diff --git a/.gitignore b/.gitignore index b92348a..bbcc536 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -SOURCES/v1.9.3.tar.gz +SOURCES/podman-f5c9237.tar.gz +SOURCES/v0.1.5.tar.gz diff --git a/.podman.metadata b/.podman.metadata index 7daa754..01d8879 100644 --- a/.podman.metadata +++ b/.podman.metadata @@ -1 +1,2 @@ -3468c4e070020b68bbb85f9f249fc24673fd5f8a SOURCES/v1.9.3.tar.gz +55d55be1537d5b9b77aaae5c0526665fa0fc477f SOURCES/podman-f5c9237.tar.gz +4502491739693bd1b1d108d9af545f69a3bd424b SOURCES/v0.1.5.tar.gz diff --git a/SOURCES/podman-1829061.patch b/SOURCES/podman-1829061.patch deleted file mode 100644 index 41a0e86..0000000 --- a/SOURCES/podman-1829061.patch +++ /dev/null @@ -1,3631 +0,0 @@ -From bbc4a3aa4965d6f80d8dcbf4c098e3aadecce21d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= -Date: Fri, 29 May 2020 00:43:03 +0200 -Subject: [PATCH] Update to containers/image 5.4.4 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... primarily for https://github.com/containers/image/pull/912 - -Note that this drags in several other updates, notably c/storage. -See vendor/modules.txt for the full details. - -> go get github.com/containers/image/v5@v5.4.4 -> make vendor - -Signed-off-by: Miloslav Trmač ---- - go.mod | 10 +- - go.sum | 16 +++ - .../containers/image/v5/copy/copy.go | 11 +- - .../image/v5/docker/docker_client.go | 6 + - .../image/v5/docker/docker_image.go | 4 +- - .../image/v5/docker/docker_image_dest.go | 53 +++++--- - .../image/v5/docker/docker_image_src.go | 39 +++--- - .../internal/pkg/platform/platform_matcher.go | 91 +++++++------- - .../v5/internal/uploadreader/upload_reader.go | 61 +++++++++ - .../containers/image/v5/manifest/common.go | 118 +++++++++++++++++ - .../image/v5/manifest/docker_schema2.go | 97 +++----------- - .../image/v5/manifest/docker_schema2_list.go | 2 +- - .../containers/image/v5/manifest/list.go | 24 ---- - .../containers/image/v5/manifest/manifest.go | 10 -- - .../containers/image/v5/manifest/oci.go | 106 +++------------- - .../containers/image/v5/manifest/oci_index.go | 5 +- - .../containers/image/v5/version/version.go | 2 +- - .../github.com/containers/storage/.cirrus.yml | 6 +- - vendor/github.com/containers/storage/Makefile | 23 ++-- - vendor/github.com/containers/storage/VERSION | 2 +- - .../containers/storage/containers.go | 14 ++- - .../storage/drivers/overlay/overlay.go | 9 ++ - .../containers/storage/drivers/zfs/zfs.go | 23 +++- - vendor/github.com/containers/storage/go.mod | 4 +- - vendor/github.com/containers/storage/go.sum | 45 +------ - .../github.com/containers/storage/layers.go | 3 + - .../containers/storage/pkg/archive/archive.go | 4 +- - .../storage/pkg/lockfile/lockfile.go | 6 + - vendor/github.com/containers/storage/store.go | 7 +- - .../klauspost/compress/flate/deflate.go | 18 +-- - .../klauspost/compress/flate/inflate.go | 17 +-- - .../github.com/klauspost/compress/fse/fse.go | 37 +++--- - .../klauspost/compress/huff0/huff0.go | 13 +- - .../klauspost/compress/zstd/blockdec.go | 39 ++++-- - .../klauspost/compress/zstd/decoder.go | 7 +- - .../klauspost/compress/zstd/enc_better.go | 5 +- - .../klauspost/compress/zstd/enc_dfast.go | 10 +- - .../klauspost/compress/zstd/enc_fast.go | 7 +- - .../klauspost/compress/zstd/enc_params.go | 3 + - .../klauspost/compress/zstd/encoder.go | 47 +++++-- - .../compress/zstd/encoder_options.go | 32 +++-- - .../klauspost/compress/zstd/framedec.go | 32 +++-- - .../go-windows-terminal-sequences/README.md | 1 + - .../sequences.go | 3 +- - .../github.com/sirupsen/logrus/CHANGELOG.md | 27 +++- - .../github.com/sirupsen/logrus/appveyor.yml | 28 ++--- - vendor/github.com/sirupsen/logrus/entry.go | 2 - - vendor/github.com/sirupsen/logrus/go.mod | 2 +- - vendor/github.com/sirupsen/logrus/go.sum | 2 + - .../sirupsen/logrus/text_formatter.go | 8 ++ - vendor/github.com/vbauerster/mpb/v5/bar.go | 12 +- - .../vbauerster/mpb/v5/bar_filler.go | 4 +- - vendor/github.com/vbauerster/mpb/v5/go.mod | 4 +- - vendor/github.com/vbauerster/mpb/v5/go.sum | 8 +- - .../vbauerster/mpb/v5/internal/percentage.go | 3 + - .../x/crypto/chacha20/chacha_generic.go | 119 +++++++++--------- - vendor/golang.org/x/crypto/chacha20/xor.go | 17 +-- - .../golang.org/x/crypto/poly1305/mac_noasm.go | 2 - - .../golang.org/x/crypto/poly1305/poly1305.go | 22 ++-- - .../golang.org/x/crypto/poly1305/sum_amd64.go | 11 -- - .../x/crypto/poly1305/sum_generic.go | 18 +-- - .../golang.org/x/crypto/poly1305/sum_noasm.go | 11 +- - .../x/crypto/poly1305/sum_ppc64le.go | 11 -- - vendor/golang.org/x/crypto/ssh/cipher.go | 2 +- - .../x/crypto/ssh/terminal/terminal.go | 8 ++ - vendor/golang.org/x/sys/unix/README.md | 4 +- - vendor/golang.org/x/sys/unix/mkerrors.sh | 1 + - vendor/golang.org/x/sys/unix/zerrors_linux.go | 21 +++- - .../x/sys/unix/zsysnum_linux_386.go | 2 + - .../x/sys/unix/zsysnum_linux_amd64.go | 2 + - .../x/sys/unix/zsysnum_linux_arm.go | 2 + - .../x/sys/unix/zsysnum_linux_arm64.go | 2 + - .../x/sys/unix/zsysnum_linux_mips.go | 2 + - .../x/sys/unix/zsysnum_linux_mips64.go | 2 + - .../x/sys/unix/zsysnum_linux_mips64le.go | 2 + - .../x/sys/unix/zsysnum_linux_mipsle.go | 2 + - .../x/sys/unix/zsysnum_linux_ppc64.go | 2 + - .../x/sys/unix/zsysnum_linux_ppc64le.go | 2 + - .../x/sys/unix/zsysnum_linux_riscv64.go | 2 + - .../x/sys/unix/zsysnum_linux_s390x.go | 2 + - .../x/sys/unix/zsysnum_linux_sparc64.go | 2 + - vendor/golang.org/x/sys/unix/ztypes_linux.go | 34 ++++- - .../golang.org/x/sys/unix/ztypes_linux_386.go | 1 + - .../x/sys/unix/ztypes_linux_amd64.go | 1 + - .../golang.org/x/sys/unix/ztypes_linux_arm.go | 1 + - .../x/sys/unix/ztypes_linux_arm64.go | 1 + - .../x/sys/unix/ztypes_linux_mips.go | 1 + - .../x/sys/unix/ztypes_linux_mips64.go | 1 + - .../x/sys/unix/ztypes_linux_mips64le.go | 1 + - .../x/sys/unix/ztypes_linux_mipsle.go | 1 + - .../x/sys/unix/ztypes_linux_ppc64.go | 1 + - .../x/sys/unix/ztypes_linux_ppc64le.go | 1 + - .../x/sys/unix/ztypes_linux_riscv64.go | 1 + - .../x/sys/unix/ztypes_linux_s390x.go | 1 + - .../x/sys/unix/ztypes_linux_sparc64.go | 1 + - vendor/modules.txt | 17 +-- - 96 files changed, 877 insertions(+), 632 deletions(-) - create mode 100644 vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go - create mode 100644 vendor/github.com/containers/image/v5/manifest/common.go - -diff --git a/go.mod b/go.mod -index 6803834dc2..907e6389c5 100644 ---- a/go.mod -+++ b/go.mod -@@ -12,9 +12,9 @@ require ( - github.com/containers/buildah v1.14.9 - github.com/containers/common v0.8.4 - github.com/containers/conmon v2.0.14+incompatible -- github.com/containers/image/v5 v5.4.3 -+ github.com/containers/image/v5 v5.4.4 - github.com/containers/psgo v1.4.0 -- github.com/containers/storage v1.18.2 -+ github.com/containers/storage v1.19.1 - github.com/coreos/go-systemd/v22 v22.0.0 - github.com/cri-o/ocicni v0.1.1-0.20190920040751-deac903fd99b - github.com/cyphar/filepath-securejoin v0.2.2 -@@ -48,7 +48,7 @@ require ( - github.com/pmezard/go-difflib v1.0.0 - github.com/rootless-containers/rootlesskit v0.9.3 - github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f -- github.com/sirupsen/logrus v1.5.0 -+ github.com/sirupsen/logrus v1.6.0 - github.com/spf13/cobra v0.0.7 - github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.5.1 -@@ -58,10 +58,10 @@ require ( - github.com/varlink/go v0.0.0-20190502142041-0f1d566d194b - github.com/vishvananda/netlink v1.1.0 - go.etcd.io/bbolt v1.3.4 -- golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 -+ golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 - golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e - golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a -- golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 -+ golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f - gopkg.in/yaml.v2 v2.2.8 - k8s.io/api v0.17.4 - k8s.io/apimachinery v0.17.4 -diff --git a/go.sum b/go.sum -index a47016188a..bfa1501236 100644 ---- a/go.sum -+++ b/go.sum -@@ -71,6 +71,8 @@ github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROa - github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= - github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs= - github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U= -+github.com/containers/image/v5 v5.4.4 h1:JSanNn3v/BMd3o0MEvO4R4OKNuoJUSzVGQAI1+0FMXE= -+github.com/containers/image/v5 v5.4.4/go.mod h1:g7cxNXitiLi6pEr9/L9n/0wfazRuhDKXU15kV86N8h8= - github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= - github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= - github.com/containers/ocicrypt v1.0.2 h1:Q0/IPs8ohfbXNxEfyJ2pFVmvJu5BhqJUAmc6ES9NKbo= -@@ -79,6 +81,8 @@ github.com/containers/psgo v1.4.0 h1:D8B4fZCCZhYgc8hDyMPCiShOinmOB1TP1qe46sSC19k - github.com/containers/psgo v1.4.0/go.mod h1:ENXXLQ5E1At4K0EUsGogXBJi/C28gwqkONWeLPI9fJ8= - github.com/containers/storage v1.18.2 h1:4cgFbrrgr9nR9xCeOmfpyxk1MtXYZGr7XGPJfAVkGmc= - github.com/containers/storage v1.18.2/go.mod h1:WTBMf+a9ZZ/LbmEVeLHH2TX4CikWbO1Bt+/m58ZHVPg= -+github.com/containers/storage v1.19.1 h1:YKIzOO12iaD5Ra0PKFS6emcygbHLmwmQOCQRU/19YAQ= -+github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ= - github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= - github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= - github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38= -@@ -248,11 +252,15 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL - github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= - github.com/klauspost/compress v1.10.3 h1:OP96hzwJVBIHYU52pVTI6CczrxPvrGfgqF9N5eTO0Q8= - github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -+github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc= -+github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= - github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw= - github.com/klauspost/pgzip v1.2.3/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= - github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= - github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= - github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -+github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= -+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= - github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= - github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= - github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -@@ -396,6 +404,8 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB - github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= - github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q= - github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo= -+github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= -+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= - github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= - github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= - github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= -@@ -445,6 +455,8 @@ github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02 - github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= - github.com/vbauerster/mpb/v5 v5.0.3 h1:Ldt/azOkbThTk2loi6FrBd/3fhxGFQ24MxFAS88PoNY= - github.com/vbauerster/mpb/v5 v5.0.3/go.mod h1:h3YxU5CSr8rZP4Q3xZPVB3jJLhWPou63lHEdr9ytH4Y= -+github.com/vbauerster/mpb/v5 v5.0.4 h1:w7l/tJfHmtIOKZkU+bhbDZOUxj1kln9jy4DUOp3Tl14= -+github.com/vbauerster/mpb/v5 v5.0.4/go.mod h1:fvzasBUyuo35UyuA6sSOlVhpLoNQsp2nBdHw7OiSUU8= - github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= - github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= - github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= -@@ -481,6 +493,8 @@ golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPh - golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= - golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -+golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU= -+golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= - golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= - golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -@@ -551,6 +565,8 @@ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE= - golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8= -+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -diff --git a/vendor/github.com/containers/image/v5/copy/copy.go b/vendor/github.com/containers/image/v5/copy/copy.go -index e8610254cf..9fc0e5123b 100644 ---- a/vendor/github.com/containers/image/v5/copy/copy.go -+++ b/vendor/github.com/containers/image/v5/copy/copy.go -@@ -798,7 +798,6 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { - - // copyGroup is used to determine if all layers are copied - copyGroup := sync.WaitGroup{} -- copyGroup.Add(numLayers) - - // copySemaphore is used to limit the number of parallel downloads to - // avoid malicious images causing troubles and to be nice to servers. -@@ -850,18 +849,22 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { - - if err := func() error { // A scope for defer - progressPool, progressCleanup := ic.c.newProgressPool(ctx) -- defer progressCleanup() -+ defer func() { -+ // Wait for all layers to be copied. progressCleanup() must not be called while any of the copyLayerHelpers interact with the progressPool. -+ copyGroup.Wait() -+ progressCleanup() -+ }() - - for i, srcLayer := range srcInfos { - err = copySemaphore.Acquire(ctx, 1) - if err != nil { - return errors.Wrapf(err, "Can't acquire semaphore") - } -+ copyGroup.Add(1) - go copyLayerHelper(i, srcLayer, encLayerBitmap[i], progressPool) - } - -- // Wait for all layers to be copied -- copyGroup.Wait() -+ // A call to copyGroup.Wait() is done at this point by the defer above. - return nil - }(); err != nil { - return err -diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go -index c5c49b90b3..9461bc91ad 100644 ---- a/vendor/github.com/containers/image/v5/docker/docker_client.go -+++ b/vendor/github.com/containers/image/v5/docker/docker_client.go -@@ -613,6 +613,9 @@ func (c *dockerClient) getBearerTokenOAuth2(ctx context.Context, challenge chall - params.Add("client_id", "containers/image") - - authReq.Body = ioutil.NopCloser(bytes.NewBufferString(params.Encode())) -+ if c.sys != nil && c.sys.DockerRegistryUserAgent != "" { -+ authReq.Header.Add("User-Agent", c.sys.DockerRegistryUserAgent) -+ } - authReq.Header.Add("Content-Type", "application/x-www-form-urlencoded") - logrus.Debugf("%s %s", authReq.Method, authReq.URL.String()) - res, err := c.client.Do(authReq) -@@ -665,6 +668,9 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge, - if c.auth.Username != "" && c.auth.Password != "" { - authReq.SetBasicAuth(c.auth.Username, c.auth.Password) - } -+ if c.sys != nil && c.sys.DockerRegistryUserAgent != "" { -+ authReq.Header.Add("User-Agent", c.sys.DockerRegistryUserAgent) -+ } - - logrus.Debugf("%s %s", authReq.Method, authReq.URL.String()) - res, err := c.client.Do(authReq) -diff --git a/vendor/github.com/containers/image/v5/docker/docker_image.go b/vendor/github.com/containers/image/v5/docker/docker_image.go -index 483581dbcc..479effa593 100644 ---- a/vendor/github.com/containers/image/v5/docker/docker_image.go -+++ b/vendor/github.com/containers/image/v5/docker/docker_image.go -@@ -37,7 +37,7 @@ func newImage(ctx context.Context, sys *types.SystemContext, ref dockerReference - - // SourceRefFullName returns a fully expanded name for the repository this image is in. - func (i *Image) SourceRefFullName() string { -- return i.src.ref.ref.Name() -+ return i.src.logicalRef.ref.Name() - } - - // GetRepositoryTags list all tags available in the repository. The tag -@@ -45,7 +45,7 @@ func (i *Image) SourceRefFullName() string { - // backward-compatible shim method which calls the module-level - // GetRepositoryTags) - func (i *Image) GetRepositoryTags(ctx context.Context) ([]string, error) { -- return GetRepositoryTags(ctx, i.src.c.sys, i.src.ref) -+ return GetRepositoryTags(ctx, i.src.c.sys, i.src.logicalRef) - } - - // GetRepositoryTags list all tags available in the repository. The tag -diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go -index ab74e1607d..979100ee38 100644 ---- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go -+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go -@@ -16,6 +16,7 @@ import ( - - "github.com/containers/image/v5/docker/reference" - "github.com/containers/image/v5/internal/iolimits" -+ "github.com/containers/image/v5/internal/uploadreader" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/blobinfocache/none" - "github.com/containers/image/v5/types" -@@ -162,20 +163,31 @@ func (d *dockerImageDestination) PutBlob(ctx context.Context, stream io.Reader, - - digester := digest.Canonical.Digester() - sizeCounter := &sizeCounter{} -- tee := io.TeeReader(stream, io.MultiWriter(digester.Hash(), sizeCounter)) -- res, err = d.c.makeRequestToResolvedURL(ctx, "PATCH", uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, tee, inputInfo.Size, v2Auth, nil) -+ uploadLocation, err = func() (*url.URL, error) { // A scope for defer -+ uploadReader := uploadreader.NewUploadReader(io.TeeReader(stream, io.MultiWriter(digester.Hash(), sizeCounter))) -+ // This error text should never be user-visible, we terminate only after makeRequestToResolvedURL -+ // returns, so there isn’t a way for the error text to be provided to any of our callers. -+ defer uploadReader.Terminate(errors.New("Reading data from an already terminated upload")) -+ res, err = d.c.makeRequestToResolvedURL(ctx, "PATCH", uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, uploadReader, inputInfo.Size, v2Auth, nil) -+ if err != nil { -+ logrus.Debugf("Error uploading layer chunked %v", err) -+ return nil, err -+ } -+ defer res.Body.Close() -+ if !successStatus(res.StatusCode) { -+ return nil, errors.Wrapf(client.HandleErrorResponse(res), "Error uploading layer chunked") -+ } -+ uploadLocation, err := res.Location() -+ if err != nil { -+ return nil, errors.Wrap(err, "Error determining upload URL") -+ } -+ return uploadLocation, nil -+ }() - if err != nil { -- logrus.Debugf("Error uploading layer chunked, response %#v", res) - return types.BlobInfo{}, err - } -- defer res.Body.Close() - computedDigest := digester.Digest() - -- uploadLocation, err = res.Location() -- if err != nil { -- return types.BlobInfo{}, errors.Wrap(err, "Error determining upload URL") -- } -- - // FIXME: DELETE uploadLocation on failure (does not really work in docker/distribution servers, which incorrectly require the "delete" action in the token's scope) - - locationQuery := uploadLocation.Query() -@@ -469,17 +481,17 @@ func (d *dockerImageDestination) PutSignatures(ctx context.Context, signatures [ - } - switch { - case d.c.signatureBase != nil: -- return d.putSignaturesToLookaside(signatures, instanceDigest) -+ return d.putSignaturesToLookaside(signatures, *instanceDigest) - case d.c.supportsSignatures: -- return d.putSignaturesToAPIExtension(ctx, signatures, instanceDigest) -+ return d.putSignaturesToAPIExtension(ctx, signatures, *instanceDigest) - default: - return errors.Errorf("X-Registry-Supports-Signatures extension not supported, and lookaside is not configured") - } - } - - // putSignaturesToLookaside implements PutSignatures() from the lookaside location configured in s.c.signatureBase, --// which is not nil. --func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, instanceDigest *digest.Digest) error { -+// which is not nil, for a manifest with manifestDigest. -+func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, manifestDigest digest.Digest) error { - // FIXME? This overwrites files one at a time, definitely not atomic. - // A failure when updating signatures with a reordered copy could lose some of them. - -@@ -490,7 +502,7 @@ func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, i - - // NOTE: Keep this in sync with docs/signature-protocols.md! - for i, signature := range signatures { -- url := signatureStorageURL(d.c.signatureBase, *instanceDigest, i) -+ url := signatureStorageURL(d.c.signatureBase, manifestDigest, i) - if url == nil { - return errors.Errorf("Internal error: signatureStorageURL with non-nil base returned nil") - } -@@ -505,7 +517,7 @@ func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, i - // is enough for dockerImageSource to stop looking for other signatures, so that - // is sufficient. - for i := len(signatures); ; i++ { -- url := signatureStorageURL(d.c.signatureBase, *instanceDigest, i) -+ url := signatureStorageURL(d.c.signatureBase, manifestDigest, i) - if url == nil { - return errors.Errorf("Internal error: signatureStorageURL with non-nil base returned nil") - } -@@ -564,8 +576,9 @@ func (c *dockerClient) deleteOneSignature(url *url.URL) (missing bool, err error - } - } - --// putSignaturesToAPIExtension implements PutSignatures() using the X-Registry-Supports-Signatures API extension. --func (d *dockerImageDestination) putSignaturesToAPIExtension(ctx context.Context, signatures [][]byte, instanceDigest *digest.Digest) error { -+// putSignaturesToAPIExtension implements PutSignatures() using the X-Registry-Supports-Signatures API extension, -+// for a manifest with manifestDigest. -+func (d *dockerImageDestination) putSignaturesToAPIExtension(ctx context.Context, signatures [][]byte, manifestDigest digest.Digest) error { - // Skip dealing with the manifest digest, or reading the old state, if not necessary. - if len(signatures) == 0 { - return nil -@@ -575,7 +588,7 @@ func (d *dockerImageDestination) putSignaturesToAPIExtension(ctx context.Context - // always adds signatures. Eventually we should also allow removing signatures, - // but the X-Registry-Supports-Signatures API extension does not support that yet. - -- existingSignatures, err := d.c.getExtensionsSignatures(ctx, d.ref, *instanceDigest) -+ existingSignatures, err := d.c.getExtensionsSignatures(ctx, d.ref, manifestDigest) - if err != nil { - return err - } -@@ -600,7 +613,7 @@ sigExists: - if err != nil || n != 16 { - return errors.Wrapf(err, "Error generating random signature len %d", n) - } -- signatureName = fmt.Sprintf("%s@%032x", instanceDigest.String(), randBytes) -+ signatureName = fmt.Sprintf("%s@%032x", manifestDigest.String(), randBytes) - if _, ok := existingSigNames[signatureName]; !ok { - break - } -@@ -616,7 +629,7 @@ sigExists: - return err - } - -- path := fmt.Sprintf(extensionsSignaturePath, reference.Path(d.ref.ref), d.manifestDigest.String()) -+ path := fmt.Sprintf(extensionsSignaturePath, reference.Path(d.ref.ref), manifestDigest.String()) - res, err := d.c.makeRequest(ctx, "PUT", path, nil, bytes.NewReader(body), v2Auth, nil) - if err != nil { - return err -diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go -index 9c0c20c64e..10aff615e0 100644 ---- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go -+++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go -@@ -24,8 +24,9 @@ import ( - ) - - type dockerImageSource struct { -- ref dockerReference -- c *dockerClient -+ logicalRef dockerReference // The reference the user requested. -+ physicalRef dockerReference // The actual reference we are accessing (possibly a mirror) -+ c *dockerClient - // State - cachedManifest []byte // nil if not loaded yet - cachedManifestMIMEType string // Only valid if cachedManifest != nil -@@ -49,7 +50,6 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef - } - } - -- primaryDomain := reference.Domain(ref.ref) - // Check all endpoints for the manifest availability. If we find one that does - // contain the image, it will be used for all future pull actions. Always try the - // non-mirror original location last; this both transparently handles the case -@@ -66,7 +66,7 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef - attempts := []attempt{} - for _, pullSource := range pullSources { - logrus.Debugf("Trying to access %q", pullSource.Reference) -- s, err := newImageSourceAttempt(ctx, sys, pullSource, primaryDomain) -+ s, err := newImageSourceAttempt(ctx, sys, ref, pullSource) - if err == nil { - return s, nil - } -@@ -95,32 +95,33 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef - } - - // newImageSourceAttempt is an internal helper for newImageSource. Everyone else must call newImageSource. --// Given a pullSource and primaryDomain, return a dockerImageSource if it is reachable. -+// Given a logicalReference and a pullSource, return a dockerImageSource if it is reachable. - // The caller must call .Close() on the returned ImageSource. --func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, pullSource sysregistriesv2.PullSource, primaryDomain string) (*dockerImageSource, error) { -- ref, err := newReference(pullSource.Reference) -+func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, logicalRef dockerReference, pullSource sysregistriesv2.PullSource) (*dockerImageSource, error) { -+ physicalRef, err := newReference(pullSource.Reference) - if err != nil { - return nil, err - } - - endpointSys := sys - // sys.DockerAuthConfig does not explicitly specify a registry; we must not blindly send the credentials intended for the primary endpoint to mirrors. -- if endpointSys != nil && endpointSys.DockerAuthConfig != nil && reference.Domain(ref.ref) != primaryDomain { -+ if endpointSys != nil && endpointSys.DockerAuthConfig != nil && reference.Domain(physicalRef.ref) != reference.Domain(logicalRef.ref) { - copy := *endpointSys - copy.DockerAuthConfig = nil - copy.DockerBearerRegistryToken = "" - endpointSys = © - } - -- client, err := newDockerClientFromRef(endpointSys, ref, false, "pull") -+ client, err := newDockerClientFromRef(endpointSys, physicalRef, false, "pull") - if err != nil { - return nil, err - } - client.tlsClientConfig.InsecureSkipVerify = pullSource.Endpoint.Insecure - - s := &dockerImageSource{ -- ref: ref, -- c: client, -+ logicalRef: logicalRef, -+ physicalRef: physicalRef, -+ c: client, - } - - if err := s.ensureManifestIsLoaded(ctx); err != nil { -@@ -132,7 +133,7 @@ func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, pullSo - // Reference returns the reference used to set up this source, _as specified by the user_ - // (not as the image itself, or its underlying storage, claims). This can be used e.g. to determine which public keys are trusted for this image. - func (s *dockerImageSource) Reference() types.ImageReference { -- return s.ref -+ return s.logicalRef - } - - // Close removes resources associated with an initialized ImageSource, if any. -@@ -181,7 +182,7 @@ func (s *dockerImageSource) GetManifest(ctx context.Context, instanceDigest *dig - } - - func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest string) ([]byte, string, error) { -- path := fmt.Sprintf(manifestPath, reference.Path(s.ref.ref), tagOrDigest) -+ path := fmt.Sprintf(manifestPath, reference.Path(s.physicalRef.ref), tagOrDigest) - headers := map[string][]string{ - "Accept": manifest.DefaultRequestedManifestMIMETypes, - } -@@ -191,7 +192,7 @@ func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest strin - } - defer res.Body.Close() - if res.StatusCode != http.StatusOK { -- return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.ref.ref.Name()) -+ return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.physicalRef.ref.Name()) - } - - manblob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxManifestBodySize) -@@ -213,7 +214,7 @@ func (s *dockerImageSource) ensureManifestIsLoaded(ctx context.Context) error { - return nil - } - -- reference, err := s.ref.tagOrDigest() -+ reference, err := s.physicalRef.tagOrDigest() - if err != nil { - return err - } -@@ -271,7 +272,7 @@ func (s *dockerImageSource) GetBlob(ctx context.Context, info types.BlobInfo, ca - return s.getExternalBlob(ctx, info.URLs) - } - -- path := fmt.Sprintf(blobsPath, reference.Path(s.ref.ref), info.Digest.String()) -+ path := fmt.Sprintf(blobsPath, reference.Path(s.physicalRef.ref), info.Digest.String()) - logrus.Debugf("Downloading %s", path) - res, err := s.c.makeRequest(ctx, "GET", path, nil, nil, v2Auth, nil) - if err != nil { -@@ -280,7 +281,7 @@ func (s *dockerImageSource) GetBlob(ctx context.Context, info types.BlobInfo, ca - if err := httpResponseToError(res, "Error fetching blob"); err != nil { - return nil, 0, err - } -- cache.RecordKnownLocation(s.ref.Transport(), bicTransportScope(s.ref), info.Digest, newBICLocationReference(s.ref)) -+ cache.RecordKnownLocation(s.physicalRef.Transport(), bicTransportScope(s.physicalRef), info.Digest, newBICLocationReference(s.physicalRef)) - return res.Body, getBlobSize(res), nil - } - -@@ -308,7 +309,7 @@ func (s *dockerImageSource) manifestDigest(ctx context.Context, instanceDigest * - if instanceDigest != nil { - return *instanceDigest, nil - } -- if digested, ok := s.ref.ref.(reference.Digested); ok { -+ if digested, ok := s.physicalRef.ref.(reference.Digested); ok { - d := digested.Digest() - if d.Algorithm() == digest.Canonical { - return d, nil -@@ -398,7 +399,7 @@ func (s *dockerImageSource) getSignaturesFromAPIExtension(ctx context.Context, i - return nil, err - } - -- parsedBody, err := s.c.getExtensionsSignatures(ctx, s.ref, manifestDigest) -+ parsedBody, err := s.c.getExtensionsSignatures(ctx, s.physicalRef, manifestDigest) - if err != nil { - return nil, err - } -diff --git a/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go b/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go -index c234576425..c4d42f3eb7 100644 ---- a/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go -+++ b/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go -@@ -115,12 +115,23 @@ func getCPUVariant(os string, arch string) string { - return "" - } - -+// compatibility contains, for a specified architecture, a list of known variants, in the -+// order from most capable (most restrictive) to least capable (most compatible). -+// Architectures that don’t have variants should not have an entry here. - var compatibility = map[string][]string{ -- "arm": {"v7", "v6", "v5"}, -+ "arm": {"v8", "v7", "v6", "v5"}, - "arm64": {"v8"}, - } - --// Returns all compatible platforms with the platform specifics possibly overriden by user, -+// baseVariants contains, for a specified architecture, a variant that is known to be -+// supported by _all_ machines using that architecture. -+// Architectures that don’t have variants, or where there are possible versions without -+// an established variant name, should not have an entry here. -+var baseVariants = map[string]string{ -+ "arm64": "v8", -+} -+ -+// WantedPlatforms returns all compatible platforms with the platform specifics possibly