabelSet) LabelSet {
-	result := make(LabelSet, len(l))
-
-	for k, v := range l {
-		result[k] = v
-	}
-
-	for k, v := range other {
-		result[k] = v
-	}
-
-	return result
-}
-
-func (l LabelSet) String() string {
-	lstrs := make([]string, 0, len(l))
-	for l, v := range l {
-		lstrs = append(lstrs, fmt.Sprintf("%s=%q", l, v))
-	}
-
-	sort.Strings(lstrs)
-	return fmt.Sprintf("{%s}", strings.Join(lstrs, ", "))
-}
-
-// Fingerprint returns the LabelSet's fingerprint.
-func (ls LabelSet) Fingerprint() Fingerprint {
-	return labelSetToFingerprint(ls)
-}
-
-// FastFingerprint returns the LabelSet's Fingerprint calculated by a faster hashing
-// algorithm, which is, however, more susceptible to hash collisions.
-func (ls LabelSet) FastFingerprint() Fingerprint {
-	return labelSetToFastFingerprint(ls)
-}
-
-// UnmarshalJSON implements the json.Unmarshaler interface.
-func (l *LabelSet) UnmarshalJSON(b []byte) error {
-	var m map[LabelName]LabelValue
-	if err := json.Unmarshal(b, &m); err != nil {
-		return err
-	}
-	// encoding/json only unmarshals maps of the form map[string]T. It treats
-	// LabelName as a string and does not call its UnmarshalJSON method.
-	// Thus, we have to replicate the behavior here.
-	for ln := range m {
-		if !ln.IsValid() {
-			return fmt.Errorf("%q is not a valid label name", ln)
-		}
-	}
-	*l = LabelSet(m)
-	return nil
-}
diff --git a/vendor/github.com/prometheus/common/model/metric.go b/vendor/github.com/prometheus/common/model/metric.go
deleted file mode 100644
index 00804b7fe..000000000
--- a/vendor/github.com/prometheus/common/model/metric.go
+++ /dev/null
@@ -1,102 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"fmt"
-	"regexp"
-	"sort"
-	"strings"
-)
-
-var (
-	// MetricNameRE is a regular expression matching valid metric
-	// names. Note that the IsValidMetricName function performs the same
-	// check but faster than a match with this regular expression.
-	MetricNameRE = regexp.MustCompile(`^[a-zA-Z_:][a-zA-Z0-9_:]*$`)
-)
-
-// A Metric is similar to a LabelSet, but the key difference is that a Metric is
-// a singleton and refers to one and only one stream of samples.
-type Metric LabelSet
-
-// Equal compares the metrics.
-func (m Metric) Equal(o Metric) bool {
-	return LabelSet(m).Equal(LabelSet(o))
-}
-
-// Before compares the metrics' underlying label sets.
-func (m Metric) Before(o Metric) bool {
-	return LabelSet(m).Before(LabelSet(o))
-}
-
-// Clone returns a copy of the Metric.
-func (m Metric) Clone() Metric {
-	clone := make(Metric, len(m))
-	for k, v := range m {
-		clone[k] = v
-	}
-	return clone
-}
-
-func (m Metric) String() string {
-	metricName, hasName := m[MetricNameLabel]
-	numLabels := len(m) - 1
-	if !hasName {
-		numLabels = len(m)
-	}
-	labelStrings := make([]string, 0, numLabels)
-	for label, value := range m {
-		if label != MetricNameLabel {
-			labelStrings = append(labelStrings, fmt.Sprintf("%s=%q", label, value))
-		}
-	}
-
-	switch numLabels {
-	case 0:
-		if hasName {
-			return string(metricName)
-		}
-		return "{}"
-	default:
-		sort.Strings(labelStrings)
-		return fmt.Sprintf("%s{%s}", metricName, strings.Join(labelStrings, ", "))
-	}
-}
-
-// Fingerprint returns a Metric's Fingerprint.
-func (m Metric) Fingerprint() Fingerprint {
-	return LabelSet(m).Fingerprint()
-}
-
-// FastFingerprint returns a Metric's Fingerprint calculated by a faster hashing
-// algorithm, which is, however, more susceptible to hash collisions.
-func (m Metric) FastFingerprint() Fingerprint {
-	return LabelSet(m).FastFingerprint()
-}
-
-// IsValidMetricName returns true iff name matches the pattern of MetricNameRE.
-// This function, however, does not use MetricNameRE for the check but a much
-// faster hardcoded implementation.
-func IsValidMetricName(n LabelValue) bool {
-	if len(n) == 0 {
-		return false
-	}
-	for i, b := range n {
-		if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || b == ':' || (b >= '0' && b <= '9' && i > 0)) {
-			return false
-		}
-	}
-	return true
-}
diff --git a/vendor/github.com/prometheus/common/model/model.go b/vendor/github.com/prometheus/common/model/model.go
deleted file mode 100644
index a7b969170..000000000
--- a/vendor/github.com/prometheus/common/model/model.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package model contains common data structures that are shared across
-// Prometheus components and libraries.
-package model
diff --git a/vendor/github.com/prometheus/common/model/signature.go b/vendor/github.com/prometheus/common/model/signature.go
deleted file mode 100644
index 8762b13c6..000000000
--- a/vendor/github.com/prometheus/common/model/signature.go
+++ /dev/null
@@ -1,144 +0,0 @@
-// Copyright 2014 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"sort"
-)
-
-// SeparatorByte is a byte that cannot occur in valid UTF-8 sequences and is
-// used to separate label names, label values, and other strings from each other
-// when calculating their combined hash value (aka signature aka fingerprint).
-const SeparatorByte byte = 255
-
-var (
-	// cache the signature of an empty label set.
-	emptyLabelSignature = hashNew()
-)
-
-// LabelsToSignature returns a quasi-unique signature (i.e., fingerprint) for a
-// given label set. (Collisions are possible but unlikely if the number of label
-// sets the function is applied to is small.)
-func LabelsToSignature(labels map[string]string) uint64 {
-	if len(labels) == 0 {
-		return emptyLabelSignature
-	}
-
-	labelNames := make([]string, 0, len(labels))
-	for labelName := range labels {
-		labelNames = append(labelNames, labelName)
-	}
-	sort.Strings(labelNames)
-
-	sum := hashNew()
-	for _, labelName := range labelNames {
-		sum = hashAdd(sum, labelName)
-		sum = hashAddByte(sum, SeparatorByte)
-		sum = hashAdd(sum, labels[labelName])
-		sum = hashAddByte(sum, SeparatorByte)
-	}
-	return sum
-}
-
-// labelSetToFingerprint works exactly as LabelsToSignature but takes a LabelSet as
-// parameter (rather than a label map) and returns a Fingerprint.
-func labelSetToFingerprint(ls LabelSet) Fingerprint {
-	if len(ls) == 0 {
-		return Fingerprint(emptyLabelSignature)
-	}
-
-	labelNames := make(LabelNames, 0, len(ls))
-	for labelName := range ls {
-		labelNames = append(labelNames, labelName)
-	}
-	sort.Sort(labelNames)
-
-	sum := hashNew()
-	for _, labelName := range labelNames {
-		sum = hashAdd(sum, string(labelName))
-		sum = hashAddByte(sum, SeparatorByte)
-		sum = hashAdd(sum, string(ls[labelName]))
-		sum = hashAddByte(sum, SeparatorByte)
-	}
-	return Fingerprint(sum)
-}
-
-// labelSetToFastFingerprint works similar to labelSetToFingerprint but uses a
-// faster and less allocation-heavy hash function, which is more susceptible to
-// create hash collisions. Therefore, collision detection should be applied.
-func labelSetToFastFingerprint(ls LabelSet) Fingerprint {
-	if len(ls) == 0 {
-		return Fingerprint(emptyLabelSignature)
-	}
-
-	var result uint64
-	for labelName, labelValue := range ls {
-		sum := hashNew()
-		sum = hashAdd(sum, string(labelName))
-		sum = hashAddByte(sum, SeparatorByte)
-		sum = hashAdd(sum, string(labelValue))
-		result ^= sum
-	}
-	return Fingerprint(result)
-}
-
-// SignatureForLabels works like LabelsToSignature but takes a Metric as
-// parameter (rather than a label map) and only includes the labels with the
-// specified LabelNames into the signature calculation. The labels passed in
-// will be sorted by this function.
-func SignatureForLabels(m Metric, labels ...LabelName) uint64 {
-	if len(labels) == 0 {
-		return emptyLabelSignature
-	}
-
-	sort.Sort(LabelNames(labels))
-
-	sum := hashNew()
-	for _, label := range labels {
-		sum = hashAdd(sum, string(label))
-		sum = hashAddByte(sum, SeparatorByte)
-		sum = hashAdd(sum, string(m[label]))
-		sum = hashAddByte(sum, SeparatorByte)
-	}
-	return sum
-}
-
-// SignatureWithoutLabels works like LabelsToSignature but takes a Metric as
-// parameter (rather than a label map) and excludes the labels with any of the
-// specified LabelNames from the signature calculation.
-func SignatureWithoutLabels(m Metric, labels map[LabelName]struct{}) uint64 {
-	if len(m) == 0 {
-		return emptyLabelSignature
-	}
-
-	labelNames := make(LabelNames, 0, len(m))
-	for labelName := range m {
-		if _, exclude := labels[labelName]; !exclude {
-			labelNames = append(labelNames, labelName)
-		}
-	}
-	if len(labelNames) == 0 {
-		return emptyLabelSignature
-	}
-	sort.Sort(labelNames)
-
-	sum := hashNew()
-	for _, labelName := range labelNames {
-		sum = hashAdd(sum, string(labelName))
-		sum = hashAddByte(sum, SeparatorByte)
-		sum = hashAdd(sum, string(m[labelName]))
-		sum = hashAddByte(sum, SeparatorByte)
-	}
-	return sum
-}
diff --git a/vendor/github.com/prometheus/common/model/silence.go b/vendor/github.com/prometheus/common/model/silence.go
deleted file mode 100644
index bb99889d2..000000000
--- a/vendor/github.com/prometheus/common/model/silence.go
+++ /dev/null
@@ -1,106 +0,0 @@
-// Copyright 2015 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"encoding/json"
-	"fmt"
-	"regexp"
-	"time"
-)
-
-// Matcher describes a matches the value of a given label.
-type Matcher struct {
-	Name    LabelName `json:"name"`
-	Value   string    `json:"value"`
-	IsRegex bool      `json:"isRegex"`
-}
-
-func (m *Matcher) UnmarshalJSON(b []byte) error {
-	type plain Matcher
-	if err := json.Unmarshal(b, (*plain)(m)); err != nil {
-		return err
-	}
-
-	if len(m.Name) == 0 {
-		return fmt.Errorf("label name in matcher must not be empty")
-	}
-	if m.IsRegex {
-		if _, err := regexp.Compile(m.Value); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// Validate returns true iff all fields of the matcher have valid values.
-func (m *Matcher) Validate() error {
-	if !m.Name.IsValid() {
-		return fmt.Errorf("invalid name %q", m.Name)
-	}
-	if m.IsRegex {
-		if _, err := regexp.Compile(m.Value); err != nil {
-			return fmt.Errorf("invalid regular expression %q", m.Value)
-		}
-	} else if !LabelValue(m.Value).IsValid() || len(m.Value) == 0 {
-		return fmt.Errorf("invalid value %q", m.Value)
-	}
-	return nil
-}
-
-// Silence defines the representation of a silence definition in the Prometheus
-// eco-system.
-type Silence struct {
-	ID uint64 `json:"id,omitempty"`
-
-	Matchers []*Matcher `json:"matchers"`
-
-	StartsAt time.Time `json:"startsAt"`
-	EndsAt   time.Time `json:"endsAt"`
-
-	CreatedAt time.Time `json:"createdAt,omitempty"`
-	CreatedBy string    `json:"createdBy"`
-	Comment   string    `json:"comment,omitempty"`
-}
-
-// Validate returns true iff all fields of the silence have valid values.
-func (s *Silence) Validate() error {
-	if len(s.Matchers) == 0 {
-		return fmt.Errorf("at least one matcher required")
-	}
-	for _, m := range s.Matchers {
-		if err := m.Validate(); err != nil {
-			return fmt.Errorf("invalid matcher: %s", err)
-		}
-	}
-	if s.StartsAt.IsZero() {
-		return fmt.Errorf("start time missing")
-	}
-	if s.EndsAt.IsZero() {
-		return fmt.Errorf("end time missing")
-	}
-	if s.EndsAt.Before(s.StartsAt) {
-		return fmt.Errorf("start time must be before end time")
-	}
-	if s.CreatedBy == "" {
-		return fmt.Errorf("creator information missing")
-	}
-	if s.Comment == "" {
-		return fmt.Errorf("comment missing")
-	}
-	if s.CreatedAt.IsZero() {
-		return fmt.Errorf("creation timestamp missing")
-	}
-	return nil
-}
diff --git a/vendor/github.com/prometheus/common/model/time.go b/vendor/github.com/prometheus/common/model/time.go
deleted file mode 100644
index 7f67b16e4..000000000
--- a/vendor/github.com/prometheus/common/model/time.go
+++ /dev/null
@@ -1,317 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"math"
-	"regexp"
-	"strconv"
-	"strings"
-	"time"
-)
-
-const (
-	// MinimumTick is the minimum supported time resolution. This has to be
-	// at least time.Second in order for the code below to work.
-	minimumTick = time.Millisecond
-	// second is the Time duration equivalent to one second.
-	second = int64(time.Second / minimumTick)
-	// The number of nanoseconds per minimum tick.
-	nanosPerTick = int64(minimumTick / time.Nanosecond)
-
-	// Earliest is the earliest Time representable. Handy for
-	// initializing a high watermark.
-	Earliest = Time(math.MinInt64)
-	// Latest is the latest Time representable. Handy for initializing
-	// a low watermark.
-	Latest = Time(math.MaxInt64)
-)
-
-// Time is the number of milliseconds since the epoch
-// (1970-01-01 00:00 UTC) excluding leap seconds.
-type Time int64
-
-// Interval describes an interval between two timestamps.
-type Interval struct {
-	Start, End Time
-}
-
-// Now returns the current time as a Time.
-func Now() Time {
-	return TimeFromUnixNano(time.Now().UnixNano())
-}
-
-// TimeFromUnix returns the Time equivalent to the Unix Time t
-// provided in seconds.
-func TimeFromUnix(t int64) Time {
-	return Time(t * second)
-}
-
-// TimeFromUnixNano returns the Time equivalent to the Unix Time
-// t provided in nanoseconds.
-func TimeFromUnixNano(t int64) Time {
-	return Time(t / nanosPerTick)
-}
-
-// Equal reports whether two Times represent the same instant.
-func (t Time) Equal(o Time) bool {
-	return t == o
-}
-
-// Before reports whether the Time t is before o.
-func (t Time) Before(o Time) bool {
-	return t < o
-}
-
-// After reports whether the Time t is after o.
-func (t Time) After(o Time) bool {
-	return t > o
-}
-
-// Add returns the Time t + d.
-func (t Time) Add(d time.Duration) Time {
-	return t + Time(d/minimumTick)
-}
-
-// Sub returns the Duration t - o.
-func (t Time) Sub(o Time) time.Duration {
-	return time.Duration(t-o) * minimumTick
-}
-
-// Time returns the time.Time representation of t.
-func (t Time) Time() time.Time {
-	return time.Unix(int64(t)/second, (int64(t)%second)*nanosPerTick)
-}
-
-// Unix returns t as a Unix time, the number of seconds elapsed
-// since January 1, 1970 UTC.
-func (t Time) Unix() int64 {
-	return int64(t) / second
-}
-
-// UnixNano returns t as a Unix time, the number of nanoseconds elapsed
-// since January 1, 1970 UTC.
-func (t Time) UnixNano() int64 {
-	return int64(t) * nanosPerTick
-}
-
-// The number of digits after the dot.
-var dotPrecision = int(math.Log10(float64(second)))
-
-// String returns a string representation of the Time.
-func (t Time) String() string {
-	return strconv.FormatFloat(float64(t)/float64(second), 'f', -1, 64)
-}
-
-// MarshalJSON implements the json.Marshaler interface.
-func (t Time) MarshalJSON() ([]byte, error) {
-	return []byte(t.String()), nil
-}
-
-// UnmarshalJSON implements the json.Unmarshaler interface.
-func (t *Time) UnmarshalJSON(b []byte) error {
-	p := strings.Split(string(b), ".")
-	switch len(p) {
-	case 1:
-		v, err := strconv.ParseInt(string(p[0]), 10, 64)
-		if err != nil {
-			return err
-		}
-		*t = Time(v * second)
-
-	case 2:
-		v, err := strconv.ParseInt(string(p[0]), 10, 64)
-		if err != nil {
-			return err
-		}
-		v *= second
-
-		prec := dotPrecision - len(p[1])
-		if prec < 0 {
-			p[1] = p[1][:dotPrecision]
-		} else if prec > 0 {
-			p[1] = p[1] + strings.Repeat("0", prec)
-		}
-
-		va, err := strconv.ParseInt(p[1], 10, 32)
-		if err != nil {
-			return err
-		}
-
-		// If the value was something like -0.1 the negative is lost in the
-		// parsing because of the leading zero, this ensures that we capture it.
-		if len(p[0]) > 0 && p[0][0] == '-' && v+va > 0 {
-			*t = Time(v+va) * -1
-		} else {
-			*t = Time(v + va)
-		}
-
-	default:
-		return fmt.Errorf("invalid time %q", string(b))
-	}
-	return nil
-}
-
-// Duration wraps time.Duration. It is used to parse the custom duration format
-// from YAML.
-// This type should not propagate beyond the scope of input/output processing.
-type Duration time.Duration
-
-// Set implements pflag/flag.Value
-func (d *Duration) Set(s string) error {
-	var err error
-	*d, err = ParseDuration(s)
-	return err
-}
-
-// Type implements pflag.Value
-func (d *Duration) Type() string {
-	return "duration"
-}
-
-var durationRE = regexp.MustCompile("^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$")
-
-// ParseDuration parses a string into a time.Duration, assuming that a year
-// always has 365d, a week always has 7d, and a day always has 24h.
-func ParseDuration(durationStr string) (Duration, error) {
-	switch durationStr {
-	case "0":
-		// Allow 0 without a unit.
-		return 0, nil
-	case "":
-		return 0, fmt.Errorf("empty duration string")
-	}
-	matches := durationRE.FindStringSubmatch(durationStr)
-	if matches == nil {
-		return 0, fmt.Errorf("not a valid duration string: %q", durationStr)
-	}
-	var dur time.Duration
-
-	// Parse the match at pos `pos` in the regex and use `mult` to turn that
-	// into ms, then add that value to the total parsed duration.
-	var overflowErr error
-	m := func(pos int, mult time.Duration) {
-		if matches[pos] == "" {
-			return
-		}
-		n, _ := strconv.Atoi(matches[pos])
-
-		// Check if the provided duration overflows time.Duration (> ~ 290years).
-		if n > int((1<<63-1)/mult/time.Millisecond) {
-			overflowErr = errors.New("duration out of range")
-		}
-		d := time.Duration(n) * time.Millisecond
-		dur += d * mult
-
-		if dur < 0 {
-			overflowErr = errors.New("duration out of range")
-		}
-	}
-
-	m(2, 1000*60*60*24*365) // y
-	m(4, 1000*60*60*24*7)   // w
-	m(6, 1000*60*60*24)     // d
-	m(8, 1000*60*60)        // h
-	m(10, 1000*60)          // m
-	m(12, 1000)             // s
-	m(14, 1)                // ms
-
-	return Duration(dur), overflowErr
-}
-
-func (d Duration) String() string {
-	var (
-		ms = int64(time.Duration(d) / time.Millisecond)
-		r  = ""
-	)
-	if ms == 0 {
-		return "0s"
-	}
-
-	f := func(unit string, mult int64, exact bool) {
-		if exact && ms%mult != 0 {
-			return
-		}
-		if v := ms / mult; v > 0 {
-			r += fmt.Sprintf("%d%s", v, unit)
-			ms -= v * mult
-		}
-	}
-
-	// Only format years and weeks if the remainder is zero, as it is often
-	// easier to read 90d than 12w6d.
-	f("y", 1000*60*60*24*365, true)
-	f("w", 1000*60*60*24*7, true)
-
-	f("d", 1000*60*60*24, false)
-	f("h", 1000*60*60, false)
-	f("m", 1000*60, false)
-	f("s", 1000, false)
-	f("ms", 1, false)
-
-	return r
-}
-
-// MarshalJSON implements the json.Marshaler interface.
-func (d Duration) MarshalJSON() ([]byte, error) {
-	return json.Marshal(d.String())
-}
-
-// UnmarshalJSON implements the json.Unmarshaler interface.
-func (d *Duration) UnmarshalJSON(bytes []byte) error {
-	var s string
-	if err := json.Unmarshal(bytes, &s); err != nil {
-		return err
-	}
-	dur, err := ParseDuration(s)
-	if err != nil {
-		return err
-	}
-	*d = dur
-	return nil
-}
-
-// MarshalText implements the encoding.TextMarshaler interface.
-func (d *Duration) MarshalText() ([]byte, error) {
-	return []byte(d.String()), nil
-}
-
-// UnmarshalText implements the encoding.TextUnmarshaler interface.
-func (d *Duration) UnmarshalText(text []byte) error {
-	var err error
-	*d, err = ParseDuration(string(text))
-	return err
-}
-
-// MarshalYAML implements the yaml.Marshaler interface.
-func (d Duration) MarshalYAML() (interface{}, error) {
-	return d.String(), nil
-}
-
-// UnmarshalYAML implements the yaml.Unmarshaler interface.
-func (d *Duration) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	var s string
-	if err := unmarshal(&s); err != nil {
-		return err
-	}
-	dur, err := ParseDuration(s)
-	if err != nil {
-		return err
-	}
-	*d = dur
-	return nil
-}
diff --git a/vendor/github.com/prometheus/common/model/value.go b/vendor/github.com/prometheus/common/model/value.go
deleted file mode 100644
index c9d8fb1a2..000000000
--- a/vendor/github.com/prometheus/common/model/value.go
+++ /dev/null
@@ -1,416 +0,0 @@
-// Copyright 2013 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-import (
-	"encoding/json"
-	"fmt"
-	"math"
-	"sort"
-	"strconv"
-	"strings"
-)
-
-var (
-	// ZeroSamplePair is the pseudo zero-value of SamplePair used to signal a
-	// non-existing sample pair. It is a SamplePair with timestamp Earliest and
-	// value 0.0. Note that the natural zero value of SamplePair has a timestamp
-	// of 0, which is possible to appear in a real SamplePair and thus not
-	// suitable to signal a non-existing SamplePair.
-	ZeroSamplePair = SamplePair{Timestamp: Earliest}
-
-	// ZeroSample is the pseudo zero-value of Sample used to signal a
-	// non-existing sample. It is a Sample with timestamp Earliest, value 0.0,
-	// and metric nil. Note that the natural zero value of Sample has a timestamp
-	// of 0, which is possible to appear in a real Sample and thus not suitable
-	// to signal a non-existing Sample.
-	ZeroSample = Sample{Timestamp: Earliest}
-)
-
-// A SampleValue is a representation of a value for a given sample at a given
-// time.
-type SampleValue float64
-
-// MarshalJSON implements json.Marshaler.
-func (v SampleValue) MarshalJSON() ([]byte, error) {
-	return json.Marshal(v.String())
-}
-
-// UnmarshalJSON implements json.Unmarshaler.
-func (v *SampleValue) UnmarshalJSON(b []byte) error {
-	if len(b) < 2 || b[0] != '"' || b[len(b)-1] != '"' {
-		return fmt.Errorf("sample value must be a quoted string")
-	}
-	f, err := strconv.ParseFloat(string(b[1:len(b)-1]), 64)
-	if err != nil {
-		return err
-	}
-	*v = SampleValue(f)
-	return nil
-}
-
-// Equal returns true if the value of v and o is equal or if both are NaN. Note
-// that v==o is false if both are NaN. If you want the conventional float
-// behavior, use == to compare two SampleValues.
-func (v SampleValue) Equal(o SampleValue) bool {
-	if v == o {
-		return true
-	}
-	return math.IsNaN(float64(v)) && math.IsNaN(float64(o))
-}
-
-func (v SampleValue) String() string {
-	return strconv.FormatFloat(float64(v), 'f', -1, 64)
-}
-
-// SamplePair pairs a SampleValue with a Timestamp.
-type SamplePair struct {
-	Timestamp Time
-	Value     SampleValue
-}
-
-// MarshalJSON implements json.Marshaler.
-func (s SamplePair) MarshalJSON() ([]byte, error) {
-	t, err := json.Marshal(s.Timestamp)
-	if err != nil {
-		return nil, err
-	}
-	v, err := json.Marshal(s.Value)
-	if err != nil {
-		return nil, err
-	}
-	return []byte(fmt.Sprintf("[%s,%s]", t, v)), nil
-}
-
-// UnmarshalJSON implements json.Unmarshaler.
-func (s *SamplePair) UnmarshalJSON(b []byte) error {
-	v := [...]json.Unmarshaler{&s.Timestamp, &s.Value}
-	return json.Unmarshal(b, &v)
-}
-
-// Equal returns true if this SamplePair and o have equal Values and equal
-// Timestamps. The semantics of Value equality is defined by SampleValue.Equal.
-func (s *SamplePair) Equal(o *SamplePair) bool {
-	return s == o || (s.Value.Equal(o.Value) && s.Timestamp.Equal(o.Timestamp))
-}
-
-func (s SamplePair) String() string {
-	return fmt.Sprintf("%s @[%s]", s.Value, s.Timestamp)
-}
-
-// Sample is a sample pair associated with a metric.
-type Sample struct {
-	Metric    Metric      `json:"metric"`
-	Value     SampleValue `json:"value"`
-	Timestamp Time        `json:"timestamp"`
-}
-
-// Equal compares first the metrics, then the timestamp, then the value. The
-// semantics of value equality is defined by SampleValue.Equal.
-func (s *Sample) Equal(o *Sample) bool {
-	if s == o {
-		return true
-	}
-
-	if !s.Metric.Equal(o.Metric) {
-		return false
-	}
-	if !s.Timestamp.Equal(o.Timestamp) {
-		return false
-	}
-
-	return s.Value.Equal(o.Value)
-}
-
-func (s Sample) String() string {
-	return fmt.Sprintf("%s => %s", s.Metric, SamplePair{
-		Timestamp: s.Timestamp,
-		Value:     s.Value,
-	})
-}
-
-// MarshalJSON implements json.Marshaler.
-func (s Sample) MarshalJSON() ([]byte, error) {
-	v := struct {
-		Metric Metric     `json:"metric"`
-		Value  SamplePair `json:"value"`
-	}{
-		Metric: s.Metric,
-		Value: SamplePair{
-			Timestamp: s.Timestamp,
-			Value:     s.Value,
-		},
-	}
-
-	return json.Marshal(&v)
-}
-
-// UnmarshalJSON implements json.Unmarshaler.
-func (s *Sample) UnmarshalJSON(b []byte) error {
-	v := struct {
-		Metric Metric     `json:"metric"`
-		Value  SamplePair `json:"value"`
-	}{
-		Metric: s.Metric,
-		Value: SamplePair{
-			Timestamp: s.Timestamp,
-			Value:     s.Value,
-		},
-	}
-
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-
-	s.Metric = v.Metric
-	s.Timestamp = v.Value.Timestamp
-	s.Value = v.Value.Value
-
-	return nil
-}
-
-// Samples is a sortable Sample slice. It implements sort.Interface.
-type Samples []*Sample
-
-func (s Samples) Len() int {
-	return len(s)
-}
-
-// Less compares first the metrics, then the timestamp.
-func (s Samples) Less(i, j int) bool {
-	switch {
-	case s[i].Metric.Before(s[j].Metric):
-		return true
-	case s[j].Metric.Before(s[i].Metric):
-		return false
-	case s[i].Timestamp.Before(s[j].Timestamp):
-		return true
-	default:
-		return false
-	}
-}
-
-func (s Samples) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-// Equal compares two sets of samples and returns true if they are equal.
-func (s Samples) Equal(o Samples) bool {
-	if len(s) != len(o) {
-		return false
-	}
-
-	for i, sample := range s {
-		if !sample.Equal(o[i]) {
-			return false
-		}
-	}
-	return true
-}
-
-// SampleStream is a stream of Values belonging to an attached COWMetric.
-type SampleStream struct {
-	Metric Metric       `json:"metric"`
-	Values []SamplePair `json:"values"`
-}
-
-func (ss SampleStream) String() string {
-	vals := make([]string, len(ss.Values))
-	for i, v := range ss.Values {
-		vals[i] = v.String()
-	}
-	return fmt.Sprintf("%s =>\n%s", ss.Metric, strings.Join(vals, "\n"))
-}
-
-// Value is a generic interface for values resulting from a query evaluation.
-type Value interface {
-	Type() ValueType
-	String() string
-}
-
-func (Matrix) Type() ValueType  { return ValMatrix }
-func (Vector) Type() ValueType  { return ValVector }
-func (*Scalar) Type() ValueType { return ValScalar }
-func (*String) Type() ValueType { return ValString }
-
-type ValueType int
-
-const (
-	ValNone ValueType = iota
-	ValScalar
-	ValVector
-	ValMatrix
-	ValString
-)
-
-// MarshalJSON implements json.Marshaler.
-func (et ValueType) MarshalJSON() ([]byte, error) {
-	return json.Marshal(et.String())
-}
-
-func (et *ValueType) UnmarshalJSON(b []byte) error {
-	var s string
-	if err := json.Unmarshal(b, &s); err != nil {
-		return err
-	}
-	switch s {
-	case "<ValNone>":
-		*et = ValNone
-	case "scalar":
-		*et = ValScalar
-	case "vector":
-		*et = ValVector
-	case "matrix":
-		*et = ValMatrix
-	case "string":
-		*et = ValString
-	default:
-		return fmt.Errorf("unknown value type %q", s)
-	}
-	return nil
-}
-
-func (e ValueType) String() string {
-	switch e {
-	case ValNone:
-		return "<ValNone>"
-	case ValScalar:
-		return "scalar"
-	case ValVector:
-		return "vector"
-	case ValMatrix:
-		return "matrix"
-	case ValString:
-		return "string"
-	}
-	panic("ValueType.String: unhandled value type")
-}
-
-// Scalar is a scalar value evaluated at the set timestamp.
-type Scalar struct {
-	Value     SampleValue `json:"value"`
-	Timestamp Time        `json:"timestamp"`
-}
-
-func (s Scalar) String() string {
-	return fmt.Sprintf("scalar: %v @[%v]", s.Value, s.Timestamp)
-}
-
-// MarshalJSON implements json.Marshaler.
-func (s Scalar) MarshalJSON() ([]byte, error) {
-	v := strconv.FormatFloat(float64(s.Value), 'f', -1, 64)
-	return json.Marshal([...]interface{}{s.Timestamp, string(v)})
-}
-
-// UnmarshalJSON implements json.Unmarshaler.
-func (s *Scalar) UnmarshalJSON(b []byte) error {
-	var f string
-	v := [...]interface{}{&s.Timestamp, &f}
-
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-
-	value, err := strconv.ParseFloat(f, 64)
-	if err != nil {
-		return fmt.Errorf("error parsing sample value: %s", err)
-	}
-	s.Value = SampleValue(value)
-	return nil
-}
-
-// String is a string value evaluated at the set timestamp.
-type String struct {
-	Value     string `json:"value"`
-	Timestamp Time   `json:"timestamp"`
-}
-
-func (s *String) String() string {
-	return s.Value
-}
-
-// MarshalJSON implements json.Marshaler.
-func (s String) MarshalJSON() ([]byte, error) {
-	return json.Marshal([]interface{}{s.Timestamp, s.Value})
-}
-
-// UnmarshalJSON implements json.Unmarshaler.
-func (s *String) UnmarshalJSON(b []byte) error {
-	v := [...]interface{}{&s.Timestamp, &s.Value}
-	return json.Unmarshal(b, &v)
-}
-
-// Vector is basically only an alias for Samples, but the
-// contract is that in a Vector, all Samples have the same timestamp.
-type Vector []*Sample
-
-func (vec Vector) String() string {
-	entries := make([]string, len(vec))
-	for i, s := range vec {
-		entries[i] = s.String()
-	}
-	return strings.Join(entries, "\n")
-}
-
-func (vec Vector) Len() int      { return len(vec) }
-func (vec Vector) Swap(i, j int) { vec[i], vec[j] = vec[j], vec[i] }
-
-// Less compares first the metrics, then the timestamp.
-func (vec Vector) Less(i, j int) bool {
-	switch {
-	case vec[i].Metric.Before(vec[j].Metric):
-		return true
-	case vec[j].Metric.Before(vec[i].Metric):
-		return false
-	case vec[i].Timestamp.Before(vec[j].Timestamp):
-		return true
-	default:
-		return false
-	}
-}
-
-// Equal compares two sets of samples and returns true if they are equal.
-func (vec Vector) Equal(o Vector) bool {
-	if len(vec) != len(o) {
-		return false
-	}
-
-	for i, sample := range vec {
-		if !sample.Equal(o[i]) {
-			return false
-		}
-	}
-	return true
-}
-
-// Matrix is a list of time series.
-type Matrix []*SampleStream
-
-func (m Matrix) Len() int           { return len(m) }
-func (m Matrix) Less(i, j int) bool { return m[i].Metric.Before(m[j].Metric) }
-func (m Matrix) Swap(i, j int)      { m[i], m[j] = m[j], m[i] }
-
-func (mat Matrix) String() string {
-	matCp := make(Matrix, len(mat))
-	copy(matCp, mat)
-	sort.Sort(matCp)
-
-	strs := make([]string, len(matCp))
-
-	for i, ss := range matCp {
-		strs[i] = ss.String()
-	}
-
-	return strings.Join(strs, "\n")
-}
diff --git a/vendor/github.com/prometheus/procfs/.gitignore b/vendor/github.com/prometheus/procfs/.gitignore
deleted file mode 100644
index 25e3659ab..000000000
--- a/vendor/github.com/prometheus/procfs/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/fixtures/
diff --git a/vendor/github.com/prometheus/procfs/.golangci.yml b/vendor/github.com/prometheus/procfs/.golangci.yml
deleted file mode 100644
index 0aa09edac..000000000
--- a/vendor/github.com/prometheus/procfs/.golangci.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-linters:
-  enable:
-  - golint
diff --git a/vendor/github.com/prometheus/procfs/CODE_OF_CONDUCT.md b/vendor/github.com/prometheus/procfs/CODE_OF_CONDUCT.md
deleted file mode 100644
index 9a1aff412..000000000
--- a/vendor/github.com/prometheus/procfs/CODE_OF_CONDUCT.md
+++ /dev/null
@@ -1,3 +0,0 @@
-## Prometheus Community Code of Conduct
-
-Prometheus follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
diff --git a/vendor/github.com/prometheus/procfs/CONTRIBUTING.md b/vendor/github.com/prometheus/procfs/CONTRIBUTING.md
deleted file mode 100644
index 943de7615..000000000
--- a/vendor/github.com/prometheus/procfs/CONTRIBUTING.md
+++ /dev/null
@@ -1,121 +0,0 @@
-# Contributing
-
-Prometheus uses GitHub to manage reviews of pull requests.
-
-* If you are a new contributor see: [Steps to Contribute](#steps-to-contribute)
-
-* If you have a trivial fix or improvement, go ahead and create a pull request,
-  addressing (with `@...`) a suitable maintainer of this repository (see
-  [MAINTAINERS.md](MAINTAINERS.md)) in the description of the pull request.
-
-* If you plan to do something more involved, first discuss your ideas
-  on our [mailing list](https://groups.google.com/forum/?fromgroups#!forum/prometheus-developers).
-  This will avoid unnecessary work and surely give you and us a good deal
-  of inspiration. Also please see our [non-goals issue](https://github.com/prometheus/docs/issues/149) on areas that the Prometheus community doesn't plan to work on.
-
-* Relevant coding style guidelines are the [Go Code Review
-  Comments](https://code.google.com/p/go-wiki/wiki/CodeReviewComments)
-  and the _Formatting and style_ section of Peter Bourgon's [Go: Best
-  Practices for Production
-  Environments](https://peter.bourgon.org/go-in-production/#formatting-and-style).
-
-* Be sure to sign off on the [DCO](https://github.com/probot/dco#how-it-works)
-
-## Steps to Contribute
-
-Should you wish to work on an issue, please claim it first by commenting on the GitHub issue that you want to work on it. This is to prevent duplicated efforts from contributors on the same issue.
-
-Please check the [`help-wanted`](https://github.com/prometheus/procfs/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) label to find issues that are good for getting started. If you have questions about one of the issues, with or without the tag, please comment on them and one of the maintainers will clarify it. For a quicker response, contact us over [IRC](https://prometheus.io/community).
-
-For quickly compiling and testing your changes do:
-```
-make test         # Make sure all the tests pass before you commit and push :)
-```
-
-We use [`golangci-lint`](https://github.com/golangci/golangci-lint) for linting the code. If it reports an issue and you think that the warning needs to be disregarded or is a false-positive, you can add a special comment `//nolint:linter1[,linter2,...]` before the offending line. Use this sparingly though, fixing the code to comply with the linter's recommendation is in general the preferred course of action.
-
-## Pull Request Checklist
-
-* Branch from the master branch and, if needed, rebase to the current master branch before submitting your pull request. If it doesn't merge cleanly with master you may be asked to rebase your changes.
-
-* Commits should be as small as possible, while ensuring that each commit is correct independently (i.e., each commit should compile and pass tests).
-
-* If your patch is not getting reviewed or you need a specific person to review it, you can @-reply a reviewer asking for a review in the pull request or a comment, or you can ask for a review on IRC channel [#prometheus](https://webchat.freenode.net/?channels=#prometheus) on irc.freenode.net (for the easiest start, [join via Riot](https://riot.im/app/#/room/#prometheus:matrix.org)).
-
-* Add tests relevant to the fixed bug or new feature.
-
-## Dependency management
-
-The Prometheus project uses [Go modules](https://golang.org/cmd/go/#hdr-Modules__module_versions__and_more) to manage dependencies on external packages. This requires a working Go environment with version 1.12 or greater installed.
-
-All dependencies are vendored in the `vendor/` directory.
-
-To add or update a new dependency, use the `go get` command:
-
-```bash
-# Pick the latest tagged release.
-go get example.com/some/module/pkg
-
-# Pick a specific version.
-go get example.com/some/module/pkg@vX.Y.Z
-```
-
-Tidy up the `go.mod` and `go.sum` files and copy the new/updated dependency to the `vendor/` directory:
-
-
-```bash
-# The GO111MODULE variable can be omitted when the code isn't located in GOPATH.
-GO111MODULE=on go mod tidy
-
-GO111MODULE=on go mod vendor
-```
-
-You have to commit the changes to `go.mod`, `go.sum` and the `vendor/` directory before submitting the pull request.
-
-
-## API Implementation Guidelines
-
-### Naming and Documentation
-
-Public functions and structs should normally be named according to the file(s) being read and parsed.  For example, 
-the `fs.BuddyInfo()` function reads the file `/proc/buddyinfo`.  In addition, the godoc for each public function
-should contain the path to the file(s) being read and a URL of the linux kernel documentation describing the file(s).
-
-### Reading vs. Parsing
-
-Most functionality in this library consists of reading files and then parsing the text into structured data.  In most
-cases reading and parsing should be separated into different functions/methods with a public `fs.Thing()` method and 
-a private `parseThing(r Reader)` function.  This provides a logical separation and allows parsing to be tested
-directly without the need to read from the filesystem.  Using a `Reader` argument is preferred over other data types
-such as `string` or `*File` because it provides the most flexibility regarding the data source.  When a set of files 
-in a directory needs to be parsed, then a `path` string parameter to the parse function can be used instead.
-
-### /proc and /sys filesystem I/O 
-
-The `proc` and `sys` filesystems are pseudo file systems and work a bit differently from standard disk I/O.  
-Many of the files are changing continuously and the data being read can in some cases change between subsequent 
-reads in the same file.  Also, most of the files are relatively small (less than a few KBs), and system calls
-to the `stat` function will often return the wrong size.  Therefore, for most files it's recommended to read the 
-full file in a single operation using an internal utility function called `util.ReadFileNoStat`.
-This function is similar to `ioutil.ReadFile`, but it avoids the system call to `stat` to get the current size of
-the file.
-
-Note that parsing the file's contents can still be performed one line at a time.  This is done by first reading 
-the full file, and then using a scanner on the `[]byte` or `string` containing the data.
-
-```
-    data, err := util.ReadFileNoStat("/proc/cpuinfo")
-    if err != nil {
-        return err
-    }
-    reader := bytes.NewReader(data)
-    scanner := bufio.NewScanner(reader)
-```
-
-The `/sys` filesystem contains many very small files which contain only a single numeric or text value.  These files
-can be read using an internal function called `util.SysReadFile` which is similar to `ioutil.ReadFile` but does
-not bother to check the size of the file before reading.
-```
-    data, err := util.SysReadFile("/sys/class/power_supply/BAT0/capacity")
-```
-
diff --git a/vendor/github.com/prometheus/procfs/LICENSE b/vendor/github.com/prometheus/procfs/LICENSE
deleted file mode 100644
index 261eeb9e9..000000000
--- a/vendor/github.com/prometheus/procfs/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/prometheus/procfs/MAINTAINERS.md b/vendor/github.com/prometheus/procfs/MAINTAINERS.md
deleted file mode 100644
index 56ba67d3e..000000000
--- a/vendor/github.com/prometheus/procfs/MAINTAINERS.md
+++ /dev/null
@@ -1,2 +0,0 @@
-* Johannes 'fish' Ziemke <github@freigeist.org> @discordianfish
-* Paul Gier <pgier@redhat.com> @pgier
diff --git a/vendor/github.com/prometheus/procfs/Makefile b/vendor/github.com/prometheus/procfs/Makefile
deleted file mode 100644
index fa2bd5b52..000000000
--- a/vendor/github.com/prometheus/procfs/Makefile
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright 2018 The Prometheus Authors
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-include Makefile.common
-
-%/.unpacked: %.ttar
-	@echo ">> extracting fixtures"
-	./ttar -C $(dir $*) -x -f $*.ttar
-	touch $@
-
-fixtures: fixtures/.unpacked
-
-update_fixtures:
-	rm -vf fixtures/.unpacked
-	./ttar -c -f fixtures.ttar fixtures/
-
-.PHONY: build
-build:
-
-.PHONY: test
-test: fixtures/.unpacked common-test
diff --git a/vendor/github.com/prometheus/procfs/Makefile.common b/vendor/github.com/prometheus/procfs/Makefile.common
deleted file mode 100644
index a1b1ca40f..000000000
--- a/vendor/github.com/prometheus/procfs/Makefile.common
+++ /dev/null
@@ -1,311 +0,0 @@
-# Copyright 2018 The Prometheus Authors
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# A common Makefile that includes rules to be reused in different prometheus projects.
-# !!! Open PRs only against the prometheus/prometheus/Makefile.common repository!
-
-# Example usage :
-# Create the main Makefile in the root project directory.
-# include Makefile.common
-# customTarget:
-# 	@echo ">> Running customTarget"
-#
-
-# Ensure GOBIN is not set during build so that promu is installed to the correct path
-unexport GOBIN
-
-GO           ?= go
-GOFMT        ?= $(GO)fmt
-FIRST_GOPATH := $(firstword $(subst :, ,$(shell $(GO) env GOPATH)))
-GOOPTS       ?=
-GOHOSTOS     ?= $(shell $(GO) env GOHOSTOS)
-GOHOSTARCH   ?= $(shell $(GO) env GOHOSTARCH)
-
-GO_VERSION        ?= $(shell $(GO) version)
-GO_VERSION_NUMBER ?= $(word 3, $(GO_VERSION))
-PRE_GO_111        ?= $(shell echo $(GO_VERSION_NUMBER) | grep -E 'go1\.(10|[0-9])\.')
-
-GOVENDOR :=
-GO111MODULE :=
-ifeq (, $(PRE_GO_111))
-	ifneq (,$(wildcard go.mod))
-		# Enforce Go modules support just in case the directory is inside GOPATH (and for Travis CI).
-		GO111MODULE := on
-
-		ifneq (,$(wildcard vendor))
-			# Always use the local vendor/ directory to satisfy the dependencies.
-			GOOPTS := $(GOOPTS) -mod=vendor
-		endif
-	endif
-else
-	ifneq (,$(wildcard go.mod))
-		ifneq (,$(wildcard vendor))
-$(warning This repository requires Go >= 1.11 because of Go modules)
-$(warning Some recipes may not work as expected as the current Go runtime is '$(GO_VERSION_NUMBER)')
-		endif
-	else
-		# This repository isn't using Go modules (yet).
-		GOVENDOR := $(FIRST_GOPATH)/bin/govendor
-	endif
-endif
-PROMU        := $(FIRST_GOPATH)/bin/promu
-pkgs          = ./...
-
-ifeq (arm, $(GOHOSTARCH))
-	GOHOSTARM ?= $(shell GOARM= $(GO) env GOARM)
-	GO_BUILD_PLATFORM ?= $(GOHOSTOS)-$(GOHOSTARCH)v$(GOHOSTARM)
-else
-	GO_BUILD_PLATFORM ?= $(GOHOSTOS)-$(GOHOSTARCH)
-endif
-
-GOTEST := $(GO) test
-GOTEST_DIR :=
-ifneq ($(CIRCLE_JOB),)
-ifneq ($(shell which gotestsum),)
-	GOTEST_DIR := test-results
-	GOTEST := gotestsum --junitfile $(GOTEST_DIR)/unit-tests.xml --
-endif
-endif
-
-PROMU_VERSION ?= 0.12.0
-PROMU_URL     := https://github.com/prometheus/promu/releases/download/v$(PROMU_VERSION)/promu-$(PROMU_VERSION).$(GO_BUILD_PLATFORM).tar.gz
-
-GOLANGCI_LINT :=
-GOLANGCI_LINT_OPTS ?=
-GOLANGCI_LINT_VERSION ?= v1.39.0
-# golangci-lint only supports linux, darwin and windows platforms on i386/amd64.
-# windows isn't included here because of the path separator being different.
-ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux darwin))
-	ifeq ($(GOHOSTARCH),$(filter $(GOHOSTARCH),amd64 i386))
-		GOLANGCI_LINT := $(FIRST_GOPATH)/bin/golangci-lint
-	endif
-endif
-
-PREFIX                  ?= $(shell pwd)
-BIN_DIR                 ?= $(shell pwd)
-DOCKER_IMAGE_TAG        ?= $(subst /,-,$(shell git rev-parse --abbrev-ref HEAD))
-DOCKERFILE_PATH         ?= ./Dockerfile
-DOCKERBUILD_CONTEXT     ?= ./
-DOCKER_REPO             ?= prom
-
-DOCKER_ARCHS            ?= amd64
-
-BUILD_DOCKER_ARCHS = $(addprefix common-docker-,$(DOCKER_ARCHS))
-PUBLISH_DOCKER_ARCHS = $(addprefix common-docker-publish-,$(DOCKER_ARCHS))
-TAG_DOCKER_ARCHS = $(addprefix common-docker-tag-latest-,$(DOCKER_ARCHS))
-
-ifeq ($(GOHOSTARCH),amd64)
-        ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux freebsd darwin windows))
-                # Only supported on amd64
-                test-flags := -race
-        endif
-endif
-
-# This rule is used to forward a target like "build" to "common-build".  This
-# allows a new "build" target to be defined in a Makefile which includes this
-# one and override "common-build" without override warnings.
-%: common-% ;
-
-.PHONY: common-all
-common-all: precheck style check_license lint yamllint unused build test
-
-.PHONY: common-style
-common-style:
-	@echo ">> checking code style"
-	@fmtRes=$$($(GOFMT) -d $$(find . -path ./vendor -prune -o -name '*.go' -print)); \
-	if [ -n "$${fmtRes}" ]; then \
-		echo "gofmt checking failed!"; echo "$${fmtRes}"; echo; \
-		echo "Please ensure you are using $$($(GO) version) for formatting code."; \
-		exit 1; \
-	fi
-
-.PHONY: common-check_license
-common-check_license:
-	@echo ">> checking license header"
-	@licRes=$$(for file in $$(find . -type f -iname '*.go' ! -path './vendor/*') ; do \
-               awk 'NR<=3' $$file | grep -Eq "(Copyright|generated|GENERATED)" || echo $$file; \
-       done); \
-       if [ -n "$${licRes}" ]; then \
-               echo "license header checking failed:"; echo "$${licRes}"; \
-               exit 1; \
-       fi
-
-.PHONY: common-deps
-common-deps:
-	@echo ">> getting dependencies"
-ifdef GO111MODULE
-	GO111MODULE=$(GO111MODULE) $(GO) mod download
-else
-	$(GO) get $(GOOPTS) -t ./...
-endif
-
-.PHONY: update-go-deps
-update-go-deps:
-	@echo ">> updating Go dependencies"
-	@for m in $$($(GO) list -mod=readonly -m -f '{{ if and (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all); do \
-		$(GO) get $$m; \
-	done
-	GO111MODULE=$(GO111MODULE) $(GO) mod tidy
-ifneq (,$(wildcard vendor))
-	GO111MODULE=$(GO111MODULE) $(GO) mod vendor
-endif
-
-.PHONY: common-test-short
-common-test-short: $(GOTEST_DIR)
-	@echo ">> running short tests"
-	GO111MODULE=$(GO111MODULE) $(GOTEST) -short $(GOOPTS) $(pkgs)
-
-.PHONY: common-test
-common-test: $(GOTEST_DIR)
-	@echo ">> running all tests"
-	GO111MODULE=$(GO111MODULE) $(GOTEST) $(test-flags) $(GOOPTS) $(pkgs)
-
-$(GOTEST_DIR):
-	@mkdir -p $@
-
-.PHONY: common-format
-common-format:
-	@echo ">> formatting code"
-	GO111MODULE=$(GO111MODULE) $(GO) fmt $(pkgs)
-
-.PHONY: common-vet
-common-vet:
-	@echo ">> vetting code"
-	GO111MODULE=$(GO111MODULE) $(GO) vet $(GOOPTS) $(pkgs)
-
-.PHONY: common-lint
-common-lint: $(GOLANGCI_LINT)
-ifdef GOLANGCI_LINT
-	@echo ">> running golangci-lint"
-ifdef GO111MODULE
-# 'go list' needs to be executed before staticcheck to prepopulate the modules cache.
-# Otherwise staticcheck might fail randomly for some reason not yet explained.
-	GO111MODULE=$(GO111MODULE) $(GO) list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
-	GO111MODULE=$(GO111MODULE) $(GOLANGCI_LINT) run $(GOLANGCI_LINT_OPTS) $(pkgs)
-else
-	$(GOLANGCI_LINT) run $(pkgs)
-endif
-endif
-
-.PHONY: common-yamllint
-common-yamllint:
-	@echo ">> running yamllint on all YAML files in the repository"
-ifeq (, $(shell which yamllint))
-	@echo "yamllint not installed so skipping"
-else
-	yamllint .
-endif
-
-# For backward-compatibility.
-.PHONY: common-staticcheck
-common-staticcheck: lint
-
-.PHONY: common-unused
-common-unused: $(GOVENDOR)
-ifdef GOVENDOR
-	@echo ">> running check for unused packages"
-	@$(GOVENDOR) list +unused | grep . && exit 1 || echo 'No unused packages'
-else
-ifdef GO111MODULE
-	@echo ">> running check for unused/missing packages in go.mod"
-	GO111MODULE=$(GO111MODULE) $(GO) mod tidy
-ifeq (,$(wildcard vendor))
-	@git diff --exit-code -- go.sum go.mod
-else
-	@echo ">> running check for unused packages in vendor/"
-	GO111MODULE=$(GO111MODULE) $(GO) mod vendor
-	@git diff --exit-code -- go.sum go.mod vendor/
-endif
-endif
-endif
-
-.PHONY: common-build
-common-build: promu
-	@echo ">> building binaries"
-	GO111MODULE=$(GO111MODULE) $(PROMU) build --prefix $(PREFIX) $(PROMU_BINARIES)
-
-.PHONY: common-tarball
-common-tarball: promu
-	@echo ">> building release tarball"
-	$(PROMU) tarball --prefix $(PREFIX) $(BIN_DIR)
-
-.PHONY: common-docker $(BUILD_DOCKER_ARCHS)
-common-docker: $(BUILD_DOCKER_ARCHS)
-$(BUILD_DOCKER_ARCHS): common-docker-%:
-	docker build -t "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" \
-		-f $(DOCKERFILE_PATH) \
-		--build-arg ARCH="$*" \
-		--build-arg OS="linux" \
-		$(DOCKERBUILD_CONTEXT)
-
-.PHONY: common-docker-publish $(PUBLISH_DOCKER_ARCHS)
-common-docker-publish: $(PUBLISH_DOCKER_ARCHS)
-$(PUBLISH_DOCKER_ARCHS): common-docker-publish-%:
-	docker push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)"
-
-DOCKER_MAJOR_VERSION_TAG = $(firstword $(subst ., ,$(shell cat VERSION)))
-.PHONY: common-docker-tag-latest $(TAG_DOCKER_ARCHS)
-common-docker-tag-latest: $(TAG_DOCKER_ARCHS)
-$(TAG_DOCKER_ARCHS): common-docker-tag-latest-%:
-	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:latest"
-	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:v$(DOCKER_MAJOR_VERSION_TAG)"
-
-.PHONY: common-docker-manifest
-common-docker-manifest:
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create -a "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)" $(foreach ARCH,$(DOCKER_ARCHS),$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$(ARCH):$(DOCKER_IMAGE_TAG))
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)"
-
-.PHONY: promu
-promu: $(PROMU)
-
-$(PROMU):
-	$(eval PROMU_TMP := $(shell mktemp -d))
-	curl -s -L $(PROMU_URL) | tar -xvzf - -C $(PROMU_TMP)
-	mkdir -p $(FIRST_GOPATH)/bin
-	cp $(PROMU_TMP)/promu-$(PROMU_VERSION).$(GO_BUILD_PLATFORM)/promu $(FIRST_GOPATH)/bin/promu
-	rm -r $(PROMU_TMP)
-
-.PHONY: proto
-proto:
-	@echo ">> generating code from proto files"
-	@./scripts/genproto.sh
-
-ifdef GOLANGCI_LINT
-$(GOLANGCI_LINT):
-	mkdir -p $(FIRST_GOPATH)/bin
-	curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/$(GOLANGCI_LINT_VERSION)/install.sh \
-		| sed -e '/install -d/d' \
-		| sh -s -- -b $(FIRST_GOPATH)/bin $(GOLANGCI_LINT_VERSION)
-endif
-
-ifdef GOVENDOR
-.PHONY: $(GOVENDOR)
-$(GOVENDOR):
-	GOOS= GOARCH= $(GO) get -u github.com/kardianos/govendor
-endif
-
-.PHONY: precheck
-precheck::
-
-define PRECHECK_COMMAND_template =
-precheck:: $(1)_precheck
-
-PRECHECK_COMMAND_$(1) ?= $(1) $$(strip $$(PRECHECK_OPTIONS_$(1)))
-.PHONY: $(1)_precheck
-$(1)_precheck:
-	@if ! $$(PRECHECK_COMMAND_$(1)) 1>/dev/null 2>&1; then \
-		echo "Execution of '$$(PRECHECK_COMMAND_$(1))' command failed. Is $(1) installed?"; \
-		exit 1; \
-	fi
-endef
diff --git a/vendor/github.com/prometheus/procfs/NOTICE b/vendor/github.com/prometheus/procfs/NOTICE
deleted file mode 100644
index 53c5e9aa1..000000000
--- a/vendor/github.com/prometheus/procfs/NOTICE
+++ /dev/null
@@ -1,7 +0,0 @@
-procfs provides functions to retrieve system, kernel and process
-metrics from the pseudo-filesystem proc.
-
-Copyright 2014-2015 The Prometheus Authors
-
-This product includes software developed at
-SoundCloud Ltd. (http://soundcloud.com/).
diff --git a/vendor/github.com/prometheus/procfs/README.md b/vendor/github.com/prometheus/procfs/README.md
deleted file mode 100644
index 43c37735a..000000000
--- a/vendor/github.com/prometheus/procfs/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# procfs
-
-This package provides functions to retrieve system, kernel, and process
-metrics from the pseudo-filesystems /proc and /sys.
-
-*WARNING*: This package is a work in progress. Its API may still break in
-backwards-incompatible ways without warnings. Use it at your own risk.
-
-[![Go Reference](https://pkg.go.dev/badge/github.com/prometheus/procfs.svg)](https://pkg.go.dev/github.com/prometheus/procfs)
-[![CircleCI](https://circleci.com/gh/prometheus/procfs/tree/master.svg?style=svg)](https://circleci.com/gh/prometheus/procfs/tree/master)
-[![Go Report Card](https://goreportcard.com/badge/github.com/prometheus/procfs)](https://goreportcard.com/report/github.com/prometheus/procfs)
-
-## Usage
-
-The procfs library is organized by packages based on whether the gathered data is coming from
-/proc, /sys, or both.  Each package contains an `FS` type which represents the path to either /proc, 
-/sys, or both.  For example, cpu statistics are gathered from
-`/proc/stat` and are available via the root procfs package.  First, the proc filesystem mount
-point is initialized, and then the stat information is read.
-
-```go
-fs, err := procfs.NewFS("/proc")
-stats, err := fs.Stat()
-```
-
-Some sub-packages such as `blockdevice`, require access to both the proc and sys filesystems.
-
-```go
-    fs, err := blockdevice.NewFS("/proc", "/sys")
-    stats, err := fs.ProcDiskstats()
-```
-
-## Package Organization
-
-The packages in this project are organized according to (1) whether the data comes from the `/proc` or
-`/sys` filesystem and (2) the type of information being retrieved.  For example, most process information
-can be gathered from the functions in the root `procfs` package.  Information about block devices such as disk drives
-is available in the `blockdevices` sub-package.
-
-## Building and Testing
-
-The procfs library is intended to be built as part of another application, so there are no distributable binaries.  
-However, most of the API includes unit tests which can be run with `make test`.
-
-### Updating Test Fixtures
-
-The procfs library includes a set of test fixtures which include many example files from
-the `/proc` and `/sys` filesystems.  These fixtures are included as a [ttar](https://github.com/ideaship/ttar) file
-which is extracted automatically during testing.  To add/update the test fixtures, first
-ensure the `fixtures` directory is up to date by removing the existing directory and then
-extracting the ttar file using `make fixtures/.unpacked` or just `make test`.
-
-```bash
-rm -rf fixtures
-make test
-```
-
-Next, make the required changes to the extracted files in the `fixtures` directory.  When
-the changes are complete, run `make update_fixtures` to create a new `fixtures.ttar` file
-based on the updated `fixtures` directory.  And finally, verify the changes using
-`git diff fixtures.ttar`.
diff --git a/vendor/github.com/prometheus/procfs/SECURITY.md b/vendor/github.com/prometheus/procfs/SECURITY.md
deleted file mode 100644
index 67741f015..000000000
--- a/vendor/github.com/prometheus/procfs/SECURITY.md
+++ /dev/null
@@ -1,6 +0,0 @@
-# Reporting a security issue
-
-The Prometheus security policy, including how to report vulnerabilities, can be
-found here:
-
-https://prometheus.io/docs/operating/security/
diff --git a/vendor/github.com/prometheus/procfs/arp.go b/vendor/github.com/prometheus/procfs/arp.go
deleted file mode 100644
index 4e47e6172..000000000
--- a/vendor/github.com/prometheus/procfs/arp.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net"
-	"strings"
-)
-
-// ARPEntry contains a single row of the columnar data represented in
-// /proc/net/arp.
-type ARPEntry struct {
-	// IP address
-	IPAddr net.IP
-	// MAC address
-	HWAddr net.HardwareAddr
-	// Name of the device
-	Device string
-}
-
-// GatherARPEntries retrieves all the ARP entries, parse the relevant columns,
-// and then return a slice of ARPEntry's.
-func (fs FS) GatherARPEntries() ([]ARPEntry, error) {
-	data, err := ioutil.ReadFile(fs.proc.Path("net/arp"))
-	if err != nil {
-		return nil, fmt.Errorf("error reading arp %q: %w", fs.proc.Path("net/arp"), err)
-	}
-
-	return parseARPEntries(data)
-}
-
-func parseARPEntries(data []byte) ([]ARPEntry, error) {
-	lines := strings.Split(string(data), "\n")
-	entries := make([]ARPEntry, 0)
-	var err error
-	const (
-		expectedDataWidth   = 6
-		expectedHeaderWidth = 9
-	)
-	for _, line := range lines {
-		columns := strings.Fields(line)
-		width := len(columns)
-
-		if width == expectedHeaderWidth || width == 0 {
-			continue
-		} else if width == expectedDataWidth {
-			entry, err := parseARPEntry(columns)
-			if err != nil {
-				return []ARPEntry{}, fmt.Errorf("failed to parse ARP entry: %w", err)
-			}
-			entries = append(entries, entry)
-		} else {
-			return []ARPEntry{}, fmt.Errorf("%d columns were detected, but %d were expected", width, expectedDataWidth)
-		}
-
-	}
-
-	return entries, err
-}
-
-func parseARPEntry(columns []string) (ARPEntry, error) {
-	ip := net.ParseIP(columns[0])
-	mac := net.HardwareAddr(columns[3])
-
-	entry := ARPEntry{
-		IPAddr: ip,
-		HWAddr: mac,
-		Device: columns[5],
-	}
-
-	return entry, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/buddyinfo.go b/vendor/github.com/prometheus/procfs/buddyinfo.go
deleted file mode 100644
index f5b7939b2..000000000
--- a/vendor/github.com/prometheus/procfs/buddyinfo.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright 2017 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"strconv"
-	"strings"
-)
-
-// A BuddyInfo is the details parsed from /proc/buddyinfo.
-// The data is comprised of an array of free fragments of each size.
-// The sizes are 2^n*PAGE_SIZE, where n is the array index.
-type BuddyInfo struct {
-	Node  string
-	Zone  string
-	Sizes []float64
-}
-
-// BuddyInfo reads the buddyinfo statistics from the specified `proc` filesystem.
-func (fs FS) BuddyInfo() ([]BuddyInfo, error) {
-	file, err := os.Open(fs.proc.Path("buddyinfo"))
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	return parseBuddyInfo(file)
-}
-
-func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) {
-	var (
-		buddyInfo   = []BuddyInfo{}
-		scanner     = bufio.NewScanner(r)
-		bucketCount = -1
-	)
-
-	for scanner.Scan() {
-		var err error
-		line := scanner.Text()
-		parts := strings.Fields(line)
-
-		if len(parts) < 4 {
-			return nil, fmt.Errorf("invalid number of fields when parsing buddyinfo")
-		}
-
-		node := strings.TrimRight(parts[1], ",")
-		zone := strings.TrimRight(parts[3], ",")
-		arraySize := len(parts[4:])
-
-		if bucketCount == -1 {
-			bucketCount = arraySize
-		} else {
-			if bucketCount != arraySize {
-				return nil, fmt.Errorf("mismatch in number of buddyinfo buckets, previous count %d, new count %d", bucketCount, arraySize)
-			}
-		}
-
-		sizes := make([]float64, arraySize)
-		for i := 0; i < arraySize; i++ {
-			sizes[i], err = strconv.ParseFloat(parts[i+4], 64)
-			if err != nil {
-				return nil, fmt.Errorf("invalid value in buddyinfo: %w", err)
-			}
-		}
-
-		buddyInfo = append(buddyInfo, BuddyInfo{node, zone, sizes})
-	}
-
-	return buddyInfo, scanner.Err()
-}
diff --git a/vendor/github.com/prometheus/procfs/cmdline.go b/vendor/github.com/prometheus/procfs/cmdline.go
deleted file mode 100644
index bf4f3b48c..000000000
--- a/vendor/github.com/prometheus/procfs/cmdline.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2021 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// CmdLine returns the command line of the kernel.
-func (fs FS) CmdLine() ([]string, error) {
-	data, err := util.ReadFileNoStat(fs.proc.Path("cmdline"))
-	if err != nil {
-		return nil, err
-	}
-
-	return strings.Fields(string(data)), nil
-}
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo.go b/vendor/github.com/prometheus/procfs/cpuinfo.go
deleted file mode 100644
index 5623b24a1..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo.go
+++ /dev/null
@@ -1,481 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"errors"
-	"fmt"
-	"regexp"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// CPUInfo contains general information about a system CPU found in /proc/cpuinfo
-type CPUInfo struct {
-	Processor       uint
-	VendorID        string
-	CPUFamily       string
-	Model           string
-	ModelName       string
-	Stepping        string
-	Microcode       string
-	CPUMHz          float64
-	CacheSize       string
-	PhysicalID      string
-	Siblings        uint
-	CoreID          string
-	CPUCores        uint
-	APICID          string
-	InitialAPICID   string
-	FPU             string
-	FPUException    string
-	CPUIDLevel      uint
-	WP              string
-	Flags           []string
-	Bugs            []string
-	BogoMips        float64
-	CLFlushSize     uint
-	CacheAlignment  uint
-	AddressSizes    string
-	PowerManagement string
-}
-
-var (
-	cpuinfoClockRegexp          = regexp.MustCompile(`([\d.]+)`)
-	cpuinfoS390XProcessorRegexp = regexp.MustCompile(`^processor\s+(\d+):.*`)
-)
-
-// CPUInfo returns information about current system CPUs.
-// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
-func (fs FS) CPUInfo() ([]CPUInfo, error) {
-	data, err := util.ReadFileNoStat(fs.proc.Path("cpuinfo"))
-	if err != nil {
-		return nil, err
-	}
-	return parseCPUInfo(data)
-}
-
-func parseCPUInfoX86(info []byte) ([]CPUInfo, error) {
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-
-	// find the first "processor" line
-	firstLine := firstNonEmptyLine(scanner)
-	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
-	}
-	field := strings.SplitN(firstLine, ": ", 2)
-	v, err := strconv.ParseUint(field[1], 0, 32)
-	if err != nil {
-		return nil, err
-	}
-	firstcpu := CPUInfo{Processor: uint(v)}
-	cpuinfo := []CPUInfo{firstcpu}
-	i := 0
-
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, ":") {
-			continue
-		}
-		field := strings.SplitN(line, ": ", 2)
-		switch strings.TrimSpace(field[0]) {
-		case "processor":
-			cpuinfo = append(cpuinfo, CPUInfo{}) // start of the next processor
-			i++
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].Processor = uint(v)
-		case "vendor", "vendor_id":
-			cpuinfo[i].VendorID = field[1]
-		case "cpu family":
-			cpuinfo[i].CPUFamily = field[1]
-		case "model":
-			cpuinfo[i].Model = field[1]
-		case "model name":
-			cpuinfo[i].ModelName = field[1]
-		case "stepping":
-			cpuinfo[i].Stepping = field[1]
-		case "microcode":
-			cpuinfo[i].Microcode = field[1]
-		case "cpu MHz":
-			v, err := strconv.ParseFloat(field[1], 64)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CPUMHz = v
-		case "cache size":
-			cpuinfo[i].CacheSize = field[1]
-		case "physical id":
-			cpuinfo[i].PhysicalID = field[1]
-		case "siblings":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].Siblings = uint(v)
-		case "core id":
-			cpuinfo[i].CoreID = field[1]
-		case "cpu cores":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CPUCores = uint(v)
-		case "apicid":
-			cpuinfo[i].APICID = field[1]
-		case "initial apicid":
-			cpuinfo[i].InitialAPICID = field[1]
-		case "fpu":
-			cpuinfo[i].FPU = field[1]
-		case "fpu_exception":
-			cpuinfo[i].FPUException = field[1]
-		case "cpuid level":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CPUIDLevel = uint(v)
-		case "wp":
-			cpuinfo[i].WP = field[1]
-		case "flags":
-			cpuinfo[i].Flags = strings.Fields(field[1])
-		case "bugs":
-			cpuinfo[i].Bugs = strings.Fields(field[1])
-		case "bogomips":
-			v, err := strconv.ParseFloat(field[1], 64)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].BogoMips = v
-		case "clflush size":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CLFlushSize = uint(v)
-		case "cache_alignment":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CacheAlignment = uint(v)
-		case "address sizes":
-			cpuinfo[i].AddressSizes = field[1]
-		case "power management":
-			cpuinfo[i].PowerManagement = field[1]
-		}
-	}
-	return cpuinfo, nil
-}
-
-func parseCPUInfoARM(info []byte) ([]CPUInfo, error) {
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-
-	firstLine := firstNonEmptyLine(scanner)
-	match, _ := regexp.MatchString("^[Pp]rocessor", firstLine)
-	if !match || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
-	}
-	field := strings.SplitN(firstLine, ": ", 2)
-	cpuinfo := []CPUInfo{}
-	featuresLine := ""
-	commonCPUInfo := CPUInfo{}
-	i := 0
-	if strings.TrimSpace(field[0]) == "Processor" {
-		commonCPUInfo = CPUInfo{ModelName: field[1]}
-		i = -1
-	} else {
-		v, err := strconv.ParseUint(field[1], 0, 32)
-		if err != nil {
-			return nil, err
-		}
-		firstcpu := CPUInfo{Processor: uint(v)}
-		cpuinfo = []CPUInfo{firstcpu}
-	}
-
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, ":") {
-			continue
-		}
-		field := strings.SplitN(line, ": ", 2)
-		switch strings.TrimSpace(field[0]) {
-		case "processor":
-			cpuinfo = append(cpuinfo, commonCPUInfo) // start of the next processor
-			i++
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].Processor = uint(v)
-		case "BogoMIPS":
-			if i == -1 {
-				cpuinfo = append(cpuinfo, commonCPUInfo) // There is only one processor
-				i++
-				cpuinfo[i].Processor = 0
-			}
-			v, err := strconv.ParseFloat(field[1], 64)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].BogoMips = v
-		case "Features":
-			featuresLine = line
-		case "model name":
-			cpuinfo[i].ModelName = field[1]
-		}
-	}
-	fields := strings.SplitN(featuresLine, ": ", 2)
-	for i := range cpuinfo {
-		cpuinfo[i].Flags = strings.Fields(fields[1])
-	}
-	return cpuinfo, nil
-
-}
-
-func parseCPUInfoS390X(info []byte) ([]CPUInfo, error) {
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-
-	firstLine := firstNonEmptyLine(scanner)
-	if !strings.HasPrefix(firstLine, "vendor_id") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
-	}
-	field := strings.SplitN(firstLine, ": ", 2)
-	cpuinfo := []CPUInfo{}
-	commonCPUInfo := CPUInfo{VendorID: field[1]}
-
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, ":") {
-			continue
-		}
-		field := strings.SplitN(line, ": ", 2)
-		switch strings.TrimSpace(field[0]) {
-		case "bogomips per cpu":
-			v, err := strconv.ParseFloat(field[1], 64)
-			if err != nil {
-				return nil, err
-			}
-			commonCPUInfo.BogoMips = v
-		case "features":
-			commonCPUInfo.Flags = strings.Fields(field[1])
-		}
-		if strings.HasPrefix(line, "processor") {
-			match := cpuinfoS390XProcessorRegexp.FindStringSubmatch(line)
-			if len(match) < 2 {
-				return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
-			}
-			cpu := commonCPUInfo
-			v, err := strconv.ParseUint(match[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpu.Processor = uint(v)
-			cpuinfo = append(cpuinfo, cpu)
-		}
-		if strings.HasPrefix(line, "cpu number") {
-			break
-		}
-	}
-
-	i := 0
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, ":") {
-			continue
-		}
-		field := strings.SplitN(line, ": ", 2)
-		switch strings.TrimSpace(field[0]) {
-		case "cpu number":
-			i++
-		case "cpu MHz dynamic":
-			clock := cpuinfoClockRegexp.FindString(strings.TrimSpace(field[1]))
-			v, err := strconv.ParseFloat(clock, 64)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CPUMHz = v
-		case "physical id":
-			cpuinfo[i].PhysicalID = field[1]
-		case "core id":
-			cpuinfo[i].CoreID = field[1]
-		case "cpu cores":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CPUCores = uint(v)
-		case "siblings":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].Siblings = uint(v)
-		}
-	}
-
-	return cpuinfo, nil
-}
-
-func parseCPUInfoMips(info []byte) ([]CPUInfo, error) {
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-
-	// find the first "processor" line
-	firstLine := firstNonEmptyLine(scanner)
-	if !strings.HasPrefix(firstLine, "system type") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
-	}
-	field := strings.SplitN(firstLine, ": ", 2)
-	cpuinfo := []CPUInfo{}
-	systemType := field[1]
-
-	i := 0
-
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, ":") {
-			continue
-		}
-		field := strings.SplitN(line, ": ", 2)
-		switch strings.TrimSpace(field[0]) {
-		case "processor":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			i = int(v)
-			cpuinfo = append(cpuinfo, CPUInfo{}) // start of the next processor
-			cpuinfo[i].Processor = uint(v)
-			cpuinfo[i].VendorID = systemType
-		case "cpu model":
-			cpuinfo[i].ModelName = field[1]
-		case "BogoMIPS":
-			v, err := strconv.ParseFloat(field[1], 64)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].BogoMips = v
-		}
-	}
-	return cpuinfo, nil
-}
-
-func parseCPUInfoPPC(info []byte) ([]CPUInfo, error) {
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-
-	firstLine := firstNonEmptyLine(scanner)
-	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
-	}
-	field := strings.SplitN(firstLine, ": ", 2)
-	v, err := strconv.ParseUint(field[1], 0, 32)
-	if err != nil {
-		return nil, err
-	}
-	firstcpu := CPUInfo{Processor: uint(v)}
-	cpuinfo := []CPUInfo{firstcpu}
-	i := 0
-
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, ":") {
-			continue
-		}
-		field := strings.SplitN(line, ": ", 2)
-		switch strings.TrimSpace(field[0]) {
-		case "processor":
-			cpuinfo = append(cpuinfo, CPUInfo{}) // start of the next processor
-			i++
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].Processor = uint(v)
-		case "cpu":
-			cpuinfo[i].VendorID = field[1]
-		case "clock":
-			clock := cpuinfoClockRegexp.FindString(strings.TrimSpace(field[1]))
-			v, err := strconv.ParseFloat(clock, 64)
-			if err != nil {
-				return nil, err
-			}
-			cpuinfo[i].CPUMHz = v
-		}
-	}
-	return cpuinfo, nil
-}
-
-func parseCPUInfoRISCV(info []byte) ([]CPUInfo, error) {
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-
-	firstLine := firstNonEmptyLine(scanner)
-	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
-	}
-	field := strings.SplitN(firstLine, ": ", 2)
-	v, err := strconv.ParseUint(field[1], 0, 32)
-	if err != nil {
-		return nil, err
-	}
-	firstcpu := CPUInfo{Processor: uint(v)}
-	cpuinfo := []CPUInfo{firstcpu}
-	i := 0
-
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, ":") {
-			continue
-		}
-		field := strings.SplitN(line, ": ", 2)
-		switch strings.TrimSpace(field[0]) {
-		case "processor":
-			v, err := strconv.ParseUint(field[1], 0, 32)
-			if err != nil {
-				return nil, err
-			}
-			i = int(v)
-			cpuinfo = append(cpuinfo, CPUInfo{}) // start of the next processor
-			cpuinfo[i].Processor = uint(v)
-		case "hart":
-			cpuinfo[i].CoreID = field[1]
-		case "isa":
-			cpuinfo[i].ModelName = field[1]
-		}
-	}
-	return cpuinfo, nil
-}
-
-func parseCPUInfoDummy(_ []byte) ([]CPUInfo, error) { // nolint:unused,deadcode
-	return nil, errors.New("not implemented")
-}
-
-// firstNonEmptyLine advances the scanner to the first non-empty line
-// and returns the contents of that line
-func firstNonEmptyLine(scanner *bufio.Scanner) string {
-	for scanner.Scan() {
-		line := scanner.Text()
-		if strings.TrimSpace(line) != "" {
-			return line
-		}
-	}
-	return ""
-}
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo_armx.go b/vendor/github.com/prometheus/procfs/cpuinfo_armx.go
deleted file mode 100644
index 44b590ed3..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo_armx.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-// +build arm arm64
-
-package procfs
-
-var parseCPUInfo = parseCPUInfoARM
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo_mipsx.go b/vendor/github.com/prometheus/procfs/cpuinfo_mipsx.go
deleted file mode 100644
index 91e272573..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo_mipsx.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-// +build mips mipsle mips64 mips64le
-
-package procfs
-
-var parseCPUInfo = parseCPUInfoMips
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo_others.go b/vendor/github.com/prometheus/procfs/cpuinfo_others.go
deleted file mode 100644
index 95b5b4ec4..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo_others.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-// +build !386,!amd64,!arm,!arm64,!mips,!mips64,!mips64le,!mipsle,!ppc64,!ppc64le,!riscv64,!s390x
-
-package procfs
-
-var parseCPUInfo = parseCPUInfoDummy
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo_ppcx.go b/vendor/github.com/prometheus/procfs/cpuinfo_ppcx.go
deleted file mode 100644
index 6068bd571..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo_ppcx.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-// +build ppc64 ppc64le
-
-package procfs
-
-var parseCPUInfo = parseCPUInfoPPC
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo_riscvx.go b/vendor/github.com/prometheus/procfs/cpuinfo_riscvx.go
deleted file mode 100644
index e83c2e207..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo_riscvx.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-// +build riscv riscv64
-
-package procfs
-
-var parseCPUInfo = parseCPUInfoRISCV
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo_s390x.go b/vendor/github.com/prometheus/procfs/cpuinfo_s390x.go
deleted file mode 100644
index 26814eeba..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo_s390x.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-
-package procfs
-
-var parseCPUInfo = parseCPUInfoS390X
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo_x86.go b/vendor/github.com/prometheus/procfs/cpuinfo_x86.go
deleted file mode 100644
index d5bedf97f..000000000
--- a/vendor/github.com/prometheus/procfs/cpuinfo_x86.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux
-// +build 386 amd64
-
-package procfs
-
-var parseCPUInfo = parseCPUInfoX86
diff --git a/vendor/github.com/prometheus/procfs/crypto.go b/vendor/github.com/prometheus/procfs/crypto.go
deleted file mode 100644
index 5048ad1f2..000000000
--- a/vendor/github.com/prometheus/procfs/crypto.go
+++ /dev/null
@@ -1,153 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Crypto holds info parsed from /proc/crypto.
-type Crypto struct {
-	Alignmask   *uint64
-	Async       bool
-	Blocksize   *uint64
-	Chunksize   *uint64
-	Ctxsize     *uint64
-	Digestsize  *uint64
-	Driver      string
-	Geniv       string
-	Internal    string
-	Ivsize      *uint64
-	Maxauthsize *uint64
-	MaxKeysize  *uint64
-	MinKeysize  *uint64
-	Module      string
-	Name        string
-	Priority    *int64
-	Refcnt      *int64
-	Seedsize    *uint64
-	Selftest    string
-	Type        string
-	Walksize    *uint64
-}
-
-// Crypto parses an crypto-file (/proc/crypto) and returns a slice of
-// structs containing the relevant info.  More information available here:
-// https://kernel.readthedocs.io/en/sphinx-samples/crypto-API.html
-func (fs FS) Crypto() ([]Crypto, error) {
-	path := fs.proc.Path("crypto")
-	b, err := util.ReadFileNoStat(path)
-	if err != nil {
-		return nil, fmt.Errorf("error reading crypto %q: %w", path, err)
-	}
-
-	crypto, err := parseCrypto(bytes.NewReader(b))
-	if err != nil {
-		return nil, fmt.Errorf("error parsing crypto %q: %w", path, err)
-	}
-
-	return crypto, nil
-}
-
-// parseCrypto parses a /proc/crypto stream into Crypto elements.
-func parseCrypto(r io.Reader) ([]Crypto, error) {
-	var out []Crypto
-
-	s := bufio.NewScanner(r)
-	for s.Scan() {
-		text := s.Text()
-		switch {
-		case strings.HasPrefix(text, "name"):
-			// Each crypto element begins with its name.
-			out = append(out, Crypto{})
-		case text == "":
-			continue
-		}
-
-		kv := strings.Split(text, ":")
-		if len(kv) != 2 {
-			return nil, fmt.Errorf("malformed crypto line: %q", text)
-		}
-
-		k := strings.TrimSpace(kv[0])
-		v := strings.TrimSpace(kv[1])
-
-		// Parse the key/value pair into the currently focused element.
-		c := &out[len(out)-1]
-		if err := c.parseKV(k, v); err != nil {
-			return nil, err
-		}
-	}
-
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-
-	return out, nil
-}
-
-// parseKV parses a key/value pair into the appropriate field of c.
-func (c *Crypto) parseKV(k, v string) error {
-	vp := util.NewValueParser(v)
-
-	switch k {
-	case "async":
-		// Interpret literal yes as true.
-		c.Async = v == "yes"
-	case "blocksize":
-		c.Blocksize = vp.PUInt64()
-	case "chunksize":
-		c.Chunksize = vp.PUInt64()
-	case "digestsize":
-		c.Digestsize = vp.PUInt64()
-	case "driver":
-		c.Driver = v
-	case "geniv":
-		c.Geniv = v
-	case "internal":
-		c.Internal = v
-	case "ivsize":
-		c.Ivsize = vp.PUInt64()
-	case "maxauthsize":
-		c.Maxauthsize = vp.PUInt64()
-	case "max keysize":
-		c.MaxKeysize = vp.PUInt64()
-	case "min keysize":
-		c.MinKeysize = vp.PUInt64()
-	case "module":
-		c.Module = v
-	case "name":
-		c.Name = v
-	case "priority":
-		c.Priority = vp.PInt64()
-	case "refcnt":
-		c.Refcnt = vp.PInt64()
-	case "seedsize":
-		c.Seedsize = vp.PUInt64()
-	case "selftest":
-		c.Selftest = v
-	case "type":
-		c.Type = v
-	case "walksize":
-		c.Walksize = vp.PUInt64()
-	}
-
-	return vp.Err()
-}
diff --git a/vendor/github.com/prometheus/procfs/doc.go b/vendor/github.com/prometheus/procfs/doc.go
deleted file mode 100644
index d31a82600..000000000
--- a/vendor/github.com/prometheus/procfs/doc.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright 2014 Prometheus Team
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package procfs provides functions to retrieve system, kernel and process
-// metrics from the pseudo-filesystem proc.
-//
-// Example:
-//
-//    package main
-//
-//    import (
-//    	"fmt"
-//    	"log"
-//
-//    	"github.com/prometheus/procfs"
-//    )
-//
-//    func main() {
-//    	p, err := procfs.Self()
-//    	if err != nil {
-//    		log.Fatalf("could not get process: %s", err)
-//    	}
-//
-//    	stat, err := p.Stat()
-//    	if err != nil {
-//    		log.Fatalf("could not get process stat: %s", err)
-//    	}
-//
-//    	fmt.Printf("command:  %s\n", stat.Comm)
-//    	fmt.Printf("cpu time: %fs\n", stat.CPUTime())
-//    	fmt.Printf("vsize:    %dB\n", stat.VirtualMemory())
-//    	fmt.Printf("rss:      %dB\n", stat.ResidentMemory())
-//    }
-//
-package procfs
diff --git a/vendor/github.com/prometheus/procfs/fixtures.ttar b/vendor/github.com/prometheus/procfs/fixtures.ttar
deleted file mode 100644
index 5e7eeef4a..000000000
--- a/vendor/github.com/prometheus/procfs/fixtures.ttar
+++ /dev/null
@@ -1,7673 +0,0 @@
-# Archive created by ttar -c -f fixtures.ttar fixtures/
-Directory: fixtures
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26231
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/cmdline
-Lines: 1
-vimNULLBYTEtest.goNULLBYTE+10NULLBYTEEOF
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/comm
-Lines: 1
-vim
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/cwd
-SymlinkTo: /usr/bin
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/environ
-Lines: 1
-PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binNULLBYTEHOSTNAME=cd24e11f73a5NULLBYTETERM=xtermNULLBYTEGOLANG_VERSION=1.12.5NULLBYTEGOPATH=/goNULLBYTEHOME=/rootNULLBYTEEOF
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/exe
-SymlinkTo: /usr/bin/vim
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26231/fd
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fd/0
-SymlinkTo: ../../symlinktargets/abc
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fd/1
-SymlinkTo: ../../symlinktargets/def
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fd/10
-SymlinkTo: ../../symlinktargets/xyz
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fd/2
-SymlinkTo: ../../symlinktargets/ghi
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fd/3
-SymlinkTo: ../../symlinktargets/uvw
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26231/fdinfo
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fdinfo/0
-Lines: 6
-pos:	0
-flags:	02004000
-mnt_id:	13
-inotify wd:3 ino:1 sdev:34 mask:fce ignored_mask:0 fhandle-bytes:c fhandle-type:81 f_handle:000000000100000000000000
-inotify wd:2 ino:1300016 sdev:fd00002 mask:fce ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:16003001ed3f022a
-inotify wd:1 ino:2e0001 sdev:fd00000 mask:fce ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:01002e00138e7c65
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fdinfo/1
-Lines: 4
-pos:	0
-flags:	02004002
-mnt_id:	13
-eventfd-count:                0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fdinfo/10
-Lines: 3
-pos:	0
-flags:	02004002
-mnt_id:	9
-Mode: 400
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fdinfo/2
-Lines: 3
-pos:	0
-flags:	02004002
-mnt_id:	9
-Mode: 400
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/fdinfo/3
-Lines: 3
-pos:	0
-flags:	02004002
-mnt_id:	9
-Mode: 400
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/io
-Lines: 7
-rchar: 750339
-wchar: 818609
-syscr: 7405
-syscw: 5245
-read_bytes: 1024
-write_bytes: 2048
-cancelled_write_bytes: -1024
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/limits
-Lines: 17
-Limit                     Soft Limit           Hard Limit           Units
-Max cpu time              unlimited            unlimited            seconds
-Max file size             unlimited            unlimited            bytes
-Max data size             unlimited            unlimited            bytes
-Max stack size            8388608              unlimited            bytes
-Max core file size        0                    unlimited            bytes
-Max resident set          unlimited            unlimited            bytes
-Max processes             62898                62898                processes
-Max open files            2048                 4096                 files
-Max locked memory         18446744073708503040 18446744073708503040 bytes
-Max address space         8589934592           unlimited            bytes
-Max file locks            unlimited            unlimited            locks
-Max pending signals       62898                62898                signals
-Max msgqueue size         819200               819200               bytes
-Max nice priority         0                    0
-Max realtime priority     0                    0
-Max realtime timeout      unlimited            unlimited            us
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/mountstats
-Lines: 20
-device rootfs mounted on / with fstype rootfs
-device sysfs mounted on /sys with fstype sysfs
-device proc mounted on /proc with fstype proc
-device /dev/sda1 mounted on / with fstype ext4
-device 192.168.1.1:/srv/test mounted on /mnt/nfs/test with fstype nfs4 statvers=1.1
-	opts:	rw,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,acregmin=3,acregmax=60,acdirmin=30,acdirmax=60,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,mountaddr=192.168.1.1,clientaddr=192.168.1.5,local_lock=none
-	age:	13968
-	caps:	caps=0xfff7,wtmult=512,dtsize=32768,bsize=0,namlen=255
-	nfsv4:	bm0=0xfdffafff,bm1=0xf9be3e,bm2=0x0,acl=0x0,pnfs=not configured
-	sec:	flavor=1,pseudoflavor=1
-	events:	52 226 0 0 1 13 398 0 0 331 0 47 0 0 77 0 0 77 0 0 0 0 0 0 0 0 0
-	bytes:	1207640230 0 0 0 1210214218 0 295483 0
-	RPC iostats version: 1.0  p/v: 100003/4 (nfs)
-	xprt:	tcp 832 0 1 0 11 6428 6428 0 12154 0 24 26 5726
-	per-op statistics
-	        NULL: 0 0 0 0 0 0 0 0
-	        READ: 1298 1298 0 207680 1210292152 6 79386 79407
-	       WRITE: 0 0 0 0 0 0 0 0
-	      ACCESS: 2927395007 2927394995 0 526931094212 362996810236 18446743919241604546 1667369447 1953587717
-
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26231/net
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/net/dev
-Lines: 4
-Inter-|   Receive                                                |  Transmit
- face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
-    lo:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
-  eth0:     438       5    0    0    0     0          0         0      648       8    0    0    0     0       0          0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26231/ns
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/ns/mnt
-SymlinkTo: mnt:[4026531840]
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/ns/net
-SymlinkTo: net:[4026531993]
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/root
-SymlinkTo: /
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/schedstat
-Lines: 1
-411605849 93680043 79
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/smaps
-Lines: 252
-00400000-00cb1000 r-xp 00000000 fd:01 952273                             /bin/alertmanager
-Size:               8900 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                2952 kB
-Pss:                2952 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:      2952 kB
-Private_Dirty:         0 kB
-Referenced:         2864 kB
-Anonymous:             0 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  0 kB
-SwapPss:               0 kB
-Locked:                0 kB
-VmFlags: rd ex mr mw me dw sd 
-00cb1000-016b0000 r--p 008b1000 fd:01 952273                             /bin/alertmanager
-Size:              10236 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                6152 kB
-Pss:                6152 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:      6152 kB
-Private_Dirty:         0 kB
-Referenced:         5308 kB
-Anonymous:             0 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  0 kB
-SwapPss:               0 kB
-Locked:                0 kB
-VmFlags: rd mr mw me dw sd 
-016b0000-0171a000 rw-p 012b0000 fd:01 952273                             /bin/alertmanager
-Size:                424 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                 176 kB
-Pss:                 176 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:        84 kB
-Private_Dirty:        92 kB
-Referenced:          176 kB
-Anonymous:            92 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                 12 kB
-SwapPss:              12 kB
-Locked:                0 kB
-VmFlags: rd wr mr mw me dw ac sd 
-0171a000-0173f000 rw-p 00000000 00:00 0 
-Size:                148 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                  76 kB
-Pss:                  76 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:         0 kB
-Private_Dirty:        76 kB
-Referenced:           76 kB
-Anonymous:            76 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  0 kB
-SwapPss:               0 kB
-Locked:                0 kB
-VmFlags: rd wr mr mw me ac sd 
-c000000000-c000400000 rw-p 00000000 00:00 0 
-Size:               4096 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                2564 kB
-Pss:                2564 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:        20 kB
-Private_Dirty:      2544 kB
-Referenced:         2544 kB
-Anonymous:          2564 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:               1100 kB
-SwapPss:            1100 kB
-Locked:                0 kB
-VmFlags: rd wr mr mw me ac sd 
-c000400000-c001600000 rw-p 00000000 00:00 0 
-Size:              18432 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:               16024 kB
-Pss:               16024 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:      5864 kB
-Private_Dirty:     10160 kB
-Referenced:        11944 kB
-Anonymous:         16024 kB
-LazyFree:           5848 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                440 kB
-SwapPss:             440 kB
-Locked:                0 kB
-VmFlags: rd wr mr mw me ac sd nh 
-c001600000-c004000000 rw-p 00000000 00:00 0 
-Size:              43008 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                   0 kB
-Pss:                   0 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:         0 kB
-Private_Dirty:         0 kB
-Referenced:            0 kB
-Anonymous:             0 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  0 kB
-SwapPss:               0 kB
-Locked:                0 kB
-VmFlags: rd wr mr mw me ac sd 
-7f0ab95ca000-7f0abbb7b000 rw-p 00000000 00:00 0 
-Size:              38596 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                1992 kB
-Pss:                1992 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:       476 kB
-Private_Dirty:      1516 kB
-Referenced:         1828 kB
-Anonymous:          1992 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                384 kB
-SwapPss:             384 kB
-Locked:                0 kB
-VmFlags: rd wr mr mw me ac sd 
-7ffc07ecf000-7ffc07ef0000 rw-p 00000000 00:00 0                          [stack]
-Size:                132 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                   8 kB
-Pss:                   8 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:         0 kB
-Private_Dirty:         8 kB
-Referenced:            8 kB
-Anonymous:             8 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  4 kB
-SwapPss:               4 kB
-Locked:                0 kB
-VmFlags: rd wr mr mw me gd ac 
-7ffc07f9e000-7ffc07fa1000 r--p 00000000 00:00 0                          [vvar]
-Size:                 12 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                   0 kB
-Pss:                   0 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:         0 kB
-Private_Dirty:         0 kB
-Referenced:            0 kB
-Anonymous:             0 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  0 kB
-SwapPss:               0 kB
-Locked:                0 kB
-VmFlags: rd mr pf io de dd sd 
-7ffc07fa1000-7ffc07fa3000 r-xp 00000000 00:00 0                          [vdso]
-Size:                  8 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                   4 kB
-Pss:                   0 kB
-Shared_Clean:          4 kB
-Shared_Dirty:          0 kB
-Private_Clean:         0 kB
-Private_Dirty:         0 kB
-Referenced:            4 kB
-Anonymous:             0 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  0 kB
-SwapPss:               0 kB
-Locked:                0 kB
-VmFlags: rd ex mr mw me de sd 
-ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
-Size:                  4 kB
-KernelPageSize:        4 kB
-MMUPageSize:           4 kB
-Rss:                   0 kB
-Pss:                   0 kB
-Shared_Clean:          0 kB
-Shared_Dirty:          0 kB
-Private_Clean:         0 kB
-Private_Dirty:         0 kB
-Referenced:            0 kB
-Anonymous:             0 kB
-LazyFree:              0 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:                  0 kB
-SwapPss:               0 kB
-Locked:                0 kB
-VmFlags: rd ex 
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/smaps_rollup
-Lines: 17
-00400000-ffffffffff601000 ---p 00000000 00:00 0                          [rollup]
-Rss:               29948 kB
-Pss:               29944 kB
-Shared_Clean:          4 kB
-Shared_Dirty:          0 kB
-Private_Clean:     15548 kB
-Private_Dirty:     14396 kB
-Referenced:        24752 kB
-Anonymous:         20756 kB
-LazyFree:           5848 kB
-AnonHugePages:         0 kB
-ShmemPmdMapped:        0 kB
-Shared_Hugetlb:        0 kB
-Private_Hugetlb:       0 kB
-Swap:               1940 kB
-SwapPss:            1940 kB
-Locked:                0 kB
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/stat
-Lines: 1
-26231 (vim) R 5392 7446 5392 34835 7446 4218880 32533 309516 26 82 1677 44 158 99 20 0 1 0 82375 56274944 1981 18446744073709551615 4194304 6294284 140736914091744 140736914087944 139965136429984 0 0 12288 1870679807 0 0 0 17 0 0 0 31 0 0 8391624 8481048 16420864 140736914093252 140736914093279 140736914093279 140736914096107 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/status
-Lines: 53
-
-Name:	prometheus
-Umask:	0022
-State:	S (sleeping)
-Tgid:	26231
-Ngid:	0
-Pid:	26231
-PPid:	1
-TracerPid:	0
-Uid:	1000	1000	1000	0
-Gid:	1001	1001	1001	0
-FDSize:	128
-Groups:
-NStgid:	1
-NSpid:	1
-NSpgid:	1
-NSsid:	1
-VmPeak:	   58472 kB
-VmSize:	   58440 kB
-VmLck:	       0 kB
-VmPin:	       0 kB
-VmHWM:	    8028 kB
-VmRSS:	    6716 kB
-RssAnon:	    2092 kB
-RssFile:	    4624 kB
-RssShmem:	       0 kB
-VmData:	    2580 kB
-VmStk:	     136 kB
-VmExe:	     948 kB
-VmLib:	    6816 kB
-VmPTE:	     128 kB
-VmPMD:	      12 kB
-VmSwap:	     660 kB
-HugetlbPages:	       0 kB
-Threads:	1
-SigQ:	8/63965
-SigPnd:	0000000000000000
-ShdPnd:	0000000000000000
-SigBlk:	7be3c0fe28014a03
-SigIgn:	0000000000001000
-SigCgt:	00000001800004ec
-CapInh:	0000000000000000
-CapPrm:	0000003fffffffff
-CapEff:	0000003fffffffff
-CapBnd:	0000003fffffffff
-CapAmb:	0000000000000000
-Seccomp:	0
-Cpus_allowed:	ff
-Cpus_allowed_list:	0-7
-Mems_allowed:	00000000,00000001
-Mems_allowed_list:	0
-voluntary_ctxt_switches:	4742839
-nonvoluntary_ctxt_switches:	1727500
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26231/wchan
-Lines: 1
-poll_schedule_timeoutEOF
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26232
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/cmdline
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/comm
-Lines: 1
-ata_sff
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/cwd
-SymlinkTo: /does/not/exist
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26232/fd
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/fd/0
-SymlinkTo: ../../symlinktargets/abc
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/fd/1
-SymlinkTo: ../../symlinktargets/def
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/fd/2
-SymlinkTo: ../../symlinktargets/ghi
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/fd/3
-SymlinkTo: ../../symlinktargets/uvw
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/fd/4
-SymlinkTo: ../../symlinktargets/xyz
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/limits
-Lines: 17
-Limit                     Soft Limit           Hard Limit           Units
-Max cpu time              unlimited            unlimited            seconds
-Max file size             unlimited            unlimited            bytes
-Max data size             unlimited            unlimited            bytes
-Max stack size            8388608              unlimited            bytes
-Max core file size        0                    unlimited            bytes
-Max resident set          unlimited            unlimited            bytes
-Max processes             29436                29436                processes
-Max open files            1024                 4096                 files
-Max locked memory         65536                65536                bytes
-Max address space         unlimited            unlimited            bytes
-Max file locks            unlimited            unlimited            locks
-Max pending signals       29436                29436                signals
-Max msgqueue size         819200               819200               bytes
-Max nice priority         0                    0
-Max realtime priority     0                    0
-Max realtime timeout      unlimited            unlimited            us
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/maps
-Lines: 9
-55680ae1e000-55680ae20000 r--p 00000000 fd:01 47316994                   /bin/cat
-55680ae29000-55680ae2a000 rwxs 0000a000 fd:01 47316994                   /bin/cat
-55680bed6000-55680bef7000 rw-p 00000000 00:00 0                          [heap]
-7fdf964fc000-7fdf973f2000 r--p 00000000 fd:01 17432624                   /usr/lib/locale/locale-archive
-7fdf973f2000-7fdf97417000 r--p 00000000 fd:01 60571062                   /lib/x86_64-linux-gnu/libc-2.29.so
-7ffe9215c000-7ffe9217f000 rw-p 00000000 00:00 0                          [stack]
-7ffe921da000-7ffe921dd000 r--p 00000000 00:00 0                          [vvar]
-7ffe921dd000-7ffe921de000 r-xp 00000000 00:00 0                          [vdso]
-ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/root
-SymlinkTo: /does/not/exist
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/stat
-Lines: 1
-33 (ata_sff) S 2 0 0 0 -1 69238880 0 0 0 0 0 0 0 0 0 -20 1 0 5 0 0 18446744073709551615 0 0 0 0 0 0 0 2147483647 0 18446744073709551615 0 0 17 1 0 0 0 0 0 0 0 0 0 0 0 0 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26232/wchan
-Lines: 1
-0EOF
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26233
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26233/cmdline
-Lines: 1
-com.github.uiautomatorNULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTENULLBYTEEOF
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26233/schedstat
-Lines: 8
- ____________________________________
-< this is a malformed schedstat file >
- ------------------------------------
-        \   ^__^
-         \  (oo)\_______
-            (__)\       )\/\
-                ||----w |
-                ||     ||
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/26234
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/26234/maps
-Lines: 4
-08048000-08089000 r-xp 00000000 03:01 104219 /bin/tcsh
-08089000-0808c000 rw-p 00041000 03:01 104219 /bin/tcsh
-0808c000-08146000 rwxp 00000000 00:00 0
-40000000-40015000 r-xp 00000000 03:01 61874 /lib/ld-2.3.2.so
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/584
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/584/stat
-Lines: 2
-1020 ((a b ) ( c d) ) R 28378 1020 28378 34842 1020 4218880 286 0 0 0 0 0 0 0 20 0 1 0 10839175 10395648 155 18446744073709551615 4194304 4238788 140736466511168 140736466511168 140609271124624 0 0 0 0 0 0 0 17 5 0 0 0 0 0 6336016 6337300 25579520 140736466515030 140736466515061 140736466515061 140736466518002 0
-#!/bin/cat /proc/self/stat
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/buddyinfo
-Lines: 3
-Node 0, zone      DMA      1      0      1      0      2      1      1      0      1      1      3
-Node 0, zone    DMA32    759    572    791    475    194     45     12      0      0      0      0
-Node 0, zone   Normal   4381   1093    185   1530    567    102      4      0      0      0      0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/cmdline
-Lines: 1
-BOOT_IMAGE=/vmlinuz-5.11.0-22-generic root=UUID=456a0345-450d-4f7b-b7c9-43e3241d99ad ro quiet splash vt.handoff=7
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/cpuinfo
-Lines: 216
-processor	: 0
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 799.998
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 0
-cpu cores	: 4
-apicid		: 0
-initial apicid	: 0
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-processor	: 1
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 800.037
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 1
-cpu cores	: 4
-apicid		: 2
-initial apicid	: 2
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-processor	: 2
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 800.010
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 2
-cpu cores	: 4
-apicid		: 4
-initial apicid	: 4
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-processor	: 3
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 800.028
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 3
-cpu cores	: 4
-apicid		: 6
-initial apicid	: 6
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-processor	: 4
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 799.989
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 0
-cpu cores	: 4
-apicid		: 1
-initial apicid	: 1
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-processor	: 5
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 800.083
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 1
-cpu cores	: 4
-apicid		: 3
-initial apicid	: 3
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-processor	: 6
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 800.017
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 2
-cpu cores	: 4
-apicid		: 5
-initial apicid	: 5
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-processor	: 7
-vendor_id	: GenuineIntel
-cpu family	: 6
-model		: 142
-model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
-stepping	: 10
-microcode	: 0xb4
-cpu MHz		: 800.030
-cache size	: 8192 KB
-physical id	: 0
-siblings	: 8
-core id		: 3
-cpu cores	: 4
-apicid		: 7
-initial apicid	: 7
-fpu		: yes
-fpu_exception	: yes
-cpuid level	: 22
-wp		: yes
-flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
-bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs
-bogomips	: 4224.00
-clflush size	: 64
-cache_alignment	: 64
-address sizes	: 39 bits physical, 48 bits virtual
-power management:
-
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/crypto
-Lines: 972
-name         : ccm(aes)
-driver       : ccm_base(ctr(aes-aesni),cbcmac(aes-aesni))
-module       : ccm
-priority     : 300
-refcnt       : 4
-selftest     : passed
-internal     : no
-type         : aead
-async        : no
-blocksize    : 1
-ivsize       : 16
-maxauthsize  : 16
-geniv        : <none>
-
-name         : cbcmac(aes)
-driver       : cbcmac(aes-aesni)
-module       : ccm
-priority     : 300
-refcnt       : 7
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 1
-digestsize   : 16
-
-name         : ecdh
-driver       : ecdh-generic
-module       : ecdh_generic
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : kpp
-async        : yes
-
-name         : ecb(arc4)
-driver       : ecb(arc4)-generic
-module       : arc4
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : no
-blocksize    : 1
-min keysize  : 1
-max keysize  : 256
-ivsize       : 0
-chunksize    : 1
-walksize     : 1
-
-name         : arc4
-driver       : arc4-generic
-module       : arc4
-priority     : 0
-refcnt       : 3
-selftest     : passed
-internal     : no
-type         : cipher
-blocksize    : 1
-min keysize  : 1
-max keysize  : 256
-
-name         : crct10dif
-driver       : crct10dif-pclmul
-module       : crct10dif_pclmul
-priority     : 200
-refcnt       : 2
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 1
-digestsize   : 2
-
-name         : crc32
-driver       : crc32-pclmul
-module       : crc32_pclmul
-priority     : 200
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 1
-digestsize   : 4
-
-name         : __ghash
-driver       : cryptd(__ghash-pclmulqdqni)
-module       : kernel
-priority     : 50
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : ahash
-async        : yes
-blocksize    : 16
-digestsize   : 16
-
-name         : ghash
-driver       : ghash-clmulni
-module       : ghash_clmulni_intel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : ahash
-async        : yes
-blocksize    : 16
-digestsize   : 16
-
-name         : __ghash
-driver       : __ghash-pclmulqdqni
-module       : ghash_clmulni_intel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : shash
-blocksize    : 16
-digestsize   : 16
-
-name         : crc32c
-driver       : crc32c-intel
-module       : crc32c_intel
-priority     : 200
-refcnt       : 5
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 1
-digestsize   : 4
-
-name         : cbc(aes)
-driver       : cbc(aes-aesni)
-module       : kernel
-priority     : 300
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : no
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : ctr(aes)
-driver       : ctr(aes-aesni)
-module       : kernel
-priority     : 300
-refcnt       : 5
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : no
-blocksize    : 1
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : pkcs1pad(rsa,sha256)
-driver       : pkcs1pad(rsa-generic,sha256)
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : akcipher
-
-name         : __xts(aes)
-driver       : cryptd(__xts-aes-aesni)
-module       : kernel
-priority     : 451
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : yes
-blocksize    : 16
-min keysize  : 32
-max keysize  : 64
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : xts(aes)
-driver       : xts-aes-aesni
-module       : kernel
-priority     : 401
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : yes
-blocksize    : 16
-min keysize  : 32
-max keysize  : 64
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : __ctr(aes)
-driver       : cryptd(__ctr-aes-aesni)
-module       : kernel
-priority     : 450
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : yes
-blocksize    : 1
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : ctr(aes)
-driver       : ctr-aes-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : yes
-blocksize    : 1
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : __cbc(aes)
-driver       : cryptd(__cbc-aes-aesni)
-module       : kernel
-priority     : 450
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : yes
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : cbc(aes)
-driver       : cbc-aes-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : yes
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : __ecb(aes)
-driver       : cryptd(__ecb-aes-aesni)
-module       : kernel
-priority     : 450
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : yes
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 0
-chunksize    : 16
-walksize     : 16
-
-name         : ecb(aes)
-driver       : ecb-aes-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : yes
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 0
-chunksize    : 16
-walksize     : 16
-
-name         : __generic-gcm-aes-aesni
-driver       : cryptd(__driver-generic-gcm-aes-aesni)
-module       : kernel
-priority     : 50
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : aead
-async        : yes
-blocksize    : 1
-ivsize       : 12
-maxauthsize  : 16
-geniv        : <none>
-
-name         : gcm(aes)
-driver       : generic-gcm-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : aead
-async        : yes
-blocksize    : 1
-ivsize       : 12
-maxauthsize  : 16
-geniv        : <none>
-
-name         : __generic-gcm-aes-aesni
-driver       : __driver-generic-gcm-aes-aesni
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : aead
-async        : no
-blocksize    : 1
-ivsize       : 12
-maxauthsize  : 16
-geniv        : <none>
-
-name         : __gcm-aes-aesni
-driver       : cryptd(__driver-gcm-aes-aesni)
-module       : kernel
-priority     : 50
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : aead
-async        : yes
-blocksize    : 1
-ivsize       : 8
-maxauthsize  : 16
-geniv        : <none>
-
-name         : rfc4106(gcm(aes))
-driver       : rfc4106-gcm-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : aead
-async        : yes
-blocksize    : 1
-ivsize       : 8
-maxauthsize  : 16
-geniv        : <none>
-
-name         : __gcm-aes-aesni
-driver       : __driver-gcm-aes-aesni
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : aead
-async        : no
-blocksize    : 1
-ivsize       : 8
-maxauthsize  : 16
-geniv        : <none>
-
-name         : __xts(aes)
-driver       : __xts-aes-aesni
-module       : kernel
-priority     : 401
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : no
-blocksize    : 16
-min keysize  : 32
-max keysize  : 64
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : __ctr(aes)
-driver       : __ctr-aes-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : no
-blocksize    : 1
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : __cbc(aes)
-driver       : __cbc-aes-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : no
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-chunksize    : 16
-walksize     : 16
-
-name         : __ecb(aes)
-driver       : __ecb-aes-aesni
-module       : kernel
-priority     : 400
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : skcipher
-async        : no
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 0
-chunksize    : 16
-walksize     : 16
-
-name         : __aes
-driver       : __aes-aesni
-module       : kernel
-priority     : 300
-refcnt       : 1
-selftest     : passed
-internal     : yes
-type         : cipher
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-
-name         : aes
-driver       : aes-aesni
-module       : kernel
-priority     : 300
-refcnt       : 8
-selftest     : passed
-internal     : no
-type         : cipher
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-
-name         : hmac(sha1)
-driver       : hmac(sha1-generic)
-module       : kernel
-priority     : 100
-refcnt       : 9
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 64
-digestsize   : 20
-
-name         : ghash
-driver       : ghash-generic
-module       : kernel
-priority     : 100
-refcnt       : 3
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 16
-digestsize   : 16
-
-name         : jitterentropy_rng
-driver       : jitterentropy_rng
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_hmac_sha256
-module       : kernel
-priority     : 221
-refcnt       : 2
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_hmac_sha512
-module       : kernel
-priority     : 220
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_hmac_sha384
-module       : kernel
-priority     : 219
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_hmac_sha1
-module       : kernel
-priority     : 218
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_sha256
-module       : kernel
-priority     : 217
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_sha512
-module       : kernel
-priority     : 216
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_sha384
-module       : kernel
-priority     : 215
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_sha1
-module       : kernel
-priority     : 214
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_ctr_aes256
-module       : kernel
-priority     : 213
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_ctr_aes192
-module       : kernel
-priority     : 212
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_nopr_ctr_aes128
-module       : kernel
-priority     : 211
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : hmac(sha256)
-driver       : hmac(sha256-generic)
-module       : kernel
-priority     : 100
-refcnt       : 10
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 64
-digestsize   : 32
-
-name         : stdrng
-driver       : drbg_pr_hmac_sha256
-module       : kernel
-priority     : 210
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_hmac_sha512
-module       : kernel
-priority     : 209
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_hmac_sha384
-module       : kernel
-priority     : 208
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_hmac_sha1
-module       : kernel
-priority     : 207
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_sha256
-module       : kernel
-priority     : 206
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_sha512
-module       : kernel
-priority     : 205
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_sha384
-module       : kernel
-priority     : 204
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_sha1
-module       : kernel
-priority     : 203
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_ctr_aes256
-module       : kernel
-priority     : 202
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_ctr_aes192
-module       : kernel
-priority     : 201
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : stdrng
-driver       : drbg_pr_ctr_aes128
-module       : kernel
-priority     : 200
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : rng
-seedsize     : 0
-
-name         : 842
-driver       : 842-scomp
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : scomp
-
-name         : 842
-driver       : 842-generic
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : compression
-
-name         : lzo-rle
-driver       : lzo-rle-scomp
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : scomp
-
-name         : lzo-rle
-driver       : lzo-rle-generic
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : compression
-
-name         : lzo
-driver       : lzo-scomp
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : scomp
-
-name         : lzo
-driver       : lzo-generic
-module       : kernel
-priority     : 0
-refcnt       : 9
-selftest     : passed
-internal     : no
-type         : compression
-
-name         : crct10dif
-driver       : crct10dif-generic
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 1
-digestsize   : 2
-
-name         : crc32c
-driver       : crc32c-generic
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 1
-digestsize   : 4
-
-name         : zlib-deflate
-driver       : zlib-deflate-scomp
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : scomp
-
-name         : deflate
-driver       : deflate-scomp
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : scomp
-
-name         : deflate
-driver       : deflate-generic
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : compression
-
-name         : aes
-driver       : aes-generic
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : cipher
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-
-name         : sha224
-driver       : sha224-generic
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 64
-digestsize   : 28
-
-name         : sha256
-driver       : sha256-generic
-module       : kernel
-priority     : 100
-refcnt       : 11
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 64
-digestsize   : 32
-
-name         : sha1
-driver       : sha1-generic
-module       : kernel
-priority     : 100
-refcnt       : 11
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 64
-digestsize   : 20
-
-name         : md5
-driver       : md5-generic
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 64
-digestsize   : 16
-
-name         : ecb(cipher_null)
-driver       : ecb-cipher_null
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : skcipher
-async        : no
-blocksize    : 1
-min keysize  : 0
-max keysize  : 0
-ivsize       : 0
-chunksize    : 1
-walksize     : 1
-
-name         : digest_null
-driver       : digest_null-generic
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : shash
-blocksize    : 1
-digestsize   : 0
-
-name         : compress_null
-driver       : compress_null-generic
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : compression
-
-name         : cipher_null
-driver       : cipher_null-generic
-module       : kernel
-priority     : 0
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : cipher
-blocksize    : 1
-min keysize  : 0
-max keysize  : 0
-
-name         : rsa
-driver       : rsa-generic
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : akcipher
-
-name         : dh
-driver       : dh-generic
-module       : kernel
-priority     : 100
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : kpp
-
-name         : aes
-driver       : aes-asm
-module       : kernel
-priority     : 200
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : cipher
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-
-Mode: 444
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/diskstats
-Lines: 52
-   1       0 ram0 0 0 0 0 0 0 0 0 0 0 0
-   1       1 ram1 0 0 0 0 0 0 0 0 0 0 0
-   1       2 ram2 0 0 0 0 0 0 0 0 0 0 0
-   1       3 ram3 0 0 0 0 0 0 0 0 0 0 0
-   1       4 ram4 0 0 0 0 0 0 0 0 0 0 0
-   1       5 ram5 0 0 0 0 0 0 0 0 0 0 0
-   1       6 ram6 0 0 0 0 0 0 0 0 0 0 0
-   1       7 ram7 0 0 0 0 0 0 0 0 0 0 0
-   1       8 ram8 0 0 0 0 0 0 0 0 0 0 0
-   1       9 ram9 0 0 0 0 0 0 0 0 0 0 0
-   1      10 ram10 0 0 0 0 0 0 0 0 0 0 0
-   1      11 ram11 0 0 0 0 0 0 0 0 0 0 0
-   1      12 ram12 0 0 0 0 0 0 0 0 0 0 0
-   1      13 ram13 0 0 0 0 0 0 0 0 0 0 0
-   1      14 ram14 0 0 0 0 0 0 0 0 0 0 0
-   1      15 ram15 0 0 0 0 0 0 0 0 0 0 0
-   7       0 loop0 0 0 0 0 0 0 0 0 0 0 0
-   7       1 loop1 0 0 0 0 0 0 0 0 0 0 0
-   7       2 loop2 0 0 0 0 0 0 0 0 0 0 0
-   7       3 loop3 0 0 0 0 0 0 0 0 0 0 0
-   7       4 loop4 0 0 0 0 0 0 0 0 0 0 0
-   7       5 loop5 0 0 0 0 0 0 0 0 0 0 0
-   7       6 loop6 0 0 0 0 0 0 0 0 0 0 0
-   7       7 loop7 0 0 0 0 0 0 0 0 0 0 0
-   8       0 sda 25354637 34367663 1003346126 18492372 28444756 11134226 505697032 63877960 0 9653880 82621804
-   8       1 sda1 250 0 2000 36 0 0 0 0 0 36 36
-   8       2 sda2 246 0 1968 32 0 0 0 0 0 32 32
-   8       3 sda3 340 13 2818 52 11 8 152 8 0 56 60
-   8       4 sda4 25353629 34367650 1003337964 18492232 27448755 11134218 505696880 61593380 0 7576432 80332428
- 252       0 dm-0 59910002 0 1003337218 46229572 39231014 0 505696880 1158557800 0 11325968 1206301256
- 252       1 dm-1 388 0 3104 84 74 0 592 0 0 76 84
- 252       2 dm-2 11571 0 308350 6536 153522 0 5093416 122884 0 65400 129416
- 252       3 dm-3 3870 0 3870 104 0 0 0 0 0 16 104
- 252       4 dm-4 392 0 1034 28 38 0 137 16 0 24 44
- 252       5 dm-5 3729 0 84279 924 98918 0 1151688 104684 0 58848 105632
- 179       0 mmcblk0 192 3 1560 156 0 0 0 0 0 136 156
- 179       1 mmcblk0p1 17 3 160 24 0 0 0 0 0 24 24
- 179       2 mmcblk0p2 95 0 760 68 0 0 0 0 0 68 68
-   2       0 fd0 2 0 16 80 0 0 0 0 0 80 80
- 254       0 vda 1775784 15386 32670882 8655768 6038856 20711856 213637440 2069221364 0 41614592 2077872228
- 254       1 vda1 668 85 5984 956 207 4266 35784 32772 0 8808 33720
- 254       2 vda2 1774936 15266 32663262 8654692 5991028 20707590 213601656 2069152216 0 41607628 2077801992
-  11       0 sr0 0 0 0 0 0 0 0 0 0 0 0
- 259       0 nvme0n1 47114 4 4643973 21650 1078320 43950 39451633 1011053 0 222766 1032546
- 259       1 nvme0n1p1 1140 0 9370 16 1 0 1 0 0 16 16
- 259       2 nvme0n1p2 45914 4 4631243 21626 1036885 43950 39451632 919480 0 131580 940970
-   8       0 sdb 326552 841 9657779 84 41822 2895 1972905 5007 0 60730 67070 68851 0 1925173784 11130
-   8       1 sdb1 231 3 34466 4 24 23 106 0 0 64 64 0 0 0 0
-   8       2 sdb2 326310 838 9622281 67 40726 2872 1972799 4924 0 58250 64567 68851 0 1925173784 11130
-   8       0 sdc 14202 71 579164 21861 2995 1589 180500 40875 0 11628 55200 0 0 0 0 127 182
-   8       1 sdc1 1027 0 13795 5021 2 0 4096 3 0 690 4579 0 0 0 0 0 0
-   8       2 sdc2 13126 71 561749 16802 2830 1589 176404 40620 0 10931 50449 0 0 0 0 0 0
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/fs
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/fs/fscache
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/fs/fscache/stats
-Lines: 24
-FS-Cache statistics
-Cookies: idx=3 dat=67877 spc=0
-Objects: alc=67473 nal=0 avl=67473 ded=388
-ChkAux : non=12 ok=33 upd=44 obs=55
-Pages  : mrk=547164 unc=364577
-Acquire: n=67880 nul=98 noc=25 ok=67780 nbf=39 oom=26
-Lookups: n=67473 neg=67470 pos=58 crt=67473 tmo=85
-Invals : n=14 run=13
-Updates: n=7 nul=3 run=8
-Relinqs: n=394 nul=1 wcr=2 rtr=3
-AttrChg: n=6 ok=5 nbf=4 oom=3 run=2
-Allocs : n=20 ok=19 wt=18 nbf=17 int=16
-Allocs : ops=15 owt=14 abt=13
-Retrvls: n=151959 ok=82823 wt=23467 nod=69136 nbf=15 int=69 oom=43
-Retrvls: ops=151959 owt=42747 abt=44
-Stores : n=225565 ok=225565 agn=12 nbf=13 oom=14
-Stores : ops=69156 run=294721 pgs=225565 rxd=225565 olm=43
-VmScan : nos=364512 gon=2 bsy=43 can=12 wt=66
-Ops    : pend=42753 run=221129 enq=628798 can=11 rej=88
-Ops    : ini=377538 dfr=27 rel=377538 gc=37
-CacheOp: alo=1 luo=2 luc=3 gro=4
-CacheOp: inv=5 upo=6 dro=7 pto=8 atc=9 syn=10
-CacheOp: rap=11 ras=12 alp=13 als=14 wrp=15 ucp=16 dsp=17
-CacheEv: nsp=18 stl=19 rtr=20 cul=21EOF
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/fs/xfs
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/fs/xfs/stat
-Lines: 23
-extent_alloc 92447 97589 92448 93751
-abt 0 0 0 0
-blk_map 1767055 188820 184891 92447 92448 2140766 0
-bmbt 0 0 0 0
-dir 185039 92447 92444 136422
-trans 706 944304 0
-ig 185045 58807 0 126238 0 33637 22
-log 2883 113448 9 17360 739
-push_ail 945014 0 134260 15483 0 3940 464 159985 0 40
-xstrat 92447 0
-rw 107739 94045
-attr 4 0 0 0
-icluster 8677 7849 135802
-vnodes 92601 0 0 0 92444 92444 92444 0
-buf 2666287 7122 2659202 3599 2 7085 0 10297 7085
-abtb2 184941 1277345 13257 13278 0 0 0 0 0 0 0 0 0 0 2746147
-abtc2 345295 2416764 172637 172658 0 0 0 0 0 0 0 0 0 0 21406023
-bmbt2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
-ibt2 343004 1358467 0 0 0 0 0 0 0 0 0 0 0 0 0
-fibt2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
-qm 0 0 0 0 0 0 0 0
-xpc 399724544 92823103 86219234
-debug 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/loadavg
-Lines: 1
-0.02 0.04 0.05 1/497 11947
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/mdstat
-Lines: 60
-Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
-
-md3 : active raid6 sda1[8] sdh1[7] sdg1[6] sdf1[5] sde1[11] sdd1[3] sdc1[10] sdb1[9] sdd1[10](S) sdd2[11](S)
-      5853468288 blocks super 1.2 level 6, 64k chunk, algorithm 2 [8/8] [UUUUUUUU]
-
-md127 : active raid1 sdi2[0] sdj2[1]
-      312319552 blocks [2/2] [UU]
-
-md0 : active raid1 sdi1[0] sdj1[1]
-      248896 blocks [2/2] [UU]
-
-md4 : inactive raid1 sda3[0](F) sdb3[1](S)
-      4883648 blocks [2/2] [UU]
-
-md6 : active raid1 sdb2[2](F) sdc[1](S) sda2[0]
-      195310144 blocks [2/1] [U_]
-      [=>...................]  recovery =  8.5% (16775552/195310144) finish=17.0min speed=259783K/sec
-
-md8 : active raid1 sdb1[1] sda1[0] sdc[2](S) sde[3](S)
-      195310144 blocks [2/2] [UU]
-      [=>...................]  resync =  8.5% (16775552/195310144) finish=17.0min speed=259783K/sec
-
-md201 : active raid1 sda3[0] sdb3[1]
-      1993728 blocks super 1.2 [2/2] [UU]
-      [=>...................]  check =  5.7% (114176/1993728) finish=0.2min speed=114176K/sec
-
-md7 : active raid6 sdb1[0] sde1[3] sdd1[2] sdc1[1](F)
-      7813735424 blocks super 1.2 level 6, 512k chunk, algorithm 2 [4/3] [U_UU]
-      bitmap: 0/30 pages [0KB], 65536KB chunk
-
-md9 : active raid1 sdc2[2] sdd2[3] sdb2[1] sda2[0] sde[4](F) sdf[5](F) sdg[6](S)
-      523968 blocks super 1.2 [4/4] [UUUU]
-      resync=DELAYED
-
-md10 : active raid0 sda1[0] sdb1[1]
-       314159265 blocks 64k chunks
-
-md11 : active (auto-read-only) raid1 sdb2[0] sdc2[1] sdc3[2](F) hda[4](S) ssdc2[3](S)
-      4190208 blocks super 1.2 [2/2] [UU]
-      resync=PENDING
-
-md12 : active raid0 sdc2[0] sdd2[1]
-      3886394368 blocks super 1.2 512k chunks
-
-md126 : active raid0 sdb[1] sdc[0]
-      1855870976 blocks super external:/md127/0 128k chunks
-
-md219 : inactive sdb[2](S) sdc[1](S) sda[0](S)
-        7932 blocks super external:imsm
-
-md00 : active raid0 xvdb[0]
-      4186624 blocks super 1.2 256k chunks
-
-md120 : active linear sda1[1] sdb1[0]
-        2095104 blocks super 1.2 0k rounding
-
-md101 : active (read-only) raid0 sdb[2] sdd[1] sdc[0]
-      322560 blocks super 1.2 512k chunks
-
-unused devices: <none>
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/meminfo
-Lines: 42
-MemTotal:       15666184 kB
-MemFree:          440324 kB
-Buffers:         1020128 kB
-Cached:         12007640 kB
-SwapCached:            0 kB
-Active:          6761276 kB
-Inactive:        6532708 kB
-Active(anon):     267256 kB
-Inactive(anon):      268 kB
-Active(file):    6494020 kB
-Inactive(file):  6532440 kB
-Unevictable:           0 kB
-Mlocked:               0 kB
-SwapTotal:             0 kB
-SwapFree:              0 kB
-Dirty:               768 kB
-Writeback:             0 kB
-AnonPages:        266216 kB
-Mapped:            44204 kB
-Shmem:              1308 kB
-Slab:            1807264 kB
-SReclaimable:    1738124 kB
-SUnreclaim:        69140 kB
-KernelStack:        1616 kB
-PageTables:         5288 kB
-NFS_Unstable:          0 kB
-Bounce:                0 kB
-WritebackTmp:          0 kB
-CommitLimit:     7833092 kB
-Committed_AS:     530844 kB
-VmallocTotal:   34359738367 kB
-VmallocUsed:       36596 kB
-VmallocChunk:   34359637840 kB
-HardwareCorrupted:     0 kB
-AnonHugePages:     12288 kB
-HugePages_Total:       0
-HugePages_Free:        0
-HugePages_Rsvd:        0
-HugePages_Surp:        0
-Hugepagesize:       2048 kB
-DirectMap4k:       91136 kB
-DirectMap2M:    16039936 kB
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/net
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/arp
-Lines: 2
-IP address       HW type     Flags       HW address            Mask     Device
-192.168.224.1    0x1         0x2         00:50:56:c0:00:08     *        ens33
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/dev
-Lines: 6
-Inter-|   Receive                                                |  Transmit
- face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
-vethf345468:     648       8    0    0    0     0          0         0      438       5    0    0    0     0       0          0
-    lo: 1664039048 1566805    0    0    0     0          0         0 1664039048 1566805    0    0    0     0       0          0
-docker0:    2568      38    0    0    0     0          0         0      438       5    0    0    0     0       0          0
-  eth0: 874354587 1036395    0    0    0     0          0         0 563352563  732147    0    0    0     0       0          0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/ip_vs
-Lines: 21
-IP Virtual Server version 1.2.1 (size=4096)
-Prot LocalAddress:Port Scheduler Flags
-  -> RemoteAddress:Port Forward Weight ActiveConn InActConn
-TCP  C0A80016:0CEA wlc
-  -> C0A85216:0CEA      Tunnel  100    248        2
-  -> C0A85318:0CEA      Tunnel  100    248        2
-  -> C0A85315:0CEA      Tunnel  100    248        1
-TCP  C0A80039:0CEA wlc
-  -> C0A85416:0CEA      Tunnel  0      0          0
-  -> C0A85215:0CEA      Tunnel  100    1499       0
-  -> C0A83215:0CEA      Tunnel  100    1498       0
-TCP  C0A80037:0CEA wlc
-  -> C0A8321A:0CEA      Tunnel  0      0          0
-  -> C0A83120:0CEA      Tunnel  100    0          0
-TCP  [2620:0000:0000:0000:0000:0000:0000:0001]:0050 sh
-  -> [2620:0000:0000:0000:0000:0000:0000:0002]:0050      Route   1      0          0
-  -> [2620:0000:0000:0000:0000:0000:0000:0003]:0050      Route   1      0          0
-  -> [2620:0000:0000:0000:0000:0000:0000:0004]:0050      Route   1      1          1
-FWM  10001000 wlc
-  -> C0A8321A:0CEA      Route   0      0          1
-  -> C0A83215:0CEA      Route   0      0          2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/ip_vs_stats
-Lines: 6
-   Total Incoming Outgoing         Incoming         Outgoing
-   Conns  Packets  Packets            Bytes            Bytes
- 16AA370 E33656E5        0     51D8C8883AB3                0
-
- Conns/s   Pkts/s   Pkts/s          Bytes/s          Bytes/s
-       4    1FB3C        0          1282A8F                0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/protocols
-Lines: 14
-protocol  size sockets  memory press maxhdr  slab module     cl co di ac io in de sh ss gs se re sp bi br ha uh gp em
-PACKET    1344      2      -1   NI       0   no   kernel      n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
-PINGv6    1112      0      -1   NI       0   yes  kernel      y  y  y  n  n  y  n  n  y  y  y  y  n  y  y  y  y  y  n
-RAWv6     1112      1      -1   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  y  y  y  y  n  n
-UDPLITEv6 1216      0      57   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  n  n  y  y  y  n
-UDPv6     1216     10      57   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  n  n  y  y  y  n
-TCPv6     2144   1937  1225378   no     320   yes  kernel      y  y  y  y  y  y  y  y  y  y  y  y  y  n  y  y  y  y  y
-UNIX      1024    120      -1   NI       0   yes  kernel      n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
-UDP-Lite  1024      0      57   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  y  n  n  y  y  y  n
-PING       904      0      -1   NI       0   yes  kernel      y  y  y  n  n  y  n  n  y  y  y  y  n  y  y  y  y  y  n
-RAW        912      0      -1   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  y  y  y  y  n  n
-UDP       1024     73      57   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  y  n  n  y  y  y  n
-TCP       1984  93064  1225378   yes     320   yes  kernel      y  y  y  y  y  y  y  y  y  y  y  y  y  n  y  y  y  y  y
-NETLINK   1040     16      -1   NI       0   no   kernel      n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/net/rpc
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/rpc/nfs
-Lines: 5
-net 18628 0 18628 6
-rpc 4329785 0 4338291
-proc2 18 2 69 0 0 4410 0 0 0 0 0 0 0 0 0 0 0 99 2
-proc3 22 1 4084749 29200 94754 32580 186 47747 7981 8639 0 6356 0 6962 0 7958 0 0 241 4 4 2 39
-proc4 61 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/rpc/nfsd
-Lines: 11
-rc 0 6 18622
-fh 0 0 0 0 0
-io 157286400 0
-th 8 0 0.000 0.000 0.000 0.000 0.000 0.000 0.000 0.000 0.000 0.000
-ra 32 0 0 0 0 0 0 0 0 0 0 0
-net 18628 0 18628 6
-rpc 18628 0 0 0 0
-proc2 18 2 69 0 0 4410 0 0 0 0 0 0 0 0 0 0 0 99 2
-proc3 22 2 112 0 2719 111 0 0 0 0 0 0 0 0 0 0 0 27 216 0 2 1 0
-proc4 2 2 10853
-proc4ops 72 0 0 0 1098 2 0 0 0 0 8179 5896 0 0 0 0 5900 0 0 2 0 2 0 9609 0 2 150 1272 0 0 0 1236 0 0 0 0 3 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/sockstat
-Lines: 6
-sockets: used 1602
-TCP: inuse 35 orphan 0 tw 4 alloc 59 mem 22
-UDP: inuse 12 mem 62
-UDPLITE: inuse 0
-RAW: inuse 0
-FRAG: inuse 0 memory 0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/sockstat6
-Lines: 5
-TCP6: inuse 17
-UDP6: inuse 9
-UDPLITE6: inuse 0
-RAW6: inuse 1
-FRAG6: inuse 0 memory 0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/softnet_stat
-Lines: 2
-00015c73 00020e76 F0000769 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
-01663fb2 00000000 000109a4 00000000 00000000 00000000 00000000 00000000 00000000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/softnet_stat.broken
-Lines: 1
-00015c73 00020e76 F0000769 00000000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/net/stat
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/stat/arp_cache
-Lines: 3
-entries  allocs destroys hash_grows  lookups hits  res_failed  rcv_probes_mcast rcv_probes_ucast  periodic_gc_runs forced_gc_runs unresolved_discards table_fulls
-00000014  00000001 00000002 00000003  00000004 00000005  00000006  00000007 00000008  00000009 0000000a 0000000b 0000000c
-00000014  0000000d 0000000e 0000000f  00000010 00000011  00000012  00000013 00000014  00000015 00000016 00000017 00000018
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/stat/ndisc_cache
-Lines: 3
-entries  allocs destroys hash_grows  lookups hits  res_failed  rcv_probes_mcast rcv_probes_ucast  periodic_gc_runs forced_gc_runs unresolved_discards table_fulls
-00000024  000000f0 000000f1 000000f2  000000f3 000000f4  000000f5  000000f6 000000f7  000000f8 000000f9 000000fa 000000fb
-00000024  000000fc 000000fd 000000fe  000000ff 00000100  00000101  00000102 00000103  00000104 00000105 00000106 00000107
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/tcp
-Lines: 4
-  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
-   0: 0500000A:0016 00000000:0000 0A 00000000:00000001 00:00000000 00000000     0        0 2740 1 ffff88003d3af3c0 100 0 0 10 0
-   1: 00000000:0016 00000000:0000 0A 00000001:00000000 00:00000000 00000000     0        0 2740 1 ffff88003d3af3c0 100 0 0 10 0
-   2: 00000000:0016 00000000:0000 0A 00000001:00000001 00:00000000 00000000     0        0 2740 1 ffff88003d3af3c0 100 0 0 10 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/tcp6
-Lines: 3
-  sl  local_address                         remote_address                        st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
- 1315: 00000000000000000000000000000000:14EB 00000000000000000000000000000000:0000 07 00000000:00000000 00:00000000 00000000   981        0 21040 2 0000000013726323 0
- 6073: 000080FE00000000FFADE15609667CFE:C781 00000000000000000000000000000000:0000 07 00000000:00000000 00:00000000 00000000  1000        0 11337031 2 00000000b9256fdd 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/udp
-Lines: 4
-  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
-   0: 0500000A:0016 00000000:0000 0A 00000000:00000001 00:00000000 00000000     0        0 2740 1 ffff88003d3af3c0 100 0 0 10 0
-   1: 00000000:0016 00000000:0000 0A 00000001:00000000 00:00000000 00000000     0        0 2740 1 ffff88003d3af3c0 100 0 0 10 0
-   2: 00000000:0016 00000000:0000 0A 00000001:00000001 00:00000000 00000000     0        0 2740 1 ffff88003d3af3c0 100 0 0 10 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/udp6
-Lines: 3
-  sl  local_address                         remote_address                        st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
- 1315: 00000000000000000000000000000000:14EB 00000000000000000000000000000000:0000 07 00000000:00000000 00:00000000 00000000   981        0 21040 2 0000000013726323 0
- 6073: 000080FE00000000FFADE15609667CFE:C781 00000000000000000000000000000000:0000 07 00000000:00000000 00:00000000 00000000  1000        0 11337031 2 00000000b9256fdd 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/udp_broken
-Lines: 2
-  sl  local_address rem_address   st
-   1: 00000000:0016 00000000:0000 0A
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/unix
-Lines: 6
-Num       RefCount Protocol Flags    Type St Inode Path
-0000000000000000: 00000002 00000000 00010000 0001 01 3442596 /var/run/postgresql/.s.PGSQL.5432
-0000000000000000: 0000000a 00000000 00010000 0005 01 10061 /run/udev/control
-0000000000000000: 00000007 00000000 00000000 0002 01 12392 /dev/log
-0000000000000000: 00000003 00000000 00000000 0001 03 4787297 /var/run/postgresql/.s.PGSQL.5432
-0000000000000000: 00000003 00000000 00000000 0001 03 5091797
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/unix_without_inode
-Lines: 6
-Num       RefCount Protocol Flags    Type St Path
-0000000000000000: 00000002 00000000 00010000 0001 01 /var/run/postgresql/.s.PGSQL.5432
-0000000000000000: 0000000a 00000000 00010000 0005 01 /run/udev/control
-0000000000000000: 00000007 00000000 00000000 0002 01 /dev/log
-0000000000000000: 00000003 00000000 00000000 0001 03 /var/run/postgresql/.s.PGSQL.5432
-0000000000000000: 00000003 00000000 00000000 0001 03
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/net/xfrm_stat
-Lines: 28
-XfrmInError                     1
-XfrmInBufferError               2
-XfrmInHdrError                  4
-XfrmInNoStates                  3
-XfrmInStateProtoError           40
-XfrmInStateModeError            100
-XfrmInStateSeqError             6000
-XfrmInStateExpired              4
-XfrmInStateMismatch             23451
-XfrmInStateInvalid              55555
-XfrmInTmplMismatch              51
-XfrmInNoPols                    65432
-XfrmInPolBlock                  100
-XfrmInPolError                  10000
-XfrmOutError                    1000000
-XfrmOutBundleGenError           43321
-XfrmOutBundleCheckError         555
-XfrmOutNoStates                 869
-XfrmOutStateProtoError          4542
-XfrmOutStateModeError           4
-XfrmOutStateSeqError            543
-XfrmOutStateExpired             565
-XfrmOutPolBlock                 43456
-XfrmOutPolDead                  7656
-XfrmOutPolError                 1454
-XfrmFwdHdrError                 6654
-XfrmOutStateInvalid             28765
-XfrmAcquireError                24532
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/pressure
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/pressure/cpu
-Lines: 1
-some avg10=0.10 avg60=2.00 avg300=3.85 total=15
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/pressure/io
-Lines: 2
-some avg10=0.10 avg60=2.00 avg300=3.85 total=15
-full avg10=0.20 avg60=3.00 avg300=4.95 total=25
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/pressure/memory
-Lines: 2
-some avg10=0.10 avg60=2.00 avg300=3.85 total=15
-full avg10=0.20 avg60=3.00 avg300=4.95 total=25
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/schedstat
-Lines: 6
-version 15
-timestamp 15819019232
-cpu0 498494191 0 3533438552 2553969831 3853684107 2465731542 2045936778163039 343796328169361 4767485306
-domain0 00000000,00000003 212499247 210112015 1861015 1860405436 536440 369895 32599 210079416 25368550 24241256 384652 927363878 807233 6366 1647 24239609 2122447165 1886868564 121112060 2848625533 125678146 241025 1032026 1885836538 2545 12 2533 0 0 0 0 0 0 1387952561 21076581 0
-cpu1 518377256 0 4155211005 2778589869 10466382 2867629021 1904686152592476 364107263788241 5145567945
-domain0 00000000,00000003 217653037 215526982 1577949 1580427380 557469 393576 28538 215498444 28721913 27662819 371153 870843407 745912 5523 1639 27661180 2331056874 2107732788 111442342 652402556 123615235 196159 1045245 2106687543 2400 3 2397 0 0 0 0 0 0 1437804657 26220076 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/self
-SymlinkTo: 26231
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/slabinfo
-Lines: 302
-slabinfo - version: 2.1
-# name            <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs> <num_slabs> <sharedavail>
-pid_3                375    532    576   28    4 : tunables    0    0    0 : slabdata     19     19      0
-pid_2                  3     28    576   28    4 : tunables    0    0    0 : slabdata      1      1      0
-nvidia_p2p_page_cache      0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-nvidia_pte_cache    9022   9152    368   22    2 : tunables    0    0    0 : slabdata    416    416      0
-nvidia_stack_cache    321    326  12624    2    8 : tunables    0    0    0 : slabdata    163    163      0
-kvm_async_pf           0      0    472   34    4 : tunables    0    0    0 : slabdata      0      0      0
-kvm_vcpu               0      0  15552    2    8 : tunables    0    0    0 : slabdata      0      0      0
-kvm_mmu_page_header      0      0    504   32    4 : tunables    0    0    0 : slabdata      0      0      0
-pte_list_desc          0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-x86_emulator           0      0   3024   10    8 : tunables    0    0    0 : slabdata      0      0      0
-x86_fpu                0      0   4608    7    8 : tunables    0    0    0 : slabdata      0      0      0
-iwl_cmd_pool:0000:04:00.0      0    128    512   32    4 : tunables    0    0    0 : slabdata      4      4      0
-ext4_groupinfo_4k   3719   3740    480   34    4 : tunables    0    0    0 : slabdata    110    110      0
-bio-6                 32     75    640   25    4 : tunables    0    0    0 : slabdata      3      3      0
-bio-5                 16     48   1344   24    8 : tunables    0    0    0 : slabdata      2      2      0
-bio-4                 17     92   1408   23    8 : tunables    0    0    0 : slabdata      4      4      0
-fat_inode_cache        0      0   1056   31    8 : tunables    0    0    0 : slabdata      0      0      0
-fat_cache              0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-ovl_aio_req            0      0    512   32    4 : tunables    0    0    0 : slabdata      0      0      0
-ovl_inode              0      0   1000   32    8 : tunables    0    0    0 : slabdata      0      0      0
-squashfs_inode_cache      0      0   1088   30    8 : tunables    0    0    0 : slabdata      0      0      0
-fuse_request           0      0    472   34    4 : tunables    0    0    0 : slabdata      0      0      0
-fuse_inode             0      0   1152   28    8 : tunables    0    0    0 : slabdata      0      0      0
-xfs_dqtrx              0      0    864   37    8 : tunables    0    0    0 : slabdata      0      0      0
-xfs_dquot              0      0    832   39    8 : tunables    0    0    0 : slabdata      0      0      0
-xfs_buf                0      0    768   21    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_bui_item           0      0    544   30    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_bud_item           0      0    512   32    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_cui_item           0      0    768   21    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_cud_item           0      0    512   32    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_rui_item           0      0   1024   32    8 : tunables    0    0    0 : slabdata      0      0      0
-xfs_rud_item           0      0    512   32    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_icr                0      0    520   31    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_ili                0      0    528   31    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_inode              0      0   1344   24    8 : tunables    0    0    0 : slabdata      0      0      0
-xfs_efi_item           0      0    768   21    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_efd_item           0      0    776   21    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_buf_item           0      0    608   26    4 : tunables    0    0    0 : slabdata      0      0      0
-xf_trans               0      0    568   28    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_ifork              0      0    376   21    2 : tunables    0    0    0 : slabdata      0      0      0
-xfs_da_state           0      0    816   20    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_btree_cur          0      0    560   29    4 : tunables    0    0    0 : slabdata      0      0      0
-xfs_bmap_free_item      0      0    400   20    2 : tunables    0    0    0 : slabdata      0      0      0
-xfs_log_ticket         0      0    520   31    4 : tunables    0    0    0 : slabdata      0      0      0
-nfs_direct_cache       0      0    560   29    4 : tunables    0    0    0 : slabdata      0      0      0
-nfs_commit_data        4     28   1152   28    8 : tunables    0    0    0 : slabdata      1      1      0
-nfs_write_data        32     50   1280   25    8 : tunables    0    0    0 : slabdata      2      2      0
-nfs_read_data          0      0   1280   25    8 : tunables    0    0    0 : slabdata      0      0      0
-nfs_inode_cache        0      0   1408   23    8 : tunables    0    0    0 : slabdata      0      0      0
-nfs_page               0      0    512   32    4 : tunables    0    0    0 : slabdata      0      0      0
-rpc_inode_cache        0      0   1024   32    8 : tunables    0    0    0 : slabdata      0      0      0
-rpc_buffers            8     13   2496   13    8 : tunables    0    0    0 : slabdata      1      1      0
-rpc_tasks              8     25    640   25    4 : tunables    0    0    0 : slabdata      1      1      0
-fscache_cookie_jar      1     35    464   35    4 : tunables    0    0    0 : slabdata      1      1      0
-jfs_mp                32     35    464   35    4 : tunables    0    0    0 : slabdata      1      1      0
-jfs_ip                 0      0   1592   20    8 : tunables    0    0    0 : slabdata      0      0      0
-reiser_inode_cache      0      0   1096   29    8 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_end_io_wq        0      0    464   35    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_prelim_ref       0      0    424   38    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_delayed_extent_op      0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_delayed_data_ref      0      0    448   36    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_delayed_tree_ref      0      0    440   37    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_delayed_ref_head      0      0    480   34    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_inode_defrag      0      0    400   20    2 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_delayed_node      0      0    648   25    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_ordered_extent      0      0    752   21    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_extent_map       0      0    480   34    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_extent_state      0      0    416   39    4 : tunables    0    0    0 : slabdata      0      0      0
-bio-3                 35     92    704   23    4 : tunables    0    0    0 : slabdata      4      4      0
-btrfs_extent_buffer      0      0    600   27    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_free_space_bitmap      0      0  12288    2    8 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_free_space       0      0    416   39    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_path             0      0    448   36    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_trans_handle      0      0    440   37    4 : tunables    0    0    0 : slabdata      0      0      0
-btrfs_inode            0      0   1496   21    8 : tunables    0    0    0 : slabdata      0      0      0
-ext4_inode_cache   84136  84755   1400   23    8 : tunables    0    0    0 : slabdata   3685   3685      0
-ext4_free_data        22     80    392   20    2 : tunables    0    0    0 : slabdata      4      4      0
-ext4_allocation_context      0     70    464   35    4 : tunables    0    0    0 : slabdata      2      2      0
-ext4_prealloc_space     24     74    440   37    4 : tunables    0    0    0 : slabdata      2      2      0
-ext4_system_zone     267    273    376   21    2 : tunables    0    0    0 : slabdata     13     13      0
-ext4_io_end_vec        0     88    368   22    2 : tunables    0    0    0 : slabdata      4      4      0
-ext4_io_end            0     80    400   20    2 : tunables    0    0    0 : slabdata      4      4      0
-ext4_bio_post_read_ctx    128    147    384   21    2 : tunables    0    0    0 : slabdata      7      7      0
-ext4_pending_reservation      0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-ext4_extent_status  79351  79422    376   21    2 : tunables    0    0    0 : slabdata   3782   3782      0
-jbd2_transaction_s     44    100    640   25    4 : tunables    0    0    0 : slabdata      4      4      0
-jbd2_inode          6785   6840    400   20    2 : tunables    0    0    0 : slabdata    342    342      0
-jbd2_journal_handle      0     80    392   20    2 : tunables    0    0    0 : slabdata      4      4      0
-jbd2_journal_head    824   1944    448   36    4 : tunables    0    0    0 : slabdata     54     54      0
-jbd2_revoke_table_s      4     23    352   23    2 : tunables    0    0    0 : slabdata      1      1      0
-jbd2_revoke_record_s      0    156    416   39    4 : tunables    0    0    0 : slabdata      4      4      0
-ext2_inode_cache       0      0   1144   28    8 : tunables    0    0    0 : slabdata      0      0      0
-mbcache                0      0    392   20    2 : tunables    0    0    0 : slabdata      0      0      0
-dm_thin_new_mapping      0    152    424   38    4 : tunables    0    0    0 : slabdata      4      4      0
-dm_snap_pending_exception      0      0    464   35    4 : tunables    0    0    0 : slabdata      0      0      0
-dm_exception           0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-dm_dirty_log_flush_entry      0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-dm_bio_prison_cell_v2      0      0    432   37    4 : tunables    0    0    0 : slabdata      0      0      0
-dm_bio_prison_cell      0    148    432   37    4 : tunables    0    0    0 : slabdata      4      4      0
-kcopyd_job             0      8   3648    8    8 : tunables    0    0    0 : slabdata      1      1      0
-io                     0     32    512   32    4 : tunables    0    0    0 : slabdata      1      1      0
-dm_uevent              0      0   3224   10    8 : tunables    0    0    0 : slabdata      0      0      0
-dax_cache              1     28   1152   28    8 : tunables    0    0    0 : slabdata      1      1      0
-aic94xx_ascb           0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-aic94xx_dma_token      0      0    384   21    2 : tunables    0    0    0 : slabdata      0      0      0
-asd_sas_event          0      0    512   32    4 : tunables    0    0    0 : slabdata      0      0      0
-sas_task               0      0    704   23    4 : tunables    0    0    0 : slabdata      0      0      0
-qla2xxx_srbs           0      0    832   39    8 : tunables    0    0    0 : slabdata      0      0      0
-sd_ext_cdb             2     22    368   22    2 : tunables    0    0    0 : slabdata      1      1      0
-scsi_sense_cache     258    288    512   32    4 : tunables    0    0    0 : slabdata      9      9      0
-virtio_scsi_cmd       64     75    640   25    4 : tunables    0    0    0 : slabdata      3      3      0
-L2TP/IPv6              0      0   1536   21    8 : tunables    0    0    0 : slabdata      0      0      0
-L2TP/IP                0      0   1408   23    8 : tunables    0    0    0 : slabdata      0      0      0
-ip6-frags              0      0    520   31    4 : tunables    0    0    0 : slabdata      0      0      0
-fib6_nodes             5     32    512   32    4 : tunables    0    0    0 : slabdata      1      1      0
-ip6_dst_cache          4     25    640   25    4 : tunables    0    0    0 : slabdata      1      1      0
-ip6_mrt_cache          0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-PINGv6                 0      0   1600   20    8 : tunables    0    0    0 : slabdata      0      0      0
-RAWv6                 25     40   1600   20    8 : tunables    0    0    0 : slabdata      2      2      0
-UDPLITEv6              0      0   1728   18    8 : tunables    0    0    0 : slabdata      0      0      0
-UDPv6                  3     54   1728   18    8 : tunables    0    0    0 : slabdata      3      3      0
-tw_sock_TCPv6          0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-request_sock_TCPv6      0      0    632   25    4 : tunables    0    0    0 : slabdata      0      0      0
-TCPv6                  0     33   2752   11    8 : tunables    0    0    0 : slabdata      3      3      0
-uhci_urb_priv          0      0    392   20    2 : tunables    0    0    0 : slabdata      0      0      0
-sgpool-128             2     14   4544    7    8 : tunables    0    0    0 : slabdata      2      2      0
-sgpool-64              2     13   2496   13    8 : tunables    0    0    0 : slabdata      1      1      0
-sgpool-32              2     44   1472   22    8 : tunables    0    0    0 : slabdata      2      2      0
-sgpool-16              2     68    960   34    8 : tunables    0    0    0 : slabdata      2      2      0
-sgpool-8               2     46    704   23    4 : tunables    0    0    0 : slabdata      2      2      0
-btree_node             0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-bfq_io_cq              0      0    488   33    4 : tunables    0    0    0 : slabdata      0      0      0
-bfq_queue              0      0    848   38    8 : tunables    0    0    0 : slabdata      0      0      0
-mqueue_inode_cache      1     24   1344   24    8 : tunables    0    0    0 : slabdata      1      1      0
-isofs_inode_cache      0      0    968   33    8 : tunables    0    0    0 : slabdata      0      0      0
-io_kiocb               0      0    640   25    4 : tunables    0    0    0 : slabdata      0      0      0
-kioctx                 0     30   1088   30    8 : tunables    0    0    0 : slabdata      1      1      0
-aio_kiocb              0     28    576   28    4 : tunables    0    0    0 : slabdata      1      1      0
-userfaultfd_ctx_cache      0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-fanotify_path_event      0      0    392   20    2 : tunables    0    0    0 : slabdata      0      0      0
