aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/containers/run.go6
-rw-r--r--contrib/tmpfile/podman.conf1
-rw-r--r--go.mod6
-rw-r--r--go.sum10
-rw-r--r--libpod/image/image_test.go57
-rw-r--r--libpod/image/pull.go8
-rw-r--r--libpod/image/testdata/registries.conf4
-rw-r--r--libpod/options.go22
-rw-r--r--libpod/runtime_ctr.go2
-rw-r--r--libpod/volume_internal.go1
-rw-r--r--libpod/volume_internal_linux.go10
-rw-r--r--pkg/domain/infra/abi/generate.go100
-rw-r--r--pkg/domain/infra/abi/play.go124
-rw-r--r--pkg/domain/infra/abi/play_test.go97
-rw-r--r--test/e2e/generate_kube_test.go36
-rw-r--r--test/e2e/play_kube_test.go129
-rw-r--r--test/e2e/run_volume_test.go26
-rw-r--r--test/system/030-run.bats11
-rw-r--r--vendor/github.com/containers/common/pkg/capabilities/capabilities.go49
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go2
-rw-r--r--vendor/github.com/containers/common/pkg/seccomp/supported.go97
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/drivers/overlay/overlay.go127
-rw-r--r--vendor/github.com/containers/storage/go.mod1
-rw-r--r--vendor/github.com/containers/storage/go.sum2
-rw-r--r--vendor/github.com/containers/storage/pkg/archive/archive.go45
-rw-r--r--vendor/github.com/ulikunitz/xz/LICENSE2
-rw-r--r--vendor/github.com/ulikunitz/xz/TODO.md8
-rw-r--r--vendor/github.com/ulikunitz/xz/bits.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/crc.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/format.go9
-rw-r--r--vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/internal/hash/doc.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/internal/hash/roller.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/bintree.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/bitops.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/breader.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/buffer.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/bytewriter.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/decoder.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/decoderdict.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/directcodec.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/distcodec.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/encoder.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/encoderdict.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/hashtable.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/header.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/header2.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/literalcodec.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/operation.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/prob.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/properties.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/rangecodec.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/reader.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/reader2.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/state.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/treecodecs.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/writer.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzma/writer2.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/lzmafilter.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/none-check.go2
-rw-r--r--vendor/github.com/ulikunitz/xz/reader.go9
-rw-r--r--vendor/github.com/ulikunitz/xz/writer.go2
-rw-r--r--vendor/modules.txt6
69 files changed, 750 insertions, 335 deletions
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index 83a5d7b8a..db7180ca9 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -17,6 +17,7 @@ import (
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
+ "golang.org/x/crypto/ssh/terminal"
)
var (
@@ -106,6 +107,11 @@ func run(cmd *cobra.Command, args []string) error {
return err
}
+ // TODO: Breaking change should be made fatal in next major Release
+ if cliVals.TTY && cliVals.Interactive && !terminal.IsTerminal(int(os.Stdin.Fd())) {
+ logrus.Warnf("The input device is not a TTY. The --tty and --interactive flags might not work properly")
+ }
+
if af := cliVals.Authfile; len(af) > 0 {
if _, err := os.Stat(af); err != nil {
return err
diff --git a/contrib/tmpfile/podman.conf b/contrib/tmpfile/podman.conf
index e7cad4066..650678a21 100644
--- a/contrib/tmpfile/podman.conf
+++ b/contrib/tmpfile/podman.conf
@@ -1,5 +1,6 @@
# /tmp/podman-run-* directory can contain content for Podman containers that have run
# for many days. This following line prevents systemd from removing this content.
x /tmp/podman-run-*
+x /tmp/containers-user-*
D! /run/podman 0700 root root
D! /var/lib/cni/networks
diff --git a/go.mod b/go.mod
index 333b593f6..385c571b1 100644
--- a/go.mod
+++ b/go.mod
@@ -11,12 +11,12 @@ require (
github.com/containernetworking/cni v0.8.1
github.com/containernetworking/plugins v0.9.1
github.com/containers/buildah v1.19.8
- github.com/containers/common v0.35.3
+ github.com/containers/common v0.35.4
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.10.5
github.com/containers/ocicrypt v1.1.0
github.com/containers/psgo v1.5.2
- github.com/containers/storage v1.28.0
+ github.com/containers/storage v1.28.1
github.com/coreos/go-systemd/v22 v22.3.0
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cri-o/ocicni v0.2.1-0.20210301205850-541cf7c703cf
@@ -67,7 +67,7 @@ require (
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
- gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
+ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
k8s.io/api v0.20.5
k8s.io/apimachinery v0.20.5
)
diff --git a/go.sum b/go.sum
index fa26133dc..501673496 100644
--- a/go.sum
+++ b/go.sum
@@ -180,8 +180,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
github.com/containers/buildah v1.19.8 h1:4TzmetfKPQF5hh6GgMwbAfrD50j+PAcsRiWDnx+gCI8=
github.com/containers/buildah v1.19.8/go.mod h1:VnyHWgNmfR1d89/zJ/F4cbwOzaQS+6sBky46W7dCo3E=
github.com/containers/common v0.33.4/go.mod h1:PhgL71XuC4jJ/1BIqeP7doke3aMFkCP90YBXwDeUr9g=
-github.com/containers/common v0.35.3 h1:6tEBSIHlJzpmt35zA1ZcjBqbtUilAHDWaa7buPvaqWY=
-github.com/containers/common v0.35.3/go.mod h1:rMzxgD7nMGw++cEbsp+NZv0UJO4rgXbm7F7IbJPTwIE=
+github.com/containers/common v0.35.4 h1:szyWRncsHkBwCVpu1dkEOXUjkwCetlfcLmKJTwo1Sp8=
+github.com/containers/common v0.35.4/go.mod h1:rMzxgD7nMGw++cEbsp+NZv0UJO4rgXbm7F7IbJPTwIE=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.10.1/go.mod h1:JlRLJZv7elVbtHaaaR6Kz8i6G3k2ttj4t7fubwxD9Hs=
@@ -200,8 +200,9 @@ github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3E
github.com/containers/storage v1.24.5/go.mod h1:YC+2pY8SkfEAcZkwycxYbpK8EiRbx5soPPwz9dxe4IQ=
github.com/containers/storage v1.24.6/go.mod h1:YC+2pY8SkfEAcZkwycxYbpK8EiRbx5soPPwz9dxe4IQ=
github.com/containers/storage v1.24.8/go.mod h1:YC+2pY8SkfEAcZkwycxYbpK8EiRbx5soPPwz9dxe4IQ=
-github.com/containers/storage v1.28.0 h1:lA/9i9BIjfmIRxCI8GuzasYHmU4IUXVcfZZiDceD0Eg=
github.com/containers/storage v1.28.0/go.mod h1:ixAwO7Bj31cigqPEG7aCz+PYmxkDxbIFdUFioYdxbzI=
+github.com/containers/storage v1.28.1 h1:axYBD+c0N0YkHelDoqzdLQXfY3fgb8pqIMsRHqUNGts=
+github.com/containers/storage v1.28.1/go.mod h1:5bwiMh2LkrN3AWIfDFMH7A/xbVNLcve+oeXYvHvW8cc=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
@@ -769,8 +770,9 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1
github.com/u-root/u-root v7.0.0+incompatible/go.mod h1:RYkpo8pTHrNjW08opNd/U6p/RJE7K0D8fXO0d47+3YY=
github.com/uber/jaeger-client-go v2.25.0+incompatible h1:IxcNZ7WRY1Y3G4poYlx24szfsn/3LvK9QHCq9oQw8+U=
github.com/uber/jaeger-client-go v2.25.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
-github.com/ulikunitz/xz v0.5.9 h1:RsKRIA2MO8x56wkkcd3LbtcE/uMszhb6DpRf+3uwa3I=
github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
+github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
diff --git a/libpod/image/image_test.go b/libpod/image/image_test.go
index 3e6e7b9db..d95a22f76 100644
--- a/libpod/image/image_test.go
+++ b/libpod/image/image_test.go
@@ -13,6 +13,7 @@ import (
"github.com/containers/storage/pkg/reexec"
"github.com/opencontainers/go-digest"
"github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
)
var (
@@ -93,6 +94,8 @@ func TestImage_NewFromLocal(t *testing.T) {
// Need images to be present for this test
ir, err := NewImageRuntimeFromOptions(so)
assert.NoError(t, err)
+ defer cleanup(workdir, ir)
+
ir.Eventer = events.NewNullEventer()
bb, err := ir.New(context.Background(), "docker.io/library/busybox:latest", "", "", writer, nil, SigningOptions{}, nil, util.PullImageMissing, nil)
assert.NoError(t, err)
@@ -106,13 +109,10 @@ func TestImage_NewFromLocal(t *testing.T) {
assert.NoError(t, err)
for _, name := range image.names {
newImage, err := ir.NewFromLocal(name)
- assert.NoError(t, err)
+ require.NoError(t, err)
assert.Equal(t, newImage.ID(), image.img.ID())
}
}
-
- // Shutdown the runtime and remove the temporary storage
- cleanup(workdir, ir)
}
// TestImage_New tests pulling the image by various names, tags, and from
@@ -125,30 +125,31 @@ func TestImage_New(t *testing.T) {
var names []string
workdir, err := mkWorkDir()
assert.NoError(t, err)
-
so := storage.StoreOptions{
RunRoot: workdir,
GraphRoot: workdir,
}
ir, err := NewImageRuntimeFromOptions(so)
assert.NoError(t, err)
+ defer cleanup(workdir, ir)
+
ir.Eventer = events.NewNullEventer()
// Build the list of pull names
names = append(names, bbNames...)