overriden by user, - // the most compatible platform is first. - // If some option (arch, os, variant) is not present, a value from current platform is detected. - func WantedPlatforms(ctx *types.SystemContext) ([]imgspecv1.Platform, error) { -@@ -145,59 +156,45 @@ func WantedPlatforms(ctx *types.SystemContext) ([]imgspecv1.Platform, error) { - wantedOS = ctx.OSChoice - } - -- var wantedPlatforms []imgspecv1.Platform -- if wantedVariant != "" && compatibility[wantedArch] != nil { -- wantedPlatforms = make([]imgspecv1.Platform, 0, len(compatibility[wantedArch])) -- wantedIndex := -1 -- for i, v := range compatibility[wantedArch] { -- if wantedVariant == v { -- wantedIndex = i -- break -+ var variants []string = nil -+ if wantedVariant != "" { -+ if compatibility[wantedArch] != nil { -+ variantOrder := compatibility[wantedArch] -+ for i, v := range variantOrder { -+ if wantedVariant == v { -+ variants = variantOrder[i:] -+ break -+ } - } - } -- // user wants a variant which we know nothing about - not even compatibility -- if wantedIndex == -1 { -- wantedPlatforms = []imgspecv1.Platform{ -- { -- OS: wantedOS, -- Architecture: wantedArch, -- Variant: wantedVariant, -- }, -- } -- } else { -- for i := wantedIndex; i < len(compatibility[wantedArch]); i++ { -- v := compatibility[wantedArch][i] -- wantedPlatforms = append(wantedPlatforms, imgspecv1.Platform{ -- OS: wantedOS, -- Architecture: wantedArch, -- Variant: v, -- }) -- } -+ if variants == nil { -+ // user wants a variant which we know nothing about - not even compatibility -+ variants = []string{wantedVariant} - } -+ variants = append(variants, "") - } else { -- wantedPlatforms = []imgspecv1.Platform{ -- { -- OS: wantedOS, -- Architecture: wantedArch, -- Variant: wantedVariant, -- }, -+ variants = append(variants, "") // No variant specified, use a “no variant specified” image if present -+ if baseVariant, ok := baseVariants[wantedArch]; ok { -+ // But also accept an image with the “base” variant for the architecture, if it exists. -+ variants = append(variants, baseVariant) - } - } - -- return wantedPlatforms, nil -+ res := make([]imgspecv1.Platform, 0, len(variants)) -+ for _, v := range variants { -+ res = append(res, imgspecv1.Platform{ -+ OS: wantedOS, -+ Architecture: wantedArch, -+ Variant: v, -+ }) -+ } -+ return res, nil - } - -+// MatchesPlatform returns true if a platform descriptor from a multi-arch image matches -+// an item from the return value of WantedPlatforms. - func MatchesPlatform(image imgspecv1.Platform, wanted imgspecv1.Platform) bool { -- if image.Architecture != wanted.Architecture { -- return false -- } -- if image.OS != wanted.OS { -- return false -- } -- -- if wanted.Variant == "" || image.Variant == wanted.Variant { -- return true -- } -- -- return false -+ return image.Architecture == wanted.Architecture && -+ image.OS == wanted.OS && -+ image.Variant == wanted.Variant - } -diff --git a/vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go b/vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go -new file mode 100644 -index 0000000000..6aa9ead68f ---- /dev/null -+++ b/vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go -@@ -0,0 +1,61 @@ -+package uploadreader -+ -+import ( -+ "io" -+ "sync" -+) -+ -+// UploadReader is a pass-through reader for use in sending non-trivial data using the net/http -+// package (http.NewRequest, http.Post and the like). -+// -+// The net/http package uses a separate goroutine to upload data to a HTTP connection, -+// and it is possible for the server to return a response (typically an error) before consuming -+// the full body of the request. In that case http.Client.Do can return with an error while -+// the body is still being read — regardless of of the cancellation, if any, of http.Request.Context(). -+// -+// As a result, any data used/updated by the io.Reader() provided as the request body may be -+// used/updated even after http.Client.Do returns, causing races. -+// -+// To fix this, UploadReader provides a synchronized Terminate() method, which can block for -+// a not-completely-negligible time (for a duration of the underlying Read()), but guarantees that -+// after Terminate() returns, the underlying reader is never used any more (unlike calling -+// the cancellation callback of context.WithCancel, which returns before any recipients may have -+// reacted to the cancellation). -+type UploadReader struct { -+ mutex sync.Mutex -+ // The following members can only be used with mutex held -+ reader io.Reader -+ terminationError error // nil if not terminated yet -+} -+ -+// NewUploadReader returns an UploadReader for an "underlying" reader. -+func NewUploadReader(underlying io.Reader) *UploadReader { -+ return &UploadReader{ -+ reader: underlying, -+ terminationError: nil, -+ } -+} -+ -+// Read returns the error set by Terminate, if any, or calls the underlying reader. -+// It is safe to call this from a different goroutine than Terminate. -+func (ur *UploadReader) Read(p []byte) (int, error) { -+ ur.mutex.Lock() -+ defer ur.mutex.Unlock() -+ -+ if ur.terminationError != nil { -+ return 0, ur.terminationError -+ } -+ return ur.reader.Read(p) -+} -+ -+// Terminate waits for in-progress Read calls, if any, to finish, and ensures that after -+// this function returns, any Read calls will fail with the provided error, and the underlying -+// reader will never be used any more. -+// -+// It is safe to call this from a different goroutine than Read. -+func (ur *UploadReader) Terminate(err error) { -+ ur.mutex.Lock() // May block for some time if ur.reader.Read() is in progress -+ defer ur.mutex.Unlock() -+ -+ ur.terminationError = err -+} -diff --git a/vendor/github.com/containers/image/v5/manifest/common.go b/vendor/github.com/containers/image/v5/manifest/common.go -new file mode 100644 -index 0000000000..fa2b39e0ea ---- /dev/null -+++ b/vendor/github.com/containers/image/v5/manifest/common.go -@@ -0,0 +1,118 @@ -+package manifest -+ -+import ( -+ "fmt" -+ -+ "github.com/containers/image/v5/pkg/compression" -+ "github.com/containers/image/v5/types" -+ "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" -+) -+ -+// dupStringSlice returns a deep copy of a slice of strings, or nil if the -+// source slice is empty. -+func dupStringSlice(list []string) []string { -+ if len(list) == 0 { -+ return nil -+ } -+ dup := make([]string, len(list)) -+ copy(dup, list) -+ return dup -+} -+ -+// dupStringStringMap returns a deep copy of a map[string]string, or nil if the -+// passed-in map is nil or has no keys. -+func dupStringStringMap(m map[string]string) map[string]string { -+ if len(m) == 0 { -+ return nil -+ } -+ result := make(map[string]string) -+ for k, v := range m { -+ result[k] = v -+ } -+ return result -+} -+ -+// layerInfosToStrings converts a list of layer infos, presumably obtained from a Manifest.LayerInfos() -+// method call, into a format suitable for inclusion in a types.ImageInspectInfo structure. -+func layerInfosToStrings(infos []LayerInfo) []string { -+ layers := make([]string, len(infos)) -+ for i, info := range infos { -+ layers[i] = info.Digest.String() -+ } -+ return layers -+} -+ -+// compressionMIMETypeSet describes a set of MIME type “variants” that represent differently-compressed -+// versions of “the same kind of content”. -+// The map key is the return value of compression.Algorithm.Name(), or mtsUncompressed; -+// the map value is a MIME type, or mtsUnsupportedMIMEType to mean "recognized but unsupported". -+type compressionMIMETypeSet map[string]string -+ -+const mtsUncompressed = "" // A key in compressionMIMETypeSet for the uncompressed variant -+const mtsUnsupportedMIMEType = "" // A value in compressionMIMETypeSet that means “recognized but unsupported” -+ -+// compressionVariantMIMEType returns a variant of mimeType for the specified algorithm (which may be nil -+// to mean "no compression"), based on variantTable. -+func compressionVariantMIMEType(variantTable []compressionMIMETypeSet, mimeType string, algorithm *compression.Algorithm) (string, error) { -+ if mimeType == mtsUnsupportedMIMEType { // Prevent matching against the {algo:mtsUnsupportedMIMEType} entries -+ return "", fmt.Errorf("cannot update unknown MIME type") -+ } -+ for _, variants := range variantTable { -+ for _, mt := range variants { -+ if mt == mimeType { // Found the variant -+ name := mtsUncompressed -+ if algorithm != nil { -+ name = algorithm.Name() -+ } -+ if res, ok := variants[name]; ok { -+ if res != mtsUnsupportedMIMEType { -+ return res, nil -+ } -+ if name != mtsUncompressed { -+ return "", fmt.Errorf("%s compression is not supported", name) -+ } -+ return "", errors.New("uncompressed variant is not supported") -+ } -+ if name != mtsUncompressed { -+ return "", fmt.Errorf("unknown compression algorithm %s", name) -+ } -+ // We can't very well say “the idea of no compression is unknown” -+ return "", errors.New("uncompressed variant is not supported") -+ } -+ } -+ } -+ if algorithm != nil { -+ return "", fmt.Errorf("unsupported MIME type for compression: %s", mimeType) -+ } -+ return "", fmt.Errorf("unsupported MIME type for decompression: %s", mimeType) -+} -+ -+// updatedMIMEType returns the result of applying edits in updated (MediaType, CompressionOperation) to -+// mimeType, based on variantTable. It may use updated.Digest for error messages. -+func updatedMIMEType(variantTable []compressionMIMETypeSet, mimeType string, updated types.BlobInfo) (string, error) { -+ // Note that manifests in containers-storage might be reporting the -+ // wrong media type since the original manifests are stored while layers -+ // are decompressed in storage. Hence, we need to consider the case -+ // that an already {de}compressed layer should be {de}compressed; -+ // compressionVariantMIMEType does that by not caring whether the original is -+ // {de}compressed. -+ switch updated.CompressionOperation { -+ case types.PreserveOriginal: -+ // Keep the original media type. -+ return mimeType, nil -+ -+ case types.Decompress: -+ return compressionVariantMIMEType(variantTable, mimeType, nil) -+ -+ case types.Compress: -+ if updated.CompressionAlgorithm == nil { -+ logrus.Debugf("Error