diff options
Diffstat (limited to 'vendor')
21 files changed, 663 insertions, 222 deletions
diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml index 73ab4fc11..860d258b2 100644 --- a/vendor/github.com/containers/buildah/.cirrus.yml +++ b/vendor/github.com/containers/buildah/.cirrus.yml @@ -98,7 +98,7 @@ smoke_task: # the git-validate tool which are difficult to debug and fix. skip: $CIRRUS_PR == '' - timeout_in: 10m + timeout_in: 30m setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}' diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index 591ba831c..8b92ddbe1 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -221,6 +221,316 @@ * Reset upstream branch to dev version * If destination does not exists, do not throw error +## v1.22.0 (2021-08-02) + c/image, c/storage, c/common vendor before Podman 3.3 release + WIP: tests: new assert() + Proposed patch for 3399 (shadowutils) + Fix handling of --restore shadow-utils + build(deps): bump github.com/containers/image/v5 from 5.13.2 to 5.14.0 + runtime-flag (debug) test: handle old & new runc + build(deps): bump github.com/containers/storage from 1.32.6 to 1.33.0 + Allow dst and destination for target in secret mounts + Multi-arch: Always push updated version-tagged img + Add a few tests on cgroups V2 + imagebuildah.stageExecutor.prepare(): remove pseudonym check + refine dangling filter + Chown with environment variables not set should fail + Just restore protections of shadow-utils + build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 + Remove specific kernel version number requirement from install.md + Multi-arch image workflow: Make steps generic + chroot: fix environment value leakage to intermediate processes + Update nix pin with `make nixpkgs` + buildah source - create and manage source images + Update cirrus-cron notification GH workflow + Reuse code from containers/common/pkg/parse + Cirrus: Freshen VM images + build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6 + Fix excludes exception begining with / or ./ + Fix syntax for --manifest example + build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 + vendor containers/common@main + Cirrus: Drop dependence on fedora-minimal + Adjust conformance-test error-message regex + Workaround appearance of differing debug messages + Cirrus: Install docker from package cache + build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 + Switch rusagelogfile to use options.Out + build(deps): bump github.com/containers/storage from 1.32.4 to 1.32.5 + Turn stdio back to blocking when command finishes + Add support for default network creation + Cirrus: Updates for master->main rename + Change references from master to main + Add `--env` and `--workingdir` flags to run command + build(deps): bump github.com/opencontainers/runc + [CI:DOCS] buildah bud: spelling --ignore-file requires parameter + [CI:DOCS] push/pull: clarify supported transports + Remove unused function arguments + Create mountOptions for mount command flags + Extract version command implementation to function + Add --json flags to `mount` and `version` commands + build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.3 + build(deps): bump github.com/containers/common from 0.40.0 to 0.40.1 + copier.Put(): set xattrs after ownership + buildah add/copy: spelling + build(deps): bump github.com/containers/common from 0.39.0 to 0.40.0 + buildah copy and buildah add should support .containerignore + Remove unused util.StartsWithValidTransport + Fix documentation of the --format option of buildah push + Don't use alltransports.ParseImageName with known transports + build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 + man pages: clarify `rmi` removes dangling parents + tests: make it easer to override the location of the copy helper + build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 + [CI:DOCS] Fix links to c/image master branch + imagebuildah: use the specified logger for logging preprocessing warnings + Fix copy into workdir for a single file + Fix docs links due to branch rename + Update nix pin with `make nixpkgs` + build(deps): bump github.com/fsouza/go-dockerclient from 1.7.2 to 1.7.3 + build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 + build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6 + build(deps): bump github.com/containers/storage from 1.32.1 to 1.32.2 + build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12 + build(deps): bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4 + fix(docs): typo + Move to v1.22.0-dev + Fix handling of auth.json file while in a user namespace + Add rusage-logfile flag to optionally send rusage to a file + imagebuildah: redo step logging + build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3 + build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.1 + Add volumes to make running buildah within a container easier + build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 + Add and use a "copy" helper instead of podman load/save + Bump github.com/containers/common from 0.38.4 to 0.39.0 + containerImageRef/containerImageSource: don't buffer uncompressed layers + containerImageRef(): squashed images have no parent images + Sync. workflow across skopeo, buildah, and podman + Bump github.com/containers/storage from 1.31.1 to 1.31.2 + Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 + Bump to v1.21.1-dev [NO TESTS NEEDED] + +## v1.21.0 (2021-05-19) + Don't blow up if cpp detects errors + Vendor in containers/common v0.38.4 + Remove 'buildah run --security-opt' from completion + update c/common + Fix handling of --default-mounts-file + update vendor of containers/storage v1.31.1 + Bump github.com/containers/storage from 1.30.3 to 1.31.0 + Send logrus messages back to caller when building + github: Fix bad repo. ref in workflow config + Check earlier for bad image tags name + buildah bud: fix containers/podman/issues/10307 + Bump github.com/containers/storage from 1.30.1 to 1.30.3 + Cirrus: Support [CI:DOCS] test skipping + Notification email for cirrus-cron build failures + Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 + Fix race condition + Fix copy race while walking paths + Preserve ownership of lower directory when doing an overlay mount + Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 + Update nix pin with `make nixpkgs` + codespell cleanup + Multi-arch github-action workflow unification + Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 + Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 + imagebuildah: ignore signatures when tagging images + update to latest libimage + Bump github.com/containers/common from 0.37.0 to 0.37.1 + Bump github.com/containers/storage from 1.30.0 to 1.30.1 + Upgrade to GitHub-native Dependabot + Document location of auth.json file if XDG_RUNTIME_DIR is not set + run.bats: fix flake in run-user test + Cirrus: Update F34beta -> F34 + pr-should-include-tests: try to make work in buildah + runUsingRuntime: when relaying error from the runtime, mention that + Run(): avoid Mkdir() into the rootfs + imagebuildah: replace archive with chrootarchive + imagebuildah.StageExecutor.volumeCacheSaveVFS(): set up bind mounts + conformance: use :Z with transient mounts when SELinux is enabled + bud.bats: fix a bats warning + imagebuildah: create volume directories when using overlays + imagebuildah: drop resolveSymlink() + namespaces test - refactoring and cleanup + Refactor 'idmapping' system test + Cirrus: Update Ubuntu images to 21.04 + Tiny fixes in bud system tests + Add compabitility wrappers for removed packages + Fix expected message at pulling image + Fix system tests of 'bud' subcommand + [CI:DOCS] Update steps for CentOS runc users + Add support for secret mounts + Add buildah manifest rm command + restore push/pull and util API + [CI:DOCS] Remove older distro docs + Rename rhel secrets to subscriptions + vendor in openshift/imagebuilder + Remove buildah bud --loglevel ... + use new containers/common/libimage package + Fix copier when using globs + Test namespace flags of 'bud' subcommand + Add system test of 'bud' subcommand + Output names of multiple tags in buildah bud + push to docker test: don't get fooled by podman + copier: add Remove() + build(deps): bump github.com/containers/image/v5 from 5.10.5 to 5.11.1 + Restore log timestamps + Add system test of 'buildah help' with a tiny fix + tests: copy.bats: fix infinite hang + Do not force hard code to crun in rootless mode + build(deps): bump github.com/openshift/imagebuilder from 1.2.0 to 1.2.1 + build(deps): bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 + build(deps): bump github.com/containers/common from 0.35.4 to 0.36.0 + Fix arg missing warning in bud + Check without flag in 'from --cgroup-parent' test + Minor fixes to Buildah as a library tutorial documentation + Add system test of 'buildah version' for packaged buildah + Add a few system tests of 'buildah from' + Log the final error with %+v at logging level "trace" + copier: add GetOptions.NoCrossDevice + Update nix pin with `make nixpkgs` + Bump to v1.20.2-dev + +## v1.20.1 (2021-04-13) + Run container with isolation type set at 'from' + bats helpers.bash - minor refactoring + Bump containers/storage vendor to v1.29.0 + build(deps): bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 + Cirrus: Update VMs w/ F34beta + CLI add/copy: add a --from option + build(deps): bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 + Add authentication system tests for 'commit' and 'bud' + fix local image lookup for custom platform + Double-check existence of OCI runtimes + Cirrus: Make use of shared get_ci_vm container + Add system tests of "buildah run" + Update nix pin with `make nixpkgs` + Remove some stuttering on returns errors + Setup alias for --tty to --terminal + Add conformance tests for COPY /... + Put a few more minutes on the clock for the CI conformance test + Add a conformance test for COPY --from $symlink + Add conformance tests for COPY "" + Check for symlink in builtin volume + Sort all mounts by destination directory + System-test cleanup + Export parse.Platform string to be used by podman-remote + blobcache: fix sequencing error + build(deps): bump github.com/containers/common from 0.35.3 to 0.35.4 + Fix URL in demos/buildah_multi_stage.sh + Add a few system tests + [NO TESTS NEEDED] Use --recurse-modules when building git context + Bump to v1.20.1-dev + +## v1.20.0 (2021-03-25) + * vendor in containers/storage v1.28.1 + * build(deps): bump github.com/containers/common from 0.35.2 to 0.35.3 + * tests: prefetch: use buildah, not podman, for pulls + * Use faster way to check image tag existence during multi-arch build + * Add information about multi-arch images to the Readme + * COPY --chown: expand the conformance test + * pkg/chrootuser: use a bufio.Scanner + * [CI:DOCS] Fix rootful typo in docs + * build(deps): bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 + * Add documentation and testing for .containerignore + * build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 + * build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1 + * Lookup Containerfile if user specifies a directory + * Add Tag format placeholder to docs + * copier: ignore sockets + * image: propagate errors from extractRootfs + * Remove system test of 'buildah containers -a' + * Clarify userns options are usable only as root in man pages + * Fix system test of 'containers -a' + * Remove duplicated code in addcopy + * build(deps): bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1 + * build(deps): bump github.com/onsi/gomega from 1.10.5 to 1.11.0 + * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.1 to 1.7.2 + * Update multi-arch buildah build setup with new logic + * Update nix pin with `make nixpkgs` + * overlay.bats: fix the "overlay source permissions" test + * imagebuildah: use overlay for volumes when using overlay + * Make PolicyMap and PullPolicy names align + * copier: add GetOptions.IgnoreUnreadable + * Check local image to match system context + * fix: Containerfiles - smaller set of userns u/gids + * Set upperdir permissions based on source + * Shrink the vendoring size of pkc/cli + * Clarify image name match failure message + * ADD/COPY: create the destination directory first, chroot to it + * copier.GetOptions: add NoDerefSymLinks + * copier: add an Eval function + * Update system test for 'from --cap-add/drop' + * copier: fix a renaming bug + * copier: return child process stderr if we can't JSON decode the response + * Add some system tests + * build(deps): bump github.com/containers/storage from 1.26.0 to 1.27.0 + * complement add/copy --chmod documentation + * buildah login and logout, do not need to enter user namespace + * Add multi-arch image build + * chmod/chown added/fixed in bash completions + * OWNERS: add @lsm5 + * buildah add/copy --chmod dockerfile implementation + * bump github.com/openshift/imagebuilder from 1.1.8 to 1.2.0 + * buildah add/copy --chmod cli implementation for files and urls + * Make sure we set the buildah version label + * Isolation strings, should match user input + * [CI:DOCS] buildah-from.md: remove dup arch,os + * build(deps): bump github.com/containers/image/v5 from 5.10.2 to 5.10.3 + * Cirrus: Temp. disable prior-fedora (F32) testing + * pr-should-include-tests: recognized "renamed" tests + * build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.0 + * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.0 to 1.7.1 + * build(deps): bump github.com/containers/common from 0.34.2 to 0.35.0 + * Fix reaping of stages with no instructions + * add stale bot + * Add base image name to comment + * build(deps): bump github.com/spf13/cobra from 1.1.1 to 1.1.3 + * Don't fail copy to emptydir + * buildah: use volatile containers + * vendor: update containers/storage + * Eliminate the use of containers/building import in pkg subdirs + * Add more support for removing config + * Improve messages about --cache-from not being supported + * Revert patch to allow COPY/ADD of empty dirs. + * Don't fail copy to emptydir + * Fix tutorial for rootless mode + * Fix caching layers with build args + * Vendor in containers/image v5.10.2 + * build(deps): bump github.com/containers/common from 0.34.0 to 0.34.2 + * build(deps): bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 + * 'make validate': require PRs to include tests + * build(deps): bump github.com/onsi/gomega from 1.10.4 to 1.10.5 + * build(deps): bump github.com/containers/storage from 1.24.5 to 1.25.0 + * Use chown function for U volume flag from containers/common repository + * --iidfile: print hash prefix + * bump containernetworking/cni to v0.8.1 - fix for CVE-2021-20206 + * run: fix check for host pid namespace + * Finish plumbing for buildah bud --manifest + * buildah manifest add localimage should work + * Stop testing directory permissions with latest docker + * Fix build arg check + * build(deps): bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0 + * [ci:docs] Fix man page for buildah push + * Update nix pin with `make nixpkgs` + * Bump to containers/image v5.10.1 + * Rebuild layer if a change in ARG is detected + * Bump golang.org/x/crypto to the latest + * Add Ashley and Urvashi to Approvers + * local image lookup by digest + * Use build-arg ENV val from local environment if set + * Pick default OCI Runtime from containers.conf + * Added required devel packages + * Cirrus: Native OSX Build + * Cirrus: Two minor cleanup items + * Workaround for RHEL gating test failure + * build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0 + * build(deps): bump github.com/mattn/go-shellwords from 1.0.10 to 1.0.11 + * Reset upstream branch to dev version + * If destination does not exists, do not throw error + ## v1.19.0 (2021-01-08) Update vendor of containers/storage