diff options
Diffstat (limited to 'vendor/github.com')
14 files changed, 153 insertions, 37 deletions
diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go index 769e5a9fa..4e0400d23 100644 --- a/vendor/github.com/containers/common/pkg/auth/auth.go +++ b/vendor/github.com/containers/common/pkg/auth/auth.go @@ -9,6 +9,7 @@ import ( "github.com/containers/image/v5/docker" "github.com/containers/image/v5/pkg/docker/config" + "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/types" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -33,9 +34,27 @@ func CheckAuthFile(authfile string) error { return nil } -// Login login to the server with creds from Stdin or CLI -func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, registry string) error { - server := getRegistryName(registry) +// Login implements a “log in” command with the provided opts and args +// reading the password from opts.Stdin or the options in opts. +func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, args []string) error { + var ( + server string + err error + ) + if len(args) > 1 { + return errors.Errorf("login accepts only one registry to login to") + } + if len(args) == 0 { + if !opts.AcceptUnspecifiedRegistry { + return errors.Errorf("please provide a registry to login to") + } + if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil { + return err + } + logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server) + } else { + server = getRegistryName(args[0]) + } authConfig, err := config.GetCredentials(systemContext, server) if err != nil { return errors.Wrapf(err, "error reading auth file") @@ -151,11 +170,29 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (stri return strings.TrimSpace(username), password, err } -// Logout removes the authentication of server from authfile -// removes all authtication if specifies all in the options -func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server string) error { - if server != "" { - server = getRegistryName(server) +// Logout implements a “log out” command with the provided opts and args +func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []string) error { + var ( + server string + err error + ) + if len(args) > 1 { + return errors.Errorf("logout accepts only one registry to logout from") + } + if len(args) == 0 && !opts.All { + if !opts.AcceptUnspecifiedRegistry { + return errors.Errorf("please provide a registry to logout from") + } + if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil { + return err + } + logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server) + } + if len(args) != 0 { + if opts.All { + return errors.Errorf("--all takes no arguments") + } + server = getRegistryName(args[0]) } if err := CheckAuthFile(opts.AuthFile); err != nil { return err @@ -169,7 +206,7 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri return nil } - err := config.RemoveAuthentication(systemContext, server) + err = config.RemoveAuthentication(systemContext, server) switch err { case nil: fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server) @@ -180,3 +217,16 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri return errors.Wrapf(err, "error logging out of %q", server) } } + +// defaultRegistryWhenUnspecified returns first registry from search list of registry.conf +// used by login/logout when registry argument is not specified +func defaultRegistryWhenUnspecified(systemContext *types.SystemContext) (string, error) { + registriesFromFile, err := sysregistriesv2.UnqualifiedSearchRegistries(systemContext) + if err != nil { + return "", errors.Wrapf(err, "error getting registry from registry.conf, please specify a registry") + } + if len(registriesFromFile) == 0 { + return "", errors.Errorf("no registries found in registries.conf, a registry must be provided") + } + return registriesFromFile[0], nil +} diff --git a/vendor/github.com/containers/common/pkg/auth/cli.go b/vendor/github.com/containers/common/pkg/auth/cli.go index dffd06718..3384b0731 100644 --- a/vendor/github.com/containers/common/pkg/auth/cli.go +++ b/vendor/github.com/containers/common/pkg/auth/cli.go @@ -9,22 +9,28 @@ import ( // LoginOptions represents common flags in login // caller should define bool or optionalBool fields for flags --get-login and --tls-verify type LoginOptions struct { + // CLI flags managed by the FlagSet returned by GetLoginFlags AuthFile string CertDir string - GetLoginSet bool Password string Username string StdinPassword bool - Stdin io.Reader - Stdout io.Writer + // Options caller can set + GetLoginSet bool // set to true if --get-login is explicitly set + Stdin io.Reader // set to os.Stdin + Stdout io.Writer // set to os.Stdout + AcceptUnspecifiedRegistry bool // set to true if allows login with unspecified registry } // LogoutOptions represents the results for flags in logout type LogoutOptions struct { + // CLI flags managed by the FlagSet returned by GetLogoutFlags AuthFile string All bool - Stdin io.Reader - Stdout io.Writer + // Options caller can set + Stdin io.Reader // set to os.Stdin + Stdout io.Writer // set to os.Stdout + AcceptUnspecifiedRegistry bool // set to true if allows logout with unspecified registry } // GetLoginFlags defines and returns login flags for containers tools diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 446382ac7..ec52ff706 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -105,6 +105,9 @@ const ( DefaultPidsLimit = 2048 // DefaultPullPolicy pulls the image if it does not exist locally DefaultPullPolicy = "missing" + // DefaultSignaturePolicyPath is the default value for the + // policy.json file. + DefaultSignaturePolicyPath = "/etc/containers/policy.json" // DefaultRootlessSignaturePolicyPath is the default value for the // rootless policy.json file. DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json" @@ -129,14 +132,19 @@ func DefaultConfig() (*Config, error) { } netns := "bridge" + + defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath if unshare.IsRootless() { home, err := unshare.HomeDir() if err != nil { return nil, err } sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath) - if _, err := os.Stat(sigPath); err == nil { - defaultEngineConfig.SignaturePolicyPath = sigPath + defaultEngineConfig.SignaturePolicyPath = sigPath + if _, err := os.Stat(sigPath); err != nil { + if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil { + defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath + } } netns = "slirp4netns" } diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml index 3463adf90..a55b5a189 100644 --- a/vendor/github.com/containers/storage/.cirrus.yml +++ b/vendor/github.com/containers/storage/.cirrus.yml @@ -19,9 +19,9 @@ env: #### # GCE project where images live IMAGE_PROJECT: "libpod-218412" - _BUILT_IMAGE_SUFFIX: "libpod-5874660151656448" - FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}" - PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}" + _BUILT_IMAGE_SUFFIX: "libpod-6301182083727360" + FEDORA_CACHE_IMAGE_NAME: "fedora-32-${_BUILT_IMAGE_SUFFIX}" + PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}" PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}" diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION index 815d5ca06..66e2ae6c2 100644 --- a/vendor/github.com/containers/storage/VERSION +++ b/vendor/github.com/containers/storage/VERSION @@ -1 +1 @@ -1.19.0 +1.19.1 diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go index 0c9434a38..96e7c75fc 100644 --- a/vendor/github.com/containers/storage/containers.go +++ b/vendor/github.com/containers/storage/containers.go @@ -148,10 +148,20 @@ func (c *Container) ProcessLabel() string { } func (c *Container) MountOpts() []string { - if mountOpts, ok := c.Flags["MountOpts"].([]string); ok { + switch c.Flags["MountOpts"].(type) { + case []string: + return c.Flags["MountOpts"].([]string) + case []interface{}: + var mountOpts []string + for _, v := range c.Flags["MountOpts"].([]interface{}) { + if flag, ok := v.(string); ok { + mountOpts = append(mountOpts, flag) + } + } return mountOpts + default: + return nil } - return nil } func (r *containerStore) Containers() ([]Container, error) { diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go index c9c8c5c3c..3e850d136 100644 --- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go +++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go @@ -384,9 +384,21 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr } }() + // In the case of a read-only mount we first mount read-write so we can set the + // correct permissions on the mount point and remount read-only afterwards. + remountReadOnly := false mountOptions := d.options.mountOptions if len(options.Options) > 0 { - mountOptions = strings.Join(options.Options, ",") + var newOptions []string + for _, option := range options.Options { + if option == "ro" { + // Filter out read-only mount option but remember for later remounting. + remountReadOnly = true + } else { + newOptions = append(newOptions, option) + } + } + mountOptions = strings.Join(newOptions, ",") } filesystem := d.zfsPath(id) @@ -409,7 +421,14 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr // this could be our first mount after creation of the filesystem, and the root dir may still have root // permissions instead of the remapped root uid:gid (if user namespaces are enabled): if err := os.Chown(mountpoint, rootUID, rootGID); err != nil { - return "", fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err) + return "", errors.Wrapf(err, "modifying zfs mountpoint (%s) ownership", mountpoint) + } + + if remountReadOnly { + opts = label.FormatMountLabel("remount,ro", options.MountLabel) + if err := mount.Mount(filesystem, mountpoint, "zfs", opts); err != nil { + return "", errors.Wrap(err, "error remounting zfs mount read-only") + } } return mountpoint, nil diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod index 51c1c1f8a..a7742bcdd 100644 --- a/vendor/github.com/containers/storage/go.mod +++ b/vendor/github.com/containers/storage/go.mod @@ -6,7 +6,7 @@ require ( github.com/Microsoft/hcsshim v0.8.7 github.com/docker/go-units v0.4.0 github.com/hashicorp/go-multierror v1.0.0 - github.com/klauspost/compress v1.10.4 + github.com/klauspost/compress v1.10.5 github.com/klauspost/pgzip v1.2.3 github.com/mattn/go-shellwords v1.0.10 github.com/mistifyio/go-zfs v2.1.1+incompatible diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum index a5aa99bc5..97076ffa6 100644 --- a/vendor/github.com/containers/storage/go.sum +++ b/vendor/github.com/containers/storage/go.sum @@ -41,8 +41,8 @@ github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc= -github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc= +github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw= github.com/klauspost/pgzip