preparing updated manifest: blob %q was compressed but does not specify by which algorithm: falling back to use the original blob", updated.Digest) -+ return mimeType, nil -+ } -+ return compressionVariantMIMEType(variantTable, mimeType, updated.CompressionAlgorithm) -+ -+ default: -+ return "", fmt.Errorf("unknown compression operation (%d)", updated.CompressionOperation) -+ } -+} -diff --git a/vendor/github.com/containers/image/v5/manifest/docker_schema2.go b/vendor/github.com/containers/image/v5/manifest/docker_schema2.go -index ff0780fe31..8d8bb9e01b 100644 ---- a/vendor/github.com/containers/image/v5/manifest/docker_schema2.go -+++ b/vendor/github.com/containers/image/v5/manifest/docker_schema2.go -@@ -10,7 +10,6 @@ import ( - "github.com/containers/image/v5/types" - "github.com/opencontainers/go-digest" - "github.com/pkg/errors" -- "github.com/sirupsen/logrus" - ) - - // Schema2Descriptor is a “descriptor” in docker/distribution schema 2. -@@ -213,26 +212,17 @@ func (m *Schema2) LayerInfos() []LayerInfo { - return blobs - } - --// isSchema2ForeignLayer is a convenience wrapper to check if a given mime type --// is a compressed or decompressed schema 2 foreign layer. --func isSchema2ForeignLayer(mimeType string) bool { -- switch mimeType { -- case DockerV2Schema2ForeignLayerMediaType, DockerV2Schema2ForeignLayerMediaTypeGzip: -- return true -- default: -- return false -- } --} -- --// isSchema2Layer is a convenience wrapper to check if a given mime type is a --// compressed or decompressed schema 2 layer. --func isSchema2Layer(mimeType string) bool { -- switch mimeType { -- case DockerV2SchemaLayerMediaTypeUncompressed, DockerV2Schema2LayerMediaType: -- return true -- default: -- return false -- } -+var schema2CompressionMIMETypeSets = []compressionMIMETypeSet{ -+ { -+ mtsUncompressed: DockerV2Schema2ForeignLayerMediaType, -+ compression.Gzip.Name(): DockerV2Schema2ForeignLayerMediaTypeGzip, -+ compression.Zstd.Name(): mtsUnsupportedMIMEType, -+ }, -+ { -+ mtsUncompressed: DockerV2SchemaLayerMediaTypeUncompressed, -+ compression.Gzip.Name(): DockerV2Schema2LayerMediaType, -+ compression.Zstd.Name(): mtsUnsupportedMIMEType, -+ }, - } - - // UpdateLayerInfos replaces the original layers with the specified BlobInfos (size+digest+urls), in order (the root layer first, and then successive layered layers) -@@ -243,67 +233,16 @@ func (m *Schema2) UpdateLayerInfos(layerInfos []types.BlobInfo) error { - original := m.LayersDescriptors - m.LayersDescriptors = make([]Schema2Descriptor, len(layerInfos)) - for i, info := range layerInfos { -+ mimeType := original[i].MediaType - // First make sure we support the media type of the original layer. -- if err := SupportedSchema2MediaType(original[i].MediaType); err != nil { -- return fmt.Errorf("Error preparing updated manifest: unknown media type of original layer: %q", original[i].MediaType) -+ if err := SupportedSchema2MediaType(mimeType); err != nil { -+ return fmt.Errorf("Error preparing updated manifest: unknown media type of original layer %q: %q", info.Digest, mimeType) - } -- -- // Set the correct media types based on the specified compression -- // operation, the desired compression algorithm AND the original media -- // type. -- // -- // Note that manifests in containers-storage might be reporting the -- // wrong media type since the original manifests are stored while layers -- // are decompressed in storage. Hence, we need to consider the case -- // that an already {de}compressed layer should be {de}compressed, which -- // is being addressed in `isSchema2{Foreign}Layer`. -- switch info.CompressionOperation { -- case types.PreserveOriginal: -- // Keep the original media type. -- m.LayersDescriptors[i].MediaType = original[i].MediaType -- -- case types.Decompress: -- // Decompress the original media type and check if it was -- // non-distributable one or not. -- mimeType := original[i].MediaType -- switch { -- case isSchema2ForeignLayer(mimeType): -- m.LayersDescriptors[i].MediaType = DockerV2Schema2ForeignLayerMediaType -- case isSchema2Layer(mimeType): -- m.LayersDescriptors[i].MediaType = DockerV2SchemaLayerMediaTypeUncompressed -- default: -- return fmt.Errorf("Error preparing updated manifest: unsupported media type for decompression: %q", original[i].MediaType) -- } -- -- case types.Compress: -- if info.CompressionAlgorithm == nil { -- logrus.Debugf("Preparing updated manifest: blob %q was compressed but does not specify by which algorithm: falling back to use the original blob", info.Digest) -- m.LayersDescriptors[i].MediaType = original[i].MediaType -- break -- } -- // Compress the original media type and set the new one based on -- // that type (distributable or not) and the specified compression -- // algorithm. Throw an error if the algorithm is not supported. -- switch info.CompressionAlgorithm.Name() { -- case compression.Gzip.Name(): -- mimeType := original[i].MediaType -- switch { -- case isSchema2ForeignLayer(mimeType): -- m.LayersDescriptors[i].MediaType = DockerV2Schema2ForeignLayerMediaTypeGzip -- case isSchema2Layer(mimeType): -- m.LayersDescriptors[i].MediaType = DockerV2Schema2LayerMediaType -- default: -- return fmt.Errorf("Error preparing updated manifest: unsupported media type for compression: %q", original[i].MediaType) -- } -- case compression.Zstd.Name(): -- return fmt.Errorf("Error preparing updated manifest: zstd compression is not supported for docker images") -- default: -- return fmt.Errorf("Error preparing updated manifest: unknown compression algorithm %q for layer %q", info.CompressionAlgorithm.Name(), info.Digest) -- } -- -- default: -- return fmt.Errorf("Error preparing updated manifest: unknown compression operation (%d) for layer %q", info.CompressionOperation, info.Digest) -+ mimeType, err := updatedMIMEType(schema2CompressionMIMETypeSets, mimeType, info) -+ if err != nil { -+ return errors.Wrapf(err, "Error preparing updated manifest, layer %q", info.Digest) - } -+ m.LayersDescriptors[i].MediaType = mimeType - m.LayersDescriptors[i].Digest = info.Digest - m.LayersDescriptors[i].Size = info.Size - m.LayersDescriptors[i].URLs = info.URLs -diff --git a/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go b/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go -index 5f96a981a1..bfedff69c6 100644 ---- a/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go -+++ b/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go -@@ -107,7 +107,7 @@ func (list *Schema2List) ChooseInstance(ctx *types.SystemContext) (digest.Digest - } - } - } -- return "", fmt.Errorf("no image found in manifest list for architecture %s, variant %s, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) -+ return "", fmt.Errorf("no image found in manifest list for architecture %s, variant %q, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) - } - - // Serialize returns the list in a blob format. -diff --git a/vendor/github.com/containers/image/v5/manifest/list.go b/vendor/github.com/containers/image/v5/manifest/list.go -index c7d741dc2f..58982597e6 100644 ---- a/vendor/github.com/containers/image/v5/manifest/list.go -+++ b/vendor/github.com/containers/image/v5/manifest/list.go -@@ -59,30 +59,6 @@ type ListUpdate struct { - MediaType string - } - --// dupStringSlice returns a deep copy of a slice of strings, or nil if the --// source slice is empty. --func dupStringSlice(list []string) []string { -- if len(list) == 0 { -- return nil -- } -- dup := make([]string, len(list)) -- copy(dup, list) -- return dup --} -- --// dupStringStringMap returns a deep copy of a map[string]string, or nil if the --// passed-in map is nil or has no keys. --func dupStringStringMap(m map[string]string) map[string]string { -- if len(m) == 0 { -- return nil -- } -- result := make(map[string]string) -- for k, v := range m { -- result[k] = v -- } -- return result --} -- - // ListFromBlob parses a list of manifests. - func ListFromBlob(manifest []byte, manifestMIMEType string) (List, error) { - normalized := NormalizedMIMEType(manifestMIMEType) -diff --git a/vendor/github.com/containers/image/v5/manifest/manifest.go b/vendor/github.com/containers/image/v5/manifest/manifest.go -index 033b8d9513..7b07588730 100644 ---- a/vendor/github.com/containers/image/v5/manifest/manifest.go -+++ b/vendor/github.com/containers/image/v5/manifest/manifest.go -@@ -256,13 +256,3 @@ func FromBlob(manblob []byte, mt string) (Manifest, error) { - // Note that this may not be reachable, NormalizedMIMEType has a default for unknown values. - return nil, fmt.Errorf("Unimplemented manifest MIME type %s (normalized as %s)", mt, nmt) - } -- --// layerInfosToStrings converts a list of layer infos, presumably obtained from a Manifest.LayerInfos() --// method call, into a format suitable for inclusion in a types.ImageInspectInfo structure. --func layerInfosToStrings(infos []LayerInfo) []string { -- layers := make([]string, len(infos)) -- for i, info := range infos { -- layers[i] = info.Digest.String() -- } -- return layers --} -diff --git a/vendor/github.com/containers/image/v5/manifest/oci.go b/vendor/github.com/containers/image/v5/manifest/oci.go -index aafe6693bc..40c40dee8e 100644 ---- a/vendor/github.com/containers/image/v5/manifest/oci.go -+++ b/vendor/github.com/containers/image/v5/manifest/oci.go -@@ -12,7 +12,6 @@ import ( - "github.com/opencontainers/image-spec/specs-go" - imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" -- "github.com/sirupsen/logrus" - ) - - // BlobInfoFromOCI1Descriptor returns a types.BlobInfo based on the input OCI1 descriptor. -@@ -95,26 +94,17 @@ func (m *OCI1) LayerInfos() []LayerInfo { - return blobs - } - --// isOCI1NonDistributableLayer is a convenience wrapper to check if a given mime --// type is a compressed or decompressed OCI v1 non-distributable layer. --func isOCI1NonDistributableLayer(mimeType string) bool { -- switch mimeType { -- case imgspecv1.MediaTypeImageLayerNonDistributable, imgspecv1.MediaTypeImageLayerNonDistributableGzip, imgspecv1.MediaTypeImageLayerNonDistributableZstd: -- return true -- default: -- return false -- } --} -- --// isOCI1Layer is a convenience wrapper to check if a given mime type is a --// compressed