writer := os.Stdout
+ opts := DockerRegistryOptions{
+ RegistriesConfPath: "testdata/registries.conf",
+ }
// Iterate over the names and delete the image
// after the pull
for _, img := range names {
- newImage, err := ir.New(context.Background(), img, "", "", writer, nil, SigningOptions{}, nil, util.PullImageMissing, nil)
- assert.NoError(t, err)
+ newImage, err := ir.New(context.Background(), img, "", "", writer, &opts, SigningOptions{}, nil, util.PullImageMissing, nil)
+ require.NoError(t, err, img)
assert.NotEqual(t, newImage.ID(), "")
err = newImage.Remove(context.Background(), false)
assert.NoError(t, err)
}
-
- // Shutdown the runtime and remove the temporary storage
- cleanup(workdir, ir)
}
// TestImage_MatchRepoTag tests the various inputs we need to match
@@ -161,20 +162,24 @@ func TestImage_MatchRepoTag(t *testing.T) {
//Set up
workdir, err := mkWorkDir()
assert.NoError(t, err)
-
so := storage.StoreOptions{
RunRoot: workdir,
GraphRoot: workdir,
}
ir, err := NewImageRuntimeFromOptions(so)
- assert.NoError(t, err)
+ require.NoError(t, err)
+ defer cleanup(workdir, ir)
+
+ opts := DockerRegistryOptions{
+ RegistriesConfPath: "testdata/registries.conf",
+ }
ir.Eventer = events.NewNullEventer()
- newImage, err := ir.New(context.Background(), "busybox", "", "", os.Stdout, nil, SigningOptions{}, nil, util.PullImageMissing, nil)
- assert.NoError(t, err)
+ newImage, err := ir.New(context.Background(), "busybox", "", "", os.Stdout, &opts, SigningOptions{}, nil, util.PullImageMissing, nil)
+ require.NoError(t, err)
err = newImage.TagImage("foo:latest")
- assert.NoError(t, err)
+ require.NoError(t, err)
err = newImage.TagImage("foo:bar")
- assert.NoError(t, err)
+ require.NoError(t, err)
// Tests start here.
for _, name := range bbNames {
@@ -187,23 +192,19 @@ func TestImage_MatchRepoTag(t *testing.T) {
// foo should resolve to foo:latest
repoTag, err := newImage.MatchRepoTag("foo")
- assert.NoError(t, err)
+ require.NoError(t, err)
assert.Equal(t, "localhost/foo:latest", repoTag)
// foo:bar should resolve to foo:bar
repoTag, err = newImage.MatchRepoTag("foo:bar")
- assert.NoError(t, err)
+ require.NoError(t, err)
assert.Equal(t, "localhost/foo:bar", repoTag)
- // Shutdown the runtime and remove the temporary storage
- cleanup(workdir, ir)
}
// TestImage_RepoDigests tests RepoDigest generation.
func TestImage_RepoDigests(t *testing.T) {
dgst, err := digest.Parse("sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc")
- if err != nil {
- t.Fatal(err)
- }
+ require.NoError(t, err)
for _, tt := range []struct {
name string
@@ -235,10 +236,7 @@ func TestImage_RepoDigests(t *testing.T) {
},
}
actual, err := image.RepoDigests()
- if err != nil {
- t.Fatal(err)
- }
-
+ require.NoError(t, err)
assert.Equal(t, test.expected, actual)
image = &Image{
@@ -248,10 +246,7 @@ func TestImage_RepoDigests(t *testing.T) {
},
}
actual, err = image.RepoDigests()
- if err != nil {
- t.Fatal(err)
- }
-
+ require.NoError(t, err)
assert.Equal(t, test.expected, actual)
})
}
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index 58160b52f..6517fbd07 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -245,6 +245,7 @@ func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName s
sc.OSChoice = dockerOptions.OSChoice
sc.ArchitectureChoice = dockerOptions.ArchitectureChoice
sc.VariantChoice = dockerOptions.VariantChoice
+ sc.SystemRegistriesConfPath = dockerOptions.RegistriesConfPath
}
if signaturePolicyPath == "" {
sc.SignaturePolicyPath = ir.SignaturePolicyPath
@@ -306,7 +307,12 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
}
}()
- systemRegistriesConfPath := registries.SystemRegistriesConfPath()
+ var systemRegistriesConfPath string
+ if dockerOptions != nil && dockerOptions.RegistriesConfPath != "" {
+ systemRegistriesConfPath = dockerOptions.RegistriesConfPath
+ } else {
+ systemRegistriesConfPath = registries.SystemRegistriesConfPath()
+ }
var (
images []string
diff --git a/libpod/image/testdata/registries.conf b/libpod/image/testdata/registries.conf
new file mode 100644
index 000000000..16622a1ac
--- /dev/null
+++ b/libpod/image/testdata/registries.conf
@@ -0,0 +1,4 @@
+short-name-mode="enforcing"
+
+[aliases]
+"busybox"="docker.io/library/busybox"
diff --git a/libpod/options.go b/libpod/options.go
index 85862cc17..24e9d74f4 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1577,8 +1577,6 @@ func WithVolumeLabels(labels map[string]string) VolumeCreateOption {
}
// WithVolumeOptions sets the options of the volume.
-// If the "local" driver has been selected, options will be validated. There are
-// currently 3 valid options for the "local" driver - o, type, and device.
func WithVolumeOptions(options map[string]string) VolumeCreateOption {
return func(volume *Volume) error {
if volume.valid {
@@ -1587,13 +1585,6 @@ func WithVolumeOptions(options map[string]string) VolumeCreateOption {
volume.config.Options = make(map[string]string)
for key, value := range options {
- switch key {
- case "type", "device", "o", "UID", "GID":
- volume.config.Options[key] = value
- default:
- return errors.Wrapf(define.ErrInvalidArg, "unrecognized volume option %q is not supported with local driver", key)
- }
-
volume.config.Options[key] = value
}
@@ -1627,19 +1618,6 @@ func WithVolumeGID(gid int) VolumeCreateOption {
}
}
-// WithVolumeNeedsChown sets the NeedsChown flag for the volume.
-func WithVolumeNeedsChown() VolumeCreateOption {
- return func(volume *Volume) error {
- if volume.valid {
- return define.ErrVolumeFinalized
- }
-
- volume.state.NeedsChown = true
-
- return nil
- }
-}
-
// withSetAnon sets a bool notifying libpod that this volume is anonymous and
// should be removed when containers using it are removed and volumes are
// specified for removal.
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 19690d79b..537618b65 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -392,7 +392,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
logrus.Debugf("Creating new volume %s for container", vol.Name)
// The volume does not exist, so we need to create it.
- volOptions := []VolumeCreateOption{WithVolumeName(vol.Name), WithVolumeUID(ctr.RootUID()), WithVolumeGID(ctr.RootGID()), WithVolumeNeedsChown()}
+ volOptions := []VolumeCreateOption{WithVolumeName(vol.Name), WithVolumeUID(ctr.RootUID()), WithVolumeGID(ctr.RootGID())}
if isAnonymous {
volOptions = append(volOptions, withSetAnon())
}
diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go
index c1dbe00fd..694cdd149 100644
--- a/libpod/volume_internal.go
+++ b/libpod/volume_internal.go
@@ -17,6 +17,7 @@ func newVolume(runtime *Runtime) *Volume {
volume.config.Labels = make(map[string]string)
volume.config.Options = make(map[string]string)
volume.state.NeedsCopyUp = true
+ volume.state.NeedsChown = true
return volume
}
diff --git a/libpod/volume_internal_linux.go b/libpod/volume_internal_linux.go
index 67ac41874..92391de1d 100644
--- a/libpod/volume_internal_linux.go
+++ b/libpod/volume_internal_linux.go
@@ -32,8 +32,10 @@ func (v *Volume) mount() error {
return nil
}
- // We cannot mount volumes as rootless.
