diff --git a/go.mod b/go.mod index a9e52ae425..3c0a718052 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/checkpoint-restore/go-criu/v7 v7.1.0 github.com/containernetworking/plugins v1.5.0 github.com/containers/buildah v1.36.0 - github.com/containers/common v0.59.0 + github.com/containers/common v0.59.1-0.20240603155017-49ad520556e7 github.com/containers/conmon v2.0.20+incompatible github.com/containers/gvisor-tap-vsock v0.7.4-0.20240515153903-01a1a0cd3f70 github.com/containers/image/v5 v5.31.1-0.20240530141348-2343e812b95b diff --git a/go.sum b/go.sum index a60dde05bf..19f71a77dd 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,8 @@ github.com/containernetworking/plugins v1.5.0 h1:P09DMlfvvsLSskDoftnuwXY7lwa7IAh github.com/containernetworking/plugins v1.5.0/go.mod h1:bcXMvG9gWGc6jVXeodmMzuXmXqpqMguZm6Zu/oIr7AA= github.com/containers/buildah v1.36.0 h1:e369nE9bx0yJtPVRDMsbr0OzkW59XCYAl+5poGhFjcs= github.com/containers/buildah v1.36.0/go.mod h1:qlEF4RuCnzEUTQhAnCyGr5WoYNZaU0k2mPcZscUR//c= -github.com/containers/common v0.59.0 h1:fy9Jz0B7Qs1C030bm73YJtVddaiFSZD3558EV1tgN2g= -github.com/containers/common v0.59.0/go.mod h1:53VicJCZ2AD0O+Br7VVoyrS7viXF4YmwlTIocWUT8XE= +github.com/containers/common v0.59.1-0.20240603155017-49ad520556e7 h1:Vp0npRNqZJrtMrOeVPyLNDYojSPbkNm3pQVnuBULubs= +github.com/containers/common v0.59.1-0.20240603155017-49ad520556e7/go.mod h1:G4vF3V1iWu+NxT/pquuJYBcWGsrVKibDhPu9h52nXyI= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/gvisor-tap-vsock v0.7.4-0.20240515153903-01a1a0cd3f70 h1:aACcXSIgcuPq5QdNZZ8B53BCdhqYvw33/8QmZWJATvg= diff --git a/vendor/github.com/containers/common/libimage/manifests/manifests.go b/vendor/github.com/containers/common/libimage/manifests/manifests.go index 64f06350f0..2213e73575 100644 --- a/vendor/github.com/containers/common/libimage/manifests/manifests.go +++ b/vendor/github.com/containers/common/libimage/manifests/manifests.go @@ -663,6 +663,9 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag if err != nil { return "", fmt.Errorf("adding instance with digest %q: %w", *instanceInfo.instanceDigest, err) } + if err := l.List.SetArtifactType(instanceInfo.instanceDigest, instanceInfo.ArtifactType); err != nil { + return "", fmt.Errorf("setting artifact manifest type for instance with digest %q: %w", *instanceInfo.instanceDigest, err) + } if err = l.List.SetURLs(*instanceInfo.instanceDigest, instanceInfo.URLs); err != nil { return "", fmt.Errorf("setting URLs for instance with digest %q: %w", *instanceInfo.instanceDigest, err) } diff --git a/vendor/github.com/containers/common/libnetwork/cni/network.go b/vendor/github.com/containers/common/libnetwork/cni/network.go index 94d13f7a0f..7e001fab0e 100644 --- a/vendor/github.com/containers/common/libnetwork/cni/network.go +++ b/vendor/github.com/containers/common/libnetwork/cni/network.go @@ -82,9 +82,23 @@ type InitConfig struct { // NewCNINetworkInterface creates the ContainerNetwork interface for the CNI backend. // Note: The networks are not loaded from disk until a method is called. func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { + var netns *rootlessnetns.Netns + var err error + // Do not use unshare.IsRootless() here. We only care if we are running re-exec in the userns, + // IsRootless() also returns true if we are root in a userns which is not what we care about and + // causes issues as this slower more complicated rootless-netns logic should not be used as root. + val, ok := os.LookupEnv(unshare.UsernsEnvName) + useRootlessNetns := ok && val == "done" + if useRootlessNetns { + netns, err = rootlessnetns.New(conf.RunDir, rootlessnetns.CNI, conf.Config) + if err != nil { + return nil, err + } + } + // root needs to use a globally unique lock because there is only one host netns lockPath := defaultRootLockPath - if unshare.IsRootless() { + if useRootlessNetns { lockPath = filepath.Join(conf.CNIConfigDir, "cni.lock") } @@ -112,14 +126,6 @@ func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { defaultSubnetPools = config.DefaultSubnetPools } - var netns *rootlessnetns.Netns - if unshare.IsRootless() { - netns, err = rootlessnetns.New(conf.RunDir, rootlessnetns.CNI, conf.Config) - if err != nil { - return nil, err - } - } - cni := libcni.NewCNIConfig(conf.Config.Network.CNIPluginDirs.Values, &cniExec{}) n := &cniNetwork{ cniConfigDir: conf.CNIConfigDir, diff --git a/vendor/github.com/containers/common/libnetwork/netavark/network.go b/vendor/github.com/containers/common/libnetwork/netavark/network.go index d79fdff43a..6ec4a9d15b 100644 --- a/vendor/github.com/containers/common/libnetwork/netavark/network.go +++ b/vendor/github.com/containers/common/libnetwork/netavark/network.go @@ -96,9 +96,23 @@ type InitConfig struct { // NewNetworkInterface creates the ContainerNetwork interface for the netavark backend. // Note: The networks are not loaded from disk until a method is called. func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { + var netns *rootlessnetns.Netns + var err error + // Do not use unshare.IsRootless() here. We only care if we are running re-exec in the userns, + // IsRootless() also returns true if we are root in a userns which is not what we care about and + // causes issues as this slower more complicated rootless-netns logic should not be used as root. + val, ok := os.LookupEnv(unshare.UsernsEnvName) + useRootlessNetns := ok && val == "done" + if useRootlessNetns { + netns, err = rootlessnetns.New(conf.NetworkRunDir, rootlessnetns.Netavark, conf.Config) + if err != nil { + return nil, err + } + } + // root needs to use a globally unique lock because there is only one host netns lockPath := defaultRootLockPath - if unshare.IsRootless() { + if useRootlessNetns { lockPath = filepath.Join(conf.NetworkConfigDir, "netavark.lock") } @@ -134,18 +148,6 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { defaultSubnetPools = config.DefaultSubnetPools } - var netns *rootlessnetns.Netns - // Do not use unshare.IsRootless() here. We only care if we are running re-exec in the userns, - // IsRootless() also returns true if we are root in a userns which is not what we care about and - // causes issues as this slower more complicated rootless-netns logic should not be used as root. - _, useRootlessNetns := os.LookupEnv(unshare.UsernsEnvName) - if useRootlessNetns { - netns, err = rootlessnetns.New(conf.NetworkRunDir, rootlessnetns.Netavark, conf.Config) - if err != nil { - return nil, err - } - } - n := &netavarkNetwork{ networkConfigDir: conf.NetworkConfigDir, networkRunDir: conf.NetworkRunDir, diff --git a/vendor/github.com/containers/common/pkg/config/config_freebsd.go b/vendor/github.com/containers/common/pkg/config/config_bsd.go similarity index 93% rename from vendor/github.com/containers/common/pkg/config/config_freebsd.go rename to vendor/github.com/containers/common/pkg/config/config_bsd.go index 5b7f55a7bc..e378a07224 100644 --- a/vendor/github.com/containers/common/pkg/config/config_freebsd.go +++ b/vendor/github.com/containers/common/pkg/config/config_bsd.go @@ -1,3 +1,5 @@ +//go:build (freebsd || netbsd || openbsd) + package config const ( diff --git a/vendor/github.com/containers/common/pkg/config/config_windows.go b/vendor/github.com/containers/common/pkg/config/config_windows.go index fbe1bb3f12..b2cd751a15 100644 --- a/vendor/github.com/containers/common/pkg/config/config_windows.go +++ b/vendor/github.com/containers/common/pkg/config/config_windows.go @@ -5,7 +5,7 @@ import "os" const ( // _configPath is the path to the containers/containers.conf // inside a given config directory. - _configPath = "containers\\containers.conf" + _configPath = "\\containers\\containers.conf" // DefaultContainersConfig holds the default containers config path DefaultContainersConfig = "" diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 7d79df07a1..c00efecbb3 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -350,9 +350,9 @@ default_sysctls = [ # The firewall driver to be used by netavark. # The default is empty which means netavark will pick one accordingly. Current supported -# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is -# experimental at the moment and not recommend outside of testing). In the future we are -# planning to add support for a "nftables" driver. +# drivers are "iptables", "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is +# experimental at the moment and not recommend outside of testing). +# #firewall_driver = "" @@ -890,10 +890,10 @@ default_sysctls = [ [podmansh] # Shell to spawn in container. Default: /bin/sh. #shell = "/bin/sh" -# +# # Name of the container the podmansh user should join. #container = "podmansh" -# +# # Default timeout in seconds for