From 456f75b97570fbfb73c4f0fccfd60c0cf1232df8 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Wed, 29 Apr 2026 18:48:41 +0200 Subject: [PATCH] vendor latest common, image, storage Pick up the latest registries.d and network changes. Signed-off-by: Paul Holzinger --- go.mod | 6 +- go.sum | 12 +- .../libnetwork/internal/util/validate.go | 59 ---------- .../common/libnetwork/types/network.go | 20 +++- .../common/pkg/config/containers.conf | 4 +- .../go.podman.io/common/pkg/config/default.go | 2 +- .../common/pkg/netns/netns_linux.go | 2 +- .../image/v5/docker/docker_client.go | 63 +++++----- .../image/v5/docker/registries_d.go | 108 +++++------------- vendor/go.podman.io/storage/check.go | 1 + .../storage/drivers/overlay/overlay.go | 7 +- vendor/go.podman.io/storage/layers.go | 16 +-- .../storage/pkg/configfile/parse.go | 2 +- .../go.podman.io/storage/pkg/mount/mount.go | 12 +- vendor/go.podman.io/storage/pkg/system/rm.go | 5 +- vendor/go.podman.io/storage/store.go | 2 +- vendor/modules.txt | 6 +- 17 files changed, 126 insertions(+), 201 deletions(-) diff --git a/go.mod b/go.mod index 291f1c2fdc..060e474729 100644 --- a/go.mod +++ b/go.mod @@ -64,9 +64,9 @@ require ( github.com/vbauerster/mpb/v8 v8.12.0 github.com/vishvananda/netlink v1.3.1 go.podman.io/buildah v1.42.1-0.20260421143840-0acb6b8cca85 - go.podman.io/common v0.67.2-0.20260428163628-e3b0c9aa788d - go.podman.io/image/v5 v5.39.3-0.20260428163628-e3b0c9aa788d - go.podman.io/storage v1.62.1-0.20260428163628-e3b0c9aa788d + go.podman.io/common v0.67.2-0.20260430110239-06cbc5da36f1 + go.podman.io/image/v5 v5.39.3-0.20260430110239-06cbc5da36f1 + go.podman.io/storage v1.62.1-0.20260430110239-06cbc5da36f1 golang.org/x/crypto v0.50.0 golang.org/x/net v0.53.0 golang.org/x/sync v0.20.0 diff --git a/go.sum b/go.sum index 69d1abe52d..ff611dcc52 100644 --- a/go.sum +++ b/go.sum @@ -431,12 +431,12 @@ go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.podman.io/buildah v1.42.1-0.20260421143840-0acb6b8cca85 h1:rVKRagobPO6kGHOg2NhGNs6xWVgZctiOn4tmxa3cytA= go.podman.io/buildah v1.42.1-0.20260421143840-0acb6b8cca85/go.mod h1:JjFirF1zlILz55ZkVYYhLRnted7mPlmoS2w2ihYw8iw= -go.podman.io/common v0.67.2-0.20260428163628-e3b0c9aa788d h1:/oR7Ke8lxnw/pTcQ3mcjKLPI0gn0xc/wGPKXGpq+/gM= -go.podman.io/common v0.67.2-0.20260428163628-e3b0c9aa788d/go.mod h1:3Dn8ywd1MInft7FIPMBcLOvVWgAhiLFCwsNxCTc9QhM= -go.podman.io/image/v5 v5.39.3-0.20260428163628-e3b0c9aa788d h1:mm8baBK0FvElAxfI6Z9knY0PcnjX4wVvlI+/H4lg1kI= -go.podman.io/image/v5 v5.39.3-0.20260428163628-e3b0c9aa788d/go.mod h1:c1ged4R93jqNgA1E1Quywv65YAZvPZm4bOEqFMOi1OE= -go.podman.io/storage v1.62.1-0.20260428163628-e3b0c9aa788d h1:V1Tk7mksAafNAjdDEdJ8IFKkKceYoWXDuOqO5RJw/OI= -go.podman.io/storage v1.62.1-0.20260428163628-e3b0c9aa788d/go.mod h1:13aOBf6782/fbAzH7QNEqlVzFu+X4sS4MxDM/VdJGZU= +go.podman.io/common v0.67.2-0.20260430110239-06cbc5da36f1 h1:RLBHWyNtJhiD5ZucydAh7zWXOxqX2+MTXVwt45OVkME= +go.podman.io/common v0.67.2-0.20260430110239-06cbc5da36f1/go.mod h1:GLtgL6CqdqGKSXMvWJZ04WwlQczIJeyk4WRJntzox/c= +go.podman.io/image/v5 v5.39.3-0.20260430110239-06cbc5da36f1 h1:CvxUIObaQSc5YyUupNWbXVN+THr2lDih40mRDa0iUmo= +go.podman.io/image/v5 v5.39.3-0.20260430110239-06cbc5da36f1/go.mod h1:c1ged4R93jqNgA1E1Quywv65YAZvPZm4bOEqFMOi1OE= +go.podman.io/storage v1.62.1-0.20260430110239-06cbc5da36f1 