- if rootless.IsRootless() {
+ // We cannot mount 'local' volumes as rootless.
+ if !v.UsesVolumeDriver() && rootless.IsRootless() {
+ // This check should only be applied to 'local' driver
+ // so Volume Drivers must be excluded
return errors.Wrapf(define.ErrRootless, "cannot mount volumes without root privileges")
}
@@ -137,8 +139,8 @@ func (v *Volume) unmount(force bool) error {
return nil
}
- // We cannot unmount volumes as rootless.
- if rootless.IsRootless() {
+ // We cannot unmount 'local' volumes as rootless.
+ if !v.UsesVolumeDriver() && rootless.IsRootless() {
// If force is set, just clear the counter and bail without
// error, so we can remove volumes from the state if they are in
// an awkward configuration.
diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go
index 161becbfa..94f649e15 100644
--- a/pkg/domain/infra/abi/generate.go
+++ b/pkg/domain/infra/abi/generate.go
@@ -44,11 +44,10 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string,
func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string, options entities.GenerateKubeOptions) (*entities.GenerateKubeReport, error) {
var (
pods []*libpod.Pod
- podYAML *k8sAPI.Pod
- err error
ctrs []*libpod.Container
- servicePorts []k8sAPI.ServicePort
- serviceYAML k8sAPI.Service
+ kubePods []*k8sAPI.Pod
+ kubeServices []k8sAPI.Service
+ content []byte
)
for _, nameOrID := range nameOrIDs {
// Get the container in question
@@ -59,9 +58,6 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string,
return nil, err
}
pods = append(pods, pod)
- if len(pods) > 1 {
- return nil, errors.New("can only generate single pod at a time")
- }
} else {
if len(ctr.Dependencies()) > 0 {
return nil, errors.Wrapf(define.ErrNotImplemented, "containers with dependencies")
@@ -79,20 +75,29 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string,
return nil, errors.New("cannot generate pods and containers at the same time")
}
- if len(pods) == 1 {
- podYAML, servicePorts, err = pods[0].GenerateForKube()
+ if len(pods) >= 1 {
+ pos, svcs, err := getKubePods(pods, options.Service)
+ if err != nil {
+ return nil, err
+ }
+
+ kubePods = append(kubePods, pos...)
+ if options.Service {
+ kubeServices = append(kubeServices, svcs...)
+ }
} else {
- podYAML, err = libpod.GenerateForKube(ctrs)
- }
- if err != nil {
- return nil, err
- }
+ po, err := libpod.GenerateForKube(ctrs)
+ if err != nil {
+ return nil, err
+ }
- if options.Service {
- serviceYAML = libpod.GenerateKubeServiceFromV1Pod(podYAML, servicePorts)
+ kubePods = append(kubePods, po)
+ if options.Service {
+ kubeServices = append(kubeServices, libpod.GenerateKubeServiceFromV1Pod(po, []k8sAPI.ServicePort{}))
+ }
}
- content, err := generateKubeOutput(podYAML, &serviceYAML, options.Service)
+ content, err := generateKubeOutput(kubePods, kubeServices, options.Service)
if err != nil {
return nil, err
}
@@ -100,24 +105,56 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string,
return &entities.GenerateKubeReport{Reader: bytes.NewReader(content)}, nil
}
-func generateKubeOutput(podYAML *k8sAPI.Pod, serviceYAML *k8sAPI.Service, hasService bool) ([]byte, error) {
- var (
- output []byte
- marshalledPod []byte
- marshalledService []byte
- err error
- )
+func getKubePods(pods []*libpod.Pod, getService bool) ([]*k8sAPI.Pod, []k8sAPI.Service, error) {
+ kubePods := make([]*k8sAPI.Pod, 0)
+ kubeServices := make([]k8sAPI.Service, 0)
- marshalledPod, err = yaml.Marshal(podYAML)
- if err != nil {
- return nil, err
+ for _, p := range pods {
+ po, svc, err := p.GenerateForKube()
+ if err != nil {
+ return nil, nil, err
+ }
+
+ kubePods = append(kubePods, po)
+ if getService {
+ kubeServices = append(kubeServices, libpod.GenerateKubeServiceFromV1Pod(po, svc))
+ }
}
- if hasService {
- marshalledService, err = yaml.Marshal(serviceYAML)
+ return kubePods, kubeServices, nil
+}
+
+func generateKubeOutput(kubePods []*k8sAPI.Pod, kubeServices []k8sAPI.Service, hasService bool) ([]byte, error) {
+ output := make([]byte, 0)
+ marshalledPods := make([]byte, 0)
+ marshalledServices := make([]byte, 0)
+
+ for i, p := range kubePods {
+ if i != 0 {
+ marshalledPods = append(marshalledPods, []byte("---\n")...)
+ }
+
+ b, err := yaml.Marshal(p)
if err != nil {
return nil, err
}
+
+ marshalledPods = append(marshalledPods, b...)
+ }
+
+ if hasService {
+ for i, s := range kubeServices {
+ if i != 0 {
+ marshalledServices = append(marshalledServices, []byte("---\n")...)
+ }
+
+ b, err := yaml.Marshal(s)
+ if err != nil {
+ return nil, err
+ }
+
+ marshalledServices = append(marshalledServices, b...)
+ }
}
header := `# Generation of Kubernetes YAML is still under development!
@@ -133,11 +170,12 @@ func generateKubeOutput(podYAML *k8sAPI.Pod, serviceYAML *k8sAPI.Service, hasSer
}
output = append(output, []byte(fmt.Sprintf(header, podmanVersion.Version))...)
- output = append(output, marshalledPod...)
+ // kube generate order is based on helm install order (service, pod...)
if hasService {
+ output = append(output, marshalledServices...)
output = append(output, []byte("---\n")...)
- output = append(output, marshalledService...)
}
+ output = append(output, marshalledPods...)
return output, nil
}
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index efc7c86e3..7d87fc83a 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -1,6 +1,7 @@
package abi
import (
+ "bytes"
"context"
"fmt"
"io"
@@ -20,46 +21,79 @@ import (
"github.com/ghodss/yaml"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
+ yamlv3 "gopkg.in/yaml.v3"
v1apps "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
)
func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, options entities.PlayKubeOptions) (*entities.PlayKubeReport, error) {
- var (
- kubeObject v1.ObjectReference
- )
+ report := &entities.PlayKubeReport{}
+ validKinds := 0
+ // read yaml document
content, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
- if err := yaml.Unmarshal(content, &kubeObject); err != nil {
- return nil, errors.Wrapf(err, "unable to read %q as YAML", path)
+ // split yaml document
+ documentList, err := splitMultiDocYAML(content)
+ if err != nil {
+ return nil, err
}
- // NOTE: pkg/bindings/play is also parsing the file.
- // A pkg/kube would be nice to refactor and abstract
- // parts of the K8s-related code.
- switch kubeObject.Kind {
- case "Pod":
- var podYAML v1.Pod
- var podTemplateSpec v1.PodTemplateSpec
- if err := yaml.Unmarshal(content, &podYAML); err != nil {
- return nil, errors.Wrapf(err, "unable to read YAML %q as Kube Pod", path)
+ // create pod on each document if it is a pod or deployment
+ // any other kube kind will be skipped
+ for _, document := range documentList {
+ kind, err := getKubeKind(document)
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to read %q as kube YAML", path)
}
- podTemplateSpec.ObjectMeta = podYAML.ObjectMeta
- podTemplateSpec.Spec = podYAML.Spec
- return ic.playKubePod(ctx, podTemplateSpec.ObjectMeta.Name, &podTemplateSpec, options)
- case "Deployment":
- var deploymentYAML v1apps.Deployment
- if err := yaml.Unmarshal(content, &deploymentYAML); err != nil {
- return nil, errors.Wrapf(err, "unable to read YAML %q as Kube Deployment", path)
+
+ switch kind {
+ case "Pod":
+ var podYAML v1.Pod
+ var podTemplateSpec v1.PodTemplateSpec
+
+ if err := yaml.Unmarshal(document, &podYAML); err != nil {
+ return nil, errors.Wrapf(err, "unable to read YAML %q as Kube Pod", path)
+ }
+
+ podTemplateSpec.ObjectMeta = podYAML.ObjectMeta
+ podTemplateSpec.Spec = podYAML.Spec
+
+ r, err := ic.playKubePod(ctx, podTemplateSpec.ObjectMeta.Name, &podTemplateSpec, options)
+ if err != nil {
+ return nil, err
+ }
+
+ report.Pods = append(report.Pods, r.Pods...)