-fanotify_fid_event      0      0    400   20    2 : tunables    0    0    0 : slabdata      0      0      0
-fsnotify_mark          0      0    408   20    2 : tunables    0    0    0 : slabdata      0      0      0
-dnotify_mark           0      0    416   39    4 : tunables    0    0    0 : slabdata      0      0      0
-dnotify_struct         0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-dio                    0      0   1088   30    8 : tunables    0    0    0 : slabdata      0      0      0
-bio-2                  4     25    640   25    4 : tunables    0    0    0 : slabdata      1      1      0
-fasync_cache           0      0    384   21    2 : tunables    0    0    0 : slabdata      0      0      0
-audit_tree_mark        0      0    416   39    4 : tunables    0    0    0 : slabdata      0      0      0
-pid_namespace         30     34    480   34    4 : tunables    0    0    0 : slabdata      1      1      0
-posix_timers_cache      0     27    592   27    4 : tunables    0    0    0 : slabdata      1      1      0
-iommu_devinfo         24     32    512   32    4 : tunables    0    0    0 : slabdata      1      1      0
-iommu_domain          10     10   3264   10    8 : tunables    0    0    0 : slabdata      1      1      0
-iommu_iova          8682   8748    448   36    4 : tunables    0    0    0 : slabdata    243    243      0
-UNIX                 529    814   1472   22    8 : tunables    0    0    0 : slabdata     37     37      0
-ip4-frags              0      0    536   30    4 : tunables    0    0    0 : slabdata      0      0      0
-ip_mrt_cache           0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-UDP-Lite               0      0   1536   21    8 : tunables    0    0    0 : slabdata      0      0      0
-tcp_bind_bucket        7    128    512   32    4 : tunables    0    0    0 : slabdata      4      4      0
-inet_peer_cache        0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-xfrm_dst_cache         0      0    704   23    4 : tunables    0    0    0 : slabdata      0      0      0
-xfrm_state             0      0   1152   28    8 : tunables    0    0    0 : slabdata      0      0      0
-ip_fib_trie            7     21    384   21    2 : tunables    0    0    0 : slabdata      1      1      0
-ip_fib_alias           9     20    392   20    2 : tunables    0    0    0 : slabdata      1      1      0
-ip_dst_cache          27     84    576   28    4 : tunables    0    0    0 : slabdata      3      3      0
-PING                   0      0   1408   23    8 : tunables    0    0    0 : slabdata      0      0      0
-RAW                   32     46   1408   23    8 : tunables    0    0    0 : slabdata      2      2      0
-UDP                   11    168   1536   21    8 : tunables    0    0    0 : slabdata      8      8      0
-tw_sock_TCP            1     56    576   28    4 : tunables    0    0    0 : slabdata      2      2      0
-request_sock_TCP       0     25    632   25    4 : tunables    0    0    0 : slabdata      1      1      0
-TCP                   10     60   2624   12    8 : tunables    0    0    0 : slabdata      5      5      0
-hugetlbfs_inode_cache      2     35    928   35    8 : tunables    0    0    0 : slabdata      1      1      0
-dquot                  0      0    640   25    4 : tunables    0    0    0 : slabdata      0      0      0
-bio-1                 32     46    704   23    4 : tunables    0    0    0 : slabdata      2      2      0
-eventpoll_pwq        409    600    408   20    2 : tunables    0    0    0 : slabdata     30     30      0
-eventpoll_epi        408    672    576   28    4 : tunables    0    0    0 : slabdata     24     24      0
-inotify_inode_mark     58    195    416   39    4 : tunables    0    0    0 : slabdata      5      5      0
-scsi_data_buffer       0      0    360   22    2 : tunables    0    0    0 : slabdata      0      0      0
-bio_crypt_ctx        128    147    376   21    2 : tunables    0    0    0 : slabdata      7      7      0
-request_queue         29     39   2408   13    8 : tunables    0    0    0 : slabdata      3      3      0
-blkdev_ioc            81    148    440   37    4 : tunables    0    0    0 : slabdata      4      4      0
-bio-0                125    200    640   25    4 : tunables    0    0    0 : slabdata      8      8      0
-biovec-max           166    196   4544    7    8 : tunables    0    0    0 : slabdata     28     28      0
-biovec-128             0     52   2496   13    8 : tunables    0    0    0 : slabdata      4      4      0
-biovec-64              0     88   1472   22    8 : tunables    0    0    0 : slabdata      4      4      0
-biovec-16              0     92    704   23    4 : tunables    0    0    0 : slabdata      4      4      0
-bio_integrity_payload      4     28    576   28    4 : tunables    0    0    0 : slabdata      1      1      0
-khugepaged_mm_slot     59    180    448   36    4 : tunables    0    0    0 : slabdata      5      5      0
-ksm_mm_slot            0      0    384   21    2 : tunables    0    0    0 : slabdata      0      0      0
-ksm_stable_node        0      0    400   20    2 : tunables    0    0    0 : slabdata      0      0      0
-ksm_rmap_item          0      0    400   20    2 : tunables    0    0    0 : slabdata      0      0      0
-user_namespace         2     37    864   37    8 : tunables    0    0    0 : slabdata      1      1      0
-uid_cache              5     28    576   28    4 : tunables    0    0    0 : slabdata      1      1      0
-dmaengine-unmap-256      1     13   2496   13    8 : tunables    0    0    0 : slabdata      1      1      0
-dmaengine-unmap-128      1     22   1472   22    8 : tunables    0    0    0 : slabdata      1      1      0
-dmaengine-unmap-16      1     28    576   28    4 : tunables    0    0    0 : slabdata      1      1      0
-dmaengine-unmap-2      1     36    448   36    4 : tunables    0    0    0 : slabdata      1      1      0
-audit_buffer           0     22    360   22    2 : tunables    0    0    0 : slabdata      1      1      0
-sock_inode_cache     663   1170   1216   26    8 : tunables    0    0    0 : slabdata     45     45      0
-skbuff_ext_cache       0      0    576   28    4 : tunables    0    0    0 : slabdata      0      0      0
-skbuff_fclone_cache      1     72    896   36    8 : tunables    0    0    0 : slabdata      2      2      0
-skbuff_head_cache      3    650    640   25    4 : tunables    0    0    0 : slabdata     26     26      0
-configfs_dir_cache      7     38    424   38    4 : tunables    0    0    0 : slabdata      1      1      0
-file_lock_cache       27    116    552   29    4 : tunables    0    0    0 : slabdata      4      4      0
-file_lock_ctx        106    120    392   20    2 : tunables    0    0    0 : slabdata      6      6      0
-fsnotify_mark_connector     52     66    368   22    2 : tunables    0    0    0 : slabdata      3      3      0
-net_namespace          1      6   5312    6    8 : tunables    0    0    0 : slabdata      1      1      0
-task_delay_info      784   1560    416   39    4 : tunables    0    0    0 : slabdata     40     40      0
-taskstats             45     92    688   23    4 : tunables    0    0    0 : slabdata      4      4      0
-proc_dir_entry       678    682    528   31    4 : tunables    0    0    0 : slabdata     22     22      0
-pde_opener             0    189    376   21    2 : tunables    0    0    0 : slabdata      9      9      0
-proc_inode_cache    7150   8250    992   33    8 : tunables    0    0    0 : slabdata    250    250      0
-seq_file              60    735    456   35    4 : tunables    0    0    0 : slabdata     21     21      0
-sigqueue               0    156    416   39    4 : tunables    0    0    0 : slabdata      4      4      0
-bdev_cache            36     78   1216   26    8 : tunables    0    0    0 : slabdata      3      3      0
-shmem_inode_cache   1599   2208   1016   32    8 : tunables    0    0    0 : slabdata     69     69      0
-kernfs_iattrs_cache   1251   1254    424   38    4 : tunables    0    0    0 : slabdata     33     33      0
-kernfs_node_cache  52898  52920    464   35    4 : tunables    0    0    0 : slabdata   1512   1512      0
-mnt_cache             42     46    704   23    4 : tunables    0    0    0 : slabdata      2      2      0
-filp                4314   6371    704   23    4 : tunables    0    0    0 : slabdata    277    277      0
-inode_cache        28695  29505    920   35    8 : tunables    0    0    0 : slabdata    843    843      0
-dentry            166069 169074    528   31    4 : tunables    0    0    0 : slabdata   5454   5454      0
-names_cache            0     35   4544    7    8 : tunables    0    0    0 : slabdata      5      5      0
-hashtab_node           0      0    360   22    2 : tunables    0    0    0 : slabdata      0      0      0
-ebitmap_node           0      0    400   20    2 : tunables    0    0    0 : slabdata      0      0      0
-avtab_extended_perms      0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-avtab_node             0      0    360   22    2 : tunables    0    0    0 : slabdata      0      0      0
-avc_xperms_data        0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-avc_xperms_decision_node      0      0    384   21    2 : tunables    0    0    0 : slabdata      0      0      0
-avc_xperms_node        0      0    392   20    2 : tunables    0    0    0 : slabdata      0      0      0
-avc_node              37     40    408   20    2 : tunables    0    0    0 : slabdata      2      2      0
-iint_cache             0      0    448   36    4 : tunables    0    0    0 : slabdata      0      0      0
-lsm_inode_cache   122284 122340    392   20    2 : tunables    0    0    0 : slabdata   6117   6117      0
-lsm_file_cache      4266   4485    352   23    2 : tunables    0    0    0 : slabdata    195    195      0
-key_jar                8     25    640   25    4 : tunables    0    0    0 : slabdata      1      1      0
-buffer_head       255622 257076    440   37    4 : tunables    0    0    0 : slabdata   6948   6948      0
-uts_namespace          0      0    776   21    4 : tunables    0    0    0 : slabdata      0      0      0
-nsproxy               31     40    408   20    2 : tunables    0    0    0 : slabdata      2      2      0
-vm_area_struct     39115  43214    528   31    4 : tunables    0    0    0 : slabdata   1394   1394      0
-mm_struct             96    529   1408   23    8 : tunables    0    0    0 : slabdata     23     23      0
-fs_cache             102    756    448   36    4 : tunables    0    0    0 : slabdata     21     21      0
-files_cache          102    588   1152   28    8 : tunables    0    0    0 : slabdata     21     21      0
-signal_cache         266    672   1536   21    8 : tunables    0    0    0 : slabdata     32     32      0
-sighand_cache        266    507   2496   13    8 : tunables    0    0    0 : slabdata     39     39      0
-task_struct          783    963  10240    3    8 : tunables    0    0    0 : slabdata    321    321      0
-cred_jar             364    952    576   28    4 : tunables    0    0    0 : slabdata     34     34      0
-anon_vma_chain     63907  67821    416   39    4 : tunables    0    0    0 : slabdata   1739   1739      0
-anon_vma           25891  28899    416   39    4 : tunables    0    0    0 : slabdata    741    741      0
-pid                  408    992    512   32    4 : tunables    0    0    0 : slabdata     31     31      0
-Acpi-Operand        6682   6740    408   20    2 : tunables    0    0    0 : slabdata    337    337      0
-Acpi-ParseExt          0     39    416   39    4 : tunables    0    0    0 : slabdata      1      1      0
-Acpi-Parse             0     80    392   20    2 : tunables    0    0    0 : slabdata      4      4      0
-Acpi-State             0     78    416   39    4 : tunables    0    0    0 : slabdata      2      2      0
-Acpi-Namespace      3911   3948    384   21    2 : tunables    0    0    0 : slabdata    188    188      0
-trace_event_file    2638   2660    424   38    4 : tunables    0    0    0 : slabdata     70     70      0
-ftrace_event_field   6592   6594    384   21    2 : tunables    0    0    0 : slabdata    314    314      0
-pool_workqueue        41     64   1024   32    8 : tunables    0    0    0 : slabdata      2      2      0
-radix_tree_node    21638  24045    912   35    8 : tunables    0    0    0 : slabdata    687    687      0
-task_group            48     78   1216   26    8 : tunables    0    0    0 : slabdata      3      3      0
-vmap_area           4411   4680    400   20    2 : tunables    0    0    0 : slabdata    234    234      0
-dma-kmalloc-8k         0      0  24576    1    8 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-4k         0      0  12288    2    8 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-2k         0      0   6144    5    8 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-1k         0      0   3072   10    8 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-512        0      0   1536   21    8 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-256        0      0   1024   32    8 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-128        0      0    640   25    4 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-64         0      0    512   32    4 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-32         0      0    416   39    4 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-16         0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-8          0      0    344   23    2 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-192        0      0    528   31    4 : tunables    0    0    0 : slabdata      0      0      0
-dma-kmalloc-96         0      0    432   37    4 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-8k         0      0  24576    1    8 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-4k         0      0  12288    2    8 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-2k         0      0   6144    5    8 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-1k         0      0   3072   10    8 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-512        0      0   1536   21    8 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-256        0      0   1024   32    8 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-192        0      0    528   31    4 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-128       31     75    640   25    4 : tunables    0    0    0 : slabdata      3      3      0
-kmalloc-rcl-96      3371   3626    432   37    4 : tunables    0    0    0 : slabdata     98     98      0
-kmalloc-rcl-64      2080   2272    512   32    4 : tunables    0    0    0 : slabdata     71     71      0
-kmalloc-rcl-32         0      0    416   39    4 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-16         0      0    368   22    2 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-rcl-8          0      0    344   23    2 : tunables    0    0    0 : slabdata      0      0      0
-kmalloc-8k           133    140  24576    1    8 : tunables    0    0    0 : slabdata    140    140      0
-kmalloc-4k           403    444  12288    2    8 : tunables    0    0    0 : slabdata    222    222      0
-kmalloc-2k          2391   2585   6144    5    8 : tunables    0    0    0 : slabdata    517    517      0
-kmalloc-1k          2163   2420   3072   10    8 : tunables    0    0    0 : slabdata    242    242      0
-kmalloc-512         2972   3633   1536   21    8 : tunables    0    0    0 : slabdata    173    173      0
-kmalloc-256         1841   1856   1024   32    8 : tunables    0    0    0 : slabdata     58     58      0
-kmalloc-192         2165   2914    528   31    4 : tunables    0    0    0 : slabdata     94     94      0
-kmalloc-128         1137   1175    640   25    4 : tunables    0    0    0 : slabdata     47     47      0
-kmalloc-96          1925   2590    432   37    4 : tunables    0    0    0 : slabdata     70     70      0
-kmalloc-64          9433  10688    512   32    4 : tunables    0    0    0 : slabdata    334    334      0
-kmalloc-32          9098  10062    416   39    4 : tunables    0    0    0 : slabdata    258    258      0
-kmalloc-16         10914  10956    368   22    2 : tunables    0    0    0 : slabdata    498    498      0
-kmalloc-8           7576   7705    344   23    2 : tunables    0    0    0 : slabdata    335    335      0
-kmem_cache_node      904    928    512   32    4 : tunables    0    0    0 : slabdata     29     29      0
-kmem_cache           904    936    832   39    8 : tunables    0    0    0 : slabdata     24     24      0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/stat
-Lines: 16
-cpu  301854 612 111922 8979004 3552 2 3944 0 0 0
-cpu0 44490 19 21045 1087069 220 1 3410 0 0 0
-cpu1 47869 23 16474 1110787 591 0 46 0 0 0
-cpu2 46504 36 15916 1112321 441 0 326 0 0 0
-cpu3 47054 102 15683 1113230 533 0 60 0 0 0
-cpu4 28413 25 10776 1140321 217 0 8 0 0 0
-cpu5 29271 101 11586 1136270 672 0 30 0 0 0
-cpu6 29152 36 10276 1139721 319 0 29 0 0 0
-cpu7 29098 268 10164 1139282 555 0 31 0 0 0
-intr 8885917 17 0 0 0 0 0 0 0 1 79281 0 0 0 0 0 0 0 231237 0 0 0 0 250586 103 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 223424 190745 13 906 1283803 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
-ctxt 38014093
-btime 1418183276
-processes 26442
-procs_running 2
-procs_blocked 1
-softirq 5057579 250191 1481983 1647 211099 186066 0 1783454 622196 12499 508444
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/swaps
-Lines: 2
-Filename				Type		Size	Used	Priority
-/dev/dm-2                               partition	131068	176	-2
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/symlinktargets
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/symlinktargets/README
-Lines: 2
-This directory contains some empty files that are the symlinks the files in the "fd" directory point to.
-They are otherwise ignored by the tests
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/symlinktargets/abc
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/symlinktargets/def
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/symlinktargets/ghi
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/symlinktargets/uvw
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/symlinktargets/xyz
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/sys
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/sys/kernel
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/sys/kernel/random
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/kernel/random/entropy_avail
-Lines: 1
-3943
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/kernel/random/poolsize
-Lines: 1
-4096
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/kernel/random/urandom_min_reseed_secs
-Lines: 1
-60
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/kernel/random/write_wakeup_threshold
-Lines: 1
-3072
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/proc/sys/vm
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/admin_reserve_kbytes
-Lines: 1
-8192
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/block_dump
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/compact_unevictable_allowed
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/dirty_background_bytes
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/dirty_background_ratio
-Lines: 1
-10
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/dirty_bytes
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/dirty_expire_centisecs
-Lines: 1
-3000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/dirty_ratio
-Lines: 1
-20
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/dirty_writeback_centisecs
-Lines: 1
-500
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/dirtytime_expire_seconds
-Lines: 1
-43200
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/drop_caches
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/extfrag_threshold
-Lines: 1
-500
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/hugetlb_shm_group
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/laptop_mode
-Lines: 1
-5
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/legacy_va_layout
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/lowmem_reserve_ratio
-Lines: 1
-256	256	32	0	0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/max_map_count
-Lines: 1
-65530
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/memory_failure_early_kill
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/memory_failure_recovery
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/min_free_kbytes
-Lines: 1
-67584
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/min_slab_ratio
-Lines: 1
-5
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/min_unmapped_ratio
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/mmap_min_addr
-Lines: 1
-65536
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/nr_hugepages
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/nr_hugepages_mempolicy
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/nr_overcommit_hugepages
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/numa_stat
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/numa_zonelist_order
-Lines: 1
-Node
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/oom_dump_tasks
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/oom_kill_allocating_task
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/overcommit_kbytes
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/overcommit_memory
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/overcommit_ratio
-Lines: 1
-50
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/page-cluster
-Lines: 1
-3
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/panic_on_oom
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/percpu_pagelist_fraction
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/stat_interval
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/swappiness
-Lines: 1
-60
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/user_reserve_kbytes
-Lines: 1
-131072
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/vfs_cache_pressure
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/watermark_boost_factor
-Lines: 1
-15000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/watermark_scale_factor
-Lines: 1
-10
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/sys/vm/zone_reclaim_mode
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/proc/zoneinfo
-Lines: 262
-Node 0, zone      DMA
-  per-node stats
-      nr_inactive_anon 230981
-      nr_active_anon 547580
-      nr_inactive_file 316904
-      nr_active_file 346282
-      nr_unevictable 115467
-      nr_slab_reclaimable 131220
-      nr_slab_unreclaimable 47320
-      nr_isolated_anon 0
-      nr_isolated_file 0
-      workingset_nodes 11627
-      workingset_refault 466886
-      workingset_activate 276925
-      workingset_restore 84055
-      workingset_nodereclaim 487
-      nr_anon_pages 795576
-      nr_mapped    215483
-      nr_file_pages 761874
-      nr_dirty     908
-      nr_writeback 0
-      nr_writeback_temp 0
-      nr_shmem     224925
-      nr_shmem_hugepages 0
-      nr_shmem_pmdmapped 0
-      nr_anon_transparent_hugepages 0
-      nr_unstable  0
-      nr_vmscan_write 12950
-      nr_vmscan_immediate_reclaim 3033
-      nr_dirtied   8007423
-      nr_written   7752121
-      nr_kernel_misc_reclaimable 0
-  pages free     3952
-        min      33
-        low      41
-        high     49
-        spanned  4095
-        present  3975
-        managed  3956
-        protection: (0, 2877, 7826, 7826, 7826)
-      nr_free_pages 3952
-      nr_zone_inactive_anon 0
-      nr_zone_active_anon 0
-      nr_zone_inactive_file 0
-      nr_zone_active_file 0
-      nr_zone_unevictable 0
-      nr_zone_write_pending 0
-      nr_mlock     0
-      nr_page_table_pages 0
-      nr_kernel_stack 0
-      nr_bounce    0
-      nr_zspages   0
-      nr_free_cma  0
-      numa_hit     1
-      numa_miss    0
-      numa_foreign 0
-      numa_interleave 0
-      numa_local   1
-      numa_other   0
-  pagesets
-    cpu: 0
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-    cpu: 1
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-    cpu: 2
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-    cpu: 3
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-    cpu: 4
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-    cpu: 5
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-    cpu: 6
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-    cpu: 7
-              count: 0
-              high:  0
-              batch: 1
-  vm stats threshold: 8
-  node_unreclaimable:  0
-  start_pfn:           1
-Node 0, zone    DMA32
-  pages free     204252
-        min      19510
-        low      21059
-        high     22608
-        spanned  1044480
-        present  759231
-        managed  742806
-        protection: (0, 0, 4949, 4949, 4949)
-      nr_free_pages 204252
-      nr_zone_inactive_anon 118558
-      nr_zone_active_anon 106598
-      nr_zone_inactive_file 75475
-      nr_zone_active_file 70293
-      nr_zone_unevictable 66195
-      nr_zone_write_pending 64
-      nr_mlock     4
-      nr_page_table_pages 1756
-      nr_kernel_stack 2208
-      nr_bounce    0
-      nr_zspages   0
-      nr_free_cma  0
-      numa_hit     113952967
-      numa_miss    0
-      numa_foreign 0
-      numa_interleave 0
-      numa_local   113952967
-      numa_other   0
-  pagesets
-    cpu: 0
-              count: 345
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-    cpu: 1
-              count: 356
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-    cpu: 2
-              count: 325
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-    cpu: 3
-              count: 346
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-    cpu: 4
-              count: 321
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-    cpu: 5
-              count: 316
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-    cpu: 6
-              count: 373
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-    cpu: 7
-              count: 339
-              high:  378
-              batch: 63
-  vm stats threshold: 48
-  node_unreclaimable:  0
-  start_pfn:           4096
-Node 0, zone   Normal
-  pages free     18553
-        min      11176
-        low      13842
-        high     16508
-        spanned  1308160
-        present  1308160
-        managed  1268711
-        protection: (0, 0, 0, 0, 0)
-      nr_free_pages 18553
-      nr_zone_inactive_anon 112423
-      nr_zone_active_anon 440982
-      nr_zone_inactive_file 241429
-      nr_zone_active_file 275989
-      nr_zone_unevictable 49272
-      nr_zone_write_pending 844
-      nr_mlock     154
-      nr_page_table_pages 9750
-      nr_kernel_stack 15136
-      nr_bounce    0
-      nr_zspages   0
-      nr_free_cma  0
-      numa_hit     162718019
-      numa_miss    0
-      numa_foreign 0
-      numa_interleave 26812
-      numa_local   162718019
-      numa_other   0
-  pagesets
-    cpu: 0
-              count: 316
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-    cpu: 1
-              count: 366
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-    cpu: 2
-              count: 60
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-    cpu: 3
-              count: 256
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-    cpu: 4
-              count: 253
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-    cpu: 5
-              count: 159
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-    cpu: 6
-              count: 311
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-    cpu: 7
-              count: 264
-              high:  378
-              batch: 63
-  vm stats threshold: 56
-  node_unreclaimable:  0
-  start_pfn:           1048576
-Node 0, zone  Movable
-  pages free     0
-        min      0
-        low      0
-        high     0
-        spanned  0
-        present  0
-        managed  0
-        protection: (0, 0, 0, 0, 0)
-Node 0, zone   Device
-  pages free     0
-        min      0
-        low      0
-        high     0
-        spanned  0
-        present  0
-        managed  0
-        protection: (0, 0, 0, 0, 0)
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/block
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/block/dm-0
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/dm-0/stat
-Lines: 1
-6447303        0 710266738  1529043   953216        0 31201176  4557464        0   796160  6088971
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/block/sda
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/block/sda/queue
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/add_random
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/chunk_sectors
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/dax
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/discard_granularity
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/discard_max_bytes
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/discard_max_hw_bytes
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/discard_zeroes_data
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/fua
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/hw_sector_size
-Lines: 1
-512
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/io_poll
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/io_poll_delay
-Lines: 1
--1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/io_timeout
-Lines: 1
-30000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/block/sda/queue/iosched
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/back_seek_max
-Lines: 1
-16384
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/back_seek_penalty
-Lines: 1
-2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/fifo_expire_async
-Lines: 1
-250
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/fifo_expire_sync
-Lines: 1
-125
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/low_latency
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/max_budget
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/slice_idle
-Lines: 1
-8
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/slice_idle_us
-Lines: 1
-8000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/strict_guarantees
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iosched/timeout_sync
-Lines: 1
-125
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/iostats
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/logical_block_size
-Lines: 1
-512
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/max_discard_segments
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/max_hw_sectors_kb
-Lines: 1
-32767
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/max_integrity_segments
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/max_sectors_kb
-Lines: 1
-1280
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/max_segment_size
-Lines: 1
-65536
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/max_segments
-Lines: 1
-168
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/minimum_io_size
-Lines: 1
-512
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/nomerges
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/nr_requests
-Lines: 1
-64
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/nr_zones
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/optimal_io_size
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/physical_block_size
-Lines: 1
-512
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/read_ahead_kb
-Lines: 1
-128
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/rotational
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/rq_affinity
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/scheduler
-Lines: 1
-mq-deadline kyber [bfq] none
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/wbt_lat_usec
-Lines: 1
-75000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/write_cache
-Lines: 1
-write back
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/write_same_max_bytes
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/write_zeroes_max_bytes
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/queue/zoned
-Lines: 1
-none
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/block/sda/stat
-Lines: 1
-9652963   396792 759304206   412943  8422549  6731723 286915323 13947418        0  5658367 19174573 1 2 3 12
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/drm
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/drm/card0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/drm/card0/device
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/aer_dev_correctable
-Lines: 9
-RxErr 0
-BadTLP 0
-BadDLLP 0
-Rollover 0
-Timeout 0
-NonFatalErr 0
-CorrIntErr 0
-HeaderOF 0
-TOTAL_ERR_COR 0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/aer_dev_fatal
-Lines: 19
-Undefined 0
-DLP 0
-SDES 0
-TLP 0
-FCP 0
-CmpltTO 0
-CmpltAbrt 0
-UnxCmplt 0
-RxOF 0
-MalfTLP 0
-ECRC 0
-UnsupReq 0
-ACSViol 0
-UncorrIntErr 0
-BlockedTLP 0
-AtomicOpBlocked 0
-TLPBlockedErr 0
-PoisonTLPBlocked 0
-TOTAL_ERR_FATAL 0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/aer_dev_nonfatal
-Lines: 19
-Undefined 0
-DLP 0
-SDES 0
-TLP 0
-FCP 0
-CmpltTO 0
-CmpltAbrt 0
-UnxCmplt 0
-RxOF 0
-MalfTLP 0
-ECRC 0
-UnsupReq 0
-ACSViol 0
-UncorrIntErr 0
-BlockedTLP 0
-AtomicOpBlocked 0
-TLPBlockedErr 0
-PoisonTLPBlocked 0
-TOTAL_ERR_NONFATAL 0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/ari_enabled
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/boot_vga
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/broken_parity_status
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/class
-Lines: 1
-0x030000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/consistent_dma_mask_bits
-Lines: 1
-44
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/current_link_speed
-Lines: 1
-8.0 GT/s PCIe
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/current_link_width
-Lines: 1
-16
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/d3cold_allowed
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/device
-Lines: 1
-0x687f
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/dma_mask_bits
-Lines: 1
-44
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/driver_override
-Lines: 1
-(null)
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/gpu_busy_percent
-Lines: 1
-4
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/irq
-Lines: 1
-95
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/local_cpulist
-Lines: 1
-0-15
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/local_cpus
-Lines: 1
-0000ffff
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/max_link_speed
-Lines: 1
-8.0 GT/s PCIe
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/max_link_width
-Lines: 1
-16
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/mem_info_gtt_total
-Lines: 1
-8573157376
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/mem_info_gtt_used
-Lines: 1
-144560128
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/mem_info_vis_vram_total
-Lines: 1
-8573157376
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/mem_info_vis_vram_used
-Lines: 1
-1490378752
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/mem_info_vram_total
-Lines: 1
-8573157376
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/mem_info_vram_used
-Lines: 1
-1490378752
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/mem_info_vram_vendor
-Lines: 1
-samsung
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/modalias
-Lines: 1
-pci:v00001002d0000687Fsv00001043sd000004C4bc03sc00i00
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/msi_bus
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/numa_node
-Lines: 1
--1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pcie_bw
-Lines: 1
-6641 815 256
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pcie_replay_count
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/power_dpm_force_performance_level
-Lines: 1
-manual
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/power_dpm_state
-Lines: 1
-performance
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/power_state
-Lines: 1
-D0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_cur_state
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_dpm_dcefclk
-Lines: 5
-0: 600Mhz *
-1: 720Mhz 
-2: 800Mhz 
-3: 847Mhz 
-4: 900Mhz 
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_dpm_mclk
-Lines: 4
-0: 167Mhz *
-1: 500Mhz 
-2: 800Mhz 
-3: 945Mhz 
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_dpm_pcie
-Lines: 2
-0: 8.0GT/s, x16 
-1: 8.0GT/s, x16 *
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_dpm_sclk
-Lines: 8
-0: 852Mhz *
-1: 991Mhz 
-2: 1084Mhz 
-3: 1138Mhz 
-4: 1200Mhz 
-5: 1401Mhz 
-6: 1536Mhz 
-7: 1630Mhz 
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_dpm_socclk
-Lines: 8
-0: 600Mhz 
-1: 720Mhz *
-2: 800Mhz 
-3: 847Mhz 
-4: 900Mhz 
-5: 960Mhz 
-6: 1028Mhz 
-7: 1107Mhz 
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_features
-Lines: 32
-Current ppfeatures: 0x0000000019a1ff4f
-FEATURES            BITMASK                ENABLEMENT
-DPM_PREFETCHER      0x0000000000000001      Y
-GFXCLK_DPM          0x0000000000000002      Y
-UCLK_DPM            0x0000000000000004      Y
-SOCCLK_DPM          0x0000000000000008      Y
-UVD_DPM             0x0000000000000010      N
-VCE_DPM             0x0000000000000020      N
-ULV                 0x0000000000000040      Y
-MP0CLK_DPM          0x0000000000000080      N
-LINK_DPM            0x0000000000000100      Y
-DCEFCLK_DPM         0x0000000000000200      Y
-AVFS                0x0000000000000400      Y
-GFXCLK_DS           0x0000000000000800      Y
-SOCCLK_DS           0x0000000000001000      Y
-LCLK_DS             0x0000000000002000      Y
-PPT                 0x0000000000004000      Y
-TDC                 0x0000000000008000      Y
-THERMAL             0x0000000000010000      Y
-GFX_PER_CU_CG       0x0000000000020000      N
-RM                  0x0000000000040000      N
-DCEFCLK_DS          0x0000000000080000      N
-ACDC                0x0000000000100000      N
-VR0HOT              0x0000000000200000      Y
-VR1HOT              0x0000000000400000      N
-FW_CTF              0x0000000000800000      Y
-LED_DISPLAY         0x0000000001000000      Y
-FAN_CONTROL         0x0000000002000000      N
-FAST_PPT            0x0000000004000000      N
-DIDT                0x0000000008000000      Y
-ACG                 0x0000000010000000      Y
-PCC_LIMIT           0x0000000020000000      N
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_force_state
-Lines: 1
-
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_mclk_od
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_num_states
-Lines: 3
-states: 2
-0 boot
-1 performance
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_od_clk_voltage
-Lines: 18
-OD_SCLK:
-0:        852Mhz        800mV
-1:        991Mhz        900mV
-2:       1084Mhz        950mV
-3:       1138Mhz       1000mV
-4:       1200Mhz       1050mV
-5:       1401Mhz       1100mV
-6:       1536Mhz       1150mV
-7:       1630Mhz       1200mV
-OD_MCLK:
-0:        167Mhz        800mV
-1:        500Mhz        800mV
-2:        800Mhz        950mV
-3:        945Mhz       1100mV
-OD_RANGE:
-SCLK:     852MHz       2400MHz
-MCLK:     167MHz       1500MHz
-VDDC:     800mV        1200mV
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_power_profile_mode
-Lines: 8
-NUM        MODE_NAME BUSY_SET_POINT FPS USE_RLC_BUSY MIN_ACTIVE_LEVEL
-  0 BOOTUP_DEFAULT :             70  60          0              0
-  1 3D_FULL_SCREEN*:             70  60          1              3
-  2   POWER_SAVING :             90  60          0              0
-  3          VIDEO :             70  60          0              0
-  4             VR :             70  90          0              0
-  5        COMPUTE :             30  60          0              6
-  6         CUSTOM :              0   0          0              0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/pp_sclk_od
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/product_name
-Lines: 1
-
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/product_number
-Lines: 1
-
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/resource
-Lines: 13
-0x0000007c00000000 0x0000007dffffffff 0x000000000014220c
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000007e00000000 0x0000007e0fffffff 0x000000000014220c
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x000000000000d000 0x000000000000d0ff 0x0000000000040101
-0x00000000fcd00000 0x00000000fcd7ffff 0x0000000000040200
-0x00000000fcd80000 0x00000000fcd9ffff 0x0000000000046200
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/revision
-Lines: 1
-0xc1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/serial_number
-Lines: 1
-
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/subsystem_device
-Lines: 1
-0x04c4
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/subsystem_vendor
-Lines: 1
-0x1043
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/thermal_throttling_logging
-Lines: 1
-0000:09:00.0: thermal throttling logging enabled, with interval 60 seconds
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/uevent
-Lines: 6
-DRIVER=amdgpu
-PCI_CLASS=30000
-PCI_ID=1002:687F
-PCI_SUBSYS_ID=1043:04C4
-PCI_SLOT_NAME=0000:09:00.0
-MODALIAS=pci:v00001002d0000687Fsv00001043sd000004C4bc03sc00i00
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/unique_id
-Lines: 1
-0123456789abcdef
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/vbios_version
-Lines: 1
-115-D050PIL-100
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/drm/card0/device/vendor
-Lines: 1
-0x1002
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/fc_host
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/fc_host/host0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/dev_loss_tmo
-Lines: 1
-30
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/fabric_name
-Lines: 1
-0x0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/node_name
-Lines: 1
-0x2000e0071bce95f2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/port_id
-Lines: 1
-0x000002
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/port_name
-Lines: 1
-0x1000e0071bce95f2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/port_state
-Lines: 1
-Online
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/port_type
-Lines: 1
-Point-To-Point (direct nport connection)
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/speed
-Lines: 1
-16 Gbit
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/fc_host/host0/statistics
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/dumped_frames
-Lines: 1
-0xffffffffffffffff
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/error_frames
-Lines: 1
-0x0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/fcp_packet_aborts
-Lines: 1
-0x13
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/invalid_crc_count
-Lines: 1
-0x2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/invalid_tx_word_count
-Lines: 1
-0x8
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/link_failure_count
-Lines: 1
-0x9
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/loss_of_signal_count
-Lines: 1
-0x11
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/loss_of_sync_count
-Lines: 1
-0x10
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/nos_count
-Lines: 1
-0x12
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/rx_frames
-Lines: 1
-0x3
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/rx_words
-Lines: 1
-0x4
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/seconds_since_last_reset
-Lines: 1
-0x7
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/tx_frames
-Lines: 1
-0x5
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/statistics/tx_words
-Lines: 1
-0x6
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/supported_classes
-Lines: 1
-Class 3
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/supported_speeds
-Lines: 1
-4 Gbit, 8 Gbit, 16 Gbit
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/fc_host/host0/symbolic_name
-Lines: 1
-Emulex SN1100E2P FV12.4.270.3 DV12.4.0.0. HN:gotest. OS:Linux
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/hfi1_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/board_id
-Lines: 1
-HPE 100Gb 1-port OP101 QSFP28 x16 PCIe Gen3 with Intel Omni-Path Adapter
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/fw_ver
-Lines: 1
-1.27.0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/hfi1_0/ports
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/hfi1_0/ports/1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/VL15_dropped
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/excessive_buffer_overrun_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/link_downed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/link_error_recovery
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/local_link_integrity_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_rcv_constraint_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_rcv_data
-Lines: 1
-345091702026
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_rcv_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_rcv_packets
-Lines: 1
-638036947
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_rcv_remote_physical_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_rcv_switch_relay_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_xmit_constraint_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_xmit_data
-Lines: 1
-273558326543
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_xmit_discards
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_xmit_packets
-Lines: 1
-568318856
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/port_xmit_wait
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/counters/symbol_error
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/phys_state
-Lines: 1
-5: LinkUp
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/rate
-Lines: 1
-100 Gb/sec (4X EDR)
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/hfi1_0/ports/1/state
-Lines: 1
-4: ACTIVE
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/mlx4_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/board_id
-Lines: 1
-SM_1141000001000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/fw_ver
-Lines: 1
-2.31.5050
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/hca_type
-Lines: 1
-MT4099
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/mlx4_0/ports
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/mlx4_0/ports/1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/VL15_dropped
-Lines: 1
-0
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/excessive_buffer_overrun_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/link_downed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/link_error_recovery
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/local_link_integrity_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_rcv_constraint_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_rcv_data
-Lines: 1
-2221223609
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_rcv_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_rcv_packets
-Lines: 1
-87169372
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_rcv_remote_physical_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_rcv_switch_relay_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_xmit_constraint_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_xmit_data
-Lines: 1
-26509113295
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_xmit_discards
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_xmit_packets
-Lines: 1
-85734114
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/port_xmit_wait
-Lines: 1
-3599
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/counters/symbol_error
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/phys_state
-Lines: 1
-5: LinkUp
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/rate
-Lines: 1
-40 Gb/sec (4X QDR)
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/1/state
-Lines: 1
-4: ACTIVE
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/mlx4_0/ports/2
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/VL15_dropped
-Lines: 1
-0
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/excessive_buffer_overrun_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/link_downed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/link_error_recovery
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/local_link_integrity_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_rcv_constraint_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_rcv_data
-Lines: 1
-2460436784
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_rcv_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_rcv_packets
-Lines: 1
-89332064
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_rcv_remote_physical_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_rcv_switch_relay_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_xmit_constraint_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_xmit_data
-Lines: 1
-26540356890
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_xmit_discards
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_xmit_packets
-Lines: 1
-88622850
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/port_xmit_wait
-Lines: 1
-3846
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/counters/symbol_error
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/phys_state
-Lines: 1
-5: LinkUp
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/rate
-Lines: 1
-40 Gb/sec (4X QDR)
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/infiniband/mlx4_0/ports/2/state
-Lines: 1
-4: ACTIVE
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/net
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/net/eth0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/addr_assign_type
-Lines: 1
-3
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/addr_len
-Lines: 1
-6
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/address
-Lines: 1
-01:01:01:01:01:01
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/broadcast
-Lines: 1
-ff:ff:ff:ff:ff:ff
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/carrier
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/carrier_changes
-Lines: 1
-2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/carrier_down_count
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/carrier_up_count
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/dev_id
-Lines: 1
-0x20
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/device
-SymlinkTo: ../../../devices/pci0000:00/0000:00:1f.6/
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/dormant
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/duplex
-Lines: 1
-full
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/flags
-Lines: 1
-0x1303
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/ifalias
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/ifindex
-Lines: 1
-2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/iflink
-Lines: 1
-2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/link_mode
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/mtu
-Lines: 1
-1500
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/name_assign_type
-Lines: 1
-2
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/netdev_group
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/operstate
-Lines: 1
-up
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/phys_port_id
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/phys_port_name
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/phys_switch_id
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/speed
-Lines: 1
-1000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/tx_queue_len
-Lines: 1
-1000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/net/eth0/type
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/nvme
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/nvme/nvme0
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/nvme/nvme0/firmware_rev
-Lines: 1
-1B2QEXP7
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/nvme/nvme0/model
-Lines: 1
-Samsung SSD 970 PRO 512GB               
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/nvme/nvme0/serial
-Lines: 1
-S680HF8N190894I
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/nvme/nvme0/state
-Lines: 1
-live
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/power_supply
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/power_supply/AC
-SymlinkTo: ../../devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/power_supply/BAT0
-SymlinkTo: ../../devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/powercap
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/powercap/intel-rapl
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl/enabled
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl/uevent
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/powercap/intel-rapl:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_0_max_power_uw
-Lines: 1
-95000000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_0_name
-Lines: 1
-long_term
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_0_power_limit_uw
-Lines: 1
-4090000000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_0_time_window_us
-Lines: 1
-999424
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_1_max_power_uw
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_1_name
-Lines: 1
-short_term
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_1_power_limit_uw
-Lines: 1
-4090000000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/constraint_1_time_window_us
-Lines: 1
-2440
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/enabled
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/energy_uj
-Lines: 1
-240422366267
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/max_energy_range_uj
-Lines: 1
-262143328850
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/name
-Lines: 1
-package-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0/uevent
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/powercap/intel-rapl:0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/constraint_0_max_power_uw
-Lines: 0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/constraint_0_name
-Lines: 1
-long_term
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/constraint_0_power_limit_uw
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/constraint_0_time_window_us
-Lines: 1
-976
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/enabled
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/energy_uj
-Lines: 1
-118821284256
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/max_energy_range_uj
-Lines: 1
-262143328850
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/name
-Lines: 1
-core
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:0:0/uevent
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/powercap/intel-rapl:a
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_0_max_power_uw
-Lines: 1
-95000000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_0_name
-Lines: 1
-long_term
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_0_power_limit_uw
-Lines: 1
-4090000000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_0_time_window_us
-Lines: 1
-999424
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_1_max_power_uw
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_1_name
-Lines: 1
-short_term
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_1_power_limit_uw
-Lines: 1
-4090000000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/constraint_1_time_window_us
-Lines: 1
-2440
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/enabled
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/energy_uj
-Lines: 1
-240422366267
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/max_energy_range_uj
-Lines: 1
-262143328850
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/name
-Lines: 1
-package-10
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/powercap/intel-rapl:a/uevent
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/scsi_tape
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/nst0
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/nst0a
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/nst0l
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/nst0m
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/st0
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/st0a
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/st0l
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/scsi_tape/st0m
-SymlinkTo: ../../devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/thermal
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/thermal/cooling_device0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/cooling_device0/cur_state
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/cooling_device0/max_state
-Lines: 1
-50
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/cooling_device0/type
-Lines: 1
-Processor
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/thermal/cooling_device1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/cooling_device1/cur_state
-Lines: 1
--1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/cooling_device1/max_state
-Lines: 1
-27
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/cooling_device1/type
-Lines: 1
-intel_powerclamp
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/thermal/thermal_zone0
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone0/policy
-Lines: 1
-step_wise
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone0/temp
-Lines: 1
-49925
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone0/type
-Lines: 1
-bcm2835_thermal
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/class/thermal/thermal_zone1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone1/mode
-Lines: 1
-enabled
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone1/passive
-Lines: 1
-0
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone1/policy
-Lines: 1
-step_wise
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone1/temp
-Lines: 1
--44000
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/class/thermal/thermal_zone1/type
-Lines: 1
-acpitz
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/device
-SymlinkTo: ../../../ACPI0003:00
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/online
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/async
-Lines: 1
-disabled
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/autosuspend_delay_ms
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/control
-Lines: 1
-auto
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/runtime_active_kids
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/runtime_active_time
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/runtime_enabled
-Lines: 1
-disabled
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/runtime_status
-Lines: 1
-unsupported
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/runtime_suspended_time
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/runtime_usage
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup
-Lines: 1
-enabled
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_abort_count
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_active
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_active_count
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_count
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_expire_count
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_last_time_ms
-Lines: 1
-10598
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_max_time_ms
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_prevent_sleep_time_ms
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/power/wakeup_total_time_ms
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/subsystem
-SymlinkTo: ../../../../../../../../../class/power_supply
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/type
-Lines: 1
-Mains
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/ACPI0003:00/power_supply/AC/uevent
-Lines: 2
-POWER_SUPPLY_NAME=AC
-POWER_SUPPLY_ONLINE=0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/alarm
-Lines: 1
-2369000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/capacity
-Lines: 1
-98
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/capacity_level
-Lines: 1
-Normal
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/charge_start_threshold
-Lines: 1
-95
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/charge_stop_threshold
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/cycle_count
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/device
-SymlinkTo: ../../../PNP0C0A:00
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/energy_full
-Lines: 1
-50060000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/energy_full_design
-Lines: 1
-47520000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/energy_now
-Lines: 1
-49450000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/manufacturer
-Lines: 1
-LGC
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/model_name
-Lines: 1
-LNV-45N1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/async
-Lines: 1
-disabled
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/autosuspend_delay_ms
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/control
-Lines: 1
-auto
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/runtime_active_kids
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/runtime_active_time
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/runtime_enabled
-Lines: 1
-disabled
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/runtime_status
-Lines: 1
-unsupported
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/runtime_suspended_time
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power/runtime_usage
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/power_now
-Lines: 1
-4830000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/present
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/serial_number
-Lines: 1
-38109
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/status
-Lines: 1
-Discharging
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/subsystem
-SymlinkTo: ../../../../../../../../../class/power_supply
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/technology
-Lines: 1
-Li-ion
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/type
-Lines: 1
-Battery
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/uevent
-Lines: 16
-POWER_SUPPLY_NAME=BAT0
-POWER_SUPPLY_STATUS=Discharging
-POWER_SUPPLY_PRESENT=1
-POWER_SUPPLY_TECHNOLOGY=Li-ion
-POWER_SUPPLY_CYCLE_COUNT=0
-POWER_SUPPLY_VOLTAGE_MIN_DESIGN=10800000
-POWER_SUPPLY_VOLTAGE_NOW=11750000
-POWER_SUPPLY_POWER_NOW=5064000
-POWER_SUPPLY_ENERGY_FULL_DESIGN=47520000
-POWER_SUPPLY_ENERGY_FULL=47390000
-POWER_SUPPLY_ENERGY_NOW=40730000
-POWER_SUPPLY_CAPACITY=85
-POWER_SUPPLY_CAPACITY_LEVEL=Normal
-POWER_SUPPLY_MODEL_NAME=LNV-45N1
-POWER_SUPPLY_MANUFACTURER=LGC
-POWER_SUPPLY_SERIAL_NUMBER=38109
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/voltage_min_design
-Lines: 1
-10800000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:00/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/voltage_now
-Lines: 1
-12229000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0a/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0l/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/nst0m/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0a/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0l/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/in_flight
-Lines: 1
-1EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/io_ns
-Lines: 1
-9247011087720EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/other_cnt
-Lines: 1
-1409EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/read_byte_cnt
-Lines: 1
-979383912EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/read_cnt
-Lines: 1
-3741EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/read_ns
-Lines: 1
-33788355744EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/resid_cnt
-Lines: 1
-19EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/write_byte_cnt
-Lines: 1
-1496246784000EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/write_cnt
-Lines: 1
-53772916EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:00.0/host0/port-0:0/end_device-0:0/target0:0:0/0:0:0:0/scsi_tape/st0m/stats/write_ns
-Lines: 1
-5233597394395EOF
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/dirty_data
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/cache_hit_ratio
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/cache_hits
-Lines: 1
-289
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_day/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/cache_hit_ratio
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/cache_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_five_minute/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/cache_hit_ratio
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/cache_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_hour/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/cache_hit_ratio
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/cache_hits
-Lines: 1
-546
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata4/host3/target3:0:0/3:0:0:0/block/sdb/bcache/stats_total/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0/block
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0/block/sdc
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0/block/sdc/bcache
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0/block/sdc/bcache/io_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0/block/sdc/bcache/metadata_written
-Lines: 1
-512
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0/block/sdc/bcache/priority_stats
-Lines: 5
-Unused:		99%
-Metadata:	0%
-Average:	10473
-Sectors per Q:	64
-Quantiles:	[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946]
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:0d.0/ata5/host4/target4:0:0/4:0:0:0/block/sdc/bcache/written
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/pci0000:00/0000:00:1f.6
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/ari_enabled
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/broken_parity_status
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/class
-Lines: 1
-0x020000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/consistent_dma_mask_bits
-Lines: 1
-64
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/d3cold_allowed
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/device
-Lines: 1
-0x15d7
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/dma_mask_bits
-Lines: 1
-64
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/driver_override
-Lines: 1
-(null)
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/irq
-Lines: 1
-140
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/local_cpulist
-Lines: 1
-0-7
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/local_cpus
-Lines: 1
-ff
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/modalias
-Lines: 1
-pci:v00008086d000015D7sv000017AAsd0000225Abc02sc00i00
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/msi_bus
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/numa_node
-Lines: 1
--1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/resource
-Lines: 13
-0x00000000ec200000 0x00000000ec21ffff 0x0000000000040200
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-0x0000000000000000 0x0000000000000000 0x0000000000000000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/revision
-Lines: 1
-0x21
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/subsystem_device
-Lines: 1
-0x225a
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/subsystem_vendor
-Lines: 1
-0x17aa
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/uevent
-Lines: 6
-DRIVER=e1000e
-PCI_CLASS=20000
-PCI_ID=8086:15D7
-PCI_SUBSYS_ID=17AA:225A
-PCI_SLOT_NAME=0000:00:1f.6
-MODALIAS=pci:v00008086d000015D7sv000017AAsd0000225Abc02sc00i00
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/pci0000:00/0000:00:1f.6/vendor
-Lines: 1
-0x8086
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/rbd
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/rbd/0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/rbd/0/name
-Lines: 1
-demo
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/rbd/0/pool
-Lines: 1
-iscsi-images
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/rbd/1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/rbd/1/name
-Lines: 1
-wrong
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/rbd/1/pool
-Lines: 1
-wrong-images
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/clocksource
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/clocksource/clocksource0
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/clocksource/clocksource0/available_clocksource
-Lines: 1
-tsc hpet acpi_pm 
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/clocksource/clocksource0/current_clocksource
-Lines: 1
-tsc
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpu0
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/cpufreq
-SymlinkTo: ../cpufreq/policy0
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpu0/thermal_throttle
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/thermal_throttle/core_throttle_count
-Lines: 1
-10084
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/thermal_throttle/package_throttle_count
-Lines: 1
-34818
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpu0/topology
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/topology/core_id
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/topology/core_siblings
-Lines: 1
-ff
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/topology/core_siblings_list
-Lines: 1
-0-7
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/topology/physical_package_id
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/topology/thread_siblings
-Lines: 1
-11
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu0/topology/thread_siblings_list
-Lines: 1
-0,4
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpu1
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpu1/cpufreq
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_cur_freq
-Lines: 1
-1200195
-Mode: 400
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_max_freq
-Lines: 1
-3300000
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq
-Lines: 1
-1200000
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_transition_latency
-Lines: 1
-4294967295
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/related_cpus
-Lines: 1
-1
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/scaling_available_governors
-Lines: 1
-performance powersave
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/scaling_driver
-Lines: 1
-intel_pstate
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/scaling_governor
-Lines: 1
-powersave
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/scaling_max_freq
-Lines: 1
-3300000
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq
-Lines: 1
-1200000
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/cpufreq/scaling_setspeed
-Lines: 1
-<unsupported>
-Mode: 664
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpu1/thermal_throttle
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/thermal_throttle/core_throttle_count
-Lines: 1
-523
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/thermal_throttle/package_throttle_count
-Lines: 1
-34818
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpu1/topology
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/topology/core_id
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/topology/core_siblings
-Lines: 1
-ff
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/topology/core_siblings_list
-Lines: 1
-0-7
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/topology/physical_package_id
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/topology/thread_siblings
-Lines: 1
-22
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpu1/topology/thread_siblings_list
-Lines: 1
-1,5
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpufreq
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpufreq/policy0
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/affected_cpus
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq
-Lines: 1
-2400000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_min_freq
-Lines: 1
-800000
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_transition_latency
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/related_cpus
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/scaling_available_governors
-Lines: 1
-performance powersave
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/scaling_cur_freq
-Lines: 1
-1219917
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/scaling_driver
-Lines: 1
-intel_pstate
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/scaling_governor
-Lines: 1
-powersave
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/scaling_max_freq
-Lines: 1
-2400000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/scaling_min_freq
-Lines: 1
-800000
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/cpu/cpufreq/policy0/scaling_setspeed
-Lines: 1
-<unsupported>
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/cpu/cpufreq/policy1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/node
-Mode: 775
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/node/node1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/node/node1/vmstat
-Lines: 6
-nr_free_pages 1
-nr_zone_inactive_anon 2
-nr_zone_active_anon 3
-nr_zone_inactive_file 4
-nr_zone_active_file 5
-nr_zone_unevictable 6
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/devices/system/node/node2
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/devices/system/node/node2/vmstat
-Lines: 6
-nr_free_pages 7
-nr_zone_inactive_anon 8
-nr_zone_active_anon 9
-nr_zone_inactive_file 10
-nr_zone_active_file 11
-nr_zone_unevictable 12
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/average_key_size
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0
-Mode: 777
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/dirty_data
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/cache_hit_ratio
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/cache_hits
-Lines: 1
-289
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_day/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/cache_hit_ratio
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/cache_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_five_minute/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/cache_hit_ratio
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/cache_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_hour/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/cache_hit_ratio
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/cache_hits
-Lines: 1
-546
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/stats_total/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/bdev0/writeback_rate_debug
-Lines: 7
-rate:           1.1M/sec
-dirty:          20.4G
-target:         20.4G
-proportional:   427.5k
-integral:       790.0k
-change:         321.5k/sec
-next io:        17ms
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/btree_cache_size
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/cache0
-Mode: 777
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/cache0/io_errors
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/cache0/metadata_written
-Lines: 1
-512
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/cache0/priority_stats
-Lines: 5
-Unused:		99%
-Metadata:	0%
-Average:	10473
-Sectors per Q:	64
-Quantiles:	[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946 20946]
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/cache0/written
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/cache_available_percent
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/congested
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/internal
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/internal/active_journal_entries
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/internal/btree_nodes
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/internal/btree_read_average_duration_us
-Lines: 1
-1305
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/internal/cache_read_races
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/root_usage_percent
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/cache_hit_ratio
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/cache_hits
-Lines: 1
-289
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_day/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/cache_hit_ratio
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/cache_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_five_minute/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/cache_hit_ratio
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/cache_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_hour/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/bypassed
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/cache_bypass_hits
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/cache_bypass_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/cache_hit_ratio
-Lines: 1
-100
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/cache_hits
-Lines: 1
-546
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/cache_miss_collisions
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/cache_misses
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/stats_total/cache_readaheads
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/bcache/deaddd54-c735-46d5-868e-f331c5fd7c74/tree_depth
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/bytes_may_use
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/bytes_readonly
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/bytes_reserved
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/bytes_used
-Lines: 1
-808189952
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/disk_total
-Lines: 1
-2147483648
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/disk_used
-Lines: 1
-808189952
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/flags
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/raid0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/raid0/total_bytes
-Lines: 1
-2147483648
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/raid0/used_bytes
-Lines: 1
-808189952
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/total_bytes
-Lines: 1
-2147483648
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/data/total_bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/global_rsv_reserved
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/global_rsv_size
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/bytes_may_use
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/bytes_readonly
-Lines: 1
-131072
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/bytes_reserved
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/bytes_used
-Lines: 1
-933888
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/disk_total
-Lines: 1
-2147483648
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/disk_used
-Lines: 1
-1867776
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/flags
-Lines: 1
-4
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/raid1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/raid1/total_bytes
-Lines: 1
-1073741824
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/raid1/used_bytes
-Lines: 1
-933888
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/total_bytes
-Lines: 1
-1073741824
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/metadata/total_bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/bytes_may_use
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/bytes_readonly
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/bytes_reserved
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/bytes_used
-Lines: 1
-16384
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/disk_total
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/disk_used
-Lines: 1
-32768
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/flags
-Lines: 1
-2
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/raid1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/raid1/total_bytes
-Lines: 1
-8388608
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/raid1/used_bytes
-Lines: 1
-16384
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/total_bytes
-Lines: 1
-8388608
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/allocation/system/total_bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/clone_alignment
-Lines: 1
-4096
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/devices
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/devices/loop25
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/devices/loop25/size
-Lines: 1
-20971520
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/devices/loop26
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/devices/loop26/size
-Lines: 1
-20971520
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/features
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/features/big_metadata
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/features/extended_iref
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/features/mixed_backref
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/features/skinny_metadata
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/label
-Lines: 1
-fixture
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/metadata_uuid
-Lines: 1
-0abb23a9-579b-43e6-ad30-227ef47fcb9d
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/nodesize
-Lines: 1
-16384
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/quota_override
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/0abb23a9-579b-43e6-ad30-227ef47fcb9d/sectorsize
-Lines: 1
-4096
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/bytes_may_use
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/bytes_readonly
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/bytes_reserved
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/bytes_used
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/disk_total
-Lines: 1
-644087808
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/disk_used
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/flags
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/raid5
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/raid5/total_bytes
-Lines: 1
-644087808
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/raid5/used_bytes
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/total_bytes
-Lines: 1
-644087808
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/data/total_bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/global_rsv_reserved
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/global_rsv_size
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/bytes_may_use
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/bytes_readonly
-Lines: 1
-262144
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/bytes_reserved
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/bytes_used
-Lines: 1
-114688
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/disk_total
-Lines: 1
-429391872
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/disk_used
-Lines: 1
-114688
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/flags
-Lines: 1
-4
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/raid6
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/raid6/total_bytes
-Lines: 1
-429391872
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/raid6/used_bytes
-Lines: 1
-114688
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/total_bytes
-Lines: 1
-429391872
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/metadata/total_bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/bytes_may_use
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/bytes_readonly
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/bytes_reserved
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/bytes_used
-Lines: 1
-16384
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/disk_total
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/disk_used
-Lines: 1
-16384
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/flags
-Lines: 1
-2
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/raid6
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/raid6/total_bytes
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/raid6/used_bytes
-Lines: 1
-16384
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/total_bytes
-Lines: 1
-16777216
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/allocation/system/total_bytes_pinned
-Lines: 1
-0
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/clone_alignment
-Lines: 1
-4096
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/devices
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/devices/loop22
-SymlinkTo: ../../../../devices/virtual/block/loop22
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/devices/loop23
-SymlinkTo: ../../../../devices/virtual/block/loop23
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/devices/loop24
-SymlinkTo: ../../../../devices/virtual/block/loop24
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/devices/loop25
-SymlinkTo: ../../../../devices/virtual/block/loop25
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/features
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/features/big_metadata
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/features/extended_iref
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/features/mixed_backref
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/features/raid56
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/features/skinny_metadata
-Lines: 1
-1
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/label
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/metadata_uuid
-Lines: 1
-7f07c59f-6136-449c-ab87-e1cf2328731b
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/nodesize
-Lines: 1
-16384
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/quota_override
-Lines: 1
-0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/btrfs/7f07c59f-6136-449c-ab87-e1cf2328731b/sectorsize
-Lines: 1
-4096
-Mode: 444
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/xfs
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/xfs/sda1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/xfs/sda1/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/xfs/sda1/stats/stats
-Lines: 1
-extent_alloc 1 0 0 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/xfs/sdb1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/fs/xfs/sdb1/stats
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/fs/xfs/sdb1/stats/stats
-Lines: 1
-extent_alloc 2 0 0 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/fileio_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/fileio_1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/fileio_1/file_lio_1G
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/fileio_1/file_lio_1G/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/fileio_1/file_lio_1G/udev_path
-Lines: 1
-/home/iscsi/file_back_1G
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/iblock_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/iblock_0/block_lio_rbd1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/iblock_0/block_lio_rbd1/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/iblock_0/block_lio_rbd1/udev_path
-Lines: 1
-/dev/rbd1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/rbd_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/rbd_0/iscsi-images-demo
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/rbd_0/iscsi-images-demo/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/rbd_0/iscsi-images-demo/udev_path
-Lines: 1
-/dev/rbd/iscsi-images/demo
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/rd_mcp_119
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/core/rd_mcp_119/ramdisk_lio_1G
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/rd_mcp_119/ramdisk_lio_1G/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/core/rd_mcp_119/ramdisk_lio_1G/udev_path
-Lines: 0
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun/lun_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun/lun_0/7f4a4eb56d
-SymlinkTo: ../../../../../../target/core/rd_mcp_119/ramdisk_lio_1G
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun/lun_0/statistics
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/in_cmds
-Lines: 1
-204950
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/read_mbytes
-Lines: 1
-10325
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.8888bbbbddd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/write_mbytes
-Lines: 1
-40325
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun/lun_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun/lun_0/795b7c7026
-SymlinkTo: ../../../../../../target/core/iblock_0/block_lio_rbd1
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun/lun_0/statistics
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun/lun_0/statistics/scsi_tgt_port
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/in_cmds
-Lines: 1
-104950
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/read_mbytes
-Lines: 1
-20095
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2003-01.org.linux-iscsi.osd1.x8664:sn.abcd1abcd2ab/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/write_mbytes
-Lines: 1
-71235
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun/lun_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun/lun_0/fff5e16686
-SymlinkTo: ../../../../../../target/core/fileio_1/file_lio_1G
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun/lun_0/statistics
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/in_cmds
-Lines: 1
-301950
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/read_mbytes
-Lines: 1
-10195
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:dev.rbd0/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/write_mbytes
-Lines: 1
-30195
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/enable
-Lines: 1
-1
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun/lun_0
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun/lun_0/eba1edf893
-SymlinkTo: ../../../../../../target/core/rbd_0/iscsi-images-demo
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun/lun_0/statistics
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Directory: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun/lun_0/statistics/scsi_tgt_port
-Mode: 755
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/in_cmds
-Lines: 1
-1234
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/read_mbytes
-Lines: 1
-1504
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Path: fixtures/sys/kernel/config/target/iscsi/iqn.2016-11.org.linux-iscsi.igw.x86:sn.ramdemo/tpgt_1/lun/lun_0/statistics/scsi_tgt_port/write_mbytes
-Lines: 1
-4733
-Mode: 644
-# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/vendor/github.com/prometheus/procfs/fs.go b/vendor/github.com/prometheus/procfs/fs.go
deleted file mode 100644
index 0102ab0fd..000000000
--- a/vendor/github.com/prometheus/procfs/fs.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"github.com/prometheus/procfs/internal/fs"
-)
-
-// FS represents the pseudo-filesystem sys, which provides an interface to
-// kernel data structures.
-type FS struct {
-	proc fs.FS
-}
-
-// DefaultMountPoint is the common mount point of the proc filesystem.
-const DefaultMountPoint = fs.DefaultProcMountPoint
-
-// NewDefaultFS returns a new proc FS mounted under the default proc mountPoint.
-// It will error if the mount point directory can't be read or is a file.
-func NewDefaultFS() (FS, error) {
-	return NewFS(DefaultMountPoint)
-}
-
-// NewFS returns a new proc FS mounted under the given proc mountPoint. It will error
-// if the mount point directory can't be read or is a file.
-func NewFS(mountPoint string) (FS, error) {
-	fs, err := fs.NewFS(mountPoint)
-	if err != nil {
-		return FS{}, err
-	}
-	return FS{fs}, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/fscache.go b/vendor/github.com/prometheus/procfs/fscache.go
deleted file mode 100644
index f8070e6e2..000000000
--- a/vendor/github.com/prometheus/procfs/fscache.go
+++ /dev/null
@@ -1,422 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Fscacheinfo represents fscache statistics.
-type Fscacheinfo struct {
-	// Number of index cookies allocated
-	IndexCookiesAllocated uint64
-	// data storage cookies allocated
-	DataStorageCookiesAllocated uint64
-	// Number of special cookies allocated
-	SpecialCookiesAllocated uint64
-	// Number of objects allocated
-	ObjectsAllocated uint64
-	// Number of object allocation failures
-	ObjectAllocationsFailure uint64
-	// Number of objects that reached the available state
-	ObjectsAvailable uint64
-	// Number of objects that reached the dead state
-	ObjectsDead uint64
-	// Number of objects that didn't have a coherency check
-	ObjectsWithoutCoherencyCheck uint64
-	// Number of objects that passed a coherency check
-	ObjectsWithCoherencyCheck uint64
-	// Number of objects that needed a coherency data update
-	ObjectsNeedCoherencyCheckUpdate uint64
-	// Number of objects that were declared obsolete
-	ObjectsDeclaredObsolete uint64
-	// Number of pages marked as being cached
-	PagesMarkedAsBeingCached uint64
-	// Number of uncache page requests seen
-	UncachePagesRequestSeen uint64
-	// Number of acquire cookie requests seen
-	AcquireCookiesRequestSeen uint64
-	// Number of acq reqs given a NULL parent
-	AcquireRequestsWithNullParent uint64
-	// Number of acq reqs rejected due to no cache available
-	AcquireRequestsRejectedNoCacheAvailable uint64
-	// Number of acq reqs succeeded
-	AcquireRequestsSucceeded uint64
-	// Number of acq reqs rejected due to error
-	AcquireRequestsRejectedDueToError uint64
-	// Number of acq reqs failed on ENOMEM
-	AcquireRequestsFailedDueToEnomem uint64
-	// Number of lookup calls made on cache backends
-	LookupsNumber uint64
-	// Number of negative lookups made
-	LookupsNegative uint64
-	// Number of positive lookups made
-	LookupsPositive uint64
-	// Number of objects created by lookup
-	ObjectsCreatedByLookup uint64
-	// Number of lookups timed out and requeued
-	LookupsTimedOutAndRequed uint64
-	InvalidationsNumber      uint64
-	InvalidationsRunning     uint64
-	// Number of update cookie requests seen
-	UpdateCookieRequestSeen uint64
-	// Number of upd reqs given a NULL parent
-	UpdateRequestsWithNullParent uint64
-	// Number of upd reqs granted CPU time
-	UpdateRequestsRunning uint64
-	// Number of relinquish cookie requests seen
-	RelinquishCookiesRequestSeen uint64
-	// Number of rlq reqs given a NULL parent
-	RelinquishCookiesWithNullParent uint64
-	// Number of rlq reqs waited on completion of creation
-	RelinquishRequestsWaitingCompleteCreation uint64
-	// Relinqs rtr
-	RelinquishRetries uint64
-	// Number of attribute changed requests seen
-	AttributeChangedRequestsSeen uint64
-	// Number of attr changed requests queued
-	AttributeChangedRequestsQueued uint64
-	// Number of attr changed rejected -ENOBUFS
-	AttributeChangedRejectDueToEnobufs uint64
-	// Number of attr changed failed -ENOMEM
-	AttributeChangedFailedDueToEnomem uint64
-	// Number of attr changed ops given CPU time
-	AttributeChangedOps uint64
-	// Number of allocation requests seen
-	AllocationRequestsSeen uint64
-	// Number of successful alloc reqs
-	AllocationOkRequests uint64
-	// Number of alloc reqs that waited on lookup completion
-	AllocationWaitingOnLookup uint64
-	// Number of alloc reqs rejected -ENOBUFS
-	AllocationsRejectedDueToEnobufs uint64
-	// Number of alloc reqs aborted -ERESTARTSYS
-	AllocationsAbortedDueToErestartsys uint64
-	// Number of alloc reqs submitted
-	AllocationOperationsSubmitted uint64
-	// Number of alloc reqs waited for CPU time
-	AllocationsWaitedForCPU uint64
-	// Number of alloc reqs aborted due to object death
-	AllocationsAbortedDueToObjectDeath uint64
-	// Number of retrieval (read) requests seen
-	RetrievalsReadRequests uint64
-	// Number of successful retr reqs
-	RetrievalsOk uint64
-	// Number of retr reqs that waited on lookup completion
-	RetrievalsWaitingLookupCompletion uint64
-	// Number of retr reqs returned -ENODATA
-	RetrievalsReturnedEnodata uint64
-	// Number of retr reqs rejected -ENOBUFS
-	RetrievalsRejectedDueToEnobufs uint64
-	// Number of retr reqs aborted -ERESTARTSYS
-	RetrievalsAbortedDueToErestartsys uint64
-	// Number of retr reqs failed -ENOMEM
-	RetrievalsFailedDueToEnomem uint64
-	// Number of retr reqs submitted
-	RetrievalsRequests uint64
-	// Number of retr reqs waited for CPU time
-	RetrievalsWaitingCPU uint64
-	// Number of retr reqs aborted due to object death
-	RetrievalsAbortedDueToObjectDeath uint64
-	// Number of storage (write) requests seen
-	StoreWriteRequests uint64
-	// Number of successful store reqs
-	StoreSuccessfulRequests uint64
-	// Number of store reqs on a page already pending storage
-	StoreRequestsOnPendingStorage uint64
-	// Number of store reqs rejected -ENOBUFS
-	StoreRequestsRejectedDueToEnobufs uint64
-	// Number of store reqs failed -ENOMEM
-	StoreRequestsFailedDueToEnomem uint64
-	// Number of store reqs submitted
-	StoreRequestsSubmitted uint64
-	// Number of store reqs granted CPU time
-	StoreRequestsRunning uint64
-	// Number of pages given store req processing time
-	StorePagesWithRequestsProcessing uint64
-	// Number of store reqs deleted from tracking tree
-	StoreRequestsDeleted uint64
-	// Number of store reqs over store limit
-	StoreRequestsOverStoreLimit uint64
-	// Number of release reqs against pages with no pending store
-	ReleaseRequestsAgainstPagesWithNoPendingStorage uint64
-	// Number of release reqs against pages stored by time lock granted
-	ReleaseRequestsAgainstPagesStoredByTimeLockGranted uint64
-	// Number of release reqs ignored due to in-progress store
-	ReleaseRequestsIgnoredDueToInProgressStore uint64
-	// Number of page stores cancelled due to release req
-	PageStoresCancelledByReleaseRequests uint64
-	VmscanWaiting                        uint64
-	// Number of times async ops added to pending queues
-	OpsPending uint64
-	// Number of times async ops given CPU time
-	OpsRunning uint64
-	// Number of times async ops queued for processing
-	OpsEnqueued uint64
-	// Number of async ops cancelled
-	OpsCancelled uint64
-	// Number of async ops rejected due to object lookup/create failure
-	OpsRejected uint64
-	// Number of async ops initialised
-	OpsInitialised uint64
-	// Number of async ops queued for deferred release
-	OpsDeferred uint64
-	// Number of async ops released (should equal ini=N when idle)
-	OpsReleased uint64
-	// Number of deferred-release async ops garbage collected
-	OpsGarbageCollected uint64
-	// Number of in-progress alloc_object() cache ops
-	CacheopAllocationsinProgress uint64
-	// Number of in-progress lookup_object() cache ops
-	CacheopLookupObjectInProgress uint64
-	// Number of in-progress lookup_complete() cache ops
-	CacheopLookupCompleteInPorgress uint64
-	// Number of in-progress grab_object() cache ops
-	CacheopGrabObjectInProgress uint64
-	CacheopInvalidations        uint64
-	// Number of in-progress update_object() cache ops
-	CacheopUpdateObjectInProgress uint64
-	// Number of in-progress drop_object() cache ops
-	CacheopDropObjectInProgress uint64
-	// Number of in-progress put_object() cache ops
-	CacheopPutObjectInProgress uint64
-	// Number of in-progress attr_changed() cache ops
-	CacheopAttributeChangeInProgress uint64
-	// Number of in-progress sync_cache() cache ops
-	CacheopSyncCacheInProgress uint64
-	// Number of in-progress read_or_alloc_page() cache ops
-	CacheopReadOrAllocPageInProgress uint64
-	// Number of in-progress read_or_alloc_pages() cache ops
-	CacheopReadOrAllocPagesInProgress uint64
-	// Number of in-progress allocate_page() cache ops
-	CacheopAllocatePageInProgress uint64
-	// Number of in-progress allocate_pages() cache ops
-	CacheopAllocatePagesInProgress uint64
-	// Number of in-progress write_page() cache ops
-	CacheopWritePagesInProgress uint64
-	// Number of in-progress uncache_page() cache ops
-	CacheopUncachePagesInProgress uint64
-	// Number of in-progress dissociate_pages() cache ops
-	CacheopDissociatePagesInProgress uint64
-	// Number of object lookups/creations rejected due to lack of space
-	CacheevLookupsAndCreationsRejectedLackSpace uint64
-	// Number of stale objects deleted
-	CacheevStaleObjectsDeleted uint64
-	// Number of objects retired when relinquished
-	CacheevRetiredWhenReliquished uint64
-	// Number of objects culled
-	CacheevObjectsCulled uint64
-}
-
-// Fscacheinfo returns information about current fscache statistics.
-// See https://www.kernel.org/doc/Documentation/filesystems/caching/fscache.txt
-func (fs FS) Fscacheinfo() (Fscacheinfo, error) {
-	b, err := util.ReadFileNoStat(fs.proc.Path("fs/fscache/stats"))
-	if err != nil {
-		return Fscacheinfo{}, err
-	}
-
-	m, err := parseFscacheinfo(bytes.NewReader(b))
-	if err != nil {
-		return Fscacheinfo{}, fmt.Errorf("failed to parse Fscacheinfo: %w", err)
-	}
-
-	return *m, nil
-}
-
-func setFSCacheFields(fields []string, setFields ...*uint64) error {
-	var err error
-	if len(fields) < len(setFields) {
-		return fmt.Errorf("Insufficient number of fields, expected %v, got %v", len(setFields), len(fields))
-	}
-
-	for i := range setFields {
-		*setFields[i], err = strconv.ParseUint(strings.Split(fields[i], "=")[1], 0, 64)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func parseFscacheinfo(r io.Reader) (*Fscacheinfo, error) {
-	var m Fscacheinfo
-	s := bufio.NewScanner(r)
-	for s.Scan() {
-		fields := strings.Fields(s.Text())
-		if len(fields) < 2 {
-			return nil, fmt.Errorf("malformed Fscacheinfo line: %q", s.Text())
-		}
-
-		switch fields[0] {
-		case "Cookies:":
-			err := setFSCacheFields(fields[1:], &m.IndexCookiesAllocated, &m.DataStorageCookiesAllocated,
-				&m.SpecialCookiesAllocated)
-			if err != nil {
-				return &m, err
-			}
-		case "Objects:":
-			err := setFSCacheFields(fields[1:], &m.ObjectsAllocated, &m.ObjectAllocationsFailure,
-				&m.ObjectsAvailable, &m.ObjectsDead)
-			if err != nil {
-				return &m, err
-			}
-		case "ChkAux":
-			err := setFSCacheFields(fields[2:], &m.ObjectsWithoutCoherencyCheck, &m.ObjectsWithCoherencyCheck,
-				&m.ObjectsNeedCoherencyCheckUpdate, &m.ObjectsDeclaredObsolete)
-			if err != nil {
-				return &m, err
-			}
-		case "Pages":
-			err := setFSCacheFields(fields[2:], &m.PagesMarkedAsBeingCached, &m.UncachePagesRequestSeen)
-			if err != nil {
-				return &m, err
-			}
-		case "Acquire:":
-			err := setFSCacheFields(fields[1:], &m.AcquireCookiesRequestSeen, &m.AcquireRequestsWithNullParent,
-				&m.AcquireRequestsRejectedNoCacheAvailable, &m.AcquireRequestsSucceeded, &m.AcquireRequestsRejectedDueToError,
-				&m.AcquireRequestsFailedDueToEnomem)
-			if err != nil {
-				return &m, err
-			}
-		case "Lookups:":
-			err := setFSCacheFields(fields[1:], &m.LookupsNumber, &m.LookupsNegative, &m.LookupsPositive,
-				&m.ObjectsCreatedByLookup, &m.LookupsTimedOutAndRequed)
-			if err != nil {
-				return &m, err
-			}
-		case "Invals":
-			err := setFSCacheFields(fields[2:], &m.InvalidationsNumber, &m.InvalidationsRunning)
-			if err != nil {
-				return &m, err
-			}
-		case "Updates:":
-			err := setFSCacheFields(fields[1:], &m.UpdateCookieRequestSeen, &m.UpdateRequestsWithNullParent,
-				&m.UpdateRequestsRunning)
-			if err != nil {
-				return &m, err
-			}
-		case "Relinqs:":
-			err := setFSCacheFields(fields[1:], &m.RelinquishCookiesRequestSeen, &m.RelinquishCookiesWithNullParent,
-				&m.RelinquishRequestsWaitingCompleteCreation, &m.RelinquishRetries)
-			if err != nil {
-				return &m, err
-			}
-		case "AttrChg:":
-			err := setFSCacheFields(fields[1:], &m.AttributeChangedRequestsSeen, &m.AttributeChangedRequestsQueued,
-				&m.AttributeChangedRejectDueToEnobufs, &m.AttributeChangedFailedDueToEnomem, &m.AttributeChangedOps)
-			if err != nil {
-				return &m, err
-			}
-		case "Allocs":
-			if strings.Split(fields[2], "=")[0] == "n" {
-				err := setFSCacheFields(fields[2:], &m.AllocationRequestsSeen, &m.AllocationOkRequests,
-					&m.AllocationWaitingOnLookup, &m.AllocationsRejectedDueToEnobufs, &m.AllocationsAbortedDueToErestartsys)
-				if err != nil {
-					return &m, err
-				}
-			} else {
-				err := setFSCacheFields(fields[2:], &m.AllocationOperationsSubmitted, &m.AllocationsWaitedForCPU,
-					&m.AllocationsAbortedDueToObjectDeath)
-				if err != nil {
-					return &m, err
-				}
-			}
-		case "Retrvls:":
-			if strings.Split(fields[1], "=")[0] == "n" {
-				err := setFSCacheFields(fields[1:], &m.RetrievalsReadRequests, &m.RetrievalsOk, &m.RetrievalsWaitingLookupCompletion,
-					&m.RetrievalsReturnedEnodata, &m.RetrievalsRejectedDueToEnobufs, &m.RetrievalsAbortedDueToErestartsys,
-					&m.RetrievalsFailedDueToEnomem)
-				if err != nil {
-					return &m, err
-				}
-			} else {
-				err := setFSCacheFields(fields[1:], &m.RetrievalsRequests, &m.RetrievalsWaitingCPU, &m.RetrievalsAbortedDueToObjectDeath)
-				if err != nil {
-					return &m, err
-				}
-			}
-		case "Stores":
-			if strings.Split(fields[2], "=")[0] == "n" {
-				err := setFSCacheFields(fields[2:], &m.StoreWriteRequests, &m.StoreSuccessfulRequests,
-					&m.StoreRequestsOnPendingStorage, &m.StoreRequestsRejectedDueToEnobufs, &m.StoreRequestsFailedDueToEnomem)
-				if err != nil {
-					return &m, err
-				}
-			} else {
-				err := setFSCacheFields(fields[2:], &m.StoreRequestsSubmitted, &m.StoreRequestsRunning,
-					&m.StorePagesWithRequestsProcessing, &m.StoreRequestsDeleted, &m.StoreRequestsOverStoreLimit)
-				if err != nil {
-					return &m, err
-				}
-			}
-		case "VmScan":
-			err := setFSCacheFields(fields[2:], &m.ReleaseRequestsAgainstPagesWithNoPendingStorage,
-				&m.ReleaseRequestsAgainstPagesStoredByTimeLockGranted, &m.ReleaseRequestsIgnoredDueToInProgressStore,
-				&m.PageStoresCancelledByReleaseRequests, &m.VmscanWaiting)
-			if err != nil {
-				return &m, err
-			}
-		case "Ops":
-			if strings.Split(fields[2], "=")[0] == "pend" {
-				err := setFSCacheFields(fields[2:], &m.OpsPending, &m.OpsRunning, &m.OpsEnqueued, &m.OpsCancelled, &m.OpsRejected)
-				if err != nil {
-					return &m, err
-				}
-			} else {
-				err := setFSCacheFields(fields[2:], &m.OpsInitialised, &m.OpsDeferred, &m.OpsReleased, &m.OpsGarbageCollected)
-				if err != nil {
-					return &m, err
-				}
-			}
-		case "CacheOp:":
-			if strings.Split(fields[1], "=")[0] == "alo" {
-				err := setFSCacheFields(fields[1:], &m.CacheopAllocationsinProgress, &m.CacheopLookupObjectInProgress,
-					&m.CacheopLookupCompleteInPorgress, &m.CacheopGrabObjectInProgress)
-				if err != nil {
-					return &m, err
-				}
-			} else if strings.Split(fields[1], "=")[0] == "inv" {
-				err := setFSCacheFields(fields[1:], &m.CacheopInvalidations, &m.CacheopUpdateObjectInProgress,
-					&m.CacheopDropObjectInProgress, &m.CacheopPutObjectInProgress, &m.CacheopAttributeChangeInProgress,
-					&m.CacheopSyncCacheInProgress)
-				if err != nil {
-					return &m, err
-				}
-			} else {
-				err := setFSCacheFields(fields[1:], &m.CacheopReadOrAllocPageInProgress, &m.CacheopReadOrAllocPagesInProgress,
-					&m.CacheopAllocatePageInProgress, &m.CacheopAllocatePagesInProgress, &m.CacheopWritePagesInProgress,
-					&m.CacheopUncachePagesInProgress, &m.CacheopDissociatePagesInProgress)
-				if err != nil {
-					return &m, err
-				}
-			}
-		case "CacheEv:":
-			err := setFSCacheFields(fields[1:], &m.CacheevLookupsAndCreationsRejectedLackSpace, &m.CacheevStaleObjectsDeleted,
-				&m.CacheevRetiredWhenReliquished, &m.CacheevObjectsCulled)
-			if err != nil {
-				return &m, err
-			}
-		}
-	}
-
-	return &m, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/go.mod b/vendor/github.com/prometheus/procfs/go.mod
deleted file mode 100644
index ba6681f52..000000000
--- a/vendor/github.com/prometheus/procfs/go.mod
+++ /dev/null
@@ -1,9 +0,0 @@
-module github.com/prometheus/procfs
-
-go 1.13
-
-require (
-	github.com/google/go-cmp v0.5.4
-	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
-	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
-)
diff --git a/vendor/github.com/prometheus/procfs/go.sum b/vendor/github.com/prometheus/procfs/go.sum
deleted file mode 100644
index 7ceaf56b7..000000000
--- a/vendor/github.com/prometheus/procfs/go.sum
+++ /dev/null
@@ -1,8 +0,0 @@
-github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a h1:DcqTD9SDLc+1P/r1EmRBwnVsrOwW+kk2vWf9n+1sGhs=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/vendor/github.com/prometheus/procfs/internal/fs/fs.go b/vendor/github.com/prometheus/procfs/internal/fs/fs.go
deleted file mode 100644
index 0040753b1..000000000
--- a/vendor/github.com/prometheus/procfs/internal/fs/fs.go
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package fs
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-)
-
-const (
-	// DefaultProcMountPoint is the common mount point of the proc filesystem.
-	DefaultProcMountPoint = "/proc"
-
-	// DefaultSysMountPoint is the common mount point of the sys filesystem.
-	DefaultSysMountPoint = "/sys"
-
-	// DefaultConfigfsMountPoint is the common mount point of the configfs
-	DefaultConfigfsMountPoint = "/sys/kernel/config"
-)
-
-// FS represents a pseudo-filesystem, normally /proc or /sys, which provides an
-// interface to kernel data structures.
-type FS string
-
-// NewFS returns a new FS mounted under the given mountPoint. It will error
-// if the mount point can't be read.
-func NewFS(mountPoint string) (FS, error) {
-	info, err := os.Stat(mountPoint)
-	if err != nil {
-		return "", fmt.Errorf("could not read %q: %w", mountPoint, err)
-	}
-	if !info.IsDir() {
-		return "", fmt.Errorf("mount point %q is not a directory", mountPoint)
-	}
-
-	return FS(mountPoint), nil
-}
-
-// Path appends the given path elements to the filesystem path, adding separators
-// as necessary.
-func (fs FS) Path(p ...string) string {
-	return filepath.Join(append([]string{string(fs)}, p...)...)
-}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/parse.go b/vendor/github.com/prometheus/procfs/internal/util/parse.go
deleted file mode 100644
index 22cb07a6b..000000000
--- a/vendor/github.com/prometheus/procfs/internal/util/parse.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package util
-
-import (
-	"io/ioutil"
-	"strconv"
-	"strings"
-)
-
-// ParseUint32s parses a slice of strings into a slice of uint32s.
-func ParseUint32s(ss []string) ([]uint32, error) {
-	us := make([]uint32, 0, len(ss))
-	for _, s := range ss {
-		u, err := strconv.ParseUint(s, 10, 32)
-		if err != nil {
-			return nil, err
-		}
-
-		us = append(us, uint32(u))
-	}
-
-	return us, nil
-}
-
-// ParseUint64s parses a slice of strings into a slice of uint64s.
-func ParseUint64s(ss []string) ([]uint64, error) {
-	us := make([]uint64, 0, len(ss))
-	for _, s := range ss {
-		u, err := strconv.ParseUint(s, 10, 64)
-		if err != nil {
-			return nil, err
-		}
-
-		us = append(us, u)
-	}
-
-	return us, nil
-}
-
-// ParsePInt64s parses a slice of strings into a slice of int64 pointers.
-func ParsePInt64s(ss []string) ([]*int64, error) {
-	us := make([]*int64, 0, len(ss))
-	for _, s := range ss {
-		u, err := strconv.ParseInt(s, 10, 64)
-		if err != nil {
-			return nil, err
-		}
-
-		us = append(us, &u)
-	}
-
-	return us, nil
-}
-
-// ReadUintFromFile reads a file and attempts to parse a uint64 from it.
-func ReadUintFromFile(path string) (uint64, error) {
-	data, err := ioutil.ReadFile(path)
-	if err != nil {
-		return 0, err
-	}
-	return strconv.ParseUint(strings.TrimSpace(string(data)), 10, 64)
-}
-
-// ReadIntFromFile reads a file and attempts to parse a int64 from it.
-func ReadIntFromFile(path string) (int64, error) {
-	data, err := ioutil.ReadFile(path)
-	if err != nil {
-		return 0, err
-	}
-	return strconv.ParseInt(strings.TrimSpace(string(data)), 10, 64)
-}
-
-// ParseBool parses a string into a boolean pointer.
-func ParseBool(b string) *bool {
-	var truth bool
-	switch b {
-	case "enabled":
-		truth = true
-	case "disabled":
-		truth = false
-	default:
-		return nil
-	}
-	return &truth
-}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/readfile.go b/vendor/github.com/prometheus/procfs/internal/util/readfile.go
deleted file mode 100644
index 8051161b2..000000000
--- a/vendor/github.com/prometheus/procfs/internal/util/readfile.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package util
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-)
-
-// ReadFileNoStat uses ioutil.ReadAll to read contents of entire file.
-// This is similar to ioutil.ReadFile but without the call to os.Stat, because
-// many files in /proc and /sys report incorrect file sizes (either 0 or 4096).
-// Reads a max file size of 512kB.  For files larger than this, a scanner
-// should be used.
-func ReadFileNoStat(filename string) ([]byte, error) {
-	const maxBufferSize = 1024 * 512
-
-	f, err := os.Open(filename)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	reader := io.LimitReader(f, maxBufferSize)
-	return ioutil.ReadAll(reader)
-}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go b/vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go
deleted file mode 100644
index c07de0b6c..000000000
--- a/vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux,!appengine
-
-package util
-
-import (
-	"bytes"
-	"os"
-	"syscall"
-)
-
-// SysReadFile is a simplified ioutil.ReadFile that invokes syscall.Read directly.
-// https://github.com/prometheus/node_exporter/pull/728/files
-//
-// Note that this function will not read files larger than 128 bytes.
-func SysReadFile(file string) (string, error) {
-	f, err := os.Open(file)
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	// On some machines, hwmon drivers are broken and return EAGAIN.  This causes
-	// Go's ioutil.ReadFile implementation to poll forever.
-	//
-	// Since we either want to read data or bail immediately, do the simplest
-	// possible read using syscall directly.
-	const sysFileBufferSize = 128
-	b := make([]byte, sysFileBufferSize)
-	n, err := syscall.Read(int(f.Fd()), b)
-	if err != nil {
-		return "", err
-	}
-
-	return string(bytes.TrimSpace(b[:n])), nil
-}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/sysreadfile_compat.go b/vendor/github.com/prometheus/procfs/internal/util/sysreadfile_compat.go
deleted file mode 100644
index bd55b4537..000000000
--- a/vendor/github.com/prometheus/procfs/internal/util/sysreadfile_compat.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build linux,appengine !linux
-
-package util
-
-import (
-	"fmt"
-)
-
-// SysReadFile is here implemented as a noop for builds that do not support
-// the read syscall. For example Windows, or Linux on Google App Engine.
-func SysReadFile(file string) (string, error) {
-	return "", fmt.Errorf("not supported on this platform")
-}
diff --git a/vendor/github.com/prometheus/procfs/internal/util/valueparser.go b/vendor/github.com/prometheus/procfs/internal/util/valueparser.go
deleted file mode 100644
index fe2355d3c..000000000
--- a/vendor/github.com/prometheus/procfs/internal/util/valueparser.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package util
-
-import (
-	"strconv"
-)
-
-// TODO(mdlayher): util packages are an anti-pattern and this should be moved
-// somewhere else that is more focused in the future.
-
-// A ValueParser enables parsing a single string into a variety of data types
-// in a concise and safe way. The Err method must be invoked after invoking
-// any other methods to ensure a value was successfully parsed.
-type ValueParser struct {
-	v   string
-	err error
-}
-
-// NewValueParser creates a ValueParser using the input string.
-func NewValueParser(v string) *ValueParser {
-	return &ValueParser{v: v}
-}
-
-// Int interprets the underlying value as an int and returns that value.
-func (vp *ValueParser) Int() int { return int(vp.int64()) }
-
-// PInt64 interprets the underlying value as an int64 and returns a pointer to
-// that value.
-func (vp *ValueParser) PInt64() *int64 {
-	if vp.err != nil {
-		return nil
-	}
-
-	v := vp.int64()
-	return &v
-}
-
-// int64 interprets the underlying value as an int64 and returns that value.
-// TODO: export if/when necessary.
-func (vp *ValueParser) int64() int64 {
-	if vp.err != nil {
-		return 0
-	}
-
-	// A base value of zero makes ParseInt infer the correct base using the
-	// string's prefix, if any.
-	const base = 0
-	v, err := strconv.ParseInt(vp.v, base, 64)
-	if err != nil {
-		vp.err = err
-		return 0
-	}
-
-	return v
-}
-
-// PUInt64 interprets the underlying value as an uint64 and returns a pointer to
-// that value.
-func (vp *ValueParser) PUInt64() *uint64 {
-	if vp.err != nil {
-		return nil
-	}
-
-	// A base value of zero makes ParseInt infer the correct base using the
-	// string's prefix, if any.
-	const base = 0
-	v, err := strconv.ParseUint(vp.v, base, 64)
-	if err != nil {
-		vp.err = err
-		return nil
-	}
-
-	return &v
-}
-
-// Err returns the last error, if any, encountered by the ValueParser.
-func (vp *ValueParser) Err() error {
-	return vp.err
-}
diff --git a/vendor/github.com/prometheus/procfs/ipvs.go b/vendor/github.com/prometheus/procfs/ipvs.go
deleted file mode 100644
index 89e447746..000000000
--- a/vendor/github.com/prometheus/procfs/ipvs.go
+++ /dev/null
@@ -1,241 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"os"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// IPVSStats holds IPVS statistics, as exposed by the kernel in `/proc/net/ip_vs_stats`.
-type IPVSStats struct {
-	// Total count of connections.
-	Connections uint64
-	// Total incoming packages processed.
-	IncomingPackets uint64
-	// Total outgoing packages processed.
-	OutgoingPackets uint64
-	// Total incoming traffic.
-	IncomingBytes uint64
-	// Total outgoing traffic.
-	OutgoingBytes uint64
-}
-
-// IPVSBackendStatus holds current metrics of one virtual / real address pair.
-type IPVSBackendStatus struct {
-	// The local (virtual) IP address.
-	LocalAddress net.IP
-	// The remote (real) IP address.
-	RemoteAddress net.IP
-	// The local (virtual) port.
-	LocalPort uint16
-	// The remote (real) port.
-	RemotePort uint16
-	// The local firewall mark
-	LocalMark string
-	// The transport protocol (TCP, UDP).
-	Proto string
-	// The current number of active connections for this virtual/real address pair.
-	ActiveConn uint64
-	// The current number of inactive connections for this virtual/real address pair.
-	InactConn uint64
-	// The current weight of this virtual/real address pair.
-	Weight uint64
-}
-
-// IPVSStats reads the IPVS statistics from the specified `proc` filesystem.
-func (fs FS) IPVSStats() (IPVSStats, error) {
-	data, err := util.ReadFileNoStat(fs.proc.Path("net/ip_vs_stats"))
-	if err != nil {
-		return IPVSStats{}, err
-	}
-
-	return parseIPVSStats(bytes.NewReader(data))
-}
-
-// parseIPVSStats performs the actual parsing of `ip_vs_stats`.
-func parseIPVSStats(r io.Reader) (IPVSStats, error) {
-	var (
-		statContent []byte
-		statLines   []string
-		statFields  []string
-		stats       IPVSStats
-	)
-
-	statContent, err := ioutil.ReadAll(r)
-	if err != nil {
-		return IPVSStats{}, err
-	}
-
-	statLines = strings.SplitN(string(statContent), "\n", 4)
-	if len(statLines) != 4 {
-		return IPVSStats{}, errors.New("ip_vs_stats corrupt: too short")
-	}
-
-	statFields = strings.Fields(statLines[2])
-	if len(statFields) != 5 {
-		return IPVSStats{}, errors.New("ip_vs_stats corrupt: unexpected number of fields")
-	}
-
-	stats.Connections, err = strconv.ParseUint(statFields[0], 16, 64)
-	if err != nil {
-		return IPVSStats{}, err
-	}
-	stats.IncomingPackets, err = strconv.ParseUint(statFields[1], 16, 64)
-	if err != nil {
-		return IPVSStats{}, err
-	}
-	stats.OutgoingPackets, err = strconv.ParseUint(statFields[2], 16, 64)
-	if err != nil {
-		return IPVSStats{}, err
-	}
-	stats.IncomingBytes, err = strconv.ParseUint(statFields[3], 16, 64)
-	if err != nil {
-		return IPVSStats{}, err
-	}
-	stats.OutgoingBytes, err = strconv.ParseUint(statFields[4], 16, 64)
-	if err != nil {
-		return IPVSStats{}, err
-	}
-
-	return stats, nil
-}
-
-// IPVSBackendStatus reads and returns the status of all (virtual,real) server pairs from the specified `proc` filesystem.
-func (fs FS) IPVSBackendStatus() ([]IPVSBackendStatus, error) {
-	file, err := os.Open(fs.proc.Path("net/ip_vs"))
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	return parseIPVSBackendStatus(file)
-}
-
-func parseIPVSBackendStatus(file io.Reader) ([]IPVSBackendStatus, error) {
-	var (
-		status       []IPVSBackendStatus
-		scanner      = bufio.NewScanner(file)
-		proto        string
-		localMark    string
-		localAddress net.IP
-		localPort    uint16
-		err          error
-	)
-
-	for scanner.Scan() {
-		fields := strings.Fields(scanner.Text())
-		if len(fields) == 0 {
-			continue
-		}
-		switch {
-		case fields[0] == "IP" || fields[0] == "Prot" || fields[1] == "RemoteAddress:Port":
-			continue
-		case fields[0] == "TCP" || fields[0] == "UDP":
-			if len(fields) < 2 {
-				continue
-			}
-			proto = fields[0]
-			localMark = ""
-			localAddress, localPort, err = parseIPPort(fields[1])
-			if err != nil {
-				return nil, err
-			}
-		case fields[0] == "FWM":
-			if len(fields) < 2 {
-				continue
-			}
-			proto = fields[0]
-			localMark = fields[1]
-			localAddress = nil
-			localPort = 0
-		case fields[0] == "->":
-			if len(fields) < 6 {
-				continue
-			}
-			remoteAddress, remotePort, err := parseIPPort(fields[1])
-			if err != nil {
-				return nil, err
-			}
-			weight, err := strconv.ParseUint(fields[3], 10, 64)
-			if err != nil {
-				return nil, err
-			}
-			activeConn, err := strconv.ParseUint(fields[4], 10, 64)
-			if err != nil {
-				return nil, err
-			}
-			inactConn, err := strconv.ParseUint(fields[5], 10, 64)
-			if err != nil {
-				return nil, err
-			}
-			status = append(status, IPVSBackendStatus{
-				LocalAddress:  localAddress,
-				LocalPort:     localPort,
-				LocalMark:     localMark,
-				RemoteAddress: remoteAddress,
-				RemotePort:    remotePort,
-				Proto:         proto,
-				Weight:        weight,
-				ActiveConn:    activeConn,
-				InactConn:     inactConn,
-			})
-		}
-	}
-	return status, nil
-}
-
-func parseIPPort(s string) (net.IP, uint16, error) {
-	var (
-		ip  net.IP
-		err error
-	)
-
-	switch len(s) {
-	case 13:
-		ip, err = hex.DecodeString(s[0:8])
-		if err != nil {
-			return nil, 0, err
-		}
-	case 46:
-		ip = net.ParseIP(s[1:40])
-		if ip == nil {
-			return nil, 0, fmt.Errorf("invalid IPv6 address: %s", s[1:40])
-		}
-	default:
-		return nil, 0, fmt.Errorf("unexpected IP:Port: %s", s)
-	}
-
-	portString := s[len(s)-4:]
-	if len(portString) != 4 {
-		return nil, 0, fmt.Errorf("unexpected port string format: %s", portString)
-	}
-	port, err := strconv.ParseUint(portString, 16, 16)
-	if err != nil {
-		return nil, 0, err
-	}
-
-	return ip, uint16(port), nil
-}
diff --git a/vendor/github.com/prometheus/procfs/kernel_random.go b/vendor/github.com/prometheus/procfs/kernel_random.go
deleted file mode 100644
index da3a941d6..000000000
--- a/vendor/github.com/prometheus/procfs/kernel_random.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build !windows
-
-package procfs
-
-import (
-	"os"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// KernelRandom contains information about to the kernel's random number generator.
-type KernelRandom struct {
-	// EntropyAvaliable gives the available entropy, in bits.
-	EntropyAvaliable *uint64
-	// PoolSize gives the size of the entropy pool, in bits.
-	PoolSize *uint64
-	// URandomMinReseedSeconds is the number of seconds after which the DRNG will be reseeded.
-	URandomMinReseedSeconds *uint64
-	// WriteWakeupThreshold the number of bits of entropy below which we wake up processes
-	// that do a select(2) or poll(2) for write access to /dev/random.
-	WriteWakeupThreshold *uint64
-	// ReadWakeupThreshold is the number of bits of entropy required for waking up processes that sleep
-	// waiting for entropy from /dev/random.
-	ReadWakeupThreshold *uint64
-}
-
-// KernelRandom returns values from /proc/sys/kernel/random.
-func (fs FS) KernelRandom() (KernelRandom, error) {
-	random := KernelRandom{}
-
-	for file, p := range map[string]**uint64{
-		"entropy_avail":           &random.EntropyAvaliable,
-		"poolsize":                &random.PoolSize,
-		"urandom_min_reseed_secs": &random.URandomMinReseedSeconds,
-		"write_wakeup_threshold":  &random.WriteWakeupThreshold,
-		"read_wakeup_threshold":   &random.ReadWakeupThreshold,
-	} {
-		val, err := util.ReadUintFromFile(fs.proc.Path("sys", "kernel", "random", file))
-		if os.IsNotExist(err) {
-			continue
-		}
-		if err != nil {
-			return random, err
-		}
-		*p = &val
-	}
-
-	return random, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/loadavg.go b/vendor/github.com/prometheus/procfs/loadavg.go
deleted file mode 100644
index 0cce190ec..000000000
--- a/vendor/github.com/prometheus/procfs/loadavg.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// LoadAvg represents an entry in /proc/loadavg
-type LoadAvg struct {
-	Load1  float64
-	Load5  float64
-	Load15 float64
-}
-
-// LoadAvg returns loadavg from /proc.
-func (fs FS) LoadAvg() (*LoadAvg, error) {
-	path := fs.proc.Path("loadavg")
-
-	data, err := util.ReadFileNoStat(path)
-	if err != nil {
-		return nil, err
-	}
-	return parseLoad(data)
-}
-
-// Parse /proc loadavg and return 1m, 5m and 15m.
-func parseLoad(loadavgBytes []byte) (*LoadAvg, error) {
-	loads := make([]float64, 3)
-	parts := strings.Fields(string(loadavgBytes))
-	if len(parts) < 3 {
-		return nil, fmt.Errorf("malformed loadavg line: too few fields in loadavg string: %q", string(loadavgBytes))
-	}
-
-	var err error
-	for i, load := range parts[0:3] {
-		loads[i], err = strconv.ParseFloat(load, 64)
-		if err != nil {
-			return nil, fmt.Errorf("could not parse load %q: %w", load, err)
-		}
-	}
-	return &LoadAvg{
-		Load1:  loads[0],
-		Load5:  loads[1],
-		Load15: loads[2],
-	}, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/mdstat.go b/vendor/github.com/prometheus/procfs/mdstat.go
deleted file mode 100644
index f0b9e5f75..000000000
--- a/vendor/github.com/prometheus/procfs/mdstat.go
+++ /dev/null
@@ -1,262 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"fmt"
-	"io/ioutil"
-	"regexp"
-	"strconv"
-	"strings"
-)
-
-var (
-	statusLineRE         = regexp.MustCompile(`(\d+) blocks .*\[(\d+)/(\d+)\] \[([U_]+)\]`)
-	recoveryLineBlocksRE = regexp.MustCompile(`\((\d+)/\d+\)`)
-	recoveryLinePctRE    = regexp.MustCompile(`= (.+)%`)
-	recoveryLineFinishRE = regexp.MustCompile(`finish=(.+)min`)
-	recoveryLineSpeedRE  = regexp.MustCompile(`speed=(.+)[A-Z]`)
-	componentDeviceRE    = regexp.MustCompile(`(.*)\[\d+\]`)
-)
-
-// MDStat holds info parsed from /proc/mdstat.
-type MDStat struct {
-	// Name of the device.
-	Name string
-	// activity-state of the device.
-	ActivityState string
-	// Number of active disks.
-	DisksActive int64
-	// Total number of disks the device requires.
-	DisksTotal int64
-	// Number of failed disks.
-	DisksFailed int64
-	// Number of "down" disks. (the _ indicator in the status line)
-	DisksDown int64
-	// Spare disks in the device.
-	DisksSpare int64
-	// Number of blocks the device holds.
-	BlocksTotal int64
-	// Number of blocks on the device that are in sync.
-	BlocksSynced int64
-	// progress percentage of current sync
-	BlocksSyncedPct float64
-	// estimated finishing time for current sync (in minutes)
-	BlocksSyncedFinishTime float64
-	// current sync speed (in Kilobytes/sec)
-	BlocksSyncedSpeed float64
-	// Name of md component devices
-	Devices []string
-}
-
-// MDStat parses an mdstat-file (/proc/mdstat) and returns a slice of
-// structs containing the relevant info.  More information available here:
-// https://raid.wiki.kernel.org/index.php/Mdstat
-func (fs FS) MDStat() ([]MDStat, error) {
-	data, err := ioutil.ReadFile(fs.proc.Path("mdstat"))
-	if err != nil {
-		return nil, err
-	}
-	mdstat, err := parseMDStat(data)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing mdstat %q: %w", fs.proc.Path("mdstat"), err)
-	}
-	return mdstat, nil
-}
-
-// parseMDStat parses data from mdstat file (/proc/mdstat) and returns a slice of
-// structs containing the relevant info.
-func parseMDStat(mdStatData []byte) ([]MDStat, error) {
-	mdStats := []MDStat{}
-	lines := strings.Split(string(mdStatData), "\n")
-
-	for i, line := range lines {
-		if strings.TrimSpace(line) == "" || line[0] == ' ' ||
-			strings.HasPrefix(line, "Personalities") ||
-			strings.HasPrefix(line, "unused") {
-			continue
-		}
-
-		deviceFields := strings.Fields(line)
-		if len(deviceFields) < 3 {
-			return nil, fmt.Errorf("not enough fields in mdline (expected at least 3): %s", line)
-		}
-		mdName := deviceFields[0] // mdx
-		state := deviceFields[2]  // active or inactive
-
-		if len(lines) <= i+3 {
-			return nil, fmt.Errorf("error parsing %q: too few lines for md device", mdName)
-		}
-
-		// Failed disks have the suffix (F) & Spare disks have the suffix (S).
-		fail := int64(strings.Count(line, "(F)"))
-		spare := int64(strings.Count(line, "(S)"))
-		active, total, down, size, err := evalStatusLine(lines[i], lines[i+1])
-
-		if err != nil {
-			return nil, fmt.Errorf("error parsing md device lines: %w", err)
-		}
-
-		syncLineIdx := i + 2
-		if strings.Contains(lines[i+2], "bitmap") { // skip bitmap line
-			syncLineIdx++
-		}
-
-		// If device is syncing at the moment, get the number of currently
-		// synced bytes, otherwise that number equals the size of the device.
-		syncedBlocks := size
-		speed := float64(0)
-		finish := float64(0)
-		pct := float64(0)
-		recovering := strings.Contains(lines[syncLineIdx], "recovery")
-		resyncing := strings.Contains(lines[syncLineIdx], "resync")
-		checking := strings.Contains(lines[syncLineIdx], "check")
-
-		// Append recovery and resyncing state info.
-		if recovering || resyncing || checking {
-			if recovering {
-				state = "recovering"
-			} else if checking {
-				state = "checking"
-			} else {
-				state = "resyncing"
-			}
-
-			// Handle case when resync=PENDING or resync=DELAYED.
-			if strings.Contains(lines[syncLineIdx], "PENDING") ||
-				strings.Contains(lines[syncLineIdx], "DELAYED") {
-				syncedBlocks = 0
-			} else {
-				syncedBlocks, pct, finish, speed, err = evalRecoveryLine(lines[syncLineIdx])
-				if err != nil {
-					return nil, fmt.Errorf("error parsing sync line in md device %q: %w", mdName, err)
-				}
-			}
-		}
-
-		mdStats = append(mdStats, MDStat{
-			Name:                   mdName,
-			ActivityState:          state,
-			DisksActive:            active,
-			DisksFailed:            fail,
-			DisksDown:              down,
-			DisksSpare:             spare,
-			DisksTotal:             total,
-			BlocksTotal:            size,
-			BlocksSynced:           syncedBlocks,
-			BlocksSyncedPct:        pct,
-			BlocksSyncedFinishTime: finish,
-			BlocksSyncedSpeed:      speed,
-			Devices:                evalComponentDevices(deviceFields),
-		})
-	}
-
-	return mdStats, nil
-}
-
-func evalStatusLine(deviceLine, statusLine string) (active, total, down, size int64, err error) {
-
-	sizeStr := strings.Fields(statusLine)[0]
-	size, err = strconv.ParseInt(sizeStr, 10, 64)
-	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
-	}
-
-	if strings.Contains(deviceLine, "raid0") || strings.Contains(deviceLine, "linear") {
-		// In the device deviceLine, only disks have a number associated with them in [].
-		total = int64(strings.Count(deviceLine, "["))
-		return total, total, 0, size, nil
-	}
-
-	if strings.Contains(deviceLine, "inactive") {
-		return 0, 0, 0, size, nil
-	}
-
-	matches := statusLineRE.FindStringSubmatch(statusLine)
-	if len(matches) != 5 {
-		return 0, 0, 0, 0, fmt.Errorf("couldn't find all the substring matches: %s", statusLine)
-	}
-
-	total, err = strconv.ParseInt(matches[2], 10, 64)
-	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
-	}
-
-	active, err = strconv.ParseInt(matches[3], 10, 64)
-	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
-	}
-	down = int64(strings.Count(matches[4], "_"))
-
-	return active, total, down, size, nil
-}
-
-func evalRecoveryLine(recoveryLine string) (syncedBlocks int64, pct float64, finish float64, speed float64, err error) {
-	matches := recoveryLineBlocksRE.FindStringSubmatch(recoveryLine)
-	if len(matches) != 2 {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected recoveryLine: %s", recoveryLine)
-	}
-
-	syncedBlocks, err = strconv.ParseInt(matches[1], 10, 64)
-	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("error parsing int from recoveryLine %q: %w", recoveryLine, err)
-	}
-
-	// Get percentage complete
-	matches = recoveryLinePctRE.FindStringSubmatch(recoveryLine)
-	if len(matches) != 2 {
-		return syncedBlocks, 0, 0, 0, fmt.Errorf("unexpected recoveryLine matching percentage: %s", recoveryLine)
-	}
-	pct, err = strconv.ParseFloat(strings.TrimSpace(matches[1]), 64)
-	if err != nil {
-		return syncedBlocks, 0, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
-	}
-
-	// Get time expected left to complete
-	matches = recoveryLineFinishRE.FindStringSubmatch(recoveryLine)
-	if len(matches) != 2 {
-		return syncedBlocks, pct, 0, 0, fmt.Errorf("unexpected recoveryLine matching est. finish time: %s", recoveryLine)
-	}
-	finish, err = strconv.ParseFloat(matches[1], 64)
-	if err != nil {
-		return syncedBlocks, pct, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
-	}
-
-	// Get recovery speed
-	matches = recoveryLineSpeedRE.FindStringSubmatch(recoveryLine)
-	if len(matches) != 2 {
-		return syncedBlocks, pct, finish, 0, fmt.Errorf("unexpected recoveryLine matching speed: %s", recoveryLine)
-	}
-	speed, err = strconv.ParseFloat(matches[1], 64)
-	if err != nil {
-		return syncedBlocks, pct, finish, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
-	}
-
-	return syncedBlocks, pct, finish, speed, nil
-}
-
-func evalComponentDevices(deviceFields []string) []string {
-	mdComponentDevices := make([]string, 0)
-	if len(deviceFields) > 3 {
-		for _, field := range deviceFields[4:] {
-			match := componentDeviceRE.FindStringSubmatch(field)
-			if match == nil {
-				continue
-			}
-			mdComponentDevices = append(mdComponentDevices, match[1])
-		}
-	}
-
-	return mdComponentDevices
-}
diff --git a/vendor/github.com/prometheus/procfs/meminfo.go b/vendor/github.com/prometheus/procfs/meminfo.go
deleted file mode 100644
index f65e174e5..000000000
--- a/vendor/github.com/prometheus/procfs/meminfo.go
+++ /dev/null
@@ -1,277 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Meminfo represents memory statistics.
-type Meminfo struct {
-	// Total usable ram (i.e. physical ram minus a few reserved
-	// bits and the kernel binary code)
-	MemTotal *uint64
-	// The sum of LowFree+HighFree
-	MemFree *uint64
-	// An estimate of how much memory is available for starting
-	// new applications, without swapping. Calculated from
-	// MemFree, SReclaimable, the size of the file LRU lists, and
-	// the low watermarks in each zone.  The estimate takes into
-	// account that the system needs some page cache to function
-	// well, and that not all reclaimable slab will be
-	// reclaimable, due to items being in use. The impact of those
-	// factors will vary from system to system.
-	MemAvailable *uint64
-	// Relatively temporary storage for raw disk blocks shouldn't
-	// get tremendously large (20MB or so)
-	Buffers *uint64
-	Cached  *uint64
-	// Memory that once was swapped out, is swapped back in but
-	// still also is in the swapfile (if memory is needed it
-	// doesn't need to be swapped out AGAIN because it is already
-	// in the swapfile. This saves I/O)
-	SwapCached *uint64
-	// Memory that has been used more recently and usually not
-	// reclaimed unless absolutely necessary.
-	Active *uint64
-	// Memory which has been less recently used.  It is more
-	// eligible to be reclaimed for other purposes
-	Inactive     *uint64
-	ActiveAnon   *uint64
-	InactiveAnon *uint64
-	ActiveFile   *uint64
-	InactiveFile *uint64
-	Unevictable  *uint64
-	Mlocked      *uint64
-	// total amount of swap space available
-	SwapTotal *uint64
-	// Memory which has been evicted from RAM, and is temporarily
-	// on the disk
-	SwapFree *uint64
-	// Memory which is waiting to get written back to the disk
-	Dirty *uint64
-	// Memory which is actively being written back to the disk
-	Writeback *uint64
-	// Non-file backed pages mapped into userspace page tables
-	AnonPages *uint64
-	// files which have been mapped, such as libraries
-	Mapped *uint64
-	Shmem  *uint64
-	// in-kernel data structures cache
-	Slab *uint64
-	// Part of Slab, that might be reclaimed, such as caches
-	SReclaimable *uint64
-	// Part of Slab, that cannot be reclaimed on memory pressure
-	SUnreclaim  *uint64
-	KernelStack *uint64
-	// amount of memory dedicated to the lowest level of page
-	// tables.
-	PageTables *uint64
-	// NFS pages sent to the server, but not yet committed to
-	// stable storage
-	NFSUnstable *uint64
-	// Memory used for block device "bounce buffers"
-	Bounce *uint64
-	// Memory used by FUSE for temporary writeback buffers
-	WritebackTmp *uint64
-	// Based on the overcommit ratio ('vm.overcommit_ratio'),
-	// this is the total amount of  memory currently available to
-	// be allocated on the system. This limit is only adhered to
-	// if strict overcommit accounting is enabled (mode 2 in
-	// 'vm.overcommit_memory').
-	// The CommitLimit is calculated with the following formula:
-	// CommitLimit = ([total RAM pages] - [total huge TLB pages]) *
-	//                overcommit_ratio / 100 + [total swap pages]
-	// For example, on a system with 1G of physical RAM and 7G
-	// of swap with a `vm.overcommit_ratio` of 30 it would
-	// yield a CommitLimit of 7.3G.
-	// For more details, see the memory overcommit documentation
-	// in vm/overcommit-accounting.
-	CommitLimit *uint64
-	// The amount of memory presently allocated on the system.
-	// The committed memory is a sum of all of the memory which
-	// has been allocated by processes, even if it has not been
-	// "used" by them as of yet. A process which malloc()'s 1G
-	// of memory, but only touches 300M of it will show up as
-	// using 1G. This 1G is memory which has been "committed" to
-	// by the VM and can be used at any time by the allocating
-	// application. With strict overcommit enabled on the system
-	// (mode 2 in 'vm.overcommit_memory'),allocations which would
-	// exceed the CommitLimit (detailed above) will not be permitted.
-	// This is useful if one needs to guarantee that processes will
-	// not fail due to lack of memory once that memory has been
-	// successfully allocated.
-	CommittedAS *uint64
-	// total size of vmalloc memory area
-	VmallocTotal *uint64
-	// amount of vmalloc area which is used
-	VmallocUsed *uint64
-	// largest contiguous block of vmalloc area which is free
-	VmallocChunk      *uint64
-	HardwareCorrupted *uint64
-	AnonHugePages     *uint64
-	ShmemHugePages    *uint64
-	ShmemPmdMapped    *uint64
-	CmaTotal          *uint64
-	CmaFree           *uint64
-	HugePagesTotal    *uint64
-	HugePagesFree     *uint64
-	HugePagesRsvd     *uint64
-	HugePagesSurp     *uint64
-	Hugepagesize      *uint64
-	DirectMap4k       *uint64
-	DirectMap2M       *uint64
-	DirectMap1G       *uint64
-}
-
-// Meminfo returns an information about current kernel/system memory statistics.
-// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
-func (fs FS) Meminfo() (Meminfo, error) {
-	b, err := util.ReadFileNoStat(fs.proc.Path("meminfo"))
-	if err != nil {
-		return Meminfo{}, err
-	}
-
-	m, err := parseMemInfo(bytes.NewReader(b))
-	if err != nil {
-		return Meminfo{}, fmt.Errorf("failed to parse meminfo: %w", err)
-	}
-
-	return *m, nil
-}
-
-func parseMemInfo(r io.Reader) (*Meminfo, error) {
-	var m Meminfo
-	s := bufio.NewScanner(r)
-	for s.Scan() {
-		// Each line has at least a name and value; we ignore the unit.
-		fields := strings.Fields(s.Text())
-		if len(fields) < 2 {
-			return nil, fmt.Errorf("malformed meminfo line: %q", s.Text())
-		}
-
-		v, err := strconv.ParseUint(fields[1], 0, 64)
-		if err != nil {
-			return nil, err
-		}
-
-		switch fields[0] {
-		case "MemTotal:":
-			m.MemTotal = &v
-		case "MemFree:":
-			m.MemFree = &v
-		case "MemAvailable:":
-			m.MemAvailable = &v
-		case "Buffers:":
-			m.Buffers = &v
-		case "Cached:":
-			m.Cached = &v
-		case "SwapCached:":
-			m.SwapCached = &v
-		case "Active:":
-			m.Active = &v
-		case "Inactive:":
-			m.Inactive = &v
-		case "Active(anon):":
-			m.ActiveAnon = &v
-		case "Inactive(anon):":
-			m.InactiveAnon = &v
-		case "Active(file):":
-			m.ActiveFile = &v
-		case "Inactive(file):":
-			m.InactiveFile = &v
-		case "Unevictable:":
-			m.Unevictable = &v
-		case "Mlocked:":
-			m.Mlocked = &v
-		case "SwapTotal:":
-			m.SwapTotal = &v
-		case "SwapFree:":
-			m.SwapFree = &v
-		case "Dirty:":
-			m.Dirty = &v
-		case "Writeback:":
-			m.Writeback = &v
-		case "AnonPages:":
-			m.AnonPages = &v
-		case "Mapped:":
-			m.Mapped = &v
-		case "Shmem:":
-			m.Shmem = &v
-		case "Slab:":
-			m.Slab = &v
-		case "SReclaimable:":
-			m.SReclaimable = &v
-		case "SUnreclaim:":
-			m.SUnreclaim = &v
-		case "KernelStack:":
-			m.KernelStack = &v
-		case "PageTables:":
-			m.PageTables = &v
-		case "NFS_Unstable:":
-			m.NFSUnstable = &v
-		case "Bounce:":
-			m.Bounce = &v
-		case "WritebackTmp:":
-			m.WritebackTmp = &v
-		case "CommitLimit:":
-			m.CommitLimit = &v
-		case "Committed_AS:":
-			m.CommittedAS = &v
-		case "VmallocTotal:":
-			m.VmallocTotal = &v
-		case "VmallocUsed:":
-			m.VmallocUsed = &v
-		case "VmallocChunk:":
-			m.VmallocChunk = &v
-		case "HardwareCorrupted:":
-			m.HardwareCorrupted = &v
-		case "AnonHugePages:":
-			m.AnonHugePages = &v
-		case "ShmemHugePages:":
-			m.ShmemHugePages = &v
-		case "ShmemPmdMapped:":
-			m.ShmemPmdMapped = &v
-		case "CmaTotal:":
-			m.CmaTotal = &v
-		case "CmaFree:":
-			m.CmaFree = &v
-		case "HugePages_Total:":
-			m.HugePagesTotal = &v
-		case "HugePages_Free:":
-			m.HugePagesFree = &v
-		case "HugePages_Rsvd:":
-			m.HugePagesRsvd = &v
-		case "HugePages_Surp:":
-			m.HugePagesSurp = &v
-		case "Hugepagesize:":
-			m.Hugepagesize = &v
-		case "DirectMap4k:":
-			m.DirectMap4k = &v
-		case "DirectMap2M:":
-			m.DirectMap2M = &v
-		case "DirectMap1G:":
-			m.DirectMap1G = &v
-		}
-	}
-
-	return &m, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/mountinfo.go b/vendor/github.com/prometheus/procfs/mountinfo.go
deleted file mode 100644
index 59f4d5055..000000000
--- a/vendor/github.com/prometheus/procfs/mountinfo.go
+++ /dev/null
@@ -1,180 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// A MountInfo is a type that describes the details, options
-// for each mount, parsed from /proc/self/mountinfo.
-// The fields described in each entry of /proc/self/mountinfo
-// is described in the following man page.
-// http://man7.org/linux/man-pages/man5/proc.5.html
-type MountInfo struct {
-	// Unique ID for the mount
-	MountID int
-	// The ID of the parent mount
-	ParentID int
-	// The value of `st_dev` for the files on this FS
-	MajorMinorVer string
-	// The pathname of the directory in the FS that forms
-	// the root for this mount
-	Root string
-	// The pathname of the mount point relative to the root
-	MountPoint string
-	// Mount options
-	Options map[string]string
-	// Zero or more optional fields
-	OptionalFields map[string]string
-	// The Filesystem type
-	FSType string
-	// FS specific information or "none"
-	Source string
-	// Superblock options
-	SuperOptions map[string]string
-}
-
-// Reads each line of the mountinfo file, and returns a list of formatted MountInfo structs.
-func parseMountInfo(info []byte) ([]*MountInfo, error) {
-	mounts := []*MountInfo{}
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-	for scanner.Scan() {
-		mountString := scanner.Text()
-		parsedMounts, err := parseMountInfoString(mountString)
-		if err != nil {
-			return nil, err
-		}
-		mounts = append(mounts, parsedMounts)
-	}
-
-	err := scanner.Err()
-	return mounts, err
-}
-
-// Parses a mountinfo file line, and converts it to a MountInfo struct.
-// An important check here is to see if the hyphen separator, as if it does not exist,
-// it means that the line is malformed.
-func parseMountInfoString(mountString string) (*MountInfo, error) {
-	var err error
-
-	mountInfo := strings.Split(mountString, " ")
-	mountInfoLength := len(mountInfo)
-	if mountInfoLength < 10 {
-		return nil, fmt.Errorf("couldn't find enough fields in mount string: %s", mountString)
-	}
-
-	if mountInfo[mountInfoLength-4] != "-" {
-		return nil, fmt.Errorf("couldn't find separator in expected field: %s", mountInfo[mountInfoLength-4])
-	}
-
-	mount := &MountInfo{
-		MajorMinorVer:  mountInfo[2],
-		Root:           mountInfo[3],
-		MountPoint:     mountInfo[4],
-		Options:        mountOptionsParser(mountInfo[5]),
-		OptionalFields: nil,
-		FSType:         mountInfo[mountInfoLength-3],
-		Source:         mountInfo[mountInfoLength-2],
-		SuperOptions:   mountOptionsParser(mountInfo[mountInfoLength-1]),
-	}
-
-	mount.MountID, err = strconv.Atoi(mountInfo[0])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse mount ID")
-	}
-	mount.ParentID, err = strconv.Atoi(mountInfo[1])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse parent ID")
-	}
-	// Has optional fields, which is a space separated list of values.
-	// Example: shared:2 master:7
-	if mountInfo[6] != "" {
-		mount.OptionalFields, err = mountOptionsParseOptionalFields(mountInfo[6 : mountInfoLength-4])
-		if err != nil {
-			return nil, err
-		}
-	}
-	return mount, nil
-}
-
-// mountOptionsIsValidField checks a string against a valid list of optional fields keys.
-func mountOptionsIsValidField(s string) bool {
-	switch s {
-	case
-		"shared",
-		"master",
-		"propagate_from",
-		"unbindable":
-		return true
-	}
-	return false
-}
-
-// mountOptionsParseOptionalFields parses a list of optional fields strings into a double map of strings.
-func mountOptionsParseOptionalFields(o []string) (map[string]string, error) {
-	optionalFields := make(map[string]string)
-	for _, field := range o {
-		optionSplit := strings.SplitN(field, ":", 2)
-		value := ""
-		if len(optionSplit) == 2 {
-			value = optionSplit[1]
-		}
-		if mountOptionsIsValidField(optionSplit[0]) {
-			optionalFields[optionSplit[0]] = value
-		}
-	}
-	return optionalFields, nil
-}
-
-// mountOptionsParser parses the mount options, superblock options.
-func mountOptionsParser(mountOptions string) map[string]string {
-	opts := make(map[string]string)
-	options := strings.Split(mountOptions, ",")
-	for _, opt := range options {
-		splitOption := strings.Split(opt, "=")
-		if len(splitOption) < 2 {
-			key := splitOption[0]
-			opts[key] = ""
-		} else {
-			key, value := splitOption[0], splitOption[1]
-			opts[key] = value
-		}
-	}
-	return opts
-}
-
-// GetMounts retrieves mountinfo information from `/proc/self/mountinfo`.
-func GetMounts() ([]*MountInfo, error) {
-	data, err := util.ReadFileNoStat("/proc/self/mountinfo")
-	if err != nil {
-		return nil, err
-	}
-	return parseMountInfo(data)
-}
-
-// GetProcMounts retrieves mountinfo information from a processes' `/proc/<pid>/mountinfo`.
-func GetProcMounts(pid int) ([]*MountInfo, error) {
-	data, err := util.ReadFileNoStat(fmt.Sprintf("/proc/%d/mountinfo", pid))
-	if err != nil {
-		return nil, err
-	}
-	return parseMountInfo(data)
-}
diff --git a/vendor/github.com/prometheus/procfs/mountstats.go b/vendor/github.com/prometheus/procfs/mountstats.go
deleted file mode 100644
index f7a828bb1..000000000
--- a/vendor/github.com/prometheus/procfs/mountstats.go
+++ /dev/null
@@ -1,638 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-// While implementing parsing of /proc/[pid]/mountstats, this blog was used