and containers/common Buildah inspect should be able to inspect manifests diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile index 245f1ad50..2fa5020ee 100644 --- a/vendor/github.com/containers/buildah/Makefile +++ b/vendor/github.com/containers/buildah/Makefile @@ -107,6 +107,7 @@ validate: install.tools ./tests/validate/git-validation.sh ./hack/xref-helpmsgs-manpages ./tests/validate/pr-should-include-tests + ./tests/validate/buildahimages-are-sane .PHONY: install.tools install.tools: diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index 3bde05a3e..6755535b1 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,3 +1,93 @@ +- Changelog for v1.22.0 (2021-08-02) + * c/image, c/storage, c/common vendor before Podman 3.3 release + * WIP: tests: new assert() + * Proposed patch for 3399 (shadowutils) + * Fix handling of --restore shadow-utils + * build(deps): bump github.com/containers/image/v5 from 5.13.2 to 5.14.0 + * runtime-flag (debug) test: handle old & new runc + * build(deps): bump github.com/containers/storage from 1.32.6 to 1.33.0 + * Allow dst and destination for target in secret mounts + * Multi-arch: Always push updated version-tagged img + * Add a few tests on cgroups V2 + * imagebuildah.stageExecutor.prepare(): remove pseudonym check + * refine dangling filter + * Chown with environment variables not set should fail + * Just restore protections of shadow-utils + * build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 + * Remove specific kernel version number requirement from install.md + * Multi-arch image workflow: Make steps generic + * chroot: fix environment value leakage to intermediate processes + * Update nix pin with `make nixpkgs` + * buildah source - create and manage source images + * Update cirrus-cron notification GH workflow + * Reuse code from containers/common/pkg/parse + * Cirrus: Freshen VM images + * build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6 + * Fix excludes exception begining with / or ./ + * Fix syntax for --manifest example + * build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 + * vendor containers/common@main + * Cirrus: Drop dependence on fedora-minimal + * Adjust conformance-test error-message regex + * Workaround appearance of differing debug messages + * Cirrus: Install docker from package cache + * build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 + * Switch rusagelogfile to use options.Out + * build(deps): bump github.com/containers/storage from 1.32.4 to 1.32.5 + * Turn stdio back to blocking when command finishes + * Add support for default network creation + * Cirrus: Updates for master->main rename + * Change references from master to main + * Add `--env` and `--workingdir` flags to run command + * build(deps): bump github.com/opencontainers/runc + * [CI:DOCS] buildah bud: spelling --ignore-file requires parameter + * [CI:DOCS] push/pull: clarify supported transports + * Remove unused function arguments + * Create mountOptions for mount command flags + * Extract version command implementation to function + * Add --json flags to `mount` and `version` commands + * build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.3 + * build(deps): bump github.com/containers/common from 0.40.0 to 0.40.1 + * copier.Put(): set xattrs after ownership + * buildah add/copy: spelling + * build(deps): bump github.com/containers/common from 0.39.0 to 0.40.0 + * buildah copy and buildah add should support .containerignore + * Remove unused util.StartsWithValidTransport + * Fix documentation of the --format option of buildah push + * Don't use alltransports.ParseImageName with known transports + * build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 + * man pages: clarify `rmi` removes dangling parents + * tests: make it easer to override the location of the copy helper + * build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 + * [CI:DOCS] Fix links to c/image master branch + * imagebuildah: use the specified logger for logging preprocessing warnings + * Fix copy into workdir for a single file + * Fix docs links due to branch rename + * Update nix pin with `make nixpkgs` + * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.2 to 1.7.3 + * build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 + * build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6 + * build(deps): bump github.com/containers/storage from 1.32.1 to 1.32.2 + * build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12 + * build(deps): bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4 + * fix(docs): typo + * Move to v1.22.0-dev + * Fix handling of auth.json file while in a user namespace + * Add rusage-logfile flag to optionally send rusage to a file + * imagebuildah: redo step logging + * build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3 + * build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.1 + * Add volumes to make running buildah within a container easier + * build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 + * Add and use a "copy" helper instead of podman load/save + * Bump github.com/containers/common from 0.38.4 to 0.39.0 + * containerImageRef/containerImageSource: don't buffer uncompressed layers + * containerImageRef(): squashed images have no parent images + * Sync. workflow across skopeo, buildah, and podman + * Bump github.com/containers/storage from 1.31.1 to 1.31.2 + * Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 + * Bump to v1.21.1-dev [NO TESTS NEEDED] + - Changelog for v1.21.0 (2021-05-19) * Don't blow up if cpp detects errors * Vendor in containers/common v0.38.4 diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go index 7b6085339..27f536a89 100644 --- a/vendor/github.com/containers/buildah/define/types.go +++ b/vendor/github.com/containers/buildah/define/types.go @@ -28,7 +28,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.22.0-dev" + Version = "1.22.0" // DefaultRuntime if containers.conf fails. DefaultRuntime = "runc" diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod index 68721b73c..a8e3e96a3 100644 --- a/vendor/github.com/containers/buildah/go.mod +++ b/vendor/github.com/containers/buildah/go.mod @@ -4,10 +4,10 @@ go 1.12 require ( github.com/containernetworking/cni v0.8.1 - github.com/containers/common v0.41.1-0.20210721112610-c95d2f794edf - github.com/containers/image/v5 v5.13.2 + github.com/containers/common v0.42.1 + github.com/containers/image/v5 v5.15.0 github.com/containers/ocicrypt v1.1.2 - github.com/containers/storage v1.32.6 + github.com/containers/storage v1.33.1 github.com/docker/distribution v2.7.1+incompatible github.com/docker/go-units v0.4.0 github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 @@ -36,7 +36,7 @@ require ( go.etcd.io/bbolt v1.3.6 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20210603125802-9665404d3644 + golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 k8s.io/klog v1.0.0 // indirect ) diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum index ce7eb6c74..055b8a386 100644 --- a/vendor/github.com/containers/buildah/go.sum +++ b/vendor/github.com/containers/buildah/go.sum @@ -73,7 +73,6 @@ github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg3 github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= -github.com/Microsoft/hcsshim v0.8.17/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.20 h1:ZTwcx3NS8n07kPf/JZ1qwU6vnjhVPMUWlXBF8r9UxrE= github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= @@ -135,7 +134,6 @@ github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmE github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc= github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= -github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.6.1/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= @@ -225,10 +223,11 @@ github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= -github.com/containers/common