+ validKinds++
+ case "Deployment":
+ var deploymentYAML v1apps.Deployment
+
+ if err := yaml.Unmarshal(document, &deploymentYAML); err != nil {
+ return nil, errors.Wrapf(err, "unable to read YAML %q as Kube Deployment", path)
+ }
+
+ r, err := ic.playKubeDeployment(ctx, &deploymentYAML, options)
+ if err != nil {
+ return nil, err
+ }
+
+ report.Pods = append(report.Pods, r.Pods...)
+ validKinds++
+ default:
+ logrus.Infof("kube kind %s not supported", kind)
+ continue
}
- return ic.playKubeDeployment(ctx, &deploymentYAML, options)
- default:
- return nil, errors.Errorf("invalid YAML kind: %q. [Pod|Deployment] are the only supported Kubernetes Kinds", kubeObject.Kind)
}
+
+ if validKinds == 0 {
+ return nil, fmt.Errorf("YAML document does not contain any supported kube kind")
+ }
+
+ return report, nil
}
func (ic *ContainerEngine) playKubeDeployment(ctx context.Context, deploymentYAML *v1apps.Deployment, options entities.PlayKubeOptions) (*entities.PlayKubeReport, error) {
@@ -290,3 +324,45 @@ func readConfigMapFromFile(r io.Reader) (v1.ConfigMap, error) {
return cm, nil
}
+
+// splitMultiDocYAML reads mutiple documents in a YAML file and
+// returns them as a list.
+func splitMultiDocYAML(yamlContent []byte) ([][]byte, error) {
+ var documentList [][]byte
+
+ d := yamlv3.NewDecoder(bytes.NewReader(yamlContent))
+ for {
+ var o interface{}
+ // read individual document
+ err := d.Decode(&o)
+ if err == io.EOF {
+ break
+ }
+ if err != nil {
+ return nil, errors.Wrapf(err, "multi doc yaml could not be split")
+ }
+
+ if o != nil {
+ // back to bytes
+ document, err := yamlv3.Marshal(o)
+ if err != nil {
+ return nil, errors.Wrapf(err, "individual doc yaml could not be marshalled")
+ }
+
+ documentList = append(documentList, document)
+ }
+ }
+
+ return documentList, nil
+}
+
+// getKubeKind unmarshals a kube YAML document and returns its kind.
+func getKubeKind(obj []byte) (string, error) {
+ var kubeObject v1.ObjectReference
+
+ if err := yaml.Unmarshal(obj, &kubeObject); err != nil {
+ return "", err
+ }
+
+ return kubeObject.Kind, nil
+}
diff --git a/pkg/domain/infra/abi/play_test.go b/pkg/domain/infra/abi/play_test.go
index 4354a3835..bbc7c3493 100644
--- a/pkg/domain/infra/abi/play_test.go
+++ b/pkg/domain/infra/abi/play_test.go
@@ -89,3 +89,100 @@ data:
})
}
}
+
+func TestGetKubeKind(t *testing.T) {
+ tests := []struct {
+ name string
+ kubeYAML string
+ expectError bool
+ expectedErrorMsg string
+ expected string
+ }{
+ {
+ "ValidKubeYAML",
+ `
+apiVersion: v1
+kind: Pod
+`,
+ false,
+ "",
+ "Pod",
+ },
+ {
+ "InvalidKubeYAML",
+ "InvalidKubeYAML",
+ true,
+ "cannot unmarshal",
+ "",
+ },
+ }
+
+ for _, test := range tests {
+ test := test
+ t.Run(test.name, func(t *testing.T) {
+ kind, err := getKubeKind([]byte(test.kubeYAML))
+ if test.expectError {
+ assert.Error(t, err)
+ assert.Contains(t, err.Error(), test.expectedErrorMsg)
+ } else {
+ assert.NoError(t, err)
+ assert.Equal(t, test.expected, kind)
+ }
+ })
+ }
+}
+
+func TestSplitMultiDocYAML(t *testing.T) {
+ tests := []struct {
+ name string
+ kubeYAML string
+ expectError bool
+ expectedErrorMsg string
+ expected int
+ }{
+ {
+ "ValidNumberOfDocs",
+ `
+apiVersion: v1
+kind: Pod
+---
+apiVersion: v1
+kind: Pod
+---
+apiVersion: v1
+kind: Pod
+`,
+ false,
+ "",
+ 3,
+ },
+ {
+ "InvalidMultiDocYAML",
+ `
+apiVersion: v1
+kind: Pod
+---
+apiVersion: v1
+kind: Pod
+-
+`,
+ true,
+ "multi doc yaml could not be split",
+ 0,
+ },
+ }
+
+ for _, test := range tests {
+ test := test
+ t.Run(test.name, func(t *testing.T) {
+ docs, err := splitMultiDocYAML([]byte(test.kubeYAML))
+ if test.expectError {
+ assert.Error(t, err)
+ assert.Contains(t, err.Error(), test.expectedErrorMsg)
+ } else {
+ assert.NoError(t, err)
+ assert.Equal(t, test.expected, len(docs))
+ }
+ })
+ }
+}
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 9cfda0e75..1c53307bd 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -155,6 +155,23 @@ var _ = Describe("Podman generate kube", func() {
Expect(numContainers).To(Equal(1))
})
+ It("podman generate kube multiple pods", func() {
+ pod1 := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:pod1", ALPINE, "top"})
+ pod1.WaitWithDefaultTimeout()
+ Expect(pod1.ExitCode()).To(Equal(0))
+
+ pod2 := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:pod2", ALPINE, "top"})
+ pod2.WaitWithDefaultTimeout()
+ Expect(pod2.ExitCode()).To(Equal(0))
+
+ kube := podmanTest.Podman([]string{"generate", "kube", "pod1", "pod2"})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ Expect(string(kube.Out.Contents())).To(ContainSubstring(`name: pod1`))
+ Expect(string(kube.Out.Contents())).To(ContainSubstring(`name: pod2`))
+ })
+
It("podman generate kube on pod with host network", func() {
podSession := podmanTest.Podman([]string{"pod", "create", "--name", "testHostNetwork", "--network", "host"})
podSession.WaitWithDefaultTimeout()
@@ -537,21 +554,6 @@ var _ = Describe("Podman generate kube", func() {
Expect(inspect.OutputToString()).To(ContainSubstring(`"pid"`))
})
- It("podman generate kube multiple pods should fail", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
- pod1 := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:pod1", ALPINE, "top"})
- pod1.WaitWithDefaultTimeout()
- Expect(pod1.ExitCode()).To(Equal(0))
-
- pod2 := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:pod2", ALPINE, "top"})
- pod2.WaitWithDefaultTimeout()
- Expect(pod2.ExitCode()).To(Equal(0))
-
- kube := podmanTest.Podman([]string{"generate", "kube", "pod1", "pod2"})
- kube.WaitWithDefaultTimeout()
- Expect(kube.ExitCode()).ToNot(Equal(0))
- })
-
It("podman generate kube with pods and containers should fail", func() {
pod1 := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:pod1", ALPINE, "top"})
pod1.WaitWithDefaultTimeout()
@@ -594,7 +596,7 @@ var _ = Describe("Podman generate kube", func() {
Expect(kube.ExitCode()).To(Equal(0))
})
- It("podman generate kube with containers in a pod should fail", func() {
+ It("podman generate kube with containers in pods should fail", func() {
pod1 := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:pod1", "--name", "top1", ALPINE, "top"})
pod1.WaitWithDefaultTimeout()
Expect(pod1.ExitCode()).To(Equal(0))
@@ -603,7 +605,7 @@ var _ = Describe("Podman generate kube", func() {
pod2.WaitWithDefaultTimeout()
Expect(pod2.ExitCode()).To(Equal(0))
- kube := podmanTest.Podman([]string{"generate", "kube", "pod1", "pod2"})
+ kube := podmanTest.Podman([]string{"generate", "kube", "top1", "top2"})
kube.WaitWithDefaultTimeout()
Expect(kube.ExitCode()).ToNot(Equal(0))
})
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 9260d6cd2..cc4450379 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -357,7 +357,8 @@ func writeYaml(content string, fileName string) error {
return nil
}
-func generateKubeYaml(kind string, object interface{}, pathname string) error {
+// getKubeYaml returns a kubernetes YAML document.