h1:3t6B2voX4pRA3UF20UDkGYRdw3m+xpvC0JUNB0VnpnM= +go.podman.io/storage v1.62.1-0.20260430110239-06cbc5da36f1/go.mod h1:13aOBf6782/fbAzH7QNEqlVzFu+X4sS4MxDM/VdJGZU= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= diff --git a/vendor/go.podman.io/common/libnetwork/internal/util/validate.go b/vendor/go.podman.io/common/libnetwork/internal/util/validate.go index 011a101ac6..adf04dd726 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/util/validate.go +++ b/vendor/go.podman.io/common/libnetwork/internal/util/validate.go @@ -4,8 +4,6 @@ import ( "errors" "fmt" "net" - "strings" - "unicode" "go.podman.io/common/libnetwork/types" "go.podman.io/common/libnetwork/util" @@ -98,43 +96,6 @@ func ValidateSubnets(network *types.Network, addGateway bool, usedNetworks []*ne return nil } -func ValidateRoutes(routes []types.Route) error { - for _, route := range routes { - err := ValidateRoute(route) - if err != nil { - return err - } - } - return nil -} - -func ValidateRoute(route types.Route) error { - if route.Destination.IP == nil { - return errors.New("route destination ip nil") - } - - if route.Destination.Mask == nil { - return errors.New("route destination mask nil") - } - - if route.Gateway == nil { - return errors.New("route gateway nil") - } - - // Reparse to ensure destination is valid. - ip, ipNet, err := net.ParseCIDR(route.Destination.String()) - if err != nil { - return fmt.Errorf("route destination invalid: %w", err) - } - - // check that destination is a network and not an address - if !ip.Equal(ipNet.IP) { - return errors.New("route destination invalid") - } - - return nil -} - func ValidateSetupOptions(n NetUtil, namespacePath string, options types.SetupOptions) error { if namespacePath == "" { return errors.New("namespacePath is empty") @@ -176,23 +137,3 @@ func validatePerNetworkOpts(network *types.Network, netOpts *types.PerNetworkOpt } return nil } - -// ValidateInterfaceName validates the interface name based on the following rules: -// 1. The name must be less than MaxInterfaceNameLength characters -// 2. The name must not be "." or ".." -// 3. The name must not contain / or : or any whitespace characters -// ref to https://github.com/torvalds/linux/blob/81e4f8d68c66da301bb881862735bd74c6241a19/include/uapi/linux/if.h#L33C18-L33C20 -func ValidateInterfaceName(ifName string) error { - if len(ifName) > types.MaxInterfaceNameLength { - return fmt.Errorf("interface name is too long: interface names must be %d characters or less: %w", types.MaxInterfaceNameLength, types.ErrInvalidArg) - } - if ifName == "." || ifName == ".." { - return fmt.Errorf("interface name is . or ..: %w", types.ErrInvalidArg) - } - if strings.ContainsFunc(ifName, func(r rune) bool { - return r == '/' || r == ':' || unicode.IsSpace(r) - }) { - return fmt.Errorf("interface name contains / or : or whitespace characters: %w", types.ErrInvalidArg) - } - return nil -} diff --git a/vendor/go.podman.io/common/libnetwork/types/network.go b/vendor/go.podman.io/common/libnetwork/types/network.go index 1878bea6b4..11ba341355 100644 --- a/vendor/go.podman.io/common/libnetwork/types/network.go +++ b/vendor/go.podman.io/common/libnetwork/types/network.go @@ -201,15 +201,31 @@ type Subnet struct { LeaseRange *LeaseRange `json:"lease_range,omitempty"` } +// RouteType represents the type of a route. +type