v1.2.3/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go index 17227266e..a8ebf9e1e 100644 --- a/vendor/github.com/containers/storage/layers.go +++ b/vendor/github.com/containers/storage/layers.go @@ -992,6 +992,9 @@ func (r *layerStore) deleteInternal(id string) error { if err == nil { os.Remove(r.tspath(id)) delete(r.byid, id) + for _, name := range layer.Names { + delete(r.byname, name) + } r.idindex.Delete(id) mountLabel := layer.MountLabel if layer.MountPoint != "" { diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go index d9a2e473c..bf819a801 100644 --- a/vendor/github.com/containers/storage/pkg/archive/archive.go +++ b/vendor/github.com/containers/storage/pkg/archive/archive.go @@ -394,7 +394,7 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 { // to a tar header func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { capability, err := system.Lgetxattr(path, "security.capability") - if err != nil && err != system.EOPNOTSUPP { + if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform { return err } if capability != nil { @@ -407,7 +407,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { // ReadUserXattrToTarHeader reads user.* xattr from filesystem to a tar header func ReadUserXattrToTarHeader(path string, hdr *tar.Header) error { xattrs, err := system.Llistxattr(path) - if err != nil && err != system.EOPNOTSUPP { + if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform { return err } for _, key := range xattrs { diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index 697f30b5c..43b84d769 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -3397,7 +3397,7 @@ func copyStringInterfaceMap(m map[string]interface{}) map[string]interface{} { } // defaultConfigFile path to the system wide storage.conf file -const defaultConfigFile = "/etc/containers/storage.conf" +var defaultConfigFile = "/etc/containers/storage.conf" // AutoUserNsMinSize is the minimum size for automatically created user namespaces const AutoUserNsMinSize = 1024 @@ -3409,6 +3409,11 @@ const AutoUserNsMaxSize = 65536 // creating a user namespace. const RootAutoUserNsUser = "containers" +// SetDefaultConfigFilePath sets the default configuration to the specified path +func SetDefaultConfigFilePath(path string) { + defaultConfigFile = path +} + // DefaultConfigFile returns the path to the storage config file used func DefaultConfigFile(rootless bool) (string, error) { if rootless { diff --git a/vendor/github.com/klauspost/compress/zstd/blockdec.go b/vendor/github.com/klauspost/compress/zstd/blockdec.go index 63062ffa6..c2f855e75 100644 --- a/vendor/github.com/klauspost/compress/zstd/blockdec.go +++ b/vendor/github.com/klauspost/compress/zstd/blockdec.go @@ -131,17 +131,25 @@ func (b *blockDec) reset(br byteBuffer, windowSize uint64) error { b.Type = blockType((bh >> 1) & 3) // find size. cSize := int(bh >> 3) + maxSize := maxBlockSize switch b.Type { case blockTypeReserved: return ErrReservedBlockType case blockTypeRLE: b.RLESize = uint32(cSize) + if b.lowMem { + maxSize = cSize + } cSize = 1 case blockTypeCompressed: if debug { println("Data size on stream:", cSize) } b.RLESize = 0 + maxSize = maxCompressedBlockSize + if windowSize < maxCompressedBlockSize && b.lowMem { + maxSize = int(windowSize) + } if cSize > maxCompressedBlockSize || uint64(cSize) > b.WindowSize { if debug { printf("compressed block too big: csize:%d block: %+v\n", uint64(cSize), b) @@ -160,8 +168,8 @@ func (b *blockDec) reset(br byteBuffer, windowSize uint64) error { b.dataStorage = make([]byte, 0, maxBlockSize) } } - if cap(b.dst) <= maxBlockSize { - b.dst = make([]byte, 0, maxBlockSize+1) + if cap(b.dst) <= maxSize { + b.dst = make([]byte, 0, maxSize+1) } var err error b.data, err = br.readBig(cSize, b.dataStorage) @@ -679,8 +687,11 @@ func (b *blockDec) decodeCompressed(hist *history) error { println("initializing sequences:", err) return err } - - err = seqs.decode(nSeqs, br, hist.b) + hbytes := hist.b + if len(hbytes) > hist.windowSize { + hbytes = hbytes[len(hbytes)-hist.windowSize:] + } + err = seqs.decode(nSeqs, br, hbytes) if err != nil { return err } diff --git a/vendor/github.com/klauspost/compress/zstd/framedec.go b/vendor/github.com/klauspost/compress/zstd/framedec.go index e38f34a9b..780880ebe 100644 --- a/vendor/github.com/klauspost/compress/zstd/framedec.go +++ b/vendor/github.com/klauspost/compress/zstd/framedec.go @@ -233,7 +233,11 @@ func (d *frameDec) reset(br byteBuffer) error { return ErrWindowSizeTooSmall } d.history.windowSize = int(d.WindowSize) - d.history.maxSize = d.history.windowSize + maxBlockSize + if d.o.lowMem && d.history.windowSize < maxBlockSize { + d.history.maxSize = d.history.windowSize * 2 + } else { + d.history.maxSize = d.history.windowSize + maxBlockSize + } // history contains input - maybe we do something d.rawInput = br return nil @@ -320,8 +324,8 @@ func (d *frameDec) checkCRC() error { func (d *frameDec) initAsync() { if !d.o.lowMem && !d.SingleSegment { - // set max extra size history to 20MB. - d.history.maxSize = d.history.windowSize + maxBlockSize*10 + // set max extra size history to 10MB. + d.history.maxSize = d.history.windowSize + maxBlockSize*5 } // re-alloc if more than one extra block size. if d.o.lowMem && cap(d.history.b) > d.history.maxSize+maxBlockSize { |