or decompressed OCI v1 layer. --func isOCI1Layer(mimeType string) bool { -- switch mimeType { -- case imgspecv1.MediaTypeImageLayer, imgspecv1.MediaTypeImageLayerGzip, imgspecv1.MediaTypeImageLayerZstd: -- return true -- default: -- return false -- } -+var oci1CompressionMIMETypeSets = []compressionMIMETypeSet{ -+ { -+ mtsUncompressed: imgspecv1.MediaTypeImageLayerNonDistributable, -+ compression.Gzip.Name(): imgspecv1.MediaTypeImageLayerNonDistributableGzip, -+ compression.Zstd.Name(): imgspecv1.MediaTypeImageLayerNonDistributableZstd, -+ }, -+ { -+ mtsUncompressed: imgspecv1.MediaTypeImageLayer, -+ compression.Gzip.Name(): imgspecv1.MediaTypeImageLayerGzip, -+ compression.Zstd.Name(): imgspecv1.MediaTypeImageLayerZstd, -+ }, - } - - // UpdateLayerInfos replaces the original layers with the specified BlobInfos (size+digest+urls+mediatype), in order (the root layer first, and then successive layered layers) -@@ -133,79 +123,19 @@ func (m *OCI1) UpdateLayerInfos(layerInfos []types.BlobInfo) error { - } - mimeType = decMimeType - } -- -- // Set the correct media types based on the specified compression -- // operation, the desired compression algorithm AND the original media -- // type. -- // -- // Note that manifests in containers-storage might be reporting the -- // wrong media type since the original manifests are stored while layers -- // are decompressed in storage. Hence, we need to consider the case -- // that an already {de}compressed layer should be {de}compressed, which -- // is being addressed in `isSchema2{Foreign}Layer`. -- switch info.CompressionOperation { -- case types.PreserveOriginal: -- // Keep the original media type. -- m.Layers[i].MediaType = mimeType -- -- case types.Decompress: -- // Decompress the original media type and check if it was -- // non-distributable one or not. -- switch { -- case isOCI1NonDistributableLayer(mimeType): -- m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerNonDistributable -- case isOCI1Layer(mimeType): -- m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayer -- default: -- return fmt.Errorf("Error preparing updated manifest: unsupported media type for decompression: %q", mimeType) -- } -- -- case types.Compress: -- if info.CompressionAlgorithm == nil { -- logrus.Debugf("Error preparing updated manifest: blob %q was compressed but does not specify by which algorithm: falling back to use the original blob", info.Digest) -- m.Layers[i].MediaType = mimeType -- break -- } -- // Compress the original media type and set the new one based on -- // that type (distributable or not) and the specified compression -- // algorithm. Throw an error if the algorithm is not supported. -- switch info.CompressionAlgorithm.Name() { -- case compression.Gzip.Name(): -- switch { -- case isOCI1NonDistributableLayer(mimeType): -- m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerNonDistributableGzip -- case isOCI1Layer(mimeType): -- m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerGzip -- default: -- return fmt.Errorf("Error preparing updated manifest: unsupported media type for compression: %q", mimeType) -- } -- -- case compression.Zstd.Name(): -- switch { -- case isOCI1NonDistributableLayer(mimeType): -- m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerNonDistributableZstd -- case isOCI1Layer(mimeType): -- m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerZstd -- default: -- return fmt.Errorf("Error preparing updated manifest: unsupported media type for compression: %q", mimeType) -- } -- -- default: -- return fmt.Errorf("Error preparing updated manifest: unknown compression algorithm %q for layer %q", info.CompressionAlgorithm.Name(), info.Digest) -- } -- -- default: -- return fmt.Errorf("Error preparing updated manifest: unknown compression operation (%d) for layer %q", info.CompressionOperation, info.Digest) -+ mimeType, err := updatedMIMEType(oci1CompressionMIMETypeSets, mimeType, info) -+ if err != nil { -+ return errors.Wrapf(err, "Error preparing updated manifest, layer %q", info.Digest) - } -- - if info.CryptoOperation == types.Encrypt { -- encMediaType, err := getEncryptedMediaType(m.Layers[i].MediaType) -+ encMediaType, err := getEncryptedMediaType(mimeType) - if err != nil { -- return fmt.Errorf("error preparing updated manifest: encryption specified but no counterpart for mediatype: %q", m.Layers[i].MediaType) -+ return fmt.Errorf("error preparing updated manifest: encryption specified but no counterpart for mediatype: %q", mimeType) - } -- m.Layers[i].MediaType = encMediaType -+ mimeType = encMediaType - } - -+ m.Layers[i].MediaType = mimeType - m.Layers[i].Digest = info.Digest - m.Layers[i].Size = info.Size - m.Layers[i].Annotations = info.Annotations -diff --git a/vendor/github.com/containers/image/v5/manifest/oci_index.go b/vendor/github.com/containers/image/v5/manifest/oci_index.go -index 18cc8135c4..7bdea8fb2d 100644 ---- a/vendor/github.com/containers/image/v5/manifest/oci_index.go -+++ b/vendor/github.com/containers/image/v5/manifest/oci_index.go -@@ -79,6 +79,9 @@ func (index *OCI1Index) ChooseInstance(ctx *types.SystemContext) (digest.Digest, - } - for _, wantedPlatform := range wantedPlatforms { - for _, d := range index.Manifests { -+ if d.Platform == nil { -+ continue -+ } - imagePlatform := imgspecv1.Platform{ - Architecture: d.Platform.Architecture, - OS: d.Platform.OS, -@@ -97,7 +100,7 @@ func (index *OCI1Index) ChooseInstance(ctx *types.SystemContext) (digest.Digest, - return d.Digest, nil - } - } -- return "", fmt.Errorf("no image found in image index for architecture %s, variant %s, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) -+ return "", fmt.Errorf("no image found in image index for architecture %s, variant %q, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) - } - - // Serialize returns the index in a blob format. -diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go -index 717c2b1b3b..67f57e03e2 100644 ---- a/vendor/github.com/containers/image/v5/version/version.go -+++ b/vendor/github.com/containers/image/v5/version/version.go -@@ -8,7 +8,7 @@ const ( - // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 4 - // VersionPatch is for backwards-compatible bug fixes -- VersionPatch = 3 -+ VersionPatch = 4 - - // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" -diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml -index 3463adf900..a55b5a1899 100644 ---- a/vendor/github.com/containers/storage/.cirrus.yml -+++ b/vendor/github.com/containers/storage/.cirrus.yml -@@ -19,9 +19,9 @@ env: - #### - # GCE project where images live - IMAGE_PROJECT: "libpod-218412" -- _BUILT_IMAGE_SUFFIX: "libpod-5874660151656448" -- FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}" -- PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}" -+ _BUILT_IMAGE_SUFFIX: "libpod-6301182083727360" -+ FEDORA_CACHE_IMAGE_NAME: "fedora-32-${_BUILT_IMAGE_SUFFIX}" -+ PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}" - UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}" - PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}" - -diff --git a/vendor/github.com/containers/storage/Makefile b/vendor/github.com/containers/storage/Makefile -index 09937303b4..0e0e14184b 100644 ---- a/vendor/github.com/containers/storage/Makefile -+++ b/vendor/github.com/containers/storage/Makefile -@@ -33,12 +33,10 @@ AUTOTAGS := $(shell ./hack/btrfs_tag.sh) $(shell ./hack/libdm_tag.sh) - BUILDFLAGS := -tags "$(AUTOTAGS) $(TAGS)" $(FLAGS) - GO ?= go - --GO_BUILD=$(GO) build --GO_TEST=$(GO) test - # Go module support: set `-mod=vendor` to use the vendored sources - ifeq ($(shell $(GO) help mod >/dev/null 2>&1 && echo true), true) -- GO_BUILD=GO111MODULE=on $(GO) build -mod=vendor -- GO_TEST=GO111MODULE=on $(GO) test -mod=vendor -+ GO:=GO111MODULE=on $(GO) -+ MOD_VENDOR=-mod=vendor - endif - - RUNINVM := vagrant/runinvm.sh -@@ -52,7 +50,7 @@ clean: ## remove all built files - sources := $(wildcard *.go cmd/containers-storage/*.go drivers/*.go drivers/*/*.go pkg/*/*.go pkg/*/*/*.go) layers_ffjson.go images_ffjson.go containers_ffjson.go pkg/archive/archive_ffjson.go - - containers-storage: $(sources) ## build using gc on the host -- $(GO_BUILD) -compiler gc $(BUILDFLAGS) ./cmd/containers-storage -+ $(GO) build $(MOD_VENDOR) -compiler gc $(BUILDFLAGS) ./cmd/containers-storage - - layers_ffjson.go: $(FFJSON) layers.go - $(RM) $@ -@@ -73,15 +71,15 @@ pkg/archive/archive_ffjson.go: $(FFJSON) pkg/archive/archive.go - binary local-binary: containers-storage - - local-gccgo: ## build using gccgo on the host -- GCCGO=$(PWD)/hack/gccgo-wrapper.sh $(GO_BUILD) -compiler gccgo $(BUILDFLAGS) -o containers-storage.gccgo ./cmd/containers-storage -+ GCCGO=$(PWD)/hack/gccgo-wrapper.sh $(GO) build $(MOD_VENDOR) -compiler gccgo $(BUILDFLAGS) -o containers-storage.gccgo ./cmd/containers-storage - - local-cross: ## cross build the binaries for arm, darwin, and\nfreebsd - @for target in linux/amd64 linux/386 linux/arm linux/arm64 linux/ppc64 linux/ppc64le darwin/amd64 windows/amd64 ; do \ - os=`echo $${target} | cut -f1 -d/` ; \ - arch=`echo $${target} | cut -f2 -d/` ; \ - suffix=$${os}.$${arch} ; \ -- echo env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} $(GO_BUILD) -compiler gc -tags \"$(NATIVETAGS) $(TAGS)\" $(FLAGS) -o containers-storage.$${suffix} ./cmd/containers-storage ; \ -- env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} $(GO_BUILD) -compiler gc -tags "$(NATIVETAGS) $(TAGS)" $(FLAGS) -o containers-storage.$${suffix} ./cmd/containers-storage || exit 1 ; \ -+ echo env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} $(GO) build $(MOD_VENDOR) -compiler gc -tags \"$(NATIVETAGS) $(TAGS)\" $(FLAGS) -o containers-storage.$${suffix} ./cmd/containers-storage ; \ -+ env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} $(GO) build $(MOD_VENDOR) -compiler gc -tags "$(NATIVETAGS) $(TAGS)" $(FLAGS) -o containers-storage.