+func getKubeYaml(kind string, object interface{}) (string, error) {
var yamlTemplate string
templateBytes := &bytes.Buffer{}
@@ -369,19 +370,41 @@ func generateKubeYaml(kind string, object interface{}, pathname string) error {
case "deployment":
yamlTemplate = deploymentYamlTemplate
default:
- return fmt.Errorf("unsupported kubernetes kind")
+ return "", fmt.Errorf("unsupported kubernetes kind")
}
t, err := template.New(kind).Parse(yamlTemplate)
if err != nil {
- return err
+ return "", err
}
if err := t.Execute(templateBytes, object); err != nil {
+ return "", err
+ }
+
+ return templateBytes.String(), nil
+}
+
+// generateKubeYaml writes a kubernetes YAML document.
+func generateKubeYaml(kind string, object interface{}, pathname string) error {
+ k, err := getKubeYaml(kind, object)
+ if err != nil {
return err
}
- return writeYaml(templateBytes.String(), pathname)
+ return writeYaml(k, pathname)
+}
+
+// generateMultiDocKubeYaml writes multiple kube objects in one Yaml document.
+func generateMultiDocKubeYaml(kubeObjects []string, pathname string) error {
+ var multiKube string
+
+ for _, k := range kubeObjects {
+ multiKube += "---\n"
+ multiKube += k
+ }
+
+ return writeYaml(multiKube, pathname)
}
// ConfigMap describes the options a kube yaml can be configured at configmap level
@@ -1698,4 +1721,102 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`})
Expect(inspect.ExitCode()).To(Equal(0))
Expect(inspect.OutputToString()).To(Equal("true"))
})
+
+ // Multi doc related tests
+ It("podman play kube multi doc yaml", func() {
+ yamlDocs := []string{}
+ podNames := []string{}
+
+ serviceTemplate := `apiVersion: v1
+kind: Service
+metadata:
+ name: %s
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ targetPort: 9376
+ selector:
+ app: %s
+`
+ // generate servies, pods and deployments
+ for i := 0; i < 2; i++ {
+ podName := fmt.Sprintf("testPod%d", i)
+ deploymentName := fmt.Sprintf("testDeploy%d", i)
+ deploymentPodName := fmt.Sprintf("%s-pod-0", deploymentName)
+
+ podNames = append(podNames, podName)
+ podNames = append(podNames, deploymentPodName)
+
+ pod := getPod(withPodName(podName))
+ podDeployment := getPod(withPodName(deploymentName))
+ deployment := getDeployment(withPod(podDeployment))
+ deployment.Name = deploymentName
+
+ // add services
+ yamlDocs = append([]string{
+ fmt.Sprintf(serviceTemplate, podName, podName),
+ fmt.Sprintf(serviceTemplate, deploymentPodName, deploymentPodName)}, yamlDocs...)
+
+ // add pods
+ k, err := getKubeYaml("pod", pod)
+ Expect(err).To(BeNil())
+ yamlDocs = append(yamlDocs, k)
+
+ // add deployments
+ k, err = getKubeYaml("deployment", deployment)
+ Expect(err).To(BeNil())
+ yamlDocs = append(yamlDocs, k)
+ }
+
+ // generate multi doc yaml
+ err = generateMultiDocKubeYaml(yamlDocs, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ for _, n := range podNames {
+ inspect := podmanTest.Podman([]string{"inspect", n, "--format", "'{{ .State }}'"})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.OutputToString()).To(ContainSubstring(`Running`))
+ }
+ })
+
+ It("podman play kube invalid multi doc yaml", func() {
+ yamlDocs := []string{}
+
+ serviceTemplate := `apiVersion: v1
+kind: Service
+metadata:
+ name: %s
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ targetPort: 9376
+ selector:
+ app: %s
+---
+invalid kube kind
+`
+ // add invalid multi doc yaml
+ yamlDocs = append(yamlDocs, fmt.Sprintf(serviceTemplate, "foo", "foo"))
+
+ // add pod
+ pod := getPod()
+ k, err := getKubeYaml("pod", pod)
+ Expect(err).To(BeNil())
+ yamlDocs = append(yamlDocs, k)
+
+ // generate multi doc yaml
+ err = generateMultiDocKubeYaml(yamlDocs, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Not(Equal(0)))
+ })
})
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index 454dfdc83..85a4d6d52 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -643,4 +643,30 @@ VOLUME /test/`
found, _ = session.GrepString("888:888")
Expect(found).Should(BeTrue())
})
+
+ It("volume permissions after run", func() {
+ imgName := "testimg"
+ dockerfile := `FROM fedora-minimal
+RUN useradd -m testuser -u 1005
+USER testuser`
+ podmanTest.BuildImage(dockerfile, imgName, "false")
+
+ testString := "testuser testuser"
+
+ test1 := podmanTest.Podman([]string{"run", "-v", "testvol1:/test", imgName, "bash", "-c", "ls -al /test | grep -v root | grep -v total"})
+ test1.WaitWithDefaultTimeout()
+ Expect(test1.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(test1.OutputToString(), testString)).To(BeTrue())
+
+ volName := "testvol2"
+ vol := podmanTest.Podman([]string{"volume", "create", volName})
+ vol.WaitWithDefaultTimeout()
+ Expect(vol.ExitCode()).To(Equal(0))
+
+ test2 := podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:/test", volName), imgName, "bash", "-c", "ls -al /test | grep -v root | grep -v total"})
+ test2.WaitWithDefaultTimeout()
+ Expect(test2.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(test2.OutputToString(), testString)).To(BeTrue())
+
+ })
})
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index b2999a9e7..39ade22af 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -668,4 +668,15 @@ json-file | f
is "$output" ".*HOME=/.*"
}
+@test "podman run --tty -i failure with no tty" {
+ run_podman run --tty -i --rm $IMAGE echo hello < /dev/null
+ is "$output" ".*The input device is not a TTY.*"
+
+ run_podman run --tty=false -i --rm $IMAGE echo hello < /dev/null
+ is "$output" "hello"
+
+ run_podman run --tty -i=false --rm $IMAGE echo hello < /dev/null
+ is "$output" "hello"
+}
+
# vim: filetype=sh
diff --git a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
index 78be4d158..ccdcde877 100644
--- a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
+++ b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
@@ -7,6 +7,7 @@ package capabilities
import (
"strings"
+ "sync"
"github.com/pkg/errors"
"github.com/syndtr/gocapability/capability"
@@ -27,7 +28,7 @@ var (
ContainerImageLabels = []string{"io.containers.capabilities"}
)
-// All is a special value used to add/drop all known capababilities.
+// All is a special value used to add/drop all known capabilities.
// Useful on the CLI for `--cap-add=all` etc.
const All = "ALL"
@@ -60,24 +61,36 @@ func stringInSlice(s string, sl []string) bool {
return false
}
+var (
+ boundingSetOnce sync.Once
+ boundingSetRet []string
+ boundingSetErr error
+)
+
// BoundingSet returns the capabilities in the current bounding set
func BoundingSet() ([]string, error) {
- currentCaps, err := capability.NewPid2(0)
- if err != nil {
- return nil, err
- }
- err = currentCaps.Load()
- if err != nil {
- return nil, err
- }
- var r []string
- for _, c := range capsList {
- if !currentCaps.Get(capability.BOUNDING, c) {
- continue
+ boundingSetOnce.Do(func() {
+ currentCaps, err := capability.NewPid2(0)
+ if err != nil {
+ boundingSetErr = err
+ return
}
- r = append(r, getCapName(c))
- }
- return r, nil
+ err = currentCaps.Load()
+ if err != nil {
+ boundingSetErr = err
+ return
+ }
+ var r []string
+ for _, c := range capsList {
+ if !currentCaps.Get(capability.BOUNDING, c) {
+ continue
+ }
+ r = append(r, getCapName(c))
+ }
+ boundingSetRet = r
+ boundingSetErr = err
+ })
+ return boundingSetRet, boundingSetErr
}
// AllCapabilities returns all known capabilities.
@@ -116,7 +129,7 @@ func ValidateCapabilities(caps []string) error {
return nil
}
-// MergeCapabilities computes a set of capabilities by adding capapbitilities
+// MergeCapabilities computes a set of capabilities by adding capabilities
// to or dropping them from base.