RouteType string + +const ( + // RouteTypeUnicast is a regular route with a gateway (default). + RouteTypeUnicast RouteType = "unicast" + // RouteTypeBlackhole silently discards packets. + RouteTypeBlackhole RouteType = "blackhole" + // RouteTypeUnreachable rejects with "destination unreachable". + RouteTypeUnreachable RouteType = "unreachable" + // RouteTypeProhibit rejects with "administratively prohibited". + RouteTypeProhibit RouteType = "prohibit" +) + type Route struct { // Destination for this route in CIDR form. // swagger:strfmt string Destination IPNet `json:"destination"` - // Gateway IP for this route. + // Gateway IP for this route. Required for unicast routes, must be empty for blackhole/unreachable/prohibit. // swagger:strfmt string - Gateway net.IP `json:"gateway"` + Gateway net.IP `json:"gateway,omitempty"` // Metric for this route. Optional. Metric *uint32 `json:"metric,omitempty"` + // RouteType is the type of route: unicast (default), blackhole, unreachable, prohibit. + RouteType RouteType `json:"route_type,omitempty"` } // LeaseRange contains the range where IP are leased. diff --git a/vendor/go.podman.io/common/pkg/config/containers.conf b/vendor/go.podman.io/common/pkg/config/containers.conf index 49fd38390b..9a6f38bfd2 100644 --- a/vendor/go.podman.io/common/pkg/config/containers.conf +++ b/vendor/go.podman.io/common/pkg/config/containers.conf @@ -936,9 +936,9 @@ default_sysctls = [ #provider = "" # Rosetta supports running x86_64 Linux binaries on a Podman machine on Apple silicon. -# The default value is `true`. Supported on AppleHV(arm64) machines only. +# The default value is `false`. Supported on AppleHV(arm64) machines only. # -#rosetta=true +#rosetta=false # Import the host's trusted CA certificates into the machine. # When set to true, the certificates from the host system are imported during machine startup. diff --git a/vendor/go.podman.io/common/pkg/config/default.go b/vendor/go.podman.io/common/pkg/config/default.go index 7ea362f6bc..a567bdc111 100644 --- a/vendor/go.podman.io/common/pkg/config/default.go +++ b/vendor/go.podman.io/common/pkg/config/default.go @@ -274,7 +274,7 @@ func defaultMachineConfig() MachineConfig { Memory: 2048, User: getDefaultMachineUser(), Volumes: configfile.NewSlice(getDefaultMachineVolumes()), - Rosetta: true, + Rosetta: false, } } diff --git a/vendor/go.podman.io/common/pkg/netns/netns_linux.go b/vendor/go.podman.io/common/pkg/netns/netns_linux.go index c2ee879d62..5e36ec7213 100644 --- a/vendor/go.podman.io/common/pkg/netns/netns_linux.go +++ b/vendor/go.podman.io/common/pkg/netns/netns_linux.go @@ -249,7 +249,7 @@ func (ns *netNS) Do(toRun func(NetNS) error) error { // GetNSRunDir returns the dir of where to create the netNS. When running // rootless, it needs to be at a location writable by user. func GetNSRunDir() (string, error) { - if unshare.IsRootless() { + if unshare.GetRootlessUID() > 0 { rootlessDir, err := homedir.GetRuntimeDir() if err != nil { return "", err diff --git a/vendor/go.podman.io/image/v5/docker/docker_client.go b/vendor/go.podman.io/image/v5/docker/docker_client.go index 4b5f41a4f2..9677aa316e 100644 --- a/vendor/go.podman.io/image/v5/docker/docker_client.go +++ b/vendor/go.podman.io/image/v5/docker/docker_client.go @@ -33,8 +33,9 @@ import ( "go.podman.io/image/v5/pkg/sysregistriesv2" "go.podman.io/image/v5/pkg/tlsclientconfig" "go.podman.io/image/v5/types" + "go.podman.io/storage/pkg/configfile" "go.podman.io/storage/pkg/fileutils" - "go.podman.io/storage/pkg/homedir" + "go.podman.io/storage/pkg/unshare" "golang.org/x/sync/semaphore" ) @@ -60,19 +61,6 @@ const ( backoffMaxDelay = 60 * time.Second ) -type certPath struct { - path string - absolute bool -} - -var ( - homeCertDir = filepath.FromSlash(".config/containers/certs.d") - perHostCertDirs = []certPath{ - {path: etcDir + "/containers/certs.d", absolute: true}, - {path: etcDir + "/docker/certs.d", absolute: true}, - } -) - // extensionSignature and extensionSignatureList come from github.com/openshift/origin/pkg/dockerregistry/server/signaturedispatcher.go: // signature represents a Docker image signature. type extensionSignature struct { @@ -167,22 +155,35 @@ func dockerCertDir(sys *types.SystemContext, hostPort string) (string, error) { return filepath.Join(sys.DockerPerHostCertDirPath, hostPort), nil } - var ( - hostCertDir string - fullCertDirPath string - ) + rootForImplicitAbsolutePaths := "" + if sys != nil { + rootForImplicitAbsolutePaths = sys.RootForImplicitAbsolutePaths + } - for _, perHostCertDir := range append([]certPath{{path: filepath.Join(homedir.Get(), homeCertDir), absolute: false}}, perHostCertDirs...) { - if sys != nil && sys.RootForImplicitAbsolutePaths != "" && perHostCertDir.absolute { - hostCertDir = filepath.Join(sys.RootForImplicitAbsolutePaths, perHostCertDir.path) - } else { - hostCertDir = perHostCertDir.path - } + paths, err := configfile.GetSearchPaths(&configfile.File{ + Name: "certs", + Extension: "d", + DoNotUseExtensionForConfigName: true, + UserId: unshare.GetRootlessUID(), + RootForImplicitAbsolutePaths: rootForImplicitAbsolutePaths, + }) + if err != nil { + return "", err + } - fullCertDirPath = filepath.Join(hostCertDir, hostPort) - err := fileutils.Exists(fullCertDirPath) + candidates := make([]string, 0, len(paths.DropInDirectories)+1) + candidates = append(candidates, paths.DropInDirectories...) + perHostCertDir := etcDir + "/docker/certs.d" + if rootForImplicitAbsolutePaths != "" { + perHostCertDir = filepath.Join(rootForImplicitAbsolutePaths, perHostCertDir) + } + candidates = append(candidates, perHostCertDir) + + for _, baseDir := range candidates { + fullCertDirPath := filepath.Join(baseDir, hostPort) + err = fileutils.Exists(fullCertDirPath) if err == nil { - break + return fullCertDirPath, nil } if os.IsNotExist(err) { continue @@ -193,7 +194,7 @@ func dockerCertDir(sys *types.SystemContext, hostPort string) (string, error) { } return "", err } - return fullCertDirPath, nil + return "", nil } // newDockerClientFromRef returns a new dockerClient instance for refHostname (a host a specified in the Docker image reference, not canonicalized to dockerRegistry) @@ -263,8 +264,10 @@ func newDockerClient(sys *types.SystemContext, registry, reference string) (*doc if err != nil { return nil, err } - if err := tlsclientconfig.SetupCertificates(certDir, tlsClientConfig); err != nil { - return nil, err + if certDir != "" { + if err := tlsclientconfig.SetupCertificates(certDir, tlsClientConfig); err != nil { + return nil, err + } } // Check if TLS verification shall be skipped (default=false) which can diff --git a/vendor/go.podman.io/image/v5/docker/registries_d.go