summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/containers/common/pkg/auth/auth.go68
-rw-r--r--vendor/github.com/containers/common/pkg/auth/cli.go16
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go12
-rw-r--r--vendor/github.com/containers/storage/.cirrus.yml6
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/containers.go14
-rw-r--r--vendor/github.com/containers/storage/drivers/zfs/zfs.go23
-rw-r--r--vendor/github.com/containers/storage/go.mod2
-rw-r--r--vendor/github.com/containers/storage/go.sum4
-rw-r--r--vendor/github.com/containers/storage/layers.go3
-rw-r--r--vendor/github.com/containers/storage/pkg/archive/archive.go4
-rw-r--r--vendor/github.com/containers/storage/store.go7
-rw-r--r--vendor/github.com/klauspost/compress/zstd/blockdec.go19
-rw-r--r--vendor/github.com/klauspost/compress/zstd/framedec.go10
-rw-r--r--vendor/modules.txt6
15 files changed, 156 insertions, 40 deletions
diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go
index 769e5a9fa..4e0400d23 100644
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@@ -9,6 +9,7 @@ import (
"github.com/containers/image/v5/docker"
"github.com/containers/image/v5/pkg/docker/config"
+ "github.com/containers/image/v5/pkg/sysregistriesv2"
"github.com/containers/image/v5/types"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -33,9 +34,27 @@ func CheckAuthFile(authfile string) error {
return nil
}
-// Login login to the server with creds from Stdin or CLI
-func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, registry string) error {
- server := getRegistryName(registry)
+// Login implements a “log in” command with the provided opts and args
+// reading the password from opts.Stdin or the options in opts.
+func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, args []string) error {
+ var (
+ server string
+ err error
+ )
+ if len(args) > 1 {
+ return errors.Errorf("login accepts only one registry to login to")
+ }
+ if len(args) == 0 {
+ if !opts.AcceptUnspecifiedRegistry {
+ return errors.Errorf("please provide a registry to login to")
+ }
+ if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+ return err
+ }
+ logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+ } else {
+ server = getRegistryName(args[0])
+ }
authConfig, err := config.GetCredentials(systemContext, server)
if err != nil {
return errors.Wrapf(err, "error reading auth file")
@@ -151,11 +170,29 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (stri
return strings.TrimSpace(username), password, err
}
-// Logout removes the authentication of server from authfile
-// removes all authtication if specifies all in the options
-func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server string) error {
- if server != "" {
- server = getRegistryName(server)
+// Logout implements a “log out” command with the provided opts and args
+func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []string) error {
+ var (
+ server string
+ err error
+ )
+ if len(args) > 1 {
+ return errors.Errorf("logout accepts only one registry to logout from")
+ }
+ if len(args) == 0 && !opts.All {
+ if !opts.AcceptUnspecifiedRegistry {
+ return errors.Errorf("please provide a registry to logout from")
+ }
+ if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+ return err
+ }
+ logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+ }
+ if len(args) != 0 {
+ if opts.All {
+ return errors.Errorf("--all takes no arguments")
+ }
+ server = getRegistryName(args[0])
}
if err := CheckAuthFile(opts.AuthFile); err != nil {
return err
@@ -169,7 +206,7 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri
return nil
}
- err := config.RemoveAuthentication(systemContext, server)
+ err = config.RemoveAuthentication(systemContext, server)
switch err {
case nil:
fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server)
@@ -180,3 +217,16 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri
return errors.Wrapf(err, "error logging out of %q", server)
}
}
+
+// defaultRegistryWhenUnspecified returns first registry from search list of registry.conf
+// used by login/logout when registry argument is not specified
+func defaultRegistryWhenUnspecified(systemContext *types.SystemContext) (string, error) {
+ registriesFromFile, err := sysregistriesv2.UnqualifiedSearchRegistries(systemContext)
+ if err != nil {
+ return "", errors.Wrapf(err, "error getting registry from registry.conf, please specify a registry")
+ }
+ if len(registriesFromFile) == 0 {
+ return "", errors.Errorf("no registries found in registries.conf, a registry must be provided")
+ }
+ return registriesFromFile[0], nil
+}