//
// Note that:
@@ -150,7 +163,7 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) {
if stringInSlice(All, capAdd) {
// "Add" all capabilities;
- return capabilityList, nil
+ return BoundingSet()
}
for _, add := range capAdd {
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 9199a6286..4c55af5c1 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -45,7 +45,7 @@ var (
// DefaultInitPath is the default path to the container-init binary
DefaultInitPath = "/usr/libexec/podman/catatonit"
// DefaultInfraImage to use for infra container
- DefaultInfraImage = "k8s.gcr.io/pause:3.4.1"
+ DefaultInfraImage = "k8s.gcr.io/pause:3.5"
// DefaultRootlessSHMLockPath is the default path for rootless SHM locks
DefaultRootlessSHMLockPath = "/libpod_rootless_lock"
// DefaultDetachKeys is the default keys sequence for detaching a
diff --git a/vendor/github.com/containers/common/pkg/seccomp/supported.go b/vendor/github.com/containers/common/pkg/seccomp/supported.go
index e04324c8a..86e1b66bb 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/supported.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/supported.go
@@ -3,72 +3,47 @@
package seccomp
import (
- "bufio"
- "errors"
- "os"
- "strings"
+ "sync"
- perrors "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
-const statusFilePath = "/proc/self/status"
+var (
+ supported bool
+ supOnce sync.Once
+)
// IsSupported returns true if the system has been configured to support
-// seccomp.
+// seccomp (including the check for CONFIG_SECCOMP_FILTER kernel option).
func IsSupported() bool {
- // Since Linux 3.8, the Seccomp field of the /proc/[pid]/status file
- // provides a method of obtaining the same information, without the risk
- // that the process is killed; see proc(5).
- status, err := parseStatusFile(statusFilePath)
- if err == nil {
- _, ok := status["Seccomp"]
- return ok
- }
-
- // PR_GET_SECCOMP (since Linux 2.6.23)
- // Return (as the function result) the secure computing mode of the calling
- // thread. If the caller is not in secure computing mode, this operation
- // returns 0; if the caller is in strict secure computing mode, then the
- // prctl() call will cause a SIGKILL signal to be sent to the process. If
- // the caller is in filter mode, and this system call is allowed by the
- // seccomp filters, it returns 2; otherwise, the process is killed with a
- // SIGKILL signal. This operation is available only if the kernel is
- // configured with CONFIG_SECCOMP enabled.
- if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); !errors.Is(err, unix.EINVAL) {
- // Make sure the kernel has CONFIG_SECCOMP_FILTER.
- if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); !errors.Is(err, unix.EINVAL) {
- return true
- }
- }
-
- return false
-}
-
-// parseStatusFile reads the provided `file` into a map of strings.
-func parseStatusFile(file string) (map[string]string, error) {
- f, err := os.Open(file)
- if err != nil {
- return nil, perrors.Wrapf(err, "open status file %s", file)
- }
- defer f.Close()
-
- status := make(map[string]string)
- scanner := bufio.NewScanner(f)
- for scanner.Scan() {
- text := scanner.Text()
- parts := strings.SplitN(text, ":", 2)
-
- if len(parts) <= 1 {
- continue
- }
-
- status[strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1])
- }
-
- if err := scanner.Err(); err != nil {
- return nil, perrors.Wrapf(err, "scan status file %s", file)
- }
-
- return status, nil
+ // Excerpts from prctl(2), section ERRORS:
+ //
+ // EACCES
+ // option is PR_SET_SECCOMP and arg2 is SECCOMP_MODE_FILTER, but
+ // the process does not have the CAP_SYS_ADMIN capability or has
+ // not set the no_new_privs attribute <...>.
+ // <...>
+ // EFAULT
+ // option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER, the
+ // system was built with CONFIG_SECCOMP_FILTER, and arg3 is an
+ // invalid address.
+ // <...>
+ // EINVAL
+ // option is PR_SET_SECCOMP or PR_GET_SECCOMP, and the kernel
+ // was not configured with CONFIG_SECCOMP.
+ //
+ // EINVAL
+ // option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER,
+ // and the kernel was not configured with CONFIG_SECCOMP_FILTER.
+ // <end of quote>
+ //
+ // Meaning, in case these kernel options are set (this is what we check
+ // for here), we will get some other error (most probably EACCES or
+ // EFAULT). IOW, EINVAL means "seccomp not supported", any other error
+ // means it is supported.
+
+ supOnce.Do(func() {
+ supported = unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0) != unix.EINVAL
+ })
+ return supported
}
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index afe620231..94f2048f3 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.35.3"
+const Version = "0.35.4"
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index cfc730712..450a687b2 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.28.0
+1.28.1
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index 254fd5fab..864da844b 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -30,7 +30,9 @@ import (
"github.com/containers/storage/pkg/system"
"github.com/containers/storage/pkg/unshare"
units "github.com/docker/go-units"
+ "github.com/hashicorp/go-multierror"
rsystem "github.com/opencontainers/runc/libcontainer/system"
+ "github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -43,7 +45,10 @@ var (
untar = chrootarchive.UntarUncompressed
)
-const defaultPerms = os.FileMode(0555)
+const (
+ defaultPerms = os.FileMode(0555)
+ selinuxLabelTest = "system_u:object_r:container_file_t:s0"
+)
// This backend uses the overlay union filesystem for containers
// with diff directories for each layer.
@@ -539,6 +544,12 @@ func supportsOverlay(home string, homeMagic graphdriver.FsMagic, rootUID, rootGI
_ = idtools.MkdirAs(upperDir, 0700, rootUID, rootGID)
_ = idtools.MkdirAs(workDir, 0700, rootUID, rootGID)
flags := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", lower1Dir, lower2Dir, upperDir, workDir)
+ if selinux.GetEnabled() {
+ // Linux 5.11 introduced unprivileged overlay mounts but it has an issue
+ // when used together with selinux labels.
+ // Check that overlay supports selinux labels as well.
+ flags = label.FormatMountLabel(flags, selinuxLabelTest)
+ }
if len(flags) < unix.Getpagesize() {
err := unix.Mount("overlay", mergedDir, "overlay", 0, flags)
if err == nil {
@@ -548,6 +559,9 @@ func supportsOverlay(home string, homeMagic graphdriver.FsMagic, rootUID, rootGI
logrus.Debugf("overlay test mount with multiple lowers failed %v", err)
}
flags = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lower1Dir, upperDir, workDir)
+ if selinux.GetEnabled() {
+ flags = label.FormatMountLabel(flags, selinuxLabelTest)
+ }
if len(flags) < unix.Getpagesize() {
err := unix.Mount("overlay", mergedDir, "overlay", 0, flags)
if err == nil {
@@ -824,7 +838,17 @@ func (d *Driver) getLower(parent string) (string, error) {
// Read Parent link fileA
parentLink, err := ioutil.ReadFile(path.Join(parentDir, "link"))
if err != nil {
- return "", err
+ if !os.IsNotExist(err) {
+ return "", err
+ }
+ logrus.Warnf("Can't read parent link %q because it does not exist. Going through storage to recreate the missing links.", path.Join(parentDir, "link"))
+ if err := d.recreateSymlinks(); err != nil {
+ return "", errors.Wrap(err, "error recreating the links")
+ }
+ parentLink, err = ioutil.ReadFile(path.Join(parentDir, "link"))
+ if err != nil {
+ return "", err
+ }
}
lowers := []string{path.Join(linkDir, string(parentLink))}
@@ -946,6 +970,7 @@ func (d *Driver) recreateSymlinks() error {
if err != nil {
return fmt.Errorf("error reading driver home directory %q: %v", d.home, err)
}
+ linksDir := filepath.Join(d.home, "l")
// This makes the link directory if it doesn't exist
rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
if err != nil {
@@ -954,28 +979,80 @@ func (d *Driver) recreateSymlinks() error {
if err := idtools.MkdirAllAs(path.Join(d.home, linkDir), 0700, rootUID, rootGID); err != nil {
return err
}
- for _, dir := range dirs {
- // Skip over the linkDir and anything that is not a directory
- if dir.Name() == linkDir || !dir.Mode().IsDir() {
- continue
+ // Keep looping as long as we take some corrective action in each iteration
+ var errs *multierror.Error
+ madeProgress := true
+ for madeProgress {
+ errs = nil
+ madeProgress = false
+ // Check that for each layer, there's a link in "l" with the name in
+ // the layer's "link" file that points to the layer's "diff" directory.