b/vendor/go.podman.io/image/v5/docker/registries_d.go index 53bbb53cb1..6fe612160b 100644 --- a/vendor/go.podman.io/image/v5/docker/registries_d.go +++ b/vendor/go.podman.io/image/v5/docker/registries_d.go @@ -3,42 +3,29 @@ package docker import ( "errors" "fmt" - "io/fs" + "io" "net/url" - "os" "path" "path/filepath" - "strings" "github.com/opencontainers/go-digest" "github.com/sirupsen/logrus" "go.podman.io/image/v5/docker/reference" "go.podman.io/image/v5/internal/rootless" "go.podman.io/image/v5/types" - "go.podman.io/storage/pkg/fileutils" + "go.podman.io/storage/pkg/configfile" "go.podman.io/storage/pkg/homedir" + "go.podman.io/storage/pkg/unshare" "gopkg.in/yaml.v3" ) -// systemRegistriesDirPath is the path to registries.d, used for locating lookaside Docker signature storage. -// You can override this at build time with -// -ldflags '-X go.podman.io/image/v5/docker.systemRegistriesDirPath=$your_path' -var systemRegistriesDirPath = builtinRegistriesDirPath - -// builtinRegistriesDirPath is the path to registries.d. -// DO NOT change this, instead see systemRegistriesDirPath above. -const builtinRegistriesDirPath = etcDir + "/containers/registries.d" - -// userRegistriesDirPath is the path to the per user registries.d. -var userRegistriesDir = filepath.FromSlash(".config/containers/registries.d") - // defaultUserDockerDir is the default lookaside directory for unprivileged user var defaultUserDockerDir = filepath.FromSlash(".local/share/containers/sigstore") // defaultDockerDir is the default lookaside directory for root var defaultDockerDir = "/var/lib/containers/sigstore" -// registryConfiguration is one of the files in registriesDirPath configuring lookaside locations, or the result of merging them all. +// registryConfiguration is one of the files configuring lookaside locations, or the result of merging them all. // NOTE: Keep this in sync with docs/registries.d.md! type registryConfiguration struct { DefaultDocker *registryNamespace `yaml:"default-docker"` @@ -78,91 +65,56 @@ func SignatureStorageBaseURL(sys *types.SystemContext, ref types.ImageReference, // loadRegistryConfiguration returns a registryConfiguration appropriate for sys. func loadRegistryConfiguration(sys *types.SystemContext) (*registryConfiguration, error) { - dirPath := registriesDirPath(sys) - logrus.Debugf(`Using registries.d directory %s`, dirPath) - return loadAndMergeConfig(dirPath) -} - -// registriesDirPath returns a path to registries.d -func registriesDirPath(sys *types.SystemContext) string { - return registriesDirPathWithHomeDir(sys, homedir.Get()) -} - -// registriesDirPathWithHomeDir is an internal implementation detail of registriesDirPath, -// it exists only to allow testing it with an artificial home directory. -func registriesDirPathWithHomeDir(sys *types.SystemContext, homeDir string) string { - if sys != nil && sys.RegistriesDirPath != "" { - return sys.RegistriesDirPath + registriesFiles := configfile.File{ + Name: "registries", + Extension: "yaml", + DoNotLoadMainFiles: true, + DoNotUseExtensionForConfigName: true, + UserId: unshare.GetRootlessUID(), + ErrorIfNotFound: false, } - userRegistriesDirPath := filepath.Join(homeDir, userRegistriesDir) - if err := fileutils.Exists(userRegistriesDirPath); err == nil { - return userRegistriesDirPath + if