diff --git a/vendor/github.com/containers/common/pkg/auth/cli.go b/vendor/github.com/containers/common/pkg/auth/cli.go
index dffd06718..3384b0731 100644
--- a/vendor/github.com/containers/common/pkg/auth/cli.go
+++ b/vendor/github.com/containers/common/pkg/auth/cli.go
@@ -9,22 +9,28 @@ import (
// LoginOptions represents common flags in login
// caller should define bool or optionalBool fields for flags --get-login and --tls-verify
type LoginOptions struct {
+ // CLI flags managed by the FlagSet returned by GetLoginFlags
AuthFile string
CertDir string
- GetLoginSet bool
Password string
Username string
StdinPassword bool
- Stdin io.Reader
- Stdout io.Writer
+ // Options caller can set
+ GetLoginSet bool // set to true if --get-login is explicitly set
+ Stdin io.Reader // set to os.Stdin
+ Stdout io.Writer // set to os.Stdout
+ AcceptUnspecifiedRegistry bool // set to true if allows login with unspecified registry
}
// LogoutOptions represents the results for flags in logout
type LogoutOptions struct {
+ // CLI flags managed by the FlagSet returned by GetLogoutFlags
AuthFile string
All bool
- Stdin io.Reader
- Stdout io.Writer
+ // Options caller can set
+ Stdin io.Reader // set to os.Stdin
+ Stdout io.Writer // set to os.Stdout
+ AcceptUnspecifiedRegistry bool // set to true if allows logout with unspecified registry
}
// GetLoginFlags defines and returns login flags for containers tools
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 446382ac7..ec52ff706 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -105,6 +105,9 @@ const (
DefaultPidsLimit = 2048
// DefaultPullPolicy pulls the image if it does not exist locally
DefaultPullPolicy = "missing"
+ // DefaultSignaturePolicyPath is the default value for the
+ // policy.json file.
+ DefaultSignaturePolicyPath = "/etc/containers/policy.json"
// DefaultRootlessSignaturePolicyPath is the default value for the
// rootless policy.json file.
DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json"
@@ -129,14 +132,19 @@ func DefaultConfig() (*Config, error) {
}
netns := "bridge"
+
+ defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
if unshare.IsRootless() {
home, err := unshare.HomeDir()
if err != nil {
return nil, err
}
sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath)
- if _, err := os.Stat(sigPath); err == nil {
- defaultEngineConfig.SignaturePolicyPath = sigPath
+ defaultEngineConfig.SignaturePolicyPath = sigPath
+ if _, err := os.Stat(sigPath); err != nil {
+ if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil {
+ defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
+ }
}
netns = "slirp4netns"
}
diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml
index 3463adf90..a55b5a189 100644
--- a/vendor/github.com/containers/storage/.cirrus.yml
+++ b/vendor/github.com/containers/storage/.cirrus.yml
@@ -19,9 +19,9 @@ env:
####
# GCE project where images live
IMAGE_PROJECT: "libpod-218412"
- _BUILT_IMAGE_SUFFIX: "libpod-5874660151656448"
- FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}"
- PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}"
+ _BUILT_IMAGE_SUFFIX: "libpod-6301182083727360"
+ FEDORA_CACHE_IMAGE_NAME: "fedora-32-${_BUILT_IMAGE_SUFFIX}"
+ PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}"
PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}"
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index 815d5ca06..66e2ae6c2 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.19.0
+1.19.1
diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go
index 0c9434a38..96e7c75fc 100644
--- a/vendor/github.com/containers/storage/containers.go
+++ b/vendor/github.com/containers/storage/containers.go
@@ -148,10 +148,20 @@ func (c *Container) ProcessLabel() string {
}
func (c *Container) MountOpts() []string {
- if mountOpts, ok := c.Flags["MountOpts"].([]string); ok {
+ switch c.Flags["MountOpts"].(type) {
+ case []string:
+ return c.Flags["MountOpts"].([]string)
+ case []interface{}:
+ var mountOpts []string
+ for _, v := range c.Flags["MountOpts"].([]interface{}) {
+ if flag, ok := v.(string); ok {
+ mountOpts = append(mountOpts, flag)
+ }
+ }
return mountOpts
+ default:
+ return nil
}
- return nil
}
func (r *containerStore) Containers() ([]Container, error) {
diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go
index c9c8c5c3c..3e850d136 100644
--- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go
+++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go
@@ -384,9 +384,21 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr
}
}()
+ // In the case of a read-only mount we first mount read-write so we can set the
+ // correct permissions on the mount point and remount read-only afterwards.