v0.41.1-0.20210721112610-c95d2f794edf h1:z0ciG0ByyJG3WCBpLYd2XLThCC7UBaH7GeSfXY4sAqc= -github.com/containers/common v0.41.1-0.20210721112610-c95d2f794edf/go.mod h1:Ba5YVNCnyX6xDtg1JqEHa2EMVMW5UbHmIyEqsEwpeGE= -github.com/containers/image/v5 v5.13.2 h1:AgYunV/9d2fRkrmo23wH2MkqeHolFd6oQCkK+1PpuFA= -github.com/containers/image/v5 v5.13.2/go.mod h1:GkWursKDlDcUIT7L7vZf70tADvZCk/Ga0wgS0MuF0ag= +github.com/containers/common v0.42.1 h1:ADOZrVAS8ZY5hBAvr/GoRoPv5Z7TBkxWgxQEXQjlqac= +github.com/containers/common v0.42.1/go.mod h1:AaF3ipZfgezsctDuhzLkq4Vl+LkEy7J74ikh2HSXDsg= +github.com/containers/image/v5 v5.14.0/go.mod h1:SxiBKOcKuT+4yTjD0AskjO+UwFvNcVOJ9qlAw1HNSPU= +github.com/containers/image/v5 v5.15.0 h1:NduhN20ptHNlf0uRny5iTJa2OodB9SLMEB4hKKbzBBs= +github.com/containers/image/v5 v5.15.0/go.mod h1:gzdBcooi6AFdiqfzirUqv90hUyHyI0MMdaqKzACKr2s= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= @@ -236,9 +235,10 @@ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgU github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0= github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/containers/storage v1.32.2/go.mod h1:YIBxxjfXZTi04Ah49sh1uSGfmT1V89+I5i3deRobzQo= -github.com/containers/storage v1.32.6 h1:NqdFRewXO/PYPjgCAScoigZc5QUA21yapSEj6kqD8cw= github.com/containers/storage v1.32.6/go.mod h1:mdB+b89p+jU8zpzLTVXA0gWMmIo0WrkfGMh1R8O2IQw= +github.com/containers/storage v1.33.0/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY= +github.com/containers/storage v1.33.1 h1:RHUPZ7vQxwoeOoMoKUDsVun4f9Wi8BTXmr/wQiruBYU= +github.com/containers/storage v1.33.1/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= @@ -251,7 +251,6 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.3.1/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= @@ -515,7 +514,6 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.1 h1:wXr2uRxZTJXHLly6qhJabee5JqIhTRoLBhDOA74hDEQ= github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= @@ -636,7 +634,6 @@ github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59P github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= -github.com/opencontainers/runc v1.0.0-rc95/go.mod h1:z+bZxa/+Tz/FmYVWkhUajJdzFeOqjc5vrqskhVyHGUM= github.com/opencontainers/runc v1.0.0/go.mod h1:MU2S3KEB2ZExnhnAQYbwjdYV6HwKtDlNbA2Z2OeNDeA= github.com/opencontainers/runc v1.0.1 h1:G18PGckGdAm3yVQRWDVQ1rLSLntiniKJ0cNRT2Tm5gs= github.com/opencontainers/runc v1.0.1/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= @@ -780,8 +777,8 @@ github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE= github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= -github.com/vbauerster/mpb/v7 v7.0.2 h1:eN6AD/ytv1nqCO7Dm8MO0/pGMKmMyH/WMnTJhAUuc/w= -github.com/vbauerster/mpb/v7 v7.0.2/go.mod h1:Mnq3gESXJ9eQhccbGZDggJ1faTCrmaA4iN57fUloRGE= +github.com/vbauerster/mpb/v7 v7.0.3 h1:NfX0pHWhlDTev15M/C3qmSTM1EiIjcS+/d6qS6H4FnI= +github.com/vbauerster/mpb/v7 v7.0.3/go.mod h1:NXGsfPGx6G2JssqvEcULtDqUrxuuYs4llpv8W6ZUpzk= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 h1:cPXZWzzG0NllBLdjWoD1nDfaqu98YMv+OneaKc8sPOA= @@ -1044,8 +1041,8 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644 h1:CA1DEQ4NdKphKeL70tvsWNdT5oFh1lOjihRcEDROi0I= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201113234701-d7a72108b828/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index 4a4352559..81af8ee65 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -2334,7 +2334,7 @@ func getSecretMount(tokens []string, secrets map[string]string, mountlabel strin switch kv[0] { case "id": id = kv[1] - case "target": + case "target", "dst", "destination": target = kv[1] case "required": required, err = strconv.ParseBool(kv[1]) diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index 97347178a..8712a13fd 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -61,7 +61,10 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP // Check whether `name` points to a transport. If so, we // return the error. Otherwise we assume that `name` refers to // an image on a registry (e.g., "fedora"). - if alltransports.TransportFromImageName(name) != nil { + // + // NOTE: the `docker` transport is an exception to support a + // `pull docker:latest` which would otherwise return an error. + if t := alltransports.TransportFromImageName(name); t != nil && t.Name() != registryTransport.Transport.Name() { return nil, err } diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index f429b96ed..a83aa9407 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -20,18 +20,18 @@ # "key = value" # If it is empty or commented out, no annotations will be added # -# annotations = [] +#annotations = [] # Used to change the name of the default AppArmor profile of container engine. # -# apparmor_profile = "container-default" +#apparmor_profile = "container-default" # Default way to to create a cgroup namespace for the container # Options are: # `private` Create private Cgroup Namespace for the container. # `host` Share host Cgroup Namespace with the container. # -# cgroupns = "private" +#cgroupns = "private" # Control container cgroup configuration # Determines whether the container will create CGroups. @@ -40,23 +40,23 @@ # `disabled` Disable cgroup support, will inherit cgroups from parent # `no-conmon` Do not create a cgroup dedicated to conmon. # -# cgroups = "enabled" +#cgroups = "enabled" # List of default capabilities for containers. If it is empty or commented out, # the default capabilities defined in the container engine will be added. # default_capabilities = [ - "CHOWN", - "DAC_OVERRIDE", - "FOWNER", - "FSETID", - "KILL", - "NET_BIND_SERVICE", - "SETFCAP", - "SETGID", - "SETPCAP", - "SETUID", - "SYS_CHROOT" + "CHOWN", + "DAC_OVERRIDE", + "FOWNER", + "FSETID", + "KILL", + "NET_BIND_SERVICE", + "SETFCAP", + "SETGID", + "SETPCAP", + "SETUID", + "SYS_CHROOT" ] # A list of sysctls to be set in containers by default, @@ -64,7 +64,7 @@ default_capabilities = [ # for example:"net.ipv4.ping_group_range = 0 0". # default_sysctls = [ - "net.ipv4.ping_group_range=0 0", + "net.ipv4.ping_group_range=0 0", ] # A list of ulimits to be set in containers by default, specified as @@ -75,24 +75,24 @@ default_sysctls = [ # container engine. # Ulimits has limits for non privileged container engines. # -# default_ulimits = [ +#default_ulimits = [ # "nofile=1280:2560", -# ] +#] # List of devices. Specified as # "<device-on-host>:<device-on-container>:<permissions>", for example: # "/dev/sdc:/dev/xvdc:rwm". # If it is empty or commented out, only the default devices will be used # -# devices = [] +#devices = [] # List of default DNS options to be added to /etc/resolv.conf inside of the container. # -# dns_options = [] +#dns_options = [] # List of default DNS search domains to be added to /etc/resolv.conf inside of the container. # -# dns_searches = [] +#dns_searches = [] # Set default DNS servers. # This option can be used to override the DNS configuration passed to the @@ -100,19 +100,19 @@ default_sysctls = [ # /etc/resolv.conf in the container. # The /etc/resolv.conf file in the image will be used without changes. # -# dns_servers = [] +#dns_servers = [] # Environment variable list for the conmon process; used for passing necessary # environment variables to conmon or the runtime. # -# env = [ -# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", -# "TERM=xterm", -# ] +#env = [ +# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +# "TERM=xterm", +#] # Pass all host environment variables into the container. # -# env_host = false +#env_host = false # Default proxy environment variables passed into the container. # The environment variables passed in include: @@ -121,49 +121,50 @@ default_sysctls = [ # should not use proxy. Proxy environment variables specified for the container # in any other way will override the values passed from the host. # -# http_proxy = true +#http_proxy = true # Run an init inside the container that forwards