-// heavily as a reference:
-//   https://utcc.utoronto.ca/~cks/space/blog/linux/NFSMountstatsIndex
-//
-// Special thanks to Chris Siebenmann for all of his posts explaining the
-// various statistics available for NFS.
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// Constants shared between multiple functions.
-const (
-	deviceEntryLen = 8
-
-	fieldBytesLen  = 8
-	fieldEventsLen = 27
-
-	statVersion10 = "1.0"
-	statVersion11 = "1.1"
-
-	fieldTransport10TCPLen = 10
-	fieldTransport10UDPLen = 7
-
-	fieldTransport11TCPLen = 13
-	fieldTransport11UDPLen = 10
-)
-
-// A Mount is a device mount parsed from /proc/[pid]/mountstats.
-type Mount struct {
-	// Name of the device.
-	Device string
-	// The mount point of the device.
-	Mount string
-	// The filesystem type used by the device.
-	Type string
-	// If available additional statistics related to this Mount.
-	// Use a type assertion to determine if additional statistics are available.
-	Stats MountStats
-}
-
-// A MountStats is a type which contains detailed statistics for a specific
-// type of Mount.
-type MountStats interface {
-	mountStats()
-}
-
-// A MountStatsNFS is a MountStats implementation for NFSv3 and v4 mounts.
-type MountStatsNFS struct {
-	// The version of statistics provided.
-	StatVersion string
-	// The mount options of the NFS mount.
-	Opts map[string]string
-	// The age of the NFS mount.
-	Age time.Duration
-	// Statistics related to byte counters for various operations.
-	Bytes NFSBytesStats
-	// Statistics related to various NFS event occurrences.
-	Events NFSEventsStats
-	// Statistics broken down by filesystem operation.
-	Operations []NFSOperationStats
-	// Statistics about the NFS RPC transport.
-	Transport NFSTransportStats
-}
-
-// mountStats implements MountStats.
-func (m MountStatsNFS) mountStats() {}
-
-// A NFSBytesStats contains statistics about the number of bytes read and written
-// by an NFS client to and from an NFS server.
-type NFSBytesStats struct {
-	// Number of bytes read using the read() syscall.
-	Read uint64
-	// Number of bytes written using the write() syscall.
-	Write uint64
-	// Number of bytes read using the read() syscall in O_DIRECT mode.
-	DirectRead uint64
-	// Number of bytes written using the write() syscall in O_DIRECT mode.
-	DirectWrite uint64
-	// Number of bytes read from the NFS server, in total.
-	ReadTotal uint64
-	// Number of bytes written to the NFS server, in total.
-	WriteTotal uint64
-	// Number of pages read directly via mmap()'d files.
-	ReadPages uint64
-	// Number of pages written directly via mmap()'d files.
-	WritePages uint64
-}
-
-// A NFSEventsStats contains statistics about NFS event occurrences.
-type NFSEventsStats struct {
-	// Number of times cached inode attributes are re-validated from the server.
-	InodeRevalidate uint64
-	// Number of times cached dentry nodes are re-validated from the server.
-	DnodeRevalidate uint64
-	// Number of times an inode cache is cleared.
-	DataInvalidate uint64
-	// Number of times cached inode attributes are invalidated.
-	AttributeInvalidate uint64
-	// Number of times files or directories have been open()'d.
-	VFSOpen uint64
-	// Number of times a directory lookup has occurred.
-	VFSLookup uint64
-	// Number of times permissions have been checked.
-	VFSAccess uint64
-	// Number of updates (and potential writes) to pages.
-	VFSUpdatePage uint64
-	// Number of pages read directly via mmap()'d files.
-	VFSReadPage uint64
-	// Number of times a group of pages have been read.
-	VFSReadPages uint64
-	// Number of pages written directly via mmap()'d files.
-	VFSWritePage uint64
-	// Number of times a group of pages have been written.
-	VFSWritePages uint64
-	// Number of times directory entries have been read with getdents().
-	VFSGetdents uint64
-	// Number of times attributes have been set on inodes.
-	VFSSetattr uint64
-	// Number of pending writes that have been forcefully flushed to the server.
-	VFSFlush uint64
-	// Number of times fsync() has been called on directories and files.
-	VFSFsync uint64
-	// Number of times locking has been attempted on a file.
-	VFSLock uint64
-	// Number of times files have been closed and released.
-	VFSFileRelease uint64
-	// Unknown.  Possibly unused.
-	CongestionWait uint64
-	// Number of times files have been truncated.
-	Truncation uint64
-	// Number of times a file has been grown due to writes beyond its existing end.
-	WriteExtension uint64
-	// Number of times a file was removed while still open by another process.
-	SillyRename uint64
-	// Number of times the NFS server gave less data than expected while reading.
-	ShortRead uint64
-	// Number of times the NFS server wrote less data than expected while writing.
-	ShortWrite uint64
-	// Number of times the NFS server indicated EJUKEBOX; retrieving data from
-	// offline storage.
-	JukeboxDelay uint64
-	// Number of NFS v4.1+ pNFS reads.
-	PNFSRead uint64
-	// Number of NFS v4.1+ pNFS writes.
-	PNFSWrite uint64
-}
-
-// A NFSOperationStats contains statistics for a single operation.
-type NFSOperationStats struct {
-	// The name of the operation.
-	Operation string
-	// Number of requests performed for this operation.
-	Requests uint64
-	// Number of times an actual RPC request has been transmitted for this operation.
-	Transmissions uint64
-	// Number of times a request has had a major timeout.
-	MajorTimeouts uint64
-	// Number of bytes sent for this operation, including RPC headers and payload.
-	BytesSent uint64
-	// Number of bytes received for this operation, including RPC headers and payload.
-	BytesReceived uint64
-	// Duration all requests spent queued for transmission before they were sent.
-	CumulativeQueueMilliseconds uint64
-	// Duration it took to get a reply back after the request was transmitted.
-	CumulativeTotalResponseMilliseconds uint64
-	// Duration from when a request was enqueued to when it was completely handled.
-	CumulativeTotalRequestMilliseconds uint64
-	// The count of operations that complete with tk_status < 0.  These statuses usually indicate error conditions.
-	Errors uint64
-}
-
-// A NFSTransportStats contains statistics for the NFS mount RPC requests and
-// responses.
-type NFSTransportStats struct {
-	// The transport protocol used for the NFS mount.
-	Protocol string
-	// The local port used for the NFS mount.
-	Port uint64
-	// Number of times the client has had to establish a connection from scratch
-	// to the NFS server.
-	Bind uint64
-	// Number of times the client has made a TCP connection to the NFS server.
-	Connect uint64
-	// Duration (in jiffies, a kernel internal unit of time) the NFS mount has
-	// spent waiting for connections to the server to be established.
-	ConnectIdleTime uint64
-	// Duration since the NFS mount last saw any RPC traffic.
-	IdleTimeSeconds uint64
-	// Number of RPC requests for this mount sent to the NFS server.
-	Sends uint64
-	// Number of RPC responses for this mount received from the NFS server.
-	Receives uint64
-	// Number of times the NFS server sent a response with a transaction ID
-	// unknown to this client.
-	BadTransactionIDs uint64
-	// A running counter, incremented on each request as the current difference
-	// ebetween sends and receives.
-	CumulativeActiveRequests uint64
-	// A running counter, incremented on each request by the current backlog
-	// queue size.
-	CumulativeBacklog uint64
-
-	// Stats below only available with stat version 1.1.
-
-	// Maximum number of simultaneously active RPC requests ever used.
-	MaximumRPCSlotsUsed uint64
-	// A running counter, incremented on each request as the current size of the
-	// sending queue.
-	CumulativeSendingQueue uint64
-	// A running counter, incremented on each request as the current size of the
-	// pending queue.
-	CumulativePendingQueue uint64
-}
-
-// parseMountStats parses a /proc/[pid]/mountstats file and returns a slice
-// of Mount structures containing detailed information about each mount.
-// If available, statistics for each mount are parsed as well.
-func parseMountStats(r io.Reader) ([]*Mount, error) {
-	const (
-		device            = "device"
-		statVersionPrefix = "statvers="
-
-		nfs3Type = "nfs"
-		nfs4Type = "nfs4"
-	)
-
-	var mounts []*Mount
-
-	s := bufio.NewScanner(r)
-	for s.Scan() {
-		// Only look for device entries in this function
-		ss := strings.Fields(string(s.Bytes()))
-		if len(ss) == 0 || ss[0] != device {
-			continue
-		}
-
-		m, err := parseMount(ss)
-		if err != nil {
-			return nil, err
-		}
-
-		// Does this mount also possess statistics information?
-		if len(ss) > deviceEntryLen {
-			// Only NFSv3 and v4 are supported for parsing statistics
-			if m.Type != nfs3Type && m.Type != nfs4Type {
-				return nil, fmt.Errorf("cannot parse MountStats for fstype %q", m.Type)
-			}
-
-			statVersion := strings.TrimPrefix(ss[8], statVersionPrefix)
-
-			stats, err := parseMountStatsNFS(s, statVersion)
-			if err != nil {
-				return nil, err
-			}
-
-			m.Stats = stats
-		}
-
-		mounts = append(mounts, m)
-	}
-
-	return mounts, s.Err()
-}
-
-// parseMount parses an entry in /proc/[pid]/mountstats in the format:
-//   device [device] mounted on [mount] with fstype [type]
-func parseMount(ss []string) (*Mount, error) {
-	if len(ss) < deviceEntryLen {
-		return nil, fmt.Errorf("invalid device entry: %v", ss)
-	}
-
-	// Check for specific words appearing at specific indices to ensure
-	// the format is consistent with what we expect
-	format := []struct {
-		i int
-		s string
-	}{
-		{i: 0, s: "device"},
-		{i: 2, s: "mounted"},
-		{i: 3, s: "on"},
-		{i: 5, s: "with"},
-		{i: 6, s: "fstype"},
-	}
-
-	for _, f := range format {
-		if ss[f.i] != f.s {
-			return nil, fmt.Errorf("invalid device entry: %v", ss)
-		}
-	}
-
-	return &Mount{
-		Device: ss[1],
-		Mount:  ss[4],
-		Type:   ss[7],
-	}, nil
-}
-
-// parseMountStatsNFS parses a MountStatsNFS by scanning additional information
-// related to NFS statistics.
-func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, error) {
-	// Field indicators for parsing specific types of data
-	const (
-		fieldOpts       = "opts:"
-		fieldAge        = "age:"
-		fieldBytes      = "bytes:"
-		fieldEvents     = "events:"
-		fieldPerOpStats = "per-op"
-		fieldTransport  = "xprt:"
-	)
-
-	stats := &MountStatsNFS{
-		StatVersion: statVersion,
-	}
-
-	for s.Scan() {
-		ss := strings.Fields(string(s.Bytes()))
-		if len(ss) == 0 {
-			break
-		}
-
-		switch ss[0] {
-		case fieldOpts:
-			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
-			}
-			if stats.Opts == nil {
-				stats.Opts = map[string]string{}
-			}
-			for _, opt := range strings.Split(ss[1], ",") {
-				split := strings.Split(opt, "=")
-				if len(split) == 2 {
-					stats.Opts[split[0]] = split[1]
-				} else {
-					stats.Opts[opt] = ""
-				}
-			}
-		case fieldAge:
-			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
-			}
-			// Age integer is in seconds
-			d, err := time.ParseDuration(ss[1] + "s")
-			if err != nil {
-				return nil, err
-			}
-
-			stats.Age = d
-		case fieldBytes:
-			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
-			}
-			bstats, err := parseNFSBytesStats(ss[1:])
-			if err != nil {
-				return nil, err
-			}
-
-			stats.Bytes = *bstats
-		case fieldEvents:
-			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
-			}
-			estats, err := parseNFSEventsStats(ss[1:])
-			if err != nil {
-				return nil, err
-			}
-
-			stats.Events = *estats
-		case fieldTransport:
-			if len(ss) < 3 {
-				return nil, fmt.Errorf("not enough information for NFS transport stats: %v", ss)
-			}
-
-			tstats, err := parseNFSTransportStats(ss[1:], statVersion)
-			if err != nil {
-				return nil, err
-			}
-
-			stats.Transport = *tstats
-		}
-
-		// When encountering "per-operation statistics", we must break this
-		// loop and parse them separately to ensure we can terminate parsing
-		// before reaching another device entry; hence why this 'if' statement
-		// is not just another switch case
-		if ss[0] == fieldPerOpStats {
-			break
-		}
-	}
-
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-
-	// NFS per-operation stats appear last before the next device entry
-	perOpStats, err := parseNFSOperationStats(s)
-	if err != nil {
-		return nil, err
-	}
-
-	stats.Operations = perOpStats
-
-	return stats, nil
-}
-
-// parseNFSBytesStats parses a NFSBytesStats line using an input set of
-// integer fields.
-func parseNFSBytesStats(ss []string) (*NFSBytesStats, error) {
-	if len(ss) != fieldBytesLen {
-		return nil, fmt.Errorf("invalid NFS bytes stats: %v", ss)
-	}
-
-	ns := make([]uint64, 0, fieldBytesLen)
-	for _, s := range ss {
-		n, err := strconv.ParseUint(s, 10, 64)
-		if err != nil {
-			return nil, err
-		}
-
-		ns = append(ns, n)
-	}
-
-	return &NFSBytesStats{
-		Read:        ns[0],
-		Write:       ns[1],
-		DirectRead:  ns[2],
-		DirectWrite: ns[3],
-		ReadTotal:   ns[4],
-		WriteTotal:  ns[5],
-		ReadPages:   ns[6],
-		WritePages:  ns[7],
-	}, nil
-}
-
-// parseNFSEventsStats parses a NFSEventsStats line using an input set of
-// integer fields.
-func parseNFSEventsStats(ss []string) (*NFSEventsStats, error) {
-	if len(ss) != fieldEventsLen {
-		return nil, fmt.Errorf("invalid NFS events stats: %v", ss)
-	}
-
-	ns := make([]uint64, 0, fieldEventsLen)
-	for _, s := range ss {
-		n, err := strconv.ParseUint(s, 10, 64)
-		if err != nil {
-			return nil, err
-		}
-
-		ns = append(ns, n)
-	}
-
-	return &NFSEventsStats{
-		InodeRevalidate:     ns[0],
-		DnodeRevalidate:     ns[1],
-		DataInvalidate:      ns[2],
-		AttributeInvalidate: ns[3],
-		VFSOpen:             ns[4],
-		VFSLookup:           ns[5],
-		VFSAccess:           ns[6],
-		VFSUpdatePage:       ns[7],
-		VFSReadPage:         ns[8],
-		VFSReadPages:        ns[9],
-		VFSWritePage:        ns[10],
-		VFSWritePages:       ns[11],
-		VFSGetdents:         ns[12],
-		VFSSetattr:          ns[13],
-		VFSFlush:            ns[14],
-		VFSFsync:            ns[15],
-		VFSLock:             ns[16],
-		VFSFileRelease:      ns[17],
-		CongestionWait:      ns[18],
-		Truncation:          ns[19],
-		WriteExtension:      ns[20],
-		SillyRename:         ns[21],
-		ShortRead:           ns[22],
-		ShortWrite:          ns[23],
-		JukeboxDelay:        ns[24],
-		PNFSRead:            ns[25],
-		PNFSWrite:           ns[26],
-	}, nil
-}
-
-// parseNFSOperationStats parses a slice of NFSOperationStats by scanning
-// additional information about per-operation statistics until an empty
-// line is reached.
-func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
-	const (
-		// Minimum number of expected fields in each per-operation statistics set
-		minFields = 9
-	)
-
-	var ops []NFSOperationStats
-
-	for s.Scan() {
-		ss := strings.Fields(string(s.Bytes()))
-		if len(ss) == 0 {
-			// Must break when reading a blank line after per-operation stats to
-			// enable top-level function to parse the next device entry
-			break
-		}
-
-		if len(ss) < minFields {
-			return nil, fmt.Errorf("invalid NFS per-operations stats: %v", ss)
-		}
-
-		// Skip string operation name for integers
-		ns := make([]uint64, 0, minFields-1)
-		for _, st := range ss[1:] {
-			n, err := strconv.ParseUint(st, 10, 64)
-			if err != nil {
-				return nil, err
-			}
-
-			ns = append(ns, n)
-		}
-
-		opStats := NFSOperationStats{
-			Operation:                           strings.TrimSuffix(ss[0], ":"),
-			Requests:                            ns[0],
-			Transmissions:                       ns[1],
-			MajorTimeouts:                       ns[2],
-			BytesSent:                           ns[3],
-			BytesReceived:                       ns[4],
-			CumulativeQueueMilliseconds:         ns[5],
-			CumulativeTotalResponseMilliseconds: ns[6],
-			CumulativeTotalRequestMilliseconds:  ns[7],
-		}
-
-		if len(ns) > 8 {
-			opStats.Errors = ns[8]
-		}
-
-		ops = append(ops, opStats)
-	}
-
-	return ops, s.Err()
-}
-
-// parseNFSTransportStats parses a NFSTransportStats line using an input set of
-// integer fields matched to a specific stats version.
-func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats, error) {
-	// Extract the protocol field. It is the only string value in the line
-	protocol := ss[0]
-	ss = ss[1:]
-
-	switch statVersion {
-	case statVersion10:
-		var expectedLength int
-		if protocol == "tcp" {
-			expectedLength = fieldTransport10TCPLen
-		} else if protocol == "udp" {
-			expectedLength = fieldTransport10UDPLen
-		} else {
-			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.0 statement: %v", protocol, ss)
-		}
-		if len(ss) != expectedLength {
-			return nil, fmt.Errorf("invalid NFS transport stats 1.0 statement: %v", ss)
-		}
-	case statVersion11:
-		var expectedLength int
-		if protocol == "tcp" {
-			expectedLength = fieldTransport11TCPLen
-		} else if protocol == "udp" {
-			expectedLength = fieldTransport11UDPLen
-		} else {
-			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.1 statement: %v", protocol, ss)
-		}
-		if len(ss) != expectedLength {
-			return nil, fmt.Errorf("invalid NFS transport stats 1.1 statement: %v", ss)
-		}
-	default:
-		return nil, fmt.Errorf("unrecognized NFS transport stats version: %q", statVersion)
-	}
-
-	// Allocate enough for v1.1 stats since zero value for v1.1 stats will be okay
-	// in a v1.0 response. Since the stat length is bigger for TCP stats, we use
-	// the TCP length here.
-	//
-	// Note: slice length must be set to length of v1.1 stats to avoid a panic when
-	// only v1.0 stats are present.
-	// See: https://github.com/prometheus/node_exporter/issues/571.
-	ns := make([]uint64, fieldTransport11TCPLen)
-	for i, s := range ss {
-		n, err := strconv.ParseUint(s, 10, 64)
-		if err != nil {
-			return nil, err
-		}
-
-		ns[i] = n
-	}
-
-	// The fields differ depending on the transport protocol (TCP or UDP)
-	// From https://utcc.utoronto.ca/%7Ecks/space/blog/linux/NFSMountstatsXprt
-	//
-	// For the udp RPC transport there is no connection count, connect idle time,
-	// or idle time (fields #3, #4, and #5); all other fields are the same. So
-	// we set them to 0 here.
-	if protocol == "udp" {
-		ns = append(ns[:2], append(make([]uint64, 3), ns[2:]...)...)
-	}
-
-	return &NFSTransportStats{
-		Protocol:                 protocol,
-		Port:                     ns[0],
-		Bind:                     ns[1],
-		Connect:                  ns[2],
-		ConnectIdleTime:          ns[3],
-		IdleTimeSeconds:          ns[4],
-		Sends:                    ns[5],
-		Receives:                 ns[6],
-		BadTransactionIDs:        ns[7],
-		CumulativeActiveRequests: ns[8],
-		CumulativeBacklog:        ns[9],
-		MaximumRPCSlotsUsed:      ns[10],
-		CumulativeSendingQueue:   ns[11],
-		CumulativePendingQueue:   ns[12],
-	}, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/net_conntrackstat.go b/vendor/github.com/prometheus/procfs/net_conntrackstat.go
deleted file mode 100644
index 9964a3600..000000000
--- a/vendor/github.com/prometheus/procfs/net_conntrackstat.go
+++ /dev/null
@@ -1,153 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// A ConntrackStatEntry represents one line from net/stat/nf_conntrack
-// and contains netfilter conntrack statistics at one CPU core
-type ConntrackStatEntry struct {
-	Entries       uint64
-	Found         uint64
-	Invalid       uint64
-	Ignore        uint64
-	Insert        uint64
-	InsertFailed  uint64
-	Drop          uint64
-	EarlyDrop     uint64
-	SearchRestart uint64
-}
-
-// ConntrackStat retrieves netfilter's conntrack statistics, split by CPU cores
-func (fs FS) ConntrackStat() ([]ConntrackStatEntry, error) {
-	return readConntrackStat(fs.proc.Path("net", "stat", "nf_conntrack"))
-}
-
-// Parses a slice of ConntrackStatEntries from the given filepath
-func readConntrackStat(path string) ([]ConntrackStatEntry, error) {
-	// This file is small and can be read with one syscall.
-	b, err := util.ReadFileNoStat(path)
-	if err != nil {
-		// Do not wrap this error so the caller can detect os.IsNotExist and
-		// similar conditions.
-		return nil, err
-	}
-
-	stat, err := parseConntrackStat(bytes.NewReader(b))
-	if err != nil {
-		return nil, fmt.Errorf("failed to read conntrack stats from %q: %w", path, err)
-	}
-
-	return stat, nil
-}
-
-// Reads the contents of a conntrack statistics file and parses a slice of ConntrackStatEntries
-func parseConntrackStat(r io.Reader) ([]ConntrackStatEntry, error) {
-	var entries []ConntrackStatEntry
-
-	scanner := bufio.NewScanner(r)
-	scanner.Scan()
-	for scanner.Scan() {
-		fields := strings.Fields(scanner.Text())
-		conntrackEntry, err := parseConntrackStatEntry(fields)
-		if err != nil {
-			return nil, err
-		}
-		entries = append(entries, *conntrackEntry)
-	}
-
-	return entries, nil
-}
-
-// Parses a ConntrackStatEntry from given array of fields
-func parseConntrackStatEntry(fields []string) (*ConntrackStatEntry, error) {
-	if len(fields) != 17 {
-		return nil, fmt.Errorf("invalid conntrackstat entry, missing fields")
-	}
-	entry := &ConntrackStatEntry{}
-
-	entries, err := parseConntrackStatField(fields[0])
-	if err != nil {
-		return nil, err
-	}
-	entry.Entries = entries
-
-	found, err := parseConntrackStatField(fields[2])
-	if err != nil {
-		return nil, err
-	}
-	entry.Found = found
-
-	invalid, err := parseConntrackStatField(fields[4])
-	if err != nil {
-		return nil, err
-	}
-	entry.Invalid = invalid
-
-	ignore, err := parseConntrackStatField(fields[5])
-	if err != nil {
-		return nil, err
-	}
-	entry.Ignore = ignore
-
-	insert, err := parseConntrackStatField(fields[8])
-	if err != nil {
-		return nil, err
-	}
-	entry.Insert = insert
-
-	insertFailed, err := parseConntrackStatField(fields[9])
-	if err != nil {
-		return nil, err
-	}
-	entry.InsertFailed = insertFailed
-
-	drop, err := parseConntrackStatField(fields[10])
-	if err != nil {
-		return nil, err
-	}
-	entry.Drop = drop
-
-	earlyDrop, err := parseConntrackStatField(fields[11])
-	if err != nil {
-		return nil, err
-	}
-	entry.EarlyDrop = earlyDrop
-
-	searchRestart, err := parseConntrackStatField(fields[16])
-	if err != nil {
-		return nil, err
-	}
-	entry.SearchRestart = searchRestart
-
-	return entry, nil
-}
-
-// Parses a uint64 from given hex in string
-func parseConntrackStatField(field string) (uint64, error) {
-	val, err := strconv.ParseUint(field, 16, 64)
-	if err != nil {
-		return 0, fmt.Errorf("couldn't parse %q field: %w", field, err)
-	}
-	return val, err
-}
diff --git a/vendor/github.com/prometheus/procfs/net_dev.go b/vendor/github.com/prometheus/procfs/net_dev.go
deleted file mode 100644
index 47a710bef..000000000
--- a/vendor/github.com/prometheus/procfs/net_dev.go
+++ /dev/null
@@ -1,205 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"errors"
-	"os"
-	"sort"
-	"strconv"
-	"strings"
-)
-
-// NetDevLine is single line parsed from /proc/net/dev or /proc/[pid]/net/dev.
-type NetDevLine struct {
-	Name         string `json:"name"`          // The name of the interface.
-	RxBytes      uint64 `json:"rx_bytes"`      // Cumulative count of bytes received.
-	RxPackets    uint64 `json:"rx_packets"`    // Cumulative count of packets received.
-	RxErrors     uint64 `json:"rx_errors"`     // Cumulative count of receive errors encountered.
-	RxDropped    uint64 `json:"rx_dropped"`    // Cumulative count of packets dropped while receiving.
-	RxFIFO       uint64 `json:"rx_fifo"`       // Cumulative count of FIFO buffer errors.
-	RxFrame      uint64 `json:"rx_frame"`      // Cumulative count of packet framing errors.
-	RxCompressed uint64 `json:"rx_compressed"` // Cumulative count of compressed packets received by the device driver.
-	RxMulticast  uint64 `json:"rx_multicast"`  // Cumulative count of multicast frames received by the device driver.
-	TxBytes      uint64 `json:"tx_bytes"`      // Cumulative count of bytes transmitted.
-	TxPackets    uint64 `json:"tx_packets"`    // Cumulative count of packets transmitted.
-	TxErrors     uint64 `json:"tx_errors"`     // Cumulative count of transmit errors encountered.
-	TxDropped    uint64 `json:"tx_dropped"`    // Cumulative count of packets dropped while transmitting.
-	TxFIFO       uint64 `json:"tx_fifo"`       // Cumulative count of FIFO buffer errors.
-	TxCollisions uint64 `json:"tx_collisions"` // Cumulative count of collisions detected on the interface.
-	TxCarrier    uint64 `json:"tx_carrier"`    // Cumulative count of carrier losses detected by the device driver.
-	TxCompressed uint64 `json:"tx_compressed"` // Cumulative count of compressed packets transmitted by the device driver.
-}
-
-// NetDev is parsed from /proc/net/dev or /proc/[pid]/net/dev. The map keys
-// are interface names.
-type NetDev map[string]NetDevLine
-
-// NetDev returns kernel/system statistics read from /proc/net/dev.
-func (fs FS) NetDev() (NetDev, error) {
-	return newNetDev(fs.proc.Path("net/dev"))
-}
-
-// NetDev returns kernel/system statistics read from /proc/[pid]/net/dev.
-func (p Proc) NetDev() (NetDev, error) {
-	return newNetDev(p.path("net/dev"))
-}
-
-// newNetDev creates a new NetDev from the contents of the given file.
-func newNetDev(file string) (NetDev, error) {
-	f, err := os.Open(file)
-	if err != nil {
-		return NetDev{}, err
-	}
-	defer f.Close()
-
-	netDev := NetDev{}
-	s := bufio.NewScanner(f)
-	for n := 0; s.Scan(); n++ {
-		// Skip the 2 header lines.
-		if n < 2 {
-			continue
-		}
-
-		line, err := netDev.parseLine(s.Text())
-		if err != nil {
-			return netDev, err
-		}
-
-		netDev[line.Name] = *line
-	}
-
-	return netDev, s.Err()
-}
-
-// parseLine parses a single line from the /proc/net/dev file. Header lines
-// must be filtered prior to calling this method.
-func (netDev NetDev) parseLine(rawLine string) (*NetDevLine, error) {
-	parts := strings.SplitN(rawLine, ":", 2)
-	if len(parts) != 2 {
-		return nil, errors.New("invalid net/dev line, missing colon")
-	}
-	fields := strings.Fields(strings.TrimSpace(parts[1]))
-
-	var err error
-	line := &NetDevLine{}
-
-	// Interface Name
-	line.Name = strings.TrimSpace(parts[0])
-	if line.Name == "" {
-		return nil, errors.New("invalid net/dev line, empty interface name")
-	}
-
-	// RX
-	line.RxBytes, err = strconv.ParseUint(fields[0], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.RxPackets, err = strconv.ParseUint(fields[1], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.RxErrors, err = strconv.ParseUint(fields[2], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.RxDropped, err = strconv.ParseUint(fields[3], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.RxFIFO, err = strconv.ParseUint(fields[4], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.RxFrame, err = strconv.ParseUint(fields[5], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.RxCompressed, err = strconv.ParseUint(fields[6], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.RxMulticast, err = strconv.ParseUint(fields[7], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-
-	// TX
-	line.TxBytes, err = strconv.ParseUint(fields[8], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.TxPackets, err = strconv.ParseUint(fields[9], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.TxErrors, err = strconv.ParseUint(fields[10], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.TxDropped, err = strconv.ParseUint(fields[11], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.TxFIFO, err = strconv.ParseUint(fields[12], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.TxCollisions, err = strconv.ParseUint(fields[13], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.TxCarrier, err = strconv.ParseUint(fields[14], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.TxCompressed, err = strconv.ParseUint(fields[15], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-
-	return line, nil
-}
-
-// Total aggregates the values across interfaces and returns a new NetDevLine.
-// The Name field will be a sorted comma separated list of interface names.
-func (netDev NetDev) Total() NetDevLine {
-	total := NetDevLine{}
-
-	names := make([]string, 0, len(netDev))
-	for _, ifc := range netDev {
-		names = append(names, ifc.Name)
-		total.RxBytes += ifc.RxBytes
-		total.RxPackets += ifc.RxPackets
-		total.RxErrors += ifc.RxErrors
-		total.RxDropped += ifc.RxDropped
-		total.RxFIFO += ifc.RxFIFO
-		total.RxFrame += ifc.RxFrame
-		total.RxCompressed += ifc.RxCompressed
-		total.RxMulticast += ifc.RxMulticast
-		total.TxBytes += ifc.TxBytes
-		total.TxPackets += ifc.TxPackets
-		total.TxErrors += ifc.TxErrors
-		total.TxDropped += ifc.TxDropped
-		total.TxFIFO += ifc.TxFIFO
-		total.TxCollisions += ifc.TxCollisions
-		total.TxCarrier += ifc.TxCarrier
-		total.TxCompressed += ifc.TxCompressed
-	}
-	sort.Strings(names)
-	total.Name = strings.Join(names, ", ")
-
-	return total
-}
diff --git a/vendor/github.com/prometheus/procfs/net_ip_socket.go b/vendor/github.com/prometheus/procfs/net_ip_socket.go
deleted file mode 100644
index 8c9ee3de8..000000000
--- a/vendor/github.com/prometheus/procfs/net_ip_socket.go
+++ /dev/null
@@ -1,226 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"encoding/hex"
-	"fmt"
-	"io"
-	"net"
-	"os"
-	"strconv"
-	"strings"
-)
-
-const (
-	// readLimit is used by io.LimitReader while reading the content of the
-	// /proc/net/udp{,6} files. The number of lines inside such a file is dynamic
-	// as each line represents a single used socket.
-	// In theory, the number of available sockets is 65535 (2^16 - 1) per IP.
-	// With e.g. 150 Byte per line and the maximum number of 65535,
-	// the reader needs to handle 150 Byte * 65535 =~ 10 MB for a single IP.
-	readLimit = 4294967296 // Byte -> 4 GiB
-)
-
-// this contains generic data structures for both udp and tcp sockets
-type (
-	// NetIPSocket represents the contents of /proc/net/{t,u}dp{,6} file without the header.
-	NetIPSocket []*netIPSocketLine
-
-	// NetIPSocketSummary provides already computed values like the total queue lengths or
-	// the total number of used sockets. In contrast to NetIPSocket it does not collect
-	// the parsed lines into a slice.
-	NetIPSocketSummary struct {
-		// TxQueueLength shows the total queue length of all parsed tx_queue lengths.
-		TxQueueLength uint64
-		// RxQueueLength shows the total queue length of all parsed rx_queue lengths.
-		RxQueueLength uint64
-		// UsedSockets shows the total number of parsed lines representing the
-		// number of used sockets.
-		UsedSockets uint64
-	}
-
-	// netIPSocketLine represents the fields parsed from a single line
-	// in /proc/net/{t,u}dp{,6}. Fields which are not used by IPSocket are skipped.
-	// For the proc file format details, see https://linux.die.net/man/5/proc.
-	netIPSocketLine struct {
-		Sl        uint64
-		LocalAddr net.IP
-		LocalPort uint64
-		RemAddr   net.IP
-		RemPort   uint64
-		St        uint64
-		TxQueue   uint64
-		RxQueue   uint64
-		UID       uint64
-		Inode     uint64
-	}
-)
-
-func newNetIPSocket(file string) (NetIPSocket, error) {
-	f, err := os.Open(file)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	var netIPSocket NetIPSocket
-
-	lr := io.LimitReader(f, readLimit)
-	s := bufio.NewScanner(lr)
-	s.Scan() // skip first line with headers
-	for s.Scan() {
-		fields := strings.Fields(s.Text())
-		line, err := parseNetIPSocketLine(fields)
-		if err != nil {
-			return nil, err
-		}
-		netIPSocket = append(netIPSocket, line)
-	}
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-	return netIPSocket, nil
-}
-
-// newNetIPSocketSummary creates a new NetIPSocket{,6} from the contents of the given file.
-func newNetIPSocketSummary(file string) (*NetIPSocketSummary, error) {
-	f, err := os.Open(file)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	var netIPSocketSummary NetIPSocketSummary
-
-	lr := io.LimitReader(f, readLimit)
-	s := bufio.NewScanner(lr)
-	s.Scan() // skip first line with headers
-	for s.Scan() {
-		fields := strings.Fields(s.Text())
-		line, err := parseNetIPSocketLine(fields)
-		if err != nil {
-			return nil, err
-		}
-		netIPSocketSummary.TxQueueLength += line.TxQueue
-		netIPSocketSummary.RxQueueLength += line.RxQueue
-		netIPSocketSummary.UsedSockets++
-	}
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-	return &netIPSocketSummary, nil
-}
-
-// the /proc/net/{t,u}dp{,6} files are network byte order for ipv4 and for ipv6 the address is four words consisting of four bytes each. In each of those four words the four bytes are written in reverse order.
-
-func parseIP(hexIP string) (net.IP, error) {
-	var byteIP []byte
-	byteIP, err := hex.DecodeString(hexIP)
-	if err != nil {
-		return nil, fmt.Errorf("cannot parse address field in socket line %q", hexIP)
-	}
-	switch len(byteIP) {
-	case 4:
-		return net.IP{byteIP[3], byteIP[2], byteIP[1], byteIP[0]}, nil
-	case 16:
-		i := net.IP{
-			byteIP[3], byteIP[2], byteIP[1], byteIP[0],
-			byteIP[7], byteIP[6], byteIP[5], byteIP[4],
-			byteIP[11], byteIP[10], byteIP[9], byteIP[8],
-			byteIP[15], byteIP[14], byteIP[13], byteIP[12],
-		}
-		return i, nil
-	default:
-		return nil, fmt.Errorf("Unable to parse IP %s", hexIP)
-	}
-}
-
-// parseNetIPSocketLine parses a single line, represented by a list of fields.
-func parseNetIPSocketLine(fields []string) (*netIPSocketLine, error) {
-	line := &netIPSocketLine{}
-	if len(fields) < 10 {
-		return nil, fmt.Errorf(
-			"cannot parse net socket line as it has less then 10 columns %q",
-			strings.Join(fields, " "),
-		)
-	}
-	var err error // parse error
-
-	// sl
-	s := strings.Split(fields[0], ":")
-	if len(s) != 2 {
-		return nil, fmt.Errorf("cannot parse sl field in socket line %q", fields[0])
-	}
-
-	if line.Sl, err = strconv.ParseUint(s[0], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse sl value in socket line: %w", err)
-	}
-	// local_address
-	l := strings.Split(fields[1], ":")
-	if len(l) != 2 {
-		return nil, fmt.Errorf("cannot parse local_address field in socket line %q", fields[1])
-	}
-	if line.LocalAddr, err = parseIP(l[0]); err != nil {
-		return nil, err
-	}
-	if line.LocalPort, err = strconv.ParseUint(l[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse local_address port value in socket line: %w", err)
-	}
-
-	// remote_address
-	r := strings.Split(fields[2], ":")
-	if len(r) != 2 {
-		return nil, fmt.Errorf("cannot parse rem_address field in socket line %q", fields[1])
-	}
-	if line.RemAddr, err = parseIP(r[0]); err != nil {
-		return nil, err
-	}
-	if line.RemPort, err = strconv.ParseUint(r[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse rem_address port value in socket line: %w", err)
-	}
-
-	// st
-	if line.St, err = strconv.ParseUint(fields[3], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse st value in socket line: %w", err)
-	}
-
-	// tx_queue and rx_queue
-	q := strings.Split(fields[4], ":")
-	if len(q) != 2 {
-		return nil, fmt.Errorf(
-			"cannot parse tx/rx queues in socket line as it has a missing colon %q",
-			fields[4],
-		)
-	}
-	if line.TxQueue, err = strconv.ParseUint(q[0], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse tx_queue value in socket line: %w", err)
-	}
-	if line.RxQueue, err = strconv.ParseUint(q[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse rx_queue value in socket line: %w", err)
-	}
-
-	// uid
-	if line.UID, err = strconv.ParseUint(fields[7], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse uid value in socket line: %w", err)
-	}
-
-	// inode
-	if line.Inode, err = strconv.ParseUint(fields[9], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse inode value in socket line: %w", err)
-	}
-
-	return line, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/net_protocols.go b/vendor/github.com/prometheus/procfs/net_protocols.go
deleted file mode 100644
index 8c6de3791..000000000
--- a/vendor/github.com/prometheus/procfs/net_protocols.go
+++ /dev/null
@@ -1,180 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// NetProtocolStats stores the contents from /proc/net/protocols
-type NetProtocolStats map[string]NetProtocolStatLine
-
-// NetProtocolStatLine contains a single line parsed from /proc/net/protocols. We
-// only care about the first six columns as the rest are not likely to change
-// and only serve to provide a set of capabilities for each protocol.
-type NetProtocolStatLine struct {
-	Name         string // 0 The name of the protocol
-	Size         uint64 // 1 The size, in bytes, of a given protocol structure. e.g. sizeof(struct tcp_sock) or sizeof(struct unix_sock)
-	Sockets      int64  // 2 Number of sockets in use by this protocol
-	Memory       int64  // 3 Number of 4KB pages allocated by all sockets of this protocol
-	Pressure     int    // 4 This is either yes, no, or NI (not implemented). For the sake of simplicity we treat NI as not experiencing memory pressure.
-	MaxHeader    uint64 // 5 Protocol specific max header size
-	Slab         bool   // 6 Indicates whether or not memory is allocated from the SLAB
-	ModuleName   string // 7 The name of the module that implemented this protocol or "kernel" if not from a module
-	Capabilities NetProtocolCapabilities
-}
-
-// NetProtocolCapabilities contains a list of capabilities for each protocol
-type NetProtocolCapabilities struct {
-	Close               bool // 8
-	Connect             bool // 9
-	Disconnect          bool // 10
-	Accept              bool // 11
-	IoCtl               bool // 12
-	Init                bool // 13
-	Destroy             bool // 14
-	Shutdown            bool // 15
-	SetSockOpt          bool // 16
-	GetSockOpt          bool // 17
-	SendMsg             bool // 18
-	RecvMsg             bool // 19
-	SendPage            bool // 20
-	Bind                bool // 21
-	BacklogRcv          bool // 22
-	Hash                bool // 23
-	UnHash              bool // 24
-	GetPort             bool // 25
-	EnterMemoryPressure bool // 26
-}
-
-// NetProtocols reads stats from /proc/net/protocols and returns a map of
-// PortocolStatLine entries. As of this writing no official Linux Documentation
-// exists, however the source is fairly self-explanatory and the format seems
-// stable since its introduction in 2.6.12-rc2
-// Linux 2.6.12-rc2 - https://elixir.bootlin.com/linux/v2.6.12-rc2/source/net/core/sock.c#L1452
-// Linux 5.10 - https://elixir.bootlin.com/linux/v5.10.4/source/net/core/sock.c#L3586
-func (fs FS) NetProtocols() (NetProtocolStats, error) {
-	data, err := util.ReadFileNoStat(fs.proc.Path("net/protocols"))
-	if err != nil {
-		return NetProtocolStats{}, err
-	}
-	return parseNetProtocols(bufio.NewScanner(bytes.NewReader(data)))
-}
-
-func parseNetProtocols(s *bufio.Scanner) (NetProtocolStats, error) {
-	nps := NetProtocolStats{}
-
-	// Skip the header line
-	s.Scan()
-
-	for s.Scan() {
-		line, err := nps.parseLine(s.Text())
-		if err != nil {
-			return NetProtocolStats{}, err
-		}
-
-		nps[line.Name] = *line
-	}
-	return nps, nil
-}
-
-func (ps NetProtocolStats) parseLine(rawLine string) (*NetProtocolStatLine, error) {
-	line := &NetProtocolStatLine{Capabilities: NetProtocolCapabilities{}}
-	var err error
-	const enabled = "yes"
-	const disabled = "no"
-
-	fields := strings.Fields(rawLine)
-	line.Name = fields[0]
-	line.Size, err = strconv.ParseUint(fields[1], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.Sockets, err = strconv.ParseInt(fields[2], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	line.Memory, err = strconv.ParseInt(fields[3], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	if fields[4] == enabled {
-		line.Pressure = 1
-	} else if fields[4] == disabled {
-		line.Pressure = 0
-	} else {
-		line.Pressure = -1
-	}
-	line.MaxHeader, err = strconv.ParseUint(fields[5], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	if fields[6] == enabled {
-		line.Slab = true
-	} else if fields[6] == disabled {
-		line.Slab = false
-	} else {
-		return nil, fmt.Errorf("unable to parse capability for protocol: %s", line.Name)
-	}
-	line.ModuleName = fields[7]
-
-	err = line.Capabilities.parseCapabilities(fields[8:])
-	if err != nil {
-		return nil, err
-	}
-
-	return line, nil
-}
-
-func (pc *NetProtocolCapabilities) parseCapabilities(capabilities []string) error {
-	// The capabilities are all bools so we can loop over to map them
-	capabilityFields := [...]*bool{
-		&pc.Close,
-		&pc.Connect,
-		&pc.Disconnect,
-		&pc.Accept,
-		&pc.IoCtl,
-		&pc.Init,
-		&pc.Destroy,
-		&pc.Shutdown,
-		&pc.SetSockOpt,
-		&pc.GetSockOpt,
-		&pc.SendMsg,
-		&pc.RecvMsg,
-		&pc.SendPage,
-		&pc.Bind,
-		&pc.BacklogRcv,
-		&pc.Hash,
-		&pc.UnHash,
-		&pc.GetPort,
-		&pc.EnterMemoryPressure,
-	}
-
-	for i := 0; i < len(capabilities); i++ {
-		if capabilities[i] == "y" {
-			*capabilityFields[i] = true
-		} else if capabilities[i] == "n" {
-			*capabilityFields[i] = false
-		} else {
-			return fmt.Errorf("unable to parse capability block for protocol: position %d", i)
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/prometheus/procfs/net_sockstat.go b/vendor/github.com/prometheus/procfs/net_sockstat.go
deleted file mode 100644
index e36f4872d..000000000
--- a/vendor/github.com/prometheus/procfs/net_sockstat.go
+++ /dev/null
@@ -1,163 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// A NetSockstat contains the output of /proc/net/sockstat{,6} for IPv4 or IPv6,
-// respectively.
-type NetSockstat struct {
-	// Used is non-nil for IPv4 sockstat results, but nil for IPv6.
-	Used      *int
-	Protocols []NetSockstatProtocol
-}
-
-// A NetSockstatProtocol contains statistics about a given socket protocol.
-// Pointer fields indicate that the value may or may not be present on any
-// given protocol.
-type NetSockstatProtocol struct {
-	Protocol string
-	InUse    int
-	Orphan   *int
-	TW       *int
-	Alloc    *int
-	Mem      *int
-	Memory   *int
-}
-
-// NetSockstat retrieves IPv4 socket statistics.
-func (fs FS) NetSockstat() (*NetSockstat, error) {
-	return readSockstat(fs.proc.Path("net", "sockstat"))
-}
-
-// NetSockstat6 retrieves IPv6 socket statistics.
-//
-// If IPv6 is disabled on this kernel, the returned error can be checked with
-// os.IsNotExist.
-func (fs FS) NetSockstat6() (*NetSockstat, error) {
-	return readSockstat(fs.proc.Path("net", "sockstat6"))
-}
-
-// readSockstat opens and parses a NetSockstat from the input file.
-func readSockstat(name string) (*NetSockstat, error) {
-	// This file is small and can be read with one syscall.
-	b, err := util.ReadFileNoStat(name)
-	if err != nil {
-		// Do not wrap this error so the caller can detect os.IsNotExist and
-		// similar conditions.
-		return nil, err
-	}
-
-	stat, err := parseSockstat(bytes.NewReader(b))
-	if err != nil {
-		return nil, fmt.Errorf("failed to read sockstats from %q: %w", name, err)
-	}
-
-	return stat, nil
-}
-
-// parseSockstat reads the contents of a sockstat file and parses a NetSockstat.
-func parseSockstat(r io.Reader) (*NetSockstat, error) {
-	var stat NetSockstat
-	s := bufio.NewScanner(r)
-	for s.Scan() {
-		// Expect a minimum of a protocol and one key/value pair.
-		fields := strings.Split(s.Text(), " ")
-		if len(fields) < 3 {
-			return nil, fmt.Errorf("malformed sockstat line: %q", s.Text())
-		}
-
-		// The remaining fields are key/value pairs.
-		kvs, err := parseSockstatKVs(fields[1:])
-		if err != nil {
-			return nil, fmt.Errorf("error parsing sockstat key/value pairs from %q: %w", s.Text(), err)
-		}
-
-		// The first field is the protocol. We must trim its colon suffix.
-		proto := strings.TrimSuffix(fields[0], ":")
-		switch proto {
-		case "sockets":
-			// Special case: IPv4 has a sockets "used" key/value pair that we
-			// embed at the top level of the structure.
-			used := kvs["used"]
-			stat.Used = &used
-		default:
-			// Parse all other lines as individual protocols.
-			nsp := parseSockstatProtocol(kvs)
-			nsp.Protocol = proto
-			stat.Protocols = append(stat.Protocols, nsp)
-		}
-	}
-
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-
-	return &stat, nil
-}
-
-// parseSockstatKVs parses a string slice into a map of key/value pairs.
-func parseSockstatKVs(kvs []string) (map[string]int, error) {
-	if len(kvs)%2 != 0 {
-		return nil, errors.New("odd number of fields in key/value pairs")
-	}
-
-	// Iterate two values at a time to gather key/value pairs.
-	out := make(map[string]int, len(kvs)/2)
-	for i := 0; i < len(kvs); i += 2 {
-		vp := util.NewValueParser(kvs[i+1])
-		out[kvs[i]] = vp.Int()
-
-		if err := vp.Err(); err != nil {
-			return nil, err
-		}
-	}
-
-	return out, nil
-}
-
-// parseSockstatProtocol parses a NetSockstatProtocol from the input kvs map.
-func parseSockstatProtocol(kvs map[string]int) NetSockstatProtocol {
-	var nsp NetSockstatProtocol
-	for k, v := range kvs {
-		// Capture the range variable to ensure we get unique pointers for
-		// each of the optional fields.
-		v := v
-		switch k {
-		case "inuse":
-			nsp.InUse = v
-		case "orphan":
-			nsp.Orphan = &v
-		case "tw":
-			nsp.TW = &v
-		case "alloc":
-			nsp.Alloc = &v
-		case "mem":
-			nsp.Mem = &v
-		case "memory":
-			nsp.Memory = &v
-		}
-	}
-
-	return nsp
-}
diff --git a/vendor/github.com/prometheus/procfs/net_softnet.go b/vendor/github.com/prometheus/procfs/net_softnet.go
deleted file mode 100644
index 46f12c61d..000000000
--- a/vendor/github.com/prometheus/procfs/net_softnet.go
+++ /dev/null
@@ -1,102 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// For the proc file format details,
-// See:
-// * Linux 2.6.23 https://elixir.bootlin.com/linux/v2.6.23/source/net/core/dev.c#L2343
-// * Linux 4.17 https://elixir.bootlin.com/linux/v4.17/source/net/core/net-procfs.c#L162
-// and https://elixir.bootlin.com/linux/v4.17/source/include/linux/netdevice.h#L2810.
-
-// SoftnetStat contains a single row of data from /proc/net/softnet_stat
-type SoftnetStat struct {
-	// Number of processed packets
-	Processed uint32
-	// Number of dropped packets
-	Dropped uint32
-	// Number of times processing packets ran out of quota
-	TimeSqueezed uint32
-}
-
-var softNetProcFile = "net/softnet_stat"
-
-// NetSoftnetStat reads data from /proc/net/softnet_stat.
-func (fs FS) NetSoftnetStat() ([]SoftnetStat, error) {
-	b, err := util.ReadFileNoStat(fs.proc.Path(softNetProcFile))
-	if err != nil {
-		return nil, err
-	}
-
-	entries, err := parseSoftnet(bytes.NewReader(b))
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse /proc/net/softnet_stat: %w", err)
-	}
-
-	return entries, nil
-}
-
-func parseSoftnet(r io.Reader) ([]SoftnetStat, error) {
-	const minColumns = 9
-
-	s := bufio.NewScanner(r)
-
-	var stats []SoftnetStat
-	for s.Scan() {
-		columns := strings.Fields(s.Text())
-		width := len(columns)
-
-		if width < minColumns {
-			return nil, fmt.Errorf("%d columns were detected, but at least %d were expected", width, minColumns)
-		}
-
-		// We only parse the first three columns at the moment.
-		us, err := parseHexUint32s(columns[0:3])
-		if err != nil {
-			return nil, err
-		}
-
-		stats = append(stats, SoftnetStat{
-			Processed:    us[0],
-			Dropped:      us[1],
-			TimeSqueezed: us[2],
-		})
-	}
-
-	return stats, nil
-}
-
-func parseHexUint32s(ss []string) ([]uint32, error) {
-	us := make([]uint32, 0, len(ss))
-	for _, s := range ss {
-		u, err := strconv.ParseUint(s, 16, 32)
-		if err != nil {
-			return nil, err
-		}
-
-		us = append(us, uint32(u))
-	}
-
-	return us, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/net_tcp.go b/vendor/github.com/prometheus/procfs/net_tcp.go
deleted file mode 100644
index 527762955..000000000
--- a/vendor/github.com/prometheus/procfs/net_tcp.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-type (
-	// NetTCP represents the contents of /proc/net/tcp{,6} file without the header.
-	NetTCP []*netIPSocketLine
-
-	// NetTCPSummary provides already computed values like the total queue lengths or
-	// the total number of used sockets. In contrast to NetTCP it does not collect
-	// the parsed lines into a slice.
-	NetTCPSummary NetIPSocketSummary
-)
-
-// NetTCP returns the IPv4 kernel/networking statistics for TCP datagrams
-// read from /proc/net/tcp.
-func (fs FS) NetTCP() (NetTCP, error) {
-	return newNetTCP(fs.proc.Path("net/tcp"))
-}
-
-// NetTCP6 returns the IPv6 kernel/networking statistics for TCP datagrams
-// read from /proc/net/tcp6.
-func (fs FS) NetTCP6() (NetTCP, error) {
-	return newNetTCP(fs.proc.Path("net/tcp6"))
-}
-
-// NetTCPSummary returns already computed statistics like the total queue lengths
-// for TCP datagrams read from /proc/net/tcp.
-func (fs FS) NetTCPSummary() (*NetTCPSummary, error) {
-	return newNetTCPSummary(fs.proc.Path("net/tcp"))
-}
-
-// NetTCP6Summary returns already computed statistics like the total queue lengths
-// for TCP datagrams read from /proc/net/tcp6.
-func (fs FS) NetTCP6Summary() (*NetTCPSummary, error) {
-	return newNetTCPSummary(fs.proc.Path("net/tcp6"))
-}
-
-// newNetTCP creates a new NetTCP{,6} from the contents of the given file.
-func newNetTCP(file string) (NetTCP, error) {
-	n, err := newNetIPSocket(file)
-	n1 := NetTCP(n)
-	return n1, err
-}
-
-func newNetTCPSummary(file string) (*NetTCPSummary, error) {
-	n, err := newNetIPSocketSummary(file)
-	if n == nil {
-		return nil, err
-	}
-	n1 := NetTCPSummary(*n)
-	return &n1, err
-}
diff --git a/vendor/github.com/prometheus/procfs/net_udp.go b/vendor/github.com/prometheus/procfs/net_udp.go
deleted file mode 100644
index 9ac3daf2d..000000000
--- a/vendor/github.com/prometheus/procfs/net_udp.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-type (
-	// NetUDP represents the contents of /proc/net/udp{,6} file without the header.
-	NetUDP []*netIPSocketLine
-
-	// NetUDPSummary provides already computed values like the total queue lengths or
-	// the total number of used sockets. In contrast to NetUDP it does not collect
-	// the parsed lines into a slice.
-	NetUDPSummary NetIPSocketSummary
-)
-
-// NetUDP returns the IPv4 kernel/networking statistics for UDP datagrams
-// read from /proc/net/udp.
-func (fs FS) NetUDP() (NetUDP, error) {
-	return newNetUDP(fs.proc.Path("net/udp"))
-}
-
-// NetUDP6 returns the IPv6 kernel/networking statistics for UDP datagrams
-// read from /proc/net/udp6.
-func (fs FS) NetUDP6() (NetUDP, error) {
-	return newNetUDP(fs.proc.Path("net/udp6"))
-}
-
-// NetUDPSummary returns already computed statistics like the total queue lengths
-// for UDP datagrams read from /proc/net/udp.
-func (fs FS) NetUDPSummary() (*NetUDPSummary, error) {
-	return newNetUDPSummary(fs.proc.Path("net/udp"))
-}
-
-// NetUDP6Summary returns already computed statistics like the total queue lengths
-// for UDP datagrams read from /proc/net/udp6.
-func (fs FS) NetUDP6Summary() (*NetUDPSummary, error) {
-	return newNetUDPSummary(fs.proc.Path("net/udp6"))
-}
-
-// newNetUDP creates a new NetUDP{,6} from the contents of the given file.
-func newNetUDP(file string) (NetUDP, error) {
-	n, err := newNetIPSocket(file)
-	n1 := NetUDP(n)
-	return n1, err
-}
-
-func newNetUDPSummary(file string) (*NetUDPSummary, error) {
-	n, err := newNetIPSocketSummary(file)
-	if n == nil {
-		return nil, err
-	}
-	n1 := NetUDPSummary(*n)
-	return &n1, err
-}
diff --git a/vendor/github.com/prometheus/procfs/net_unix.go b/vendor/github.com/prometheus/procfs/net_unix.go
deleted file mode 100644
index 98aa8e1c3..000000000
--- a/vendor/github.com/prometheus/procfs/net_unix.go
+++ /dev/null
@@ -1,257 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"strconv"
-	"strings"
-)
-
-// For the proc file format details,
-// see https://elixir.bootlin.com/linux/v4.17/source/net/unix/af_unix.c#L2815
-// and https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/net.h#L48.
-
-// Constants for the various /proc/net/unix enumerations.
-// TODO: match against x/sys/unix or similar?
-const (
-	netUnixTypeStream    = 1
-	netUnixTypeDgram     = 2
-	netUnixTypeSeqpacket = 5
-
-	netUnixFlagDefault = 0
-	netUnixFlagListen  = 1 << 16
-
-	netUnixStateUnconnected  = 1
-	netUnixStateConnecting   = 2
-	netUnixStateConnected    = 3
-	netUnixStateDisconnected = 4
-)
-
-// NetUNIXType is the type of the type field.
-type NetUNIXType uint64
-
-// NetUNIXFlags is the type of the flags field.
-type NetUNIXFlags uint64
-
-// NetUNIXState is the type of the state field.
-type NetUNIXState uint64
-
-// NetUNIXLine represents a line of /proc/net/unix.
-type NetUNIXLine struct {
-	KernelPtr string
-	RefCount  uint64
-	Protocol  uint64
-	Flags     NetUNIXFlags
-	Type      NetUNIXType
-	State     NetUNIXState
-	Inode     uint64
-	Path      string
-}
-
-// NetUNIX holds the data read from /proc/net/unix.
-type NetUNIX struct {
-	Rows []*NetUNIXLine
-}
-
-// NetUNIX returns data read from /proc/net/unix.
-func (fs FS) NetUNIX() (*NetUNIX, error) {
-	return readNetUNIX(fs.proc.Path("net/unix"))
-}
-
-// readNetUNIX reads data in /proc/net/unix format from the specified file.
-func readNetUNIX(file string) (*NetUNIX, error) {
-	// This file could be quite large and a streaming read is desirable versus
-	// reading the entire contents at once.
-	f, err := os.Open(file)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return parseNetUNIX(f)
-}
-
-// parseNetUNIX creates a NetUnix structure from the incoming stream.
-func parseNetUNIX(r io.Reader) (*NetUNIX, error) {
-	// Begin scanning by checking for the existence of Inode.
-	s := bufio.NewScanner(r)
-	s.Scan()
-
-	// From the man page of proc(5), it does not contain an Inode field,
-	// but in actually it exists. This code works for both cases.
-	hasInode := strings.Contains(s.Text(), "Inode")
-
-	// Expect a minimum number of fields, but Inode and Path are optional:
-	// Num       RefCount Protocol Flags    Type St Inode Path
-	minFields := 6
-	if hasInode {
-		minFields++
-	}
-
-	var nu NetUNIX
-	for s.Scan() {
-		line := s.Text()
-		item, err := nu.parseLine(line, hasInode, minFields)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse /proc/net/unix data %q: %w", line, err)
-		}
-
-		nu.Rows = append(nu.Rows, item)
-	}
-
-	if err := s.Err(); err != nil {
-		return nil, fmt.Errorf("failed to scan /proc/net/unix data: %w", err)
-	}
-
-	return &nu, nil
-}
-
-func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine, error) {
-	fields := strings.Fields(line)
-
-	l := len(fields)
-	if l < min {
-		return nil, fmt.Errorf("expected at least %d fields but got %d", min, l)
-	}
-
-	// Field offsets are as follows:
-	// Num       RefCount Protocol Flags    Type St Inode Path
-
-	kernelPtr := strings.TrimSuffix(fields[0], ":")
-
-	users, err := u.parseUsers(fields[1])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse ref count %q: %w", fields[1], err)
-	}
-
-	flags, err := u.parseFlags(fields[3])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse flags %q: %w", fields[3], err)
-	}
-
-	typ, err := u.parseType(fields[4])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse type %q: %w", fields[4], err)
-	}
-
-	state, err := u.parseState(fields[5])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse state %q: %w", fields[5], err)
-	}
-
-	var inode uint64
-	if hasInode {
-		inode, err = u.parseInode(fields[6])
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse inode %q: %w", fields[6], err)
-		}
-	}
-
-	n := &NetUNIXLine{
-		KernelPtr: kernelPtr,
-		RefCount:  users,
-		Type:      typ,
-		Flags:     flags,
-		State:     state,
-		Inode:     inode,
-	}
-
-	// Path field is optional.
-	if l > min {
-		// Path occurs at either index 6 or 7 depending on whether inode is
-		// already present.
-		pathIdx := 7
-		if !hasInode {
-			pathIdx--
-		}
-
-		n.Path = fields[pathIdx]
-	}
-
-	return n, nil
-}
-
-func (u NetUNIX) parseUsers(s string) (uint64, error) {
-	return strconv.ParseUint(s, 16, 32)
-}
-
-func (u NetUNIX) parseType(s string) (NetUNIXType, error) {
-	typ, err := strconv.ParseUint(s, 16, 16)
-	if err != nil {
-		return 0, err
-	}
-
-	return NetUNIXType(typ), nil
-}
-
-func (u NetUNIX) parseFlags(s string) (NetUNIXFlags, error) {
-	flags, err := strconv.ParseUint(s, 16, 32)
-	if err != nil {
-		return 0, err
-	}
-
-	return NetUNIXFlags(flags), nil
-}
-
-func (u NetUNIX) parseState(s string) (NetUNIXState, error) {
-	st, err := strconv.ParseInt(s, 16, 8)
-	if err != nil {
-		return 0, err
-	}
-
-	return NetUNIXState(st), nil
-}
-
-func (u NetUNIX) parseInode(s string) (uint64, error) {
-	return strconv.ParseUint(s, 10, 64)
-}
-
-func (t NetUNIXType) String() string {
-	switch t {
-	case netUnixTypeStream:
-		return "stream"
-	case netUnixTypeDgram:
-		return "dgram"
-	case netUnixTypeSeqpacket:
-		return "seqpacket"
-	}
-	return "unknown"
-}
-
-func (f NetUNIXFlags) String() string {
-	switch f {
-	case netUnixFlagListen:
-		return "listen"
-	default:
-		return "default"
-	}
-}
-
-func (s NetUNIXState) String() string {
-	switch s {
-	case netUnixStateUnconnected:
-		return "unconnected"
-	case netUnixStateConnecting:
-		return "connecting"
-	case netUnixStateConnected:
-		return "connected"
-	case netUnixStateDisconnected:
-		return "disconnected"
-	}
-	return "unknown"
-}
diff --git a/vendor/github.com/prometheus/procfs/netstat.go b/vendor/github.com/prometheus/procfs/netstat.go
deleted file mode 100644
index 94d892f11..000000000
--- a/vendor/github.com/prometheus/procfs/netstat.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-)
-
-// NetStat contains statistics for all the counters from one file
-type NetStat struct {
-	Filename string
-	Stats    map[string][]uint64
-}
-
-// NetStat retrieves stats from /proc/net/stat/
-func (fs FS) NetStat() ([]NetStat, error) {
-	statFiles, err := filepath.Glob(fs.proc.Path("net/stat/*"))
-	if err != nil {
-		return nil, err
-	}
-
-	var netStatsTotal []NetStat
-
-	for _, filePath := range statFiles {
-		file, err := os.Open(filePath)
-		if err != nil {
-			return nil, err
-		}
-
-		netStatFile := NetStat{
-			Filename: filepath.Base(filePath),
-			Stats:    make(map[string][]uint64),
-		}
-		scanner := bufio.NewScanner(file)
-		scanner.Scan()
-		// First string is always a header for stats
-		var headers []string
-		headers = append(headers, strings.Fields(scanner.Text())...)
-
-		// Other strings represent per-CPU counters
-		for scanner.Scan() {
-			for num, counter := range strings.Fields(scanner.Text()) {
-				value, err := strconv.ParseUint(counter, 16, 32)
-				if err != nil {
-					return nil, err
-				}
-				netStatFile.Stats[headers[num]] = append(netStatFile.Stats[headers[num]], value)
-			}
-		}
-		netStatsTotal = append(netStatsTotal, netStatFile)
-	}
-	return netStatsTotal, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc.go b/vendor/github.com/prometheus/procfs/proc.go
deleted file mode 100644
index 28f696803..000000000
--- a/vendor/github.com/prometheus/procfs/proc.go
+++ /dev/null
@@ -1,319 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/fs"
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Proc provides information about a running process.
-type Proc struct {
-	// The process ID.
-	PID int
-
-	fs fs.FS
-}
-
-// Procs represents a list of Proc structs.
-type Procs []Proc
-
-func (p Procs) Len() int           { return len(p) }
-func (p Procs) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-func (p Procs) Less(i, j int) bool { return p[i].PID < p[j].PID }
-
-// Self returns a process for the current process read via /proc/self.
-func Self() (Proc, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return Proc{}, err
-	}
-	return fs.Self()
-}
-
-// NewProc returns a process for the given pid under /proc.
-func NewProc(pid int) (Proc, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return Proc{}, err
-	}
-	return fs.Proc(pid)
-}
-
-// AllProcs returns a list of all currently available processes under /proc.
-func AllProcs() (Procs, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return Procs{}, err
-	}
-	return fs.AllProcs()
-}
-
-// Self returns a process for the current process.
-func (fs FS) Self() (Proc, error) {
-	p, err := os.Readlink(fs.proc.Path("self"))
-	if err != nil {
-		return Proc{}, err
-	}
-	pid, err := strconv.Atoi(strings.Replace(p, string(fs.proc), "", -1))
-	if err != nil {
-		return Proc{}, err
-	}
-	return fs.Proc(pid)
-}
-
-// NewProc returns a process for the given pid.
-//
-// Deprecated: use fs.Proc() instead
-func (fs FS) NewProc(pid int) (Proc, error) {
-	return fs.Proc(pid)
-}
-
-// Proc returns a process for the given pid.
-func (fs FS) Proc(pid int) (Proc, error) {
-	if _, err := os.Stat(fs.proc.Path(strconv.Itoa(pid))); err != nil {
-		return Proc{}, err
-	}
-	return Proc{PID: pid, fs: fs.proc}, nil
-}
-
-// AllProcs returns a list of all currently available processes.
-func (fs FS) AllProcs() (Procs, error) {
-	d, err := os.Open(fs.proc.Path())
-	if err != nil {
-		return Procs{}, err
-	}
-	defer d.Close()
-
-	names, err := d.Readdirnames(-1)
-	if err != nil {
-		return Procs{}, fmt.Errorf("could not read %q: %w", d.Name(), err)
-	}
-
-	p := Procs{}
-	for _, n := range names {
-		pid, err := strconv.ParseInt(n, 10, 64)
-		if err != nil {
-			continue
-		}
-		p = append(p, Proc{PID: int(pid), fs: fs.proc})
-	}
-
-	return p, nil
-}
-
-// CmdLine returns the command line of a process.
-func (p Proc) CmdLine() ([]string, error) {
-	data, err := util.ReadFileNoStat(p.path("cmdline"))
-	if err != nil {
-		return nil, err
-	}
-
-	if len(data) < 1 {
-		return []string{}, nil
-	}
-
-	return strings.Split(string(bytes.TrimRight(data, string("\x00"))), string(byte(0))), nil
-}
-
-// Wchan returns the wchan (wait channel) of a process.
-func (p Proc) Wchan() (string, error) {
-	f, err := os.Open(p.path("wchan"))
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	data, err := ioutil.ReadAll(f)
-	if err != nil {
-		return "", err
-	}
-
-	wchan := string(data)
-	if wchan == "" || wchan == "0" {
-		return "", nil
-	}
-
-	return wchan, nil
-}
-
-// Comm returns the command name of a process.
-func (p Proc) Comm() (string, error) {
-	data, err := util.ReadFileNoStat(p.path("comm"))
-	if err != nil {
-		return "", err
-	}
-
-	return strings.TrimSpace(string(data)), nil
-}
-
-// Executable returns the absolute path of the executable command of a process.
-func (p Proc) Executable() (string, error) {
-	exe, err := os.Readlink(p.path("exe"))
-	if os.IsNotExist(err) {
-		return "", nil
-	}
-
-	return exe, err
-}
-
-// Cwd returns the absolute path to the current working directory of the process.
-func (p Proc) Cwd() (string, error) {
-	wd, err := os.Readlink(p.path("cwd"))
-	if os.IsNotExist(err) {
-		return "", nil
-	}
-
-	return wd, err
-}
-
-// RootDir returns the absolute path to the process's root directory (as set by chroot)
-func (p Proc) RootDir() (string, error) {
-	rdir, err := os.Readlink(p.path("root"))
-	if os.IsNotExist(err) {
-		return "", nil
-	}
-
-	return rdir, err
-}
-
-// FileDescriptors returns the currently open file descriptors of a process.
-func (p Proc) FileDescriptors() ([]uintptr, error) {
-	names, err := p.fileDescriptors()
-	if err != nil {
-		return nil, err
-	}
-
-	fds := make([]uintptr, len(names))
-	for i, n := range names {
-		fd, err := strconv.ParseInt(n, 10, 32)
-		if err != nil {
-			return nil, fmt.Errorf("could not parse fd %q: %w", n, err)
-		}
-		fds[i] = uintptr(fd)
-	}
-
-	return fds, nil
-}
-
-// FileDescriptorTargets returns the targets of all file descriptors of a process.
-// If a file descriptor is not a symlink to a file (like a socket), that value will be the empty string.
-func (p Proc) FileDescriptorTargets() ([]string, error) {
-	names, err := p.fileDescriptors()
-	if err != nil {
-		return nil, err
-	}
-
-	targets := make([]string, len(names))
-
-	for i, name := range names {
-		target, err := os.Readlink(p.path("fd", name))
-		if err == nil {
-			targets[i] = target
-		}
-	}
-
-	return targets, nil
-}
-
-// FileDescriptorsLen returns the number of currently open file descriptors of
-// a process.
-func (p Proc) FileDescriptorsLen() (int, error) {
-	fds, err := p.fileDescriptors()
-	if err != nil {
-		return 0, err
-	}
-
-	return len(fds), nil
-}
-
-// MountStats retrieves statistics and configuration for mount points in a
-// process's namespace.
-func (p Proc) MountStats() ([]*Mount, error) {
-	f, err := os.Open(p.path("mountstats"))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return parseMountStats(f)
-}
-
-// MountInfo retrieves mount information for mount points in a
-// process's namespace.
-// It supplies information missing in `/proc/self/mounts` and
-// fixes various other problems with that file too.
-func (p Proc) MountInfo() ([]*MountInfo, error) {
-	data, err := util.ReadFileNoStat(p.path("mountinfo"))
-	if err != nil {
-		return nil, err
-	}
-	return parseMountInfo(data)
-}
-
-func (p Proc) fileDescriptors() ([]string, error) {
-	d, err := os.Open(p.path("fd"))
-	if err != nil {
-		return nil, err
-	}
-	defer d.Close()
-
-	names, err := d.Readdirnames(-1)
-	if err != nil {
-		return nil, fmt.Errorf("could not read %q: %w", d.Name(), err)
-	}
-
-	return names, nil
-}
-
-func (p Proc) path(pa ...string) string {
-	return p.fs.Path(append([]string{strconv.Itoa(p.PID)}, pa...)...)
-}
-
-// FileDescriptorsInfo retrieves information about all file descriptors of
-// the process.
-func (p Proc) FileDescriptorsInfo() (ProcFDInfos, error) {
-	names, err := p.fileDescriptors()
-	if err != nil {
-		return nil, err
-	}
-
-	var fdinfos ProcFDInfos
-
-	for _, n := range names {
-		fdinfo, err := p.FDInfo(n)
-		if err != nil {
-			continue
-		}
-		fdinfos = append(fdinfos, *fdinfo)
-	}
-
-	return fdinfos, nil
-}
-
-// Schedstat returns task scheduling information for the process.
-func (p Proc) Schedstat() (ProcSchedstat, error) {
-	contents, err := ioutil.ReadFile(p.path("schedstat"))
-	if err != nil {
-		return ProcSchedstat{}, err
-	}
-	return parseProcSchedstat(string(contents))
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_cgroup.go b/vendor/github.com/prometheus/procfs/proc_cgroup.go
deleted file mode 100644
index be45b7987..000000000
--- a/vendor/github.com/prometheus/procfs/proc_cgroup.go
+++ /dev/null
@@ -1,98 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Cgroup models one line from /proc/[pid]/cgroup. Each Cgroup struct describes the the placement of a PID inside a
-// specific control hierarchy. The kernel has two cgroup APIs, v1 and v2. v1 has one hierarchy per available resource
-// controller, while v2 has one unified hierarchy shared by all controllers. Regardless of v1 or v2, all hierarchies
-// contain all running processes, so the question answerable with a Cgroup struct is 'where is this process in
-// this hierarchy' (where==what path on the specific cgroupfs). By prefixing this path with the mount point of
-// *this specific* hierarchy, you can locate the relevant pseudo-files needed to read/set the data for this PID
-// in this hierarchy
-//
-// Also see http://man7.org/linux/man-pages/man7/cgroups.7.html
-type Cgroup struct {
-	// HierarchyID that can be matched to a named hierarchy using /proc/cgroups. Cgroups V2 only has one
-	// hierarchy, so HierarchyID is always 0. For cgroups v1 this is a unique ID number
-	HierarchyID int
-	// Controllers using this hierarchy of processes. Controllers are also known as subsystems. For
-	// Cgroups V2 this may be empty, as all active controllers use the same hierarchy
-	Controllers []string
-	// Path of this control group, relative to the mount point of the cgroupfs representing this specific
-	// hierarchy
-	Path string
-}
-
-// parseCgroupString parses each line of the /proc/[pid]/cgroup file
-// Line format is hierarchyID:[controller1,controller2]:path
-func parseCgroupString(cgroupStr string) (*Cgroup, error) {
-	var err error
-
-	fields := strings.SplitN(cgroupStr, ":", 3)
-	if len(fields) < 3 {
-		return nil, fmt.Errorf("at least 3 fields required, found %d fields in cgroup string: %s", len(fields), cgroupStr)
-	}
-
-	cgroup := &Cgroup{
-		Path:        fields[2],
-		Controllers: nil,
-	}
-	cgroup.HierarchyID, err = strconv.Atoi(fields[0])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse hierarchy ID")
-	}
-	if fields[1] != "" {
-		ssNames := strings.Split(fields[1], ",")
-		cgroup.Controllers = append(cgroup.Controllers, ssNames...)
-	}
-	return cgroup, nil
-}
-
-// parseCgroups reads each line of the /proc/[pid]/cgroup file
-func parseCgroups(data []byte) ([]Cgroup, error) {
-	var cgroups []Cgroup
-	scanner := bufio.NewScanner(bytes.NewReader(data))
-	for scanner.Scan() {
-		mountString := scanner.Text()
-		parsedMounts, err := parseCgroupString(mountString)
-		if err != nil {
-			return nil, err
-		}
-		cgroups = append(cgroups, *parsedMounts)
-	}
-
-	err := scanner.Err()
-	return cgroups, err
-}
-
-// Cgroups reads from /proc/<pid>/cgroups and returns a []*Cgroup struct locating this PID in each process
-// control hierarchy running on this system. On every system (v1 and v2), all hierarchies contain all processes,
-// so the len of the returned struct is equal to the number of active hierarchies on this system
-func (p Proc) Cgroups() ([]Cgroup, error) {
-	data, err := util.ReadFileNoStat(p.path("cgroup"))
-	if err != nil {
-		return nil, err
-	}
-	return parseCgroups(data)
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_environ.go b/vendor/github.com/prometheus/procfs/proc_environ.go
deleted file mode 100644
index 6134b3580..000000000
--- a/vendor/github.com/prometheus/procfs/proc_environ.go
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Environ reads process environments from /proc/<pid>/environ
-func (p Proc) Environ() ([]string, error) {
-	environments := make([]string, 0)
-
-	data, err := util.ReadFileNoStat(p.path("environ"))
-	if err != nil {
-		return environments, err
-	}
-
-	environments = strings.Split(string(data), "\000")
-	if len(environments) > 0 {
-		environments = environments[:len(environments)-1]
-	}
-
-	return environments, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_fdinfo.go b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
deleted file mode 100644
index cf63227f0..000000000
--- a/vendor/github.com/prometheus/procfs/proc_fdinfo.go
+++ /dev/null
@@ -1,133 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"regexp"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Regexp variables
-var (
-	rPos          = regexp.MustCompile(`^pos:\s+(\d+)$`)
-	rFlags        = regexp.MustCompile(`^flags:\s+(\d+)$`)
-	rMntID        = regexp.MustCompile(`^mnt_id:\s+(\d+)$`)
-	rInotify      = regexp.MustCompile(`^inotify`)
-	rInotifyParts = regexp.MustCompile(`^inotify\s+wd:([0-9a-f]+)\s+ino:([0-9a-f]+)\s+sdev:([0-9a-f]+)(?:\s+mask:([0-9a-f]+))?`)
-)
-
-// ProcFDInfo contains represents file descriptor information.
-type ProcFDInfo struct {
-	// File descriptor
-	FD string
-	// File offset
-	Pos string
-	// File access mode and status flags
-	Flags string
-	// Mount point ID
-	MntID string
-	// List of inotify lines (structured) in the fdinfo file (kernel 3.8+ only)
-	InotifyInfos []InotifyInfo
-}
-
-// FDInfo constructor. On kernels older than 3.8, InotifyInfos will always be empty.
-func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
-	data, err := util.ReadFileNoStat(p.path("fdinfo", fd))
-	if err != nil {
-		return nil, err
-	}
-
-	var text, pos, flags, mntid string
-	var inotify []InotifyInfo
-
-	scanner := bufio.NewScanner(bytes.NewReader(data))
-	for scanner.Scan() {
-		text = scanner.Text()
-		if rPos.MatchString(text) {
-			pos = rPos.FindStringSubmatch(text)[1]
-		} else if rFlags.MatchString(text) {
-			flags = rFlags.FindStringSubmatch(text)[1]
-		} else if rMntID.MatchString(text) {
-			mntid = rMntID.FindStringSubmatch(text)[1]
-		} else if rInotify.MatchString(text) {
-			newInotify, err := parseInotifyInfo(text)
-			if err != nil {
-				return nil, err
-			}
-			inotify = append(inotify, *newInotify)
-		}
-	}
-
-	i := &ProcFDInfo{
-		FD:           fd,
-		Pos:          pos,
-		Flags:        flags,
-		MntID:        mntid,
-		InotifyInfos: inotify,
-	}
-
-	return i, nil
-}
-
-// InotifyInfo represents a single inotify line in the fdinfo file.
-type InotifyInfo struct {
-	// Watch descriptor number
-	WD string
-	// Inode number
-	Ino string
-	// Device ID
-	Sdev string
-	// Mask of events being monitored
-	Mask string
-}
-
-// InotifyInfo constructor. Only available on kernel 3.8+.
-func parseInotifyInfo(line string) (*InotifyInfo, error) {
-	m := rInotifyParts.FindStringSubmatch(line)
-	if len(m) >= 4 {
-		var mask string
-		if len(m) == 5 {
-			mask = m[4]
-		}
-		i := &InotifyInfo{
-			WD:   m[1],
-			Ino:  m[2],
-			Sdev: m[3],
-			Mask: mask,
-		}
-		return i, nil
-	}
-	return nil, fmt.Errorf("invalid inode entry: %q", line)
-}
-
-// ProcFDInfos represents a list of ProcFDInfo structs.
-type ProcFDInfos []ProcFDInfo
-
-func (p ProcFDInfos) Len() int           { return len(p) }
-func (p ProcFDInfos) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-func (p ProcFDInfos) Less(i, j int) bool { return p[i].FD < p[j].FD }
-
-// InotifyWatchLen returns the total number of inotify watches
-func (p ProcFDInfos) InotifyWatchLen() (int, error) {
-	length := 0
-	for _, f := range p {
-		length += len(f.InotifyInfos)
-	}
-
-	return length, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_io.go b/vendor/github.com/prometheus/procfs/proc_io.go
deleted file mode 100644
index 776f34971..000000000
--- a/vendor/github.com/prometheus/procfs/proc_io.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"fmt"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// ProcIO models the content of /proc/<pid>/io.
-type ProcIO struct {
-	// Chars read.
-	RChar uint64
-	// Chars written.
-	WChar uint64
-	// Read syscalls.
-	SyscR uint64
-	// Write syscalls.
-	SyscW uint64
-	// Bytes read.
-	ReadBytes uint64
-	// Bytes written.
-	WriteBytes uint64
-	// Bytes written, but taking into account truncation. See
-	// Documentation/filesystems/proc.txt in the kernel sources for
-	// detailed explanation.
-	CancelledWriteBytes int64
-}
-
-// IO creates a new ProcIO instance from a given Proc instance.
-func (p Proc) IO() (ProcIO, error) {
-	pio := ProcIO{}
-
-	data, err := util.ReadFileNoStat(p.path("io"))
-	if err != nil {
-		return pio, err
-	}
-
-	ioFormat := "rchar: %d\nwchar: %d\nsyscr: %d\nsyscw: %d\n" +
-		"read_bytes: %d\nwrite_bytes: %d\n" +
-		"cancelled_write_bytes: %d\n"
-
-	_, err = fmt.Sscanf(string(data), ioFormat, &pio.RChar, &pio.WChar, &pio.SyscR,
-		&pio.SyscW, &pio.ReadBytes, &pio.WriteBytes, &pio.CancelledWriteBytes)
-
-	return pio, err
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_limits.go b/vendor/github.com/prometheus/procfs/proc_limits.go
deleted file mode 100644
index dd20f198a..000000000
--- a/vendor/github.com/prometheus/procfs/proc_limits.go
+++ /dev/null
@@ -1,160 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"regexp"
-	"strconv"
-)
-
-// ProcLimits represents the soft limits for each of the process's resource
-// limits. For more information see getrlimit(2):
-// http://man7.org/linux/man-pages/man2/getrlimit.2.html.
-type ProcLimits struct {
-	// CPU time limit in seconds.
-	CPUTime uint64
-	// Maximum size of files that the process may create.
-	FileSize uint64
-	// Maximum size of the process's data segment (initialized data,
-	// uninitialized data, and heap).
-	DataSize uint64
-	// Maximum size of the process stack in bytes.
-	StackSize uint64
-	// Maximum size of a core file.
-	CoreFileSize uint64
-	// Limit of the process's resident set in pages.
-	ResidentSet uint64
-	// Maximum number of processes that can be created for the real user ID of
-	// the calling process.
-	Processes uint64
-	// Value one greater than the maximum file descriptor number that can be
-	// opened by this process.
-	OpenFiles uint64
-	// Maximum number of bytes of memory that may be locked into RAM.
-	LockedMemory uint64
-	// Maximum size of the process's virtual memory address space in bytes.
-	AddressSpace uint64
-	// Limit on the combined number of flock(2) locks and fcntl(2) leases that
-	// this process may establish.
-	FileLocks uint64
-	// Limit of signals that may be queued for the real user ID of the calling
-	// process.
-	PendingSignals uint64
-	// Limit on the number of bytes that can be allocated for POSIX message
-	// queues for the real user ID of the calling process.
-	MsqqueueSize uint64
-	// Limit of the nice priority set using setpriority(2) or nice(2).
-	NicePriority uint64
-	// Limit of the real-time priority set using sched_setscheduler(2) or
-	// sched_setparam(2).
-	RealtimePriority uint64
-	// Limit (in microseconds) on the amount of CPU time that a process
-	// scheduled under a real-time scheduling policy may consume without making
-	// a blocking system call.
-	RealtimeTimeout uint64
-}
-
-const (
-	limitsFields    = 4
-	limitsUnlimited = "unlimited"
-)
-
-var (
-	limitsMatch = regexp.MustCompile(`(Max \w+\s{0,1}?\w*\s{0,1}\w*)\s{2,}(\w+)\s+(\w+)`)
-)
-
-// NewLimits returns the current soft limits of the process.
-//
-// Deprecated: use p.Limits() instead
-func (p Proc) NewLimits() (ProcLimits, error) {
-	return p.Limits()
-}
-
-// Limits returns the current soft limits of the process.
-func (p Proc) Limits() (ProcLimits, error) {
-	f, err := os.Open(p.path("limits"))
-	if err != nil {
-		return ProcLimits{}, err
-	}
-	defer f.Close()
-
-	var (
-		l = ProcLimits{}
-		s = bufio.NewScanner(f)
-	)
-
-	s.Scan() // Skip limits header
-
-	for s.Scan() {
-		//fields := limitsMatch.Split(s.Text(), limitsFields)
-		fields := limitsMatch.FindStringSubmatch(s.Text())
-		if len(fields) != limitsFields {
-			return ProcLimits{}, fmt.Errorf("couldn't parse %q line %q", f.Name(), s.Text())
-		}
-
-		switch fields[1] {
-		case "Max cpu time":
-			l.CPUTime, err = parseUint(fields[2])
-		case "Max file size":
-			l.FileSize, err = parseUint(fields[2])
-		case "Max data size":
-			l.DataSize, err = parseUint(fields[2])
-		case "Max stack size":
-			l.StackSize, err = parseUint(fields[2])
-		case "Max core file size":
-			l.CoreFileSize, err = parseUint(fields[2])
-		case "Max resident set":
-			l.ResidentSet, err = parseUint(fields[2])
-		case "Max processes":
-			l.Processes, err = parseUint(fields[2])
-		case "Max open files":
-			l.OpenFiles, err = parseUint(fields[2])
-		case "Max locked memory":
-			l.LockedMemory, err = parseUint(fields[2])
-		case "Max address space":
-			l.AddressSpace, err = parseUint(fields[2])
-		case "Max file locks":
-			l.FileLocks, err = parseUint(fields[2])
-		case "Max pending signals":
-			l.PendingSignals, err = parseUint(fields[2])
-		case "Max msgqueue size":
-			l.MsqqueueSize, err = parseUint(fields[2])
-		case "Max nice priority":
-			l.NicePriority, err = parseUint(fields[2])
-		case "Max realtime priority":
-			l.RealtimePriority, err = parseUint(fields[2])
-		case "Max realtime timeout":
-			l.RealtimeTimeout, err = parseUint(fields[2])
-		}
-		if err != nil {
-			return ProcLimits{}, err
-		}
-	}
-
-	return l, s.Err()
-}
-
-func parseUint(s string) (uint64, error) {
-	if s == limitsUnlimited {
-		return 18446744073709551615, nil
-	}
-	i, err := strconv.ParseUint(s, 10, 64)
-	if err != nil {
-		return 0, fmt.Errorf("couldn't parse value %q: %w", s, err)
-	}
-	return i, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_maps.go b/vendor/github.com/prometheus/procfs/proc_maps.go
deleted file mode 100644
index 1d7772d51..000000000
--- a/vendor/github.com/prometheus/procfs/proc_maps.go
+++ /dev/null
@@ -1,209 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
-
-package procfs
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-
-	"golang.org/x/sys/unix"
-)
-
-// ProcMapPermissions contains permission settings read from /proc/[pid]/maps
-type ProcMapPermissions struct {
-	// mapping has the [R]ead flag set
-	Read bool
-	// mapping has the [W]rite flag set
-	Write bool
-	// mapping has the [X]ecutable flag set
-	Execute bool
-	// mapping has the [S]hared flag set
-	Shared bool
-	// mapping is marked as [P]rivate (copy on write)
-	Private bool
-}
-
-// ProcMap contains the process memory-mappings of the process,
-// read from /proc/[pid]/maps
-type ProcMap struct {
-	// The start address of current mapping.
-	StartAddr uintptr
-	// The end address of the current mapping
-	EndAddr uintptr
-	// The permissions for this mapping
-	Perms *ProcMapPermissions
-	// The current offset into the file/fd (e.g., shared libs)
-	Offset int64
-	// Device owner of this mapping (major:minor) in Mkdev format.
-	Dev uint64
-	// The inode of the device above
-	Inode uint64
-	// The file or psuedofile (or empty==anonymous)
-	Pathname string
-}
-
-// parseDevice parses the device token of a line and converts it to a dev_t
-// (mkdev) like structure.
-func parseDevice(s string) (uint64, error) {
-	toks := strings.Split(s, ":")
-	if len(toks) < 2 {
-		return 0, fmt.Errorf("unexpected number of fields")
-	}
-
-	major, err := strconv.ParseUint(toks[0], 16, 0)
-	if err != nil {
-		return 0, err
-	}
-
-	minor, err := strconv.ParseUint(toks[1], 16, 0)
-	if err != nil {
-		return 0, err
-	}
-
-	return unix.Mkdev(uint32(major), uint32(minor)), nil
-}
-
-// parseAddress just converts a hex-string to a uintptr
-func parseAddress(s string) (uintptr, error) {
-	a, err := strconv.ParseUint(s, 16, 0)
-	if err != nil {
-		return 0, err
-	}
-
-	return uintptr(a), nil
-}
-
-// parseAddresses parses the start-end address
-func parseAddresses(s string) (uintptr, uintptr, error) {
-	toks := strings.Split(s, "-")
-	if len(toks) < 2 {
-		return 0, 0, fmt.Errorf("invalid address")
-	}
-
-	saddr, err := parseAddress(toks[0])
-	if err != nil {
-		return 0, 0, err
-	}
-
-	eaddr, err := parseAddress(toks[1])
-	if err != nil {
-		return 0, 0, err
-	}
-
-	return saddr, eaddr, nil
-}
-
-// parsePermissions parses a token and returns any that are set.
-func parsePermissions(s string) (*ProcMapPermissions, error) {
-	if len(s) < 4 {
-		return nil, fmt.Errorf("invalid permissions token")
-	}
-
-	perms := ProcMapPermissions{}
-	for _, ch := range s {
-		switch ch {
-		case 'r':
-			perms.Read = true
-		case 'w':
-			perms.Write = true
-		case 'x':
-			perms.Execute = true
-		case 'p':
-			perms.Private = true
-		case 's':
-			perms.Shared = true
-		}
-	}
-
-	return &perms, nil
-}
-
-// parseProcMap will attempt to parse a single line within a proc/[pid]/maps
-// buffer.
-func parseProcMap(text string) (*ProcMap, error) {
-	fields := strings.Fields(text)
-	if len(fields) < 5 {
-		return nil, fmt.Errorf("truncated procmap entry")
-	}
-
-	saddr, eaddr, err := parseAddresses(fields[0])
-	if err != nil {
-		return nil, err
-	}
-
-	perms, err := parsePermissions(fields[1])
-	if err != nil {
-		return nil, err
-	}
-
-	offset, err := strconv.ParseInt(fields[2], 16, 0)
-	if err != nil {
-		return nil, err
-	}
-
-	device, err := parseDevice(fields[3])
-	if err != nil {
-		return nil, err
-	}
-
-	inode, err := strconv.ParseUint(fields[4], 10, 0)
-	if err != nil {
-		return nil, err
-	}
-
-	pathname := ""
-
-	if len(fields) >= 5 {
-		pathname = strings.Join(fields[5:], " ")
-	}
-
-	return &ProcMap{
-		StartAddr: saddr,
-		EndAddr:   eaddr,
-		Perms:     perms,
-		Offset:    offset,
-		Dev:       device,
-		Inode:     inode,
-		Pathname:  pathname,
-	}, nil
-}
-
-// ProcMaps reads from /proc/[pid]/maps to get the memory-mappings of the
-// process.
-func (p Proc) ProcMaps() ([]*ProcMap, error) {
-	file, err := os.Open(p.path("maps"))
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	maps := []*ProcMap{}
-	scan := bufio.NewScanner(file)
-
-	for scan.Scan() {
-		m, err := parseProcMap(scan.Text())
-		if err != nil {
-			return nil, err
-		}
-
-		maps = append(maps, m)
-	}
-
-	return maps, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_ns.go b/vendor/github.com/prometheus/procfs/proc_ns.go
deleted file mode 100644
index 391b4cbd1..000000000
--- a/vendor/github.com/prometheus/procfs/proc_ns.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-)
-
-// Namespace represents a single namespace of a process.
-type Namespace struct {
-	Type  string // Namespace type.
-	Inode uint32 // Inode number of the namespace. If two processes are in the same namespace their inodes will match.
-}
-
-// Namespaces contains all of the namespaces that the process is contained in.
-type Namespaces map[string]Namespace
-
-// Namespaces reads from /proc/<pid>/ns/* to get the namespaces of which the
-// process is a member.
-func (p Proc) Namespaces() (Namespaces, error) {
-	d, err := os.Open(p.path("ns"))
-	if err != nil {
-		return nil, err
-	}
-	defer d.Close()
-
-	names, err := d.Readdirnames(-1)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read contents of ns dir: %w", err)
-	}
-
-	ns := make(Namespaces, len(names))
-	for _, name := range names {
-		target, err := os.Readlink(p.path("ns", name))
-		if err != nil {
-			return nil, err
-		}
-
-		fields := strings.SplitN(target, ":", 2)
-		if len(fields) != 2 {
-			return nil, fmt.Errorf("failed to parse namespace type and inode from %q", target)
-		}
-
-		typ := fields[0]
-		inode, err := strconv.ParseUint(strings.Trim(fields[1], "[]"), 10, 32)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse inode from %q: %w", fields[1], err)
-		}
-
-		ns[name] = Namespace{typ, uint32(inode)}
-	}
-
-	return ns, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_psi.go b/vendor/github.com/prometheus/procfs/proc_psi.go
deleted file mode 100644
index dc6c14f0a..000000000
--- a/vendor/github.com/prometheus/procfs/proc_psi.go
+++ /dev/null
@@ -1,100 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-// The PSI / pressure interface is described at
-//   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/accounting/psi.txt
-// Each resource (cpu, io, memory, ...) is exposed as a single file.
-// Each file may contain up to two lines, one for "some" pressure and one for "full" pressure.
-// Each line contains several averages (over n seconds) and a total in µs.
-//
-// Example io pressure file:
-// > some avg10=0.06 avg60=0.21 avg300=0.99 total=8537362
-// > full avg10=0.00 avg60=0.13 avg300=0.96 total=8183134
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-const lineFormat = "avg10=%f avg60=%f avg300=%f total=%d"
-
-// PSILine is a single line of values as returned by /proc/pressure/*
-// The Avg entries are averages over n seconds, as a percentage
-// The Total line is in microseconds
-type PSILine struct {
-	Avg10  float64
-	Avg60  float64
-	Avg300 float64
-	Total  uint64
-}
-
-// PSIStats represent pressure stall information from /proc/pressure/*
-// Some indicates the share of time in which at least some tasks are stalled
-// Full indicates the share of time in which all non-idle tasks are stalled simultaneously
-type PSIStats struct {
-	Some *PSILine
-	Full *PSILine
-}
-
-// PSIStatsForResource reads pressure stall information for the specified
-// resource from /proc/pressure/<resource>. At time of writing this can be
-// either "cpu", "memory" or "io".
-func (fs FS) PSIStatsForResource(resource string) (PSIStats, error) {
-	data, err := util.ReadFileNoStat(fs.proc.Path(fmt.Sprintf("%s/%s", "pressure", resource)))
-	if err != nil {
-		return PSIStats{}, fmt.Errorf("psi_stats: unavailable for %q: %w", resource, err)
-	}
-
-	return parsePSIStats(resource, bytes.NewReader(data))
-}
-
-// parsePSIStats parses the specified file for pressure stall information
-func parsePSIStats(resource string, r io.Reader) (PSIStats, error) {
-	psiStats := PSIStats{}
-
-	scanner := bufio.NewScanner(r)
-	for scanner.Scan() {
-		l := scanner.Text()
-		prefix := strings.Split(l, " ")[0]
-		switch prefix {
-		case "some":
-			psi := PSILine{}
-			_, err := fmt.Sscanf(l, fmt.Sprintf("some %s", lineFormat), &psi.Avg10, &psi.Avg60, &psi.Avg300, &psi.Total)
-			if err != nil {
-				return PSIStats{}, err
-			}
-			psiStats.Some = &psi
-		case "full":
-			psi := PSILine{}
-			_, err := fmt.Sscanf(l, fmt.Sprintf("full %s", lineFormat), &psi.Avg10, &psi.Avg60, &psi.Avg300, &psi.Total)
-			if err != nil {
-				return PSIStats{}, err
-			}
-			psiStats.Full = &psi
-		default:
-			// If we encounter a line with an unknown prefix, ignore it and move on
-			// Should new measurement types be added in the future we'll simply ignore them instead
-			// of erroring on retrieval
-			continue
-		}
-	}
-
-	return psiStats, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_smaps.go b/vendor/github.com/prometheus/procfs/proc_smaps.go
deleted file mode 100644
index a576a720a..000000000
--- a/vendor/github.com/prometheus/procfs/proc_smaps.go
+++ /dev/null
@@ -1,165 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build !windows
-
-package procfs
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"os"
-	"regexp"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-var (
-	// match the header line before each mapped zone in /proc/pid/smaps
-	procSMapsHeaderLine = regexp.MustCompile(`^[a-f0-9].*$`)
-)
-
-type ProcSMapsRollup struct {
-	// Amount of the mapping that is currently resident in RAM
-	Rss uint64
-	// Process's proportional share of this mapping
-	Pss uint64
-	// Size in bytes of clean shared pages
-	SharedClean uint64
-	// Size in bytes of dirty shared pages
-	SharedDirty uint64
-	// Size in bytes of clean private pages
-	PrivateClean uint64
-	// Size in bytes of dirty private pages
-	PrivateDirty uint64
-	// Amount of memory currently marked as referenced or accessed
-	Referenced uint64
-	// Amount of memory that does not belong to any file
-	Anonymous uint64
-	// Amount would-be-anonymous memory currently on swap
-	Swap uint64
-	// Process's proportional memory on swap
-	SwapPss uint64
-}
-
-// ProcSMapsRollup reads from /proc/[pid]/smaps_rollup to get summed memory information of the
-// process.
-//
-// If smaps_rollup does not exists (require kernel >= 4.15), the content of /proc/pid/smaps will
-// we read and summed.
-func (p Proc) ProcSMapsRollup() (ProcSMapsRollup, error) {
-	data, err := util.ReadFileNoStat(p.path("smaps_rollup"))
-	if err != nil && os.IsNotExist(err) {
-		return p.procSMapsRollupManual()
-	}
-	if err != nil {
-		return ProcSMapsRollup{}, err
-	}
-
-	lines := strings.Split(string(data), "\n")
-	smaps := ProcSMapsRollup{}
-
-	// skip first line which don't contains information we need
-	lines = lines[1:]
-	for _, line := range lines {
-		if line == "" {
-			continue
-		}
-
-		if err := smaps.parseLine(line); err != nil {
-			return ProcSMapsRollup{}, err
-		}
-	}
-
-	return smaps, nil
-}
-
-// Read /proc/pid/smaps and do the roll-up in Go code.
-func (p Proc) procSMapsRollupManual() (ProcSMapsRollup, error) {
-	file, err := os.Open(p.path("smaps"))
-	if err != nil {
-		return ProcSMapsRollup{}, err
-	}
-	defer file.Close()
-
-	smaps := ProcSMapsRollup{}
-	scan := bufio.NewScanner(file)
-
-	for scan.Scan() {
-		line := scan.Text()
-
-		if procSMapsHeaderLine.MatchString(line) {
-			continue
-		}
-
-		if err := smaps.parseLine(line); err != nil {
-			return ProcSMapsRollup{}, err
-		}
-	}
-
-	return smaps, nil
-}
-
-func (s *ProcSMapsRollup) parseLine(line string) error {
-	kv := strings.SplitN(line, ":", 2)
-	if len(kv) != 2 {
-		fmt.Println(line)
-		return errors.New("invalid net/dev line, missing colon")
-	}
-
-	k := kv[0]
-	if k == "VmFlags" {
-		return nil
-	}
-
-	v := strings.TrimSpace(kv[1])
-	v = strings.TrimRight(v, " kB")
-
-	vKBytes, err := strconv.ParseUint(v, 10, 64)
-	if err != nil {
-		return err
-	}
-	vBytes := vKBytes * 1024
-
-	s.addValue(k, v, vKBytes, vBytes)
-
-	return nil
-}
-
-func (s *ProcSMapsRollup) addValue(k string, vString string, vUint uint64, vUintBytes uint64) {
-	switch k {
-	case "Rss":
-		s.Rss += vUintBytes
-	case "Pss":
-		s.Pss += vUintBytes
-	case "Shared_Clean":
-		s.SharedClean += vUintBytes
-	case "Shared_Dirty":
-		s.SharedDirty += vUintBytes
-	case "Private_Clean":
-		s.PrivateClean += vUintBytes
-	case "Private_Dirty":
-		s.PrivateDirty += vUintBytes
-	case "Referenced":
-		s.Referenced += vUintBytes
-	case "Anonymous":
-		s.Anonymous += vUintBytes
-	case "Swap":
-		s.Swap += vUintBytes
-	case "SwapPss":
-		s.SwapPss += vUintBytes
-	}
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_stat.go b/vendor/github.com/prometheus/procfs/proc_stat.go
deleted file mode 100644
index 8c7b6e80a..000000000
--- a/vendor/github.com/prometheus/procfs/proc_stat.go
+++ /dev/null
@@ -1,217 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bytes"
-	"fmt"
-	"os"
-
-	"github.com/prometheus/procfs/internal/fs"
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Originally, this USER_HZ value was dynamically retrieved via a sysconf call
-// which required cgo. However, that caused a lot of problems regarding
-// cross-compilation. Alternatives such as running a binary to determine the
-// value, or trying to derive it in some other way were all problematic.  After
-// much research it was determined that USER_HZ is actually hardcoded to 100 on
-// all Go-supported platforms as of the time of this writing. This is why we
-// decided to hardcode it here as well. It is not impossible that there could
-// be systems with exceptions, but they should be very exotic edge cases, and
-// in that case, the worst outcome will be two misreported metrics.
-//
-// See also the following discussions:
-//
-// - https://github.com/prometheus/node_exporter/issues/52
-// - https://github.com/prometheus/procfs/pull/2
-// - http://stackoverflow.com/questions/17410841/how-does-user-hz-solve-the-jiffy-scaling-issue
-const userHZ = 100
-
-// ProcStat provides status information about the process,
-// read from /proc/[pid]/stat.
-type ProcStat struct {
-	// The process ID.
-	PID int
-	// The filename of the executable.
-	Comm string
-	// The process state.
-	State string
-	// The PID of the parent of this process.
-	PPID int
-	// The process group ID of the process.
-	PGRP int
-	// The session ID of the process.
-	Session int
-	// The controlling terminal of the process.
-	TTY int
-	// The ID of the foreground process group of the controlling terminal of
-	// the process.
-	TPGID int
-	// The kernel flags word of the process.
-	Flags uint
-	// The number of minor faults the process has made which have not required
-	// loading a memory page from disk.
-	MinFlt uint
-	// The number of minor faults that the process's waited-for children have
-	// made.
-	CMinFlt uint
-	// The number of major faults the process has made which have required
-	// loading a memory page from disk.
-	MajFlt uint
-	// The number of major faults that the process's waited-for children have
-	// made.
-	CMajFlt uint
-	// Amount of time that this process has been scheduled in user mode,
-	// measured in clock ticks.
-	UTime uint
-	// Amount of time that this process has been scheduled in kernel mode,
-	// measured in clock ticks.
-	STime uint
-	// Amount of time that this process's waited-for children have been
-	// scheduled in user mode, measured in clock ticks.
-	CUTime uint
-	// Amount of time that this process's waited-for children have been
-	// scheduled in kernel mode, measured in clock ticks.
-	CSTime uint
-	// For processes running a real-time scheduling policy, this is the negated
-	// scheduling priority, minus one.
-	Priority int
-	// The nice value, a value in the range 19 (low priority) to -20 (high
-	// priority).
-	Nice int
-	// Number of threads in this process.
-	NumThreads int
-	// The time the process started after system boot, the value is expressed
-	// in clock ticks.
-	Starttime uint64
-	// Virtual memory size in bytes.
-	VSize uint
-	// Resident set size in pages.
-	RSS int
-	// Soft limit in bytes on the rss of the process.
-	RSSLimit uint64
-	// Real-time scheduling priority, a number in the range 1 to 99 for processes
-	// scheduled under a real-time policy, or 0, for non-real-time processes.
-	RTPriority uint
-	// Scheduling policy.
-	Policy uint
-	// Aggregated block I/O delays, measured in clock ticks (centiseconds).
-	DelayAcctBlkIOTicks uint64
-
-	proc fs.FS
-}
-
-// NewStat returns the current status information of the process.
-//
-// Deprecated: use p.Stat() instead
-func (p Proc) NewStat() (ProcStat, error) {
-	return p.Stat()
-}
-
-// Stat returns the current status information of the process.
-func (p Proc) Stat() (ProcStat, error) {
-	data, err := util.ReadFileNoStat(p.path("stat"))
-	if err != nil {
-		return ProcStat{}, err
-	}
-
-	var (
-		ignoreInt64  int64
-		ignoreUint64 uint64
-
-		s = ProcStat{PID: p.PID, proc: p.fs}
-		l = bytes.Index(data, []byte("("))
-		r = bytes.LastIndex(data, []byte(")"))
-	)
-
-	if l < 0 || r < 0 {
-		return ProcStat{}, fmt.Errorf("unexpected format, couldn't extract comm %q", data)
-	}
-
-	s.Comm = string(data[l+1 : r])
-	_, err = fmt.Fscan(
-		bytes.NewBuffer(data[r+2:]),
-		&s.State,
-		&s.PPID,
-		&s.PGRP,
-		&s.Session,
-		&s.TTY,
-		&s.TPGID,
-		&s.Flags,
-		&s.MinFlt,
-		&s.CMinFlt,
-		&s.MajFlt,
-		&s.CMajFlt,
-		&s.UTime,
-		&s.STime,
-		&s.CUTime,
-		&s.CSTime,
-		&s.Priority,
-		&s.Nice,
-		&s.NumThreads,
-		&ignoreInt64,
-		&s.Starttime,
-		&s.VSize,
-		&s.RSS,
-		&s.RSSLimit,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreUint64,
-		&ignoreInt64,
-		&ignoreInt64,
-		&s.RTPriority,
-		&s.Policy,
-		&s.DelayAcctBlkIOTicks,
-	)
-	if err != nil {
-		return ProcStat{}, err
-	}
-
-	return s, nil
-}
-
-// VirtualMemory returns the virtual memory size in bytes.
-func (s ProcStat) VirtualMemory() uint {
-	return s.VSize
-}
-
-// ResidentMemory returns the resident memory size in bytes.
-func (s ProcStat) ResidentMemory() int {
-	return s.RSS * os.Getpagesize()
-}
-
-// StartTime returns the unix timestamp of the process in seconds.
-func (s ProcStat) StartTime() (float64, error) {
-	fs := FS{proc: s.proc}
-	stat, err := fs.Stat()
-	if err != nil {
-		return 0, err
-	}
-	return float64(stat.BootTime) + (float64(s.Starttime) / userHZ), nil
-}
-
-// CPUTime returns the total CPU user and system time in seconds.
-func (s ProcStat) CPUTime() float64 {
-	return float64(s.UTime+s.STime) / userHZ
-}
diff --git a/vendor/github.com/prometheus/procfs/proc_status.go b/vendor/github.com/prometheus/procfs/proc_status.go
deleted file mode 100644
index 6edd8333b..000000000
--- a/vendor/github.com/prometheus/procfs/proc_status.go
+++ /dev/null
@@ -1,170 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bytes"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// ProcStatus provides status information about the process,
-// read from /proc/[pid]/stat.
-type ProcStatus struct {
-	// The process ID.
-	PID int
-	// The process name.
-	Name string
-
-	// Thread group ID.
-	TGID int
-
-	// Peak virtual memory size.
-	VmPeak uint64 // nolint:golint
-	// Virtual memory size.
-	VmSize uint64 // nolint:golint
-	// Locked memory size.
-	VmLck uint64 // nolint:golint
-	// Pinned memory size.
-	VmPin uint64 // nolint:golint
-	// Peak resident set size.
-	VmHWM uint64 // nolint:golint
-	// Resident set size (sum of RssAnnon RssFile and RssShmem).
-	VmRSS uint64 // nolint:golint
-	// Size of resident anonymous memory.
-	RssAnon uint64 // nolint:golint
-	// Size of resident file mappings.
-	RssFile uint64 // nolint:golint
-	// Size of resident shared memory.
-	RssShmem uint64 // nolint:golint
-	// Size of data segments.
-	VmData uint64 // nolint:golint
-	// Size of stack segments.
-	VmStk uint64 // nolint:golint
-	// Size of text segments.
-	VmExe uint64 // nolint:golint
-	// Shared library code size.
-	VmLib uint64 // nolint:golint
-	// Page table entries size.
-	VmPTE uint64 // nolint:golint
-	// Size of second-level page tables.
-	VmPMD uint64 // nolint:golint
-	// Swapped-out virtual memory size by anonymous private.
-	VmSwap uint64 // nolint:golint
-	// Size of hugetlb memory portions
-	HugetlbPages uint64
-
-	// Number of voluntary context switches.
-	VoluntaryCtxtSwitches uint64
-	// Number of involuntary context switches.
-	NonVoluntaryCtxtSwitches uint64
-
-	// UIDs of the process (Real, effective, saved set, and filesystem UIDs)
-	UIDs [4]string
-	// GIDs of the process (Real, effective, saved set, and filesystem GIDs)
-	GIDs [4]string
-}
-
-// NewStatus returns the current status information of the process.
-func (p Proc) NewStatus() (ProcStatus, error) {
-	data, err := util.ReadFileNoStat(p.path("status"))
-	if err != nil {
-		return ProcStatus{}, err
-	}
-
-	s := ProcStatus{PID: p.PID}
-
-	lines := strings.Split(string(data), "\n")
-	for _, line := range lines {
-		if !bytes.Contains([]byte(line), []byte(":")) {
-			continue
-		}
-
-		kv := strings.SplitN(line, ":", 2)
-
-		// removes spaces
-		k := string(strings.TrimSpace(kv[0]))
-		v := string(strings.TrimSpace(kv[1]))
-		// removes "kB"
-		v = string(bytes.Trim([]byte(v), " kB"))
-
-		// value to int when possible
-		// we can skip error check here, 'cause vKBytes is not used when value is a string
-		vKBytes, _ := strconv.ParseUint(v, 10, 64)
-		// convert kB to B
-		vBytes := vKBytes * 1024
-
-		s.fillStatus(k, v, vKBytes, vBytes)
-	}
-
-	return s, nil
-}
-
-func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintBytes uint64) {
-	switch k {
-	case "Tgid":
-		s.TGID = int(vUint)
-	case "Name":
-		s.Name = vString
-	case "Uid":
-		copy(s.UIDs[:], strings.Split(vString, "\t"))
-	case "Gid":
-		copy(s.GIDs[:], strings.Split(vString, "\t"))
-	case "VmPeak":
-		s.VmPeak = vUintBytes
-	case "VmSize":
-		s.VmSize = vUintBytes
-	case "VmLck":
-		s.VmLck = vUintBytes
-	case "VmPin":
-		s.VmPin = vUintBytes
-	case "VmHWM":
-		s.VmHWM = vUintBytes
-	case "VmRSS":
-		s.VmRSS = vUintBytes
-	case "RssAnon":
-		s.RssAnon = vUintBytes
-	case "RssFile":
-		s.RssFile = vUintBytes
-	case "RssShmem":
-		s.RssShmem = vUintBytes
-	case "VmData":
-		s.VmData = vUintBytes
-	case "VmStk":
-		s.VmStk = vUintBytes
-	case "VmExe":
-		s.VmExe = vUintBytes
-	case "VmLib":
-		s.VmLib = vUintBytes
-	case "VmPTE":
-		s.VmPTE = vUintBytes
-	case "VmPMD":
-		s.VmPMD = vUintBytes
-	case "VmSwap":
-		s.VmSwap = vUintBytes
-	case "HugetlbPages":
-		s.HugetlbPages = vUintBytes
-	case "voluntary_ctxt_switches":
-		s.VoluntaryCtxtSwitches = vUint
-	case "nonvoluntary_ctxt_switches":
-		s.NonVoluntaryCtxtSwitches = vUint
-	}
-}
-
-// TotalCtxtSwitches returns the total context switch.
-func (s ProcStatus) TotalCtxtSwitches() uint64 {
-	return s.VoluntaryCtxtSwitches + s.NonVoluntaryCtxtSwitches
-}
diff --git a/vendor/github.com/prometheus/procfs/schedstat.go b/vendor/github.com/prometheus/procfs/schedstat.go
deleted file mode 100644
index 28228164e..000000000
--- a/vendor/github.com/prometheus/procfs/schedstat.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"errors"
-	"os"
-	"regexp"
-	"strconv"
-)
-
-var (
-	cpuLineRE  = regexp.MustCompile(`cpu(\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+) (\d+)`)
-	procLineRE = regexp.MustCompile(`(\d+) (\d+) (\d+)`)
-)
-
-// Schedstat contains scheduler statistics from /proc/schedstat
-//
-// See
-// https://www.kernel.org/doc/Documentation/scheduler/sched-stats.txt
-// for a detailed description of what these numbers mean.
-//
-// Note the current kernel documentation claims some of the time units are in
-// jiffies when they are actually in nanoseconds since 2.6.23 with the
-// introduction of CFS. A fix to the documentation is pending. See
-// https://lore.kernel.org/patchwork/project/lkml/list/?series=403473
-type Schedstat struct {
-	CPUs []*SchedstatCPU
-}
-
-// SchedstatCPU contains the values from one "cpu<N>" line
-type SchedstatCPU struct {
-	CPUNum string
-
-	RunningNanoseconds uint64
-	WaitingNanoseconds uint64
-	RunTimeslices      uint64
-}
-
-// ProcSchedstat contains the values from /proc/<pid>/schedstat
-type ProcSchedstat struct {
-	RunningNanoseconds uint64
-	WaitingNanoseconds uint64
-	RunTimeslices      uint64
-}
-
-// Schedstat reads data from /proc/schedstat
-func (fs FS) Schedstat() (*Schedstat, error) {
-	file, err := os.Open(fs.proc.Path("schedstat"))
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	stats := &Schedstat{}
-	scanner := bufio.NewScanner(file)
-
-	for scanner.Scan() {
-		match := cpuLineRE.FindStringSubmatch(scanner.Text())
-		if match != nil {
-			cpu := &SchedstatCPU{}
-			cpu.CPUNum = match[1]
-
-			cpu.RunningNanoseconds, err = strconv.ParseUint(match[8], 10, 64)
-			if err != nil {
-				continue
-			}
-
-			cpu.WaitingNanoseconds, err = strconv.ParseUint(match[9], 10, 64)
-			if err != nil {
-				continue
-			}
-
-			cpu.RunTimeslices, err = strconv.ParseUint(match[10], 10, 64)
-			if err != nil {
-				continue
-			}
-
-			stats.CPUs = append(stats.CPUs, cpu)
-		}
-	}
-
-	return stats, nil
-}
-
-func parseProcSchedstat(contents string) (ProcSchedstat, error) {
-	var (
-		stats ProcSchedstat
-		err   error
-	)
-	match := procLineRE.FindStringSubmatch(contents)
-
-	if match != nil {
-		stats.RunningNanoseconds, err = strconv.ParseUint(match[1], 10, 64)
-		if err != nil {
-			return stats, err
-		}
-
-		stats.WaitingNanoseconds, err = strconv.ParseUint(match[2], 10, 64)
-		if err != nil {
-			return stats, err
-		}
-
-		stats.RunTimeslices, err = strconv.ParseUint(match[3], 10, 64)
-		return stats, err
-	}
-
-	return stats, errors.New("could not parse schedstat")
-}
diff --git a/vendor/github.com/prometheus/procfs/slab.go b/vendor/github.com/prometheus/procfs/slab.go
deleted file mode 100644
index 7896fd724..000000000
--- a/vendor/github.com/prometheus/procfs/slab.go
+++ /dev/null
@@ -1,151 +0,0 @@
-// Copyright 2020 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"regexp"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-var (
-	slabSpace  = regexp.MustCompile(`\s+`)
-	slabVer    = regexp.MustCompile(`slabinfo -`)
-	slabHeader = regexp.MustCompile(`# name`)
-)
-
-// Slab represents a slab pool in the kernel.
-type Slab struct {
-	Name         string
-	ObjActive    int64
-	ObjNum       int64
-	ObjSize      int64
-	ObjPerSlab   int64
-	PagesPerSlab int64
-	// tunables
-	Limit        int64
-	Batch        int64
-	SharedFactor int64
-	SlabActive   int64
-	SlabNum      int64
-	SharedAvail  int64
-}
-
-// SlabInfo represents info for all slabs.
-type SlabInfo struct {
-	Slabs []*Slab
-}
-
-func shouldParseSlab(line string) bool {
-	if slabVer.MatchString(line) {
-		return false
-	}
-	if slabHeader.MatchString(line) {
-		return false
-	}
-	return true
-}
-
-// parseV21SlabEntry is used to parse a line from /proc/slabinfo version 2.1.
-func parseV21SlabEntry(line string) (*Slab, error) {
-	// First cleanup whitespace.
-	l := slabSpace.ReplaceAllString(line, " ")
-	s := strings.Split(l, " ")
-	if len(s) != 16 {
-		return nil, fmt.Errorf("unable to parse: %q", line)
-	}
-	var err error
-	i := &Slab{Name: s[0]}
-	i.ObjActive, err = strconv.ParseInt(s[1], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.ObjNum, err = strconv.ParseInt(s[2], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.ObjSize, err = strconv.ParseInt(s[3], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.ObjPerSlab, err = strconv.ParseInt(s[4], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.PagesPerSlab, err = strconv.ParseInt(s[5], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.Limit, err = strconv.ParseInt(s[8], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.Batch, err = strconv.ParseInt(s[9], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.SharedFactor, err = strconv.ParseInt(s[10], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.SlabActive, err = strconv.ParseInt(s[13], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.SlabNum, err = strconv.ParseInt(s[14], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	i.SharedAvail, err = strconv.ParseInt(s[15], 10, 64)
-	if err != nil {
-		return nil, err
-	}
-	return i, nil
-}
-
-// parseSlabInfo21 is used to parse a slabinfo 2.1 file.
-func parseSlabInfo21(r *bytes.Reader) (SlabInfo, error) {
-	scanner := bufio.NewScanner(r)
-	s := SlabInfo{Slabs: []*Slab{}}
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !shouldParseSlab(line) {
-			continue
-		}
-		slab, err := parseV21SlabEntry(line)
-		if err != nil {
-			return s, err
-		}
-		s.Slabs = append(s.Slabs, slab)
-	}
-	return s, nil
-}
-
-// SlabInfo reads data from /proc/slabinfo
-func (fs FS) SlabInfo() (SlabInfo, error) {
-	// TODO: Consider passing options to allow for parsing different
-	// slabinfo versions. However, slabinfo 2.1 has been stable since
-	// kernel 2.6.10 and later.
-	data, err := util.ReadFileNoStat(fs.proc.Path("slabinfo"))
-	if err != nil {
-		return SlabInfo{}, err
-	}
-
-	return parseSlabInfo21(bytes.NewReader(data))
-}
diff --git a/vendor/github.com/prometheus/procfs/stat.go b/vendor/github.com/prometheus/procfs/stat.go
deleted file mode 100644
index 6d8727541..000000000
--- a/vendor/github.com/prometheus/procfs/stat.go
+++ /dev/null
@@ -1,244 +0,0 @@
-// Copyright 2018 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/fs"
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// CPUStat shows how much time the cpu spend in various stages.
-type CPUStat struct {
-	User      float64
-	Nice      float64
-	System    float64
-	Idle      float64
-	Iowait    float64
-	IRQ       float64
-	SoftIRQ   float64
-	Steal     float64
-	Guest     float64
-	GuestNice float64
-}
-
-// SoftIRQStat represent the softirq statistics as exported in the procfs stat file.
-// A nice introduction can be found at https://0xax.gitbooks.io/linux-insides/content/interrupts/interrupts-9.html
-// It is possible to get per-cpu stats by reading /proc/softirqs
-type SoftIRQStat struct {
-	Hi          uint64
-	Timer       uint64
-	NetTx       uint64
-	NetRx       uint64
-	Block       uint64
-	BlockIoPoll uint64
-	Tasklet     uint64
-	Sched       uint64
-	Hrtimer     uint64
-	Rcu         uint64
-}
-
-// Stat represents kernel/system statistics.
-type Stat struct {
-	// Boot time in seconds since the Epoch.
-	BootTime uint64
-	// Summed up cpu statistics.
-	CPUTotal CPUStat
-	// Per-CPU statistics.
-	CPU []CPUStat
-	// Number of times interrupts were handled, which contains numbered and unnumbered IRQs.
-	IRQTotal uint64
-	// Number of times a numbered IRQ was triggered.
-	IRQ []uint64
-	// Number of times a context switch happened.
-	ContextSwitches uint64
-	// Number of times a process was created.
-	ProcessCreated uint64
-	// Number of processes currently running.
-	ProcessesRunning uint64
-	// Number of processes currently blocked (waiting for IO).
-	ProcessesBlocked uint64
-	// Number of times a softirq was scheduled.
-	SoftIRQTotal uint64
-	// Detailed softirq statistics.
-	SoftIRQ SoftIRQStat
-}
-
-// Parse a cpu statistics line and returns the CPUStat struct plus the cpu id (or -1 for the overall sum).
-func parseCPUStat(line string) (CPUStat, int64, error) {
-	cpuStat := CPUStat{}
-	var cpu string
-
-	count, err := fmt.Sscanf(line, "%s %f %f %f %f %f %f %f %f %f %f",
-		&cpu,
-		&cpuStat.User, &cpuStat.Nice, &cpuStat.System, &cpuStat.Idle,
-		&cpuStat.Iowait, &cpuStat.IRQ, &cpuStat.SoftIRQ, &cpuStat.Steal,
-		&cpuStat.Guest, &cpuStat.GuestNice)
-
-	if err != nil && err != io.EOF {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): %w", line, err)
-	}
-	if count == 0 {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): 0 elements parsed", line)
-	}
-
-	cpuStat.User /= userHZ
-	cpuStat.Nice /= userHZ
-	cpuStat.System /= userHZ
-	cpuStat.Idle /= userHZ
-	cpuStat.Iowait /= userHZ
-	cpuStat.IRQ /= userHZ
-	cpuStat.SoftIRQ /= userHZ
-	cpuStat.Steal /= userHZ
-	cpuStat.Guest /= userHZ
-	cpuStat.GuestNice /= userHZ
-
-	if cpu == "cpu" {
-		return cpuStat, -1, nil
-	}
-
-	cpuID, err := strconv.ParseInt(cpu[3:], 10, 64)
-	if err != nil {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu/cpuid): %w", line, err)
-	}
-
-	return cpuStat, cpuID, nil
-}
-
-// Parse a softirq line.
-func parseSoftIRQStat(line string) (SoftIRQStat, uint64, error) {
-	softIRQStat := SoftIRQStat{}
-	var total uint64
-	var prefix string
-
-	_, err := fmt.Sscanf(line, "%s %d %d %d %d %d %d %d %d %d %d %d",
-		&prefix, &total,
-		&softIRQStat.Hi, &softIRQStat.Timer, &softIRQStat.NetTx, &softIRQStat.NetRx,
-		&softIRQStat.Block, &softIRQStat.BlockIoPoll,
-		&softIRQStat.Tasklet, &softIRQStat.Sched,
-		&softIRQStat.Hrtimer, &softIRQStat.Rcu)
-
-	if err != nil {
-		return SoftIRQStat{}, 0, fmt.Errorf("couldn't parse %q (softirq): %w", line, err)
-	}
-
-	return softIRQStat, total, nil
-}
-
-// NewStat returns information about current cpu/process statistics.
-// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
-//
-// Deprecated: use fs.Stat() instead
-func NewStat() (Stat, error) {
-	fs, err := NewFS(fs.DefaultProcMountPoint)
-	if err != nil {
-		return Stat{}, err
-	}
-	return fs.Stat()
-}
-
-// NewStat returns information about current cpu/process statistics.
-// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
-//
-// Deprecated: use fs.Stat() instead
-func (fs FS) NewStat() (Stat, error) {
-	return fs.Stat()
-}
-
-// Stat returns information about current cpu/process statistics.
-// See https://www.kernel.org/doc/Documentation/filesystems/proc.txt
-func (fs FS) Stat() (Stat, error) {
-	fileName := fs.proc.Path("stat")
-	data, err := util.ReadFileNoStat(fileName)
-	if err != nil {
-		return Stat{}, err
-	}
-
-	stat := Stat{}
-
-	scanner := bufio.NewScanner(bytes.NewReader(data))
-	for scanner.Scan() {
-		line := scanner.Text()
-		parts := strings.Fields(scanner.Text())
-		// require at least <key> <value>
-		if len(parts) < 2 {
-			continue
-		}
-		switch {
-		case parts[0] == "btime":
-			if stat.BootTime, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (btime): %w", parts[1], err)
-			}
-		case parts[0] == "intr":
-			if stat.IRQTotal, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (intr): %w", parts[1], err)
-			}
-			numberedIRQs := parts[2:]
-			stat.IRQ = make([]uint64, len(numberedIRQs))
-			for i, count := range numberedIRQs {
-				if stat.IRQ[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Stat{}, fmt.Errorf("couldn't parse %q (intr%d): %w", count, i, err)
-				}
-			}
-		case parts[0] == "ctxt":
-			if stat.ContextSwitches, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (ctxt): %w", parts[1], err)
-			}
-		case parts[0] == "processes":
-			if stat.ProcessCreated, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (processes): %w", parts[1], err)
-			}
-		case parts[0] == "procs_running":
-			if stat.ProcessesRunning, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (procs_running): %w", parts[1], err)
-			}
-		case parts[0] == "procs_blocked":
-			if stat.ProcessesBlocked, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (procs_blocked): %w", parts[1], err)
-			}
-		case parts[0] == "softirq":
-			softIRQStats, total, err := parseSoftIRQStat(line)
-			if err != nil {
-				return Stat{}, err
-			}
-			stat.SoftIRQTotal = total
-			stat.SoftIRQ = softIRQStats
-		case strings.HasPrefix(parts[0], "cpu"):
-			cpuStat, cpuID, err := parseCPUStat(line)
-			if err != nil {
-				return Stat{}, err
-			}
-			if cpuID == -1 {
-				stat.CPUTotal = cpuStat
-			} else {
-				for int64(len(stat.CPU)) <= cpuID {
-					stat.CPU = append(stat.CPU, CPUStat{})
-				}
-				stat.CPU[cpuID] = cpuStat
-			}
-		}
-	}
-
-	if err := scanner.Err(); err != nil {
-		return Stat{}, fmt.Errorf("couldn't parse %q: %w", fileName, err)
-	}
-
-	return stat, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/swaps.go b/vendor/github.com/prometheus/procfs/swaps.go
deleted file mode 100644
index 15edc2212..000000000
--- a/vendor/github.com/prometheus/procfs/swaps.go
+++ /dev/null
@@ -1,89 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Swap represents an entry in /proc/swaps.
-type Swap struct {
-	Filename string
-	Type     string
-	Size     int
-	Used     int
-	Priority int
-}
-
-// Swaps returns a slice of all configured swap devices on the system.
-func (fs FS) Swaps() ([]*Swap, error) {
-	data, err := util.ReadFileNoStat(fs.proc.Path("swaps"))
-	if err != nil {
-		return nil, err
-	}
-	return parseSwaps(data)
-}
-
-func parseSwaps(info []byte) ([]*Swap, error) {
-	swaps := []*Swap{}
-	scanner := bufio.NewScanner(bytes.NewReader(info))
-	scanner.Scan() // ignore header line
-	for scanner.Scan() {
-		swapString := scanner.Text()
-		parsedSwap, err := parseSwapString(swapString)
-		if err != nil {
-			return nil, err
-		}
-		swaps = append(swaps, parsedSwap)
-	}
-
-	err := scanner.Err()
-	return swaps, err
-}
-
-func parseSwapString(swapString string) (*Swap, error) {
-	var err error
-
-	swapFields := strings.Fields(swapString)
-	swapLength := len(swapFields)
-	if swapLength < 5 {
-		return nil, fmt.Errorf("too few fields in swap string: %s", swapString)
-	}
-
-	swap := &Swap{
-		Filename: swapFields[0],
-		Type:     swapFields[1],
-	}
-
-	swap.Size, err = strconv.Atoi(swapFields[2])
-	if err != nil {
-		return nil, fmt.Errorf("invalid swap size: %s", swapFields[2])
-	}
-	swap.Used, err = strconv.Atoi(swapFields[3])
-	if err != nil {
-		return nil, fmt.Errorf("invalid swap used: %s", swapFields[3])
-	}
-	swap.Priority, err = strconv.Atoi(swapFields[4])
-	if err != nil {
-		return nil, fmt.Errorf("invalid swap priority: %s", swapFields[4])
-	}
-
-	return swap, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/ttar b/vendor/github.com/prometheus/procfs/ttar
deleted file mode 100644
index 19ef02b8d..000000000
--- a/vendor/github.com/prometheus/procfs/ttar
+++ /dev/null
@@ -1,413 +0,0 @@
-#!/usr/bin/env bash
-
-# Purpose: plain text tar format
-# Limitations: - only suitable for text files, directories, and symlinks
-#              - stores only filename, content, and mode
-#              - not designed for untrusted input
-#
-# Note: must work with bash version 3.2 (macOS)
-
-# Copyright 2017 Roger Luethi
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -o errexit -o nounset
-
-# Sanitize environment (for instance, standard sorting of glob matches)
-export LC_ALL=C
-
-path=""
-CMD=""
-ARG_STRING="$*"
-
-#------------------------------------------------------------------------------
-# Not all sed implementations can work on null bytes. In order to make ttar
-# work out of the box on macOS, use Python as a stream editor.
-
-USE_PYTHON=0
-
-PYTHON_CREATE_FILTER=$(cat << 'PCF'
-#!/usr/bin/env python
-
-import re
-import sys
-
-for line in sys.stdin:
-    line = re.sub(r'EOF', r'\EOF', line)
-    line = re.sub(r'NULLBYTE', r'\NULLBYTE', line)
-    line = re.sub('\x00', r'NULLBYTE', line)
-    sys.stdout.write(line)
-PCF
-)
-
-PYTHON_EXTRACT_FILTER=$(cat << 'PEF'
-#!/usr/bin/env python
-
-import re
-import sys
-
-for line in sys.stdin:
-    line = re.sub(r'(?<!\\)NULLBYTE', '\x00', line)
-    line = re.sub(r'\\NULLBYTE', 'NULLBYTE', line)
-    line = re.sub(r'([^\\])EOF', r'\1', line)
-    line = re.sub(r'\\EOF', 'EOF', line)
-    sys.stdout.write(line)
-PEF
-)
-
-function test_environment {
-    if [[ "$(echo "a" | sed 's/a/\x0/' | wc -c)" -ne 2 ]]; then
-        echo "WARNING sed unable to handle null bytes, using Python (slow)."
-        if ! which python >/dev/null; then
-            echo "ERROR Python not found. Aborting."
-            exit 2
-        fi
-        USE_PYTHON=1
-    fi
-}
-
-#------------------------------------------------------------------------------
-
-function usage {
-    bname=$(basename "$0")
-    cat << USAGE
-Usage:   $bname [-C <DIR>] -c -f <ARCHIVE> <FILE...> (create archive)
-         $bname            -t -f <ARCHIVE>           (list archive contents)
-         $bname [-C <DIR>] -x -f <ARCHIVE>           (extract archive)
-
-Options:
-         -C <DIR>           (change directory)
-         -v                 (verbose)
-         --recursive-unlink (recursively delete existing directory if path
-                             collides with file or directory to extract)
-
-Example: Change to sysfs directory, create ttar file from fixtures directory
-         $bname -C sysfs -c -f sysfs/fixtures.ttar fixtures/
-USAGE
-exit "$1"
-}
-
-function vecho {
-    if [ "${VERBOSE:-}" == "yes" ]; then
-        echo >&7 "$@"
-    fi
-}
-
-function set_cmd {
-    if [ -n "$CMD" ]; then
-        echo "ERROR: more than one command given"
-        echo
-        usage 2
-    fi
-    CMD=$1
-}
-
-unset VERBOSE
-unset RECURSIVE_UNLINK
-
-while getopts :cf:-:htxvC: opt; do
-    case $opt in
-        c)
-            set_cmd "create"
-            ;;
-        f)
-            ARCHIVE=$OPTARG
-            ;;
-        h)
-            usage 0
-            ;;
-        t)
-            set_cmd "list"
-            ;;
-        x)
-            set_cmd "extract"
-            ;;
-        v)
-            VERBOSE=yes
-            exec 7>&1
-            ;;
-        C)
-            CDIR=$OPTARG
-            ;;
-        -)
-            case $OPTARG in
-                recursive-unlink)
-                    RECURSIVE_UNLINK="yes"
-                    ;;
-                *)
-                    echo -e "Error: invalid option -$OPTARG"
-                    echo
-                    usage 1
-                    ;;
-            esac
-            ;;
-        *)
-            echo >&2 "ERROR: invalid option -$OPTARG"
-            echo
-            usage 1
-            ;;
-    esac
-done
-
-# Remove processed options from arguments
-shift $(( OPTIND - 1 ));
-
-if [ "${CMD:-}" == "" ]; then
-    echo >&2 "ERROR: no command given"
-    echo
-    usage 1
-elif [ "${ARCHIVE:-}" == "" ]; then
-    echo >&2 "ERROR: no archive name given"
-    echo
-    usage 1
-fi
-
-function list {
-    local path=""
-    local size=0
-    local line_no=0
-    local ttar_file=$1
-    if [ -n "${2:-}" ]; then
-        echo >&2 "ERROR: too many arguments."
-        echo
-        usage 1
-    fi
-    if [ ! -e "$ttar_file" ]; then
-        echo >&2 "ERROR: file not found ($ttar_file)"
-        echo
-        usage 1
-    fi
-    while read -r line; do
-        line_no=$(( line_no + 1 ))
-        if [ $size -gt 0 ]; then
-            size=$(( size - 1 ))
-            continue
-        fi
-        if [[ $line =~ ^Path:\ (.*)$ ]]; then
-            path=${BASH_REMATCH[1]}
-        elif [[ $line =~ ^Lines:\ (.*)$ ]]; then
-            size=${BASH_REMATCH[1]}
-            echo "$path"
-        elif [[ $line =~ ^Directory:\ (.*)$ ]]; then
-            path=${BASH_REMATCH[1]}
-            echo "$path/"
-        elif [[ $line =~ ^SymlinkTo:\ (.*)$ ]]; then
-            echo  "$path -> ${BASH_REMATCH[1]}"
-        fi
-    done < "$ttar_file"
-}
-
-function extract {
-    local path=""
-    local size=0
-    local line_no=0
-    local ttar_file=$1
-    if [ -n "${2:-}" ]; then
-        echo >&2 "ERROR: too many arguments."
-        echo
-        usage 1
-    fi
-    if [ ! -e "$ttar_file" ]; then
-        echo >&2 "ERROR: file not found ($ttar_file)"
-        echo
-        usage 1
-    fi
-    while IFS= read -r line; do
-        line_no=$(( line_no + 1 ))
-        local eof_without_newline
-        if [ "$size" -gt 0 ]; then
-            if [[ "$line" =~ [^\\]EOF ]]; then
-                # An EOF not preceded by a backslash indicates that the line
-                # does not end with a newline
-                eof_without_newline=1
-            else
-                eof_without_newline=0
-            fi
-            # Replace NULLBYTE with null byte if at beginning of line
-            # Replace NULLBYTE with null byte unless preceded by backslash
-            # Remove one backslash in front of NULLBYTE (if any)
-            # Remove EOF unless preceded by backslash
-            # Remove one backslash in front of EOF
-            if [ $USE_PYTHON -eq 1 ]; then
-                echo -n "$line" | python -c "$PYTHON_EXTRACT_FILTER" >> "$path"
-            else
-                # The repeated pattern makes up for sed's lack of negative
-                # lookbehind assertions (for consecutive null bytes).
-                echo -n "$line" | \
-                    sed -e 's/^NULLBYTE/\x0/g;
-                            s/\([^\\]\)NULLBYTE/\1\x0/g;
-                            s/\([^\\]\)NULLBYTE/\1\x0/g;
-                            s/\\NULLBYTE/NULLBYTE/g;
-                            s/\([^\\]\)EOF/\1/g;
-                            s/\\EOF/EOF/g;
-                    ' >> "$path"
-            fi
-            if [[ "$eof_without_newline" -eq 0 ]]; then
-                echo >> "$path"
-            fi
-            size=$(( size - 1 ))
-            continue
-        fi
-        if [[ $line =~ ^Path:\ (.*)$ ]]; then
-            path=${BASH_REMATCH[1]}
-            if [ -L "$path" ]; then
-                rm "$path"
-            elif [ -d "$path" ]; then
-                if [ "${RECURSIVE_UNLINK:-}" == "yes" ]; then
-                    rm -r "$path"
-                else
-                    # Safe because symlinks to directories are dealt with above
-                    rmdir "$path"
-                fi
-            elif [ -e "$path" ]; then
-                rm "$path"
-            fi
-        elif [[ $line =~ ^Lines:\ (.*)$ ]]; then
-            size=${BASH_REMATCH[1]}
-            # Create file even if it is zero-length.
-            touch "$path"
-            vecho "    $path"
-        elif [[ $line =~ ^Mode:\ (.*)$ ]]; then
-            mode=${BASH_REMATCH[1]}
-            chmod "$mode" "$path"
-            vecho "$mode"
-        elif [[ $line =~ ^Directory:\ (.*)$ ]]; then
-            path=${BASH_REMATCH[1]}
-            mkdir -p "$path"
-            vecho "    $path/"
-        elif [[ $line =~ ^SymlinkTo:\ (.*)$ ]]; then
-            ln -s "${BASH_REMATCH[1]}" "$path"
-            vecho "    $path -> ${BASH_REMATCH[1]}"
-        elif [[ $line =~ ^# ]]; then
-            # Ignore comments between files
-            continue
-        else
-            echo >&2 "ERROR: Unknown keyword on line $line_no: $line"
-            exit 1
-        fi
-    done < "$ttar_file"
-}
-
-function div {
-    echo "# ttar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" \
-         "- - - - - -"
-}
-
-function get_mode {
-    local mfile=$1
-    if [ -z "${STAT_OPTION:-}" ]; then
-        if stat -c '%a' "$mfile" >/dev/null 2>&1; then
-            # GNU stat
-            STAT_OPTION='-c'
-            STAT_FORMAT='%a'
-        else
-            # BSD stat
-            STAT_OPTION='-f'
-            # Octal output, user/group/other (omit file type, sticky bit)
-            STAT_FORMAT='%OLp'
-        fi
-    fi
-    stat "${STAT_OPTION}" "${STAT_FORMAT}" "$mfile"
-}
-
-function _create {
-    shopt -s nullglob
-    local mode
-    local eof_without_newline
-    while (( "$#" )); do
-        file=$1
-        if [ -L "$file" ]; then
-            echo "Path: $file"
-            symlinkTo=$(readlink "$file")
-            echo "SymlinkTo: $symlinkTo"
-            vecho "    $file -> $symlinkTo"
-            div
-        elif [ -d "$file" ]; then
-            # Strip trailing slash (if there is one)
-            file=${file%/}
-            echo "Directory: $file"
-            mode=$(get_mode "$file")
-            echo "Mode: $mode"
-            vecho "$mode $file/"
-            div
-            # Find all files and dirs, including hidden/dot files
-            for x in "$file/"{*,.[^.]*}; do
-                _create "$x"
-            done
-        elif [ -f "$file" ]; then
-            echo "Path: $file"
-            lines=$(wc -l "$file"|awk '{print $1}')
-            eof_without_newline=0
-            if [[ "$(wc -c "$file"|awk '{print $1}')" -gt 0 ]] && \
-                    [[ "$(tail -c 1 "$file" | wc -l)" -eq 0 ]]; then
-                eof_without_newline=1
-                lines=$((lines+1))
-            fi
-            echo "Lines: $lines"
-            # Add backslash in front of EOF
-            # Add backslash in front of NULLBYTE
-            # Replace null byte with NULLBYTE
-            if [ $USE_PYTHON -eq 1 ]; then
-                < "$file" python -c "$PYTHON_CREATE_FILTER"
-            else
-                < "$file" \
-                    sed 's/EOF/\\EOF/g;
-                            s/NULLBYTE/\\NULLBYTE/g;
-                            s/\x0/NULLBYTE/g;
-                    '
-            fi
-            if [[ "$eof_without_newline" -eq 1 ]]; then
-                # Finish line with EOF to indicate that the original line did
-                # not end with a linefeed
-                echo "EOF"
-            fi
-            mode=$(get_mode "$file")
-            echo "Mode: $mode"
-            vecho "$mode $file"
-            div
-        else
-            echo >&2 "ERROR: file not found ($file in $(pwd))"
-            exit 2
-        fi
-        shift
-    done
-}
-
-function create {
-    ttar_file=$1
-    shift
-    if [ -z "${1:-}" ]; then
-        echo >&2 "ERROR: missing arguments."
-        echo
-        usage 1
-    fi
-    if [ -e "$ttar_file" ]; then
-        rm "$ttar_file"
-    fi
-    exec > "$ttar_file"
-    echo "# Archive created by ttar $ARG_STRING"
-    _create "$@"
-}
-
-test_environment
-
-if [ -n "${CDIR:-}" ]; then
-    if [[ "$ARCHIVE" != /* ]]; then
-        # Relative path: preserve the archive's location before changing
-        # directory
-        ARCHIVE="$(pwd)/$ARCHIVE"
-    fi
-    cd "$CDIR"
-fi
-
-"$CMD" "$ARCHIVE" "$@"
diff --git a/vendor/github.com/prometheus/procfs/vm.go b/vendor/github.com/prometheus/procfs/vm.go
deleted file mode 100644
index cb1389141..000000000
--- a/vendor/github.com/prometheus/procfs/vm.go
+++ /dev/null
@@ -1,210 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build !windows
-
-package procfs
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// The VM interface is described at
-//   https://www.kernel.org/doc/Documentation/sysctl/vm.txt
-// Each setting is exposed as a single file.
-// Each file contains one line with a single numerical value, except lowmem_reserve_ratio which holds an array
-// and numa_zonelist_order (deprecated) which is a string
-type VM struct {
-	AdminReserveKbytes        *int64   // /proc/sys/vm/admin_reserve_kbytes
-	BlockDump                 *int64   // /proc/sys/vm/block_dump
-	CompactUnevictableAllowed *int64   // /proc/sys/vm/compact_unevictable_allowed
-	DirtyBackgroundBytes      *int64   // /proc/sys/vm/dirty_background_bytes
-	DirtyBackgroundRatio      *int64   // /proc/sys/vm/dirty_background_ratio
-	DirtyBytes                *int64   // /proc/sys/vm/dirty_bytes
-	DirtyExpireCentisecs      *int64   // /proc/sys/vm/dirty_expire_centisecs
-	DirtyRatio                *int64   // /proc/sys/vm/dirty_ratio
-	DirtytimeExpireSeconds    *int64   // /proc/sys/vm/dirtytime_expire_seconds
-	DirtyWritebackCentisecs   *int64   // /proc/sys/vm/dirty_writeback_centisecs
-	DropCaches                *int64   // /proc/sys/vm/drop_caches
-	ExtfragThreshold          *int64   // /proc/sys/vm/extfrag_threshold
-	HugetlbShmGroup           *int64   // /proc/sys/vm/hugetlb_shm_group
-	LaptopMode                *int64   // /proc/sys/vm/laptop_mode
-	LegacyVaLayout            *int64   // /proc/sys/vm/legacy_va_layout
-	LowmemReserveRatio        []*int64 // /proc/sys/vm/lowmem_reserve_ratio
-	MaxMapCount               *int64   // /proc/sys/vm/max_map_count
-	MemoryFailureEarlyKill    *int64   // /proc/sys/vm/memory_failure_early_kill
-	MemoryFailureRecovery     *int64   // /proc/sys/vm/memory_failure_recovery
-	MinFreeKbytes             *int64   // /proc/sys/vm/min_free_kbytes
-	MinSlabRatio              *int64   // /proc/sys/vm/min_slab_ratio
-	MinUnmappedRatio          *int64   // /proc/sys/vm/min_unmapped_ratio
-	MmapMinAddr               *int64   // /proc/sys/vm/mmap_min_addr
-	NrHugepages               *int64   // /proc/sys/vm/nr_hugepages
-	NrHugepagesMempolicy      *int64   // /proc/sys/vm/nr_hugepages_mempolicy
-	NrOvercommitHugepages     *int64   // /proc/sys/vm/nr_overcommit_hugepages
-	NumaStat                  *int64   // /proc/sys/vm/numa_stat
-	NumaZonelistOrder         string   // /proc/sys/vm/numa_zonelist_order
-	OomDumpTasks              *int64   // /proc/sys/vm/oom_dump_tasks
-	OomKillAllocatingTask     *int64   // /proc/sys/vm/oom_kill_allocating_task
-	OvercommitKbytes          *int64   // /proc/sys/vm/overcommit_kbytes
-	OvercommitMemory          *int64   // /proc/sys/vm/overcommit_memory
-	OvercommitRatio           *int64   // /proc/sys/vm/overcommit_ratio
-	PageCluster               *int64   // /proc/sys/vm/page-cluster
-	PanicOnOom                *int64   // /proc/sys/vm/panic_on_oom
-	PercpuPagelistFraction    *int64   // /proc/sys/vm/percpu_pagelist_fraction
-	StatInterval              *int64   // /proc/sys/vm/stat_interval
-	Swappiness                *int64   // /proc/sys/vm/swappiness
-	UserReserveKbytes         *int64   // /proc/sys/vm/user_reserve_kbytes
-	VfsCachePressure          *int64   // /proc/sys/vm/vfs_cache_pressure
-	WatermarkBoostFactor      *int64   // /proc/sys/vm/watermark_boost_factor
-	WatermarkScaleFactor      *int64   // /proc/sys/vm/watermark_scale_factor
-	ZoneReclaimMode           *int64   // /proc/sys/vm/zone_reclaim_mode
-}
-
-// VM reads the VM statistics from the specified `proc` filesystem.
-func (fs FS) VM() (*VM, error) {
-	path := fs.proc.Path("sys/vm")
-	file, err := os.Stat(path)
-	if err != nil {
-		return nil, err
-	}
-	if !file.Mode().IsDir() {
-		return nil, fmt.Errorf("%s is not a directory", path)
-	}
-
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-
-	var vm VM
-	for _, f := range files {
-		if f.IsDir() {
-			continue
-		}
-
-		name := filepath.Join(path, f.Name())
-		// ignore errors on read, as there are some write only
-		// in /proc/sys/vm
-		value, err := util.SysReadFile(name)
-		if err != nil {
-			continue
-		}
-		vp := util.NewValueParser(value)
-
-		switch f.Name() {
-		case "admin_reserve_kbytes":
-			vm.AdminReserveKbytes = vp.PInt64()
-		case "block_dump":
-			vm.BlockDump = vp.PInt64()
-		case "compact_unevictable_allowed":
-			vm.CompactUnevictableAllowed = vp.PInt64()
-		case "dirty_background_bytes":
-			vm.DirtyBackgroundBytes = vp.PInt64()
-		case "dirty_background_ratio":
-			vm.DirtyBackgroundRatio = vp.PInt64()
-		case "dirty_bytes":
-			vm.DirtyBytes = vp.PInt64()
-		case "dirty_expire_centisecs":
-			vm.DirtyExpireCentisecs = vp.PInt64()
-		case "dirty_ratio":
-			vm.DirtyRatio = vp.PInt64()
-		case "dirtytime_expire_seconds":
-			vm.DirtytimeExpireSeconds = vp.PInt64()
-		case "dirty_writeback_centisecs":
-			vm.DirtyWritebackCentisecs = vp.PInt64()
-		case "drop_caches":
-			vm.DropCaches = vp.PInt64()
-		case "extfrag_threshold":
-			vm.ExtfragThreshold = vp.PInt64()
-		case "hugetlb_shm_group":
-			vm.HugetlbShmGroup = vp.PInt64()
-		case "laptop_mode":
-			vm.LaptopMode = vp.PInt64()
-		case "legacy_va_layout":
-			vm.LegacyVaLayout = vp.PInt64()
-		case "lowmem_reserve_ratio":
-			stringSlice := strings.Fields(value)
-			pint64Slice := make([]*int64, 0, len(stringSlice))
-			for _, value := range stringSlice {
-				vp := util.NewValueParser(value)
-				pint64Slice = append(pint64Slice, vp.PInt64())
-			}
-			vm.LowmemReserveRatio = pint64Slice
-		case "max_map_count":
-			vm.MaxMapCount = vp.PInt64()
-		case "memory_failure_early_kill":
-			vm.MemoryFailureEarlyKill = vp.PInt64()
-		case "memory_failure_recovery":
-			vm.MemoryFailureRecovery = vp.PInt64()
-		case "min_free_kbytes":
-			vm.MinFreeKbytes = vp.PInt64()
-		case "min_slab_ratio":
-			vm.MinSlabRatio = vp.PInt64()
-		case "min_unmapped_ratio":
-			vm.MinUnmappedRatio = vp.PInt64()
-		case "mmap_min_addr":
-			vm.MmapMinAddr = vp.PInt64()
-		case "nr_hugepages":
-			vm.NrHugepages = vp.PInt64()
-		case "nr_hugepages_mempolicy":
-			vm.NrHugepagesMempolicy = vp.PInt64()
-		case "nr_overcommit_hugepages":
-			vm.NrOvercommitHugepages = vp.PInt64()
-		case "numa_stat":
-			vm.NumaStat = vp.PInt64()
-		case "numa_zonelist_order":
-			vm.NumaZonelistOrder = value
-		case "oom_dump_tasks":
-			vm.OomDumpTasks = vp.PInt64()
-		case "oom_kill_allocating_task":
-			vm.OomKillAllocatingTask = vp.PInt64()
-		case "overcommit_kbytes":
-			vm.OvercommitKbytes = vp.PInt64()
-		case "overcommit_memory":
-			vm.OvercommitMemory = vp.PInt64()
-		case "overcommit_ratio":
-			vm.OvercommitRatio = vp.PInt64()
-		case "page-cluster":
-			vm.PageCluster = vp.PInt64()
-		case "panic_on_oom":
-			vm.PanicOnOom = vp.PInt64()
-		case "percpu_pagelist_fraction":
-			vm.PercpuPagelistFraction = vp.PInt64()
-		case "stat_interval":
-			vm.StatInterval = vp.PInt64()
-		case "swappiness":
-			vm.Swappiness = vp.PInt64()
-		case "user_reserve_kbytes":
-			vm.UserReserveKbytes = vp.PInt64()
-		case "vfs_cache_pressure":
-			vm.VfsCachePressure = vp.PInt64()
-		case "watermark_boost_factor":
-			vm.WatermarkBoostFactor = vp.PInt64()
-		case "watermark_scale_factor":
-			vm.WatermarkScaleFactor = vp.PInt64()
-		case "zone_reclaim_mode":
-			vm.ZoneReclaimMode = vp.PInt64()
-		}
-		if err := vp.Err(); err != nil {
-			return nil, err
-		}
-	}
-
-	return &vm, nil
-}
diff --git a/vendor/github.com/prometheus/procfs/xfrm.go b/vendor/github.com/prometheus/procfs/xfrm.go
deleted file mode 100644
index eed07c7d7..000000000
--- a/vendor/github.com/prometheus/procfs/xfrm.go
+++ /dev/null
@@ -1,186 +0,0 @@
-// Copyright 2017 Prometheus Team
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package procfs
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-)
-
-// XfrmStat models the contents of /proc/net/xfrm_stat.
-type XfrmStat struct {
-	// All errors which are not matched by other
-	XfrmInError int
-	// No buffer is left
-	XfrmInBufferError int
-	// Header Error
-	XfrmInHdrError int
-	// No state found
-	// i.e. either inbound SPI, address, or IPSEC protocol at SA is wrong
-	XfrmInNoStates int
-	// Transformation protocol specific error
-	// e.g. SA Key is wrong
-	XfrmInStateProtoError int
-	// Transformation mode specific error
-	XfrmInStateModeError int
-	// Sequence error
-	// e.g. sequence number is out of window
-	XfrmInStateSeqError int
-	// State is expired
-	XfrmInStateExpired int
-	// State has mismatch option
-	// e.g. UDP encapsulation type is mismatched
-	XfrmInStateMismatch int
-	// State is invalid
-	XfrmInStateInvalid int
-	// No matching template for states
-	// e.g. Inbound SAs are correct but SP rule is wrong
-	XfrmInTmplMismatch int
-	// No policy is found for states
-	// e.g. Inbound SAs are correct but no SP is found
-	XfrmInNoPols int
-	// Policy discards
-	XfrmInPolBlock int
-	// Policy error
-	XfrmInPolError int
-	// All errors which are not matched by others
-	XfrmOutError int
-	// Bundle generation error
-	XfrmOutBundleGenError int
-	// Bundle check error
-	XfrmOutBundleCheckError int
-	// No state was found
-	XfrmOutNoStates int
-	// Transformation protocol specific error
-	XfrmOutStateProtoError int
-	// Transportation mode specific error
-	XfrmOutStateModeError int
-	// Sequence error
-	// i.e sequence number overflow
-	XfrmOutStateSeqError int
-	// State is expired
-	XfrmOutStateExpired int
-	// Policy discads
-	XfrmOutPolBlock int
-	// Policy is dead
-	XfrmOutPolDead int
-	// Policy Error
-	XfrmOutPolError     int
-	XfrmFwdHdrError     int
-	XfrmOutStateInvalid int
-	XfrmAcquireError    int
-}
-
-// NewXfrmStat reads the xfrm_stat statistics.
-func NewXfrmStat() (XfrmStat, error) {
-	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
-		return XfrmStat{}, err
-	}
-
-	return fs.NewXfrmStat()
-}
-
-// NewXfrmStat reads the xfrm_stat statistics from the 'proc' filesystem.
-func (fs FS) NewXfrmStat() (XfrmStat, error) {
-	file, err := os.Open(fs.proc.Path("net/xfrm_stat"))
-	if err != nil {
-		return XfrmStat{}, err
-	}
-	defer file.Close()
-
-	var (
-		x = XfrmStat{}
-		s = bufio.NewScanner(file)
-	)
-
-	for s.Scan() {
-		fields := strings.Fields(s.Text())
-
-		if len(fields) != 2 {
-			return XfrmStat{}, fmt.Errorf("couldn't parse %q line %q", file.Name(), s.Text())
-		}
-
-		name := fields[0]
-		value, err := strconv.Atoi(fields[1])
-		if err != nil {
-			return XfrmStat{}, err
-		}
-
-		switch name {
-		case "XfrmInError":
-			x.XfrmInError = value
-		case "XfrmInBufferError":
-			x.XfrmInBufferError = value
-		case "XfrmInHdrError":
-			x.XfrmInHdrError = value
-		case "XfrmInNoStates":
-			x.XfrmInNoStates = value
-		case "XfrmInStateProtoError":
-			x.XfrmInStateProtoError = value
-		case "XfrmInStateModeError":
-			x.XfrmInStateModeError = value
-		case "XfrmInStateSeqError":
-			x.XfrmInStateSeqError = value
-		case "XfrmInStateExpired":
-			x.XfrmInStateExpired = value
-		case "XfrmInStateInvalid":
-			x.XfrmInStateInvalid = value
-		case "XfrmInTmplMismatch":
-			x.XfrmInTmplMismatch = value
-		case "XfrmInNoPols":
-			x.XfrmInNoPols = value
-		case "XfrmInPolBlock":
-			x.XfrmInPolBlock = value
-		case "XfrmInPolError":
-			x.XfrmInPolError = value
-		case "XfrmOutError":
-			x.XfrmOutError = value
-		case "XfrmInStateMismatch":
-			x.XfrmInStateMismatch = value
-		case "XfrmOutBundleGenError":
-			x.XfrmOutBundleGenError = value
-		case "XfrmOutBundleCheckError":
-			x.XfrmOutBundleCheckError = value
-		case "XfrmOutNoStates":
-			x.XfrmOutNoStates = value
-		case "XfrmOutStateProtoError":
-			x.XfrmOutStateProtoError = value
-		case "XfrmOutStateModeError":
-			x.XfrmOutStateModeError = value
-		case "XfrmOutStateSeqError":
-			x.XfrmOutStateSeqError = value
-		case "XfrmOutStateExpired":
-			x.XfrmOutStateExpired = value
-		case "XfrmOutPolBlock":
-			x.XfrmOutPolBlock = value
-		case "XfrmOutPolDead":
-			x.XfrmOutPolDead = value
-		case "XfrmOutPolError":
-			x.XfrmOutPolError = value
-		case "XfrmFwdHdrError":
-			x.XfrmFwdHdrError = value
-		case "XfrmOutStateInvalid":
-			x.XfrmOutStateInvalid = value
-		case "XfrmAcquireError":
-			x.XfrmAcquireError = value
-		}
-
-	}
-
-	return x, s.Err()
-}
diff --git a/vendor/github.com/prometheus/procfs/zoneinfo.go b/vendor/github.com/prometheus/procfs/zoneinfo.go
deleted file mode 100644
index 209e2ac98..000000000
--- a/vendor/github.com/prometheus/procfs/zoneinfo.go
+++ /dev/null
@@ -1,195 +0,0 @@
-// Copyright 2019 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build !windows
-
-package procfs
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"regexp"
-	"strings"
-
-	"github.com/prometheus/procfs/internal/util"
-)
-
-// Zoneinfo holds info parsed from /proc/zoneinfo.
-type Zoneinfo struct {
-	Node                       string
-	Zone                       string
-	NrFreePages                *int64
-	Min                        *int64
-	Low                        *int64
-	High                       *int64
-	Scanned                    *int64
-	Spanned                    *int64
-	Present                    *int64
-	Managed                    *int64
-	NrActiveAnon               *int64
-	NrInactiveAnon             *int64
-	NrIsolatedAnon             *int64
-	NrAnonPages                *int64
-	NrAnonTransparentHugepages *int64
-	NrActiveFile               *int64
-	NrInactiveFile             *int64
-	NrIsolatedFile             *int64
-	NrFilePages                *int64
-	NrSlabReclaimable          *int64
-	NrSlabUnreclaimable        *int64
-	NrMlockStack               *int64
-	NrKernelStack              *int64
-	NrMapped                   *int64
-	NrDirty                    *int64
-	NrWriteback                *int64
-	NrUnevictable              *int64
-	NrShmem                    *int64
-	NrDirtied                  *int64
-	NrWritten                  *int64
-	NumaHit                    *int64
-	NumaMiss                   *int64
-	NumaForeign                *int64
-	NumaInterleave             *int64
-	NumaLocal                  *int64
-	NumaOther                  *int64
-	Protection                 []*int64
-}
-
-var nodeZoneRE = regexp.MustCompile(`(\d+), zone\s+(\w+)`)
-
-// Zoneinfo parses an zoneinfo-file (/proc/zoneinfo) and returns a slice of
-// structs containing the relevant info.  More information available here:
-// https://www.kernel.org/doc/Documentation/sysctl/vm.txt
-func (fs FS) Zoneinfo() ([]Zoneinfo, error) {
-	data, err := ioutil.ReadFile(fs.proc.Path("zoneinfo"))
-	if err != nil {
-		return nil, fmt.Errorf("error reading zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err)
-	}
-	zoneinfo, err := parseZoneinfo(data)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err)
-	}
-	return zoneinfo, nil
-}
-
-func parseZoneinfo(zoneinfoData []byte) ([]Zoneinfo, error) {
-
-	zoneinfo := []Zoneinfo{}
-
-	zoneinfoBlocks := bytes.Split(zoneinfoData, []byte("\nNode"))
-	for _, block := range zoneinfoBlocks {
-		var zoneinfoElement Zoneinfo
-		lines := strings.Split(string(block), "\n")
-		for _, line := range lines {
-
-			if nodeZone := nodeZoneRE.FindStringSubmatch(line); nodeZone != nil {
-				zoneinfoElement.Node = nodeZone[1]
-				zoneinfoElement.Zone = nodeZone[2]
-				continue
-			}
-			if strings.HasPrefix(strings.TrimSpace(line), "per-node stats") {
-				continue
-			}
-			parts := strings.Fields(strings.TrimSpace(line))
-			if len(parts) < 2 {
-				continue
-			}
-			vp := util.NewValueParser(parts[1])
-			switch parts[0] {
-			case "nr_free_pages":
-				zoneinfoElement.NrFreePages = vp.PInt64()
-			case "min":
-				zoneinfoElement.Min = vp.PInt64()
-			case "low":
-				zoneinfoElement.Low = vp.PInt64()
-			case "high":
-				zoneinfoElement.High = vp.PInt64()
-			case "scanned":
-				zoneinfoElement.Scanned = vp.PInt64()
-			case "spanned":
-				zoneinfoElement.Spanned = vp.PInt64()
-			case "present":
-				zoneinfoElement.Present = vp.PInt64()
-			case "managed":
-				zoneinfoElement.Managed = vp.PInt64()
-			case "nr_active_anon":
-				zoneinfoElement.NrActiveAnon = vp.PInt64()
-			case "nr_inactive_anon":
-				zoneinfoElement.NrInactiveAnon = vp.PInt64()
-			case "nr_isolated_anon":
-				zoneinfoElement.NrIsolatedAnon = vp.PInt64()
-			case "nr_anon_pages":
-				zoneinfoElement.NrAnonPages = vp.PInt64()
-			case "nr_anon_transparent_hugepages":
-				zoneinfoElement.NrAnonTransparentHugepages = vp.PInt64()
-			case "nr_active_file":
-				zoneinfoElement.NrActiveFile = vp.PInt64()
-			case "nr_inactive_file":
-				zoneinfoElement.NrInactiveFile = vp.PInt64()
-			case "nr_isolated_file":
-				zoneinfoElement.NrIsolatedFile = vp.PInt64()
-			case "nr_file_pages":
-				zoneinfoElement.NrFilePages = vp.PInt64()
-			case "nr_slab_reclaimable":
-				zoneinfoElement.NrSlabReclaimable = vp.PInt64()
-			case "nr_slab_unreclaimable":
-				zoneinfoElement.NrSlabUnreclaimable = vp.PInt64()
-			case "nr_mlock_stack":
-				zoneinfoElement.NrMlockStack = vp.PInt64()
-			case "nr_kernel_stack":
-				zoneinfoElement.NrKernelStack = vp.PInt64()
-			case "nr_mapped":
-				zoneinfoElement.NrMapped = vp.PInt64()
-			case "nr_dirty":
-				zoneinfoElement.NrDirty = vp.PInt64()
-			case "nr_writeback":
-				zoneinfoElement.NrWriteback = vp.PInt64()
-			case "nr_unevictable":
-				zoneinfoElement.NrUnevictable = vp.PInt64()
-			case "nr_shmem":
-				zoneinfoElement.NrShmem = vp.PInt64()
-			case "nr_dirtied":
-				zoneinfoElement.NrDirtied = vp.PInt64()
-			case "nr_written":
-				zoneinfoElement.NrWritten = vp.PInt64()
-			case "numa_hit":
-				zoneinfoElement.NumaHit = vp.PInt64()
-			case "numa_miss":
-				zoneinfoElement.NumaMiss = vp.PInt64()
-			case "numa_foreign":
-				zoneinfoElement.NumaForeign = vp.PInt64()
-			case "numa_interleave":
-				zoneinfoElement.NumaInterleave = vp.PInt64()
-			case "numa_local":
-				zoneinfoElement.NumaLocal = vp.PInt64()
-			case "numa_other":
-				zoneinfoElement.NumaOther = vp.PInt64()
-			case "protection:":
-				protectionParts := strings.Split(line, ":")
-				protectionValues := strings.Replace(protectionParts[1], "(", "", 1)
-				protectionValues = strings.Replace(protectionValues, ")", "", 1)
-				protectionValues = strings.TrimSpace(protectionValues)
-				protectionStringMap := strings.Split(protectionValues, ", ")
-				val, err := util.ParsePInt64s(protectionStringMap)
-				if err == nil {
-					zoneinfoElement.Protection = val
-				}
-			}
-
-		}
-
-		zoneinfo = append(zoneinfo, zoneinfoElement)
-	}
-	return zoneinfo, nil
-}
diff --git a/vendor/github.com/rivo/uniseg/go.mod b/vendor/github.com/rivo/uniseg/go.mod
deleted file mode 100644
index a54280b2d..000000000
--- a/vendor/github.com/rivo/uniseg/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/rivo/uniseg
-
-go 1.12
diff --git a/vendor/github.com/seccomp/libseccomp-golang/go.mod b/vendor/github.com/seccomp/libseccomp-golang/go.mod
deleted file mode 100644
index 6384b3769..000000000
--- a/vendor/github.com/seccomp/libseccomp-golang/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/seccomp/libseccomp-golang
-
-go 1.14
diff --git a/vendor/github.com/seccomp/libseccomp-golang/go.sum b/vendor/github.com/seccomp/libseccomp-golang/go.sum
deleted file mode 100644
index e69de29bb..000000000
--- a/vendor/github.com/seccomp/libseccomp-golang/go.sum
+++ /dev/null
diff --git a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go
index 72fe1aa3a..31011f34c 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go
@@ -27,10 +27,8 @@ import (
 // PassFunc is a type of function that takes a boolean (representing whether confirmation is desired) and returns the password as read, along with an error if one occurred
 type PassFunc func(bool) ([]byte, error)
 