+ for _, dir := range dirs {
+ // Skip over the linkDir and anything that is not a directory
+ if dir.Name() == linkDir || !dir.Mode().IsDir() {
+ continue
+ }
+ // Read the "link" file under each layer to get the name of the symlink
+ data, err := ioutil.ReadFile(path.Join(d.dir(dir.Name()), "link"))
+ if err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "error reading name of symlink for %q", dir))
+ continue
+ }
+ linkPath := path.Join(d.home, linkDir, strings.Trim(string(data), "\n"))
+ // Check if the symlink exists, and if it doesn't, create it again with the
+ // name we got from the "link" file
+ _, err = os.Lstat(linkPath)
+ if err != nil && os.IsNotExist(err) {
+ if err := os.Symlink(path.Join("..", dir.Name(), "diff"), linkPath); err != nil {
+ errs = multierror.Append(errs, err)
+ continue
+ }
+ madeProgress = true
+ } else if err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "error trying to stat %q", linkPath))
+ continue
+ }
}
- // Read the "link" file under each layer to get the name of the symlink
- data, err := ioutil.ReadFile(path.Join(d.dir(dir.Name()), "link"))
+ // Now check if we somehow lost a "link" file, by making sure
+ // that each symlink we have corresponds to one.
+ links, err := ioutil.ReadDir(linksDir)
if err != nil {
- return fmt.Errorf("error reading name of symlink for %q: %v", dir, err)
- }
- linkPath := path.Join(d.home, linkDir, strings.Trim(string(data), "\n"))
- // Check if the symlink exists, and if it doesn't create it again with the name we
- // got from the "link" file
- _, err = os.Stat(linkPath)
- if err != nil && os.IsNotExist(err) {
- if err := os.Symlink(path.Join("..", dir.Name(), "diff"), linkPath); err != nil {
- return err
+ errs = multierror.Append(errs, errors.Wrapf(err, "error reading links directory %q", linksDir))
+ continue
+ }
+ // Go through all of the symlinks in the "l" directory
+ for _, link := range links {
+ // Read the symlink's target, which should be "../$layer/diff"
+ target, err := os.Readlink(filepath.Join(linksDir, link.Name()))
+ if err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "error reading target of link %q", link))
+ continue
+ }
+ targetComponents := strings.Split(target, string(os.PathSeparator))
+ if len(targetComponents) != 3 || targetComponents[0] != ".." || targetComponents[2] != "diff" {
+ errs = multierror.Append(errs, errors.Errorf("link target of %q looks weird: %q", link, target))
+ // force the link to be recreated on the next pass
+ os.Remove(filepath.Join(linksDir, link.Name()))
+ madeProgress = true
+ continue
+ }
+ // Reconstruct the name of the target's link file and check that
+ // it has the basename of our symlink in it.
+ targetID := targetComponents[1]
+ linkFile := filepath.Join(d.dir(targetID), "link")
+ data, err := ioutil.ReadFile(linkFile)
+ if err != nil || string(data) != link.Name() {
+ if err := ioutil.WriteFile(linkFile, []byte(link.Name()), 0644); err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "error correcting link for layer %q", targetID))
+ continue
+ }
+ madeProgress = true
}
- } else if err != nil {
- return fmt.Errorf("error trying to stat %q: %v", linkPath, err)
}
}
+ if errs != nil {
+ return errs.ErrorOrNil()
+ }
return nil
}
@@ -1032,7 +1109,17 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
// lists that we're building. "diff" itself is the upper, so it won't be in the lists.
link, err := ioutil.ReadFile(path.Join(dir, "link"))
if err != nil {
- return "", err
+ if !os.IsNotExist(err) {
+ return "", err
+ }
+ logrus.Warnf("Can't read parent link %q because it does not exist. Going through storage to recreate the missing links.", path.Join(dir, "link"))
+ if err := d.recreateSymlinks(); err != nil {
+ return "", errors.Wrap(err, "error recreating the links")
+ }
+ link, err = ioutil.ReadFile(path.Join(dir, "link"))
+ if err != nil {
+ return "", err
+ }
}
diffN := 1
perms := defaultPerms
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
index 61935457a..1f25390e0 100644
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@@ -23,6 +23,7 @@ require (
github.com/stretchr/testify v1.7.0
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
github.com/tchap/go-patricia v2.3.0+incompatible
+ github.com/ulikunitz/xz v0.5.10
github.com/vbatts/tar-split v0.11.1
golang.org/x/net v0.0.0-20201224014010-6772e930b67b
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
index fb3c08e0d..d5f2c41fa 100644
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@@ -476,6 +476,8 @@ github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmD
github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
+github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go
index 400a012ea..1d21471eb 100644
--- a/vendor/github.com/containers/storage/pkg/archive/archive.go
+++ b/vendor/github.com/containers/storage/pkg/archive/archive.go
@@ -9,7 +9,6 @@ import (
"io"
"io/ioutil"
"os"
- "os/exec"
"path/filepath"
"runtime"
"strings"
@@ -18,7 +17,6 @@ import (
"github.com/containers/storage/pkg/fileutils"
"github.com/containers/storage/pkg/idtools"
- "github.com/containers/storage/pkg/ioutils"
"github.com/containers/storage/pkg/pools"
"github.com/containers/storage/pkg/promise"
"github.com/containers/storage/pkg/system"
@@ -26,6 +24,7 @@ import (
rsystem "github.com/opencontainers/runc/libcontainer/system"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
+ "github.com/ulikunitz/xz"
)
type (
@@ -173,12 +172,6 @@ func DetectCompression(source []byte) Compression {
return Uncompressed
}
-func xzDecompress(archive io.Reader) (io.ReadCloser, <-chan struct{}, error) {
- args := []string{"xz", "-d", "-c", "-q"}
-
- return cmdStream(exec.Command(args[0], args[1:]...), archive)
-}
-
// DecompressStream decompresses the archive and returns a ReaderCloser with the decompressed archive.
func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
p := pools.BufioReader32KPool
@@ -211,15 +204,12 @@ func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
readBufWrapper := p.NewReadCloserWrapper(buf, bz2Reader)
return readBufWrapper, nil
case Xz:
- xzReader, chdone, err := xzDecompress(buf)
+ xzReader, err := xz.NewReader(buf)
if err != nil {
return nil, err
}
readBufWrapper := p.NewReadCloserWrapper(buf, xzReader)
- return ioutils.NewReadCloserWrapper(readBufWrapper, func() error {
- <-chdone
- return readBufWrapper.Close()
- }), nil
+ return readBufWrapper, nil
case Zstd:
return zstdReader(buf)
default:
@@ -1319,35 +1309,6 @@ func remapIDs(readIDMappings, writeIDMappings *idtools.IDMappings, chownOpts *id
return nil
}
-// cmdStream executes a command, and returns its stdout as a stream.
-// If the command fails to run or doesn't complete successfully, an error
-// will be returned, including anything written on stderr.
-func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, <-chan struct{}, error) {
- chdone := make(chan struct{})
- cmd.Stdin = input
- pipeR, pipeW := io.Pipe()
- cmd.Stdout = pipeW
- var errBuf bytes.Buffer
- cmd.Stderr = &errBuf
-
- // Run the command and return the pipe
- if err := cmd.Start(); err != nil {
- return nil, nil, err
- }
-
- // Copy stdout to the returned pipe
- go func() {
- if err := cmd.Wait(); err != nil {
- pipeW.CloseWithError(fmt.Errorf("%s: %s", err, errBuf.String()))
- } else {
- pipeW.Close()
- }
- close(chdone)
- }()
-
- return pipeR, chdone, nil
-}
-
// NewTempArchive reads the content of src into a temporary file, and returns the contents
// of that file as an archive. The archive can only be read once - as soon as reading completes,
// the file will be deleted.
diff --git a/vendor/github.com/ulikunitz/xz/LICENSE b/vendor/github.com/ulikunitz/xz/LICENSE
index d32149979..009b84870 100644
--- a/vendor/github.com/ulikunitz/xz/LICENSE
+++ b/vendor/github.com/ulikunitz/xz/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2014-2020 Ulrich Kunitz
+Copyright (c) 2014-2021 Ulrich Kunitz
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/vendor/github.com/ulikunitz/xz/TODO.md b/vendor/github.com/ulikunitz/xz/TODO.md
index 88c7341c8..594e0c7fe 100644
--- a/vendor/github.com/ulikunitz/xz/TODO.md
+++ b/vendor/github.com/ulikunitz/xz/TODO.md
@@ -86,6 +86,14 @@
## Log
+### 2021-02-02
+
+Mituo Heijo has fuzzed xz and found a bug in the function readIndexBody. The
+function allocated a slice of records immediately after reading the value
+without further checks. Since the number has been too large the make function
+did panic. The fix is to check the number against the expected number of records
+before allocating the records.