+ remountReadOnly := false
mountOptions := d.options.mountOptions
if len(options.Options) > 0 {
- mountOptions = strings.Join(options.Options, ",")
+ var newOptions []string
+ for _, option := range options.Options {
+ if option == "ro" {
+ // Filter out read-only mount option but remember for later remounting.
+ remountReadOnly = true
+ } else {
+ newOptions = append(newOptions, option)
+ }
+ }
+ mountOptions = strings.Join(newOptions, ",")
}
filesystem := d.zfsPath(id)
@@ -409,7 +421,14 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr
// this could be our first mount after creation of the filesystem, and the root dir may still have root
// permissions instead of the remapped root uid:gid (if user namespaces are enabled):
if err := os.Chown(mountpoint, rootUID, rootGID); err != nil {
- return "", fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err)
+ return "", errors.Wrapf(err, "modifying zfs mountpoint (%s) ownership", mountpoint)
+ }
+
+ if remountReadOnly {
+ opts = label.FormatMountLabel("remount,ro", options.MountLabel)
+ if err := mount.Mount(filesystem, mountpoint, "zfs", opts); err != nil {
+ return "", errors.Wrap(err, "error remounting zfs mount read-only")
+ }
}
return mountpoint, nil
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
index 51c1c1f8a..a7742bcdd 100644
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@@ -6,7 +6,7 @@ require (
github.com/Microsoft/hcsshim v0.8.7
github.com/docker/go-units v0.4.0
github.com/hashicorp/go-multierror v1.0.0
- github.com/klauspost/compress v1.10.4
+ github.com/klauspost/compress v1.10.5
github.com/klauspost/pgzip v1.2.3
github.com/mattn/go-shellwords v1.0.10
github.com/mistifyio/go-zfs v2.1.1+incompatible
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
index a5aa99bc5..97076ffa6 100644
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@@ -41,8 +41,8 @@ github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc=
-github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc=
+github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw=
github.com/klauspost/pgzip v1.2.3/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
index 17227266e..a8ebf9e1e 100644
--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
@@ -992,6 +992,9 @@ func (r *layerStore) deleteInternal(id string) error {
if err == nil {
os.Remove(r.tspath(id))
delete(r.byid, id)
+ for _, name := range layer.Names {
+ delete(r.byname, name)
+ }
r.idindex.Delete(id)
mountLabel := layer.MountLabel
if layer.MountPoint != "" {
diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go
index d9a2e473c..bf819a801 100644
--- a/vendor/github.com/containers/storage/pkg/archive/archive.go
+++ b/vendor/github.com/containers/storage/pkg/archive/archive.go
@@ -394,7 +394,7 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 {
// to a tar header
func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
capability, err := system.Lgetxattr(path, "security.capability")
- if err != nil && err != system.EOPNOTSUPP {
+ if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform {
return err
}
if capability != nil {
@@ -407,7 +407,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
// ReadUserXattrToTarHeader reads user.* xattr from filesystem to a tar header
func ReadUserXattrToTarHeader(path string, hdr *tar.Header) error {
xattrs, err := system.Llistxattr(path)
- if err != nil && err != system.EOPNOTSUPP {
+ if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform {
return err
}
for _, key := range xattrs {
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index 697f30b5c..43b84d769 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -3397,7 +3397,7 @@ func copyStringInterfaceMap(m map[string]interface{}) map[string]interface{} {
}
// defaultConfigFile path to the system wide storage.conf file
-const defaultConfigFile = "/etc/containers/storage.conf"
+var defaultConfigFile = "/etc/containers/storage.conf"
// AutoUserNsMinSize is the minimum size for automatically created user namespaces
const AutoUserNsMinSize = 1024
@@ -3409,6 +3409,11 @@ const AutoUserNsMaxSize = 65536
// creating a user namespace.
const RootAutoUserNsUser = "containers"
+// SetDefaultConfigFilePath sets the default configuration to the specified path
+func SetDefaultConfigFilePath(path string) {
+ defaultConfigFile = path
+}
+
// DefaultConfigFile returns the path to the storage config file used
func DefaultConfigFile(rootless bool) (string, error) {
if rootless {
diff --git a/vendor/github.com/klauspost/compress/zstd/blockdec.go b/vendor/github.com/klauspost/compress/zstd/blockdec.go
index 63062ffa6..c2f855e75 100644
--- a/vendor/github.com/klauspost/compress/zstd/blockdec.go
+++ b/vendor/github.com/klauspost/compress/zstd/blockdec.go
@@ -131,17 +131,25 @@ func (b *blockDec) reset(br byteBuffer, windowSize uint64) error {
b.Type = blockType((bh >> 1) & 3)
// find size.