-var (
-	// Read is for fuzzing
-	Read = readPasswordFn
-)
+// Read is for fuzzing
+var Read = readPasswordFn
 
 // readPasswordFn reads the password from the following sources, in order of preference:
 //
diff --git a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go
index fd0a63432..e9f48decb 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go
@@ -52,7 +52,13 @@ func UnmarshalPEMToPublicKey(pemBytes []byte) (crypto.PublicKey, error) {
 	if derBytes == nil {
 		return nil, errors.New("PEM decoding failed")
 	}
-	return x509.ParsePKIXPublicKey(derBytes.Bytes)
+	switch derBytes.Type {
+	case string(PublicKeyPEMType):
+		return x509.ParsePKIXPublicKey(derBytes.Bytes)
+	default:
+		return nil, fmt.Errorf("unknown Public key PEM file type: %v. Are you passing the correct public key?",
+			derBytes.Type)
+	}
 }
 
 // MarshalPublicKeyToDER converts a crypto.PublicKey into a PKIX, ASN.1 DER byte slice
diff --git a/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go b/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go
index 116c34c7c..23a8638ff 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go
@@ -154,7 +154,7 @@ func LoadED25519SignerVerifier(priv ed25519.PrivateKey) (*ED25519SignerVerifier,
 	}
 	pub, ok := priv.Public().(ed25519.PublicKey)
 	if !ok {
-		return nil, fmt.Errorf("given key is not ed25519.PublicKey: %w", err)
+		return nil, fmt.Errorf("given key is not ed25519.PublicKey")
 	}
 	verifier, err := LoadED25519Verifier(pub)
 	if err != nil {
diff --git a/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go b/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go
index 7db2ad80c..c58368433 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go
@@ -26,7 +26,7 @@ import (
 const CosignSignatureType = "cosign container image signature"
 