+
### 2020-12-17
Release v0.5.9 fixes warnings, a typo and adds SECURITY.md.
diff --git a/vendor/github.com/ulikunitz/xz/bits.go b/vendor/github.com/ulikunitz/xz/bits.go
index dc8f32860..e48450c2c 100644
--- a/vendor/github.com/ulikunitz/xz/bits.go
+++ b/vendor/github.com/ulikunitz/xz/bits.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/crc.go b/vendor/github.com/ulikunitz/xz/crc.go
index 638774ada..a5c57fb61 100644
--- a/vendor/github.com/ulikunitz/xz/crc.go
+++ b/vendor/github.com/ulikunitz/xz/crc.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/format.go b/vendor/github.com/ulikunitz/xz/format.go
index 84b58c9dd..c98c12dfd 100644
--- a/vendor/github.com/ulikunitz/xz/format.go
+++ b/vendor/github.com/ulikunitz/xz/format.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
@@ -662,7 +662,7 @@ func writeIndex(w io.Writer, index []record) (n int64, err error) {
// readIndexBody reads the index from the reader. It assumes that the
// index indicator has already been read.
-func readIndexBody(r io.Reader) (records []record, n int64, err error) {
+func readIndexBody(r io.Reader, expectedRecordLen int) (records []record, n int64, err error) {
crc := crc32.NewIEEE()
// index indicator
crc.Write([]byte{0})
@@ -679,6 +679,11 @@ func readIndexBody(r io.Reader) (records []record, n int64, err error) {
if recLen < 0 || uint64(recLen) != u {
return nil, n, errors.New("xz: record number overflow")
}
+ if recLen != expectedRecordLen {
+ return nil, n, fmt.Errorf(
+ "xz: index length is %d; want %d",
+ recLen, expectedRecordLen)
+ }
// list of records
records = make([]record, recLen)
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go b/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go
index f2861ba3f..f723cf252 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/doc.go b/vendor/github.com/ulikunitz/xz/internal/hash/doc.go
index e28d23be4..cc60a6b5c 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/doc.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/doc.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go b/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go
index b8e66d972..c6432913f 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/roller.go b/vendor/github.com/ulikunitz/xz/internal/hash/roller.go
index 34c81b38a..f1de88b44 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/roller.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/roller.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go b/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go
index 678b5a058..6c20c77ba 100644
--- a/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go
+++ b/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/bintree.go b/vendor/github.com/ulikunitz/xz/lzma/bintree.go
index 527ea19a7..2a7bd19ec 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/bintree.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/bintree.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/bitops.go b/vendor/github.com/ulikunitz/xz/lzma/bitops.go
index d4309f97e..d2c07e8c9 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/bitops.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/bitops.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/breader.go b/vendor/github.com/ulikunitz/xz/lzma/breader.go
index 4ad09a14e..939be8845 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/breader.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/breader.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/buffer.go b/vendor/github.com/ulikunitz/xz/lzma/buffer.go
index 9cb7838ac..2761de5f0 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/buffer.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/buffer.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go b/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go
index 290606ddc..040874c1a 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/decoder.go b/vendor/github.com/ulikunitz/xz/lzma/decoder.go
index 4b820792a..cbb943a06 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/decoder.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/decoder.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go b/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go
index dd44e6625..8cd616ef9 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/directcodec.go b/vendor/github.com/ulikunitz/xz/lzma/directcodec.go
index 064642831..20b256a9d 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/directcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/directcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/distcodec.go b/vendor/github.com/ulikunitz/xz/lzma/distcodec.go
index 9ed486d27..60ed9aef1 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/distcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/distcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/encoder.go b/vendor/github.com/ulikunitz/xz/lzma/encoder.go
index 59055eb64..5ed057a71 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/encoder.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/encoder.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go b/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go
index c36308d7c..056f89757 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/hashtable.go b/vendor/github.com/ulikunitz/xz/lzma/hashtable.go
index e82970eac..0fb7910bc 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/hashtable.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/hashtable.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/header.go b/vendor/github.com/ulikunitz/xz/lzma/header.go
index cda39462c..04276c816 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/header.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/header.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/header2.go b/vendor/github.com/ulikunitz/xz/lzma/header2.go
index ffeca35c3..be54dd85f 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/header2.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/header2.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go b/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go
index 35b064064..6e0edfc8c 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go b/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go
index 7b1ad1d9b..0bfc763ce 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go b/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go
index 7d03ec0dc..96ebda0fd 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/operation.go b/vendor/github.com/ulikunitz/xz/lzma/operation.go
index 2f9b78ea5..026ce48af 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/operation.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/operation.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/prob.go b/vendor/github.com/ulikunitz/xz/lzma/prob.go
index 6987a166f..9a2648e0f 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/prob.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/prob.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/properties.go b/vendor/github.com/ulikunitz/xz/lzma/properties.go
index 662feba87..f229fc9fe 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/properties.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/properties.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go b/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go
index 7b299abfe..57f1ab904 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/reader.go b/vendor/github.com/ulikunitz/xz/lzma/reader.go
index 7b7eef31f..2ed13c886 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/reader.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/reader.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/reader2.go b/vendor/github.com/ulikunitz/xz/lzma/reader2.go
index e34c23f9c..de3da37ee 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/reader2.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/reader2.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/state.go b/vendor/github.com/ulikunitz/xz/lzma/state.go
index fbe3a3942..09d62f7d9 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/state.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/state.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go b/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go
index 1cb3596fe..6e927e935 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/writer.go b/vendor/github.com/ulikunitz/xz/lzma/writer.go
index 5803ecca9..d0d220fe1 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/writer.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/writer.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzma/writer2.go b/vendor/github.com/ulikunitz/xz/lzma/writer2.go
index c263b0666..dfaaec95b 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/writer2.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/writer2.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/lzmafilter.go b/vendor/github.com/ulikunitz/xz/lzmafilter.go
index 6f4aa2c09..4f1bb3393 100644
--- a/vendor/github.com/ulikunitz/xz/lzmafilter.go
+++ b/vendor/github.com/ulikunitz/xz/lzmafilter.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/none-check.go b/vendor/github.com/ulikunitz/xz/none-check.go
index e12d8e476..95240135d 100644
--- a/vendor/github.com/ulikunitz/xz/none-check.go
+++ b/vendor/github.com/ulikunitz/xz/none-check.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/github.com/ulikunitz/xz/reader.go b/vendor/github.com/ulikunitz/xz/reader.go
index 795858914..7f974ffc5 100644
--- a/vendor/github.com/ulikunitz/xz/reader.go
+++ b/vendor/github.com/ulikunitz/xz/reader.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
@@ -160,17 +160,14 @@ func (c ReaderConfig) newStreamReader(xz io.Reader) (r *streamReader, err error)
// readTail reads the index body and the xz footer.
func (r *streamReader) readTail() error {
- index, n, err := readIndexBody(r.xz)
+ index, n, err := readIndexBody(r.xz, len(r.index))
if err != nil {
if err == io.EOF {
err = io.ErrUnexpectedEOF
}
return err
}
- if len(index) != len(r.index) {
- return fmt.Errorf("xz: index length is %d; want %d",
- len(index), len(r.index))
- }
+
for i, rec := range r.index {
if rec != index[i] {
return fmt.Errorf("xz: record %d is %v; want %v",
diff --git a/vendor/github.com/ulikunitz/xz/writer.go b/vendor/github.com/ulikunitz/xz/writer.go
index a9ed44912..6b3a66620 100644
--- a/vendor/github.com/ulikunitz/xz/writer.go
+++ b/vendor/github.com/ulikunitz/xz/writer.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2019 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 0b2fca535..eb58bd54f 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -93,7 +93,7 @@ github.com/containers/buildah/pkg/parse
github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/util
-# github.com/containers/common v0.35.3
+# github.com/containers/common v0.35.4
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/apparmor/internal/supported
github.com/containers/common/pkg/auth
@@ -187,7 +187,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.28.0
+# github.com/containers/storage v1.28.1
github.com/containers/storage
github.com/containers/storage/drivers
github.com/containers/storage/drivers/aufs
@@ -570,7 +570,7 @@ github.com/uber/jaeger-client-go/thrift-gen/agent
github.com/uber/jaeger-client-go/thrift-gen/jaeger
github.com/uber/jaeger-client-go/thrift-gen/zipkincore
github.com/uber/jaeger-client-go/utils
-# github.com/ulikunitz/xz v0.5.9
+# github.com/ulikunitz/xz v0.5.10
github.com/ulikunitz/xz
github.com/ulikunitz/xz/internal/hash
github.com/ulikunitz/xz/internal/xlog