sys != nil { + registriesFiles.RootForImplicitAbsolutePaths = sys.RootForImplicitAbsolutePaths + if sys.RegistriesDirPath != "" { + registriesFiles.CustomConfigFileDropInDirectory = sys.RegistriesDirPath + logrus.Debugf(`Using registries.d directory %s`, registriesFiles.CustomConfigFileDropInDirectory) + } } - if sys != nil && sys.RootForImplicitAbsolutePaths != "" { - return filepath.Join(sys.RootForImplicitAbsolutePaths, systemRegistriesDirPath) - } - - return systemRegistriesDirPath -} - -// loadAndMergeConfig loads configuration files in dirPath -// FIXME: Probably rename to loadRegistryConfigurationForPath -func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) { mergedConfig := registryConfiguration{Docker: map[string]registryNamespace{}} dockerDefaultMergedFrom := "" nsMergedFrom := map[string]string{} - - dir, err := os.Open(dirPath) - if err != nil { - if os.IsNotExist(err) { - return &mergedConfig, nil - } - return nil, err - } - configNames, err := dir.Readdirnames(0) - if err != nil { - return nil, err - } - for _, configName := range configNames { - if !strings.HasSuffix(configName, ".yaml") { - continue - } - configPath := filepath.Join(dirPath, configName) - configBytes, err := os.ReadFile(configPath) + for item, err := range configfile.Read(®istriesFiles) { if err != nil { - if errors.Is(err, fs.ErrNotExist) { - // file must have been removed between the directory listing - // and the open call, ignore that as it is a expected race - continue - } return nil, err } - - var config registryConfiguration - err = yaml.Unmarshal(configBytes, &config) + contents, err := io.ReadAll(item.Reader) if err != nil { - return nil, fmt.Errorf("parsing %s: %w", configPath, err) + return nil, err + } + logrus.Debugf(`Reading registries signature storage configuration from %q`, item.Name) + var config registryConfiguration + if err := yaml.Unmarshal(contents, &config); err != nil { + return nil, fmt.Errorf("parsing %s: %w", item.Name, err) } if config.DefaultDocker != nil { if mergedConfig.DefaultDocker != nil { return nil, fmt.Errorf(`Error parsing signature storage configuration: "default-docker" defined both in %q and %q`, - dockerDefaultMergedFrom, configPath) + dockerDefaultMergedFrom, item.Name) } mergedConfig.DefaultDocker = config.DefaultDocker - dockerDefaultMergedFrom = configPath + dockerDefaultMergedFrom = item.Name } - for nsName, nsConfig := range config.Docker { // includes config.Docker == nil + for nsName, nsConfig := range config.Docker { if _, ok := mergedConfig.Docker[nsName]; ok { return nil, fmt.Errorf(`Error parsing signature storage configuration: "docker" namespace %q defined both in %q and %q`, - nsName, nsMergedFrom[nsName], configPath) + nsName, nsMergedFrom[nsName], item.Name) } mergedConfig.Docker[nsName] = nsConfig - nsMergedFrom[nsName] = configPath + nsMergedFrom[nsName] = item.Name } } - return &mergedConfig, nil } diff --git a/vendor/go.podman.io/storage/check.go b/vendor/go.podman.io/storage/check.go index 0fc2c560ff..8187f9ab9c 100644 --- a/vendor/go.podman.io/storage/check.go +++ b/vendor/go.podman.io/storage/check.go @@ -833,6 +833,7 @@ func (s *store) Repair(report CheckReport, options *RepairOptions) []error { } if err = s.DeleteLayer(id); err != nil { err = fmt.Errorf("deleting layer %s: %w", id, err) + } else { logrus.Debugf("deleted