$${suffix} ./cmd/containers-storage || exit 1 ; \ - done - - cross: ## cross build the binaries for arm, darwin, and\nfreebsd using VMs -@@ -97,7 +95,7 @@ test: local-binary ## build the binaries and run the tests using VMs - $(RUNINVM) make local-binary local-cross local-test-unit local-test-integration - - local-test-unit: local-binary ## run the unit tests on the host (requires\nsuperuser privileges) -- @$(GO_TEST) $(BUILDFLAGS) $(shell $(GO) list ./... | grep -v ^$(PACKAGE)/vendor) -+ @$(GO) test $(MOD_VENDOR) $(BUILDFLAGS) $(shell $(GO) list ./... | grep -v ^$(PACKAGE)/vendor) - - test-unit: local-binary ## run the unit tests using VMs - $(RUNINVM) make local-$@ -@@ -136,7 +134,6 @@ vendor-in-container: - podman run --privileged --rm --env HOME=/root -v `pwd`:/src -w /src golang make vendor - - vendor: -- export GO111MODULE=on \ -- $(GO) mod tidy && \ -- $(GO) mod vendor && \ -- $(GO) mod verify -+ $(GO) mod tidy -+ $(GO) mod vendor -+ $(GO) mod verify -diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION -index b57fc7228b..66e2ae6c25 100644 ---- a/vendor/github.com/containers/storage/VERSION -+++ b/vendor/github.com/containers/storage/VERSION -@@ -1 +1 @@ --1.18.2 -+1.19.1 -diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go -index 0c9434a38b..96e7c75fcb 100644 ---- a/vendor/github.com/containers/storage/containers.go -+++ b/vendor/github.com/containers/storage/containers.go -@@ -148,10 +148,20 @@ func (c *Container) ProcessLabel() string { - } - - func (c *Container) MountOpts() []string { -- if mountOpts, ok := c.Flags["MountOpts"].([]string); ok { -+ switch c.Flags["MountOpts"].(type) { -+ case []string: -+ return c.Flags["MountOpts"].([]string) -+ case []interface{}: -+ var mountOpts []string -+ for _, v := range c.Flags["MountOpts"].([]interface{}) { -+ if flag, ok := v.(string); ok { -+ mountOpts = append(mountOpts, flag) -+ } -+ } - return mountOpts -+ default: -+ return nil - } -- return nil - } - - func (r *containerStore) Containers() ([]Container, error) { -diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go -index 232cac71af..7e7dba7534 100644 ---- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go -+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go -@@ -1237,6 +1237,15 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp - i-- - } - -+ // We need to re-create the work directory as it might keep a reference -+ // to the old upper layer in the index. -+ workDir := filepath.Join(dir, "work") -+ if err := os.RemoveAll(workDir); err == nil { -+ if err := idtools.MkdirAs(workDir, 0755, rootUID, rootGID); err != nil { -+ return err -+ } -+ } -+ - // Re-create the directory that we're going to use as the upper layer. - if err := idtools.MkdirAs(diffDir, 0755, rootUID, rootGID); err != nil { - return err -diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go -index c9c8c5c3cd..3e850d1364 100644 ---- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go -+++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go -@@ -384,9 +384,21 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr - } - }() - -+ // In the case of a read-only mount we first mount read-write so we can set the -+ // correct permissions on the mount point and remount read-only afterwards. -+ remountReadOnly := false - mountOptions := d.options.mountOptions - if len(options.Options) > 0 { -- mountOptions = strings.Join(options.Options, ",") -+ var newOptions []string -+ for _, option := range options.Options { -+ if option == "ro" { -+ // Filter out read-only mount option but remember for later remounting. -+ remountReadOnly = true -+ } else { -+ newOptions = append(newOptions, option) -+ } -+ } -+ mountOptions = strings.Join(newOptions, ",") - } - - filesystem := d.zfsPath(id) -@@ -409,7 +421,14 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr - // this could be our first mount after creation of the filesystem, and the root dir may still have root - // permissions instead of the remapped root uid:gid (if user namespaces are enabled): - if err := os.Chown(mountpoint, rootUID, rootGID); err != nil { -- return "", fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err) -+ return "", errors.Wrapf(err, "modifying zfs mountpoint (%s) ownership", mountpoint) -+ } -+ -+ if remountReadOnly { -+ opts = label.FormatMountLabel("remount,ro", options.MountLabel) -+ if err := mount.Mount(filesystem, mountpoint, "zfs", opts); err != nil { -+ return "", errors.Wrap(err, "error remounting zfs mount read-only") -+ } - } - - return mountpoint, nil -diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod -index f18f84f2ff..a7742bcdd5 100644 ---- a/vendor/github.com/containers/storage/go.mod -+++ b/vendor/github.com/containers/storage/go.mod -@@ -6,14 +6,14 @@ require ( - github.com/Microsoft/hcsshim v0.8.7 - github.com/docker/go-units v0.4.0 - github.com/hashicorp/go-multierror v1.0.0 -- github.com/klauspost/compress v1.10.3 -+ github.com/klauspost/compress v1.10.5 - github.com/klauspost/pgzip v1.2.3 - github.com/mattn/go-shellwords v1.0.10 - github.com/mistifyio/go-zfs v2.1.1+incompatible - github.com/opencontainers/go-digest v1.0.0-rc1 - github.com/opencontainers/runc v1.0.0-rc9 - github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700 -- github.com/opencontainers/selinux v1.4.0 -+ github.com/opencontainers/selinux v1.5.1 - github.com/pkg/errors v0.9.1 - github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7 - github.com/sirupsen/logrus v1.4.2 -diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum -index 990cfef57e..97076ffa66 100644 ---- a/vendor/github.com/containers/storage/go.sum -+++ b/vendor/github.com/containers/storage/go.sum -@@ -1,7 +1,6 @@ - cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= - github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= - github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= --github.com/DataDog/zstd v1.4.0/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= - github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= - github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= - github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg= -@@ -17,19 +16,12 @@ github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv - github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= - github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= - github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= --github.com/containers/common v0.5.0 h1:ZAef7h3oO46PcbTyfooZf8XLHrYad+GkhSu3EhH6P24= --github.com/containers/common v0.5.0/go.mod h1:m62kenckrWi5rZx32kaLje2Og0hpf6NsaTBn6+b+Oys= --github.com/containers/common v0.6.1 h1:z9VeVXYeOnNV99uNLp7zoE5KO1n0hqz1mdm5a6AiIrA= --github.com/containers/common v0.6.1/go.mod h1:m62kenckrWi5rZx32kaLje2Og0hpf6NsaTBn6+b+Oys= --github.com/containers/storage v1.16.0/go.mod h1:nqN09JSi1/RSI1UAUwDYXPRiGSlq5FPbNkN/xb0TfG0= - github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= - github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= - github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= - github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= --github.com/docker/docker v0.0.0-20171019062838-86f080cff091/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= - github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= - github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= --github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= - github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= - github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= - github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -@@ -47,19 +39,10 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP - github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= - github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= - github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= --github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= - github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= - github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= --github.com/klauspost/compress v1.10.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= --github.com/klauspost/compress v1.10.2 h1:Znfn6hXZAHaLPNnlqUYRrBSReFHYybslgv4PTiyz6P0= --github.com/klauspost/compress v1.10.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= --github.com/klauspost/compress v1.10.3 h1:OP96hzwJVBIHYU52pVTI6CczrxPvrGfgqF9N5eTO0Q8= --github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= --github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= --github.com/klauspost/pgzip v1.2.1 h1:oIPZROsWuPHpOdMVWLuJZXwgjhrW8r1yEX8UqMyeNHM= --github.com/klauspost/pgzip v1.2.1/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= --github.com/klauspost/pgzip v1.2.2 h1:8d4I0LDiieuGngsqlqOih9ker/NS0LX4V0i+EhiFWg0= --github.com/klauspost/pgzip v1.2.2/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= -+github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc= -+github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= - github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw= - github.com/klauspost/pgzip v1.2.3/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= - github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= -@@ -68,10 +51,6 @@ github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvO - github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= - github.com/mistifyio/go-zfs v2.1.1+incompatible h1:gAMO1HM9xBRONLHHYnu5iFsOJUiJdNZo6oqSENd4eW8= - github.com/mistifyio/go-zfs v2.1.1+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= --github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= --github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= --github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= --github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= - github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= - github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= - github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -@@ -80,13 +59,9 @@ github.com/opencontainers/runc v1.0.0-rc9 h1:/k06BMULKF5hidyoZymkoDCzdJzltZpz/UU - github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= - github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700 h1:eNUVfm/RFLIi1G7flU5/ZRTHvd4kcVuzfRnL6OFlzCI= - github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= --github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go= --github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= - github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= --github.com/opencontainers/selinux v1.3.