podmansh logins. # Favored over the deprecated "podmansh_timeout" field. #timeout = 30 diff --git a/vendor/github.com/containers/common/pkg/config/default_freebsd.go b/vendor/github.com/containers/common/pkg/config/default_bsd.go similarity index 95% rename from vendor/github.com/containers/common/pkg/config/default_freebsd.go rename to vendor/github.com/containers/common/pkg/config/default_bsd.go index 1110edd03d..c619e1783f 100644 --- a/vendor/github.com/containers/common/pkg/config/default_freebsd.go +++ b/vendor/github.com/containers/common/pkg/config/default_bsd.go @@ -1,3 +1,5 @@ +//go:build (freebsd || netbsd || openbsd) + package config // DefaultInitPath is the default path to the container-init binary. diff --git a/vendor/github.com/containers/common/pkg/config/default_common.go b/vendor/github.com/containers/common/pkg/config/default_common.go index 2caa3f01d7..ea5ded363b 100644 --- a/vendor/github.com/containers/common/pkg/config/default_common.go +++ b/vendor/github.com/containers/common/pkg/config/default_common.go @@ -1,4 +1,4 @@ -//go:build !freebsd +//go:build !freebsd && !netbsd package config diff --git a/vendor/github.com/containers/common/pkg/password/password_supported.go b/vendor/github.com/containers/common/pkg/password/password_supported.go index 4761b3ff51..52a56b6329 100644 --- a/vendor/github.com/containers/common/pkg/password/password_supported.go +++ b/vendor/github.com/containers/common/pkg/password/password_supported.go @@ -1,4 +1,4 @@ -//go:build linux || darwin || freebsd +//go:build linux || darwin || freebsd || netbsd package password diff --git a/vendor/github.com/containers/common/pkg/version/version.go b/vendor/github.com/containers/common/pkg/version/version.go index 5632ed4195..a7b160bf92 100644 --- a/vendor/github.com/containers/common/pkg/version/version.go +++ b/vendor/github.com/containers/common/pkg/version/version.go @@ -25,7 +25,8 @@ func queryPackageVersion(cmdArg ...string) string { cmd := exec.Command(cmdArg[0], cmdArg[1:]...) if outp, err := cmd.Output(); err == nil { output = string(outp) - if cmdArg[0] == "/usr/bin/dlocate" { + switch cmdArg[0] { + case "/usr/bin/dlocate": // can return multiple matches l := strings.Split(output, "\n") output = l[0] @@ -44,19 +45,24 @@ func queryPackageVersion(cmdArg ...string) string { } } } - } else if cmdArg[0] == "/usr/bin/dpkg" { + case "/usr/bin/dpkg": r := strings.Split(output, ": ") queryFormat := `${Package}_${Version}_${Architecture}` cmd = exec.Command("/usr/bin/dpkg-query", "-f", queryFormat, "-W", r[0]) if outp, err := cmd.Output(); err == nil { output = string(outp) } + case "/usr/bin/pacman": + pkg := strings.Trim(output, "\n") + cmd = exec.Command(cmdArg[0], "-Q", "--", pkg) + if outp, err := cmd.Output(); err == nil { + output = strings.ReplaceAll(string(outp), " ", "-") + } + case "/sbin/apk": + prefix := cmdArg[len(cmdArg)-1] + " is owned by " + output = strings.Replace(output, prefix, "", 1) } } - if cmdArg[0] == "/sbin/apk" { - prefix := cmdArg[len(cmdArg)-1] + " is owned by " - output = strings.Replace(output, prefix, "", 1) - } } return strings.Trim(output, "\n") } @@ -77,7 +83,7 @@ func Package(program string) string { // program is full path {"rpm", []string{"/usr/bin/rpm", "-q", "-f"}}, {"deb", []string{"/usr/bin/dlocate", "-F"}}, // Debian, Ubuntu (quick) {"deb", []string{"/usr/bin/dpkg", "-S"}}, // Debian, Ubuntu (slow) - {"pacman", []string{"/usr/bin/pacman", "-Qo"}}, // Arch + {"pacman", []string{"/usr/bin/pacman", "-Qoq"}}, // Arch {"gentoo", []string{"/usr/bin/qfile", "-qv"}}, // Gentoo (quick) {"gentoo", []string{"/usr/bin/equery", "b"}}, // Gentoo (slow) {"apk", []string{"/sbin/apk", "info", "-W"}}, // Alpine diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index b8311bf196..fe53f91044 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.59.0" +const Version = "0.60.0-dev" diff --git a/vendor/modules.txt b/vendor/modules.txt index eca3010f94..a6da1eface 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -171,7 +171,7 @@ github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/pkg/volumes github.com/containers/buildah/util -# github.com/containers/common v0.59.0 +# github.com/containers/common v0.59.1-0.20240603155017-49ad520556e7 ## explicit; go 1.21 github.com/containers/common/internal github.com/containers/common/internal/attributedstring