 // SimpleContainerImage describes the structure of a basic container image signature payload, as defined at:
-//  https://github.com/containers/image/blob/master/docs/containers-signature.5.md#json-data-format
+// https://github.com/containers/image/blob/master/docs/containers-signature.5.md#json-data-format
 type SimpleContainerImage struct {
 	Critical Critical               `json:"critical"` // Critical data critical to correctly evaluating the validity of the signature
 	Optional map[string]interface{} `json:"optional"` // Optional optional metadata about the image
diff --git a/vendor/github.com/sirupsen/logrus/go.mod b/vendor/github.com/sirupsen/logrus/go.mod
deleted file mode 100644
index 8b3f6d373..000000000
--- a/vendor/github.com/sirupsen/logrus/go.mod
+++ /dev/null
@@ -1,9 +0,0 @@
-module github.com/sirupsen/logrus
-
-require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/stretchr/testify v1.7.0
-	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
-)
-
-go 1.13
diff --git a/vendor/github.com/sirupsen/logrus/go.sum b/vendor/github.com/sirupsen/logrus/go.sum
deleted file mode 100644
index e5fdc85bf..000000000
--- a/vendor/github.com/sirupsen/logrus/go.sum
+++ /dev/null
@@ -1,14 +0,0 @@
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/vendor/github.com/spf13/cobra/go.mod b/vendor/github.com/spf13/cobra/go.mod
deleted file mode 100644
index 1d45d9f9a..000000000
--- a/vendor/github.com/spf13/cobra/go.mod
+++ /dev/null
@@ -1,10 +0,0 @@
-module github.com/spf13/cobra
-
-go 1.15
-
-require (
-	github.com/cpuguy83/go-md2man/v2 v2.0.2
-	github.com/inconshreveable/mousetrap v1.0.0
-	github.com/spf13/pflag v1.0.5
-	gopkg.in/yaml.v2 v2.4.0
-)
diff --git a/vendor/github.com/spf13/cobra/go.sum b/vendor/github.com/spf13/cobra/go.sum
deleted file mode 100644
index 8ed228800..000000000
--- a/vendor/github.com/spf13/cobra/go.sum
+++ /dev/null
@@ -1,12 +0,0 @@
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
diff --git a/vendor/github.com/spf13/pflag/go.mod b/vendor/github.com/spf13/pflag/go.mod
deleted file mode 100644
index b2287eec1..000000000
--- a/vendor/github.com/spf13/pflag/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/spf13/pflag
-
-go 1.12
diff --git a/vendor/github.com/spf13/pflag/go.sum b/vendor/github.com/spf13/pflag/go.sum
deleted file mode 100644
index e69de29bb..000000000
--- a/vendor/github.com/spf13/pflag/go.sum
+++ /dev/null
diff --git a/vendor/github.com/sylabs/sif/v2/pkg/sif/buffer.go b/vendor/github.com/sylabs/sif/v2/pkg/sif/buffer.go
index d706fb1a5..1d73a4750 100644
--- a/vendor/github.com/sylabs/sif/v2/pkg/sif/buffer.go
+++ b/vendor/github.com/sylabs/sif/v2/pkg/sif/buffer.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2021, Sylabs Inc. All rights reserved.
+// Copyright (c) 2021-2022, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -25,7 +25,7 @@ func NewBuffer(buf []byte) *Buffer {
 var errNegativeOffset = errors.New("negative offset")
 
 // ReadAt implements the io.ReaderAt interface.
-func (b *Buffer) ReadAt(p []byte, off int64) (n int, err error) {
+func (b *Buffer) ReadAt(p []byte, off int64) (int, error) {
 	if off < 0 {
 		return 0, errNegativeOffset
 	}
@@ -34,17 +34,17 @@ func (b *Buffer) ReadAt(p []byte, off int64) (n int, err error) {
 		return 0, io.EOF
 	}
 
-	n = copy(p, b.buf[off:])
+	n := copy(p, b.buf[off:])
 	if n < len(p) {
-		err = io.EOF
+		return n, io.EOF
 	}
-	return n, err
+	return n, nil
 }
 
 var errNegativePosition = errors.New("negative position")
 
 // Write implements the io.Writer interface.
-func (b *Buffer) Write(p []byte) (n int, err error) {
+func (b *Buffer) Write(p []byte) (int, error) {
 	if b.pos < 0 {
 		return 0, errNegativePosition
 	}
@@ -53,7 +53,7 @@ func (b *Buffer) Write(p []byte) (n int, err error) {
 		b.buf = append(b.buf, make([]byte, need-have)...)
 	}
 
-	n = copy(b.buf[b.pos:], p)
+	n := copy(b.buf[b.pos:], p)
 	b.pos += int64(n)
 	return n, nil
 }
diff --git a/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor.go b/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor.go
index da7a6a7c7..86fac669a 100644
--- a/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor.go
+++ b/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2018-2021, Sylabs Inc. All rights reserved.
+// Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
 // Copyright (c) 2017, SingularityWare, LLC. All rights reserved.
 // Copyright (c) 2017, Yannick Cote <yhcote@gmail.com> All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
@@ -96,7 +96,7 @@ func (d *rawDescriptor) setExtra(v interface{}) error {
 }
 
 // getPartitionMetadata gets metadata for a partition data object.
-func (d rawDescriptor) getPartitionMetadata() (fs FSType, pt PartType, arch string, err error) {
+func (d rawDescriptor) getPartitionMetadata() (FSType, PartType, string, error) {
 	if got, want := d.DataType, DataPartition; got != want {
 		return 0, 0, "", &unexpectedDataTypeError{got, []DataType{want}}
 	}
@@ -142,6 +142,8 @@ func (d Descriptor) GroupID() uint32 { return d.raw.GroupID &^ descrGroupMask }
 // LinkedID returns the object/group ID d is linked to, or zero if d does not contain a linked
 // ID. If isGroup is true, the returned id is an object group ID. Otherwise, the returned id is a
 // data object ID.
+//
+//nolint:nonamedreturns // Named returns effective as documentation.
 func (d Descriptor) LinkedID() (id uint32, isGroup bool) {
 	return d.raw.LinkedID &^ descrGroupMask, d.raw.LinkedID&descrGroupMask == descrGroupMask
 }
@@ -162,6 +164,8 @@ func (d Descriptor) ModifiedAt() time.Time { return time.Unix(d.raw.ModifiedAt,
 func (d Descriptor) Name() string { return strings.TrimRight(string(d.raw.Name[:]), "\000") }
 
 // PartitionMetadata gets metadata for a partition data object.
+//
+//nolint:nonamedreturns // Named returns effective as documentation.
 func (d Descriptor) PartitionMetadata() (fs FSType, pt PartType, arch string, err error) {
 	return d.raw.getPartitionMetadata()
 }
@@ -186,6 +190,8 @@ func getHashType(ht hashType) (crypto.Hash, error) {
 }
 
 // SignatureMetadata gets metadata for a signature data object.
+//
+//nolint:nonamedreturns // Named returns effective as documentation.
 func (d Descriptor) SignatureMetadata() (ht crypto.Hash, fp []byte, err error) {
 	if got, want := d.raw.DataType, DataSignature; got != want {
 		return ht, fp, &unexpectedDataTypeError{got, []DataType{want}}
diff --git a/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor_input.go b/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor_input.go
index c55cf51f9..1b8dda20c 100644
--- a/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor_input.go
+++ b/vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor_input.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2021, Sylabs Inc. All rights reserved.
+// Copyright (c) 2021-2022, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -10,7 +10,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"os"
 	"time"
 )
 
@@ -248,8 +247,9 @@ const DefaultObjectGroup = 1
 // this behavior, use OptNoGroup or OptGroupID. To link this data object, use OptLinkedID or
 // OptLinkedGroupID.
 //
-// By default, the data object will be aligned according to the system's memory page size. To
-// override this behavior, consider using OptObjectAlignment.
+// By default, the data object will not be aligned unless it is of type DataPartition, in which
+// case it will be aligned on a 4096 byte boundary. To override this behavior, consider using
+// OptObjectAlignment.
 //
 // By default, no name is set for data object. To set a name, use OptObjectName.
 //
@@ -258,8 +258,11 @@ const DefaultObjectGroup = 1
 // image modification time. To override this behavior, consider using OptObjectTime.
 func NewDescriptorInput(t DataType, r io.Reader, opts ...DescriptorInputOpt) (DescriptorInput, error) {
 	dopts := descriptorOpts{
-		groupID:   DefaultObjectGroup,
-		alignment: os.Getpagesize(),
+		groupID: DefaultObjectGroup,
+	}
+
+	if t == DataPartition {
+		dopts.alignment = 4096
 	}
 
 	for _, opt := range opts {
diff --git a/vendor/github.com/sylabs/sif/v2/pkg/sif/sif.go b/vendor/github.com/sylabs/sif/v2/pkg/sif/sif.go
index 704acee4a..e0faaedb3 100644
--- a/vendor/github.com/sylabs/sif/v2/pkg/sif/sif.go
+++ b/vendor/github.com/sylabs/sif/v2/pkg/sif/sif.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2018-2021, Sylabs Inc. All rights reserved.
+// Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
 // Copyright (c) 2017, SingularityWare, LLC. All rights reserved.
 // Copyright (c) 2017, Yannick Cote <yhcote@gmail.com> All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
@@ -10,69 +10,68 @@
 //
 // Layout of a SIF file (example):
 //
-//     .================================================.
-//     | GLOBAL HEADER: Sifheader                       |
-//     | - launch: "#!/usr/bin/env..."                  |
-//     | - magic: "SIF_MAGIC"                           |
-//     | - version: "1"                                 |
-//     | - arch: "4"                                    |
-//     | - uuid: b2659d4e-bd50-4ea5-bd17-eec5e54f918e   |
-//     | - ctime: 1504657553                            |
-//     | - mtime: 1504657653                            |
-//     | - ndescr: 3                                    |
-//     | - descroff: 120                                | --.
-//     | - descrlen: 432                                |   |
-//     | - dataoff: 4096                                |   |
-//     | - datalen: 619362                              |   |
-//     |------------------------------------------------| <-'
-//     | DESCR[0]: Sifdeffile                           |
-//     | - Sifcommon                                    |
-//     |   - datatype: DATA_DEFFILE                     |
-//     |   - id: 1                                      |
-//     |   - groupid: 1                                 |
-//     |   - link: NONE                                 |
-//     |   - fileoff: 4096                              | --.
-//     |   - filelen: 222                               |   |
-//     |------------------------------------------------| <-----.
-//     | DESCR[1]: Sifpartition                         |   |   |
-//     | - Sifcommon                                    |   |   |
-//     |   - datatype: DATA_PARTITION                   |   |   |
-//     |   - id: 2                                      |   |   |
-//     |   - groupid: 1                                 |   |   |
-//     |   - link: NONE                                 |   |   |
-//     |   - fileoff: 4318                              | ----. |
-//     |   - filelen: 618496                            |   | | |
-//     | - fstype: Squashfs                             |   | | |
-//     | - parttype: System                             |   | | |
-//     | - content: Linux                               |   | | |
-//     |------------------------------------------------|   | | |
-//     | DESCR[2]: Sifsignature                         |   | | |
-//     | - Sifcommon                                    |   | | |
-//     |   - datatype: DATA_SIGNATURE                   |   | | |
-//     |   - id: 3                                      |   | | |
-//     |   - groupid: NONE                              |   | | |
-//     |   - link: 2                                    | ------'
-//     |   - fileoff: 622814                            | ------.
-//     |   - filelen: 644                               |   | | |
-//     | - hashtype: SHA384                             |   | | |
-//     | - entity: @                                    |   | | |
-//     |------------------------------------------------| <-' | |
-//     | Definition file data                           |     | |
-//     | .                                              |     | |
-//     | .                                              |     | |
-//     | .                                              |     | |
-//     |------------------------------------------------| <---' |
-//     | File system partition image                    |       |
-//     | .                                              |       |
-//     | .                                              |       |
-//     | .                                              |       |
-//     |------------------------------------------------| <-----'
-//     | Signed verification data                       |
-//     | .                                              |
-//     | .                                              |
-//     | .                                              |
-//     `================================================'
-//
+//	.================================================.
+//	| GLOBAL HEADER: Sifheader                       |
+//	| - launch: "#!/usr/bin/env..."                  |
+//	| - magic: "SIF_MAGIC"                           |
+//	| - version: "1"                                 |
+//	| - arch: "4"                                    |
+//	| - uuid: b2659d4e-bd50-4ea5-bd17-eec5e54f918e   |
+//	| - ctime: 1504657553                            |
+//	| - mtime: 1504657653                            |
+//	| - ndescr: 3                                    |
+//	| - descroff: 120                                | --.
+//	| - descrlen: 432                                |   |
+//	| - dataoff: 4096                                |   |
+//	| - datalen: 619362                              |   |
+//	|------------------------------------------------| <-'
+//	| DESCR[0]: Sifdeffile                           |
+//	| - Sifcommon                                    |
+//	|   - datatype: DATA_DEFFILE                     |
+//	|   - id: 1                                      |
+//	|   - groupid: 1                                 |
+//	|   - link: NONE                                 |
+//	|   - fileoff: 4096                              | --.
+//	|   - filelen: 222                               |   |
+//	|------------------------------------------------| <-----.
+//	| DESCR[1]: Sifpartition                         |   |   |
+//	| - Sifcommon                                    |   |   |
+//	|   - datatype: DATA_PARTITION                   |   |   |
+//	|   - id: 2                                      |   |   |
+//	|   - groupid: 1                                 |   |   |
+//	|   - link: NONE                                 |   |   |
+//	|   - fileoff: 4318                              | ----. |
+//	|   - filelen: 618496                            |   | | |
+//	| - fstype: Squashfs                             |   | | |
+//	| - parttype: System                             |   | | |
+//	| - content: Linux                               |   | | |
+//	|------------------------------------------------|   | | |
+//	| DESCR[2]: Sifsignature                         |   | | |
+//	| - Sifcommon                                    |   | | |
+//	|   - datatype: DATA_SIGNATURE                   |   | | |
+//	|   - id: 3                                      |   | | |
+//	|   - groupid: NONE                              |   | | |
+//	|   - link: 2                                    | ------'
+//	|   - fileoff: 622814                            | ------.
+//	|   - filelen: 644                               |   | | |
+//	| - hashtype: SHA384                             |   | | |
+//	| - entity: @                                    |   | | |
+//	|------------------------------------------------| <-' | |
+//	| Definition file data                           |     | |
+//	| .                                              |     | |
+//	| .                                              |     | |
+//	| .                                              |     | |
+//	|------------------------------------------------| <---' |
+//	| File system partition image                    |       |
+//	| .                                              |       |
+//	| .                                              |       |
+//	| .                                              |       |
+//	|------------------------------------------------| <-----'
+//	| Signed verification data                       |
+//	| .                                              |
+//	| .                                              |
+//	| .                                              |
+//	`================================================'
 package sif
 
 import (
diff --git a/vendor/github.com/ulikunitz/xz/go.mod b/vendor/github.com/ulikunitz/xz/go.mod
deleted file mode 100644
index 330b675bd..000000000
--- a/vendor/github.com/ulikunitz/xz/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/ulikunitz/xz
-
-go 1.12
diff --git a/vendor/github.com/vbauerster/mpb/v7/bar.go b/vendor/github.com/vbauerster/mpb/v7/bar.go
index 4991f4f15..7db860e30 100644
--- a/vendor/github.com/vbauerster/mpb/v7/bar.go
+++ b/vendor/github.com/vbauerster/mpb/v7/bar.go
@@ -29,7 +29,7 @@ type Bar struct {
 	recoveredPanic interface{}
 }
 
-type extenderFunc func(in io.Reader, reqWidth int, st decor.Statistics) (out io.Reader, lines int)
+type extenderFunc func(rows []io.Reader, width int, stat decor.Statistics) []io.Reader
 
 // bState is actual bar's state.
 type bState struct {
@@ -57,14 +57,15 @@ type bState struct {
 	extender          extenderFunc
 	debugOut          io.Writer
 
-	afterBar *Bar // key for (*pState).queueBars
-	sync     bool
+	wait struct {
+		bar  *Bar // key for (*pState).queueBars
+		sync bool
+	}
 }
 
 type renderFrame struct {
-	reader   io.Reader
-	lines    int
-	shutdown bool
+	rows     []io.Reader
+	shutdown int
 }
 
 func newBar(container *Progress, bs *bState) *Bar {
@@ -339,8 +340,8 @@ func (b *Bar) Wait() {
 
 func (b *Bar) serve(ctx context.Context, bs *bState) {
 	defer b.container.bwg.Done()
-	if bs.afterBar != nil && bs.sync {
-		bs.afterBar.Wait()
+	if bs.wait.bar != nil && bs.wait.sync {
+		bs.wait.bar.Wait()
 	}
 	for {
 		select {
@@ -359,48 +360,58 @@ func (b *Bar) serve(ctx context.Context, bs *bState) {
 func (b *Bar) render(tw int) {
 	select {
 	case b.operateState <- func(s *bState) {
-		var reader io.Reader
-		var lines int
+		var rows []io.Reader
 		stat := newStatistics(tw, s)
 		defer func() {
 			// recovering if user defined decorator panics for example
 			if p := recover(); p != nil {
 				if s.debugOut != nil {
-					fmt.Fprintln(s.debugOut, p)
-					_, _ = s.debugOut.Write(debug.Stack())
+					for _, fn := range []func() (int, error){
+						func() (int, error) {
+							return fmt.Fprintln(s.debugOut, p)
+						},
+						func() (int, error) {
+							return s.debugOut.Write(debug.Stack())
+						},
+					} {
+						if _, err := fn(); err != nil {
+							panic(err)
+						}
+					}
 				}
 				s.aborted = !s.completed
 				s.extender = makePanicExtender(p)
-				reader, lines = s.extender(nil, s.reqWidth, stat)
 				b.recoveredPanic = p
 			}
-			frame := renderFrame{
-				reader:   reader,
-				lines:    lines + 1,
-				shutdown: s.completed || s.aborted,
+			if fn := s.extender; fn != nil {
+				rows = fn(rows, s.reqWidth, stat)
+			}
+			frame := &renderFrame{
+				rows: rows,
 			}
-			if frame.shutdown {
+			if s.completed || s.aborted {
 				b.cancel()
+				frame.shutdown++
 			}
-			b.frameCh <- &frame
+			b.frameCh <- frame
 		}()
 		if b.recoveredPanic == nil {
-			reader = s.draw(stat)
+			rows = append(rows, s.draw(stat))
 		}
-		reader, lines = s.extender(reader, s.reqWidth, stat)
 	}:
 	case <-b.done:
-		var reader io.Reader
-		var lines int
-		stat, s := newStatistics(tw, b.bs), b.bs
+		var rows []io.Reader
+		s, stat := b.bs, newStatistics(tw, b.bs)
 		if b.recoveredPanic == nil {
-			reader = s.draw(stat)
+			rows = append(rows, s.draw(stat))
+		}
+		if fn := s.extender; fn != nil {
+			rows = fn(rows, s.reqWidth, stat)
 		}
-		reader, lines = s.extender(reader, s.reqWidth, stat)
-		b.frameCh <- &renderFrame{
-			reader: reader,
-			lines:  lines + 1,
+		frame := &renderFrame{
+			rows: rows,
 		}
+		b.frameCh <- frame
 	}
 }
 
@@ -446,7 +457,7 @@ func (b *Bar) wSyncTable() [][]chan int {
 
 func (s *bState) draw(stat decor.Statistics) io.Reader {
 	bufP, bufB, bufA := s.buffers[0], s.buffers[1], s.buffers[2]
-	nlr := strings.NewReader("\n")
+	nlr := bytes.NewReader([]byte("\n"))
 	tw := stat.AvailableWidth
 	for _, d := range s.pDecorators {
 		str := d.Decor(stat)
@@ -596,11 +607,11 @@ func extractBaseDecorator(d decor.Decorator) decor.Decorator {
 
 func makePanicExtender(p interface{}) extenderFunc {
 	pstr := fmt.Sprint(p)
-	return func(_ io.Reader, _ int, st decor.Statistics) (io.Reader, int) {
-		mr := io.MultiReader(
-			strings.NewReader(runewidth.Truncate(pstr, st.AvailableWidth, "…")),
-			strings.NewReader("\n"),
+	return func(rows []io.Reader, _ int, stat decor.Statistics) []io.Reader {
+		r := io.MultiReader(
+			strings.NewReader(runewidth.Truncate(pstr, stat.AvailableWidth, "…")),
+			bytes.NewReader([]byte("\n")),
 		)
-		return mr, 0
+		return append(rows, r)
 	}
 }
diff --git a/vendor/github.com/vbauerster/mpb/v7/bar_option.go b/vendor/github.com/vbauerster/mpb/v7/bar_option.go
index 8599f0a57..3506ed2f1 100644
--- a/vendor/github.com/vbauerster/mpb/v7/bar_option.go
+++ b/vendor/github.com/vbauerster/mpb/v7/bar_option.go
@@ -60,6 +60,7 @@ func BarWidth(width int) BarOption {
 }
 
 // BarQueueAfter puts this (being constructed) bar into the queue.
+// BarPriority will be inherited from the argument bar.
 // When argument bar completes or aborts queued bar replaces its place.
 // If sync is true queued bar is suspended until argument bar completes
 // or aborts.
@@ -68,8 +69,8 @@ func BarQueueAfter(bar *Bar, sync bool) BarOption {
 		return nil
 	}
 	return func(s *bState) {
-		s.afterBar = bar
-		s.sync = sync
+		s.wait.bar = bar
+		s.wait.sync = sync
 	}
 }
 
@@ -111,29 +112,61 @@ func BarFillerMiddleware(middle func(BarFiller) BarFiller) BarOption {
 }
 
 // BarPriority sets bar's priority. Zero is highest priority, i.e. bar
-// will be on top. If `BarReplaceOnComplete` option is supplied, this
-// option is ignored.
+// will be on top. This option isn't effective with `BarQueueAfter` option.
 func BarPriority(priority int) BarOption {
 	return func(s *bState) {
 		s.priority = priority
 	}
 }
 
-// BarExtender provides a way to extend bar to the next new line.
+// BarExtender extends bar with arbitrary lines. Provided BarFiller will be
+// called at each render/flush cycle. Any lines written to the underlying
+// io.Writer will be printed after the bar itself.
 func BarExtender(filler BarFiller) BarOption {
+	return barExtender(filler, false)
+}
+
+// BarExtenderRev extends bar with arbitrary lines in reverse order. Provided
+// BarFiller will be called at each render/flush cycle. Any lines written
+// to the underlying io.Writer will be printed before the bar itself.
+func BarExtenderRev(filler BarFiller) BarOption {
+	return barExtender(filler, true)
+}
+
+func barExtender(filler BarFiller, rev bool) BarOption {
 	if filler == nil {
 		return nil
 	}
 	return func(s *bState) {
-		s.extender = makeExtenderFunc(filler)
+		s.extender = makeExtenderFunc(filler, rev)
 	}
 }
 
-func makeExtenderFunc(filler BarFiller) extenderFunc {
+func makeExtenderFunc(filler BarFiller, rev bool) extenderFunc {
 	buf := new(bytes.Buffer)
-	return func(r io.Reader, reqWidth int, st decor.Statistics) (io.Reader, int) {
-		filler.Fill(buf, reqWidth, st)
-		return io.MultiReader(r, buf), bytes.Count(buf.Bytes(), []byte("\n"))
+	base := func(rows []io.Reader, width int, stat decor.Statistics) []io.Reader {
+		buf.Reset()
+		filler.Fill(buf, width, stat)
+		for {
+			b, err := buf.ReadBytes('\n')
+			if err != nil {
+				break
+			}
+			rows = append(rows, bytes.NewReader(b))
+		}
+		return rows
+	}
+
+	if !rev {
+		return base
+	} else {
+		return func(rows []io.Reader, width int, stat decor.Statistics) []io.Reader {
+			rows = base(rows, width, stat)
+			for left, right := 0, len(rows)-1; left < right; left, right = left+1, right-1 {
+				rows[left], rows[right] = rows[right], rows[left]
+			}
+			return rows
+		}
 	}
 }
 
diff --git a/vendor/github.com/vbauerster/mpb/v7/container_option.go b/vendor/github.com/vbauerster/mpb/v7/container_option.go
index e523a1759..38239d4fa 100644
--- a/vendor/github.com/vbauerster/mpb/v7/container_option.go
+++ b/vendor/github.com/vbauerster/mpb/v7/container_option.go
@@ -2,7 +2,6 @@ package mpb
 
 import (
 	"io"
-	"io/ioutil"
 	"sync"
 	"time"
 )
@@ -31,7 +30,7 @@ func WithWidth(width int) ContainerOption {
 	}
 }
 