signals and reaps processes. # -# init = false +#init = false -# Container init binary, if init=true, this is the init binary to be used for containers. +# Container init binary, if init=true, this is the init binary to be used for containers. # -# init_path = "/usr/libexec/podman/catatonit" +#init_path = "/usr/libexec/podman/catatonit" # Default way to to create an IPC namespace (POSIX SysV IPC) for the container # Options are: # `private` Create private IPC Namespace for the container. # `host` Share host IPC Namespace with the container. # -# ipcns = "private" +#ipcns = "private" # keyring tells the container engine whether to create # a kernel keyring for use within the container. -# keyring = true +# +#keyring = true # label tells the container engine whether to use container separation using # MAC(SELinux) labeling or not. # The label flag is ignored on label disabled systems. # -# label = true +#label = true # Logging driver for the container. Available options: k8s-file and journald. # -# log_driver = "k8s-file" +#log_driver = "k8s-file" # Maximum size allowed for the container log file. Negative numbers indicate # that no size limit is imposed. If positive, it must be >= 8192 to match or # exceed conmon's read buffer. The file is truncated and re-opened so the # limit is never exceeded. # -# log_size_max = -1 +#log_size_max = -1 # Specifies default format tag for container log messages. # This is useful for creating a specific tag for container log messages. # Containers logs default to truncated container ID as a tag. # -# log_tag = "" +#log_tag = "" # Default way to to create a Network namespace for the container # Options are: @@ -171,143 +172,147 @@ default_sysctls = [ # `host` Share host Network Namespace with the container. # `none` Containers do not use the network # -# netns = "private" +#netns = "private" # Create /etc/hosts for the container. By default, container engine manage # /etc/hosts, automatically adding the container's own IP address. # -# no_hosts = false +#no_hosts = false # Default way to to create a PID namespace for the container # Options are: # `private` Create private PID Namespace for the container. # `host` Share host PID Namespace with the container. # -# pidns = "private" +#pidns = "private" # Maximum number of processes allowed in a container. # -# pids_limit = 2048 +#pids_limit = 2048 # Copy the content from the underlying image into the newly created volume # when the container is created instead of when it is started. If false, # the container engine will not copy the content until the container is started. # Setting it to true may have negative performance implications. # -# prepare_volume_on_create = false +#prepare_volume_on_create = false # Indicates the networking to be used for rootless containers -# rootless_networking = "slirp4netns" +# +#rootless_networking = "slirp4netns" # Path to the seccomp.json profile which is used as the default seccomp profile # for the runtime. # -# seccomp_profile = "/usr/share/containers/seccomp.json" +#seccomp_profile = "/usr/share/containers/seccomp.json" # Size of /dev/shm. Specified as <number><unit>. # Unit is optional, values: # b (bytes), k (kilobytes), m (megabytes), or g (gigabytes). # If the unit is omitted, the system uses bytes. # -# shm_size = "65536k" +#shm_size = "65536k" # Set timezone in container. Takes IANA timezones as well as "local", # which sets the timezone in the container to match the host machine. # -# tz = "" +#tz = "" # Set umask inside the container # -# umask = "0022" +#umask = "0022" # Default way to to create a User namespace for the container # Options are: # `auto` Create unique User Namespace for the container. # `host` Share host User Namespace with the container. # -# userns = "host" +#userns = "host" # Number of UIDs to allocate for the automatic container creation. # UIDs are allocated from the "container" UIDs listed in # /etc/subuid & /etc/subgid # -# userns_size = 65536 +#userns_size = 65536 # Default way to to create a UTS namespace for the container # Options are: # `private` Create private UTS Namespace for the container. # `host` Share host UTS Namespace with the container. # -# utsns = "private" +#utsns = "private" # List of volumes. Specified as # "<directory-on-host>:<directory-in-container>:<options>", for example: # "/db:/var/lib/db:ro". # If it is empty or commented out, no volumes will be added # -# volumes = [] +#volumes = [] # The network table contains settings pertaining to the management of # CNI plugins. [secrets] -# driver = "file" +#driver = "file" [secrets.opts] -# root = "/example/directory" +#root = "/example/directory" [network] # Path to directory where CNI plugin binaries are located. # -# cni_plugin_dirs = ["/usr/libexec/cni"] +#cni_plugin_dirs = ["/usr/libexec/cni"] # The network name of the default CNI network to attach pods to. -# default_network = "podman" +# +#default_network = "podman" # The default subnet for the default CNI network given in default_network. # If a network with that name does not exist, a new network using that name and # this subnet will be created. # Must be a valid IPv4 CIDR prefix. +# #default_subnet = "10.88.0.0/16" # Path to the directory where CNI configuration files are located. # -# network_config_dir = "/etc/cni/net.d/" +#network_config_dir = "/etc/cni/net.d/" [engine] # Index to the active service -# active_service = production +# +#active_service = production # Cgroup management implementation used for the runtime. # Valid options "systemd" or "cgroupfs" # -# cgroup_manager = "systemd" +#cgroup_manager = "systemd" # Environment variables to pass into conmon # -# conmon_env_vars = [ -# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -# ] +#conmon_env_vars = [ +# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +#] # Paths to look for the conmon container manager binary # -# conmon_path = [ -# "/usr/libexec/podman/conmon", -# "/usr/local/libexec/podman/conmon", -# "/usr/local/lib/podman/conmon", -# "/usr/bin/conmon", -# "/usr/sbin/conmon", -# "/usr/local/bin/conmon", -# "/usr/local/sbin/conmon" -# ] +#conmon_path = [ +# "/usr/libexec/podman/conmon", +# "/usr/local/libexec/podman/conmon", +# "/usr/local/lib/podman/conmon", +# "/usr/bin/conmon", +# "/usr/sbin/conmon", +# "/usr/local/bin/conmon", +# "/usr/local/sbin/conmon" +#] # Specify the keys sequence used to detach a container. # Format is a single character [a-Z] or a comma separated sequence of # `ctrl-<value>`, where `<value>` is one of: # `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_` # -# detach_keys = "ctrl-p,ctrl-q" +#detach_keys = "ctrl-p,ctrl-q" # Determines whether engine will reserve ports on the host when they are # forwarded to containers. When enabled, when ports are forwarded to containers, @@ -316,48 +321,51 @@ default_sysctls = [ # significant memory usage if a container has many ports forwarded to it. # Disabling this can save memory. # -# enable_port_reservation = true +#enable_port_reservation = true # Environment variables to be used when running the container engine (e.g., Podman, Buildah). # For example "http_proxy=internal.proxy.company.com". # Note these environment variables will not be used within the container. # Set the env section under [containers] table, if you want to set environment variables for the container. -# env = [] +# +#env = [] # Selects which logging mechanism to use for container engine events. # Valid values are `journald`, `file` and `none`. # -# events_logger = "journald" +#events_logger = "journald" # Path to OCI hooks directories for automatically executed hooks. # -# hooks_dir = [ -# "/usr/share/containers/oci/hooks.d", -# ] +#hooks_dir = [ +# "/usr/share/containers/oci/hooks.d", +#] # Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building # container images. By default image pulled and pushed match the format of the # source image. Building/committing