cSize := int(bh >> 3)
+ maxSize := maxBlockSize
switch b.Type {
case blockTypeReserved:
return ErrReservedBlockType
case blockTypeRLE:
b.RLESize = uint32(cSize)
+ if b.lowMem {
+ maxSize = cSize
+ }
cSize = 1
case blockTypeCompressed:
if debug {
println("Data size on stream:", cSize)
}
b.RLESize = 0
+ maxSize = maxCompressedBlockSize
+ if windowSize < maxCompressedBlockSize && b.lowMem {
+ maxSize = int(windowSize)
+ }
if cSize > maxCompressedBlockSize || uint64(cSize) > b.WindowSize {
if debug {
printf("compressed block too big: csize:%d block: %+v\n", uint64(cSize), b)
@@ -160,8 +168,8 @@ func (b *blockDec) reset(br byteBuffer, windowSize uint64) error {
b.dataStorage = make([]byte, 0, maxBlockSize)
}
}
- if cap(b.dst) <= maxBlockSize {
- b.dst = make([]byte, 0, maxBlockSize+1)
+ if cap(b.dst) <= maxSize {
+ b.dst = make([]byte, 0, maxSize+1)
}
var err error
b.data, err = br.readBig(cSize, b.dataStorage)
@@ -679,8 +687,11 @@ func (b *blockDec) decodeCompressed(hist *history) error {
println("initializing sequences:", err)
return err
}
-
- err = seqs.decode(nSeqs, br, hist.b)
+ hbytes := hist.b
+ if len(hbytes) > hist.windowSize {
+ hbytes = hbytes[len(hbytes)-hist.windowSize:]
+ }
+ err = seqs.decode(nSeqs, br, hbytes)
if err != nil {
return err
}
diff --git a/vendor/github.com/klauspost/compress/zstd/framedec.go b/vendor/github.com/klauspost/compress/zstd/framedec.go
index e38f34a9b..780880ebe 100644
--- a/vendor/github.com/klauspost/compress/zstd/framedec.go
+++ b/vendor/github.com/klauspost/compress/zstd/framedec.go
@@ -233,7 +233,11 @@ func (d *frameDec) reset(br byteBuffer) error {
return ErrWindowSizeTooSmall
}
d.history.windowSize = int(d.WindowSize)
- d.history.maxSize = d.history.windowSize + maxBlockSize
+ if d.o.lowMem && d.history.windowSize < maxBlockSize {
+ d.history.maxSize = d.history.windowSize * 2
+ } else {
+ d.history.maxSize = d.history.windowSize + maxBlockSize
+ }
// history contains input - maybe we do something
d.rawInput = br
return nil
@@ -320,8 +324,8 @@ func (d *frameDec) checkCRC() error {
func (d *frameDec) initAsync() {
if !d.o.lowMem && !d.SingleSegment {
- // set max extra size history to 20MB.
- d.history.maxSize = d.history.windowSize + maxBlockSize*10
+ // set max extra size history to 10MB.
+ d.history.maxSize = d.history.windowSize + maxBlockSize*5
}
// re-alloc if more than one extra block size.
if d.o.lowMem && cap(d.history.b) > d.history.maxSize+maxBlockSize {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 18c4442ef..04d961103 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.10.0
+# github.com/containers/common v0.11.0
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/auth
github.com/containers/common/pkg/capabilities
@@ -151,7 +151,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.19.0
+# github.com/containers/storage v1.19.1
github.com/containers/storage
github.com/containers/storage/drivers
github.com/containers/storage/drivers/aufs
@@ -321,7 +321,7 @@ github.com/inconshreveable/mousetrap
github.com/ishidawataru/sctp
# github.com/json-iterator/go v1.1.9
github.com/json-iterator/go
-# github.com/klauspost/compress v1.10.4
+# github.com/klauspost/compress v1.10.5
github.com/klauspost/compress/flate
github.com/klauspost/compress/fse
github.com/klauspost/compress/huff0