-// WithRefreshRate overrides default 120ms refresh rate.
+// WithRefreshRate overrides default 150ms refresh rate.
 func WithRefreshRate(d time.Duration) ContainerOption {
 	return func(s *pState) {
 		s.rr = d
@@ -74,7 +73,7 @@ func WithShutdownNotifier(ch chan struct{}) ContainerOption {
 func WithOutput(w io.Writer) ContainerOption {
 	return func(s *pState) {
 		if w == nil {
-			s.output = ioutil.Discard
+			s.output = io.Discard
 			s.outputDiscarded = true
 			return
 		}
diff --git a/vendor/github.com/vbauerster/mpb/v7/cwriter/writer.go b/vendor/github.com/vbauerster/mpb/v7/cwriter/writer.go
index fac15b3bc..19fd90e94 100644
--- a/vendor/github.com/vbauerster/mpb/v7/cwriter/writer.go
+++ b/vendor/github.com/vbauerster/mpb/v7/cwriter/writer.go
@@ -20,19 +20,30 @@ const (
 // Writer is a buffered the writer that updates the terminal. The
 // contents of writer will be flushed when Flush is called.
 type Writer struct {
-	out        io.Writer
-	buf        bytes.Buffer
-	lines      int
-	fd         int
-	isTerminal bool
+	out      io.Writer
+	buf      bytes.Buffer
+	lines    int // how much lines to clear before flushing new ones
+	fd       int
+	terminal bool
+	termSize func(int) (int, int, error)
 }
 
 // New returns a new Writer with defaults.
 func New(out io.Writer) *Writer {
-	w := &Writer{out: out}
+	w := &Writer{
+		out: out,
+		termSize: func(_ int) (int, int, error) {
+			return -1, -1, ErrNotTTY
+		},
+	}
 	if f, ok := out.(*os.File); ok {
 		w.fd = int(f.Fd())
-		w.isTerminal = IsTerminal(w.fd)
+		if IsTerminal(w.fd) {
+			w.terminal = true
+			w.termSize = func(fd int) (int, int, error) {
+				return GetSize(fd)
+			}
+		}
 	}
 	return w
 }
@@ -67,13 +78,9 @@ func (w *Writer) ReadFrom(r io.Reader) (n int64, err error) {
 	return w.buf.ReadFrom(r)
 }
 
-// GetWidth returns width of underlying terminal.
-func (w *Writer) GetWidth() (int, error) {
-	if !w.isTerminal {
-		return -1, ErrNotTTY
-	}
-	tw, _, err := GetSize(w.fd)
-	return tw, err
+// GetTermSize returns WxH of underlying terminal.
+func (w *Writer) GetTermSize() (width, height int, err error) {
+	return w.termSize(w.fd)
 }
 
 func (w *Writer) ansiCuuAndEd() error {
diff --git a/vendor/github.com/vbauerster/mpb/v7/cwriter/writer_windows.go b/vendor/github.com/vbauerster/mpb/v7/cwriter/writer_windows.go
index 8f99dbe32..2c4c3707b 100644
--- a/vendor/github.com/vbauerster/mpb/v7/cwriter/writer_windows.go
+++ b/vendor/github.com/vbauerster/mpb/v7/cwriter/writer_windows.go
@@ -16,7 +16,7 @@ var (
 )
 
 func (w *Writer) clearLines() error {
-	if !w.isTerminal {
+	if !w.terminal {
 		// hope it's cygwin or similar
 		return w.ansiCuuAndEd()
 	}
diff --git a/vendor/github.com/vbauerster/mpb/v7/decor/on_condition.go b/vendor/github.com/vbauerster/mpb/v7/decor/on_condition.go
index a9db0653a..74a3d9667 100644
--- a/vendor/github.com/vbauerster/mpb/v7/decor/on_condition.go
+++ b/vendor/github.com/vbauerster/mpb/v7/decor/on_condition.go
@@ -1,27 +1,55 @@
 package decor
 
-// OnPredicate returns decorator if predicate evaluates to true.
+// OnCondition applies decorator only if a condition is true.
 //
 //	`decorator` Decorator
 //
-//	`predicate` func() bool
+//	`cond` bool
 //
-func OnPredicate(decorator Decorator, predicate func() bool) Decorator {
-	if predicate() {
-		return decorator
-	}
-	return nil
+func OnCondition(decorator Decorator, cond bool) Decorator {
+	return Conditional(cond, decorator, nil)
 }
 
-// OnCondition returns decorator if condition is true.
+// OnPredicate applies decorator only if a predicate evaluates to true.
 //
 //	`decorator` Decorator
 //
+//	`predicate` func() bool
+//
+func OnPredicate(decorator Decorator, predicate func() bool) Decorator {
+	return Predicative(predicate, decorator, nil)
+}
+
+// Conditional returns decorator `a` if condition is true, otherwise
+// decorator `b`.
+//
 //	`cond` bool
 //
-func OnCondition(decorator Decorator, cond bool) Decorator {
+//	`a` Decorator
+//
+//	`b` Decorator
+//
+func Conditional(cond bool, a, b Decorator) Decorator {
 	if cond {
-		return decorator
+		return a
+	} else {
+		return b
+	}
+}
+
+// Predicative returns decorator `a` if predicate evaluates to true,
+// otherwise decorator `b`.
+//
+//	`predicate` func() bool
+//
+//	`a` Decorator
+//
+//	`b` Decorator
+//
+func Predicative(predicate func() bool, a, b Decorator) Decorator {
+	if predicate() {
+		return a
+	} else {
+		return b
 	}
-	return nil
 }
diff --git a/vendor/github.com/vbauerster/mpb/v7/go.mod b/vendor/github.com/vbauerster/mpb/v7/go.mod
deleted file mode 100644
index 66056222e..000000000
--- a/vendor/github.com/vbauerster/mpb/v7/go.mod
+++ /dev/null
@@ -1,10 +0,0 @@
-module github.com/vbauerster/mpb/v7
-
-require (
-	github.com/VividCortex/ewma v1.2.0
-	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/mattn/go-runewidth v0.0.13
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
-)
-
-go 1.14
diff --git a/vendor/github.com/vbauerster/mpb/v7/go.sum b/vendor/github.com/vbauerster/mpb/v7/go.sum
deleted file mode 100644
index 1261e35ca..000000000
--- a/vendor/github.com/vbauerster/mpb/v7/go.sum
+++ /dev/null
@@ -1,10 +0,0 @@
-github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
-github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
-github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
-github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
-github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/vendor/github.com/vbauerster/mpb/v7/priority_queue.go b/vendor/github.com/vbauerster/mpb/v7/priority_queue.go
index 29d9bd5a8..152482e9a 100644
--- a/vendor/github.com/vbauerster/mpb/v7/priority_queue.go
+++ b/vendor/github.com/vbauerster/mpb/v7/priority_queue.go
@@ -6,7 +6,8 @@ type priorityQueue []*Bar
 func (pq priorityQueue) Len() int { return len(pq) }
 
 func (pq priorityQueue) Less(i, j int) bool {
-	return pq[i].priority < pq[j].priority
+	// less priority pops first
+	return pq[i].priority > pq[j].priority
 }
 
 func (pq priorityQueue) Swap(i, j int) {
diff --git a/vendor/github.com/vbauerster/mpb/v7/progress.go b/vendor/github.com/vbauerster/mpb/v7/progress.go
index 1d9a53e5c..1dda06e5f 100644
--- a/vendor/github.com/vbauerster/mpb/v7/progress.go
+++ b/vendor/github.com/vbauerster/mpb/v7/progress.go
@@ -12,7 +12,6 @@ import (
 	"time"
 
 	"github.com/vbauerster/mpb/v7/cwriter"
-	"github.com/vbauerster/mpb/v7/decor"
 )
 
 const (
@@ -41,6 +40,7 @@ type pState struct {
 	// following are provided/overrided by user
 	idCount          int
 	reqWidth         int
+	popPriority      int
 	popCompleted     bool
 	outputDiscarded  bool
 	rr               time.Duration
@@ -64,10 +64,11 @@ func New(options ...ContainerOption) *Progress {
 // method has been called.
 func NewWithContext(ctx context.Context, options ...ContainerOption) *Progress {
 	s := &pState{
-		bHeap:     priorityQueue{},
-		rr:        prr,
-		queueBars: make(map[*Bar]*Bar),
-		output:    os.Stdout,
+		bHeap:       priorityQueue{},
+		rr:          prr,
+		queueBars:   make(map[*Bar]*Bar),
+		output:      os.Stdout,
+		popPriority: math.MinInt32,
 	}
 
 	for _, opt := range options {
@@ -118,8 +119,8 @@ func (p *Progress) Add(total int64, filler BarFiller, options ...BarOption) *Bar
 	case p.operateState <- func(ps *pState) {
 		bs := ps.makeBarState(total, filler, options...)
 		bar := newBar(p, bs)
-		if bs.afterBar != nil {
-			ps.queueBars[bs.afterBar] = bar
+		if bs.wait.bar != nil {
+			ps.queueBars[bs.wait.bar] = bar
 		} else {
 			heap.Push(&ps.bHeap, bar)
 			ps.heapUpdated = true
@@ -204,33 +205,27 @@ func (p *Progress) serve(s *pState, cw *cwriter.Writer) {
 
 	p.refreshCh = s.newTicker(p.done)
 
+	render := func(debugOut io.Writer) {
+		err := s.render(cw)
+		for err != nil {
+			if debugOut != nil {
+				_, err = fmt.Fprintln(debugOut, err)
+			} else {
+				panic(err)
+			}
+			debugOut = nil
+		}
+	}
+
 	for {
 		select {
 		case op := <-p.operateState:
 			op(s)
 		case <-p.refreshCh:
-			if err := s.render(cw); err != nil {
-				if s.debugOut != nil {
-					_, e := fmt.Fprintln(s.debugOut, err)
-					if e != nil {
-						panic(err)
-					}
-				} else {
-					panic(err)
-				}
-			}
+			render(s.debugOut)
 		case <-s.shutdownNotifier:
 			for s.heapUpdated {
-				if err := s.render(cw); err != nil {
-					if s.debugOut != nil {
-						_, e := fmt.Fprintln(s.debugOut, err)
-						if e != nil {
-							panic(err)
-						}
-					} else {
-						panic(err)
-					}
-				}
+				render(s.debugOut)
 			}
 			return
 		}
@@ -245,42 +240,58 @@ func (s *pState) render(cw *cwriter.Writer) error {
 	syncWidth(s.pMatrix)
 	syncWidth(s.aMatrix)
 
-	tw, err := cw.GetWidth()
+	width, height, err := cw.GetTermSize()
 	if err != nil {
-		tw = s.reqWidth
+		width = s.reqWidth
+		height = s.bHeap.Len()
 	}
 	for i := 0; i < s.bHeap.Len(); i++ {
 		bar := s.bHeap[i]
-		go bar.render(tw)
+		go bar.render(width)
 	}
 
-	return s.flush(cw)
+	return s.flush(cw, height)
 }
 
-func (s *pState) flush(cw *cwriter.Writer) error {
-	var lines int
+func (s *pState) flush(cw *cwriter.Writer, height int) error {
+	var wg sync.WaitGroup
+	var popCount int
+	rows := make([]io.Reader, 0, height)
 	pool := make([]*Bar, 0, s.bHeap.Len())
 	for s.bHeap.Len() > 0 {
+		var usedRows int
 		b := heap.Pop(&s.bHeap).(*Bar)
 		frame := <-b.frameCh
-		lines += frame.lines
-		_, err := cw.ReadFrom(frame.reader)
-		if err != nil {
-			return err
+		for i := len(frame.rows) - 1; i >= 0; i-- {
+			if row := frame.rows[i]; len(rows) < height {
+				rows = append(rows, row)
+				usedRows++
+			} else {
+				wg.Add(1)
+				go func() {
+					_, _ = io.Copy(io.Discard, row)
+					wg.Done()
+				}()
+			}
 		}
-		if frame.shutdown {
+		if frame.shutdown != 0 {
 			b.Wait() // waiting for b.done, so it's safe to read b.bs
-			var toDrop bool
+			drop := b.bs.dropOnComplete
 			if qb, ok := s.queueBars[b]; ok {
 				delete(s.queueBars, b)
 				qb.priority = b.priority
 				pool = append(pool, qb)
-				toDrop = true
+				drop = true
 			} else if s.popCompleted && !b.bs.noPop {
-				lines -= frame.lines
-				toDrop = true
+				if frame.shutdown > 1 {
+					popCount += usedRows
+					drop = true
+				} else {
+					s.popPriority++
+					b.priority = s.popPriority
+				}
 			}
-			if toDrop || b.bs.dropOnComplete {
+			if drop {
 				s.heapUpdated = true
 				continue
 			}
@@ -292,7 +303,16 @@ func (s *pState) flush(cw *cwriter.Writer) error {
 		heap.Push(&s.bHeap, b)
 	}
 
-	return cw.Flush(lines)
+	for i := len(rows) - 1; i >= 0; i-- {
+		_, err := cw.ReadFrom(rows[i])
+		if err != nil {
+			wg.Wait()
+			return err
+		}
+	}
+
+	wg.Wait()
+	return cw.Flush(len(rows) - popCount)
 }
 
 func (s *pState) newTicker(done <-chan struct{}) chan time.Time {
@@ -358,7 +378,6 @@ func (s *pState) makeBarState(total int64, filler BarFiller, options ...BarOptio
 		reqWidth: s.reqWidth,
 		total:    total,
 		filler:   filler,
-		extender: func(r io.Reader, _ int, _ decor.Statistics) (io.Reader, int) { return r, 0 },
 		debugOut: s.debugOut,
 	}
 
@@ -377,10 +396,6 @@ func (s *pState) makeBarState(total int64, filler BarFiller, options ...BarOptio
 		bs.middleware = nil
 	}
 
-	if s.popCompleted && !bs.noPop {
-		bs.priority = -(math.MaxInt32 - s.idCount)
-	}
-
 	for i := 0; i < len(bs.buffers); i++ {
 		bs.buffers[i] = bytes.NewBuffer(make([]byte, 0, 512))
 	}
diff --git a/vendor/github.com/vbauerster/mpb/v7/proxyreader.go b/vendor/github.com/vbauerster/mpb/v7/proxyreader.go
index b0dd89d45..51b63ea7a 100644
--- a/vendor/github.com/vbauerster/mpb/v7/proxyreader.go
+++ b/vendor/github.com/vbauerster/mpb/v7/proxyreader.go
@@ -2,7 +2,6 @@ package mpb
 
 import (
 	"io"
-	"io/ioutil"
 	"time"
 )
 
@@ -76,5 +75,5 @@ func toReadCloser(r io.Reader) io.ReadCloser {
 	if rc, ok := r.(io.ReadCloser); ok {
 		return rc
 	}
-	return ioutil.NopCloser(r)
+	return io.NopCloser(r)
 }
diff --git a/vendor/github.com/vishvananda/netlink/go.mod b/vendor/github.com/vishvananda/netlink/go.mod
deleted file mode 100644
index 9d8455ee7..000000000
--- a/vendor/github.com/vishvananda/netlink/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module github.com/vishvananda/netlink
-
-go 1.12
-
-require (
-	github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
-	golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
-)
diff --git a/vendor/github.com/vishvananda/netlink/go.sum b/vendor/github.com/vishvananda/netlink/go.sum
deleted file mode 100644
index ed5d30891..000000000
--- a/vendor/github.com/vishvananda/netlink/go.sum
+++ /dev/null
@@ -1,6 +0,0 @@
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 h1:sIky/MyNRSHTrdxfsiUSS4WIAMvInbeXljJz+jDjeYE=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/vishvananda/netns/go.mod b/vendor/github.com/vishvananda/netns/go.mod
deleted file mode 100644
index 9cdf577ad..000000000
--- a/vendor/github.com/vishvananda/netns/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/vishvananda/netns
-
-go 1.12
-
-require golang.org/x/sys v0.0.0-20200217220822-9197077df867
diff --git a/vendor/github.com/vishvananda/netns/go.sum b/vendor/github.com/vishvananda/netns/go.sum
deleted file mode 100644
index 1d4adf451..000000000
--- a/vendor/github.com/vishvananda/netns/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/xeipuuv/gojsonschema/go.mod b/vendor/github.com/xeipuuv/gojsonschema/go.mod
deleted file mode 100644
index b709d7fcd..000000000
--- a/vendor/github.com/xeipuuv/gojsonschema/go.mod
+++ /dev/null
@@ -1,7 +0,0 @@
-module github.com/xeipuuv/gojsonschema
-
-require (
-	github.com/stretchr/testify v1.3.0
-	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
-)
diff --git a/vendor/github.com/xeipuuv/gojsonschema/go.sum b/vendor/github.com/xeipuuv/gojsonschema/go.sum
deleted file mode 100644
index 0e865ac75..000000000
--- a/vendor/github.com/xeipuuv/gojsonschema/go.sum
+++ /dev/null
@@ -1,11 +0,0 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
diff --git a/vendor/go.etcd.io/bbolt/go.mod b/vendor/go.etcd.io/bbolt/go.mod
deleted file mode 100644
index 96355a69b..000000000
--- a/vendor/go.etcd.io/bbolt/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module go.etcd.io/bbolt
-
-go 1.12
-
-require golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d
diff --git a/vendor/go.etcd.io/bbolt/go.sum b/vendor/go.etcd.io/bbolt/go.sum
deleted file mode 100644
index c13f8f470..000000000
--- a/vendor/go.etcd.io/bbolt/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d h1:L/IKR6COd7ubZrs2oTnTi73IhgqJ71c9s80WsQnh0Es=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/go.mozilla.org/pkcs7/.travis.yml b/vendor/go.mozilla.org/pkcs7/.travis.yml
deleted file mode 100644
index eac4c1762..000000000
--- a/vendor/go.mozilla.org/pkcs7/.travis.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-language: go
-go:
-    - "1.11"
-    - "1.12"
-    - "1.13"
-    - tip
-before_install:
-    - make gettools
-script:
-    - make
diff --git a/vendor/go.mozilla.org/pkcs7/README.md b/vendor/go.mozilla.org/pkcs7/README.md
index bf37059c5..a55d117c6 100644
--- a/vendor/go.mozilla.org/pkcs7/README.md
+++ b/vendor/go.mozilla.org/pkcs7/README.md
@@ -1,7 +1,7 @@
 # pkcs7
 
 [![GoDoc](https://godoc.org/go.mozilla.org/pkcs7?status.svg)](https://godoc.org/go.mozilla.org/pkcs7)
-[![Build Status](https://travis-ci.org/mozilla-services/pkcs7.svg?branch=master)](https://travis-ci.org/mozilla-services/pkcs7)
+[![Build Status](https://github.com/mozilla-services/pkcs7/workflows/CI/badge.svg?branch=master&event=push)](https://github.com/mozilla-services/pkcs7/actions/workflows/ci.yml?query=branch%3Amaster+event%3Apush)
 
 pkcs7 implements parsing and creating signed and enveloped messages.
 
diff --git a/vendor/go.mozilla.org/pkcs7/ber.go b/vendor/go.mozilla.org/pkcs7/ber.go
index 585256739..73da024a0 100644
--- a/vendor/go.mozilla.org/pkcs7/ber.go
+++ b/vendor/go.mozilla.org/pkcs7/ber.go
@@ -175,7 +175,7 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 	if offset > berLen {
 		return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
 	}
-	hack := 0
+	indefinite := false
 	if l > 0x80 {
 		numberOfBytes := (int)(l & 0x7F)
 		if numberOfBytes > 4 { // int is only guaranteed to be 32bit
@@ -197,14 +197,7 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 			}
 		}
 	} else if l == 0x80 {
-		// find length by searching content
-		markerIndex := bytes.LastIndex(ber[offset:], []byte{0x0, 0x0})
-		if markerIndex == -1 {
-			return nil, 0, errors.New("ber2der: Invalid BER format")
-		}
-		length = markerIndex
-		hack = 2
-		debugprint("--> (compute length) marker found at offset: %d\n", markerIndex+offset)
+		indefinite = true
 	} else {
 		length = (int)(l)
 	}
@@ -220,6 +213,9 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 	debugprint("--> content end   : %d\n", contentEnd)
 	debugprint("--> content       : % X\n", ber[offset:contentEnd])
 	var obj asn1Object
+	if indefinite && kind == 0 {
+		return nil, 0, errors.New("ber2der: Indefinite form tag must have constructed encoding")
+	}
 	if kind == 0 {
 		obj = asn1Primitive{
 			tagBytes: ber[tagStart:tagEnd],
@@ -228,14 +224,25 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 		}
 	} else {
 		var subObjects []asn1Object
-		for offset < contentEnd {
+		for (offset < contentEnd) || indefinite {
 			var subObj asn1Object
 			var err error
-			subObj, offset, err = readObject(ber[:contentEnd], offset)
+			subObj, offset, err = readObject(ber, offset)
 			if err != nil {
 				return nil, 0, err
 			}
 			subObjects = append(subObjects, subObj)
+
+			if indefinite {
+				terminated, err := isIndefiniteTermination(ber, offset)
+				if err != nil {
+					return nil, 0, err
+				}
+
+				if terminated {
+					break
+				}
+			}
 		}
 		obj = asn1Structured{
 			tagBytes: ber[tagStart:tagEnd],
@@ -243,7 +250,20 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 		}
 	}
 
-	return obj, contentEnd + hack, nil
+	// Apply indefinite form length with 0x0000 terminator.
+	if indefinite {
+		contentEnd = offset + 2
+	}
+
+	return obj, contentEnd, nil
+}
+
+func isIndefiniteTermination(ber []byte, offset int) (bool, error) {
+	if len(ber) - offset < 2 {
+		return false, errors.New("ber2der: Invalid BER format")
+	}
+
+	return bytes.Index(ber[offset:], []byte{0x0, 0x0}) == 0, nil
 }
 
 func debugprint(format string, a ...interface{}) {
diff --git a/vendor/go.mozilla.org/pkcs7/encrypt.go b/vendor/go.mozilla.org/pkcs7/encrypt.go
index da57ae643..6b2655708 100644
--- a/vendor/go.mozilla.org/pkcs7/encrypt.go
+++ b/vendor/go.mozilla.org/pkcs7/encrypt.go
@@ -35,7 +35,7 @@ type recipientInfo struct {
 type encryptedContentInfo struct {
 	ContentType                asn1.ObjectIdentifier
 	ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
-	EncryptedContent           asn1.RawValue `asn1:"tag:0,optional,explicit"`
+	EncryptedContent           asn1.RawValue `asn1:"tag:0,optional"`
 }
 
 const (
diff --git a/vendor/go.mozilla.org/pkcs7/go.mod b/vendor/go.mozilla.org/pkcs7/go.mod
deleted file mode 100644
index 10ddff325..000000000
--- a/vendor/go.mozilla.org/pkcs7/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module go.mozilla.org/pkcs7
-
-go 1.11
diff --git a/vendor/go.mozilla.org/pkcs7/sign.go b/vendor/go.mozilla.org/pkcs7/sign.go
index addd76383..31c3654c5 100644
--- a/vendor/go.mozilla.org/pkcs7/sign.go
+++ b/vendor/go.mozilla.org/pkcs7/sign.go
@@ -124,10 +124,10 @@ func (sd *SignedData) AddSigner(ee *x509.Certificate, pkey crypto.PrivateKey, co
 // The signature algorithm used to hash the data is the one of the end-entity
 // certificate.
 func (sd *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKey, parents []*x509.Certificate, config SignerInfoConfig) error {
-// Following RFC 2315, 9.2 SignerInfo type, the distinguished name of
-// the issuer of the end-entity signer is stored in the issuerAndSerialNumber
-// section of the SignedData.SignerInfo, alongside the serial number of
-// the end-entity.
+	// Following RFC 2315, 9.2 SignerInfo type, the distinguished name of
+	// the issuer of the end-entity signer is stored in the issuerAndSerialNumber
+	// section of the SignedData.SignerInfo, alongside the serial number of
+	// the end-entity.
 	var ias issuerAndSerial
 	ias.SerialNumber = ee.SerialNumber
 	if len(parents) == 0 {
diff --git a/vendor/go.mozilla.org/pkcs7/verify.go b/vendor/go.mozilla.org/pkcs7/verify.go
index c8ead2362..f09e27245 100644
--- a/vendor/go.mozilla.org/pkcs7/verify.go
+++ b/vendor/go.mozilla.org/pkcs7/verify.go
@@ -18,8 +18,12 @@ func (p7 *PKCS7) Verify() (err error) {
 }
 
 // VerifyWithChain checks the signatures of a PKCS7 object.
-// If truststore is not nil, it also verifies the chain of trust of the end-entity
-// signer cert to one of the root in the truststore.
+//
+// If truststore is not nil, it also verifies the chain of trust of
+// the end-entity signer cert to one of the roots in the
+// truststore. When the PKCS7 object includes the signing time
+// authenticated attr verifies the chain at that time and UTC now
+// otherwise.
 func (p7 *PKCS7) VerifyWithChain(truststore *x509.CertPool) (err error) {
 	if len(p7.Signers) == 0 {
 		return errors.New("pkcs7: Message has no signers")
@@ -32,6 +36,81 @@ func (p7 *PKCS7) VerifyWithChain(truststore *x509.CertPool) (err error) {
 	return nil
 }
 
+// VerifyWithChainAtTime checks the signatures of a PKCS7 object.
+//
+// If truststore is not nil, it also verifies the chain of trust of
+// the end-entity signer cert to a root in the truststore at
+// currentTime. It does not use the signing time authenticated
+// attribute.
+func (p7 *PKCS7) VerifyWithChainAtTime(truststore *x509.CertPool, currentTime time.Time) (err error) {
+	if len(p7.Signers) == 0 {
+		return errors.New("pkcs7: Message has no signers")
+	}
+	for _, signer := range p7.Signers {
+		if err := verifySignatureAtTime(p7, signer, truststore, currentTime); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func verifySignatureAtTime(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool, currentTime time.Time) (err error) {
+	signedData := p7.Content
+	ee := getCertFromCertsByIssuerAndSerial(p7.Certificates, signer.IssuerAndSerialNumber)
+	if ee == nil {
+		return errors.New("pkcs7: No certificate for signer")
+	}
+	if len(signer.AuthenticatedAttributes) > 0 {
+		// TODO(fullsailor): First check the content type match
+		var (
+			digest      []byte
+			signingTime time.Time
+		)
+		err := unmarshalAttribute(signer.AuthenticatedAttributes, OIDAttributeMessageDigest, &digest)
+		if err != nil {
+			return err
+		}
+		hash, err := getHashForOID(signer.DigestAlgorithm.Algorithm)
+		if err != nil {
+			return err
+		}
+		h := hash.New()
+		h.Write(p7.Content)
+		computed := h.Sum(nil)
+		if subtle.ConstantTimeCompare(digest, computed) != 1 {
+			return &MessageDigestMismatchError{
+				ExpectedDigest: digest,
+				ActualDigest:   computed,
+			}
+		}
+		signedData, err = marshalAttributes(signer.AuthenticatedAttributes)
+		if err != nil {
+			return err
+		}
+		err = unmarshalAttribute(signer.AuthenticatedAttributes, OIDAttributeSigningTime, &signingTime)
+		if err == nil {
+			// signing time found, performing validity check
+			if signingTime.After(ee.NotAfter) || signingTime.Before(ee.NotBefore) {
+				return fmt.Errorf("pkcs7: signing time %q is outside of certificate validity %q to %q",
+					signingTime.Format(time.RFC3339),
+					ee.NotBefore.Format(time.RFC3339),
+					ee.NotAfter.Format(time.RFC3339))
+			}
+		}
+	}
+	if truststore != nil {
+		_, err = verifyCertChain(ee, p7.Certificates, truststore, currentTime)
+		if err != nil {
+			return err
+		}
+	}
+	sigalg, err := getSignatureAlgorithm(signer.DigestEncryptionAlgorithm, signer.DigestAlgorithm)
+	if err != nil {
+		return err
+	}
+	return ee.CheckSignature(sigalg, signedData, signer.EncryptedDigest)
+}
+
 func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (err error) {
 	signedData := p7.Content
 	ee := getCertFromCertsByIssuerAndSerial(p7.Certificates, signer.IssuerAndSerialNumber)
@@ -70,7 +149,7 @@ func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (e
 				return fmt.Errorf("pkcs7: signing time %q is outside of certificate validity %q to %q",
 					signingTime.Format(time.RFC3339),
 					ee.NotBefore.Format(time.RFC3339),
-					ee.NotBefore.Format(time.RFC3339))
+					ee.NotAfter.Format(time.RFC3339))
 			}
 		}
 	}
diff --git a/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go b/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go
new file mode 100644
index 000000000..1eb05bc3e
--- /dev/null
+++ b/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go
@@ -0,0 +1,182 @@
+// +build go1.11 go1.12 go1.13 go1.14 go1.15
+
+package pkcs7
+
+import (
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+func TestVerifyEC2(t *testing.T) {
+	fixture := UnmarshalDSATestFixture(EC2IdentityDocumentFixture)
+	p7, err := Parse(fixture.Input)
+	if err != nil {
+		t.Errorf("Parse encountered unexpected error: %v", err)
+	}
+	p7.Certificates = []*x509.Certificate{fixture.Certificate}
+	if err := p7.Verify(); err != nil {
+		t.Errorf("Verify failed with error: %v", err)
+	}
+}
+
+var EC2IdentityDocumentFixture = `
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
+JIAEggGmewogICJwcml2YXRlSXAiIDogIjE3Mi4zMC4wLjI1MiIsCiAgImRldnBh
+eVByb2R1Y3RDb2RlcyIgOiBudWxsLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1
+cy1lYXN0LTFhIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3Rh
+bmNlSWQiIDogImktZjc5ZmU1NmMiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVs
+bCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIg
+OiAiMTIxNjU5MDE0MzM0IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwK
+ICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDhUMDM6MDE6MzhaIiwKICAiYXJj
+aGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJy
+YW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAA
+AAAxggEYMIIBFAIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5n
+dG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2Vi
+IFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0B
+CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDgwMzAxNDRaMCMG
+CSqGSIb3DQEJBDEWBBTuUc28eBXmImAautC+wOjqcFCBVjAJBgcqhkjOOAQDBC8w
+LQIVAKA54NxGHWWCz5InboDmY/GHs33nAhQ6O/ZI86NwjA9Vz3RNMUJrUPU5tAAA
+AAAAAA==
+-----END PKCS7-----
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
+FwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD
+VQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQzAeFw0xMjAxMDUxMjU2MTJaFw0z
+ODAxMDUxMjU2MTJaMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9u
+IFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNl
+cnZpY2VzIExMQzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCjkvcS2bb1VQ4yt/5e
+ih5OO6kK/n1Lzllr7D8ZwtQP8fOEpp5E2ng+D6Ud1Z1gYipr58Kj3nssSNpI6bX3
+VyIQzK7wLclnd/YozqNNmgIyZecN7EglK9ITHJLP+x8FtUpt3QbyYXJdmVMegN6P
+hviYt5JH/nYl4hh3Pa1HJdskgQIVALVJ3ER11+Ko4tP6nwvHwh6+ERYRAoGBAI1j
+k+tkqMVHuAFcvAGKocTgsjJem6/5qomzJuKDmbJNu9Qxw3rAotXau8Qe+MBcJl/U
+hhy1KHVpCGl9fueQ2s6IL0CaO/buycU1CiYQk40KNHCcHfNiZbdlx1E9rpUp7bnF
+lRa2v1ntMX3caRVDdbtPEWmdxSCYsYFDk4mZrOLBA4GEAAKBgEbmeve5f8LIE/Gf
+MNmP9CM5eovQOGx5ho8WqD+aTebs+k2tn92BBPqeZqpWRa5P/+jrdKml1qx4llHW
+MXrs3IgIb6+hUIB+S8dz8/mmO0bpr76RoZVCXYab2CZedFut7qc3WUH9+EUAH5mw
+vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
+7HX32MxXYruse9ACFBNGmdX2ZBrVNGrN9N2f6ROk0k9K
+-----END CERTIFICATE-----`
+
+func TestDSASignWithOpenSSLAndVerify(t *testing.T) {
+	content := []byte(`
+A ship in port is safe,
+but that's not what ships are built for.
+-- Grace Hopper`)
+	// write the content to a temp file
+	tmpContentFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_content")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
+
+	// write the signer cert to a temp file
+	tmpSignerCertFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signer")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(tmpSignerCertFile.Name(), dsaPublicCert, 0755)
+
+	// write the signer key to a temp file
+	tmpSignerKeyFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_key")
+	if err != nil {
+		t.Fatal(err)
+	}
+	ioutil.WriteFile(tmpSignerKeyFile.Name(), dsaPrivateKey, 0755)
+
+	tmpSignedFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signature")
+	if err != nil {
+		t.Fatal(err)
+	}
+	// call openssl to sign the content
+	opensslCMD := exec.Command("openssl", "smime", "-sign", "-nodetach", "-md", "sha1",
+		"-in", tmpContentFile.Name(), "-out", tmpSignedFile.Name(),
+		"-signer", tmpSignerCertFile.Name(), "-inkey", tmpSignerKeyFile.Name(),
+		"-certfile", tmpSignerCertFile.Name(), "-outform", "PEM")
+	out, err := opensslCMD.CombinedOutput()
+	if err != nil {
+		t.Fatalf("openssl command failed with %s: %s", err, out)
+	}
+
+	// verify the signed content
+	pemSignature, err := ioutil.ReadFile(tmpSignedFile.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	fmt.Printf("%s\n", pemSignature)
+	derBlock, _ := pem.Decode(pemSignature)
+	if derBlock == nil {
+		t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name())
+	}
+	p7, err := Parse(derBlock.Bytes)
+	if err != nil {
+		t.Fatalf("Parse encountered unexpected error: %v", err)
+	}
+	if err := p7.Verify(); err != nil {
+		t.Fatalf("Verify failed with error: %v", err)
+	}
+	os.Remove(tmpSignerCertFile.Name()) // clean up
+	os.Remove(tmpSignerKeyFile.Name())  // clean up
+	os.Remove(tmpContentFile.Name())    // clean up
+}
+
+var dsaPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
+MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
+PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
+pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
+1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
+vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
+zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
+g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUfW4aPdQBn9gJZp2KuNpzgHzvfsE=
+-----END PRIVATE KEY-----`)
+
+var dsaPublicCert = []byte(`-----BEGIN CERTIFICATE-----
+MIIDOjCCAvWgAwIBAgIEPCY/UDANBglghkgBZQMEAwIFADBsMRAwDgYDVQQGEwdV
+bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
+VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
+MB4XDTE4MTAyMjEzNDMwN1oXDTQ2MDMwOTEzNDMwN1owbDEQMA4GA1UEBhMHVW5r
+bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
+ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
+AbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADD
+Hj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gE
+exAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/Ii
+Axmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
+V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozI
+puE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl
+nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDCriMPbEVBoRK4SOUeFwg7+VRf4TTp
+rcOQC9IVVoCjXzuWEGrp3ZI7YWJSpFnSch4lk29RH8O0HpI/NOzKnOBtnKr782pt
+1k/bJVMH9EaLd6MKnAVjrCDMYBB0MhebZ8QHY2elZZCWoqDYAcIDOsEx+m4NLErT
+ypPnjS5M0jm1PKMhMB8wHQYDVR0OBBYEFC0Yt5XdM0Kc95IX8NQ8XRssGPx7MA0G
+CWCGSAFlAwQDAgUAAzAAMC0CFQCIgQtrZZ9hdZG1ROhR5hc8nYEmbgIUAIlgC688
+qzy/7yePTlhlpj+ahMM=
+-----END CERTIFICATE-----`)
+
+type DSATestFixture struct {
+	Input       []byte
+	Certificate *x509.Certificate
+}
+
+func UnmarshalDSATestFixture(testPEMBlock string) DSATestFixture {
+	var result DSATestFixture
+	var derBlock *pem.Block
+	var pemBlock = []byte(testPEMBlock)
+	for {
+		derBlock, pemBlock = pem.Decode(pemBlock)
+		if derBlock == nil {
+			break
+		}
+		switch derBlock.Type {
+		case "PKCS7":
+			result.Input = derBlock.Bytes
+		case "CERTIFICATE":
+			result.Certificate, _ = x509.ParseCertificate(derBlock.Bytes)
+		}
+	}
+
+	return result
+}
diff --git a/vendor/go.opencensus.io/go.mod b/vendor/go.opencensus.io/go.mod
deleted file mode 100644
index 95b2522a7..000000000
--- a/vendor/go.opencensus.io/go.mod
+++ /dev/null
@@ -1,12 +0,0 @@
-module go.opencensus.io
-
-require (
-	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e
-	github.com/golang/protobuf v1.4.3
-	github.com/google/go-cmp v0.5.3
-	github.com/stretchr/testify v1.6.1
-	golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
-	google.golang.org/grpc v1.33.2
-)
-
-go 1.13
diff --git a/vendor/go.opencensus.io/go.sum b/vendor/go.opencensus.io/go.sum
deleted file mode 100644
index c97cd1b55..000000000
--- a/vendor/go.opencensus.io/go.sum
+++ /dev/null
@@ -1,116 +0,0 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3 h1:x95R7cp+rSeeqAMI2knLtQ0DKlaBhv2NrtrOvafPHRo=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3 h1:XQyxROzUlZH+WIQwySDgnISgOivlhjIEwaQaJEJrrN0=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd h1:/e+gpKk9r3dJobndpTytxS2gOy6m5uvpg+ISQoEcusQ=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 h1:Nw54tB0rB7hY/N0NQvRW8DG4Yk3Q6T9cu9RcFQDu1tc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/grpc v1.19.0 h1:cfg4PD8YEdSFnm7qLV4++93WcmhH2nIUhMjhdCvl3j8=
-google.golang.org/grpc v1.19.0 h1:cfg4PD8YEdSFnm7qLV4++93WcmhH2nIUhMjhdCvl3j8=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.2 h1:EQyQC3sa8M+p6Ulc8yy9SWSS2GVwyRc83gAbG8lrl4o=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/vendor/golang.org/x/crypto/AUTHORS b/vendor/golang.org/x/crypto/AUTHORS
deleted file mode 100644
index 2b00ddba0..000000000
--- a/vendor/golang.org/x/crypto/AUTHORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at https://tip.golang.org/AUTHORS.
diff --git a/vendor/golang.org/x/crypto/CONTRIBUTORS b/vendor/golang.org/x/crypto/CONTRIBUTORS
deleted file mode 100644
index 1fbd3e976..000000000
--- a/vendor/golang.org/x/crypto/CONTRIBUTORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at https://tip.golang.org/CONTRIBUTORS.
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519.go b/vendor/golang.org/x/crypto/curve25519/curve25519.go
index cda3fdd35..bc62161d6 100644
--- a/vendor/golang.org/x/crypto/curve25519/curve25519.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519.go
@@ -9,7 +9,8 @@ package curve25519 // import "golang.org/x/crypto/curve25519"
 
 import (
 	"crypto/subtle"
-	"fmt"
+	"errors"
+	"strconv"
 
 	"golang.org/x/crypto/curve25519/internal/field"
 )
@@ -124,10 +125,10 @@ func X25519(scalar, point []byte) ([]byte, error) {
 func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
 	var in [32]byte
 	if l := len(scalar); l != 32 {
-		return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
+		return nil, errors.New("bad scalar length: " + strconv.Itoa(l) + ", expected 32")
 	}
 	if l := len(point); l != 32 {
-		return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
+		return nil, errors.New("bad point length: " + strconv.Itoa(l) + ", expected 32")
 	}
 	copy(in[:], scalar)
 	if &point[0] == &Basepoint[0] {
@@ -138,7 +139,7 @@ func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
 		copy(base[:], point)
 		ScalarMult(dst, &in, &base)
 		if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
-			return nil, fmt.Errorf("bad input point: low order point")
+			return nil, errors.New("bad input point: low order point")
 		}
 	}
 	return dst[:], nil
diff --git a/vendor/golang.org/x/crypto/ssh/agent/client.go b/vendor/golang.org/x/crypto/ssh/agent/client.go
index dbc79d583..3c4d18a15 100644
--- a/vendor/golang.org/x/crypto/ssh/agent/client.go
+++ b/vendor/golang.org/x/crypto/ssh/agent/client.go
@@ -772,7 +772,7 @@ func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature,
 }
 
 func (s *agentKeyringSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*ssh.Signature, error) {
-	if algorithm == "" || algorithm == s.pub.Type() {
+	if algorithm == "" || algorithm == underlyingAlgo(s.pub.Type()) {
 		return s.Sign(rand, data)
 	}
 
@@ -791,6 +791,33 @@ func (s *agentKeyringSigner) SignWithAlgorithm(rand io.Reader, data []byte, algo
 
 var _ ssh.AlgorithmSigner = &agentKeyringSigner{}
 
+// certKeyAlgoNames is a mapping from known certificate algorithm names to the
+// corresponding public key signature algorithm.
+//
+// This map must be kept in sync with the one in certs.go.
+var certKeyAlgoNames = map[string]string{
+	ssh.CertAlgoRSAv01:        ssh.KeyAlgoRSA,
+	ssh.CertAlgoRSASHA256v01:  ssh.KeyAlgoRSASHA256,
+	ssh.CertAlgoRSASHA512v01:  ssh.KeyAlgoRSASHA512,
+	ssh.CertAlgoDSAv01:        ssh.KeyAlgoDSA,
+	ssh.CertAlgoECDSA256v01:   ssh.KeyAlgoECDSA256,
+	ssh.CertAlgoECDSA384v01:   ssh.KeyAlgoECDSA384,
+	ssh.CertAlgoECDSA521v01:   ssh.KeyAlgoECDSA521,
+	ssh.CertAlgoSKECDSA256v01: ssh.KeyAlgoSKECDSA256,
+	ssh.CertAlgoED25519v01:    ssh.KeyAlgoED25519,
+	ssh.CertAlgoSKED25519v01:  ssh.KeyAlgoSKED25519,
+}
+
+// underlyingAlgo returns the signature algorithm associated with algo (which is
+// an advertised or negotiated public key or host key algorithm). These are
+// usually the same, except for certificate algorithms.
+func underlyingAlgo(algo string) string {
+	if a, ok := certKeyAlgoNames[algo]; ok {
+		return a
+	}
+	return algo
+}
+
 // Calls an extension method. It is up to the agent implementation as to whether or not
 // any particular extension is supported and may always return an error. Because the
 // type of the response is up to the implementation, this returns the bytes of the
diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go
index a69e22491..4600c2077 100644
--- a/vendor/golang.org/x/crypto/ssh/certs.go
+++ b/vendor/golang.org/x/crypto/ssh/certs.go
@@ -460,6 +460,8 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
 
 // certKeyAlgoNames is a mapping from known certificate algorithm names to the
 // corresponding public key signature algorithm.
+//
+// This map must be kept in sync with the one in agent/client.go.
 var certKeyAlgoNames = map[string]string{
 	CertAlgoRSAv01:        KeyAlgoRSA,
 	CertAlgoRSASHA256v01:  KeyAlgoRSASHA256,
diff --git a/vendor/golang.org/x/net/AUTHORS b/vendor/golang.org/x/net/AUTHORS
deleted file mode 100644
index 15167cd74..000000000
--- a/vendor/golang.org/x/net/AUTHORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at http://tip.golang.org/AUTHORS.
diff --git a/vendor/golang.org/x/net/CONTRIBUTORS b/vendor/golang.org/x/net/CONTRIBUTORS
deleted file mode 100644
index 1c4577e96..000000000
--- a/vendor/golang.org/x/net/CONTRIBUTORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at http://tip.golang.org/CONTRIBUTORS.
diff --git a/vendor/golang.org/x/sync/AUTHORS b/vendor/golang.org/x/sync/AUTHORS
deleted file mode 100644
index 15167cd74..000000000
--- a/vendor/golang.org/x/sync/AUTHORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at http://tip.golang.org/AUTHORS.
diff --git a/vendor/golang.org/x/sync/CONTRIBUTORS b/vendor/golang.org/x/sync/CONTRIBUTORS
deleted file mode 100644
index 1c4577e96..000000000
--- a/vendor/golang.org/x/sync/CONTRIBUTORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at http://tip.golang.org/CONTRIBUTORS.
diff --git a/vendor/golang.org/x/sys/AUTHORS b/vendor/golang.org/x/sys/AUTHORS
deleted file mode 100644
index 15167cd74..000000000
--- a/vendor/golang.org/x/sys/AUTHORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at http://tip.golang.org/AUTHORS.
diff --git a/vendor/golang.org/x/sys/CONTRIBUTORS b/vendor/golang.org/x/sys/CONTRIBUTORS
deleted file mode 100644
index 1c4577e96..000000000
--- a/vendor/golang.org/x/sys/CONTRIBUTORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at http://tip.golang.org/CONTRIBUTORS.
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
index 87dd5e302..f3eb993bf 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -6,7 +6,10 @@ package cpu
 
 import "runtime"
 
-const cacheLineSize = 64
+// cacheLineSize is used to prevent false sharing of cache lines.
+// We choose 128 because Apple Silicon, a.k.a. M1, has 128-byte cache line size.
+// It doesn't cost much and is much more future-proof.
+const cacheLineSize = 128
 
 func initOptions() {
 	options = []option{
@@ -41,13 +44,10 @@ func archInit() {
 	switch runtime.GOOS {
 	case "freebsd":
 		readARM64Registers()
-	case "linux", "netbsd":
+	case "linux", "netbsd", "openbsd":
 		doinit()
 	default:
-		// Most platforms don't seem to allow reading these registers.
-		//
-		// OpenBSD:
-		// See https://golang.org/issue/31746
+		// Many platforms don't seem to allow reading these registers.
 		setMinimalFeatures()
 	}
 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
new file mode 100644
index 000000000..85b64d5cc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
@@ -0,0 +1,65 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+	// From OpenBSD's sys/sysctl.h.
+	_CTL_MACHDEP = 7
+
+	// From OpenBSD's machine/cpu.h.
+	_CPU_ID_AA64ISAR0 = 2
+	_CPU_ID_AA64ISAR1 = 3
+)
+
+// Implemented in the runtime package (runtime/sys_openbsd3.go)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+//go:linkname syscall_syscall6 syscall.syscall6
+
+func sysctl(mib []uint32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	_, _, errno := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(unsafe.Pointer(&mib[0])), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
+func sysctlUint64(mib []uint32) (uint64, bool) {
+	var out uint64
+	nout := unsafe.Sizeof(out)
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); err != nil {
+		return 0, false
+	}
+	return out, true
+}
+
+func doinit() {
+	setMinimalFeatures()
+
+	// Get ID_AA64ISAR0 and ID_AA64ISAR1 from sysctl.
+	isar0, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR0})
+	if !ok {
+		return
+	}
+	isar1, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR1})
+	if !ok {
+		return
+	}
+	parseARM64SystemRegisters(isar0, isar1, 0)
+
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
new file mode 100644
index 000000000..054ba05d6
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
@@ -0,0 +1,11 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
index f8c484f58..f3cde129b 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !linux && !netbsd && arm64
-// +build !linux,!netbsd,arm64
+//go:build !linux && !netbsd && !openbsd && arm64
+// +build !linux,!netbsd,!openbsd,arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/plan9/syscall.go b/vendor/golang.org/x/sys/plan9/syscall.go
index a25223b8f..ea971285f 100644
--- a/vendor/golang.org/x/sys/plan9/syscall.go
+++ b/vendor/golang.org/x/sys/plan9/syscall.go
@@ -29,8 +29,6 @@ import (
 	"bytes"
 	"strings"
 	"unsafe"
-
-	"golang.org/x/sys/internal/unsafeheader"
 )
 
 // ByteSliceFromString returns a NUL-terminated slice of bytes
@@ -82,12 +80,7 @@ func BytePtrToString(p *byte) string {
 		ptr = unsafe.Pointer(uintptr(ptr) + 1)
 	}
 
-	var s []byte
-	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
-	h.Data = unsafe.Pointer(p)
-	h.Len = n
-	h.Cap = n
-
+	s := unsafe.Slice((*byte)(unsafe.Pointer(p)), n)
 	return string(s)
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go
index 884430b81..0d12c0851 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_linux.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@@ -4,9 +4,7 @@
 
 package unix
 
-import (
-	"unsafe"
-)
+import "unsafe"
 
 // IoctlRetInt performs an ioctl operation specified by req on a device
 // associated with opened file descriptor fd, and returns a non-negative
@@ -217,3 +215,19 @@ func IoctlKCMAttach(fd int, info KCMAttach) error {
 func IoctlKCMUnattach(fd int, info KCMUnattach) error {
 	return ioctlPtr(fd, SIOCKCMUNATTACH, unsafe.Pointer(&info))
 }
+
+// IoctlLoopGetStatus64 gets the status of the loop device associated with the
+// file descriptor fd using the LOOP_GET_STATUS64 operation.
+func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) {
+	var value LoopInfo64
+	if err := ioctlPtr(fd, LOOP_GET_STATUS64, unsafe.Pointer(&value)); err != nil {
+		return nil, err
+	}
+	return &value, nil
+}
+
+// IoctlLoopSetStatus64 sets the status of the loop device associated with the
+// file descriptor fd using the LOOP_SET_STATUS64 operation.
+func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error {
+	return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value))
+}
diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh
index dcef4de6f..3b2335d5f 100644
--- a/vendor/golang.org/x/sys/unix/mkall.sh
+++ b/vendor/golang.org/x/sys/unix/mkall.sh
@@ -73,12 +73,12 @@ aix_ppc64)
 darwin_amd64)
 	mkerrors="$mkerrors -m64"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
-	mkasm="go run mkasm_darwin.go"
+	mkasm="go run mkasm.go"
 	;;
 darwin_arm64)
 	mkerrors="$mkerrors -m64"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
-	mkasm="go run mkasm_darwin.go"
+	mkasm="go run mkasm.go"
 	;;
 dragonfly_amd64)
 	mkerrors="$mkerrors -m64"
@@ -142,33 +142,33 @@ netbsd_arm64)
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
 openbsd_386)
+	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m32"
-	mksyscall="go run mksyscall.go -l32 -openbsd"
+	mksyscall="go run mksyscall.go -l32 -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
-	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
 openbsd_amd64)
+	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m64"
-	mksyscall="go run mksyscall.go -openbsd"
+	mksyscall="go run mksyscall.go -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
-	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
 openbsd_arm)
+	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors"
-	mksyscall="go run mksyscall.go -l32 -openbsd -arm"
+	mksyscall="go run mksyscall.go -l32 -openbsd -arm -libc"
 	mksysctl="go run mksysctl_openbsd.go"
-	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	# Let the type of C char be signed for making the bare syscall
 	# API consistent across platforms.
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
 	;;
 openbsd_arm64)
+	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m64"
-	mksyscall="go run mksyscall.go -openbsd"
+	mksyscall="go run mksyscall.go -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
-	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	# Let the type of C char be signed for making the bare syscall
 	# API consistent across platforms.
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
@@ -232,5 +232,5 @@ esac
 	if [ -n "$mksysctl" ]; then echo "$mksysctl |gofmt >$zsysctl"; fi
 	if [ -n "$mksysnum" ]; then echo "$mksysnum |gofmt >zsysnum_$GOOSARCH.go"; fi
 	if [ -n "$mktypes" ]; then echo "$mktypes types_$GOOS.go | go run mkpost.go > ztypes_$GOOSARCH.go"; fi
-	if [ -n "$mkasm" ]; then echo "$mkasm $GOARCH"; fi
+	if [ -n "$mkasm" ]; then echo "$mkasm $GOOS $GOARCH"; fi
 ) | $run
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index ca50e4e14..2ab44aa65 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -297,6 +297,10 @@ struct ltchars {
 #define SOL_NETLINK	270
 #endif
 
+#ifndef SOL_SMC
+#define SOL_SMC 286
+#endif
+
 #ifdef SOL_BLUETOOTH
 // SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h
 // but it is already in bluetooth_linux.go
diff --git a/vendor/golang.org/x/sys/unix/str.go b/vendor/golang.org/x/sys/unix/str.go
deleted file mode 100644
index 8ba89ed86..000000000
--- a/vendor/golang.org/x/sys/unix/str.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
-
-package unix
-
-func itoa(val int) string { // do it here rather than with fmt to avoid dependency
-	if val < 0 {
-		return "-" + uitoa(uint(-val))
-	}
-	return uitoa(uint(val))
-}
-
-func uitoa(val uint) string {
-	var buf [32]byte // big enough for int64
-	i := len(buf) - 1
-	for val >= 10 {
-		buf[i] = byte(val%10 + '0')
-		i--
-		val /= 10
-	}
-	buf[i] = byte(val + '0')
-	return string(buf[i:])
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall.go b/vendor/golang.org/x/sys/unix/syscall.go
index 649fa8740..9916e5e85 100644
--- a/vendor/golang.org/x/sys/unix/syscall.go
+++ b/vendor/golang.org/x/sys/unix/syscall.go
@@ -29,8 +29,6 @@ import (
 	"bytes"
 	"strings"
 	"unsafe"
-
-	"golang.org/x/sys/internal/unsafeheader"
 )
 
 // ByteSliceFromString returns a NUL-terminated slice of bytes
@@ -82,12 +80,7 @@ func BytePtrToString(p *byte) string {
 		ptr = unsafe.Pointer(uintptr(ptr) + 1)
 	}
 
-	var s []byte
-	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
-	h.Data = unsafe.Pointer(p)
-	h.Len = n
-	h.Cap = n
-
+	s := unsafe.Slice((*byte)(unsafe.Pointer(p)), n)
 	return string(s)
 }
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index ac579c60f..2db1b51e9 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -218,13 +218,62 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
 }
 
 func recvmsgRaw(fd int, iov []Iovec, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) {
-	// Recvmsg not implemented on AIX
-	return -1, -1, -1, ENOSYS
+	var msg Msghdr
+	msg.Name = (*byte)(unsafe.Pointer(rsa))
+	msg.Namelen = uint32(SizeofSockaddrAny)
+	var dummy byte
+	if len(oob) > 0 {
+		// receive at least one normal byte
+		if emptyIovecs(iov) {
+			var iova [1]Iovec
+			iova[0].Base = &dummy
+			iova[0].SetLen(1)
+			iov = iova[:]
+		}
+		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		msg.SetControllen(len(oob))
+	}
+	if len(iov) > 0 {
+		msg.Iov = &iov[0]
+		msg.SetIovlen(len(iov))
+	}
+	if n, err = recvmsg(fd, &msg, flags); n == -1 {
+		return
+	}
+	oobn = int(msg.Controllen)
+	recvflags = int(msg.Flags)
+	return
 }
 
 func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) {
-	// SendmsgN not implemented on AIX
-	return -1, ENOSYS
+	var msg Msghdr
+	msg.Name = (*byte)(unsafe.Pointer(ptr))
+	msg.Namelen = uint32(salen)
+	var dummy byte
+	var empty bool
+	if len(oob) > 0 {
+		// send at least one normal byte
+		empty = emptyIovecs(iov)
+		if empty {
+			var iova [1]Iovec
+			iova[0].Base = &dummy
+			iova[0].SetLen(1)
+			iov = iova[:]
+		}
+		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
+		msg.SetControllen(len(oob))
+	}
+	if len(iov) > 0 {
+		msg.Iov = &iov[0]
+		msg.SetIovlen(len(iov))
+	}
+	if n, err = sendmsg(fd, &msg, flags); err != nil {
+		return 0, err
+	}
+	if len(oob) > 0 && empty {
+		n = 0
+	}
+	return n, nil
 }
 
 func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index c437fc5d7..eda42671f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -363,7 +363,7 @@ func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Sockle
 	var empty bool
 	if len(oob) > 0 {
 		// send at least one normal byte
-		empty := emptyIovecs(iov)
+		empty = emptyIovecs(iov)
 		if empty {
 			var iova [1]Iovec
 			iova[0].Base = &dummy
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go b/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
index 1596426b1..1259f6df5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
@@ -7,11 +7,7 @@
 
 package unix
 
-import (
-	"unsafe"
-
-	"golang.org/x/sys/internal/unsafeheader"
-)
+import "unsafe"
 
 //sys	closedir(dir uintptr) (err error)
 //sys	readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno)
@@ -86,11 +82,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 		}
 
 		// Copy entry into return buffer.
-		var s []byte
-		hdr := (*unsafeheader.Slice)(unsafe.Pointer(&s))
-		hdr.Data = unsafe.Pointer(&entry)
-		hdr.Cap = reclen
-		hdr.Len = reclen
+		s := unsafe.Slice((*byte)(unsafe.Pointer(&entry)), reclen)
 		copy(buf, s)
 
 		buf = buf[reclen:]
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index c3c4c698e..b11ede89a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -61,7 +61,7 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
 }
 
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 82be61a2f..9ed8eec6c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -61,7 +61,7 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
 }
 
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index cd58f1026..f8ac98247 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index d6f538f9e..8e932036e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index 8ea6e9610..cbe122278 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 5e4a94f73..47146911f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -13,6 +13,7 @@ package unix
 
 import (
 	"encoding/binary"
+	"strconv"
 	"syscall"
 	"time"
 	"unsafe"
@@ -233,7 +234,7 @@ func Futimesat(dirfd int, path string, tv []Timeval) error {
 func Futimes(fd int, tv []Timeval) (err error) {
 	// Believe it or not, this is the best we can do on Linux
 	// (and is what glibc does).
-	return Utimes("/proc/self/fd/"+itoa(fd), tv)
+	return Utimes("/proc/self/fd/"+strconv.Itoa(fd), tv)
 }
 
 const ImplementsGetwd = true
@@ -1541,7 +1542,7 @@ func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Sockle
 	var dummy byte
 	var empty bool
 	if len(oob) > 0 {
-		empty := emptyIovecs(iov)
+		empty = emptyIovecs(iov)
 		if empty {
 			var sockType int
 			sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE)
@@ -1891,17 +1892,28 @@ func PrctlRetInt(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uint
 	return int(ret), nil
 }
 
-// issue 1435.
-// On linux Setuid and Setgid only affects the current thread, not the process.
-// This does not match what most callers expect so we must return an error
-// here rather than letting the caller think that the call succeeded.
-
 func Setuid(uid int) (err error) {
-	return EOPNOTSUPP
+	return syscall.Setuid(uid)
+}
+
+func Setgid(gid int) (err error) {
+	return syscall.Setgid(gid)
+}
+
+func Setreuid(ruid, euid int) (err error) {
+	return syscall.Setreuid(ruid, euid)
+}
+
+func Setregid(rgid, egid int) (err error) {
+	return syscall.Setregid(rgid, egid)
+}
+
+func Setresuid(ruid, euid, suid int) (err error) {
+	return syscall.Setresuid(ruid, euid, suid)
 }
 
-func Setgid(uid int) (err error) {
-	return EOPNOTSUPP
+func Setresgid(rgid, egid, sgid int) (err error) {
+	return syscall.Setresgid(rgid, egid, sgid)
 }
 
 // SetfsgidRetGid sets fsgid for current thread and returns previous fsgid set.
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index 518e476e6..ff5b5899d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -41,10 +41,6 @@ func setTimeval(sec, usec int64) Timeval {
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
 //sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
 //sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
-//sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
-//sysnb	Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index f5e9d6bef..9b2703532 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -46,11 +46,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index c1a7778f1..856ad1d63 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -62,10 +62,6 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 //sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
 //sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
 //sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
-//sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
-//sysnb	Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index d83e2c657..6422704bc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -39,11 +39,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	setrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index 0b69c3eff..59dab510e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -34,10 +34,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index 98a2660b9..bfef09a39 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -37,11 +37,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Statfs(path string, buf *Statfs_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index b8a18c0ad..ab3025096 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -32,10 +32,6 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
index 4ed9e67c6..eac1cf1ac 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -34,10 +34,6 @@ import (
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index db63d384c..4df56616b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -34,11 +34,7 @@ package unix
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 925a748a3..5f4243dea 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -38,11 +38,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 6fcf277b0..d0a7d4066 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -34,11 +34,7 @@ import (
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, buf *Statfs_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index 02a45d9cc..f5c793be2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -31,11 +31,7 @@ package unix
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
-//sysnb	Setregid(rgid int, egid int) (err error)
-//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
-//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
-//sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
new file mode 100644
index 000000000..5930a8972
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
@@ -0,0 +1,27 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (openbsd && 386) || (openbsd && amd64) || (openbsd && arm) || (openbsd && arm64)
+// +build openbsd,386 openbsd,amd64 openbsd,arm openbsd,arm64
+
+package unix
+
+import _ "unsafe"
+
+// Implemented in the runtime package (runtime/sys_openbsd3.go)
+func syscall_syscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscall10(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_rawSyscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_rawSyscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+
+//go:linkname syscall_syscall syscall.syscall
+//go:linkname syscall_syscall6 syscall.syscall6
+//go:linkname syscall_syscall10 syscall.syscall10
+//go:linkname syscall_rawSyscall syscall.rawSyscall
+//go:linkname syscall_rawSyscall6 syscall.rawSyscall6
+
+func syscall_syscall9(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) {
+	return syscall_syscall10(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9, 0)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index b5ec457cd..8c6f4092a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -750,8 +750,8 @@ type EventPort struct {
 	// we should handle things gracefully. To do so, we need to keep an extra
 	// reference to the cookie around until the event is processed
 	// thus the otherwise seemingly extraneous "cookies" map
-	// The key of this map is a pointer to the corresponding &fCookie.cookie
-	cookies map[*interface{}]*fileObjCookie
+	// The key of this map is a pointer to the corresponding fCookie
+	cookies map[*fileObjCookie]struct{}
 }
 
 // PortEvent is an abstraction of the port_event C struct.
@@ -778,7 +778,7 @@ func NewEventPort() (*EventPort, error) {
 		port:    port,
 		fds:     make(map[uintptr]*fileObjCookie),
 		paths:   make(map[string]*fileObjCookie),
-		cookies: make(map[*interface{}]*fileObjCookie),
+		cookies: make(map[*fileObjCookie]struct{}),
 	}
 	return e, nil
 }
@@ -799,6 +799,7 @@ func (e *EventPort) Close() error {
 	}
 	e.fds = nil
 	e.paths = nil
+	e.cookies = nil
 	return nil
 }
 
@@ -826,17 +827,16 @@ func (e *EventPort) AssociatePath(path string, stat os.FileInfo, events int, coo
 	if _, found := e.paths[path]; found {
 		return fmt.Errorf("%v is already associated with this Event Port", path)
 	}
-	fobj, err := createFileObj(path, stat)
+	fCookie, err := createFileObjCookie(path, stat, cookie)
 	if err != nil {
 		return err
 	}
-	fCookie := &fileObjCookie{fobj, cookie}
-	_, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fobj)), events, (*byte)(unsafe.Pointer(&fCookie.cookie)))
+	_, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fCookie.fobj)), events, (*byte)(unsafe.Pointer(fCookie)))
 	if err != nil {
 		return err
 	}
 	e.paths[path] = fCookie
-	e.cookies[&fCookie.cookie] = fCookie
+	e.cookies[fCookie] = struct{}{}
 	return nil
 }
 
@@ -858,7 +858,7 @@ func (e *EventPort) DissociatePath(path string) error {
 	if err == nil {
 		// dissociate was successful, safe to delete the cookie
 		fCookie := e.paths[path]
-		delete(e.cookies, &fCookie.cookie)
+		delete(e.cookies, fCookie)
 	}
 	delete(e.paths, path)
 	return err
@@ -871,13 +871,16 @@ func (e *EventPort) AssociateFd(fd uintptr, events int, cookie interface{}) erro
 	if _, found := e.fds[fd]; found {
 		return fmt.Errorf("%v is already associated with this Event Port", fd)
 	}
-	fCookie := &fileObjCookie{nil, cookie}
-	_, err := port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(&fCookie.cookie)))
+	fCookie, err := createFileObjCookie("", nil, cookie)
+	if err != nil {
+		return err
+	}
+	_, err = port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(fCookie)))
 	if err != nil {
 		return err
 	}
 	e.fds[fd] = fCookie
-	e.cookies[&fCookie.cookie] = fCookie
+	e.cookies[fCookie] = struct{}{}
 	return nil
 }
 
@@ -896,27 +899,31 @@ func (e *EventPort) DissociateFd(fd uintptr) error {
 	if err == nil {
 		// dissociate was successful, safe to delete the cookie
 		fCookie := e.fds[fd]
-		delete(e.cookies, &fCookie.cookie)
+		delete(e.cookies, fCookie)
 	}
 	delete(e.fds, fd)
 	return err
 }
 
-func createFileObj(name string, stat os.FileInfo) (*fileObj, error) {
-	fobj := new(fileObj)
-	bs, err := ByteSliceFromString(name)
-	if err != nil {
-		return nil, err
-	}
-	fobj.Name = (*int8)(unsafe.Pointer(&bs[0]))
-	s := stat.Sys().(*syscall.Stat_t)
-	fobj.Atim.Sec = s.Atim.Sec
-	fobj.Atim.Nsec = s.Atim.Nsec
-	fobj.Mtim.Sec = s.Mtim.Sec
-	fobj.Mtim.Nsec = s.Mtim.Nsec
-	fobj.Ctim.Sec = s.Ctim.Sec
-	fobj.Ctim.Nsec = s.Ctim.Nsec
-	return fobj, nil
+func createFileObjCookie(name string, stat os.FileInfo, cookie interface{}) (*fileObjCookie, error) {
+	fCookie := new(fileObjCookie)
+	fCookie.cookie = cookie
+	if name != "" && stat != nil {
+		fCookie.fobj = new(fileObj)
+		bs, err := ByteSliceFromString(name)
+		if err != nil {
+			return nil, err
+		}
+		fCookie.fobj.Name = (*int8)(unsafe.Pointer(&bs[0]))
+		s := stat.Sys().(*syscall.Stat_t)
+		fCookie.fobj.Atim.Sec = s.Atim.Sec
+		fCookie.fobj.Atim.Nsec = s.Atim.Nsec
+		fCookie.fobj.Mtim.Sec = s.Mtim.Sec
+		fCookie.fobj.Mtim.Nsec = s.Mtim.Nsec
+		fCookie.fobj.Ctim.Sec = s.Ctim.Sec
+		fCookie.fobj.Ctim.Nsec = s.Ctim.Nsec
+	}
+	return fCookie, nil
 }
 
 // GetOne wraps port_get(3c) and returns a single PortEvent.
@@ -929,44 +936,50 @@ func (e *EventPort) GetOne(t *Timespec) (*PortEvent, error) {
 	p := new(PortEvent)
 	e.mu.Lock()
 	defer e.mu.Unlock()
-	e.peIntToExt(pe, p)
+	err = e.peIntToExt(pe, p)
+	if err != nil {
+		return nil, err
+	}
 	return p, nil
 }
 
 // peIntToExt converts a cgo portEvent struct into the friendlier PortEvent
 // NOTE: Always call this function while holding the e.mu mutex
-func (e *EventPort) peIntToExt(peInt *portEvent, peExt *PortEvent) {
+func (e *EventPort) peIntToExt(peInt *portEvent, peExt *PortEvent) error {
+	if e.cookies == nil {
+		return fmt.Errorf("this EventPort is already closed")
+	}
 	peExt.Events = peInt.Events
 	peExt.Source = peInt.Source
-	cookie := (*interface{})(unsafe.Pointer(peInt.User))
-	peExt.Cookie = *cookie
+	fCookie := (*fileObjCookie)(unsafe.Pointer(peInt.User))
+	_, found := e.cookies[fCookie]
+
+	if !found {
+		panic("unexpected event port address; may be due to kernel bug; see https://go.dev/issue/54254")
+	}
+	peExt.Cookie = fCookie.cookie
+	delete(e.cookies, fCookie)
+
 	switch peInt.Source {
 	case PORT_SOURCE_FD:
-		delete(e.cookies, cookie)
 		peExt.Fd = uintptr(peInt.Object)
 		// Only remove the fds entry if it exists and this cookie matches
 		if fobj, ok := e.fds[peExt.Fd]; ok {
-			if &fobj.cookie == cookie {
+			if fobj == fCookie {
 				delete(e.fds, peExt.Fd)
 			}
 		}
 	case PORT_SOURCE_FILE:
-		if fCookie, ok := e.cookies[cookie]; ok && uintptr(unsafe.Pointer(fCookie.fobj)) == uintptr(peInt.Object) {
-			// Use our stashed reference rather than using unsafe on what we got back
-			// the unsafe version would be (*fileObj)(unsafe.Pointer(uintptr(peInt.Object)))
-			peExt.fobj = fCookie.fobj
-		} else {
-			panic("mismanaged memory")
-		}
-		delete(e.cookies, cookie)
+		peExt.fobj = fCookie.fobj
 		peExt.Path = BytePtrToString((*byte)(unsafe.Pointer(peExt.fobj.Name)))
 		// Only remove the paths entry if it exists and this cookie matches
 		if fobj, ok := e.paths[peExt.Path]; ok {
-			if &fobj.cookie == cookie {
+			if fobj == fCookie {
 				delete(e.paths, peExt.Path)
 			}
 		}
 	}
+	return nil
 }
 
 // Pending wraps port_getn(3c) and returns how many events are pending.
@@ -990,7 +1003,7 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error)
 	got := uint32(min)
 	max := uint32(len(s))
 	var err error
-	ps := make([]portEvent, max, max)
+	ps := make([]portEvent, max)
 	_, err = port_getn(e.port, &ps[0], max, &got, timeout)
 	// got will be trustworthy with ETIME, but not any other error.
 	if err != nil && err != ETIME {
@@ -998,8 +1011,18 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error)
 	}
 	e.mu.Lock()
 	defer e.mu.Unlock()
+	valid := 0
 	for i := 0; i < int(got); i++ {
-		e.peIntToExt(&ps[i], &s[i])
+		err2 := e.peIntToExt(&ps[i], &s[i])
+		if err2 != nil {
+			if valid == 0 && err == nil {
+				// If err2 is the only error and there are no valid events
+				// to return, return it to the caller.
+				err = err2
+			}
+			break
+		}
+		valid = i + 1
 	}
-	return int(got), err
+	return valid, err
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index 1ff5060b5..9f7535607 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -13,8 +13,6 @@ import (
 	"sync"
 	"syscall"
 	"unsafe"
-
-	"golang.org/x/sys/internal/unsafeheader"
 )
 
 var (
@@ -117,11 +115,7 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d
 	}
 
 	// Use unsafe to convert addr into a []byte.
-	var b []byte
-	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b))
-	hdr.Data = unsafe.Pointer(addr)
-	hdr.Cap = length
-	hdr.Len = length
+	b := unsafe.Slice((*byte)(unsafe.Pointer(addr)), length)
 
 	// Register mapping in m and return it.
 	p := &b[cap(b)-1]
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 0bb4c8de5..5bb41d17b 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -7,11 +7,7 @@
 
 package unix
 
-import (
-	"unsafe"
-
-	"golang.org/x/sys/internal/unsafeheader"
-)
+import "unsafe"
 
 // SysvShmAttach attaches the Sysv shared memory segment associated with the
 // shared memory identifier id.
@@ -34,12 +30,7 @@ func SysvShmAttach(id int, addr uintptr, flag int) ([]byte, error) {
 	}
 
 	// Use unsafe to convert addr into a []byte.
-	// TODO: convert to unsafe.Slice once we can assume Go 1.17
-	var b []byte
-	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b))
-	hdr.Data = unsafe.Pointer(addr)
-	hdr.Cap = int(info.Segsz)
-	hdr.Len = int(info.Segsz)
+	b := unsafe.Slice((*byte)(unsafe.Pointer(addr)), int(info.Segsz))
 	return b, nil
 }
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index b0d6c2738..785d693eb 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -2940,6 +2940,7 @@ const (
 	SOL_RAW                                     = 0xff
 	SOL_RDS                                     = 0x114
 	SOL_RXRPC                                   = 0x110
+	SOL_SMC                                     = 0x11e
 	SOL_TCP                                     = 0x6
 	SOL_TIPC                                    = 0x10f
 	SOL_TLS                                     = 0x11a
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 274e2dabd..36c0dfc7c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include -m32
+// mkerrors.sh -Wall -Werror -static -I/tmp/386/include -m32
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
 // +build 386,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 95b6eeedf..4ff942703 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include -m64
+// mkerrors.sh -Wall -Werror -static -I/tmp/amd64/include -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
 // +build amd64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 918cd130e..3eaa0fb78 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/arm/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
 // +build arm,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 3907dc5a9..d7995bdc3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char
+// mkerrors.sh -Wall -Werror -static -I/tmp/arm64/include -fsigned-char
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
 // +build arm64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index 03d5c105a..928e24c20 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/loong64/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
 // +build loong64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index bd794e010..179bffb47 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/mips/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
 // +build mips,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index 6c741b054..1fba17bd7 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/mips64/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
 // +build mips64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 807b8cd2a..b77dde315 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/mips64le/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
 // +build mips64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index a39e4f5c2..78c6c751b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/mipsle/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
 // +build mipsle,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index c0fcda86b..1c0d31f0b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/ppc/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
 // +build ppc,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index f3b72407a..959dd9bb8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/ppc64/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
 // +build ppc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 72f2a45d5..5a873cdbc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/ppc64le/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
 // +build ppc64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 45b214b4d..e336d141e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/riscv64/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
 // +build riscv64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 1897f207b..390c01d92 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char
+// mkerrors.sh -Wall -Werror -static -I/tmp/s390x/include -fsigned-char
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
 // +build s390x,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 1fb7a3953..98a6e5f11 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/sparc64/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
 // +build sparc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
index d6c3e25c0..f5bb40eda 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
@@ -1,4 +1,4 @@
-// go run mkasm_darwin.go amd64
+// go run mkasm.go darwin amd64
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build go1.13
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
index 7e308a476..b41467a0e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -1,4 +1,4 @@
-// go run mkasm_darwin.go amd64
+// go run mkasm.go darwin amd64
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build go1.12
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
index 357989722..0c3f76bc2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
@@ -1,4 +1,4 @@
-// go run mkasm_darwin.go arm64
+// go run mkasm.go darwin arm64
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build go1.13
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
index b09e5bb0e..e1f9204a2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -1,4 +1,4 @@
-// go run mkasm_darwin.go arm64
+// go run mkasm.go darwin arm64
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build go1.12
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index 88af526b7..c81b0ad47 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -287,46 +287,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID32, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID32, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID32, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID32, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
 	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
 	n = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 2a0c4aa6a..2206bce7f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -334,36 +334,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -374,16 +344,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index 4882bde3a..edf6b39f1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -412,46 +412,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID32, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID32, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID32, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID32, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index 9f8c24e43..190609f21 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -289,36 +289,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -329,16 +299,6 @@ func setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
index 523f2ba03..806ffd1e1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
@@ -223,46 +223,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index d7d6f4244..5f984cbb1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -248,46 +248,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index 7f1f8e653..46fc380a4 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -278,36 +278,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -318,16 +288,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index f933d0f51..cbd0d4dad 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -278,36 +278,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -318,16 +288,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index 297d0a998..0c13d15f0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -248,46 +248,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index 2e32e7a44..e01432aed 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -308,46 +308,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index 3c5317046..13c7ee7ba 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -349,36 +349,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -389,16 +359,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index a00c6744e..02d0c0fd6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -349,36 +349,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -389,16 +359,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 1239cc2de..9fee3b1d2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -269,36 +269,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -309,16 +279,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index e0dabc602..647bbfecd 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -319,36 +319,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -359,16 +329,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) {
 	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
 	n = int64(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index 368623c0f..ada057f89 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -329,36 +329,6 @@ func setfsuid(uid int) (prev int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
@@ -369,16 +339,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Shutdown(fd int, how int) (err error) {
 	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index a057fc5d3..2925fe0a7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -l32 -openbsd -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go
+// go run mksyscall.go -l32 -openbsd -libc -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && 386
@@ -16,7 +16,7 @@ var _ syscall.Errno
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	return
 }
 
+var libc_getgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgroups getgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgroups setgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
 	wpid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err
 	return
 }
 
+var libc_wait4_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_wait4 wait4 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	return
 }
 
+var libc_accept_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_accept accept "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_bind_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_bind bind "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_connect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connect connect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 	return
 }
 
+var libc_socket_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socket socket "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	_, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	_, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getpeername_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpeername getpeername "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockname_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockname getsockname "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_shutdown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shutdown shutdown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	_, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_socketpair_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socketpair socketpair "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
@@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	return
 }
 
+var libc_recvfrom_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
@@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	_, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sendto_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendto sendto "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_recvmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_sendmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 	return
 }
 
+var libc_kevent_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kevent kevent "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func utimes(path string, timeval *[2]Timeval) (err error) {
@@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_utimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimes utimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_futimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_futimes futimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	return
 }
 
+var libc_poll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_poll poll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Madvise(b []byte, behav int) (err error) {
@@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	_, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_madvise_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_madvise madvise "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlock(b []byte) (err error) {
@@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlock mlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlockall mlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mprotect(b []byte, prot int) (err error) {
@@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	_, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mprotect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mprotect mprotect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Msync(b []byte, flags int) (err error) {
@@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_msync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_msync msync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlock(b []byte) (err error) {
@@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlock munlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlockall munlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	_, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_pipe2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getdents(fd int, buf []byte) (n int, err error) {
@@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getdents_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getdents getdents "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getcwd(buf []byte) (n int, err error) {
@@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getcwd_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getcwd getcwd "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ioctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
@@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr)
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	_, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int,
 	return
 }
 
+var libc_ppoll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ppoll ppoll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Access(path string, mode uint32) (err error) {
@@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_access_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_access access "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	_, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_adjtime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_adjtime adjtime "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chdir(path string) (err error) {
@@ -463,13 +607,17 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chdir chdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chflags(path string, flags int) (err error) {
@@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chflags chflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chmod(path string, mode uint32) (err error) {
@@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chmod chmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chown(path string, uid int, gid int) (err error) {
@@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chown chown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chroot(path string) (err error) {
@@ -523,27 +683,35 @@ func Chroot(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chroot_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chroot chroot "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_close_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_close close "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0)
 	nfd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) {
 	return
 }
 
+var libc_dup_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup dup "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	_, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup2 dup2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup3(from int, to int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup3_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup3 dup3 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0)
 	return
 }
 
+var libc_exit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exit exit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_faccessat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_faccessat faccessat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchdir fchdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchflags fchflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmod fchmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchown fchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
@@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchownat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchownat fchownat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_flock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flock flock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) {
 	return
 }
 
+var libc_fpathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstat fstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
@@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatat fstatat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fsync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsync fsync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	_, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), uintptr(length>>32))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ftruncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0)
 	egid = int(r0)
 	return
 }
 
+var libc_getegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getegid getegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_geteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_geteuid geteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0)
 	gid = int(r0)
 	return
 }
 
+var libc_getgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgid getgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0)
 	pgid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) {
 	return
 }
 
+var libc_getpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgid getpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0)
 	pgrp = int(r0)
 	return
 }
 
+var libc_getpgrp_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	return
 }
 
+var libc_getpid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpid getpid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0)
 	ppid = int(r0)
 	return
 }
 
+var libc_getppid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getppid getppid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0)
 	prio = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) {
 	return
 }
 
+var libc_getpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpriority getpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrtable() (rtable int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0)
 	rtable = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) {
 	return
 }
 
+var libc_getrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrtable getrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrusage_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrusage getrusage "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0)
 	sid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) {
 	return
 }
 
+var libc_getsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsid getsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Gettimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_gettimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_getuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getuid getuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Issetugid() (tainted bool) {
-	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0)
 	tainted = bool(r0 != 0)
 	return
 }
 
+var libc_issetugid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_issetugid issetugid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kill(pid int, signum syscall.Signal) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	_, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_kill_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kill kill "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) {
 	return
 }
 
+var libc_kqueue_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kqueue kqueue "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lchown(path string, uid int, gid int) (err error) {
@@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lchown lchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Link(path string, link string) (err error) {
@@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_link_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_link link "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
@@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_linkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_linkat linkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	_, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_listen_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_listen listen "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lstat(path string, stat *Stat_t) (err error) {
@@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lstat lstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdir(path string, mode uint32) (err error) {
@@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdir mkdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdirat(dirfd int, path string, mode uint32) (err error) {
@@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdirat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifo(path string, mode uint32) (err error) {
@@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifo_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
@@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifoat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknod(path string, mode uint32, dev int) (err error) {
@@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	_, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknod mknod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
@@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknodat mknodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_nanosleep_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
@@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_open_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_open open "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
@@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_openat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_openat openat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pathconf(path string, name int) (val int, err error) {
@@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) {
 	return
 }
 
+var libc_pathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pathconf pathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pread(fd int, p []byte, offset int64) (n int, err error) {
@@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pread_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pread pread "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pwrite(fd int, p []byte, offset int64) (n int, err error) {
@@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pwrite_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwrite pwrite "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func read(fd int, p []byte) (n int, err error) {
@@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_read_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_read read "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlink(path string, buf []byte) (n int, err error) {
@@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlink readlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
@@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rename(from string, to string) (err error) {
@@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rename_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rename rename "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Renameat(fromfd int, from string, tofd int, to string) (err error) {
@@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_renameat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameat renameat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Revoke(path string) (err error) {
@@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_revoke_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_revoke revoke "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rmdir(path string) (err error) {
@@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rmdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rmdir rmdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
+	r0, r1, e1 := syscall_syscall6(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(whence), 0, 0)
 	newoffset = int64(int64(r1)<<32 | int64(r0))
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return
 }
 
+var libc_lseek_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lseek lseek "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 	return
 }
 
+var libc_select_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_select select "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setegid(egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setegid setegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_seteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_seteuid seteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgid setgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setlogin(name string) (err error) {
@@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setlogin_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setlogin setlogin "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpgid setpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	_, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpriority setpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setregid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setregid setregid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setreuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setreuid setreuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	_, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresgid setresgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	_, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresuid setresuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrtable(rtable int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrtable setrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) {
 	return
 }
 
+var libc_setsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsid setsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_settimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setuid setuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Stat(path string, stat *Stat_t) (err error) {
@@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_stat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_stat stat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Statfs(path string, stat *Statfs_t) (err error) {
@@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_statfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_statfs statfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlink(path string, link string) (err error) {
@@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlink symlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
@@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	_, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sync sync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Truncate(path string, length int64) (err error) {
@@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	_, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_truncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_truncate truncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0)
 	oldmask = int(r0)
 	return
 }
 
+var libc_umask_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_umask umask "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlink(path string) (err error) {
@@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlink unlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlinkat(dirfd int, path string, flags int) (err error) {
@@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unmount(path string, flags int) (err error) {
@@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unmount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unmount unmount "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func write(fd int, p []byte) (n int, err error) {
@@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_write_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_write write "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
+	r0, _, e1 := syscall_syscall9(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0)
 	ret = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 	return
 }
 