defaults to OCI. -# image_default_format = "" +# +#image_default_format = "" # Default transport method for pulling and pushing for images # -# image_default_transport = "docker://" +#image_default_transport = "docker://" # Maximum number of image layers to be copied (pulled/pushed) simultaneously. # Not setting this field, or setting it to zero, will fall back to containers/image defaults. -# image_parallel_copies = 0 +# +#image_parallel_copies = 0 # Default command to run the infra container # -# infra_command = "/pause" +#infra_command = "/pause" # Infra (pause) container image name for pod infra containers. When running a # pod, we start a `pause` process in a container to hold open the namespaces # associated with the pod. This container does nothing other then sleep, # reserving the pods resources for the lifetime of the pod. # -# infra_image = "k8s.gcr.io/pause:3.4.1" +#infra_image = "k8s.gcr.io/pause:3.4.1" # Specify the locking mechanism to use; valid values are "shm" and "file". # Change the default only if you are sure of what you are doing, in general @@ -365,18 +373,19 @@ default_sysctls = [ # faster "shm" lock type. You may need to run "podman system renumber" after # you change the lock type. # -# lock_type** = "shm" +#lock_type** = "shm" # Indicates if Podman is running inside a VM via Podman Machine. # Podman uses this value to do extra setup around networking from the # container inside the VM to to host. -# machine_enabled = false +# +#machine_enabled = false # MultiImageArchive - if true, the container engine allows for storing archives # (e.g., of the docker-archive transport) with multiple images. By default, # Podman creates single-image archives. # -# multi_image_archive = "false" +#multi_image_archive = "false" # Default engine namespace # If engine is joined to a namespace, it will see only containers and pods @@ -385,131 +394,136 @@ default_sysctls = [ # The default namespace is "", which corresponds to no namespace. When no # namespace is set, all containers and pods are visible. # -# namespace = "" +#namespace = "" # Path to the slirp4netns binary # -# network_cmd_path = "" +#network_cmd_path = "" # Default options to pass to the slirp4netns binary. # For example "allow_host_loopback=true" # -# network_cmd_options = [] +#network_cmd_options = [] # Whether to use chroot instead of pivot_root in the runtime # -# no_pivot_root = false +#no_pivot_root = false # Number of locks available for containers and pods. # If this is changed, a lock renumber must be performed (e.g. with the # 'podman system renumber' command). # -# num_locks = 2048 +#num_locks = 2048 # Whether to pull new image before running a container -# pull_policy = "missing" +# +#pull_policy = "missing" # Indicates whether the application should be running in remote mode. This flag modifies the # --remote option on container engines. Setting the flag to true will default # `podman --remote=true` for access to the remote Podman service. -# remote = false +# +#remote = false # Default OCI runtime # -# runtime = "crun" +#runtime = "crun" # List of the OCI runtimes that support --format=json. When json is supported # engine will use it for reporting nicer errors. # -# runtime_supports_json = ["crun", "runc", "kata", "runsc"] +#runtime_supports_json = ["crun", "runc", "kata", "runsc"] # List of the OCI runtimes that supports running containers with KVM Separation. # -# runtime_supports_kvm = ["kata"] +#runtime_supports_kvm = ["kata"] # List of the OCI runtimes that supports running containers without cgroups. # -# runtime_supports_nocgroups = ["crun"] +#runtime_supports_nocgroups = ["crun"] # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage # stores containers # Uncomment to change location from this default # -# static_dir = "/var/lib/containers/storage/libpod" +#static_dir = "/var/lib/containers/storage/libpod" # Number of seconds to wait for container to exit before sending kill signal. -# stop_timeout = 10 +# +#stop_timeout = 10 # map of service destinations -# [service_destinations] -# [service_destinations.production] +# +#[service_destinations] +# [service_destinations.production] # URI to access the Podman service # Examples: # rootless "unix://run/user/$UID/podman/podman.sock" (Default) # rootfull "unix://run/podman/podman.sock (Default) # remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock # remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock -# uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock" -# Path to file containing ssh identity key -# identity = "~/.ssh/id_rsa" +# +# uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock" +# Path to file containing ssh identity key +# identity = "~/.ssh/id_rsa" # Directory for temporary files. Must be tmpfs (wiped after reboot) # -# tmp_dir = "/run/libpod" +#tmp_dir = "/run/libpod" # Directory for libpod named volumes. # By default, this will be configured relative to where containers/storage # stores containers. # Uncomment to change location from this default. # -# volume_path = "/var/lib/containers/storage/volumes" +#volume_path = "/var/lib/containers/storage/volumes" # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc) [engine.runtimes] -# crun = [ -# "/usr/bin/crun", -# "/usr/sbin/crun", -# "/usr/local/bin/crun", -# "/usr/local/sbin/crun", -# "/sbin/crun", -# "/bin/crun", -# "/run/current-system/sw/bin/crun", -# ] - -# kata = [ -# "/usr/bin/kata-runtime", -# "/usr/sbin/kata-runtime", -# "/usr/local/bin/kata-runtime", -# "/usr/local/sbin/kata-runtime", -# "/sbin/kata-runtime", -# "/bin/kata-runtime", -# "/usr/bin/kata-qemu", -# "/usr/bin/kata-fc", -# ] - -# runc = [ -# "/usr/bin/runc", -# "/usr/sbin/runc", -# "/usr/local/bin/runc", -# "/usr/local/sbin/runc", -# "/sbin/runc", -# "/bin/runc", -# "/usr/lib/cri-o-runc/sbin/runc", -# ] - -# runsc = [ -# "/usr/bin/runsc", -# "/usr/sbin/runsc", -# "/usr/local/bin/runsc", -# "/usr/local/sbin/runsc", -# "/bin/runsc", -# "/sbin/runsc", -# "/run/current-system/sw/bin/runsc", -# ] +#crun = [ +# "/usr/bin/crun", +# "/usr/sbin/crun", +# "/usr/local/bin/crun", +# "/usr/local/sbin/crun", +# "/sbin/crun", +# "/bin/crun", +# "/run/current-system/sw/bin/crun", +#] + +#kata = [ +# "/usr/bin/kata-runtime", +# "/usr/sbin/kata-runtime", +# "/usr/local/bin/kata-runtime", +# "/usr/local/sbin/kata-runtime", +# "/sbin/kata-runtime", +# "/bin/kata-runtime", +# "/usr/bin/kata-qemu", +# "/usr/bin/kata-fc", +#] + +#runc = [ +# "/usr/bin/runc", +# "/usr/sbin/runc", +# "/usr/local/bin/runc", +# "/usr/local/sbin/runc", +# "/sbin/runc", +# "/bin/runc", +# "/usr/lib/cri-o-runc/sbin/runc", +#] + +#runsc = [ +# "/usr/bin/runsc", +# "/usr/sbin/runsc", +# "/usr/local/bin/runsc", +# "/usr/local/sbin/runsc", +# "/bin/runsc", +# "/sbin/runsc", +# "/run/current-system/sw/bin/runsc", +#] [engine.volume_plugins] -# testplugin = "/run/podman/plugins/test.sock" +#testplugin = "/run/podman/plugins/test.sock" # The [engine.volume_plugins] table MUST be the last entry in this file. # (Unless another table is added) diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 47dca527c..1e9e48f33 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.41.1-dev" +const Version = "0.42.1" diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml index 1294e5a22..bada4a8e3 100644 --- a/vendor/github.com/docker/docker/api/swagger.yaml +++ b/vendor/github.com/docker/docker/api/swagger.yaml @@ -5583,12 +5583,12 @@ paths: schema: $ref: "#/definitions/ErrorResponse" 404: - description: "no such container" + description: "no such image" schema: $ref: "#/definitions/ErrorResponse" examples: application/json: - message: "No such container: c2ada9df5af8" + message: "No such image: c2ada9df5af8" 409: description: "conflict" schema: diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go index b3d142d8c..14e1e38c2 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go @@ -1,12 +1,13 @@ package label import ( + "errors" + "fmt" "os" "os/user" "strings" "github.com/opencontainers/selinux/go-selinux" - "github.com/pkg/errors" ) // Valid Label Options @@ -53,11 +54,11 @@ func InitLabels(options []string) (plabel string, mlabel string, retErr error) { return "", selinux.PrivContainerMountLabel(), nil } if i := strings.Index(opt, ":"); i == -1 { - return "", "", errors.