layer %s", id) } } diff --git a/vendor/go.podman.io/storage/drivers/overlay/overlay.go b/vendor/go.podman.io/storage/drivers/overlay/overlay.go index 98f1be3d35..b12366852a 100644 --- a/vendor/go.podman.io/storage/drivers/overlay/overlay.go +++ b/vendor/go.podman.io/storage/drivers/overlay/overlay.go @@ -443,6 +443,11 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error) } } + // Clean up stale tempdirs early, before MakePrivate. + if err := tempdir.RecoverStaleDirs(filepath.Join(home, tempDirName)); err != nil { + return nil, fmt.Errorf("overlay: recover stale temp dirs: %w", err) + } + if !opts.skipMountHome { if err := mount.MakePrivate(home); err != nil { return nil, fmt.Errorf("overlay: failed to make mount private: %w", err) @@ -1392,7 +1397,7 @@ func (d *Driver) removeCommon(id string, cleanup func(string) error) error { if err == nil { linkPath := path.Join(d.home, linkDir, string(lid)) if err := cleanup(linkPath); err != nil { - logrus.Debugf("Failed to remove link: %v", err) + logrus.Warnf("Failed to remove link: %v", err) } } diff --git a/vendor/go.podman.io/storage/layers.go b/vendor/go.podman.io/storage/layers.go index a70a6f8ba2..1f556818e6 100644 --- a/vendor/go.podman.io/storage/layers.go +++ b/vendor/go.podman.io/storage/layers.go @@ -823,15 +823,18 @@ func (r *layerStore) GarbageCollect() error { } // Remove layer and any related data of unreferenced id + logrus.Debugf("removing driver layer %q", id) if err := r.driver.Remove(id); err != nil { - logrus.Debugf("removing driver layer %q", id) return err } - - logrus.Debugf("removing %q", r.tspath(id)) - os.Remove(r.tspath(id)) - logrus.Debugf("removing %q", r.datadir(id)) - os.RemoveAll(r.datadir(id)) + // Best-effort removal of orphaned metadata; the driver layer is + // already gone, so warn but don't fail the overall GC. + if err := os.Remove(r.tspath(id)); err != nil && !errors.Is(err, os.ErrNotExist) { + logrus.Warnf("Failed to remove tar-split file %q: %v", r.tspath(id), err) + } + if err := os.RemoveAll(r.datadir(id)); err != nil { + logrus.Warnf("Failed to remove data directory %q: %v", r.datadir(id), err) + } } // Clean up any orphaned tar-split or data files in the layer metadata @@ -2118,7 +2121,6 @@ func (r *layerStore) internalDelete(id string) ([]tempdir.CleanupTempDirFunc, er return cleanFunctions, err } - cleanFunctions = append(cleanFunctions, tempDirectory.Cleanup) if err := tempDirectory.StageDeletion(r.tspath(id)); err != nil && !errors.Is(err, os.ErrNotExist) { return cleanFunctions, err } diff --git a/vendor/go.podman.io/storage/pkg/configfile/parse.go b/vendor/go.podman.io/storage/pkg/configfile/parse.go index ad09f98fee..eb397dcd92 100644 --- a/vendor/go.podman.io/storage/pkg/configfile/parse.go +++ b/vendor/go.podman.io/storage/pkg/configfile/parse.go @@ -384,7 +384,7 @@ func readDropInsFromPaths(paths []string, suffix string) ([]string, error) { return nil, err } for _, entry := range entries { - if entry.Type().IsRegular() && strings.HasSuffix(entry.Name(), suffix) { + if !entry.IsDir() && strings.HasSuffix(entry.Name(), suffix) { dropInMap[entry.Name()] = filepath.Join(path, entry.Name()) } } diff --git a/vendor/go.podman.io/storage/pkg/mount/mount.go b/vendor/go.podman.io/storage/pkg/mount/mount.go index c9ec459526..8f20a0cabb 100644 --- a/vendor/go.podman.io/storage/pkg/mount/mount.go +++ b/vendor/go.podman.io/storage/pkg/mount/mount.go @@ -5,6 +5,8 @@ import ( "slices" "strconv" "strings" + + "github.com/sirupsen/logrus" ) // mountError holds an error from a mount or unmount operation @@ -89,17 +91,19 @@ func RecursiveUnmount(target string) error { return -cmp.Compare(len(a.Mountpoint), len(b.Mountpoint)) }) - for i, m := range mounts { + var lastErr error + for _, m := range mounts { if !strings.HasPrefix(m.Mountpoint, target) { continue } - if err := Unmount(m.Mountpoint); err != nil && i == len(mounts)-1 { - return err + if err := Unmount(m.Mountpoint); err != nil { // Ignore errors for submounts and continue trying to unmount others // The final unmount should fail if there are any submounts remaining + logrus.Warnf("Failed to unmount %s: %v", m.Mountpoint, err) + lastErr = err } } - return nil + return lastErr } // ForceUnmount lazily unmounts a filesystem on supported platforms, diff --git a/vendor/go.podman.io/storage/pkg/system/rm.go b/vendor/go.podman.io/storage/pkg/system/rm.go index c151c1449e..8ab7ed2632 100644 --- a/vendor/go.podman.io/storage/pkg/system/rm.go +++ b/vendor/go.podman.io/storage/pkg/system/rm.go @@ -36,9 +36,10 @@ func EnsureRemoveAll(dir string) error { return nil } - // Attempt to unmount anything beneath this dir first + // Best-effort: if unmounting fails, the RemoveAll loop below may + // still succeed (or will surface its own, more specific error). if err := mount.RecursiveUnmount(dir); err != nil { - logrus.Debugf("RecursiveUnmount on %s failed: %v", dir, err) + logrus.Warnf("RecursiveUnmount on %s failed: %v", dir, err) } for { diff --git a/vendor/go.podman.io/storage/store.go b/vendor/go.podman.io/storage/store.go index 5eeff65534..36ffbafe49 100644 --- a/vendor/go.podman.io/storage/store.go +++ b/vendor/go.podman.io/storage/store.go @@ -2668,7 +2668,7 @@ func (s *store) DeleteLayer(id string) (retErr error) { }() return s.writeToAllStores(func(rlstore rwLayerStore) error { if rlstore.Exists(id) { - if l, err := rlstore.Get(id); err != nil { + if l, err := rlstore.Get(id); err == nil { id = l.ID } layers, err := rlstore.Layers() diff --git a/vendor/modules.txt b/vendor/modules.txt index 8e636be5dc..975ee199f5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -736,7 +736,7 @@ go.podman.io/buildah/pkg/sshagent go.podman.io/buildah/pkg/util go.podman.io/buildah/pkg/volumes go.podman.io/buildah/util -# go.podman.io/common v0.67.2-0.20260428163628-e3b0c9aa788d +# go.podman.io/common v0.67.2-0.20260430110239-06cbc5da36f1 ## explicit; go 1.25.6 go.podman.io/common/internal go.podman.io/common/libimage @@ -802,7 +802,7 @@ go.podman.io/common/pkg/umask go.podman.io/common/pkg/util go.podman.io/common/pkg/version go.podman.io/common/version -# go.podman.io/image/v5 v5.39.3-0.20260428163628-e3b0c9aa788d +# go.podman.io/image/v5 v5.39.3-0.20260430110239-06cbc5da36f1 ## explicit; go 1.25.6 go.podman.io/image/v5/copy go.podman.io/image/v5/directory @@ -879,7 +879,7 @@ go.podman.io/image/v5/transports go.podman.io/image/v5/transports/alltransports go.podman.io/image/v5/types go.podman.io/image/v5/version -# go.podman.io/storage v1.62.1-0.20260428163628-e3b0c9aa788d +# go.podman.io/storage v1.62.1-0.20260430110239-06cbc5da36f1 ## explicit; go 1.25.0 go.podman.io/storage go.podman.io/storage/drivers