+var libc_mmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mmap mmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munmap munmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
+
+var libc_utimensat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
new file mode 100644
index 000000000..75eb2f5f3
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -0,0 +1,796 @@
+// go run mkasm.go openbsd 386
+// Code generated by the command above; DO NOT EDIT.
+
+#include "textflag.h"
+
+TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+
+GLOBL	·libc_getgroups_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getgroups_trampoline_addr(SB)/4, $libc_getgroups_trampoline<>(SB)
+
+TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+
+GLOBL	·libc_setgroups_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setgroups_trampoline_addr(SB)/4, $libc_setgroups_trampoline<>(SB)
+
+TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+
+GLOBL	·libc_wait4_trampoline_addr(SB), RODATA, $4
+DATA	·libc_wait4_trampoline_addr(SB)/4, $libc_wait4_trampoline<>(SB)
+
+TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+
+GLOBL	·libc_accept_trampoline_addr(SB), RODATA, $4
+DATA	·libc_accept_trampoline_addr(SB)/4, $libc_accept_trampoline<>(SB)
+
+TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+
+GLOBL	·libc_bind_trampoline_addr(SB), RODATA, $4
+DATA	·libc_bind_trampoline_addr(SB)/4, $libc_bind_trampoline<>(SB)
+
+TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+
+GLOBL	·libc_connect_trampoline_addr(SB), RODATA, $4
+DATA	·libc_connect_trampoline_addr(SB)/4, $libc_connect_trampoline<>(SB)
+
+TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+
+GLOBL	·libc_socket_trampoline_addr(SB), RODATA, $4
+DATA	·libc_socket_trampoline_addr(SB)/4, $libc_socket_trampoline<>(SB)
+
+TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+
+GLOBL	·libc_getsockopt_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getsockopt_trampoline_addr(SB)/4, $libc_getsockopt_trampoline<>(SB)
+
+TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+
+GLOBL	·libc_setsockopt_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setsockopt_trampoline_addr(SB)/4, $libc_setsockopt_trampoline<>(SB)
+
+TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+
+GLOBL	·libc_getpeername_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpeername_trampoline_addr(SB)/4, $libc_getpeername_trampoline<>(SB)
+
+TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+
+GLOBL	·libc_getsockname_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getsockname_trampoline_addr(SB)/4, $libc_getsockname_trampoline<>(SB)
+
+TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+
+GLOBL	·libc_shutdown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_shutdown_trampoline_addr(SB)/4, $libc_shutdown_trampoline<>(SB)
+
+TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+
+GLOBL	·libc_socketpair_trampoline_addr(SB), RODATA, $4
+DATA	·libc_socketpair_trampoline_addr(SB)/4, $libc_socketpair_trampoline<>(SB)
+
+TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+
+GLOBL	·libc_recvfrom_trampoline_addr(SB), RODATA, $4
+DATA	·libc_recvfrom_trampoline_addr(SB)/4, $libc_recvfrom_trampoline<>(SB)
+
+TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+
+GLOBL	·libc_sendto_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sendto_trampoline_addr(SB)/4, $libc_sendto_trampoline<>(SB)
+
+TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+
+GLOBL	·libc_recvmsg_trampoline_addr(SB), RODATA, $4
+DATA	·libc_recvmsg_trampoline_addr(SB)/4, $libc_recvmsg_trampoline<>(SB)
+
+TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+
+GLOBL	·libc_sendmsg_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sendmsg_trampoline_addr(SB)/4, $libc_sendmsg_trampoline<>(SB)
+
+TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+
+GLOBL	·libc_kevent_trampoline_addr(SB), RODATA, $4
+DATA	·libc_kevent_trampoline_addr(SB)/4, $libc_kevent_trampoline<>(SB)
+
+TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+
+GLOBL	·libc_utimes_trampoline_addr(SB), RODATA, $4
+DATA	·libc_utimes_trampoline_addr(SB)/4, $libc_utimes_trampoline<>(SB)
+
+TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+
+GLOBL	·libc_futimes_trampoline_addr(SB), RODATA, $4
+DATA	·libc_futimes_trampoline_addr(SB)/4, $libc_futimes_trampoline<>(SB)
+
+TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+
+GLOBL	·libc_poll_trampoline_addr(SB), RODATA, $4
+DATA	·libc_poll_trampoline_addr(SB)/4, $libc_poll_trampoline<>(SB)
+
+TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+
+GLOBL	·libc_madvise_trampoline_addr(SB), RODATA, $4
+DATA	·libc_madvise_trampoline_addr(SB)/4, $libc_madvise_trampoline<>(SB)
+
+TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+
+GLOBL	·libc_mlock_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mlock_trampoline_addr(SB)/4, $libc_mlock_trampoline<>(SB)
+
+TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+
+GLOBL	·libc_mlockall_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mlockall_trampoline_addr(SB)/4, $libc_mlockall_trampoline<>(SB)
+
+TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+
+GLOBL	·libc_mprotect_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mprotect_trampoline_addr(SB)/4, $libc_mprotect_trampoline<>(SB)
+
+TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+
+GLOBL	·libc_msync_trampoline_addr(SB), RODATA, $4
+DATA	·libc_msync_trampoline_addr(SB)/4, $libc_msync_trampoline<>(SB)
+
+TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+
+GLOBL	·libc_munlock_trampoline_addr(SB), RODATA, $4
+DATA	·libc_munlock_trampoline_addr(SB)/4, $libc_munlock_trampoline<>(SB)
+
+TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+
+GLOBL	·libc_munlockall_trampoline_addr(SB), RODATA, $4
+DATA	·libc_munlockall_trampoline_addr(SB)/4, $libc_munlockall_trampoline<>(SB)
+
+TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pipe2(SB)
+
+GLOBL	·libc_pipe2_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pipe2_trampoline_addr(SB)/4, $libc_pipe2_trampoline<>(SB)
+
+TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getdents(SB)
+
+GLOBL	·libc_getdents_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getdents_trampoline_addr(SB)/4, $libc_getdents_trampoline<>(SB)
+
+TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+
+GLOBL	·libc_getcwd_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB)
+
+TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+
+GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $4
+DATA	·libc_ioctl_trampoline_addr(SB)/4, $libc_ioctl_trampoline<>(SB)
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+
+TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ppoll(SB)
+
+GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $4
+DATA	·libc_ppoll_trampoline_addr(SB)/4, $libc_ppoll_trampoline<>(SB)
+
+TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+
+GLOBL	·libc_access_trampoline_addr(SB), RODATA, $4
+DATA	·libc_access_trampoline_addr(SB)/4, $libc_access_trampoline<>(SB)
+
+TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+
+GLOBL	·libc_adjtime_trampoline_addr(SB), RODATA, $4
+DATA	·libc_adjtime_trampoline_addr(SB)/4, $libc_adjtime_trampoline<>(SB)
+
+TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+
+GLOBL	·libc_chdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chdir_trampoline_addr(SB)/4, $libc_chdir_trampoline<>(SB)
+
+TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+
+GLOBL	·libc_chflags_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chflags_trampoline_addr(SB)/4, $libc_chflags_trampoline<>(SB)
+
+TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+
+GLOBL	·libc_chmod_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chmod_trampoline_addr(SB)/4, $libc_chmod_trampoline<>(SB)
+
+TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+
+GLOBL	·libc_chown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chown_trampoline_addr(SB)/4, $libc_chown_trampoline<>(SB)
+
+TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+
+GLOBL	·libc_chroot_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chroot_trampoline_addr(SB)/4, $libc_chroot_trampoline<>(SB)
+
+TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+
+GLOBL	·libc_close_trampoline_addr(SB), RODATA, $4
+DATA	·libc_close_trampoline_addr(SB)/4, $libc_close_trampoline<>(SB)
+
+TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+
+GLOBL	·libc_dup_trampoline_addr(SB), RODATA, $4
+DATA	·libc_dup_trampoline_addr(SB)/4, $libc_dup_trampoline<>(SB)
+
+TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+
+GLOBL	·libc_dup2_trampoline_addr(SB), RODATA, $4
+DATA	·libc_dup2_trampoline_addr(SB)/4, $libc_dup2_trampoline<>(SB)
+
+TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup3(SB)
+
+GLOBL	·libc_dup3_trampoline_addr(SB), RODATA, $4
+DATA	·libc_dup3_trampoline_addr(SB)/4, $libc_dup3_trampoline<>(SB)
+
+TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+
+GLOBL	·libc_exit_trampoline_addr(SB), RODATA, $4
+DATA	·libc_exit_trampoline_addr(SB)/4, $libc_exit_trampoline<>(SB)
+
+TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+
+GLOBL	·libc_faccessat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_faccessat_trampoline_addr(SB)/4, $libc_faccessat_trampoline<>(SB)
+
+TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+
+GLOBL	·libc_fchdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchdir_trampoline_addr(SB)/4, $libc_fchdir_trampoline<>(SB)
+
+TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+
+GLOBL	·libc_fchflags_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchflags_trampoline_addr(SB)/4, $libc_fchflags_trampoline<>(SB)
+
+TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+
+GLOBL	·libc_fchmod_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchmod_trampoline_addr(SB)/4, $libc_fchmod_trampoline<>(SB)
+
+TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+
+GLOBL	·libc_fchmodat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchmodat_trampoline_addr(SB)/4, $libc_fchmodat_trampoline<>(SB)
+
+TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+
+GLOBL	·libc_fchown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchown_trampoline_addr(SB)/4, $libc_fchown_trampoline<>(SB)
+
+TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+
+GLOBL	·libc_fchownat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchownat_trampoline_addr(SB)/4, $libc_fchownat_trampoline<>(SB)
+
+TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+
+GLOBL	·libc_flock_trampoline_addr(SB), RODATA, $4
+DATA	·libc_flock_trampoline_addr(SB)/4, $libc_flock_trampoline<>(SB)
+
+TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+
+GLOBL	·libc_fpathconf_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fpathconf_trampoline_addr(SB)/4, $libc_fpathconf_trampoline<>(SB)
+
+TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstat(SB)
+
+GLOBL	·libc_fstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fstat_trampoline_addr(SB)/4, $libc_fstat_trampoline<>(SB)
+
+TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat(SB)
+
+GLOBL	·libc_fstatat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fstatat_trampoline_addr(SB)/4, $libc_fstatat_trampoline<>(SB)
+
+TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs(SB)
+
+GLOBL	·libc_fstatfs_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fstatfs_trampoline_addr(SB)/4, $libc_fstatfs_trampoline<>(SB)
+
+TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+
+GLOBL	·libc_fsync_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fsync_trampoline_addr(SB)/4, $libc_fsync_trampoline<>(SB)
+
+TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+
+GLOBL	·libc_ftruncate_trampoline_addr(SB), RODATA, $4
+DATA	·libc_ftruncate_trampoline_addr(SB)/4, $libc_ftruncate_trampoline<>(SB)
+
+TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+
+GLOBL	·libc_getegid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getegid_trampoline_addr(SB)/4, $libc_getegid_trampoline<>(SB)
+
+TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+
+GLOBL	·libc_geteuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_geteuid_trampoline_addr(SB)/4, $libc_geteuid_trampoline<>(SB)
+
+TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+
+GLOBL	·libc_getgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getgid_trampoline_addr(SB)/4, $libc_getgid_trampoline<>(SB)
+
+TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+
+GLOBL	·libc_getpgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpgid_trampoline_addr(SB)/4, $libc_getpgid_trampoline<>(SB)
+
+TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+
+GLOBL	·libc_getpgrp_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpgrp_trampoline_addr(SB)/4, $libc_getpgrp_trampoline<>(SB)
+
+TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+
+GLOBL	·libc_getpid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpid_trampoline_addr(SB)/4, $libc_getpid_trampoline<>(SB)
+
+TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+
+GLOBL	·libc_getppid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getppid_trampoline_addr(SB)/4, $libc_getppid_trampoline<>(SB)
+
+TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+
+GLOBL	·libc_getpriority_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpriority_trampoline_addr(SB)/4, $libc_getpriority_trampoline<>(SB)
+
+TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+
+GLOBL	·libc_getrlimit_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getrlimit_trampoline_addr(SB)/4, $libc_getrlimit_trampoline<>(SB)
+
+TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrtable(SB)
+
+GLOBL	·libc_getrtable_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getrtable_trampoline_addr(SB)/4, $libc_getrtable_trampoline<>(SB)
+
+TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+
+GLOBL	·libc_getrusage_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getrusage_trampoline_addr(SB)/4, $libc_getrusage_trampoline<>(SB)
+
+TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+
+GLOBL	·libc_getsid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getsid_trampoline_addr(SB)/4, $libc_getsid_trampoline<>(SB)
+
+TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+
+GLOBL	·libc_gettimeofday_trampoline_addr(SB), RODATA, $4
+DATA	·libc_gettimeofday_trampoline_addr(SB)/4, $libc_gettimeofday_trampoline<>(SB)
+
+TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+
+GLOBL	·libc_getuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getuid_trampoline_addr(SB)/4, $libc_getuid_trampoline<>(SB)
+
+TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+
+GLOBL	·libc_issetugid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_issetugid_trampoline_addr(SB)/4, $libc_issetugid_trampoline<>(SB)
+
+TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+
+GLOBL	·libc_kill_trampoline_addr(SB), RODATA, $4
+DATA	·libc_kill_trampoline_addr(SB)/4, $libc_kill_trampoline<>(SB)
+
+TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+
+GLOBL	·libc_kqueue_trampoline_addr(SB), RODATA, $4
+DATA	·libc_kqueue_trampoline_addr(SB)/4, $libc_kqueue_trampoline<>(SB)
+
+TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+
+GLOBL	·libc_lchown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_lchown_trampoline_addr(SB)/4, $libc_lchown_trampoline<>(SB)
+
+TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+
+GLOBL	·libc_link_trampoline_addr(SB), RODATA, $4
+DATA	·libc_link_trampoline_addr(SB)/4, $libc_link_trampoline<>(SB)
+
+TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+
+GLOBL	·libc_linkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_linkat_trampoline_addr(SB)/4, $libc_linkat_trampoline<>(SB)
+
+TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+
+GLOBL	·libc_listen_trampoline_addr(SB), RODATA, $4
+DATA	·libc_listen_trampoline_addr(SB)/4, $libc_listen_trampoline<>(SB)
+
+TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lstat(SB)
+
+GLOBL	·libc_lstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_lstat_trampoline_addr(SB)/4, $libc_lstat_trampoline<>(SB)
+
+TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+
+GLOBL	·libc_mkdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkdir_trampoline_addr(SB)/4, $libc_mkdir_trampoline<>(SB)
+
+TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+
+GLOBL	·libc_mkdirat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkdirat_trampoline_addr(SB)/4, $libc_mkdirat_trampoline<>(SB)
+
+TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+
+GLOBL	·libc_mkfifo_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkfifo_trampoline_addr(SB)/4, $libc_mkfifo_trampoline<>(SB)
+
+TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifoat(SB)
+
+GLOBL	·libc_mkfifoat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkfifoat_trampoline_addr(SB)/4, $libc_mkfifoat_trampoline<>(SB)
+
+TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+
+GLOBL	·libc_mknod_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mknod_trampoline_addr(SB)/4, $libc_mknod_trampoline<>(SB)
+
+TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknodat(SB)
+
+GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB)
+
+TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_nanosleep(SB)
+
+GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $4
+DATA	·libc_nanosleep_trampoline_addr(SB)/4, $libc_nanosleep_trampoline<>(SB)
+
+TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+
+GLOBL	·libc_open_trampoline_addr(SB), RODATA, $4
+DATA	·libc_open_trampoline_addr(SB)/4, $libc_open_trampoline<>(SB)
+
+TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+
+GLOBL	·libc_openat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_openat_trampoline_addr(SB)/4, $libc_openat_trampoline<>(SB)
+
+TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+
+GLOBL	·libc_pathconf_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pathconf_trampoline_addr(SB)/4, $libc_pathconf_trampoline<>(SB)
+
+TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+
+GLOBL	·libc_pread_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pread_trampoline_addr(SB)/4, $libc_pread_trampoline<>(SB)
+
+TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+
+GLOBL	·libc_pwrite_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pwrite_trampoline_addr(SB)/4, $libc_pwrite_trampoline<>(SB)
+
+TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+
+GLOBL	·libc_read_trampoline_addr(SB), RODATA, $4
+DATA	·libc_read_trampoline_addr(SB)/4, $libc_read_trampoline<>(SB)
+
+TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+
+GLOBL	·libc_readlink_trampoline_addr(SB), RODATA, $4
+DATA	·libc_readlink_trampoline_addr(SB)/4, $libc_readlink_trampoline<>(SB)
+
+TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+
+GLOBL	·libc_readlinkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_readlinkat_trampoline_addr(SB)/4, $libc_readlinkat_trampoline<>(SB)
+
+TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+
+GLOBL	·libc_rename_trampoline_addr(SB), RODATA, $4
+DATA	·libc_rename_trampoline_addr(SB)/4, $libc_rename_trampoline<>(SB)
+
+TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+
+GLOBL	·libc_renameat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_renameat_trampoline_addr(SB)/4, $libc_renameat_trampoline<>(SB)
+
+TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+
+GLOBL	·libc_revoke_trampoline_addr(SB), RODATA, $4
+DATA	·libc_revoke_trampoline_addr(SB)/4, $libc_revoke_trampoline<>(SB)
+
+TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+
+GLOBL	·libc_rmdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_rmdir_trampoline_addr(SB)/4, $libc_rmdir_trampoline<>(SB)
+
+TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+
+GLOBL	·libc_lseek_trampoline_addr(SB), RODATA, $4
+DATA	·libc_lseek_trampoline_addr(SB)/4, $libc_lseek_trampoline<>(SB)
+
+TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+
+GLOBL	·libc_select_trampoline_addr(SB), RODATA, $4
+DATA	·libc_select_trampoline_addr(SB)/4, $libc_select_trampoline<>(SB)
+
+TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+
+GLOBL	·libc_setegid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setegid_trampoline_addr(SB)/4, $libc_setegid_trampoline<>(SB)
+
+TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+
+GLOBL	·libc_seteuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_seteuid_trampoline_addr(SB)/4, $libc_seteuid_trampoline<>(SB)
+
+TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+
+GLOBL	·libc_setgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setgid_trampoline_addr(SB)/4, $libc_setgid_trampoline<>(SB)
+
+TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+
+GLOBL	·libc_setlogin_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setlogin_trampoline_addr(SB)/4, $libc_setlogin_trampoline<>(SB)
+
+TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+
+GLOBL	·libc_setpgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setpgid_trampoline_addr(SB)/4, $libc_setpgid_trampoline<>(SB)
+
+TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+
+GLOBL	·libc_setpriority_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setpriority_trampoline_addr(SB)/4, $libc_setpriority_trampoline<>(SB)
+
+TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+
+GLOBL	·libc_setregid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setregid_trampoline_addr(SB)/4, $libc_setregid_trampoline<>(SB)
+
+TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+
+GLOBL	·libc_setreuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setreuid_trampoline_addr(SB)/4, $libc_setreuid_trampoline<>(SB)
+
+TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresgid(SB)
+
+GLOBL	·libc_setresgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setresgid_trampoline_addr(SB)/4, $libc_setresgid_trampoline<>(SB)
+
+TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresuid(SB)
+
+GLOBL	·libc_setresuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB)
+
+TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+
+GLOBL	·libc_setrlimit_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB)
+
+TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrtable(SB)
+
+GLOBL	·libc_setrtable_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setrtable_trampoline_addr(SB)/4, $libc_setrtable_trampoline<>(SB)
+
+TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+
+GLOBL	·libc_setsid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setsid_trampoline_addr(SB)/4, $libc_setsid_trampoline<>(SB)
+
+TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+
+GLOBL	·libc_settimeofday_trampoline_addr(SB), RODATA, $4
+DATA	·libc_settimeofday_trampoline_addr(SB)/4, $libc_settimeofday_trampoline<>(SB)
+
+TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+
+GLOBL	·libc_setuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setuid_trampoline_addr(SB)/4, $libc_setuid_trampoline<>(SB)
+
+TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_stat(SB)
+
+GLOBL	·libc_stat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_stat_trampoline_addr(SB)/4, $libc_stat_trampoline<>(SB)
+
+TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_statfs(SB)
+
+GLOBL	·libc_statfs_trampoline_addr(SB), RODATA, $4
+DATA	·libc_statfs_trampoline_addr(SB)/4, $libc_statfs_trampoline<>(SB)
+
+TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+
+GLOBL	·libc_symlink_trampoline_addr(SB), RODATA, $4
+DATA	·libc_symlink_trampoline_addr(SB)/4, $libc_symlink_trampoline<>(SB)
+
+TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+
+GLOBL	·libc_symlinkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_symlinkat_trampoline_addr(SB)/4, $libc_symlinkat_trampoline<>(SB)
+
+TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+
+GLOBL	·libc_sync_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sync_trampoline_addr(SB)/4, $libc_sync_trampoline<>(SB)
+
+TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+
+GLOBL	·libc_truncate_trampoline_addr(SB), RODATA, $4
+DATA	·libc_truncate_trampoline_addr(SB)/4, $libc_truncate_trampoline<>(SB)
+
+TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+
+GLOBL	·libc_umask_trampoline_addr(SB), RODATA, $4
+DATA	·libc_umask_trampoline_addr(SB)/4, $libc_umask_trampoline<>(SB)
+
+TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+
+GLOBL	·libc_unlink_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unlink_trampoline_addr(SB)/4, $libc_unlink_trampoline<>(SB)
+
+TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+
+GLOBL	·libc_unlinkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unlinkat_trampoline_addr(SB)/4, $libc_unlinkat_trampoline<>(SB)
+
+TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+
+GLOBL	·libc_unmount_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unmount_trampoline_addr(SB)/4, $libc_unmount_trampoline<>(SB)
+
+TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+
+GLOBL	·libc_write_trampoline_addr(SB), RODATA, $4
+DATA	·libc_write_trampoline_addr(SB)/4, $libc_write_trampoline<>(SB)
+
+TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+
+GLOBL	·libc_mmap_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mmap_trampoline_addr(SB)/4, $libc_mmap_trampoline<>(SB)
+
+TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+
+GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
+DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
+
+TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimensat(SB)
+
+GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index 04db8fa2f..98446d2b9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -openbsd -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go
+// go run mksyscall.go -openbsd -libc -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && amd64
@@ -16,7 +16,7 @@ var _ syscall.Errno
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	return
 }
 
+var libc_getgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgroups getgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgroups setgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
 	wpid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err
 	return
 }
 
+var libc_wait4_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_wait4 wait4 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	return
 }
 
+var libc_accept_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_accept accept "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_bind_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_bind bind "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_connect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connect connect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 	return
 }
 
+var libc_socket_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socket socket "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	_, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	_, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getpeername_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpeername getpeername "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockname_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockname getsockname "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_shutdown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shutdown shutdown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	_, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_socketpair_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socketpair socketpair "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
@@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	return
 }
 
+var libc_recvfrom_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
@@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	_, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sendto_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendto sendto "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_recvmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_sendmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 	return
 }
 
+var libc_kevent_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kevent kevent "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func utimes(path string, timeval *[2]Timeval) (err error) {
@@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_utimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimes utimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_futimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_futimes futimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	return
 }
 
+var libc_poll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_poll poll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Madvise(b []byte, behav int) (err error) {
@@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	_, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_madvise_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_madvise madvise "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlock(b []byte) (err error) {
@@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlock mlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlockall mlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mprotect(b []byte, prot int) (err error) {
@@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	_, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mprotect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mprotect mprotect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Msync(b []byte, flags int) (err error) {
@@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_msync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_msync msync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlock(b []byte) (err error) {
@@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlock munlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlockall munlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	_, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_pipe2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getdents(fd int, buf []byte) (n int, err error) {
@@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getdents_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getdents getdents "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getcwd(buf []byte) (n int, err error) {
@@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getcwd_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getcwd getcwd "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ioctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
@@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr)
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	_, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int,
 	return
 }
 
+var libc_ppoll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ppoll ppoll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Access(path string, mode uint32) (err error) {
@@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_access_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_access access "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	_, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_adjtime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_adjtime adjtime "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chdir(path string) (err error) {
@@ -463,13 +607,17 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chdir chdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chflags(path string, flags int) (err error) {
@@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chflags chflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chmod(path string, mode uint32) (err error) {
@@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chmod chmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chown(path string, uid int, gid int) (err error) {
@@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chown chown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chroot(path string) (err error) {
@@ -523,27 +683,35 @@ func Chroot(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chroot_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chroot chroot "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_close_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_close close "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0)
 	nfd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) {
 	return
 }
 
+var libc_dup_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup dup "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	_, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup2 dup2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup3(from int, to int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup3_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup3 dup3 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0)
 	return
 }
 
+var libc_exit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exit exit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_faccessat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_faccessat faccessat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchdir fchdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchflags fchflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmod fchmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchown fchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
@@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchownat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchownat fchownat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_flock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flock flock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) {
 	return
 }
 
+var libc_fpathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstat fstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
@@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatat fstatat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fsync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsync fsync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	_, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ftruncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0)
 	egid = int(r0)
 	return
 }
 
+var libc_getegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getegid getegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_geteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_geteuid geteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0)
 	gid = int(r0)
 	return
 }
 
+var libc_getgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgid getgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0)
 	pgid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) {
 	return
 }
 
+var libc_getpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgid getpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0)
 	pgrp = int(r0)
 	return
 }
 
+var libc_getpgrp_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	return
 }
 
+var libc_getpid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpid getpid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0)
 	ppid = int(r0)
 	return
 }
 
+var libc_getppid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getppid getppid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0)
 	prio = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) {
 	return
 }
 
+var libc_getpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpriority getpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrtable() (rtable int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0)
 	rtable = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) {
 	return
 }
 
+var libc_getrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrtable getrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrusage_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrusage getrusage "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0)
 	sid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) {
 	return
 }
 
+var libc_getsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsid getsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Gettimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_gettimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_getuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getuid getuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Issetugid() (tainted bool) {
-	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0)
 	tainted = bool(r0 != 0)
 	return
 }
 
+var libc_issetugid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_issetugid issetugid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kill(pid int, signum syscall.Signal) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	_, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_kill_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kill kill "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) {
 	return
 }
 
+var libc_kqueue_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kqueue kqueue "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lchown(path string, uid int, gid int) (err error) {
@@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lchown lchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Link(path string, link string) (err error) {
@@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_link_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_link link "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
@@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_linkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_linkat linkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	_, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_listen_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_listen listen "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lstat(path string, stat *Stat_t) (err error) {
@@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lstat lstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdir(path string, mode uint32) (err error) {
@@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdir mkdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdirat(dirfd int, path string, mode uint32) (err error) {
@@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdirat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifo(path string, mode uint32) (err error) {
@@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifo_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
@@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifoat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknod(path string, mode uint32, dev int) (err error) {
@@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	_, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknod mknod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
@@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknodat mknodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_nanosleep_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
@@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_open_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_open open "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
@@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_openat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_openat openat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pathconf(path string, name int) (val int, err error) {
@@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) {
 	return
 }
 
+var libc_pathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pathconf pathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pread(fd int, p []byte, offset int64) (n int, err error) {
@@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pread_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pread pread "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pwrite(fd int, p []byte, offset int64) (n int, err error) {
@@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pwrite_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwrite pwrite "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func read(fd int, p []byte) (n int, err error) {
@@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_read_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_read read "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlink(path string, buf []byte) (n int, err error) {
@@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlink readlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
@@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rename(from string, to string) (err error) {
@@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rename_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rename rename "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Renameat(fromfd int, from string, tofd int, to string) (err error) {
@@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_renameat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameat renameat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Revoke(path string) (err error) {
@@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_revoke_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_revoke revoke "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rmdir(path string) (err error) {
@@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rmdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rmdir rmdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence))
 	newoffset = int64(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return
 }
 
+var libc_lseek_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lseek lseek "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 	return
 }
 
+var libc_select_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_select select "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setegid(egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setegid setegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_seteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_seteuid seteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgid setgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setlogin(name string) (err error) {
@@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setlogin_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setlogin setlogin "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpgid setpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	_, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpriority setpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setregid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setregid setregid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setreuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setreuid setreuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	_, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresgid setresgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	_, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresuid setresuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrtable(rtable int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrtable setrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) {
 	return
 }
 
+var libc_setsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsid setsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_settimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setuid setuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Stat(path string, stat *Stat_t) (err error) {
@@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_stat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_stat stat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Statfs(path string, stat *Statfs_t) (err error) {
@@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_statfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_statfs statfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlink(path string, link string) (err error) {
@@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlink symlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
@@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	_, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sync sync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Truncate(path string, length int64) (err error) {
@@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	_, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_truncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_truncate truncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0)
 	oldmask = int(r0)
 	return
 }
 
+var libc_umask_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_umask umask "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlink(path string) (err error) {
@@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlink unlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlinkat(dirfd int, path string, flags int) (err error) {
@@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unmount(path string, flags int) (err error) {
@@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unmount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unmount unmount "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func write(fd int, p []byte) (n int, err error) {
@@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_write_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_write write "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
 	ret = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 	return
 }
 
+var libc_mmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mmap mmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munmap munmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
+
+var libc_utimensat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
new file mode 100644
index 000000000..243a6663c
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -0,0 +1,796 @@
+// go run mkasm.go openbsd amd64
+// Code generated by the command above; DO NOT EDIT.
+
+#include "textflag.h"
+
+TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+
+GLOBL	·libc_getgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB)
+
+TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+
+GLOBL	·libc_setgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB)
+
+TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+
+GLOBL	·libc_wait4_trampoline_addr(SB), RODATA, $8
+DATA	·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB)
+
+TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+
+GLOBL	·libc_accept_trampoline_addr(SB), RODATA, $8
+DATA	·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB)
+
+TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+
+GLOBL	·libc_bind_trampoline_addr(SB), RODATA, $8
+DATA	·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB)
+
+TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+
+GLOBL	·libc_connect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB)
+
+TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+
+GLOBL	·libc_socket_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB)
+
+TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+
+GLOBL	·libc_getsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB)
+
+TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+
+GLOBL	·libc_setsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB)
+
+TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+
+GLOBL	·libc_getpeername_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB)
+
+TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+
+GLOBL	·libc_getsockname_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB)
+
+TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+
+GLOBL	·libc_shutdown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB)
+
+TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+
+GLOBL	·libc_socketpair_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB)
+
+TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+
+GLOBL	·libc_recvfrom_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB)
+
+TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+
+GLOBL	·libc_sendto_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB)
+
+TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+
+GLOBL	·libc_recvmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB)
+
+TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+
+GLOBL	·libc_sendmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB)
+
+TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+
+GLOBL	·libc_kevent_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB)
+
+TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+
+GLOBL	·libc_utimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB)
+
+TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+
+GLOBL	·libc_futimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB)
+
+TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+
+GLOBL	·libc_poll_trampoline_addr(SB), RODATA, $8
+DATA	·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB)
+
+TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+
+GLOBL	·libc_madvise_trampoline_addr(SB), RODATA, $8
+DATA	·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB)
+
+TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+
+GLOBL	·libc_mlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB)
+
+TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+
+GLOBL	·libc_mlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB)
+
+TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+
+GLOBL	·libc_mprotect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB)
+
+TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+
+GLOBL	·libc_msync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB)
+
+TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+
+GLOBL	·libc_munlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB)
+
+TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+
+GLOBL	·libc_munlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB)
+
+TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pipe2(SB)
+
+GLOBL	·libc_pipe2_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB)
+
+TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getdents(SB)
+
+GLOBL	·libc_getdents_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB)
+
+TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+
+GLOBL	·libc_getcwd_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB)
+
+TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+
+GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
+TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ppoll(SB)
+
+GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB)
+
+TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+
+GLOBL	·libc_access_trampoline_addr(SB), RODATA, $8
+DATA	·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB)
+
+TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+
+GLOBL	·libc_adjtime_trampoline_addr(SB), RODATA, $8
+DATA	·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB)
+
+TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+
+GLOBL	·libc_chdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB)
+
+TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+
+GLOBL	·libc_chflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB)
+
+TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+
+GLOBL	·libc_chmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB)
+
+TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+
+GLOBL	·libc_chown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB)
+
+TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+
+GLOBL	·libc_chroot_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB)
+
+TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+
+GLOBL	·libc_close_trampoline_addr(SB), RODATA, $8
+DATA	·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB)
+
+TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+
+GLOBL	·libc_dup_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB)
+
+TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+
+GLOBL	·libc_dup2_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB)
+
+TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup3(SB)
+
+GLOBL	·libc_dup3_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB)
+
+TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+
+GLOBL	·libc_exit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB)
+
+TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+
+GLOBL	·libc_faccessat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB)
+
+TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+
+GLOBL	·libc_fchdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB)
+
+TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+
+GLOBL	·libc_fchflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB)
+
+TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+
+GLOBL	·libc_fchmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB)
+
+TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+
+GLOBL	·libc_fchmodat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB)
+
+TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+
+GLOBL	·libc_fchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB)
+
+TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+
+GLOBL	·libc_fchownat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB)
+
+TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+
+GLOBL	·libc_flock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB)
+
+TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+
+GLOBL	·libc_fpathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB)
+
+TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstat(SB)
+
+GLOBL	·libc_fstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB)
+
+TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat(SB)
+
+GLOBL	·libc_fstatat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB)
+
+TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs(SB)
+
+GLOBL	·libc_fstatfs_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB)
+
+TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+
+GLOBL	·libc_fsync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB)
+
+TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+
+GLOBL	·libc_ftruncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB)
+
+TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+
+GLOBL	·libc_getegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB)
+
+TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+
+GLOBL	·libc_geteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB)
+
+TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+
+GLOBL	·libc_getgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB)
+
+TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+
+GLOBL	·libc_getpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB)
+
+TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+
+GLOBL	·libc_getpgrp_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB)
+
+TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+
+GLOBL	·libc_getpid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB)
+
+TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+
+GLOBL	·libc_getppid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB)
+
+TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+
+GLOBL	·libc_getpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB)
+
+TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+
+GLOBL	·libc_getrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB)
+
+TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrtable(SB)
+
+GLOBL	·libc_getrtable_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB)
+
+TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+
+GLOBL	·libc_getrusage_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB)
+
+TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+
+GLOBL	·libc_getsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB)
+
+TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+
+GLOBL	·libc_gettimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB)
+
+TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+
+GLOBL	·libc_getuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB)
+
+TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+
+GLOBL	·libc_issetugid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB)
+
+TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+
+GLOBL	·libc_kill_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB)
+
+TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+
+GLOBL	·libc_kqueue_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB)
+
+TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+
+GLOBL	·libc_lchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB)
+
+TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+
+GLOBL	·libc_link_trampoline_addr(SB), RODATA, $8
+DATA	·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB)
+
+TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+
+GLOBL	·libc_linkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB)
+
+TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+
+GLOBL	·libc_listen_trampoline_addr(SB), RODATA, $8
+DATA	·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB)
+
+TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lstat(SB)
+
+GLOBL	·libc_lstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB)
+
+TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+
+GLOBL	·libc_mkdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB)
+
+TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+
+GLOBL	·libc_mkdirat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB)
+
+TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+
+GLOBL	·libc_mkfifo_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB)
+
+TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifoat(SB)
+
+GLOBL	·libc_mkfifoat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB)
+
+TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+
+GLOBL	·libc_mknod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB)
+
+TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknodat(SB)
+
+GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
+
+TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_nanosleep(SB)
+
+GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $8
+DATA	·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB)
+
+TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+
+GLOBL	·libc_open_trampoline_addr(SB), RODATA, $8
+DATA	·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB)
+
+TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+
+GLOBL	·libc_openat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB)
+
+TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+
+GLOBL	·libc_pathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB)
+
+TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+
+GLOBL	·libc_pread_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB)
+
+TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+
+GLOBL	·libc_pwrite_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB)
+
+TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+
+GLOBL	·libc_read_trampoline_addr(SB), RODATA, $8
+DATA	·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB)
+
+TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+
+GLOBL	·libc_readlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB)
+
+TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+
+GLOBL	·libc_readlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB)
+
+TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+
+GLOBL	·libc_rename_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB)
+
+TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+
+GLOBL	·libc_renameat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB)
+
+TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+
+GLOBL	·libc_revoke_trampoline_addr(SB), RODATA, $8
+DATA	·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB)
+
+TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+
+GLOBL	·libc_rmdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB)
+
+TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+
+GLOBL	·libc_lseek_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB)
+
+TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+
+GLOBL	·libc_select_trampoline_addr(SB), RODATA, $8
+DATA	·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB)
+
+TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+
+GLOBL	·libc_setegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB)
+
+TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+
+GLOBL	·libc_seteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB)
+
+TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+
+GLOBL	·libc_setgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB)
+
+TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+
+GLOBL	·libc_setlogin_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB)
+
+TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+
+GLOBL	·libc_setpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB)
+
+TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+
+GLOBL	·libc_setpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB)
+
+TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+
+GLOBL	·libc_setregid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB)
+
+TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+
+GLOBL	·libc_setreuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB)
+
+TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresgid(SB)
+
+GLOBL	·libc_setresgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB)
+
+TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresuid(SB)
+
+GLOBL	·libc_setresuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB)
+
+TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+
+GLOBL	·libc_setrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
+
+TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrtable(SB)
+
+GLOBL	·libc_setrtable_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB)
+
+TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+
+GLOBL	·libc_setsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB)
+
+TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+
+GLOBL	·libc_settimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB)
+
+TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+
+GLOBL	·libc_setuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB)
+
+TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_stat(SB)
+
+GLOBL	·libc_stat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB)
+
+TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_statfs(SB)
+
+GLOBL	·libc_statfs_trampoline_addr(SB), RODATA, $8
+DATA	·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB)
+
+TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+
+GLOBL	·libc_symlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB)
+
+TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+
+GLOBL	·libc_symlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB)
+
+TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+
+GLOBL	·libc_sync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB)
+
+TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+
+GLOBL	·libc_truncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB)
+
+TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+
+GLOBL	·libc_umask_trampoline_addr(SB), RODATA, $8
+DATA	·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB)
+
+TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+
+GLOBL	·libc_unlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB)
+
+TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+
+GLOBL	·libc_unlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB)
+
+TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+
+GLOBL	·libc_unmount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB)
+
+TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+
+GLOBL	·libc_write_trampoline_addr(SB), RODATA, $8
+DATA	·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB)
+
+TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+
+GLOBL	·libc_mmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB)
+
+TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+
+GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
+TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimensat(SB)
+
+GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index 69f803006..8da6791d1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -l32 -openbsd -arm -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go
+// go run mksyscall.go -l32 -openbsd -arm -libc -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm
@@ -16,7 +16,7 @@ var _ syscall.Errno
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	return
 }
 
+var libc_getgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgroups getgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgroups setgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
 	wpid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err
 	return
 }
 
+var libc_wait4_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_wait4 wait4 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	return
 }
 
+var libc_accept_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_accept accept "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_bind_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_bind bind "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_connect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connect connect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 	return
 }
 
+var libc_socket_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socket socket "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	_, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	_, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getpeername_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpeername getpeername "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockname_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockname getsockname "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_shutdown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shutdown shutdown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	_, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_socketpair_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socketpair socketpair "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
@@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	return
 }
 
+var libc_recvfrom_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
@@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	_, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sendto_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendto sendto "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_recvmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_sendmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 	return
 }
 
+var libc_kevent_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kevent kevent "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func utimes(path string, timeval *[2]Timeval) (err error) {
@@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_utimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimes utimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_futimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_futimes futimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	return
 }
 
+var libc_poll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_poll poll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Madvise(b []byte, behav int) (err error) {
@@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	_, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_madvise_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_madvise madvise "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlock(b []byte) (err error) {
@@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlock mlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlockall mlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mprotect(b []byte, prot int) (err error) {
@@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	_, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mprotect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mprotect mprotect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Msync(b []byte, flags int) (err error) {
@@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_msync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_msync msync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlock(b []byte) (err error) {
@@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlock munlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlockall munlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	_, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_pipe2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getdents(fd int, buf []byte) (n int, err error) {
@@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getdents_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getdents getdents "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getcwd(buf []byte) (n int, err error) {
@@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getcwd_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getcwd getcwd "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ioctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
@@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr)
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	_, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int,
 	return
 }
 
+var libc_ppoll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ppoll ppoll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Access(path string, mode uint32) (err error) {
@@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_access_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_access access "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	_, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_adjtime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_adjtime adjtime "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chdir(path string) (err error) {
@@ -463,13 +607,17 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chdir chdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chflags(path string, flags int) (err error) {
@@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chflags chflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chmod(path string, mode uint32) (err error) {
@@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chmod chmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chown(path string, uid int, gid int) (err error) {
@@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chown chown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chroot(path string) (err error) {
@@ -523,27 +683,35 @@ func Chroot(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chroot_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chroot chroot "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_close_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_close close "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0)
 	nfd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) {
 	return
 }
 
+var libc_dup_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup dup "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	_, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup2 dup2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup3(from int, to int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup3_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup3 dup3 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0)
 	return
 }
 
+var libc_exit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exit exit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_faccessat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_faccessat faccessat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchdir fchdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchflags fchflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmod fchmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchown fchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
@@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchownat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchownat fchownat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_flock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flock flock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) {
 	return
 }
 
+var libc_fpathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstat fstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
@@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatat fstatat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fsync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsync fsync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_ftruncate_trampoline_addr, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ftruncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0)
 	egid = int(r0)
 	return
 }
 
+var libc_getegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getegid getegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_geteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_geteuid geteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0)
 	gid = int(r0)
 	return
 }
 
+var libc_getgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgid getgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0)
 	pgid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) {
 	return
 }
 
+var libc_getpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgid getpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0)
 	pgrp = int(r0)
 	return
 }
 
+var libc_getpgrp_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	return
 }
 
+var libc_getpid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpid getpid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0)
 	ppid = int(r0)
 	return
 }
 
+var libc_getppid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getppid getppid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0)
 	prio = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) {
 	return
 }
 
+var libc_getpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpriority getpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrtable() (rtable int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0)
 	rtable = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) {
 	return
 }
 
+var libc_getrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrtable getrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrusage_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrusage getrusage "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0)
 	sid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) {
 	return
 }
 
+var libc_getsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsid getsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Gettimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_gettimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_getuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getuid getuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Issetugid() (tainted bool) {
-	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0)
 	tainted = bool(r0 != 0)
 	return
 }
 
+var libc_issetugid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_issetugid issetugid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kill(pid int, signum syscall.Signal) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	_, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_kill_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kill kill "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) {
 	return
 }
 
+var libc_kqueue_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kqueue kqueue "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lchown(path string, uid int, gid int) (err error) {
@@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lchown lchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Link(path string, link string) (err error) {
@@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_link_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_link link "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
@@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_linkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_linkat linkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	_, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_listen_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_listen listen "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lstat(path string, stat *Stat_t) (err error) {
@@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lstat lstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdir(path string, mode uint32) (err error) {
@@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdir mkdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdirat(dirfd int, path string, mode uint32) (err error) {
@@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdirat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifo(path string, mode uint32) (err error) {
@@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifo_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
@@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifoat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknod(path string, mode uint32, dev int) (err error) {
@@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	_, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknod mknod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
@@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknodat mknodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_nanosleep_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
@@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_open_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_open open "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
@@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_openat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_openat openat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pathconf(path string, name int) (val int, err error) {
@@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) {
 	return
 }
 
+var libc_pathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pathconf pathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pread(fd int, p []byte, offset int64) (n int, err error) {
@@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pread_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pread pread "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pwrite(fd int, p []byte, offset int64) (n int, err error) {
@@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
+	r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pwrite_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwrite pwrite "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func read(fd int, p []byte) (n int, err error) {
@@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_read_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_read read "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlink(path string, buf []byte) (n int, err error) {
@@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlink readlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
@@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rename(from string, to string) (err error) {
@@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rename_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rename rename "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Renameat(fromfd int, from string, tofd int, to string) (err error) {
@@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_renameat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameat renameat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Revoke(path string) (err error) {
@@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_revoke_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_revoke revoke "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rmdir(path string) (err error) {
@@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rmdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rmdir rmdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
+	r0, r1, e1 := syscall_syscall6(libc_lseek_trampoline_addr, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0)
 	newoffset = int64(int64(r1)<<32 | int64(r0))
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return
 }
 
+var libc_lseek_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lseek lseek "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 	return
 }
 
+var libc_select_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_select select "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setegid(egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setegid setegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_seteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_seteuid seteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgid setgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setlogin(name string) (err error) {
@@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setlogin_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setlogin setlogin "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpgid setpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	_, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpriority setpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setregid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setregid setregid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setreuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setreuid setreuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	_, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresgid setresgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	_, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresuid setresuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrtable(rtable int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrtable setrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) {
 	return
 }
 
+var libc_setsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsid setsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_settimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setuid setuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Stat(path string, stat *Stat_t) (err error) {
@@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_stat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_stat stat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Statfs(path string, stat *Statfs_t) (err error) {
@@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_statfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_statfs statfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlink(path string, link string) (err error) {
@@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlink symlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
@@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	_, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sync sync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Truncate(path string, length int64) (err error) {
@@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_truncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_truncate truncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0)
 	oldmask = int(r0)
 	return
 }
 
+var libc_umask_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_umask umask "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlink(path string) (err error) {
@@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlink unlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlinkat(dirfd int, path string, flags int) (err error) {
@@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unmount(path string, flags int) (err error) {
@@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unmount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unmount unmount "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func write(fd int, p []byte) (n int, err error) {
@@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_write_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_write write "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
+	r0, _, e1 := syscall_syscall9(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0)
 	ret = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 	return
 }
 
+var libc_mmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mmap mmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munmap munmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
+
+var libc_utimensat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
new file mode 100644
index 000000000..9ad116d9f
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -0,0 +1,796 @@
+// go run mkasm.go openbsd arm
+// Code generated by the command above; DO NOT EDIT.
+
+#include "textflag.h"
+
+TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+
+GLOBL	·libc_getgroups_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getgroups_trampoline_addr(SB)/4, $libc_getgroups_trampoline<>(SB)
+
+TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+
+GLOBL	·libc_setgroups_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setgroups_trampoline_addr(SB)/4, $libc_setgroups_trampoline<>(SB)
+
+TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+
+GLOBL	·libc_wait4_trampoline_addr(SB), RODATA, $4
+DATA	·libc_wait4_trampoline_addr(SB)/4, $libc_wait4_trampoline<>(SB)
+
+TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+
+GLOBL	·libc_accept_trampoline_addr(SB), RODATA, $4
+DATA	·libc_accept_trampoline_addr(SB)/4, $libc_accept_trampoline<>(SB)
+
+TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+
+GLOBL	·libc_bind_trampoline_addr(SB), RODATA, $4
+DATA	·libc_bind_trampoline_addr(SB)/4, $libc_bind_trampoline<>(SB)
+
+TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+
+GLOBL	·libc_connect_trampoline_addr(SB), RODATA, $4
+DATA	·libc_connect_trampoline_addr(SB)/4, $libc_connect_trampoline<>(SB)
+
+TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+
+GLOBL	·libc_socket_trampoline_addr(SB), RODATA, $4
+DATA	·libc_socket_trampoline_addr(SB)/4, $libc_socket_trampoline<>(SB)
+
+TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+
+GLOBL	·libc_getsockopt_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getsockopt_trampoline_addr(SB)/4, $libc_getsockopt_trampoline<>(SB)
+
+TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+
+GLOBL	·libc_setsockopt_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setsockopt_trampoline_addr(SB)/4, $libc_setsockopt_trampoline<>(SB)
+
+TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+
+GLOBL	·libc_getpeername_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpeername_trampoline_addr(SB)/4, $libc_getpeername_trampoline<>(SB)
+
+TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+
+GLOBL	·libc_getsockname_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getsockname_trampoline_addr(SB)/4, $libc_getsockname_trampoline<>(SB)
+
+TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+
+GLOBL	·libc_shutdown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_shutdown_trampoline_addr(SB)/4, $libc_shutdown_trampoline<>(SB)
+
+TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+
+GLOBL	·libc_socketpair_trampoline_addr(SB), RODATA, $4
+DATA	·libc_socketpair_trampoline_addr(SB)/4, $libc_socketpair_trampoline<>(SB)
+
+TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+
+GLOBL	·libc_recvfrom_trampoline_addr(SB), RODATA, $4
+DATA	·libc_recvfrom_trampoline_addr(SB)/4, $libc_recvfrom_trampoline<>(SB)
+
+TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+
+GLOBL	·libc_sendto_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sendto_trampoline_addr(SB)/4, $libc_sendto_trampoline<>(SB)
+
+TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+
+GLOBL	·libc_recvmsg_trampoline_addr(SB), RODATA, $4
+DATA	·libc_recvmsg_trampoline_addr(SB)/4, $libc_recvmsg_trampoline<>(SB)
+
+TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+
+GLOBL	·libc_sendmsg_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sendmsg_trampoline_addr(SB)/4, $libc_sendmsg_trampoline<>(SB)
+
+TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+
+GLOBL	·libc_kevent_trampoline_addr(SB), RODATA, $4
+DATA	·libc_kevent_trampoline_addr(SB)/4, $libc_kevent_trampoline<>(SB)
+
+TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+
+GLOBL	·libc_utimes_trampoline_addr(SB), RODATA, $4
+DATA	·libc_utimes_trampoline_addr(SB)/4, $libc_utimes_trampoline<>(SB)
+
+TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+
+GLOBL	·libc_futimes_trampoline_addr(SB), RODATA, $4
+DATA	·libc_futimes_trampoline_addr(SB)/4, $libc_futimes_trampoline<>(SB)
+
+TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+
+GLOBL	·libc_poll_trampoline_addr(SB), RODATA, $4
+DATA	·libc_poll_trampoline_addr(SB)/4, $libc_poll_trampoline<>(SB)
+
+TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+
+GLOBL	·libc_madvise_trampoline_addr(SB), RODATA, $4
+DATA	·libc_madvise_trampoline_addr(SB)/4, $libc_madvise_trampoline<>(SB)
+
+TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+
+GLOBL	·libc_mlock_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mlock_trampoline_addr(SB)/4, $libc_mlock_trampoline<>(SB)
+
+TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+
+GLOBL	·libc_mlockall_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mlockall_trampoline_addr(SB)/4, $libc_mlockall_trampoline<>(SB)
+
+TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+
+GLOBL	·libc_mprotect_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mprotect_trampoline_addr(SB)/4, $libc_mprotect_trampoline<>(SB)
+
+TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+
+GLOBL	·libc_msync_trampoline_addr(SB), RODATA, $4
+DATA	·libc_msync_trampoline_addr(SB)/4, $libc_msync_trampoline<>(SB)
+
+TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+
+GLOBL	·libc_munlock_trampoline_addr(SB), RODATA, $4
+DATA	·libc_munlock_trampoline_addr(SB)/4, $libc_munlock_trampoline<>(SB)
+
+TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+
+GLOBL	·libc_munlockall_trampoline_addr(SB), RODATA, $4
+DATA	·libc_munlockall_trampoline_addr(SB)/4, $libc_munlockall_trampoline<>(SB)
+
+TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pipe2(SB)
+
+GLOBL	·libc_pipe2_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pipe2_trampoline_addr(SB)/4, $libc_pipe2_trampoline<>(SB)
+
+TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getdents(SB)
+
+GLOBL	·libc_getdents_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getdents_trampoline_addr(SB)/4, $libc_getdents_trampoline<>(SB)
+
+TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+
+GLOBL	·libc_getcwd_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB)
+
+TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+
+GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $4
+DATA	·libc_ioctl_trampoline_addr(SB)/4, $libc_ioctl_trampoline<>(SB)
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+
+TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ppoll(SB)
+
+GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $4
+DATA	·libc_ppoll_trampoline_addr(SB)/4, $libc_ppoll_trampoline<>(SB)
+
+TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+
+GLOBL	·libc_access_trampoline_addr(SB), RODATA, $4
+DATA	·libc_access_trampoline_addr(SB)/4, $libc_access_trampoline<>(SB)
+
+TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+
+GLOBL	·libc_adjtime_trampoline_addr(SB), RODATA, $4
+DATA	·libc_adjtime_trampoline_addr(SB)/4, $libc_adjtime_trampoline<>(SB)
+
+TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+
+GLOBL	·libc_chdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chdir_trampoline_addr(SB)/4, $libc_chdir_trampoline<>(SB)
+
+TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+
+GLOBL	·libc_chflags_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chflags_trampoline_addr(SB)/4, $libc_chflags_trampoline<>(SB)
+
+TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+
+GLOBL	·libc_chmod_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chmod_trampoline_addr(SB)/4, $libc_chmod_trampoline<>(SB)
+
+TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+
+GLOBL	·libc_chown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chown_trampoline_addr(SB)/4, $libc_chown_trampoline<>(SB)
+
+TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+
+GLOBL	·libc_chroot_trampoline_addr(SB), RODATA, $4
+DATA	·libc_chroot_trampoline_addr(SB)/4, $libc_chroot_trampoline<>(SB)
+
+TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+
+GLOBL	·libc_close_trampoline_addr(SB), RODATA, $4
+DATA	·libc_close_trampoline_addr(SB)/4, $libc_close_trampoline<>(SB)
+
+TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+
+GLOBL	·libc_dup_trampoline_addr(SB), RODATA, $4
+DATA	·libc_dup_trampoline_addr(SB)/4, $libc_dup_trampoline<>(SB)
+
+TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+
+GLOBL	·libc_dup2_trampoline_addr(SB), RODATA, $4
+DATA	·libc_dup2_trampoline_addr(SB)/4, $libc_dup2_trampoline<>(SB)
+
+TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup3(SB)
+
+GLOBL	·libc_dup3_trampoline_addr(SB), RODATA, $4
+DATA	·libc_dup3_trampoline_addr(SB)/4, $libc_dup3_trampoline<>(SB)
+
+TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+
+GLOBL	·libc_exit_trampoline_addr(SB), RODATA, $4
+DATA	·libc_exit_trampoline_addr(SB)/4, $libc_exit_trampoline<>(SB)
+
+TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+
+GLOBL	·libc_faccessat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_faccessat_trampoline_addr(SB)/4, $libc_faccessat_trampoline<>(SB)
+
+TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+
+GLOBL	·libc_fchdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchdir_trampoline_addr(SB)/4, $libc_fchdir_trampoline<>(SB)
+
+TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+
+GLOBL	·libc_fchflags_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchflags_trampoline_addr(SB)/4, $libc_fchflags_trampoline<>(SB)
+
+TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+
+GLOBL	·libc_fchmod_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchmod_trampoline_addr(SB)/4, $libc_fchmod_trampoline<>(SB)
+
+TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+
+GLOBL	·libc_fchmodat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchmodat_trampoline_addr(SB)/4, $libc_fchmodat_trampoline<>(SB)
+
+TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+
+GLOBL	·libc_fchown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchown_trampoline_addr(SB)/4, $libc_fchown_trampoline<>(SB)
+
+TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+
+GLOBL	·libc_fchownat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fchownat_trampoline_addr(SB)/4, $libc_fchownat_trampoline<>(SB)
+
+TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+
+GLOBL	·libc_flock_trampoline_addr(SB), RODATA, $4
+DATA	·libc_flock_trampoline_addr(SB)/4, $libc_flock_trampoline<>(SB)
+
+TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+
+GLOBL	·libc_fpathconf_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fpathconf_trampoline_addr(SB)/4, $libc_fpathconf_trampoline<>(SB)
+
+TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstat(SB)
+
+GLOBL	·libc_fstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fstat_trampoline_addr(SB)/4, $libc_fstat_trampoline<>(SB)
+
+TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat(SB)
+
+GLOBL	·libc_fstatat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fstatat_trampoline_addr(SB)/4, $libc_fstatat_trampoline<>(SB)
+
+TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs(SB)
+
+GLOBL	·libc_fstatfs_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fstatfs_trampoline_addr(SB)/4, $libc_fstatfs_trampoline<>(SB)
+
+TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+
+GLOBL	·libc_fsync_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fsync_trampoline_addr(SB)/4, $libc_fsync_trampoline<>(SB)
+
+TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+
+GLOBL	·libc_ftruncate_trampoline_addr(SB), RODATA, $4
+DATA	·libc_ftruncate_trampoline_addr(SB)/4, $libc_ftruncate_trampoline<>(SB)
+
+TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+
+GLOBL	·libc_getegid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getegid_trampoline_addr(SB)/4, $libc_getegid_trampoline<>(SB)
+
+TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+
+GLOBL	·libc_geteuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_geteuid_trampoline_addr(SB)/4, $libc_geteuid_trampoline<>(SB)
+
+TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+
+GLOBL	·libc_getgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getgid_trampoline_addr(SB)/4, $libc_getgid_trampoline<>(SB)
+
+TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+
+GLOBL	·libc_getpgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpgid_trampoline_addr(SB)/4, $libc_getpgid_trampoline<>(SB)
+
+TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+
+GLOBL	·libc_getpgrp_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpgrp_trampoline_addr(SB)/4, $libc_getpgrp_trampoline<>(SB)
+
+TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+
+GLOBL	·libc_getpid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpid_trampoline_addr(SB)/4, $libc_getpid_trampoline<>(SB)
+
+TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+
+GLOBL	·libc_getppid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getppid_trampoline_addr(SB)/4, $libc_getppid_trampoline<>(SB)
+
+TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+
+GLOBL	·libc_getpriority_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getpriority_trampoline_addr(SB)/4, $libc_getpriority_trampoline<>(SB)
+
+TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+
+GLOBL	·libc_getrlimit_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getrlimit_trampoline_addr(SB)/4, $libc_getrlimit_trampoline<>(SB)
+
+TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrtable(SB)
+
+GLOBL	·libc_getrtable_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getrtable_trampoline_addr(SB)/4, $libc_getrtable_trampoline<>(SB)
+
+TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+
+GLOBL	·libc_getrusage_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getrusage_trampoline_addr(SB)/4, $libc_getrusage_trampoline<>(SB)
+
+TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+
+GLOBL	·libc_getsid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getsid_trampoline_addr(SB)/4, $libc_getsid_trampoline<>(SB)
+
+TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+
+GLOBL	·libc_gettimeofday_trampoline_addr(SB), RODATA, $4
+DATA	·libc_gettimeofday_trampoline_addr(SB)/4, $libc_gettimeofday_trampoline<>(SB)
+
+TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+
+GLOBL	·libc_getuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getuid_trampoline_addr(SB)/4, $libc_getuid_trampoline<>(SB)
+
+TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+
+GLOBL	·libc_issetugid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_issetugid_trampoline_addr(SB)/4, $libc_issetugid_trampoline<>(SB)
+
+TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+
+GLOBL	·libc_kill_trampoline_addr(SB), RODATA, $4
+DATA	·libc_kill_trampoline_addr(SB)/4, $libc_kill_trampoline<>(SB)
+
+TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+
+GLOBL	·libc_kqueue_trampoline_addr(SB), RODATA, $4
+DATA	·libc_kqueue_trampoline_addr(SB)/4, $libc_kqueue_trampoline<>(SB)
+
+TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+
+GLOBL	·libc_lchown_trampoline_addr(SB), RODATA, $4
+DATA	·libc_lchown_trampoline_addr(SB)/4, $libc_lchown_trampoline<>(SB)
+
+TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+
+GLOBL	·libc_link_trampoline_addr(SB), RODATA, $4
+DATA	·libc_link_trampoline_addr(SB)/4, $libc_link_trampoline<>(SB)
+
+TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+
+GLOBL	·libc_linkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_linkat_trampoline_addr(SB)/4, $libc_linkat_trampoline<>(SB)
+
+TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+
+GLOBL	·libc_listen_trampoline_addr(SB), RODATA, $4
+DATA	·libc_listen_trampoline_addr(SB)/4, $libc_listen_trampoline<>(SB)
+
+TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lstat(SB)
+
+GLOBL	·libc_lstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_lstat_trampoline_addr(SB)/4, $libc_lstat_trampoline<>(SB)
+
+TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+
+GLOBL	·libc_mkdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkdir_trampoline_addr(SB)/4, $libc_mkdir_trampoline<>(SB)
+
+TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+
+GLOBL	·libc_mkdirat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkdirat_trampoline_addr(SB)/4, $libc_mkdirat_trampoline<>(SB)
+
+TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+
+GLOBL	·libc_mkfifo_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkfifo_trampoline_addr(SB)/4, $libc_mkfifo_trampoline<>(SB)
+
+TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifoat(SB)
+
+GLOBL	·libc_mkfifoat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mkfifoat_trampoline_addr(SB)/4, $libc_mkfifoat_trampoline<>(SB)
+
+TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+
+GLOBL	·libc_mknod_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mknod_trampoline_addr(SB)/4, $libc_mknod_trampoline<>(SB)
+
+TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknodat(SB)
+
+GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB)
+
+TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_nanosleep(SB)
+
+GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $4
+DATA	·libc_nanosleep_trampoline_addr(SB)/4, $libc_nanosleep_trampoline<>(SB)
+
+TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+
+GLOBL	·libc_open_trampoline_addr(SB), RODATA, $4
+DATA	·libc_open_trampoline_addr(SB)/4, $libc_open_trampoline<>(SB)
+
+TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+
+GLOBL	·libc_openat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_openat_trampoline_addr(SB)/4, $libc_openat_trampoline<>(SB)
+
+TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+
+GLOBL	·libc_pathconf_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pathconf_trampoline_addr(SB)/4, $libc_pathconf_trampoline<>(SB)
+
+TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+
+GLOBL	·libc_pread_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pread_trampoline_addr(SB)/4, $libc_pread_trampoline<>(SB)
+
+TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+
+GLOBL	·libc_pwrite_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pwrite_trampoline_addr(SB)/4, $libc_pwrite_trampoline<>(SB)
+
+TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+
+GLOBL	·libc_read_trampoline_addr(SB), RODATA, $4
+DATA	·libc_read_trampoline_addr(SB)/4, $libc_read_trampoline<>(SB)
+
+TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+
+GLOBL	·libc_readlink_trampoline_addr(SB), RODATA, $4
+DATA	·libc_readlink_trampoline_addr(SB)/4, $libc_readlink_trampoline<>(SB)
+
+TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+
+GLOBL	·libc_readlinkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_readlinkat_trampoline_addr(SB)/4, $libc_readlinkat_trampoline<>(SB)
+
+TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+
+GLOBL	·libc_rename_trampoline_addr(SB), RODATA, $4
+DATA	·libc_rename_trampoline_addr(SB)/4, $libc_rename_trampoline<>(SB)
+
+TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+
+GLOBL	·libc_renameat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_renameat_trampoline_addr(SB)/4, $libc_renameat_trampoline<>(SB)
+
+TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+
+GLOBL	·libc_revoke_trampoline_addr(SB), RODATA, $4
+DATA	·libc_revoke_trampoline_addr(SB)/4, $libc_revoke_trampoline<>(SB)
+
+TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+
+GLOBL	·libc_rmdir_trampoline_addr(SB), RODATA, $4
+DATA	·libc_rmdir_trampoline_addr(SB)/4, $libc_rmdir_trampoline<>(SB)
+
+TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+
+GLOBL	·libc_lseek_trampoline_addr(SB), RODATA, $4
+DATA	·libc_lseek_trampoline_addr(SB)/4, $libc_lseek_trampoline<>(SB)
+
+TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+
+GLOBL	·libc_select_trampoline_addr(SB), RODATA, $4
+DATA	·libc_select_trampoline_addr(SB)/4, $libc_select_trampoline<>(SB)
+
+TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+
+GLOBL	·libc_setegid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setegid_trampoline_addr(SB)/4, $libc_setegid_trampoline<>(SB)
+
+TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+
+GLOBL	·libc_seteuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_seteuid_trampoline_addr(SB)/4, $libc_seteuid_trampoline<>(SB)
+
+TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+
+GLOBL	·libc_setgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setgid_trampoline_addr(SB)/4, $libc_setgid_trampoline<>(SB)
+
+TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+
+GLOBL	·libc_setlogin_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setlogin_trampoline_addr(SB)/4, $libc_setlogin_trampoline<>(SB)
+
+TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+
+GLOBL	·libc_setpgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setpgid_trampoline_addr(SB)/4, $libc_setpgid_trampoline<>(SB)
+
+TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+
+GLOBL	·libc_setpriority_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setpriority_trampoline_addr(SB)/4, $libc_setpriority_trampoline<>(SB)
+
+TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+
+GLOBL	·libc_setregid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setregid_trampoline_addr(SB)/4, $libc_setregid_trampoline<>(SB)
+
+TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+
+GLOBL	·libc_setreuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setreuid_trampoline_addr(SB)/4, $libc_setreuid_trampoline<>(SB)
+
+TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresgid(SB)
+
+GLOBL	·libc_setresgid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setresgid_trampoline_addr(SB)/4, $libc_setresgid_trampoline<>(SB)
+
+TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresuid(SB)
+
+GLOBL	·libc_setresuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB)
+
+TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+
+GLOBL	·libc_setrlimit_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB)
+
+TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrtable(SB)
+
+GLOBL	·libc_setrtable_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setrtable_trampoline_addr(SB)/4, $libc_setrtable_trampoline<>(SB)
+
+TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+
+GLOBL	·libc_setsid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setsid_trampoline_addr(SB)/4, $libc_setsid_trampoline<>(SB)
+
+TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+
+GLOBL	·libc_settimeofday_trampoline_addr(SB), RODATA, $4
+DATA	·libc_settimeofday_trampoline_addr(SB)/4, $libc_settimeofday_trampoline<>(SB)
+
+TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+
+GLOBL	·libc_setuid_trampoline_addr(SB), RODATA, $4
+DATA	·libc_setuid_trampoline_addr(SB)/4, $libc_setuid_trampoline<>(SB)
+
+TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_stat(SB)
+
+GLOBL	·libc_stat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_stat_trampoline_addr(SB)/4, $libc_stat_trampoline<>(SB)
+
+TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_statfs(SB)
+
+GLOBL	·libc_statfs_trampoline_addr(SB), RODATA, $4
+DATA	·libc_statfs_trampoline_addr(SB)/4, $libc_statfs_trampoline<>(SB)
+
+TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+
+GLOBL	·libc_symlink_trampoline_addr(SB), RODATA, $4
+DATA	·libc_symlink_trampoline_addr(SB)/4, $libc_symlink_trampoline<>(SB)
+
+TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+
+GLOBL	·libc_symlinkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_symlinkat_trampoline_addr(SB)/4, $libc_symlinkat_trampoline<>(SB)
+
+TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+
+GLOBL	·libc_sync_trampoline_addr(SB), RODATA, $4
+DATA	·libc_sync_trampoline_addr(SB)/4, $libc_sync_trampoline<>(SB)
+
+TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+
+GLOBL	·libc_truncate_trampoline_addr(SB), RODATA, $4
+DATA	·libc_truncate_trampoline_addr(SB)/4, $libc_truncate_trampoline<>(SB)
+
+TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+
+GLOBL	·libc_umask_trampoline_addr(SB), RODATA, $4
+DATA	·libc_umask_trampoline_addr(SB)/4, $libc_umask_trampoline<>(SB)
+
+TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+
+GLOBL	·libc_unlink_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unlink_trampoline_addr(SB)/4, $libc_unlink_trampoline<>(SB)
+
+TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+
+GLOBL	·libc_unlinkat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unlinkat_trampoline_addr(SB)/4, $libc_unlinkat_trampoline<>(SB)
+
+TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+
+GLOBL	·libc_unmount_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unmount_trampoline_addr(SB)/4, $libc_unmount_trampoline<>(SB)
+
+TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+
+GLOBL	·libc_write_trampoline_addr(SB), RODATA, $4
+DATA	·libc_write_trampoline_addr(SB)/4, $libc_write_trampoline<>(SB)
+
+TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+
+GLOBL	·libc_mmap_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mmap_trampoline_addr(SB)/4, $libc_mmap_trampoline<>(SB)
+
+TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+
+GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
+DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
+
+TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimensat(SB)
+
+GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index c96a50517..800aab6e3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -openbsd -tags openbsd,arm64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm64.go
+// go run mksyscall.go -openbsd -libc -tags openbsd,arm64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm64
@@ -16,7 +16,7 @@ var _ syscall.Errno
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) {
 	return
 }
 
+var libc_getgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgroups getgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(ngid int, gid *_Gid_t) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgroups_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgroups setgroups "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) {
-	r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0)
 	wpid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err
 	return
 }
 
+var libc_wait4_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_wait4 wait4 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
 	return
 }
 
+var libc_accept_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_accept accept "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_bind_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_bind bind "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	_, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_connect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connect connect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 	return
 }
 
+var libc_socket_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socket socket "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	_, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	_, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setsockopt_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getpeername_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpeername getpeername "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	_, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getsockname_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsockname getsockname "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(s int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_shutdown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_shutdown shutdown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	_, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_socketpair_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_socketpair socketpair "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
@@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	return
 }
 
+var libc_recvfrom_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
@@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	_, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sendto_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendto sendto "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_recvmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 	return
 }
 
+var libc_sendmsg_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
+	r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 	return
 }
 
+var libc_kevent_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kevent kevent "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func utimes(path string, timeval *[2]Timeval) (err error) {
@@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_utimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimes utimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func futimes(fd int, timeval *[2]Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
+	_, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_futimes_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_futimes futimes "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	return
 }
 
+var libc_poll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_poll poll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Madvise(b []byte, behav int) (err error) {
@@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav))
+	_, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_madvise_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_madvise madvise "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlock(b []byte) (err error) {
@@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlock mlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mlockall mlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mprotect(b []byte, prot int) (err error) {
@@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	_, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mprotect_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mprotect mprotect "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Msync(b []byte, flags int) (err error) {
@@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_msync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_msync msync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlock(b []byte) (err error) {
@@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0)
+	_, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlock munlock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Munlockall() (err error) {
-	_, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munlockall_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munlockall munlockall "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pipe2(p *[2]_C_int, flags int) (err error) {
-	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
+	_, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_pipe2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getdents(fd int, buf []byte) (n int, err error) {
@@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getdents_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getdents getdents "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getcwd(buf []byte) (n int, err error) {
@@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) {
 	return
 }
 
+var libc_getcwd_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getcwd getcwd "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ioctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
@@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr)
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	_, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int,
 	return
 }
 
+var libc_ppoll_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ppoll ppoll "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Access(path string, mode uint32) (err error) {
@@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_access_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_access access "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Adjtime(delta *Timeval, olddelta *Timeval) (err error) {
-	_, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
+	_, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_adjtime_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_adjtime adjtime "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chdir(path string) (err error) {
@@ -463,13 +607,17 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chdir chdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chflags(path string, flags int) (err error) {
@@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chflags chflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chmod(path string, mode uint32) (err error) {
@@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chmod chmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chown(path string, uid int, gid int) (err error) {
@@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chown chown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Chroot(path string) (err error) {
@@ -523,27 +683,35 @@ func Chroot(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_chroot_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_chroot chroot "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Close(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_close_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_close close "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(fd int) (nfd int, err error) {
-	r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0)
 	nfd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) {
 	return
 }
 
+var libc_dup_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup dup "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(from int, to int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0)
+	_, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup2_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup2 dup2 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup3(from int, to int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_dup3_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_dup3 dup3 "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exit(code int) {
-	Syscall(SYS_EXIT, uintptr(code), 0, 0)
+	syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0)
 	return
 }
 
+var libc_exit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_exit exit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_faccessat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_faccessat faccessat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchdir(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchdir fchdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchflags(fd int, flags int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchflags_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchflags fchflags "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmod fchmod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchmodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchown fchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
@@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fchownat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fchownat fchownat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Flock(fd int, how int) (err error) {
-	_, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0)
+	_, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_flock_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_flock flock "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fpathconf(fd int, name int) (val int, err error) {
-	r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) {
 	return
 }
 
+var libc_fpathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstat(fd int, stat *Stat_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstat fstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
@@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatat fstatat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	_, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fstatfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fsync(fd int) (err error) {
-	_, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0)
+	_, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_fsync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fsync fsync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length))
+	_, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_ftruncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getegid() (egid int) {
-	r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0)
 	egid = int(r0)
 	return
 }
 
+var libc_getegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getegid getegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Geteuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_geteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_geteuid geteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getgid() (gid int) {
-	r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0)
 	gid = int(r0)
 	return
 }
 
+var libc_getgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getgid getgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0)
 	pgid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) {
 	return
 }
 
+var libc_getpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgid getpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgrp() (pgrp int) {
-	r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0)
 	pgrp = int(r0)
 	return
 }
 
+var libc_getpgrp_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpid() (pid int) {
-	r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	return
 }
 
+var libc_getpid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpid getpid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getppid() (ppid int) {
-	r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0)
 	ppid = int(r0)
 	return
 }
 
+var libc_getppid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getppid getppid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0)
 	prio = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) {
 	return
 }
 
+var libc_getpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getpriority getpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrtable() (rtable int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0)
 	rtable = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) {
 	return
 }
 
+var libc_getrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrtable getrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrusage(who int, rusage *Rusage) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_getrusage_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getrusage getrusage "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0)
 	sid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) {
 	return
 }
 
+var libc_getsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getsid getsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Gettimeofday(tv *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_gettimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getuid() (uid int) {
-	r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0)
+	r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0)
 	uid = int(r0)
 	return
 }
 
+var libc_getuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getuid getuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Issetugid() (tainted bool) {
-	r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0)
+	r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0)
 	tainted = bool(r0 != 0)
 	return
 }
 
+var libc_issetugid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_issetugid issetugid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kill(pid int, signum syscall.Signal) (err error) {
-	_, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0)
+	_, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_kill_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kill kill "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kqueue() (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0)
+	r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) {
 	return
 }
 
+var libc_kqueue_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_kqueue kqueue "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lchown(path string, uid int, gid int) (err error) {
@@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	_, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lchown_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lchown lchown "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Link(path string, link string) (err error) {
@@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_link_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_link link "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) {
@@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_linkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_linkat linkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Listen(s int, backlog int) (err error) {
-	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0)
+	_, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_listen_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_listen listen "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Lstat(path string, stat *Stat_t) (err error) {
@@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_lstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lstat lstat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdir(path string, mode uint32) (err error) {
@@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdir mkdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkdirat(dirfd int, path string, mode uint32) (err error) {
@@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkdirat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifo(path string, mode uint32) (err error) {
@@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	_, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifo_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
@@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	_, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mkfifoat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknod(path string, mode uint32, dev int) (err error) {
@@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	_, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknod_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknod mknod "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
@@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_mknodat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mknodat mknodat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
-	_, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
+	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_nanosleep_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
@@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_open_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_open open "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
@@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0)
 	fd = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) {
 	return
 }
 
+var libc_openat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_openat openat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Pathconf(path string, name int) (val int, err error) {
@@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
+	r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0)
 	val = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) {
 	return
 }
 
+var libc_pathconf_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pathconf pathconf "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pread(fd int, p []byte, offset int64) (n int, err error) {
@@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pread_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pread pread "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pwrite(fd int, p []byte, offset int64) (n int, err error) {
@@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0)
+	r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	return
 }
 
+var libc_pwrite_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwrite pwrite "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func read(fd int, p []byte) (n int, err error) {
@@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_read_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_read read "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlink(path string, buf []byte) (n int, err error) {
@@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlink readlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
@@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	} else {
 		_p1 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
 	return
 }
 
+var libc_readlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rename(from string, to string) (err error) {
@@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rename_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rename rename "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Renameat(fromfd int, from string, tofd int, to string) (err error) {
@@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_renameat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameat renameat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Revoke(path string) (err error) {
@@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_revoke_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_revoke revoke "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rmdir(path string) (err error) {
@@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_rmdir_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_rmdir rmdir "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
-	r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0)
+	r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence))
 	newoffset = int64(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return
 }
 
+var libc_lseek_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_lseek lseek "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
-	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 	return
 }
 
+var libc_select_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_select select "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setegid(egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setegid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setegid setegid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seteuid(euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_seteuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_seteuid seteuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(gid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setgid setgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setlogin(name string) (err error) {
@@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setlogin_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setlogin setlogin "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpgid setpgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
+	_, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setpriority_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setpriority setpriority "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setregid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setregid setregid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setreuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setreuid setreuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresgid(rgid int, egid int, sgid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	_, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresgid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresgid setresgid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setresuid(ruid int, euid int, suid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	_, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setresuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setresuid setresuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(which int, lim *Rlimit) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrlimit_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrtable(rtable int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setrtable_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setrtable setrtable "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0)
+	r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0)
 	pid = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) {
 	return
 }
 
+var libc_setsid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setsid setsid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Settimeofday(tp *Timeval) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_settimeofday_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setuid(uid int) (err error) {
-	_, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0)
+	_, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_setuid_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_setuid setuid "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Stat(path string, stat *Stat_t) (err error) {
@@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_stat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_stat stat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Statfs(path string, stat *Statfs_t) (err error) {
@@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	_, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_statfs_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_statfs statfs "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlink(path string, link string) (err error) {
@@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
+	_, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlink symlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
@@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	_, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_symlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Sync() (err error) {
-	_, _, e1 := Syscall(SYS_SYNC, 0, 0, 0)
+	_, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_sync_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sync sync "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Truncate(path string, length int64) (err error) {
@@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length))
+	_, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_truncate_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_truncate truncate "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(newmask int) (oldmask int) {
-	r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0)
+	r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0)
 	oldmask = int(r0)
 	return
 }
 
+var libc_umask_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_umask umask "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlink(path string) (err error) {
@@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	_, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlink_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlink unlink "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unlinkat(dirfd int, path string, flags int) (err error) {
@@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	_, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unlinkat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Unmount(path string, flags int) (err error) {
@@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	_, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_unmount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unmount unmount "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func write(fd int, p []byte) (n int, err error) {
@@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) {
 	return
 }
 
+var libc_write_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_write write "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0)
+	r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
 	ret = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 	return
 }
 
+var libc_mmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mmap mmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
+	_, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 
+var libc_munmap_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_munmap munmap "libc.so"
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
-	r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
+	r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf))
 	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
+	_, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
+
+var libc_utimensat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
new file mode 100644
index 000000000..4efeff9ab
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -0,0 +1,796 @@
+// go run mkasm.go openbsd arm64
+// Code generated by the command above; DO NOT EDIT.
+
+#include "textflag.h"
+
+TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgroups(SB)
+
+GLOBL	·libc_getgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB)
+
+TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgroups(SB)
+
+GLOBL	·libc_setgroups_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB)
+
+TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_wait4(SB)
+
+GLOBL	·libc_wait4_trampoline_addr(SB), RODATA, $8
+DATA	·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB)
+
+TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_accept(SB)
+
+GLOBL	·libc_accept_trampoline_addr(SB), RODATA, $8
+DATA	·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB)
+
+TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_bind(SB)
+
+GLOBL	·libc_bind_trampoline_addr(SB), RODATA, $8
+DATA	·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB)
+
+TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connect(SB)
+
+GLOBL	·libc_connect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB)
+
+TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socket(SB)
+
+GLOBL	·libc_socket_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB)
+
+TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockopt(SB)
+
+GLOBL	·libc_getsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB)
+
+TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsockopt(SB)
+
+GLOBL	·libc_setsockopt_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB)
+
+TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpeername(SB)
+
+GLOBL	·libc_getpeername_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB)
+
+TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsockname(SB)
+
+GLOBL	·libc_getsockname_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB)
+
+TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_shutdown(SB)
+
+GLOBL	·libc_shutdown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB)
+
+TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_socketpair(SB)
+
+GLOBL	·libc_socketpair_trampoline_addr(SB), RODATA, $8
+DATA	·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB)
+
+TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvfrom(SB)
+
+GLOBL	·libc_recvfrom_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB)
+
+TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendto(SB)
+
+GLOBL	·libc_sendto_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB)
+
+TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_recvmsg(SB)
+
+GLOBL	·libc_recvmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB)
+
+TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sendmsg(SB)
+
+GLOBL	·libc_sendmsg_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB)
+
+TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kevent(SB)
+
+GLOBL	·libc_kevent_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB)
+
+TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimes(SB)
+
+GLOBL	·libc_utimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB)
+
+TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_futimes(SB)
+
+GLOBL	·libc_futimes_trampoline_addr(SB), RODATA, $8
+DATA	·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB)
+
+TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_poll(SB)
+
+GLOBL	·libc_poll_trampoline_addr(SB), RODATA, $8
+DATA	·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB)
+
+TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_madvise(SB)
+
+GLOBL	·libc_madvise_trampoline_addr(SB), RODATA, $8
+DATA	·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB)
+
+TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlock(SB)
+
+GLOBL	·libc_mlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB)
+
+TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mlockall(SB)
+
+GLOBL	·libc_mlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB)
+
+TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mprotect(SB)
+
+GLOBL	·libc_mprotect_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB)
+
+TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_msync(SB)
+
+GLOBL	·libc_msync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB)
+
+TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlock(SB)
+
+GLOBL	·libc_munlock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB)
+
+TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munlockall(SB)
+
+GLOBL	·libc_munlockall_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB)
+
+TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pipe2(SB)
+
+GLOBL	·libc_pipe2_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB)
+
+TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getdents(SB)
+
+GLOBL	·libc_getdents_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB)
+
+TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getcwd(SB)
+
+GLOBL	·libc_getcwd_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB)
+
+TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ioctl(SB)
+
+GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
+TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ppoll(SB)
+
+GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB)
+
+TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_access(SB)
+
+GLOBL	·libc_access_trampoline_addr(SB), RODATA, $8
+DATA	·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB)
+
+TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_adjtime(SB)
+
+GLOBL	·libc_adjtime_trampoline_addr(SB), RODATA, $8
+DATA	·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB)
+
+TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chdir(SB)
+
+GLOBL	·libc_chdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB)
+
+TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chflags(SB)
+
+GLOBL	·libc_chflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB)
+
+TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chmod(SB)
+
+GLOBL	·libc_chmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB)
+
+TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chown(SB)
+
+GLOBL	·libc_chown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB)
+
+TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_chroot(SB)
+
+GLOBL	·libc_chroot_trampoline_addr(SB), RODATA, $8
+DATA	·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB)
+
+TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_close(SB)
+
+GLOBL	·libc_close_trampoline_addr(SB), RODATA, $8
+DATA	·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB)
+
+TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup(SB)
+
+GLOBL	·libc_dup_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB)
+
+TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup2(SB)
+
+GLOBL	·libc_dup2_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB)
+
+TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_dup3(SB)
+
+GLOBL	·libc_dup3_trampoline_addr(SB), RODATA, $8
+DATA	·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB)
+
+TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_exit(SB)
+
+GLOBL	·libc_exit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB)
+
+TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_faccessat(SB)
+
+GLOBL	·libc_faccessat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB)
+
+TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchdir(SB)
+
+GLOBL	·libc_fchdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB)
+
+TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchflags(SB)
+
+GLOBL	·libc_fchflags_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB)
+
+TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmod(SB)
+
+GLOBL	·libc_fchmod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB)
+
+TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchmodat(SB)
+
+GLOBL	·libc_fchmodat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB)
+
+TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchown(SB)
+
+GLOBL	·libc_fchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB)
+
+TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fchownat(SB)
+
+GLOBL	·libc_fchownat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB)
+
+TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_flock(SB)
+
+GLOBL	·libc_flock_trampoline_addr(SB), RODATA, $8
+DATA	·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB)
+
+TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fpathconf(SB)
+
+GLOBL	·libc_fpathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB)
+
+TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstat(SB)
+
+GLOBL	·libc_fstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB)
+
+TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatat(SB)
+
+GLOBL	·libc_fstatat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB)
+
+TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fstatfs(SB)
+
+GLOBL	·libc_fstatfs_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB)
+
+TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fsync(SB)
+
+GLOBL	·libc_fsync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB)
+
+TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_ftruncate(SB)
+
+GLOBL	·libc_ftruncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB)
+
+TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getegid(SB)
+
+GLOBL	·libc_getegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB)
+
+TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_geteuid(SB)
+
+GLOBL	·libc_geteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB)
+
+TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getgid(SB)
+
+GLOBL	·libc_getgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB)
+
+TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgid(SB)
+
+GLOBL	·libc_getpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB)
+
+TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpgrp(SB)
+
+GLOBL	·libc_getpgrp_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB)
+
+TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpid(SB)
+
+GLOBL	·libc_getpid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB)
+
+TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getppid(SB)
+
+GLOBL	·libc_getppid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB)
+
+TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getpriority(SB)
+
+GLOBL	·libc_getpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB)
+
+TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrlimit(SB)
+
+GLOBL	·libc_getrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB)
+
+TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrtable(SB)
+
+GLOBL	·libc_getrtable_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB)
+
+TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getrusage(SB)
+
+GLOBL	·libc_getrusage_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB)
+
+TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getsid(SB)
+
+GLOBL	·libc_getsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB)
+
+TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_gettimeofday(SB)
+
+GLOBL	·libc_gettimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB)
+
+TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getuid(SB)
+
+GLOBL	·libc_getuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB)
+
+TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_issetugid(SB)
+
+GLOBL	·libc_issetugid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB)
+
+TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kill(SB)
+
+GLOBL	·libc_kill_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB)
+
+TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_kqueue(SB)
+
+GLOBL	·libc_kqueue_trampoline_addr(SB), RODATA, $8
+DATA	·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB)
+
+TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lchown(SB)
+
+GLOBL	·libc_lchown_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB)
+
+TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_link(SB)
+
+GLOBL	·libc_link_trampoline_addr(SB), RODATA, $8
+DATA	·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB)
+
+TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_linkat(SB)
+
+GLOBL	·libc_linkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB)
+
+TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_listen(SB)
+
+GLOBL	·libc_listen_trampoline_addr(SB), RODATA, $8
+DATA	·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB)
+
+TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lstat(SB)
+
+GLOBL	·libc_lstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB)
+
+TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdir(SB)
+
+GLOBL	·libc_mkdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB)
+
+TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkdirat(SB)
+
+GLOBL	·libc_mkdirat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB)
+
+TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifo(SB)
+
+GLOBL	·libc_mkfifo_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB)
+
+TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mkfifoat(SB)
+
+GLOBL	·libc_mkfifoat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB)
+
+TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknod(SB)
+
+GLOBL	·libc_mknod_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB)
+
+TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mknodat(SB)
+
+GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
+
+TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_nanosleep(SB)
+
+GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $8
+DATA	·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB)
+
+TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_open(SB)
+
+GLOBL	·libc_open_trampoline_addr(SB), RODATA, $8
+DATA	·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB)
+
+TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_openat(SB)
+
+GLOBL	·libc_openat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB)
+
+TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pathconf(SB)
+
+GLOBL	·libc_pathconf_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB)
+
+TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pread(SB)
+
+GLOBL	·libc_pread_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB)
+
+TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwrite(SB)
+
+GLOBL	·libc_pwrite_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB)
+
+TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_read(SB)
+
+GLOBL	·libc_read_trampoline_addr(SB), RODATA, $8
+DATA	·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB)
+
+TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlink(SB)
+
+GLOBL	·libc_readlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB)
+
+TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readlinkat(SB)
+
+GLOBL	·libc_readlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB)
+
+TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rename(SB)
+
+GLOBL	·libc_rename_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB)
+
+TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameat(SB)
+
+GLOBL	·libc_renameat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB)
+
+TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_revoke(SB)
+
+GLOBL	·libc_revoke_trampoline_addr(SB), RODATA, $8
+DATA	·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB)
+
+TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_rmdir(SB)
+
+GLOBL	·libc_rmdir_trampoline_addr(SB), RODATA, $8
+DATA	·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB)
+
+TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_lseek(SB)
+
+GLOBL	·libc_lseek_trampoline_addr(SB), RODATA, $8
+DATA	·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB)
+
+TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_select(SB)
+
+GLOBL	·libc_select_trampoline_addr(SB), RODATA, $8
+DATA	·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB)
+
+TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setegid(SB)
+
+GLOBL	·libc_setegid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB)
+
+TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_seteuid(SB)
+
+GLOBL	·libc_seteuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB)
+
+TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setgid(SB)
+
+GLOBL	·libc_setgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB)
+
+TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setlogin(SB)
+
+GLOBL	·libc_setlogin_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB)
+
+TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpgid(SB)
+
+GLOBL	·libc_setpgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB)
+
+TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setpriority(SB)
+
+GLOBL	·libc_setpriority_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB)
+
+TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setregid(SB)
+
+GLOBL	·libc_setregid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB)
+
+TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setreuid(SB)
+
+GLOBL	·libc_setreuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB)
+
+TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresgid(SB)
+
+GLOBL	·libc_setresgid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB)
+
+TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setresuid(SB)
+
+GLOBL	·libc_setresuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB)
+
+TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrlimit(SB)
+
+GLOBL	·libc_setrlimit_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB)
+
+TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setrtable(SB)
+
+GLOBL	·libc_setrtable_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB)
+
+TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setsid(SB)
+
+GLOBL	·libc_setsid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB)
+
+TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_settimeofday(SB)
+
+GLOBL	·libc_settimeofday_trampoline_addr(SB), RODATA, $8
+DATA	·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB)
+
+TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_setuid(SB)
+
+GLOBL	·libc_setuid_trampoline_addr(SB), RODATA, $8
+DATA	·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB)
+
+TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_stat(SB)
+
+GLOBL	·libc_stat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB)
+
+TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_statfs(SB)
+
+GLOBL	·libc_statfs_trampoline_addr(SB), RODATA, $8
+DATA	·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB)
+
+TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlink(SB)
+
+GLOBL	·libc_symlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB)
+
+TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_symlinkat(SB)
+
+GLOBL	·libc_symlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB)
+
+TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sync(SB)
+
+GLOBL	·libc_sync_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB)
+
+TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_truncate(SB)
+
+GLOBL	·libc_truncate_trampoline_addr(SB), RODATA, $8
+DATA	·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB)
+
+TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_umask(SB)
+
+GLOBL	·libc_umask_trampoline_addr(SB), RODATA, $8
+DATA	·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB)
+
+TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlink(SB)
+
+GLOBL	·libc_unlink_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB)
+
+TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unlinkat(SB)
+
+GLOBL	·libc_unlinkat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB)
+
+TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unmount(SB)
+
+GLOBL	·libc_unmount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB)
+
+TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_write(SB)
+
+GLOBL	·libc_write_trampoline_addr(SB), RODATA, $8
+DATA	·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB)
+
+TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mmap(SB)
+
+GLOBL	·libc_mmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB)
+
+TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_munmap(SB)
+
+GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
+TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_utimensat(SB)
+
+GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 62192e1de..c9c4ad031 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m32 /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/386/include -m32 /tmp/386/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index 490aab5d2..12ff3417c 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m64 /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/amd64/include -m64 /tmp/amd64/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index aca17b6fa..c3fb5e77a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/arm/include /tmp/arm/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 54b4dfa54..358c847a4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/arm64/include -fsigned-char /tmp/arm64/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index 44a764c99..81c4849b1 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/loong64/include /tmp/loong64/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 65a99efc2..202a57e90 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mips/include /tmp/mips/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 841c8a668..1fbceb52d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mips64/include /tmp/mips64/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index e26a7c765..b4ffb7a20 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mips64le/include /tmp/mips64le/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 26447260a..867985f9b 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mipsle/include /tmp/mipsle/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index 26aefc186..a8cce69ed 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/ppc/include /tmp/ppc/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index 8d4cd9d99..d44c5b39d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/ppc64/include /tmp/ppc64/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index 3b405d1f8..4214dd9c0 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/ppc64le/include /tmp/ppc64le/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 3a9c96b28..3e594a8c0 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/riscv64/include /tmp/riscv64/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 8ffa66469..7ea465204 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/s390x/include -fsigned-char /tmp/s390x/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 6a39640e7..92f628ef4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -1,4 +1,4 @@
-// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/sparc64/include /tmp/sparc64/include/asm/unistd.h
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
index 817edbf95..597733813 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -6,6 +6,7 @@
 
 package unix
 
+// Deprecated: Use libc wrappers instead of direct syscalls.
 const (
 	SYS_EXIT           = 1   // { void sys_exit(int rval); }
 	SYS_FORK           = 2   // { int sys_fork(void); }
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
index ea453614e..16af29189 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -6,6 +6,7 @@
 
 package unix
 
+// Deprecated: Use libc wrappers instead of direct syscalls.
 const (
 	SYS_EXIT           = 1   // { void sys_exit(int rval); }
 	SYS_FORK           = 2   // { int sys_fork(void); }
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
index 467971eed..f59b18a97 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -6,6 +6,7 @@
 
 package unix
 
+// Deprecated: Use libc wrappers instead of direct syscalls.
 const (
 	SYS_EXIT           = 1   // { void sys_exit(int rval); }
 	SYS_FORK           = 2   // { int sys_fork(void); }
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
index 32eec5ed5..721ef5910 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -6,6 +6,7 @@
 
 package unix
 
+// Deprecated: Use libc wrappers instead of direct syscalls.
 const (
 	SYS_EXIT           = 1   // { void sys_exit(int rval); }
 	SYS_FORK           = 2   // { int sys_fork(void); }
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index dea0c9a60..d9c78cdcb 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -294,7 +294,7 @@ type PtraceLwpInfoStruct struct {
 	Flags        int32
 	Sigmask      Sigset_t
 	Siglist      Sigset_t
-	Siginfo      __Siginfo
+	Siginfo      __PtraceSiginfo
 	Tdname       [20]int8
 	Child_pid    int32
 	Syscall_code uint32
@@ -312,6 +312,17 @@ type __Siginfo struct {
 	Value  [4]byte
 	_      [32]byte
 }
+type __PtraceSiginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   uintptr
+	Value  [4]byte
+	_      [32]byte
+}
 
 type Sigset_t struct {
 	Val [4]uint32
@@ -350,8 +361,8 @@ type FpExtendedPrecision struct{}
 
 type PtraceIoDesc struct {
 	Op   int32
-	Offs *byte
-	Addr *byte
+	Offs uintptr
+	Addr uintptr
 	Len  uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index da0ea0d60..26991b165 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -291,7 +291,7 @@ type PtraceLwpInfoStruct struct {
 	Flags        int32
 	Sigmask      Sigset_t
 	Siglist      Sigset_t
-	Siginfo      __Siginfo
+	Siginfo      __PtraceSiginfo
 	Tdname       [20]int8
 	Child_pid    int32
 	Syscall_code uint32
@@ -310,6 +310,18 @@ type __Siginfo struct {
 	_      [40]byte
 }
 
+type __PtraceSiginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   uintptr
+	Value  [8]byte
+	_      [40]byte
+}
+
 type Sigset_t struct {
 	Val [4]uint32
 }
@@ -354,8 +366,8 @@ type FpExtendedPrecision struct{}
 
 type PtraceIoDesc struct {
 	Op   int32
-	Offs *byte
-	Addr *byte
+	Offs uintptr
+	Addr uintptr
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index da8f74045..f8324e7e7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -293,7 +293,7 @@ type PtraceLwpInfoStruct struct {
 	Flags        int32
 	Sigmask      Sigset_t
 	Siglist      Sigset_t
-	Siginfo      __Siginfo
+	Siginfo      __PtraceSiginfo
 	Tdname       [20]int8
 	Child_pid    int32
 	Syscall_code uint32
@@ -312,6 +312,18 @@ type __Siginfo struct {
 	_      [32]byte
 }
 
+type __PtraceSiginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   uintptr
+	Value  [4]byte
+	_      [32]byte
+}
+
 type Sigset_t struct {
 	Val [4]uint32
 }
@@ -337,8 +349,8 @@ type FpExtendedPrecision struct {
 
 type PtraceIoDesc struct {
 	Op   int32
-	Offs *byte
-	Addr *byte
+	Offs uintptr
+	Addr uintptr
 	Len  uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index d69988e5e..4220411f3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -291,7 +291,7 @@ type PtraceLwpInfoStruct struct {
 	Flags        int32
 	Sigmask      Sigset_t
 	Siglist      Sigset_t
-	Siginfo      __Siginfo
+	Siginfo      __PtraceSiginfo
 	Tdname       [20]int8
 	Child_pid    int32
 	Syscall_code uint32
@@ -310,6 +310,18 @@ type __Siginfo struct {
 	_      [40]byte
 }
 
+type __PtraceSiginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   uintptr
+	Value  [8]byte
+	_      [40]byte
+}
+
 type Sigset_t struct {
 	Val [4]uint32
 }
@@ -334,8 +346,8 @@ type FpExtendedPrecision struct{}
 
 type PtraceIoDesc struct {
 	Op   int32
-	Offs *byte
-	Addr *byte
+	Offs uintptr
+	Addr uintptr
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index d6fd9e883..0660fd45c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -291,7 +291,7 @@ type PtraceLwpInfoStruct struct {
 	Flags        int32
 	Sigmask      Sigset_t
 	Siglist      Sigset_t
-	Siginfo      __Siginfo
+	Siginfo      __PtraceSiginfo
 	Tdname       [20]int8
 	Child_pid    int32
 	Syscall_code uint32
@@ -310,6 +310,18 @@ type __Siginfo struct {
 	_      [40]byte
 }
 
+type __PtraceSiginfo struct {
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   uintptr
+	Value  [8]byte
+	_      [40]byte
+}
+
 type Sigset_t struct {
 	Val [4]uint32
 }
@@ -335,8 +347,8 @@ type FpExtendedPrecision struct{}
 
 type PtraceIoDesc struct {
 	Op   int32
-	Offs *byte
-	Addr *byte
+	Offs uintptr
+	Addr uintptr
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 869847987..ff6881167 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -945,6 +945,9 @@ type PerfEventAttr struct {
 	Aux_watermark      uint32
 	Sample_max_stack   uint16
 	_                  uint16
+	Aux_sample_size    uint32
+	_                  uint32
+	Sig_data           uint64
 }
 
 type PerfEventMmapPage struct {
@@ -1463,6 +1466,11 @@ const (
 	IFLA_ALT_IFNAME                            = 0x35
 	IFLA_PERM_ADDRESS                          = 0x36
 	IFLA_PROTO_DOWN_REASON                     = 0x37
+	IFLA_PARENT_DEV_NAME                       = 0x38
+	IFLA_PARENT_DEV_BUS_NAME                   = 0x39
+	IFLA_GRO_MAX_SIZE                          = 0x3a
+	IFLA_TSO_MAX_SIZE                          = 0x3b
+	IFLA_TSO_MAX_SEGS                          = 0x3c
 	IFLA_PROTO_DOWN_REASON_UNSPEC              = 0x0
 	IFLA_PROTO_DOWN_REASON_MASK                = 0x1
 	IFLA_PROTO_DOWN_REASON_VALUE               = 0x2
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 7551af483..263604401 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/386/cgo -- -Wall -Werror -static -I/tmp/386/include -m32 linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 3e738ac0b..8187489d1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/amd64/cgo -- -Wall -Werror -static -I/tmp/amd64/include -m64 linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index 6183eef4a..d1612335f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/arm/cgo -- -Wall -Werror -static -I/tmp/arm/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 968cecb17..c28e5556b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/arm64/cgo -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 8fe4c522a..187061f9f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/loong64/cgo -- -Wall -Werror -static -I/tmp/loong64/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 11426a301..369129917 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/mips/cgo -- -Wall -Werror -static -I/tmp/mips/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index ad1c3b3de..7473468d7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/mips64/cgo -- -Wall -Werror -static -I/tmp/mips64/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 15fd84e4d..ed9448524 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/mips64le/cgo -- -Wall -Werror -static -I/tmp/mips64le/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index 49c49825a..0892a73a4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/mipsle/cgo -- -Wall -Werror -static -I/tmp/mipsle/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index cd36d0da2..e1dd48333 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/ppc/cgo -- -Wall -Werror -static -I/tmp/ppc/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 8c6fce039..d9f654c7b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/ppc64/cgo -- -Wall -Werror -static -I/tmp/ppc64/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index 20910f2ad..74acda9fe 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/ppc64le/cgo -- -Wall -Werror -static -I/tmp/ppc64le/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 71b7b3331..50ebe69eb 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/riscv64/cgo -- -Wall -Werror -static -I/tmp/riscv64/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index 71184cc2c..75b34c259 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/s390x/cgo -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 06156285d..429c3bf7d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -1,4 +1,4 @@
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go
+// cgo -godefs -objdir=/tmp/sparc64/cgo -- -Wall -Werror -static -I/tmp/sparc64/include linux/types.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
diff --git a/vendor/golang.org/x/sys/windows/setupapi_windows.go b/vendor/golang.org/x/sys/windows/setupapi_windows.go
index 14027da3f..f8126482f 100644
--- a/vendor/golang.org/x/sys/windows/setupapi_windows.go
+++ b/vendor/golang.org/x/sys/windows/setupapi_windows.go
@@ -296,7 +296,7 @@ const (
 	// Flag to indicate that the sorting from the INF file should be used.
 	DI_INF_IS_SORTED DI_FLAGS = 0x00008000
 
-	// Flag to indicate that only the the INF specified by SP_DEVINSTALL_PARAMS.DriverPath should be searched.
+	// Flag to indicate that only the INF specified by SP_DEVINSTALL_PARAMS.DriverPath should be searched.
 	DI_ENUMSINGLEINF DI_FLAGS = 0x00010000
 