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt) + return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt) } con := strings.SplitN(opt, ":", 2) if !validOptions[con[0]] { - return "", "", errors.Errorf("Bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0]) + return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0]) } if con[0] == "filetype" { mcon["type"] = con[1] @@ -151,7 +152,7 @@ func Relabel(path string, fileLabel string, shared bool) error { path = strings.TrimSuffix(path, "/") } if exclude_paths[path] { - return errors.Errorf("SELinux relabeling of %s is not allowed", path) + return fmt.Errorf("SELinux relabeling of %s is not allowed", path) } if shared { diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go index b336ebad3..9ffd77afa 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go @@ -1,7 +1,7 @@ package selinux import ( - "github.com/pkg/errors" + "errors" ) const ( diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index a91a116f8..62df82a34 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -5,6 +5,7 @@ import ( "bytes" "crypto/rand" "encoding/binary" + "errors" "fmt" "io" "io/ioutil" @@ -18,7 +19,6 @@ import ( "github.com/bits-and-blooms/bitset" "github.com/opencontainers/selinux/pkg/pwalk" - "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -120,7 +120,7 @@ func verifySELinuxfsMount(mnt string) bool { if err == nil { break } - if err == unix.EAGAIN || err == unix.EINTR { + if err == unix.EAGAIN || err == unix.EINTR { //nolint:errorlint // unix errors are bare continue } return false @@ -250,12 +250,12 @@ func isProcHandle(fh *os.File) error { if err == nil { break } - if err != unix.EINTR { - return errors.Wrapf(err, "statfs(%q) failed", fh.Name()) + if err != unix.EINTR { //nolint:errorlint // unix errors are bare + return &os.PathError{Op: "fstatfs", Path: fh.Name(), Err: err} } } if buf.Type != unix.PROC_SUPER_MAGIC { - return errors.Errorf("file %q is not on procfs", fh.Name()) + return fmt.Errorf("file %q is not on procfs", fh.Name()) } return nil @@ -311,8 +311,8 @@ func setFileLabel(fpath string, label string) error { if err == nil { break } - if err != unix.EINTR { - return errors.Wrapf(err, "failed to set file label on %s", fpath) + if err != unix.EINTR { //nolint:errorlint // unix errors are bare + return &os.PathError{Op: "lsetxattr", Path: fpath, Err: err} } } @@ -327,7 +327,7 @@ func fileLabel(fpath string) (string, error) { label, err := lgetxattr(fpath, xattrNameSelinux) if err != nil { - return "", err + return "", &os.PathError{Op: "lgetxattr", Path: fpath, Err: err} } // Trim the NUL byte at the end of the byte buffer, if present. if len(label) > 0 && label[len(label)-1] == '\x00' { @@ -390,7 +390,7 @@ func writeCon(fpath, val string) error { _, err = out.Write(nil) } if err != nil { - return errors.Wrapf(err, "failed to set %s on procfs", fpath) + return &os.PathError{Op: "write", Path: fpath, Err: err} } return nil } @@ -489,13 +489,13 @@ func (l *level) parseLevel(levelStr string) error { lvl := strings.SplitN(levelStr, ":", 2) sens, err := parseLevelItem(lvl[0], sensitivity) if err != nil { - return errors.Wrap(err, "failed to parse sensitivity") + return fmt.Errorf("failed to parse sensitivity: %w", err) } l.sens = sens if len(lvl) > 1 { cats, err := catsToBitset(lvl[1]) if err != nil { - return errors.Wrap(err, "failed to parse categories") + return fmt.Errorf("failed to parse categories: %w", err) } l.cats = cats } @@ -513,14 +513,14 @@ func rangeStrToMLSRange(rangeStr string) (*mlsRange, error) { case 2: mlsRange.high = &level{} if err := mlsRange.high.parseLevel(levelSlice[1]); err != nil { - return nil, errors.Wrapf(err, "failed to parse high level %q", levelSlice[1]) + return nil, fmt.Errorf("failed to parse high level %q: %w", levelSlice[1], err) } fallthrough // rangeStr that is single level, e.g. s6:c0,c3,c5,c30.c1023 case 1: mlsRange.low = &level{} if err := mlsRange.low.parseLevel(levelSlice[0]); err != nil { - return nil, errors.Wrapf(err, "failed to parse low level %q", levelSlice[0]) + return nil, fmt.Errorf("failed to parse low level %q: %w", levelSlice[0], err) } } @@ -697,17 +697,21 @@ func socketLabel() (string, error) { // peerLabel retrieves the label of the client on the other side of a socket func peerLabel(fd uintptr) (string, error) { - return unix.GetsockoptString(int(fd), unix.SOL_SOCKET, unix.SO_PEERSEC) + label, err := unix.GetsockoptString(int(fd), unix.SOL_SOCKET, unix.SO_PEERSEC) + if err != nil { + return "", &os.PathError{Op: "getsockopt", Path: "fd " + strconv.Itoa(int(fd)), Err: err} + } + return label, nil } // setKeyLabel takes a process label and tells the kernel to assign the // label to the next kernel keyring that gets created func setKeyLabel(label string) error { err := writeCon("/proc/self/attr/keycreate", label) - if os.IsNotExist(errors.Cause(err)) { + if errors.Is(err, os.ErrNotExist) { return nil } - if label == "" && os.IsPermission(errors.Cause(err)) { + if label == "" && errors.Is(err, os.ErrPermission) { return nil } return err @@ -784,7 +788,7 @@ func enforceMode() int { // setEnforceMode sets the current SELinux mode Enforcing, Permissive. // Disabled is not valid, since this needs to be set at boot time. func setEnforceMode(mode int) error { - return ioutil.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0644) + return ioutil.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0o644) } // defaultEnforceMode returns the systems default SELinux mode Enforcing, @@ -985,7 +989,7 @@ func addMcs(processLabel, fileLabel string) (string, string) { // securityCheckContext validates that the SELinux label is understood by the kernel func securityCheckContext(val string) error { - return ioutil.WriteFile(path.Join(getSelinuxMountPoint(), "context"), []byte(val), 0644) + return ioutil.WriteFile(path.Join(getSelinuxMountPoint(), "context"), []byte(val), 0o644) } // copyLevel returns a label with the MLS/MCS level from src label replaced on @@ -1023,7 +1027,7 @@ func badPrefix(fpath string) error { badPrefixes := []string{"/usr"} for _, prefix := range badPrefixes { if strings.HasPrefix(fpath, prefix) { - return errors.Errorf("relabeling content in %s is not allowed", prefix) + return fmt.Errorf("relabeling content in %s is not allowed", prefix) } } return nil @@ -1050,7 +1054,7 @@ func chcon(fpath string, label string, recurse bool) error { return pwalk.Walk(fpath, func(p string, info os.FileInfo, err error) error { e := SetFileLabel(p, label) // Walk a file tree can race with removal, so ignore ENOENT - if os.IsNotExist(errors.Cause(e)) { + if errors.Is(e, os.ErrNotExist) { return nil } return e @@ -1072,7 +1076,8 @@ func dupSecOpt(src string) ([]string, error) { con["type"] == "" { return nil, nil } - dup := []string{"user:" + con["user"], + dup := []string{ + "user:" + con["user"], "role:" + con["role"], "type:" + con["type"], } @@ -1140,9 +1145,8 @@ func findUserInContext(context Context, r io.Reader, verifier func(string) error return outConn, nil } } - if err := scanner.Err(); err != nil { - return "", errors.Wrap(err, "failed to scan for context") + return "", fmt.Errorf("failed to scan for context: %w", err) } return "", nil @@ -1155,7 +1159,7 @@ func getDefaultContextFromReaders(c *defaultSECtx) (string, error) { context, err := newContext(c.scon) if err != nil { - return "", errors.Wrapf(err, "failed to create label for %s", c.scon) + return "", fmt.Errorf("failed to create label for %s: %w", c.scon, err) } // set so the verifier validates the matched context with the provided user and level. @@ -1180,7 +1184,7 @@ func getDefaultContextFromReaders(c *defaultSECtx) (string, error) { return conn, nil } - return "", errors.Wrapf(ErrContextMissing, "context not found: %q", c.scon) + return "", fmt.Errorf("context %q not found: %w", c.scon, ErrContextMissing) } func getDefaultContextWithLevel(user, level, scon string) (string, error) { diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go index 117c255be..c6b0a7f26 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go @@ -10,7 +10,7 @@ func lgetxattr(path, attr string) ([]byte, error) { // Start with a 128 length byte array dest := make([]byte, 128) sz, errno := doLgetxattr(path, attr, dest) - for errno == unix.ERANGE { + for errno == unix.ERANGE { //nolint:errorlint // unix errors are bare // Buffer too small, use zero-sized buffer to get the actual size sz, errno = doLgetxattr(path, attr, []byte{}) if errno != nil { @@ -31,7 +31,7 @@ func lgetxattr(path, attr string) ([]byte, error) { func doLgetxattr(path, attr string, dest []byte) (int, error) { for { sz, err := unix.Lgetxattr(path, attr, dest) - if err != unix.EINTR { + if err != unix.EINTR { //nolint:errorlint // unix errors are bare return sz, err } } diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go index 437b12b3e..a8088a196 100644 --- a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go +++ b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go @@ -1,12 +1,11 @@ package pwalk import ( + "fmt" "os" "path/filepath" "runtime" "sync" - - "github.com/pkg/errors" ) type WalkFunc = filepath.WalkFunc @@ -42,7 +41,7 @@ func Walk(root string, walkFn WalkFunc) error { func WalkN(root string, walkFn WalkFunc, num int) error { // make sure limit is sensible if num < 1 { - return errors.Errorf("walk(%q): num must be > 0", root) + return fmt.Errorf("walk(%q): num must be > 0", root) } files := make(chan *walkArgs, 2*num) diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go index 2895a8f07..c6eecc826 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go @@ -12,6 +12,7 @@ import ( "strings" "sync" "syscall" + "time" "github.com/pkg/errors" @@ -41,7 +42,7 @@ func NewDriver(logWriter io.Writer, stateDir string) (port.ParentDriver, error) socketPath: socketPath, childReadyPipePath: childReadyPipePath, ports: make(map[int]*port.Status, 0), - stoppers: make(map[int]func() error, 0), + stoppers: make(map[int]func(context.Context) error, 0), nextID: 1, } return &d, nil @@ -53,7 +54,7 @@ type driver struct { childReadyPipePath string mu sync.Mutex ports map[int]*port.Status - stoppers map[int]func() error + stoppers map[int]func(context.Context) error nextID int } @@ -138,16 +139,27 @@ func (d *driver) AddPort(ctx context.Context, spec port.Spec) (*port.Status, err if err != nil { return nil, err } + // NOTE: routineStopCh is close-only channel. Do not send any data. + // See commit 4803f18fae1e39d200d98f09e445a97ccd6f5526 `Revert "port/builtin: RemovePort() block until conn is closed"` routineStopCh := make(chan struct{}) - routineStop := func() error { + routineStoppedCh := make(chan error) + routineStop := func(ctx context.Context) error { close(routineStopCh) - return nil // FIXME + select { + case stoppedResult, stoppedResultOk := <-routineStoppedCh: + if stoppedResultOk { + return stoppedResult + } + return errors.New("routineStoppedCh was closed without sending data?") + case <-ctx.Done(): + return errors.Wrap(err, "timed out while waiting for routineStoppedCh after closing routineStopCh") + } } switch spec.Proto { case "tcp", "tcp4", "tcp6": - err = tcp.Run(d.socketPath, spec, routineStopCh, d.logWriter) + err = tcp.Run(d.socketPath, spec, routineStopCh, routineStoppedCh, d.logWriter) case "udp", "udp4", "udp6": - err = udp.Run(d.socketPath, spec, routineStopCh, d.logWriter) + err = udp.Run(d.socketPath, spec, routineStopCh, routineStoppedCh, d.logWriter) default: // NOTREACHED return nil, errors.New("spec was not validated?") @@ -188,7 +200,12 @@ func (d *driver) RemovePort(ctx context.Context, id int) error { if !ok { return errors.Errorf("unknown id: %d", id) } - err := stop() + if _, ok := ctx.Deadline(); !ok { + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(ctx, 5*time.Second) + defer cancel() + } + err := stop(ctx) delete(d.stoppers, id) delete(d.ports, id) return err diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go index 7a7a167f1..32c714468 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go @@ -12,7 +12,7 @@ import ( "github.com/rootless-containers/rootlesskit/pkg/port/builtin/msg" ) -func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error { +func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, stoppedCh chan error, logWriter io.Writer) error { ln, err := net.Listen(spec.Proto, net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) if err != nil { fmt.Fprintf(logWriter, "listen: %v\n", err) @@ -31,7 +31,10 @@ func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io } }() go func() { - defer ln.Close() + defer func() { + stoppedCh <- ln.Close() + close(stoppedCh) + }() for { select { case c, ok := <-newConns: diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go index 0080dd22c..67062117a 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go @@ -13,7 +13,7 @@ import ( "github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udpproxy" ) -func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error { +func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, stoppedCh chan error, logWriter io.Writer) error { addr, err := net.ResolveUDPAddr(spec.Proto, net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) if err != nil { return err @@ -51,6 +51,8 @@ func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io case <-stopCh: // udpp.Close closes ln as well udpp.Close() + stoppedCh <- nil + close(stoppedCh) return } } diff --git a/vendor/modules.txt b/vendor/modules.txt index c89582328..fadd6ffa6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -77,7 +77,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr github.com/containernetworking/plugins/pkg/utils/sysctl github.com/containernetworking/plugins/plugins/ipam/host-local/backend github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator -# github.com/containers/buildah v1.21.1-0.20210721171232-54cafea4c933 +# github.com/containers/buildah v1.22.0 github.com/containers/buildah github.com/containers/buildah/bind github.com/containers/buildah/chroot @@ -93,7 +93,7 @@ github.com/containers/buildah/pkg/overlay github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/rusage github.com/containers/buildah/util -# github.com/containers/common v0.41.1-0.20210730122913-cd6c45fd20e3 +# github.com/containers/common v0.42.1 github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor @@ -285,7 +285,7 @@ github.com/docker/distribution/registry/client/auth/challenge github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory -# github.com/docker/docker v20.10.7+incompatible +# github.com/docker/docker v20.10.8+incompatible github.com/docker/docker/api github.com/docker/docker/api/types github.com/docker/docker/api/types/blkiodev @@ -525,7 +525,7 @@ github.com/opencontainers/runtime-tools/generate github.com/opencontainers/runtime-tools/generate/seccomp github.com/opencontainers/runtime-tools/specerror github.com/opencontainers/runtime-tools/validate -# github.com/opencontainers/selinux v1.8.2 +# github.com/opencontainers/selinux v1.8.3 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/pkg/pwalk @@ -558,7 +558,7 @@ github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util # github.com/rivo/uniseg v0.2.0 github.com/rivo/uniseg -# github.com/rootless-containers/rootlesskit v0.14.2 +# github.com/rootless-containers/rootlesskit v0.14.4 github.com/rootless-containers/rootlesskit/pkg/api github.com/rootless-containers/rootlesskit/pkg/msgutil github.com/rootless-containers/rootlesskit/pkg/port |