 	// Flag that prevents ConfigMgr from removing/re-enumerating devices during device
diff --git a/vendor/golang.org/x/sys/windows/svc/eventlog/install.go b/vendor/golang.org/x/sys/windows/svc/eventlog/install.go
new file mode 100644
index 000000000..43e324f4b
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/svc/eventlog/install.go
@@ -0,0 +1,81 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows
+// +build windows
+
+package eventlog
+
+import (
+	"errors"
+
+	"golang.org/x/sys/windows"
+	"golang.org/x/sys/windows/registry"
+)
+
+const (
+	// Log levels.
+	Info    = windows.EVENTLOG_INFORMATION_TYPE
+	Warning = windows.EVENTLOG_WARNING_TYPE
+	Error   = windows.EVENTLOG_ERROR_TYPE
+)
+
+const addKeyName = `SYSTEM\CurrentControlSet\Services\EventLog\Application`
+
+// Install modifies PC registry to allow logging with an event source src.
+// It adds all required keys and values to the event log registry key.
+// Install uses msgFile as the event message file. If useExpandKey is true,
+// the event message file is installed as REG_EXPAND_SZ value,
+// otherwise as REG_SZ. Use bitwise of log.Error, log.Warning and
+// log.Info to specify events supported by the new event source.
+func Install(src, msgFile string, useExpandKey bool, eventsSupported uint32) error {
+	appkey, err := registry.OpenKey(registry.LOCAL_MACHINE, addKeyName, registry.CREATE_SUB_KEY)
+	if err != nil {
+		return err
+	}
+	defer appkey.Close()
+
+	sk, alreadyExist, err := registry.CreateKey(appkey, src, registry.SET_VALUE)
+	if err != nil {
+		return err
+	}
+	defer sk.Close()
+	if alreadyExist {
+		return errors.New(addKeyName + `\` + src + " registry key already exists")
+	}
+
+	err = sk.SetDWordValue("CustomSource", 1)
+	if err != nil {
+		return err
+	}
+	if useExpandKey {
+		err = sk.SetExpandStringValue("EventMessageFile", msgFile)
+	} else {
+		err = sk.SetStringValue("EventMessageFile", msgFile)
+	}
+	if err != nil {
+		return err
+	}
+	err = sk.SetDWordValue("TypesSupported", eventsSupported)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// InstallAsEventCreate is the same as Install, but uses
+// %SystemRoot%\System32\EventCreate.exe as the event message file.
+func InstallAsEventCreate(src string, eventsSupported uint32) error {
+	return Install(src, "%SystemRoot%\\System32\\EventCreate.exe", true, eventsSupported)
+}
+
+// Remove deletes all registry elements installed by the correspondent Install.
+func Remove(src string) error {
+	appkey, err := registry.OpenKey(registry.LOCAL_MACHINE, addKeyName, registry.SET_VALUE)
+	if err != nil {
+		return err
+	}
+	defer appkey.Close()
+	return registry.DeleteKey(appkey, src)
+}
diff --git a/vendor/golang.org/x/sys/windows/svc/eventlog/log.go b/vendor/golang.org/x/sys/windows/svc/eventlog/log.go
new file mode 100644
index 000000000..f37b4b510
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/svc/eventlog/log.go
@@ -0,0 +1,70 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows
+// +build windows
+
+// Package eventlog implements access to Windows event log.
+package eventlog
+
+import (
+	"errors"
+	"syscall"
+
+	"golang.org/x/sys/windows"
+)
+
+// Log provides access to the system log.
+type Log struct {
+	Handle windows.Handle
+}
+
+// Open retrieves a handle to the specified event log.
+func Open(source string) (*Log, error) {
+	return OpenRemote("", source)
+}
+
+// OpenRemote does the same as Open, but on different computer host.
+func OpenRemote(host, source string) (*Log, error) {
+	if source == "" {
+		return nil, errors.New("Specify event log source")
+	}
+	var s *uint16
+	if host != "" {
+		s = syscall.StringToUTF16Ptr(host)
+	}
+	h, err := windows.RegisterEventSource(s, syscall.StringToUTF16Ptr(source))
+	if err != nil {
+		return nil, err
+	}
+	return &Log{Handle: h}, nil
+}
+
+// Close closes event log l.
+func (l *Log) Close() error {
+	return windows.DeregisterEventSource(l.Handle)
+}
+
+func (l *Log) report(etype uint16, eid uint32, msg string) error {
+	ss := []*uint16{syscall.StringToUTF16Ptr(msg)}
+	return windows.ReportEvent(l.Handle, etype, 0, eid, 0, 1, 0, &ss[0], nil)
+}
+
+// Info writes an information event msg with event id eid to the end of event log l.
+// When EventCreate.exe is used, eid must be between 1 and 1000.
+func (l *Log) Info(eid uint32, msg string) error {
+	return l.report(windows.EVENTLOG_INFORMATION_TYPE, eid, msg)
+}
+
+// Warning writes an warning event msg with event id eid to the end of event log l.
+// When EventCreate.exe is used, eid must be between 1 and 1000.
+func (l *Log) Warning(eid uint32, msg string) error {
+	return l.report(windows.EVENTLOG_WARNING_TYPE, eid, msg)
+}
+
+// Error writes an error event msg with event id eid to the end of event log l.
+// When EventCreate.exe is used, eid must be between 1 and 1000.
+func (l *Log) Error(eid uint32, msg string) error {
+	return l.report(windows.EVENTLOG_ERROR_TYPE, eid, msg)
+}
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index be3ec2bd4..e27913817 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -417,6 +417,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb uint32) (err error) = psapi.GetModuleInformation
 //sys	GetModuleFileNameEx(process Handle, module Handle, filename *uint16, size uint32) (err error) = psapi.GetModuleFileNameExW
 //sys	GetModuleBaseName(process Handle, module Handle, baseName *uint16, size uint32) (err error) = psapi.GetModuleBaseNameW
+//sys   QueryWorkingSetEx(process Handle, pv uintptr, cb uint32) (err error) = psapi.QueryWorkingSetEx
 
 // NT Native APIs
 //sys	rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) = ntdll.RtlNtStatusToDosErrorNoTeb
@@ -971,6 +972,32 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
 	return unsafe.Pointer(&sa.raw), sl, nil
 }
 
+type RawSockaddrBth struct {
+	AddressFamily  [2]byte
+	BtAddr         [8]byte
+	ServiceClassId [16]byte
+	Port           [4]byte
+}
+
+type SockaddrBth struct {
+	BtAddr         uint64
+	ServiceClassId GUID
+	Port           uint32
+
+	raw RawSockaddrBth
+}
+
+func (sa *SockaddrBth) sockaddr() (unsafe.Pointer, int32, error) {
+	family := AF_BTH
+	sa.raw = RawSockaddrBth{
+		AddressFamily:  *(*[2]byte)(unsafe.Pointer(&family)),
+		BtAddr:         *(*[8]byte)(unsafe.Pointer(&sa.BtAddr)),
+		Port:           *(*[4]byte)(unsafe.Pointer(&sa.Port)),
+		ServiceClassId: *(*[16]byte)(unsafe.Pointer(&sa.ServiceClassId)),
+	}
+	return unsafe.Pointer(&sa.raw), int32(unsafe.Sizeof(sa.raw)), nil
+}
+
 func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
 	switch rsa.Addr.Family {
 	case AF_UNIX:
@@ -1707,3 +1734,71 @@ func LoadResourceData(module, resInfo Handle) (data []byte, err error) {
 	h.Cap = int(size)
 	return
 }
+
+// PSAPI_WORKING_SET_EX_BLOCK contains extended working set information for a page.
+type PSAPI_WORKING_SET_EX_BLOCK uint64
+
+// Valid returns the validity of this page.
+// If this bit is 1, the subsequent members are valid; otherwise they should be ignored.
+func (b PSAPI_WORKING_SET_EX_BLOCK) Valid() bool {
+	return (b & 1) == 1
+}
+
+// ShareCount is the number of processes that share this page. The maximum value of this member is 7.
+func (b PSAPI_WORKING_SET_EX_BLOCK) ShareCount() uint64 {
+	return b.intField(1, 3)
+}
+
+// Win32Protection is the memory protection attributes of the page. For a list of values, see
+// https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants
+func (b PSAPI_WORKING_SET_EX_BLOCK) Win32Protection() uint64 {
+	return b.intField(4, 11)
+}
+
+// Shared returns the shared status of this page.
+// If this bit is 1, the page can be shared.
+func (b PSAPI_WORKING_SET_EX_BLOCK) Shared() bool {
+	return (b & (1 << 15)) == 1
+}
+
+// Node is the NUMA node. The maximum value of this member is 63.
+func (b PSAPI_WORKING_SET_EX_BLOCK) Node() uint64 {
+	return b.intField(16, 6)
+}
+
+// Locked returns the locked status of this page.
+// If this bit is 1, the virtual page is locked in physical memory.
+func (b PSAPI_WORKING_SET_EX_BLOCK) Locked() bool {
+	return (b & (1 << 22)) == 1
+}
+
+// LargePage returns the large page status of this page.
+// If this bit is 1, the page is a large page.
+func (b PSAPI_WORKING_SET_EX_BLOCK) LargePage() bool {
+	return (b & (1 << 23)) == 1
+}
+
+// Bad returns the bad status of this page.
+// If this bit is 1, the page is has been reported as bad.
+func (b PSAPI_WORKING_SET_EX_BLOCK) Bad() bool {
+	return (b & (1 << 31)) == 1
+}
+
+// intField extracts an integer field in the PSAPI_WORKING_SET_EX_BLOCK union.
+func (b PSAPI_WORKING_SET_EX_BLOCK) intField(start, length int) uint64 {
+	var mask PSAPI_WORKING_SET_EX_BLOCK
+	for pos := start; pos < start+length; pos++ {
+		mask |= (1 << pos)
+	}
+
+	masked := b & mask
+	return uint64(masked >> start)
+}
+
+// PSAPI_WORKING_SET_EX_INFORMATION contains extended working set information for a process.
+type PSAPI_WORKING_SET_EX_INFORMATION struct {
+	// The virtual address.
+	VirtualAddress Pointer
+	// A PSAPI_WORKING_SET_EX_BLOCK union that indicates the attributes of the page at VirtualAddress.
+	VirtualAttributes PSAPI_WORKING_SET_EX_BLOCK
+}
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 678262cda..52d4742cb 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -408,6 +408,7 @@ var (
 	procGetModuleBaseNameW                                   = modpsapi.NewProc("GetModuleBaseNameW")
 	procGetModuleFileNameExW                                 = modpsapi.NewProc("GetModuleFileNameExW")
 	procGetModuleInformation                                 = modpsapi.NewProc("GetModuleInformation")
+	procQueryWorkingSetEx                                    = modpsapi.NewProc("QueryWorkingSetEx")
 	procSubscribeServiceChangeNotifications                  = modsechost.NewProc("SubscribeServiceChangeNotifications")
 	procUnsubscribeServiceChangeNotifications                = modsechost.NewProc("UnsubscribeServiceChangeNotifications")
 	procGetUserNameExW                                       = modsecur32.NewProc("GetUserNameExW")
@@ -3504,6 +3505,14 @@ func GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb
 	return
 }
 
+func QueryWorkingSetEx(process Handle, pv uintptr, cb uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procQueryWorkingSetEx.Addr(), 3, uintptr(process), uintptr(pv), uintptr(cb))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SubscribeServiceChangeNotifications(service Handle, eventType uint32, callback uintptr, callbackCtx uintptr, subscription *uintptr) (ret error) {
 	ret = procSubscribeServiceChangeNotifications.Find()
 	if ret != nil {
diff --git a/vendor/golang.org/x/term/go.mod b/vendor/golang.org/x/term/go.mod
deleted file mode 100644
index edf0e5b1d..000000000
--- a/vendor/golang.org/x/term/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module golang.org/x/term
-
-go 1.17
-
-require golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1
diff --git a/vendor/golang.org/x/term/go.sum b/vendor/golang.org/x/term/go.sum
deleted file mode 100644
index ff132135e..000000000
--- a/vendor/golang.org/x/term/go.sum
+++ /dev/null
@@ -1,2 +0,0 @@
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/vendor/golang.org/x/tools/AUTHORS b/vendor/golang.org/x/tools/AUTHORS
deleted file mode 100644
index 15167cd74..000000000
--- a/vendor/golang.org/x/tools/AUTHORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at http://tip.golang.org/AUTHORS.
diff --git a/vendor/golang.org/x/tools/CONTRIBUTORS b/vendor/golang.org/x/tools/CONTRIBUTORS
deleted file mode 100644
index 1c4577e96..000000000
--- a/vendor/golang.org/x/tools/CONTRIBUTORS
+++ /dev/null
@@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at http://tip.golang.org/CONTRIBUTORS.
diff --git a/vendor/golang.org/x/tools/go/ast/inspector/typeof.go b/vendor/golang.org/x/tools/go/ast/inspector/typeof.go
index 11f4fc369..11ab2bc85 100644
--- a/vendor/golang.org/x/tools/go/ast/inspector/typeof.go
+++ b/vendor/golang.org/x/tools/go/ast/inspector/typeof.go
@@ -77,12 +77,14 @@ const (
 // typeOf returns a distinct single-bit value that represents the type of n.
 //
 // Various implementations were benchmarked with BenchmarkNewInspector:
-//								GOGC=off
-// - type switch				4.9-5.5ms	2.1ms
-// - binary search over a sorted list of types  5.5-5.9ms	2.5ms
-// - linear scan, frequency-ordered list 	5.9-6.1ms	2.7ms
-// - linear scan, unordered list		6.4ms		2.7ms
-// - hash table					6.5ms		3.1ms
+//
+//	                                                                GOGC=off
+//	- type switch					4.9-5.5ms	2.1ms
+//	- binary search over a sorted list of types	5.5-5.9ms	2.5ms
+//	- linear scan, frequency-ordered list		5.9-6.1ms	2.7ms
+//	- linear scan, unordered list			6.4ms		2.7ms
+//	- hash table					6.5ms		3.1ms
+//
 // A perfect hash seemed like overkill.
 //
 // The compiler's switch statement is the clear winner
@@ -90,7 +92,6 @@ const (
 // with constant conditions and good branch prediction.
 // (Sadly it is the most verbose in source code.)
 // Binary search suffered from poor branch prediction.
-//
 func typeOf(n ast.Node) uint64 {
 	// Fast path: nearly half of all nodes are identifiers.
 	if _, ok := n.(*ast.Ident); ok {
diff --git a/vendor/golang.org/x/tools/internal/typeparams/common.go b/vendor/golang.org/x/tools/internal/typeparams/common.go
index ab6b30b83..25a1426d3 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/common.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/common.go
@@ -16,11 +16,10 @@
 // Additionally, this package contains common utilities for working with the
 // new generic constructs, to supplement the standard library APIs. Notably,
 // the StructuralTerms API computes a minimal representation of the structural
-// restrictions on a type parameter. In the future, this API may be available
-// from go/types.
+// restrictions on a type parameter.
 //
-// See the example/README.md for a more detailed guide on how to update tools
-// to support generics.
+// An external version of these APIs is available in the
+// golang.org/x/exp/typeparams module.
 package typeparams
 
 import (
@@ -121,15 +120,15 @@ func OriginMethod(fn *types.Func) *types.Func {
 //
 // For example, consider the following type declarations:
 //
-//  type Interface[T any] interface {
-//  	Accept(T)
-//  }
+//	type Interface[T any] interface {
+//		Accept(T)
+//	}
 //
-//  type Container[T any] struct {
-//  	Element T
-//  }
+//	type Container[T any] struct {
+//		Element T
+//	}
 //
-//  func (c Container[T]) Accept(t T) { c.Element = t }
+//	func (c Container[T]) Accept(t T) { c.Element = t }
 //
 // In this case, GenericAssignableTo reports that instantiations of Container
 // are assignable to the corresponding instantiation of Interface.
diff --git a/vendor/golang.org/x/tools/internal/typeparams/coretype.go b/vendor/golang.org/x/tools/internal/typeparams/coretype.go
new file mode 100644
index 000000000..993135ec9
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typeparams/coretype.go
@@ -0,0 +1,122 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package typeparams
+
+import (
+	"go/types"
+)
+
+// CoreType returns the core type of T or nil if T does not have a core type.
+//
+// See https://go.dev/ref/spec#Core_types for the definition of a core type.
+func CoreType(T types.Type) types.Type {
+	U := T.Underlying()
+	if _, ok := U.(*types.Interface); !ok {
+		return U // for non-interface types,
+	}
+
+	terms, err := _NormalTerms(U)
+	if len(terms) == 0 || err != nil {
+		// len(terms) -> empty type set of interface.
+		// err != nil => U is invalid, exceeds complexity bounds, or has an empty type set.
+		return nil // no core type.
+	}
+
+	U = terms[0].Type().Underlying()
+	var identical int // i in [0,identical) => Identical(U, terms[i].Type().Underlying())
+	for identical = 1; identical < len(terms); identical++ {
+		if !types.Identical(U, terms[identical].Type().Underlying()) {
+			break
+		}
+	}
+
+	if identical == len(terms) {
+		// https://go.dev/ref/spec#Core_types
+		// "There is a single type U which is the underlying type of all types in the type set of T"
+		return U
+	}
+	ch, ok := U.(*types.Chan)
+	if !ok {
+		return nil // no core type as identical < len(terms) and U is not a channel.
+	}
+	// https://go.dev/ref/spec#Core_types
+	// "the type chan E if T contains only bidirectional channels, or the type chan<- E or
+	// <-chan E depending on the direction of the directional channels present."
+	for chans := identical; chans < len(terms); chans++ {
+		curr, ok := terms[chans].Type().Underlying().(*types.Chan)
+		if !ok {
+			return nil
+		}
+		if !types.Identical(ch.Elem(), curr.Elem()) {
+			return nil // channel elements are not identical.
+		}
+		if ch.Dir() == types.SendRecv {
+			// ch is bidirectional. We can safely always use curr's direction.
+			ch = curr
+		} else if curr.Dir() != types.SendRecv && ch.Dir() != curr.Dir() {
+			// ch and curr are not bidirectional and not the same direction.
+			return nil
+		}
+	}
+	return ch
+}
+
+// _NormalTerms returns a slice of terms representing the normalized structural
+// type restrictions of a type, if any.
+//
+// For all types other than *types.TypeParam, *types.Interface, and
+// *types.Union, this is just a single term with Tilde() == false and
+// Type() == typ. For *types.TypeParam, *types.Interface, and *types.Union, see
+// below.
+//
+// Structural type restrictions of a type parameter are created via
+// non-interface types embedded in its constraint interface (directly, or via a
+// chain of interface embeddings). For example, in the declaration type
+// T[P interface{~int; m()}] int the structural restriction of the type
+// parameter P is ~int.
+//
+// With interface embedding and unions, the specification of structural type
+// restrictions may be arbitrarily complex. For example, consider the
+// following:
+//
+//  type A interface{ ~string|~[]byte }
+//
+//  type B interface{ int|string }
+//
+//  type C interface { ~string|~int }
+//
+//  type T[P interface{ A|B; C }] int
+//
+// In this example, the structural type restriction of P is ~string|int: A|B
+// expands to ~string|~[]byte|int|string, which reduces to ~string|~[]byte|int,
+// which when intersected with C (~string|~int) yields ~string|int.
+//
+// _NormalTerms computes these expansions and reductions, producing a
+// "normalized" form of the embeddings. A structural restriction is normalized
+// if it is a single union containing no interface terms, and is minimal in the
+// sense that removing any term changes the set of types satisfying the
+// constraint. It is left as a proof for the reader that, modulo sorting, there
+// is exactly one such normalized form.
+//
+// Because the minimal representation always takes this form, _NormalTerms
+// returns a slice of tilde terms corresponding to the terms of the union in
+// the normalized structural restriction. An error is returned if the type is
+// invalid, exceeds complexity bounds, or has an empty type set. In the latter
+// case, _NormalTerms returns ErrEmptyTypeSet.
+//
+// _NormalTerms makes no guarantees about the order of terms, except that it
+// is deterministic.
+func _NormalTerms(typ types.Type) ([]*Term, error) {
+	switch typ := typ.(type) {
+	case *TypeParam:
+		return StructuralTerms(typ)
+	case *Union:
+		return UnionTermSet(typ)
+	case *types.Interface:
+		return InterfaceTermSet(typ)
+	default:
+		return []*Term{NewTerm(false, typ)}, nil
+	}
+}
diff --git a/vendor/golang.org/x/tools/internal/typeparams/normalize.go b/vendor/golang.org/x/tools/internal/typeparams/normalize.go
index 090f142a5..9c631b651 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/normalize.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/normalize.go
@@ -24,20 +24,22 @@ var ErrEmptyTypeSet = errors.New("empty type set")
 // Structural type restrictions of a type parameter are created via
 // non-interface types embedded in its constraint interface (directly, or via a
 // chain of interface embeddings). For example, in the declaration
-//  type T[P interface{~int; m()}] int
+//
+//	type T[P interface{~int; m()}] int
+//
 // the structural restriction of the type parameter P is ~int.
 //
 // With interface embedding and unions, the specification of structural type
 // restrictions may be arbitrarily complex. For example, consider the
 // following:
 //
-//  type A interface{ ~string|~[]byte }
+//	type A interface{ ~string|~[]byte }
 //
-//  type B interface{ int|string }
+//	type B interface{ int|string }
 //
-//  type C interface { ~string|~int }
+//	type C interface { ~string|~int }
 //
-//  type T[P interface{ A|B; C }] int
+//	type T[P interface{ A|B; C }] int
 //
 // In this example, the structural type restriction of P is ~string|int: A|B
 // expands to ~string|~[]byte|int|string, which reduces to ~string|~[]byte|int,
diff --git a/vendor/golang.org/x/tools/internal/typeparams/termlist.go b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
index 10857d504..933106a23 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/termlist.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
@@ -97,15 +97,6 @@ func (xl termlist) norm() termlist {
 	return rl
 }
 
-// If the type set represented by xl is specified by a single (non-�) term,
-// structuralType returns that type. Otherwise it returns nil.
-func (xl termlist) structuralType() types.Type {
-	if nl := xl.norm(); len(nl) == 1 {
-		return nl[0].typ // if nl.isAll() then typ is nil, which is ok
-	}
-	return nil
-}
-
 // union returns the union xl ∪ yl.
 func (xl termlist) union(yl termlist) termlist {
 	return append(xl, yl...).norm()
diff --git a/vendor/google.golang.org/grpc/balancer/base/balancer.go b/vendor/google.golang.org/grpc/balancer/base/balancer.go
index a67074a3a..e8dfc828a 100644
--- a/vendor/google.golang.org/grpc/balancer/base/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/base/balancer.go
@@ -45,6 +45,7 @@ func (bb *baseBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions)
 		scStates: make(map[balancer.SubConn]connectivity.State),
 		csEvltr:  &balancer.ConnectivityStateEvaluator{},
 		config:   bb.config,
+		state:    connectivity.Connecting,
 	}
 	// Initialize picker to a picker that always returns
 	// ErrNoSubConnAvailable, because when state of a SubConn changes, we
@@ -134,6 +135,9 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
 		b.ResolverError(errors.New("produced zero addresses"))
 		return balancer.ErrBadResolverState
 	}
+
+	b.regeneratePicker()
+	b.cc.UpdateState(balancer.State{ConnectivityState: b.state, Picker: b.picker})
 	return nil
 }
 
diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go
index de6d41c23..0d21f2210 100644
--- a/vendor/google.golang.org/grpc/clientconn.go
+++ b/vendor/google.golang.org/grpc/clientconn.go
@@ -146,6 +146,10 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{nil})
 	cc.ctx, cc.cancel = context.WithCancel(context.Background())
 
+	for _, opt := range extraDialOptions {
+		opt.apply(&cc.dopts)
+	}
+
 	for _, opt := range opts {
 		opt.apply(&cc.dopts)
 	}
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
index f2f605a17..75d01ba77 100644
--- a/vendor/google.golang.org/grpc/dialoptions.go
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -35,6 +35,15 @@ import (
 	"google.golang.org/grpc/stats"
 )
 
+func init() {
+	internal.AddExtraDialOptions = func(opt ...DialOption) {
+		extraDialOptions = append(extraDialOptions, opt...)
+	}
+	internal.ClearExtraDialOptions = func() {
+		extraDialOptions = nil
+	}
+}
+
 // dialOptions configure a Dial call. dialOptions are set by the DialOption
 // values passed to Dial.
 type dialOptions struct {
@@ -70,6 +79,8 @@ type DialOption interface {
 	apply(*dialOptions)
 }
 
+var extraDialOptions []DialOption
+
 // EmptyDialOption does not alter the dial configuration. It can be embedded in
 // another structure to build custom dial options.
 //
@@ -380,7 +391,7 @@ func WithDialer(f func(string, time.Duration) (net.Conn, error)) DialOption {
 // all the RPCs and underlying network connections in this ClientConn.
 func WithStatsHandler(h stats.Handler) DialOption {
 	return newFuncDialOption(func(o *dialOptions) {
-		o.copts.StatsHandler = h
+		o.copts.StatsHandlers = append(o.copts.StatsHandlers, h)
 	})
 }
 
diff --git a/vendor/google.golang.org/grpc/go.mod b/vendor/google.golang.org/grpc/go.mod
deleted file mode 100644
index 6a760ed74..000000000
--- a/vendor/google.golang.org/grpc/go.mod
+++ /dev/null
@@ -1,19 +0,0 @@
-module google.golang.org/grpc
-
-go 1.14
-
-require (
-	github.com/cespare/xxhash/v2 v2.1.1
-	github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4
-	github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1
-	github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1
-	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
-	github.com/golang/protobuf v1.5.2
-	github.com/google/go-cmp v0.5.6
-	github.com/google/uuid v1.1.2
-	golang.org/x/net v0.0.0-20201021035429-f5854403a974
-	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
-	golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4
-	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013
-	google.golang.org/protobuf v1.27.1
-)
diff --git a/vendor/google.golang.org/grpc/go.sum b/vendor/google.golang.org/grpc/go.sum
deleted file mode 100644
index 5f418dba1..000000000
--- a/vendor/google.golang.org/grpc/go.sum
+++ /dev/null
@@ -1,141 +0,0 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0 h1:eOI3/cP2VTU6uZLDYAoic+eyzzB9YyGmJ7eIjl8rOPg=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 h1:hzAQntlaYRkVSFEfj9OTWlVV1H155FMD8BTKktLv0QI=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 h1:zH8ljVhhq7yC0MIeUL/IviMtY8hx2mK8cN9wEYb8ggw=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 h1:xvqufLtNVwAhN8NMyWklVgxnWohi+wtMGQMhtxexlm0=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
-github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
index 7ba8f4d18..08666f62a 100644
--- a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
+++ b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
@@ -193,6 +193,8 @@ func (gsb *Balancer) ExitIdle() {
 		ei.ExitIdle()
 		return
 	}
+	gsb.mu.Lock()
+	defer gsb.mu.Unlock()
 	for sc := range balToUpdate.subconns {
 		sc.Connect()
 	}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go b/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
index 0a25ce43f..e3dfe204f 100644
--- a/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
+++ b/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
@@ -42,14 +42,14 @@ var binLogger Logger
 
 var grpclogLogger = grpclog.Component("binarylog")
 
-// SetLogger sets the binarg logger.
+// SetLogger sets the binary logger.
 //
 // Only call this at init time.
 func SetLogger(l Logger) {
 	binLogger = l
 }
 
-// GetLogger gets the binarg logger.
+// GetLogger gets the binary logger.
 //
 // Only call this at init time.
 func GetLogger() Logger {
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
index 7d996e51b..55aaeea8b 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
@@ -77,7 +77,7 @@ var (
 	// environment variable
 	// "GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER" to
 	// "true".
-	XDSAggregateAndDNS = strings.EqualFold(os.Getenv(aggregateAndDNSSupportEnv), "true")
+	XDSAggregateAndDNS = !strings.EqualFold(os.Getenv(aggregateAndDNSSupportEnv), "false")
 
 	// XDSRBAC indicates whether xDS configured RBAC HTTP Filter is enabled,
 	// which can be disabled by setting the environment variable
diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go
index 6d355b0b0..83018be7c 100644
--- a/vendor/google.golang.org/grpc/internal/internal.go
+++ b/vendor/google.golang.org/grpc/internal/internal.go
@@ -63,6 +63,76 @@ var (
 	// xDS-enabled server invokes this method on a grpc.Server when a particular
 	// listener moves to "not-serving" mode.
 	DrainServerTransports interface{} // func(*grpc.Server, string)
+	// AddExtraServerOptions adds an array of ServerOption that will be
+	// effective globally for newly created servers. The priority will be: 1.
+	// user-provided; 2. this method; 3. default values.
+	AddExtraServerOptions interface{} // func(opt ...ServerOption)
+	// ClearExtraServerOptions clears the array of extra ServerOption. This
+	// method is useful in testing and benchmarking.
+	ClearExtraServerOptions func()
+	// AddExtraDialOptions adds an array of DialOption that will be effective
+	// globally for newly created client channels. The priority will be: 1.
+	// user-provided; 2. this method; 3. default values.
+	AddExtraDialOptions interface{} // func(opt ...DialOption)
+	// ClearExtraDialOptions clears the array of extra DialOption. This
+	// method is useful in testing and benchmarking.
+	ClearExtraDialOptions func()
+
+	// NewXDSResolverWithConfigForTesting creates a new xds resolver builder using
+	// the provided xds bootstrap config instead of the global configuration from
+	// the supported environment variables.  The resolver.Builder is meant to be
+	// used in conjunction with the grpc.WithResolvers DialOption.
+	//
+	// Testing Only
+	//
+	// This function should ONLY be used for testing and may not work with some
+	// other features, including the CSDS service.
+	NewXDSResolverWithConfigForTesting interface{} // func([]byte) (resolver.Builder, error)
+
+	// RegisterRLSClusterSpecifierPluginForTesting registers the RLS Cluster
+	// Specifier Plugin for testing purposes, regardless of the XDSRLS environment
+	// variable.
+	//
+	// TODO: Remove this function once the RLS env var is removed.
+	RegisterRLSClusterSpecifierPluginForTesting func()
+
+	// UnregisterRLSClusterSpecifierPluginForTesting unregisters the RLS Cluster
+	// Specifier Plugin for testing purposes. This is needed because there is no way
+	// to unregister the RLS Cluster Specifier Plugin after registering it solely
+	// for testing purposes using RegisterRLSClusterSpecifierPluginForTesting().
+	//
+	// TODO: Remove this function once the RLS env var is removed.
+	UnregisterRLSClusterSpecifierPluginForTesting func()
+
+	// RegisterRBACHTTPFilterForTesting registers the RBAC HTTP Filter for testing
+	// purposes, regardless of the RBAC environment variable.
+	//
+	// TODO: Remove this function once the RBAC env var is removed.
+	RegisterRBACHTTPFilterForTesting func()
+
+	// UnregisterRBACHTTPFilterForTesting unregisters the RBAC HTTP Filter for
+	// testing purposes. This is needed because there is no way to unregister the
+	// HTTP Filter after registering it solely for testing purposes using
+	// RegisterRBACHTTPFilterForTesting().
+	//
+	// TODO: Remove this function once the RBAC env var is removed.
+	UnregisterRBACHTTPFilterForTesting func()
+
+	// RegisterOutlierDetectionBalancerForTesting registers the Outlier
+	// Detection Balancer for testing purposes, regardless of the Outlier
+	// Detection environment variable.
+	//
+	// TODO: Remove this function once the Outlier Detection env var is removed.
+	RegisterOutlierDetectionBalancerForTesting func()
+
+	// UnregisterOutlierDetectionBalancerForTesting unregisters the Outlier
+	// Detection Balancer for testing purposes. This is needed because there is
+	// no way to unregister the Outlier Detection Balancer after registering it
+	// solely for testing purposes using
+	// RegisterOutlierDetectionBalancerForTesting().
+	//
+	// TODO: Remove this function once the Outlier Detection env var is removed.
+	UnregisterOutlierDetectionBalancerForTesting func()
 )
 
 // HealthChecker defines the signature of the client-side LB channel health checking function.
diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
index 1c3459c2b..090120925 100644
--- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -49,7 +49,7 @@ import (
 // NewServerHandlerTransport returns a ServerTransport handling gRPC
 // from inside an http.Handler. It requires that the http Server
 // supports HTTP/2.
-func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats stats.Handler) (ServerTransport, error) {
+func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats []stats.Handler) (ServerTransport, error) {
 	if r.ProtoMajor != 2 {
 		return nil, errors.New("gRPC requires HTTP/2")
 	}
@@ -138,7 +138,7 @@ type serverHandlerTransport struct {
 	// TODO make sure this is consistent across handler_server and http2_server
 	contentSubtype string
 
-	stats stats.Handler
+	stats []stats.Handler
 }
 
 func (ht *serverHandlerTransport) Close() {
@@ -228,10 +228,10 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 	})
 
 	if err == nil { // transport has not been closed
-		if ht.stats != nil {
-			// Note: The trailer fields are compressed with hpack after this call returns.
-			// No WireLength field is set here.
-			ht.stats.HandleRPC(s.Context(), &stats.OutTrailer{
+		// Note: The trailer fields are compressed with hpack after this call returns.
+		// No WireLength field is set here.
+		for _, sh := range ht.stats {
+			sh.HandleRPC(s.Context(), &stats.OutTrailer{
 				Trailer: s.trailer.Copy(),
 			})
 		}
@@ -314,10 +314,10 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error {
 	})
 
 	if err == nil {
-		if ht.stats != nil {
+		for _, sh := range ht.stats {
 			// Note: The header fields are compressed with hpack after this call returns.
 			// No WireLength field is set here.
-			ht.stats.HandleRPC(s.Context(), &stats.OutHeader{
+			sh.HandleRPC(s.Context(), &stats.OutHeader{
 				Header:      md.Copy(),
 				Compression: s.sendCompress,
 			})
@@ -369,14 +369,14 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), trace
 	}
 	ctx = metadata.NewIncomingContext(ctx, ht.headerMD)
 	s.ctx = peer.NewContext(ctx, pr)
-	if ht.stats != nil {
-		s.ctx = ht.stats.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
+	for _, sh := range ht.stats {
+		s.ctx = sh.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
 		inHeader := &stats.InHeader{
 			FullMethod:  s.method,
 			RemoteAddr:  ht.RemoteAddr(),
 			Compression: s.recvCompress,
 		}
-		ht.stats.HandleRPC(s.ctx, inHeader)
+		sh.HandleRPC(s.ctx, inHeader)
 	}
 	s.trReader = &transportReader{
 		reader:        &recvBufferReader{ctx: s.ctx, ctxDone: s.ctx.Done(), recv: s.buf, freeBuffer: func(*bytes.Buffer) {}},
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index 24ca59084..be371c6e0 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -90,7 +90,7 @@ type http2Client struct {
 	kp               keepalive.ClientParameters
 	keepaliveEnabled bool
 
-	statsHandler stats.Handler
+	statsHandlers []stats.Handler
 
 	initialWindowSize int32
 
@@ -311,7 +311,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		isSecure:              isSecure,
 		perRPCCreds:           perRPCCreds,
 		kp:                    kp,
-		statsHandler:          opts.StatsHandler,
+		statsHandlers:         opts.StatsHandlers,
 		initialWindowSize:     initialWindowSize,
 		onPrefaceReceipt:      onPrefaceReceipt,
 		nextID:                1,
@@ -341,15 +341,15 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 			updateFlowControl: t.updateFlowControl,
 		}
 	}
-	if t.statsHandler != nil {
-		t.ctx = t.statsHandler.TagConn(t.ctx, &stats.ConnTagInfo{
+	for _, sh := range t.statsHandlers {
+		t.ctx = sh.TagConn(t.ctx, &stats.ConnTagInfo{
 			RemoteAddr: t.remoteAddr,
 			LocalAddr:  t.localAddr,
 		})
 		connBegin := &stats.ConnBegin{
 			Client: true,
 		}
-		t.statsHandler.HandleConn(t.ctx, connBegin)
+		sh.HandleConn(t.ctx, connBegin)
 	}
 	t.channelzID, err = channelz.RegisterNormalSocket(t, opts.ChannelzParentID, fmt.Sprintf("%s -> %s", t.localAddr, t.remoteAddr))
 	if err != nil {
@@ -773,24 +773,27 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 			return nil, &NewStreamError{Err: ErrConnClosing, AllowTransparentRetry: true}
 		}
 	}
-	if t.statsHandler != nil {
+	if len(t.statsHandlers) != 0 {
 		header, ok := metadata.FromOutgoingContext(ctx)
 		if ok {
 			header.Set("user-agent", t.userAgent)
 		} else {
 			header = metadata.Pairs("user-agent", t.userAgent)
 		}
-		// Note: The header fields are compressed with hpack after this call returns.
-		// No WireLength field is set here.
-		outHeader := &stats.OutHeader{
-			Client:      true,
-			FullMethod:  callHdr.Method,
-			RemoteAddr:  t.remoteAddr,
-			LocalAddr:   t.localAddr,
-			Compression: callHdr.SendCompress,
-			Header:      header,
+		for _, sh := range t.statsHandlers {
+			// Note: The header fields are compressed with hpack after this call returns.
+			// No WireLength field is set here.
+			// Note: Creating a new stats object to prevent pollution.
+			outHeader := &stats.OutHeader{
+				Client:      true,
+				FullMethod:  callHdr.Method,
+				RemoteAddr:  t.remoteAddr,
+				LocalAddr:   t.localAddr,
+				Compression: callHdr.SendCompress,
+				Header:      header,
+			}
+			sh.HandleRPC(s.ctx, outHeader)
 		}
-		t.statsHandler.HandleRPC(s.ctx, outHeader)
 	}
 	return s, nil
 }
@@ -916,11 +919,11 @@ func (t *http2Client) Close(err error) {
 	for _, s := range streams {
 		t.closeStream(s, err, false, http2.ErrCodeNo, st, nil, false)
 	}
-	if t.statsHandler != nil {
+	for _, sh := range t.statsHandlers {
 		connEnd := &stats.ConnEnd{
 			Client: true,
 		}
-		t.statsHandler.HandleConn(t.ctx, connEnd)
+		sh.HandleConn(t.ctx, connEnd)
 	}
 }
 
@@ -1432,7 +1435,7 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		close(s.headerChan)
 	}
 
-	if t.statsHandler != nil {
+	for _, sh := range t.statsHandlers {
 		if isHeader {
 			inHeader := &stats.InHeader{
 				Client:      true,
@@ -1440,14 +1443,14 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 				Header:      metadata.MD(mdata).Copy(),
 				Compression: s.recvCompress,
 			}
-			t.statsHandler.HandleRPC(s.ctx, inHeader)
+			sh.HandleRPC(s.ctx, inHeader)
 		} else {
 			inTrailer := &stats.InTrailer{
 				Client:     true,
 				WireLength: int(frame.Header().Length),
 				Trailer:    metadata.MD(mdata).Copy(),
 			}
-			t.statsHandler.HandleRPC(s.ctx, inTrailer)
+			sh.HandleRPC(s.ctx, inTrailer)
 		}
 	}
 
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index 45d7bd145..2b0fde334 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -82,7 +82,7 @@ type http2Server struct {
 	// updates, reset streams, and various settings) to the controller.
 	controlBuf *controlBuffer
 	fc         *trInFlow
-	stats      stats.Handler
+	stats      []stats.Handler
 	// Keepalive and max-age parameters for the server.
 	kp keepalive.ServerParameters
 	// Keepalive enforcement policy.
@@ -257,7 +257,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 		fc:                &trInFlow{limit: uint32(icwz)},
 		state:             reachable,
 		activeStreams:     make(map[uint32]*Stream),
-		stats:             config.StatsHandler,
+		stats:             config.StatsHandlers,
 		kp:                kp,
 		idle:              time.Now(),
 		kep:               kep,
@@ -272,13 +272,13 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 			updateFlowControl: t.updateFlowControl,
 		}
 	}
-	if t.stats != nil {
-		t.ctx = t.stats.TagConn(t.ctx, &stats.ConnTagInfo{
+	for _, sh := range t.stats {
+		t.ctx = sh.TagConn(t.ctx, &stats.ConnTagInfo{
 			RemoteAddr: t.remoteAddr,
 			LocalAddr:  t.localAddr,
 		})
 		connBegin := &stats.ConnBegin{}
-		t.stats.HandleConn(t.ctx, connBegin)
+		sh.HandleConn(t.ctx, connBegin)
 	}
 	t.channelzID, err = channelz.RegisterNormalSocket(t, config.ChannelzParentID, fmt.Sprintf("%s -> %s", t.remoteAddr, t.localAddr))
 	if err != nil {
@@ -570,8 +570,8 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 		t.adjustWindow(s, uint32(n))
 	}
 	s.ctx = traceCtx(s.ctx, s.method)
-	if t.stats != nil {
-		s.ctx = t.stats.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
+	for _, sh := range t.stats {
+		s.ctx = sh.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
 		inHeader := &stats.InHeader{
 			FullMethod:  s.method,
 			RemoteAddr:  t.remoteAddr,
@@ -580,7 +580,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 			WireLength:  int(frame.Header().Length),
 			Header:      metadata.MD(mdata).Copy(),
 		}
-		t.stats.HandleRPC(s.ctx, inHeader)
+		sh.HandleRPC(s.ctx, inHeader)
 	}
 	s.ctxDone = s.ctx.Done()
 	s.wq = newWriteQuota(defaultWriteQuota, s.ctxDone)
@@ -996,14 +996,14 @@ func (t *http2Server) writeHeaderLocked(s *Stream) error {
 		t.closeStream(s, true, http2.ErrCodeInternal, false)
 		return ErrHeaderListSizeLimitViolation
 	}
-	if t.stats != nil {
+	for _, sh := range t.stats {
 		// Note: Headers are compressed with hpack after this call returns.
 		// No WireLength field is set here.
 		outHeader := &stats.OutHeader{
 			Header:      s.header.Copy(),
 			Compression: s.sendCompress,
 		}
-		t.stats.HandleRPC(s.Context(), outHeader)
+		sh.HandleRPC(s.Context(), outHeader)
 	}
 	return nil
 }
@@ -1064,10 +1064,10 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
 	// Send a RST_STREAM after the trailers if the client has not already half-closed.
 	rst := s.getState() == streamActive
 	t.finishStream(s, rst, http2.ErrCodeNo, trailingHeader, true)
-	if t.stats != nil {
+	for _, sh := range t.stats {
 		// Note: The trailer fields are compressed with hpack after this call returns.
 		// No WireLength field is set here.
-		t.stats.HandleRPC(s.Context(), &stats.OutTrailer{
+		sh.HandleRPC(s.Context(), &stats.OutTrailer{
 			Trailer: s.trailer.Copy(),
 		})
 	}
@@ -1222,9 +1222,9 @@ func (t *http2Server) Close() {
 	for _, s := range streams {
 		s.cancel()
 	}
-	if t.stats != nil {
+	for _, sh := range t.stats {
 		connEnd := &stats.ConnEnd{}
-		t.stats.HandleConn(t.ctx, connEnd)
+		sh.HandleConn(t.ctx, connEnd)
 	}
 }
 
diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go
index d8247bcdf..b77513068 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http_util.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -322,8 +322,6 @@ type bufWriter struct {
 	batchSize int
 	conn      net.Conn
 	err       error
-
-	onFlush func()
 }
 
 func newBufWriter(conn net.Conn, batchSize int) *bufWriter {
@@ -360,9 +358,6 @@ func (w *bufWriter) Flush() error {
 	if w.offset == 0 {
 		return nil
 	}
-	if w.onFlush != nil {
-		w.onFlush()
-	}
 	_, w.err = w.conn.Write(w.buf[:w.offset])
 	w.offset = 0
 	return w.err
diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go
index a9ce717f1..6c3ba8515 100644
--- a/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -523,7 +523,7 @@ type ServerConfig struct {
 	ConnectionTimeout     time.Duration
 	Credentials           credentials.TransportCredentials
 	InTapHandle           tap.ServerInHandle
-	StatsHandler          stats.Handler
+	StatsHandlers         []stats.Handler
 	KeepaliveParams       keepalive.ServerParameters
 	KeepalivePolicy       keepalive.EnforcementPolicy
 	InitialWindowSize     int32
@@ -553,8 +553,8 @@ type ConnectOptions struct {
 	CredsBundle credentials.Bundle
 	// KeepaliveParams stores the keepalive parameters.
 	KeepaliveParams keepalive.ClientParameters
-	// StatsHandler stores the handler for stats.
-	StatsHandler stats.Handler
+	// StatsHandlers stores the handler for stats.
+	StatsHandlers []stats.Handler
 	// InitialWindowSize sets the initial window size for a stream.
 	InitialWindowSize int32
 	// InitialConnWindowSize sets the initial window size for a connection.
diff --git a/vendor/google.golang.org/grpc/regenerate.sh b/vendor/google.golang.org/grpc/regenerate.sh
index 978b89f37..99db79faf 100644
--- a/vendor/google.golang.org/grpc/regenerate.sh
+++ b/vendor/google.golang.org/grpc/regenerate.sh
@@ -68,7 +68,6 @@ SOURCES=(
   ${WORKDIR}/grpc-proto/grpc/gcp/transport_security_common.proto
   ${WORKDIR}/grpc-proto/grpc/lookup/v1/rls.proto
   ${WORKDIR}/grpc-proto/grpc/lookup/v1/rls_config.proto
-  ${WORKDIR}/grpc-proto/grpc/service_config/service_config.proto
   ${WORKDIR}/grpc-proto/grpc/testing/*.proto
   ${WORKDIR}/grpc-proto/grpc/core/*.proto
 )
@@ -80,8 +79,7 @@ SOURCES=(
 # Note that the protos listed here are all for testing purposes. All protos to
 # be used externally should have a go_package option (and they don't need to be
 # listed here).
-OPTS=Mgrpc/service_config/service_config.proto=/internal/proto/grpc_service_config,\
-Mgrpc/core/stats.proto=google.golang.org/grpc/interop/grpc_testing/core,\
+OPTS=Mgrpc/core/stats.proto=google.golang.org/grpc/interop/grpc_testing/core,\
 Mgrpc/testing/benchmark_service.proto=google.golang.org/grpc/interop/grpc_testing,\
 Mgrpc/testing/stats.proto=google.golang.org/grpc/interop/grpc_testing,\
 Mgrpc/testing/report_qps_scenario_service.proto=google.golang.org/grpc/interop/grpc_testing,\
@@ -121,9 +119,6 @@ mv ${WORKDIR}/out/google.golang.org/grpc/lookup/grpc_lookup_v1/* ${WORKDIR}/out/
 # see grpc_testing_not_regenerate/README.md for details.
 rm ${WORKDIR}/out/google.golang.org/grpc/reflection/grpc_testing_not_regenerate/*.pb.go
 
-# grpc/service_config/service_config.proto does not have a go_package option.
-mv ${WORKDIR}/out/grpc/service_config/service_config.pb.go internal/proto/grpc_service_config
-
 # grpc/testing does not have a go_package option.
 mv ${WORKDIR}/out/grpc/testing/*.pb.go interop/grpc_testing/
 mv ${WORKDIR}/out/grpc/core/*.pb.go interop/grpc_testing/core/
diff --git a/vendor/google.golang.org/grpc/resolver/map.go b/vendor/google.golang.org/grpc/resolver/map.go
index e87ecd0ee..efcb7f3ef 100644
--- a/vendor/google.golang.org/grpc/resolver/map.go
+++ b/vendor/google.golang.org/grpc/resolver/map.go
@@ -28,25 +28,40 @@ type addressMapEntry struct {
 // Multiple accesses may not be performed concurrently.  Must be created via
 // NewAddressMap; do not construct directly.
 type AddressMap struct {
-	m map[string]addressMapEntryList
+	// The underlying map is keyed by an Address with fields that we don't care
+	// about being set to their zero values. The only fields that we care about
+	// are `Addr`, `ServerName` and `Attributes`. Since we need to be able to
+	// distinguish between addresses with same `Addr` and `ServerName`, but
+	// different `Attributes`, we cannot store the `Attributes` in the map key.
+	//
+	// The comparison operation for structs work as follows:
+	//  Struct values are comparable if all their fields are comparable. Two
+	//  struct values are equal if their corresponding non-blank fields are equal.
+	//
+	// The value type of the map contains a slice of addresses which match the key
+	// in their `Addr` and `ServerName` fields and contain the corresponding value
+	// associated with them.
+	m map[Address]addressMapEntryList
+}
+
+func toMapKey(addr *Address) Address {
+	return Address{Addr: addr.Addr, ServerName: addr.ServerName}
 }
 
 type addressMapEntryList []*addressMapEntry
 
 // NewAddressMap creates a new AddressMap.
 func NewAddressMap() *AddressMap {
-	return &AddressMap{m: make(map[string]addressMapEntryList)}
+	return &AddressMap{m: make(map[Address]addressMapEntryList)}
 }
 
 // find returns the index of addr in the addressMapEntry slice, or -1 if not
 // present.
 func (l addressMapEntryList) find(addr Address) int {
-	if len(l) == 0 {
-		return -1
-	}
 	for i, entry := range l {
-		if entry.addr.ServerName == addr.ServerName &&
-			entry.addr.Attributes.Equal(addr.Attributes) {
+		// Attributes are the only thing to match on here, since `Addr` and
+		// `ServerName` are already equal.
+		if entry.addr.Attributes.Equal(addr.Attributes) {
 			return i
 		}
 	}
@@ -55,7 +70,8 @@ func (l addressMapEntryList) find(addr Address) int {
 
 // Get returns the value for the address in the map, if present.
 func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
-	entryList := a.m[addr.Addr]
+	addrKey := toMapKey(&addr)
+	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
 		return entryList[entry].value, true
 	}
@@ -64,17 +80,19 @@ func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
 
 // Set updates or adds the value to the address in the map.
 func (a *AddressMap) Set(addr Address, value interface{}) {
-	entryList := a.m[addr.Addr]
+	addrKey := toMapKey(&addr)
+	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
-		a.m[addr.Addr][entry].value = value
+		entryList[entry].value = value
 		return
 	}
-	a.m[addr.Addr] = append(a.m[addr.Addr], &addressMapEntry{addr: addr, value: value})
+	a.m[addrKey] = append(entryList, &addressMapEntry{addr: addr, value: value})
 }
 
 // Delete removes addr from the map.
 func (a *AddressMap) Delete(addr Address) {
-	entryList := a.m[addr.Addr]
+	addrKey := toMapKey(&addr)
+	entryList := a.m[addrKey]
 	entry := entryList.find(addr)
 	if entry == -1 {
 		return
@@ -85,7 +103,7 @@ func (a *AddressMap) Delete(addr Address) {
 		copy(entryList[entry:], entryList[entry+1:])
 		entryList = entryList[:len(entryList)-1]
 	}
-	a.m[addr.Addr] = entryList
+	a.m[addrKey] = entryList
 }
 
 // Len returns the number of entries in the map.
@@ -107,3 +125,14 @@ func (a *AddressMap) Keys() []Address {
 	}
 	return ret
 }
+
+// Values returns a slice of all current map values.
+func (a *AddressMap) Values() []interface{} {
+	ret := make([]interface{}, 0, a.Len())
+	for _, entryList := range a.m {
+		for _, entry := range entryList {
+			ret = append(ret, entry.value)
+		}
+	}
+	return ret
+}
diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go
index 65de84b30..b54f5bb57 100644
--- a/vendor/google.golang.org/grpc/server.go
+++ b/vendor/google.golang.org/grpc/server.go
@@ -73,6 +73,12 @@ func init() {
 	internal.DrainServerTransports = func(srv *Server, addr string) {
 		srv.drainServerTransports(addr)
 	}
+	internal.AddExtraServerOptions = func(opt ...ServerOption) {
+		extraServerOptions = opt
+	}
+	internal.ClearExtraServerOptions = func() {
+		extraServerOptions = nil
+	}
 }
 
 var statusOK = status.New(codes.OK, "")
@@ -150,7 +156,7 @@ type serverOptions struct {
 	chainUnaryInts        []UnaryServerInterceptor
 	chainStreamInts       []StreamServerInterceptor
 	inTapHandle           tap.ServerInHandle
-	statsHandler          stats.Handler
+	statsHandlers         []stats.Handler
 	maxConcurrentStreams  uint32
 	maxReceiveMessageSize int
 	maxSendMessageSize    int
@@ -174,6 +180,7 @@ var defaultServerOptions = serverOptions{
 	writeBufferSize:       defaultWriteBufSize,
 	readBufferSize:        defaultReadBufSize,
 }
+var extraServerOptions []ServerOption
 
 // A ServerOption sets options such as credentials, codec and keepalive parameters, etc.
 type ServerOption interface {
@@ -435,7 +442,7 @@ func InTapHandle(h tap.ServerInHandle) ServerOption {
 // StatsHandler returns a ServerOption that sets the stats handler for the server.
 func StatsHandler(h stats.Handler) ServerOption {
 	return newFuncServerOption(func(o *serverOptions) {
-		o.statsHandler = h
+		o.statsHandlers = append(o.statsHandlers, h)
 	})
 }
 
@@ -560,6 +567,9 @@ func (s *Server) stopServerWorkers() {
 // started to accept requests yet.
 func NewServer(opt ...ServerOption) *Server {
 	opts := defaultServerOptions
+	for _, o := range extraServerOptions {
+		o.apply(&opts)
+	}
 	for _, o := range opt {
 		o.apply(&opts)
 	}
@@ -867,7 +877,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport {
 		ConnectionTimeout:     s.opts.connectionTimeout,
 		Credentials:           s.opts.creds,
 		InTapHandle:           s.opts.inTapHandle,
-		StatsHandler:          s.opts.statsHandler,
+		StatsHandlers:         s.opts.statsHandlers,
 		KeepaliveParams:       s.opts.keepaliveParams,
 		KeepalivePolicy:       s.opts.keepalivePolicy,
 		InitialWindowSize:     s.opts.initialWindowSize,
@@ -963,7 +973,7 @@ var _ http.Handler = (*Server)(nil)
 // Notice: This API is EXPERIMENTAL and may be changed or removed in a
 // later release.
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	st, err := transport.NewServerHandlerTransport(w, r, s.opts.statsHandler)
+	st, err := transport.NewServerHandlerTransport(w, r, s.opts.statsHandlers)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -1076,8 +1086,10 @@ func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Str
 		return status.Errorf(codes.ResourceExhausted, "grpc: trying to send message larger than max (%d vs. %d)", len(payload), s.opts.maxSendMessageSize)
 	}
 	err = t.Write(stream, hdr, payload, opts)
-	if err == nil && s.opts.statsHandler != nil {
-		s.opts.statsHandler.HandleRPC(stream.Context(), outPayload(false, msg, data, payload, time.Now()))
+	if err == nil {
+		for _, sh := range s.opts.statsHandlers {
+			sh.HandleRPC(stream.Context(), outPayload(false, msg, data, payload, time.Now()))
+		}
 	}
 	return err
 }
@@ -1124,13 +1136,13 @@ func chainUnaryInterceptors(interceptors []UnaryServerInterceptor) UnaryServerIn
 }
 
 func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) {
-	sh := s.opts.statsHandler
-	if sh != nil || trInfo != nil || channelz.IsOn() {
+	shs := s.opts.statsHandlers
+	if len(shs) != 0 || trInfo != nil || channelz.IsOn() {
 		if channelz.IsOn() {
 			s.incrCallsStarted()
 		}
 		var statsBegin *stats.Begin
-		if sh != nil {
+		for _, sh := range shs {
 			beginTime := time.Now()
 			statsBegin = &stats.Begin{
 				BeginTime:      beginTime,
@@ -1161,7 +1173,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				trInfo.tr.Finish()
 			}
 
-			if sh != nil {
+			for _, sh := range shs {
 				end := &stats.End{
 					BeginTime: statsBegin.BeginTime,
 					EndTime:   time.Now(),
@@ -1243,7 +1255,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	}
 
 	var payInfo *payloadInfo
-	if sh != nil || binlog != nil {
+	if len(shs) != 0 || binlog != nil {
 		payInfo = &payloadInfo{}
 	}
 	d, err := recvAndDecompress(&parser{r: stream}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp)
@@ -1260,7 +1272,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil {
 			return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err)
 		}
-		if sh != nil {
+		for _, sh := range shs {
 			sh.HandleRPC(stream.Context(), &stats.InPayload{
 				RecvTime:   time.Now(),
 				Payload:    v,
@@ -1418,16 +1430,18 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 	if channelz.IsOn() {
 		s.incrCallsStarted()
 	}
-	sh := s.opts.statsHandler
+	shs := s.opts.statsHandlers
 	var statsBegin *stats.Begin
-	if sh != nil {
+	if len(shs) != 0 {
 		beginTime := time.Now()
 		statsBegin = &stats.Begin{
 			BeginTime:      beginTime,
 			IsClientStream: sd.ClientStreams,
 			IsServerStream: sd.ServerStreams,
 		}
-		sh.HandleRPC(stream.Context(), statsBegin)
+		for _, sh := range shs {
+			sh.HandleRPC(stream.Context(), statsBegin)
+		}
 	}
 	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
 	ss := &serverStream{
@@ -1439,10 +1453,10 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 		maxReceiveMessageSize: s.opts.maxReceiveMessageSize,
 		maxSendMessageSize:    s.opts.maxSendMessageSize,
 		trInfo:                trInfo,
-		statsHandler:          sh,
+		statsHandler:          shs,
 	}
 
-	if sh != nil || trInfo != nil || channelz.IsOn() {
+	if len(shs) != 0 || trInfo != nil || channelz.IsOn() {
 		// See comment in processUnaryRPC on defers.
 		defer func() {
 			if trInfo != nil {
@@ -1456,7 +1470,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 				ss.mu.Unlock()
 			}
 
-			if sh != nil {
+			if len(shs) != 0 {
 				end := &stats.End{
 					BeginTime: statsBegin.BeginTime,
 					EndTime:   time.Now(),
@@ -1464,7 +1478,9 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 				if err != nil && err != io.EOF {
 					end.Error = toRPCErr(err)
 				}
-				sh.HandleRPC(stream.Context(), end)
+				for _, sh := range shs {
+					sh.HandleRPC(stream.Context(), end)
+				}
 			}
 
 			if channelz.IsOn() {
diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go
index 236fc17ec..6d82e0d7c 100644
--- a/vendor/google.golang.org/grpc/stream.go
+++ b/vendor/google.golang.org/grpc/stream.go
@@ -374,9 +374,9 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
 
 	ctx := newContextWithRPCInfo(cs.ctx, cs.callInfo.failFast, cs.callInfo.codec, cs.cp, cs.comp)
 	method := cs.callHdr.Method
-	sh := cs.cc.dopts.copts.StatsHandler
 	var beginTime time.Time
-	if sh != nil {
+	shs := cs.cc.dopts.copts.StatsHandlers
+	for _, sh := range shs {
 		ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: method, FailFast: cs.callInfo.failFast})
 		beginTime = time.Now()
 		begin := &stats.Begin{
@@ -414,12 +414,12 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
 	}
 
 	return &csAttempt{
-		ctx:          ctx,
-		beginTime:    beginTime,
-		cs:           cs,
-		dc:           cs.cc.dopts.dc,
-		statsHandler: sh,
-		trInfo:       trInfo,
+		ctx:           ctx,
+		beginTime:     beginTime,
+		cs:            cs,
+		dc:            cs.cc.dopts.dc,
+		statsHandlers: shs,
+		trInfo:        trInfo,
 	}, nil
 }
 
@@ -536,8 +536,8 @@ type csAttempt struct {
 	// and cleared when the finish method is called.
 	trInfo *traceInfo
 
-	statsHandler stats.Handler
-	beginTime    time.Time
+	statsHandlers []stats.Handler
+	beginTime     time.Time
 
 	// set for newStream errors that may be transparently retried
 	allowTransparentRetry bool
@@ -960,8 +960,8 @@ func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
 		}
 		return io.EOF
 	}
-	if a.statsHandler != nil {
-		a.statsHandler.HandleRPC(a.ctx, outPayload(true, m, data, payld, time.Now()))
+	for _, sh := range a.statsHandlers {
+		sh.HandleRPC(a.ctx, outPayload(true, m, data, payld, time.Now()))
 	}
 	if channelz.IsOn() {
 		a.t.IncrMsgSent()
@@ -971,7 +971,7 @@ func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
 
 func (a *csAttempt) recvMsg(m interface{}, payInfo *payloadInfo) (err error) {
 	cs := a.cs
-	if a.statsHandler != nil && payInfo == nil {
+	if len(a.statsHandlers) != 0 && payInfo == nil {
 		payInfo = &payloadInfo{}
 	}
 
@@ -1008,8 +1008,8 @@ func (a *csAttempt) recvMsg(m interface{}, payInfo *payloadInfo) (err error) {
 		}
 		a.mu.Unlock()
 	}
-	if a.statsHandler != nil {
-		a.statsHandler.HandleRPC(a.ctx, &stats.InPayload{
+	for _, sh := range a.statsHandlers {
+		sh.HandleRPC(a.ctx, &stats.InPayload{
 			Client:   true,
 			RecvTime: time.Now(),
 			Payload:  m,
@@ -1068,7 +1068,7 @@ func (a *csAttempt) finish(err error) {
 			ServerLoad:    balancerload.Parse(tr),
 		})
 	}
-	if a.statsHandler != nil {
+	for _, sh := range a.statsHandlers {
 		end := &stats.End{
 			Client:    true,
 			BeginTime: a.beginTime,
@@ -1076,7 +1076,7 @@ func (a *csAttempt) finish(err error) {
 			Trailer:   tr,
 			Error:     err,
 		}
-		a.statsHandler.HandleRPC(a.ctx, end)
+		sh.HandleRPC(a.ctx, end)
 	}
 	if a.trInfo != nil && a.trInfo.tr != nil {
 		if err == nil {
@@ -1445,7 +1445,7 @@ type serverStream struct {
 	maxSendMessageSize    int
 	trInfo                *traceInfo
 
-	statsHandler stats.Handler
+	statsHandler []stats.Handler
 
 	binlog binarylog.MethodLogger
 	// serverHeaderBinlogged indicates whether server header has been logged. It
@@ -1555,8 +1555,10 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 			Message: data,
 		})
 	}
-	if ss.statsHandler != nil {
-		ss.statsHandler.HandleRPC(ss.s.Context(), outPayload(false, m, data, payload, time.Now()))
+	if len(ss.statsHandler) != 0 {
+		for _, sh := range ss.statsHandler {
+			sh.HandleRPC(ss.s.Context(), outPayload(false, m, data, payload, time.Now()))
+		}
 	}
 	return nil
 }
@@ -1590,7 +1592,7 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 		}
 	}()
 	var payInfo *payloadInfo
-	if ss.statsHandler != nil || ss.binlog != nil {
+	if len(ss.statsHandler) != 0 || ss.binlog != nil {
 		payInfo = &payloadInfo{}
 	}
 	if err := recv(ss.p, ss.codec, ss.s, ss.dc, m, ss.maxReceiveMessageSize, payInfo, ss.decomp); err != nil {
@@ -1605,15 +1607,17 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 		}
 		return toRPCErr(err)
 	}
-	if ss.statsHandler != nil {
-		ss.statsHandler.HandleRPC(ss.s.Context(), &stats.InPayload{
-			RecvTime: time.Now(),
-			Payload:  m,
-			// TODO truncate large payload.
-			Data:       payInfo.uncompressedBytes,
-			WireLength: payInfo.wireLength + headerLen,
-			Length:     len(payInfo.uncompressedBytes),
-		})
+	if len(ss.statsHandler) != 0 {
+		for _, sh := range ss.statsHandler {
+			sh.HandleRPC(ss.s.Context(), &stats.InPayload{
+				RecvTime: time.Now(),
+				Payload:  m,
+				// TODO truncate large payload.
+				Data:       payInfo.uncompressedBytes,
+				WireLength: payInfo.wireLength + headerLen,
+				Length:     len(payInfo.uncompressedBytes),
+			})
+		}
 	}
 	if ss.binlog != nil {
 		ss.binlog.Log(&binarylog.ClientMessage{
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index 5bc03f9b3..0eb2998cb 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.47.0"
+const Version = "1.48.0"
diff --git a/vendor/gopkg.in/yaml.v2/go.mod b/vendor/gopkg.in/yaml.v2/go.mod
deleted file mode 100644
index 2cbb85aea..000000000
--- a/vendor/gopkg.in/yaml.v2/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module gopkg.in/yaml.v2
-
-go 1.15
-
-require gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405
diff --git a/vendor/gopkg.in/yaml.v3/go.mod b/vendor/gopkg.in/yaml.v3/go.mod
deleted file mode 100644
index f407ea321..000000000
--- a/vendor/gopkg.in/yaml.v3/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module "gopkg.in/yaml.v3"
-
-require (
-	"gopkg.in/check.v1" v0.0.0-20161208181325-20d25e280405
-)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index fe20ca942..1d2cb00f2 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,17 +1,20 @@
 # github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
+## explicit; go 1.16
 github.com/Azure/go-ansiterm
 github.com/Azure/go-ansiterm/winterm
 # github.com/BurntSushi/toml v1.2.0
-## explicit
+## explicit; go 1.16
 github.com/BurntSushi/toml
 github.com/BurntSushi/toml/internal
 # github.com/Microsoft/go-winio v0.5.2
+## explicit; go 1.13
 github.com/Microsoft/go-winio
 github.com/Microsoft/go-winio/backuptar
 github.com/Microsoft/go-winio/pkg/guid
 github.com/Microsoft/go-winio/pkg/security
 github.com/Microsoft/go-winio/vhd
-# github.com/Microsoft/hcsshim v0.9.3
+# github.com/Microsoft/hcsshim v0.9.4
+## explicit; go 1.13
 github.com/Microsoft/hcsshim
 github.com/Microsoft/hcsshim/computestorage
 github.com/Microsoft/hcsshim/internal/cow
@@ -35,49 +38,52 @@ github.com/Microsoft/hcsshim/internal/wclayer
 github.com/Microsoft/hcsshim/internal/winapi
 github.com/Microsoft/hcsshim/osversion
 # github.com/VividCortex/ewma v1.2.0
+## explicit; go 1.12
 github.com/VividCortex/ewma
 # github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
+## explicit
 github.com/acarl005/stripansi
-# github.com/beorn7/perks v1.0.1
-github.com/beorn7/perks/quantile
 # github.com/blang/semver v3.5.1+incompatible
+## explicit
 github.com/blang/semver
 # github.com/blang/semver/v4 v4.0.0
-## explicit
+## explicit; go 1.14
 github.com/blang/semver/v4
 # github.com/buger/goterm v1.0.4
-## explicit
+## explicit; go 1.15
 github.com/buger/goterm
-# github.com/cespare/xxhash/v2 v2.1.2
-github.com/cespare/xxhash/v2
 # github.com/checkpoint-restore/checkpointctl v0.0.0-20220321135231-33f4a66335f0
-## explicit
+## explicit; go 1.15
 github.com/checkpoint-restore/checkpointctl/lib
 # github.com/checkpoint-restore/go-criu/v5 v5.3.0
-## explicit
+## explicit; go 1.13
 github.com/checkpoint-restore/go-criu/v5
 github.com/checkpoint-restore/go-criu/v5/magic
 github.com/checkpoint-restore/go-criu/v5/rpc
 github.com/checkpoint-restore/go-criu/v5/stats
-# github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
+# github.com/chzyer/readline v1.5.1
+## explicit; go 1.15
 github.com/chzyer/readline
-# github.com/container-orchestrated-devices/container-device-interface v0.4.0
-## explicit
+# github.com/container-orchestrated-devices/container-device-interface v0.5.1
+## explicit; go 1.17
 github.com/container-orchestrated-devices/container-device-interface/pkg/cdi
 github.com/container-orchestrated-devices/container-device-interface/specs-go
-# github.com/containerd/cgroups v1.0.3
+# github.com/containerd/cgroups v1.0.4
+## explicit; go 1.17
 github.com/containerd/cgroups/stats/v1
-# github.com/containerd/containerd v1.6.6
+# github.com/containerd/containerd v1.6.8
+## explicit; go 1.17
 github.com/containerd/containerd/errdefs
 github.com/containerd/containerd/log
 github.com/containerd/containerd/pkg/userns
 github.com/containerd/containerd/platforms
 github.com/containerd/containerd/sys
 # github.com/containerd/stargz-snapshotter/estargz v0.12.0
+## explicit; go 1.16
 github.com/containerd/stargz-snapshotter/estargz
 github.com/containerd/stargz-snapshotter/estargz/errorutil
 # github.com/containernetworking/cni v1.1.2
-## explicit
+## explicit; go 1.14
 github.com/containernetworking/cni/libcni
 github.com/containernetworking/cni/pkg/invoke
 github.com/containernetworking/cni/pkg/types
@@ -89,10 +95,10 @@ github.com/containernetworking/cni/pkg/types/internal
 github.com/containernetworking/cni/pkg/utils
 github.com/containernetworking/cni/pkg/version
 # github.com/containernetworking/plugins v1.1.1
-## explicit
+## explicit; go 1.17
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/buildah v1.26.1-0.20220716095526-d31d27c357ab
-## explicit
+# github.com/containers/buildah v1.27.1-0.20220907121344-97a52b13bb27
+## explicit; go 1.17
 github.com/containers/buildah
 github.com/containers/buildah/bind
 github.com/containers/buildah/chroot
@@ -114,8 +120,8 @@ github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/util
-# github.com/containers/common v0.48.1-0.20220720145307-26032247af78
-## explicit
+# github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7
+## explicit; go 1.17
 github.com/containers/common/libimage
 github.com/containers/common/libimage/define
 github.com/containers/common/libimage/manifests
@@ -157,6 +163,7 @@ github.com/containers/common/pkg/secrets/filedriver
 github.com/containers/common/pkg/secrets/passdriver
 github.com/containers/common/pkg/secrets/shelldriver
 github.com/containers/common/pkg/signal
+github.com/containers/common/pkg/ssh
 github.com/containers/common/pkg/subscriptions
 github.com/containers/common/pkg/supplemented
 github.com/containers/common/pkg/sysinfo
@@ -167,8 +174,8 @@ github.com/containers/common/version
 # github.com/containers/conmon v2.0.20+incompatible
 ## explicit
 github.com/containers/conmon/runner/config
-# github.com/containers/image/v5 v5.21.2-0.20220721072459-bf19265865b7
-## explicit
+# github.com/containers/image/v5 v5.22.1-0.20220907162003-651744379993
+## explicit; go 1.17
 github.com/containers/image/v5/copy
 github.com/containers/image/v5/directory
 github.com/containers/image/v5/directory/explicitfilepath
@@ -210,6 +217,7 @@ github.com/containers/image/v5/pkg/blobinfocache/boltdb
 github.com/containers/image/v5/pkg/blobinfocache/internal/prioritize
 github.com/containers/image/v5/pkg/blobinfocache/memory
 github.com/containers/image/v5/pkg/blobinfocache/none
+github.com/containers/image/v5/pkg/cli
 github.com/containers/image/v5/pkg/compression
 github.com/containers/image/v5/pkg/compression/internal
 github.com/containers/image/v5/pkg/compression/types
@@ -229,9 +237,10 @@ github.com/containers/image/v5/transports/alltransports
 github.com/containers/image/v5/types
 github.com/containers/image/v5/version
 # github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a
+## explicit
 github.com/containers/libtrust
 # github.com/containers/ocicrypt v1.1.5
-## explicit
+## explicit; go 1.12
 github.com/containers/ocicrypt
 github.com/containers/ocicrypt/blockcipher
 github.com/containers/ocicrypt/config
@@ -248,8 +257,8 @@ github.com/containers/ocicrypt/keywrap/pkcs7
 github.com/containers/ocicrypt/spec
 github.com/containers/ocicrypt/utils
 github.com/containers/ocicrypt/utils/keyprovider
-# github.com/containers/psgo v1.7.2
-## explicit
+# github.com/containers/psgo v1.7.3
+## explicit; go 1.14
 github.com/containers/psgo
 github.com/containers/psgo/internal/capabilities
 github.com/containers/psgo/internal/cgroups
@@ -257,8 +266,8 @@ github.com/containers/psgo/internal/dev
 github.com/containers/psgo/internal/host
 github.com/containers/psgo/internal/proc
 github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.41.1-0.20220718173332-b10c469fda0a
-## explicit
+# github.com/containers/storage v1.42.1-0.20220911223137-e11b246de159
+## explicit; go 1.16
 github.com/containers/storage
 github.com/containers/storage/drivers
 github.com/containers/storage/drivers/aufs
@@ -304,9 +313,10 @@ github.com/containers/storage/pkg/truncindex
 github.com/containers/storage/pkg/unshare
 github.com/containers/storage/types
 # github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f
+## explicit
 github.com/coreos/go-systemd/activation
 # github.com/coreos/go-systemd/v22 v22.3.2
-## explicit
+## explicit; go 1.12
 github.com/coreos/go-systemd/v22/activation
 github.com/coreos/go-systemd/v22/daemon
 github.com/coreos/go-systemd/v22/dbus
@@ -314,7 +324,7 @@ github.com/coreos/go-systemd/v22/internal/dlopen
 github.com/coreos/go-systemd/v22/journal
 github.com/coreos/go-systemd/v22/sdjournal
 # github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
-## explicit
+## explicit; go 1.15
 github.com/coreos/stream-metadata-go/fedoracoreos
 github.com/coreos/stream-metadata-go/fedoracoreos/internals
 github.com/coreos/stream-metadata-go/release
@@ -322,34 +332,31 @@ github.com/coreos/stream-metadata-go/release/rhcos
 github.com/coreos/stream-metadata-go/stream
 github.com/coreos/stream-metadata-go/stream/rhcos
 # github.com/cyphar/filepath-securejoin v0.2.3
-## explicit
+## explicit; go 1.13
 github.com/cyphar/filepath-securejoin
 # github.com/davecgh/go-spew v1.1.1
+## explicit
 github.com/davecgh/go-spew/spew
 # github.com/digitalocean/go-libvirt v0.0.0-20201209184759-e2a69bcd5bd1
+## explicit; go 1.14
 github.com/digitalocean/go-libvirt
 github.com/digitalocean/go-libvirt/internal/constants
 github.com/digitalocean/go-libvirt/internal/event
 github.com/digitalocean/go-libvirt/internal/go-xdr/xdr2
 # github.com/digitalocean/go-qemu v0.0.0-20210326154740-ac9e0b687001
-## explicit
+## explicit; go 1.15
 github.com/digitalocean/go-qemu/qmp
 # github.com/disiqueira/gotree/v3 v3.0.2
+## explicit; go 1.13
 github.com/disiqueira/gotree/v3
 # github.com/docker/distribution v2.8.1+incompatible
 ## explicit
-github.com/docker/distribution
 github.com/docker/distribution/digestset
-github.com/docker/distribution/metrics
 github.com/docker/distribution/reference
 github.com/docker/distribution/registry/api/errcode
 github.com/docker/distribution/registry/api/v2
-github.com/docker/distribution/registry/client
 github.com/docker/distribution/registry/client/auth/challenge
-github.com/docker/distribution/registry/client/transport
-github.com/docker/distribution/registry/storage/cache
-github.com/docker/distribution/registry/storage/cache/memory
-# github.com/docker/docker v20.10.17+incompatible
+# github.com/docker/docker v20.10.18+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types
@@ -369,7 +376,6 @@ github.com/docker/docker/api/types/versions
 github.com/docker/docker/api/types/volume
 github.com/docker/docker/client
 github.com/docker/docker/errdefs
-github.com/docker/docker/opts
 github.com/docker/docker/pkg/archive
 github.com/docker/docker/pkg/fileutils
 github.com/docker/docker/pkg/homedir
@@ -383,94 +389,109 @@ github.com/docker/docker/pkg/pools
 github.com/docker/docker/pkg/stdcopy
 github.com/docker/docker/pkg/system
 # github.com/docker/docker-credential-helpers v0.6.4
+## explicit; go 1.13
 github.com/docker/docker-credential-helpers/client
 github.com/docker/docker-credential-helpers/credentials
 # github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11
-## explicit
+## explicit; go 1.13
 github.com/docker/go-connections/nat
 github.com/docker/go-connections/sockets
 github.com/docker/go-connections/tlsconfig
-# github.com/docker/go-metrics v0.0.1
-github.com/docker/go-metrics
 # github.com/docker/go-plugins-helpers v0.0.0-20211224144127-6eecb7beb651
 ## explicit
 github.com/docker/go-plugins-helpers/sdk
 github.com/docker/go-plugins-helpers/volume
-# github.com/docker/go-units v0.4.0
+# github.com/docker/go-units v0.5.0
 ## explicit
 github.com/docker/go-units
-# github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316
-## explicit
-github.com/docker/libnetwork/ipamutils
-# github.com/dtylman/scp v0.0.0-20181017070807-f3000a34aef4
-## explicit
-github.com/dtylman/scp
-# github.com/felixge/httpsnoop v1.0.1
+# github.com/felixge/httpsnoop v1.0.3
+## explicit; go 1.13
 github.com/felixge/httpsnoop
 # github.com/fsnotify/fsnotify v1.5.4
-## explicit
+## explicit; go 1.16
 github.com/fsnotify/fsnotify
-# github.com/fsouza/go-dockerclient v1.8.1
+# github.com/fsouza/go-dockerclient v1.8.3
+## explicit; go 1.18
 github.com/fsouza/go-dockerclient
 # github.com/ghodss/yaml v1.0.0
 ## explicit
 github.com/ghodss/yaml
 # github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
+## explicit; go 1.13
 github.com/go-task/slim-sprig
 # github.com/godbus/dbus/v5 v5.1.0
-## explicit
+## explicit; go 1.12
 github.com/godbus/dbus/v5
 # github.com/gogo/protobuf v1.3.2
+## explicit; go 1.15
 github.com/gogo/protobuf/gogoproto
 github.com/gogo/protobuf/proto
 github.com/gogo/protobuf/protoc-gen-gogo/descriptor
 # github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
+## explicit
 github.com/golang/groupcache/lru
 # github.com/golang/protobuf v1.5.2
+## explicit; go 1.9
 github.com/golang/protobuf/jsonpb
 github.com/golang/protobuf/proto
 github.com/golang/protobuf/ptypes
 github.com/golang/protobuf/ptypes/any
 github.com/golang/protobuf/ptypes/duration
 github.com/golang/protobuf/ptypes/timestamp
-# github.com/google/go-containerregistry v0.10.0
+# github.com/google/go-cmp v0.5.8
+## explicit; go 1.13
+github.com/google/go-cmp/cmp
+github.com/google/go-cmp/cmp/internal/diff
+github.com/google/go-cmp/cmp/internal/flags
+github.com/google/go-cmp/cmp/internal/function
+github.com/google/go-cmp/cmp/internal/value
+# github.com/google/go-containerregistry v0.11.0
+## explicit; go 1.17
 github.com/google/go-containerregistry/pkg/name
 # github.com/google/go-intervals v0.0.2
+## explicit; go 1.12
 github.com/google/go-intervals/intervalset
 # github.com/google/gofuzz v1.2.0
-## explicit
+## explicit; go 1.12
 github.com/google/gofuzz
 github.com/google/gofuzz/bytesource
 # github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-## explicit
+## explicit; go 1.13
 github.com/google/shlex
 # github.com/google/uuid v1.3.0
 ## explicit
 github.com/google/uuid
 # github.com/gorilla/handlers v1.5.1
-## explicit
+## explicit; go 1.14
 github.com/gorilla/handlers
 # github.com/gorilla/mux v1.8.0
-## explicit
+## explicit; go 1.12
 github.com/gorilla/mux
 # github.com/gorilla/schema v1.2.0
 ## explicit
 github.com/gorilla/schema
 # github.com/hashicorp/errwrap v1.1.0
+## explicit
 github.com/hashicorp/errwrap
 # github.com/hashicorp/go-multierror v1.1.1
-## explicit
+## explicit; go 1.13
 github.com/hashicorp/go-multierror
+# github.com/honeycombio/libhoney-go v1.15.8
+## explicit; go 1.14
 # github.com/imdario/mergo v0.3.13
+## explicit; go 1.13
 github.com/imdario/mergo
 # github.com/inconshreveable/mousetrap v1.0.0
+## explicit
 github.com/inconshreveable/mousetrap
 # github.com/jinzhu/copier v0.3.5
+## explicit; go 1.13
 github.com/jinzhu/copier
 # github.com/json-iterator/go v1.1.12
-## explicit
+## explicit; go 1.12
 github.com/json-iterator/go
-# github.com/klauspost/compress v1.15.8
+# github.com/klauspost/compress v1.15.9
+## explicit; go 1.16
 github.com/klauspost/compress
 github.com/klauspost/compress/flate
 github.com/klauspost/compress/fse
@@ -480,8 +501,13 @@ github.com/klauspost/compress/internal/snapref
 github.com/klauspost/compress/zstd
 github.com/klauspost/compress/zstd/internal/xxhash
 # github.com/klauspost/pgzip v1.2.5
+## explicit
 github.com/klauspost/pgzip
-# github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e
+# github.com/kr/fs v0.1.0
+## explicit
+github.com/kr/fs
+# github.com/letsencrypt/boulder v0.0.0-20220723181115-27de4befb95e
+## explicit; go 1.18
 github.com/letsencrypt/boulder/core
 github.com/letsencrypt/boulder/core/proto
 github.com/letsencrypt/boulder/errors
@@ -492,45 +518,53 @@ github.com/letsencrypt/boulder/probs
 github.com/letsencrypt/boulder/revocation
 github.com/letsencrypt/boulder/sa/proto
 # github.com/manifoldco/promptui v0.9.0
+## explicit; go 1.12
 github.com/manifoldco/promptui
 github.com/manifoldco/promptui/list
 github.com/manifoldco/promptui/screenbuf
-# github.com/mattn/go-isatty v0.0.14
-## explicit
+# github.com/mattn/go-isatty v0.0.16
+## explicit; go 1.15
 github.com/mattn/go-isatty
 # github.com/mattn/go-runewidth v0.0.13
+## explicit; go 1.9
 github.com/mattn/go-runewidth
 # github.com/mattn/go-shellwords v1.0.12
+## explicit; go 1.13
 github.com/mattn/go-shellwords
-# github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369
-github.com/matttproud/golang_protobuf_extensions/pbutil
 # github.com/miekg/pkcs11 v1.1.1
+## explicit; go 1.12
 github.com/miekg/pkcs11
 # github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
+## explicit
 github.com/mistifyio/go-zfs
 # github.com/moby/sys/mount v0.3.3
+## explicit; go 1.16
 github.com/moby/sys/mount
 # github.com/moby/sys/mountinfo v0.6.2
+## explicit; go 1.16
 github.com/moby/sys/mountinfo
 # github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
-## explicit
+## explicit; go 1.13
 github.com/moby/term
 github.com/moby/term/windows
 # github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
+## explicit
 github.com/modern-go/concurrent
 # github.com/modern-go/reflect2 v1.0.2
+## explicit; go 1.12
 github.com/modern-go/reflect2
 # github.com/morikuni/aec v1.0.0
+## explicit
 github.com/morikuni/aec
 # github.com/nxadm/tail v1.4.8
-## explicit
+## explicit; go 1.13
 github.com/nxadm/tail
 github.com/nxadm/tail/ratelimiter
 github.com/nxadm/tail/util
 github.com/nxadm/tail/watch
 github.com/nxadm/tail/winfile
 # github.com/onsi/ginkgo v1.16.5
-## explicit
+## explicit; go 1.16
 github.com/onsi/ginkgo
 github.com/onsi/ginkgo/config
 github.com/onsi/ginkgo/extensions/table
@@ -560,8 +594,8 @@ github.com/onsi/ginkgo/reporters/stenographer
 github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable
 github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty
 github.com/onsi/ginkgo/types
-# github.com/onsi/gomega v1.19.0
-## explicit
+# github.com/onsi/gomega v1.20.2
+## explicit; go 1.18
 github.com/onsi/gomega
 github.com/onsi/gomega/format
 github.com/onsi/gomega/gbytes
@@ -577,14 +611,14 @@ github.com/onsi/gomega/matchers/support/goraph/node
 github.com/onsi/gomega/matchers/support/goraph/util
 github.com/onsi/gomega/types
 # github.com/opencontainers/go-digest v1.0.0
-## explicit
+## explicit; go 1.13
 github.com/opencontainers/go-digest
 # github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198
-## explicit
+## explicit; go 1.11
 github.com/opencontainers/image-spec/specs-go
 github.com/opencontainers/image-spec/specs-go/v1
-# github.com/opencontainers/runc v1.1.3 => github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc
-## explicit
+# github.com/opencontainers/runc v1.1.4 => github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc
+## explicit; go 1.17
 github.com/opencontainers/runc/libcontainer/apparmor
 github.com/opencontainers/runc/libcontainer/cgroups
 github.com/opencontainers/runc/libcontainer/cgroups/fs
@@ -599,7 +633,7 @@ github.com/opencontainers/runc/libcontainer/utils
 ## explicit
 github.com/opencontainers/runtime-spec/specs-go
 # github.com/opencontainers/runtime-tools v0.9.1-0.20220714195903-17b3287fafb7
-## explicit
+## explicit; go 1.16
 github.com/opencontainers/runtime-tools/error
 github.com/opencontainers/runtime-tools/filepath
 github.com/opencontainers/runtime-tools/generate
@@ -607,44 +641,42 @@ github.com/opencontainers/runtime-tools/generate/seccomp
 github.com/opencontainers/runtime-tools/specerror
 github.com/opencontainers/runtime-tools/validate
 # github.com/opencontainers/selinux v1.10.1
-## explicit
+## explicit; go 1.13
 github.com/opencontainers/selinux/go-selinux
 github.com/opencontainers/selinux/go-selinux/label
 github.com/opencontainers/selinux/pkg/pwalk
 github.com/opencontainers/selinux/pkg/pwalkdir
 # github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
+## explicit; go 1.16
 github.com/openshift/imagebuilder
 github.com/openshift/imagebuilder/dockerfile/command
 github.com/openshift/imagebuilder/dockerfile/parser
 github.com/openshift/imagebuilder/signal
 github.com/openshift/imagebuilder/strslice
 # github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f
+## explicit
 github.com/ostreedev/ostree-go/pkg/glibobject
 github.com/ostreedev/ostree-go/pkg/otbuiltin
 # github.com/pkg/errors v0.9.1
+## explicit
 github.com/pkg/errors
+# github.com/pkg/sftp v1.13.5
+## explicit; go 1.15
+github.com/pkg/sftp
+github.com/pkg/sftp/internal/encoding/ssh/filexfer
 # github.com/pmezard/go-difflib v1.0.0
+## explicit
 github.com/pmezard/go-difflib/difflib
 # github.com/proglottis/gpgme v0.1.3
+## explicit; go 1.11
 github.com/proglottis/gpgme
-# github.com/prometheus/client_golang v1.12.1
-github.com/prometheus/client_golang/prometheus
-github.com/prometheus/client_golang/prometheus/internal
-github.com/prometheus/client_golang/prometheus/promhttp
-# github.com/prometheus/client_model v0.2.0
-github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.32.1
-github.com/prometheus/common/expfmt
-github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
-github.com/prometheus/common/model
-# github.com/prometheus/procfs v0.7.3
-github.com/prometheus/procfs
-github.com/prometheus/procfs/internal/fs
-github.com/prometheus/procfs/internal/util
 # github.com/rivo/uniseg v0.2.0
+## explicit; go 1.12
 github.com/rivo/uniseg
+# github.com/rogpeppe/go-internal v1.8.0
+## explicit; go 1.11
 # github.com/rootless-containers/rootlesskit v1.0.1
-## explicit
+## explicit; go 1.17
 github.com/rootless-containers/rootlesskit/pkg/api
 github.com/rootless-containers/rootlesskit/pkg/msgutil
 github.com/rootless-containers/rootlesskit/pkg/port
@@ -658,38 +690,45 @@ github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp
 github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udpproxy
 github.com/rootless-containers/rootlesskit/pkg/port/portutil
 # github.com/seccomp/libseccomp-golang v0.10.0
+## explicit; go 1.14
 github.com/seccomp/libseccomp-golang
-# github.com/sigstore/sigstore v1.3.1-0.20220629021053-b95fc0d626c1
+# github.com/sigstore/sigstore v1.4.0
+## explicit; go 1.17
 github.com/sigstore/sigstore/pkg/cryptoutils
 github.com/sigstore/sigstore/pkg/signature
 github.com/sigstore/sigstore/pkg/signature/options
 github.com/sigstore/sigstore/pkg/signature/payload
 # github.com/sirupsen/logrus v1.9.0
-## explicit
+## explicit; go 1.13
 github.com/sirupsen/logrus
 github.com/sirupsen/logrus/hooks/syslog
 # github.com/spf13/cobra v1.5.0
-## explicit
+## explicit; go 1.15
 github.com/spf13/cobra
 # github.com/spf13/pflag v1.0.5
-## explicit
+## explicit; go 1.12
 github.com/spf13/pflag
 # github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980
+## explicit
 github.com/stefanberger/go-pkcs11uri
 # github.com/stretchr/testify v1.8.0
-## explicit
+## explicit; go 1.13
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/require
-# github.com/sylabs/sif/v2 v2.7.1
+# github.com/sylabs/sif/v2 v2.7.2
+## explicit; go 1.18
 github.com/sylabs/sif/v2/pkg/sif
 # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
 ## explicit
 github.com/syndtr/gocapability/capability
 # github.com/tchap/go-patricia v2.3.0+incompatible
+## explicit
 github.com/tchap/go-patricia/patricia
-# github.com/theupdateframework/go-tuf v0.3.1
+# github.com/theupdateframework/go-tuf v0.4.0
+## explicit; go 1.18
 github.com/theupdateframework/go-tuf/encrypted
 # github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
+## explicit
 github.com/titanous/rocacheck
 # github.com/uber/jaeger-client-go v2.30.0+incompatible
 ## explicit
@@ -700,46 +739,53 @@ github.com/uber/jaeger-client-go/thrift-gen/jaeger
 github.com/uber/jaeger-client-go/thrift-gen/zipkincore
 github.com/uber/jaeger-client-go/utils
 # github.com/ulikunitz/xz v0.5.10
-## explicit
+## explicit; go 1.12
 github.com/ulikunitz/xz
 github.com/ulikunitz/xz/internal/hash
 github.com/ulikunitz/xz/internal/xlog
 github.com/ulikunitz/xz/lzma
 # github.com/vbatts/tar-split v0.11.2
+## explicit; go 1.15
 github.com/vbatts/tar-split/archive/tar
 github.com/vbatts/tar-split/tar/asm
 github.com/vbatts/tar-split/tar/storage
-# github.com/vbauerster/mpb/v7 v7.4.2
-## explicit
+# github.com/vbauerster/mpb/v7 v7.5.3
+## explicit; go 1.14
 github.com/vbauerster/mpb/v7
 github.com/vbauerster/mpb/v7/cwriter
 github.com/vbauerster/mpb/v7/decor
 github.com/vbauerster/mpb/v7/internal
 # github.com/vishvananda/netlink v1.1.1-0.20220115184804-dd687eb2f2d4
-## explicit
+## explicit; go 1.12
 github.com/vishvananda/netlink
 github.com/vishvananda/netlink/nl
 # github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f
+## explicit; go 1.12
 github.com/vishvananda/netns
 # github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
+## explicit
 github.com/xeipuuv/gojsonpointer
 # github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
+## explicit
 github.com/xeipuuv/gojsonreference
 # github.com/xeipuuv/gojsonschema v1.2.0
+## explicit
 github.com/xeipuuv/gojsonschema
 # go.etcd.io/bbolt v1.3.6
-## explicit
+## explicit; go 1.12
 go.etcd.io/bbolt
-# go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
+# go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
+## explicit; go 1.11
 go.mozilla.org/pkcs7
 # go.opencensus.io v0.23.0
+## explicit; go 1.13
 go.opencensus.io
 go.opencensus.io/internal
 go.opencensus.io/trace
 go.opencensus.io/trace/internal
 go.opencensus.io/trace/tracestate
-# golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
-## explicit
+# golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
+## explicit; go 1.17
 golang.org/x/crypto/blowfish
 golang.org/x/crypto/cast5
 golang.org/x/crypto/chacha20
@@ -764,7 +810,8 @@ golang.org/x/crypto/ssh
 golang.org/x/crypto/ssh/agent
 golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
 golang.org/x/crypto/ssh/knownhosts
-# golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e
+# golang.org/x/net v0.0.0-20220722155237-a158d28d115b
+## explicit; go 1.17
 golang.org/x/net/context
 golang.org/x/net/html
 golang.org/x/net/html/atom
@@ -775,12 +822,12 @@ golang.org/x/net/http2/hpack
 golang.org/x/net/idna
 golang.org/x/net/internal/timeseries
 golang.org/x/net/trace
-# golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
+# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
 ## explicit
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
-# golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
-## explicit
+# golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2
+## explicit; go 1.17
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
 golang.org/x/sys/internal/unsafeheader
@@ -788,11 +835,12 @@ golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
+golang.org/x/sys/windows/svc/eventlog
 # golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
-## explicit
+## explicit; go 1.17
 golang.org/x/term
 # golang.org/x/text v0.3.7
-## explicit
+## explicit; go 1.17
 golang.org/x/text/encoding
 golang.org/x/text/encoding/charmap
 golang.org/x/text/encoding/htmlindex
@@ -813,12 +861,15 @@ golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
-# golang.org/x/tools v0.1.10
+# golang.org/x/tools v0.1.12
+## explicit; go 1.18
 golang.org/x/tools/go/ast/inspector
 golang.org/x/tools/internal/typeparams
-# google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f
+# google.golang.org/genproto v0.0.0-20220720214146-176da50484ac
+## explicit; go 1.17
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.47.0
+# google.golang.org/grpc v1.48.0
+## explicit; go 1.14
 google.golang.org/grpc
 google.golang.org/grpc/attributes
 google.golang.org/grpc/backoff
@@ -868,7 +919,7 @@ google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
 # google.golang.org/protobuf v1.28.1
-## explicit
+## explicit; go 1.11
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/encoding/protowire
@@ -906,16 +957,20 @@ google.golang.org/protobuf/types/known/timestamppb
 ## explicit
 gopkg.in/inf.v0
 # gopkg.in/square/go-jose.v2 v2.6.0
+## explicit
 gopkg.in/square/go-jose.v2
 gopkg.in/square/go-jose.v2/cipher
 gopkg.in/square/go-jose.v2/json
 # gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
+## explicit
 gopkg.in/tomb.v1
 # gopkg.in/yaml.v2 v2.4.0
+## explicit; go 1.15
 gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
 # sigs.k8s.io/yaml v1.3.0
+## explicit; go 1.12
 sigs.k8s.io/yaml
 # github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.1-0.20220617142545-8b9452f75cbc
diff --git a/vendor/sigs.k8s.io/yaml/go.mod b/vendor/sigs.k8s.io/yaml/go.mod
deleted file mode 100644
index 818bbb519..000000000
--- a/vendor/sigs.k8s.io/yaml/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module sigs.k8s.io/yaml
-
-go 1.12
-
-require (
-	github.com/davecgh/go-spew v1.1.1
-	gopkg.in/yaml.v2 v2.4.0
-)
diff --git a/vendor/sigs.k8s.io/yaml/go.sum b/vendor/sigs.k8s.io/yaml/go.sum
deleted file mode 100644
index b7b8cbb10..000000000
--- a/vendor/sigs.k8s.io/yaml/go.sum
+++ /dev/null
@@ -1,6 +0,0 @@
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
diff --git a/version/version.go b/version/version.go
index 0a84bb235..417f3a9b1 100644
--- a/version/version.go
+++ b/version/version.go
@@ -27,7 +27,7 @@ const (
 // NOTE: remember to bump the version at the top
 // of the top-level README.md file when this is
 // bumped.
-var Version = semver.MustParse("4.2.0-dev")
+var Version = semver.MustParse("4.3.0-dev")
 
 // See https://docs.docker.com/engine/api/v1.40/
 // libpod compat handlers are expected to honor docker API versions