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= --github.com/opencontainers/selinux v1.3.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= --github.com/opencontainers/selinux v1.4.0 h1:cpiX/2wWIju/6My60T6/z9CxNG7c8xTQyEmA9fChpUo= --github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= -+github.com/opencontainers/selinux v1.5.1 h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y= -+github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= - github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= - github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= - github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -@@ -99,14 +74,10 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa - github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= - github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= - github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= --github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q= --github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo= --github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= - github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= - github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= - github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= - github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= --github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= - github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= - github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= - github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -@@ -129,7 +100,6 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx - golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= --golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= - golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -@@ -142,7 +112,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= --golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -@@ -151,7 +120,6 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1 - golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20191115151921-52ab43148777 h1:wejkGHRTr38uaKRqECZlsCsJ1/TGxIyFbH32x5zUdu4= - golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= --golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2 h1:/J2nHFg1MTqaRLFO7M+J78ASNsJoz3r0cvHBPQ77fsE= - golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -161,7 +129,6 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= - golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= --golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= - google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= - google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -@@ -170,12 +137,8 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi - google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= - gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= - gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= --gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= --gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= - gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= - gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= --gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= --gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= - gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= - gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= - honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go -index 17227266ef..a8ebf9e1ee 100644 ---- a/vendor/github.com/containers/storage/layers.go -+++ b/vendor/github.com/containers/storage/layers.go -@@ -992,6 +992,9 @@ func (r *layerStore) deleteInternal(id string) error { - if err == nil { - os.Remove(r.tspath(id)) - delete(r.byid, id) -+ for _, name := range layer.Names { -+ delete(r.byname, name) -+ } - r.idindex.Delete(id) - mountLabel := layer.MountLabel - if layer.MountPoint != "" { -diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go -index d9a2e473cc..bf819a801f 100644 ---- a/vendor/github.com/containers/storage/pkg/archive/archive.go -+++ b/vendor/github.com/containers/storage/pkg/archive/archive.go -@@ -394,7 +394,7 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 { - // to a tar header - func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { - capability, err := system.Lgetxattr(path, "security.capability") -- if err != nil && err != system.EOPNOTSUPP { -+ if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform { - return err - } - if capability != nil { -@@ -407,7 +407,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { - // ReadUserXattrToTarHeader reads user.* xattr from filesystem to a tar header - func ReadUserXattrToTarHeader(path string, hdr *tar.Header) error { - xattrs, err := system.Llistxattr(path) -- if err != nil && err != system.EOPNOTSUPP { -+ if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform { - return err - } - for _, key := range xattrs { -diff --git a/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go b/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go -index a5b72c5435..6a00141c3d 100644 ---- a/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go -+++ b/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go -@@ -13,6 +13,9 @@ import ( - // by the lock. - type Locker interface { - // Acquire a writer lock. -+ // The default unix implementation panics if: -+ // - opening the lockfile failed -+ // - tried to lock a read-only lock-file - Lock() - - // Acquire a writer lock recursively, allowing for recursive acquisitions -@@ -20,6 +23,9 @@ type Locker interface { - RecursiveLock() - - // Unlock the lock. -+ // The default unix implementation panics if: -+ // - unlocking an unlocked lock -+ // - if the lock counter is corrupted - Unlock() - - // Acquire a reader lock. -diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go -index 697f30b5cb..43b84d7695 100644 ---- a/vendor/github.com/containers/storage/store.go -+++ b/vendor/github.com/containers/storage/store.go -@@ -3397,7 +3397,7 @@ func copyStringInterfaceMap(m map[string]interface{}) map[string]interface{} { - } - - // defaultConfigFile path to the system wide storage.conf file --const defaultConfigFile = "/etc/containers/storage.conf" -+var defaultConfigFile = "/etc/containers/storage.conf" - - // AutoUserNsMinSize is the minimum size for automatically created user namespaces - const AutoUserNsMinSize = 1024 -@@ -3409,6 +3409,11 @@ const AutoUserNsMaxSize = 65536 - // creating a user namespace. - const RootAutoUserNsUser = "containers" - -+// SetDefaultConfigFilePath sets the default configuration to the specified path -+func SetDefaultConfigFilePath(path string) { -+ defaultConfigFile = path -+} -+ - // DefaultConfigFile returns the path to the storage config file used - func DefaultConfigFile(rootless bool) (string, error) { - if rootless { -diff --git a/vendor/github.com/klauspost/compress/flate/deflate.go b/vendor/github.com/klauspost/compress/flate/deflate.go -index 2b101d26b2..25dbe3e15f 100644 ---- a/vendor/github.com/klauspost/compress/flate/deflate.go -+++ b/vendor/github.com/klauspost/compress/flate/deflate.go -@@ -80,9 +80,7 @@ type advancedState struct { - // deflate state - length int - offset int -- hash uint32 - maxInsertIndex int -- ii uint16 // position of last match, intended to overflow to reset. - - // Input hash chains - // hashHead[hashValue] contains the largest inputIndex with the specified hash value -@@ -97,6 +95,9 @@ type advancedState struct { - // input window: unprocessed data is window[index:windowEnd] - index int - hashMatch [maxMatchLength + minMatchLength]uint32 -+ -+ hash uint32 -+ ii uint16 // position of last match, intended to overflow to reset. - } - - type compressor struct { -@@ -107,18 +108,19 @@ type compressor struct { - // compression algorithm - fill func(*compressor, []byte) int // copy data to window - step func(*compressor) // process window -- sync bool // requesting flush - -- window []byte -- windowEnd int -- blockStart int // window index where current tokens start -- byteAvailable bool // if true, still need to process window[index-1]. -- err error -+ window []byte -+ windowEnd int -+ blockStart int // window index where current tokens start -+ err error - - // queued output tokens - tokens tokens - fast fastEnc - state *advancedState -+ -+ sync bool // requesting flush -+ byteAvailable bool // if true, still need to process window[index-1]. - } - - func (d *compressor) fillDeflate(b []byte) int { -diff --git a/vendor/github.com/klauspost/compress/flate/inflate.go b/vendor/github.com/klauspost/compress/flate/inflate.go -index 7f175a4ec2..3e4259f157 100644 ---- a/vendor/github.com/klauspost/compress/flate/inflate.go -+++ b/vendor/github.com/klauspost/compress/flate/inflate.go -@@ -295,10 +295,6 @@ type decompressor struct { - r Reader - roffset int64 - -- // Input bits, in top of b. -- b uint32 -- nb uint -- - // Huffman decoders for literal/length, distance. - h1, h2 huffmanDecoder - -@@ -309,19 +305,24 @@ type decompressor struct { - // Output history, buffer. - dict dictDecoder - -- // Temporary buffer (avoids repeated allocation). -- buf [4]byte -- - // Next step in the decompression, - // and decompression state. - step func(*decompressor) - stepState int -- final bool - err error - toRead []byte - hl, hd *huffmanDecoder - copyLen int - copyDist int -+ -+ // Temporary buffer (avoids repeated allocation). -+ buf [4]byte -+ -+ // Input bits, in top of b. -+ b uint32 -+ -+ nb uint -+ final bool - } - - func (f *decompressor) nextBlock() { -diff --git a/vendor/github.com/klauspost/compress/fse/fse.go b/vendor/github.com/klauspost/compress/fse/fse.go -index 075357b5b1..535cbadfde 100644 ---- a/vendor/github.com/klauspost/compress/fse/fse.go -+++ b/vendor/github.com/klauspost/compress/fse/fse.go -@@ -44,18 +44,14 @@ var ( - // Scratch provides temporary storage for compression and decompression. - type Scratch struct { - // Private -- count [maxSymbolValue + 1]uint32 -- norm [maxSymbolValue + 1]int16 -- symbolLen uint16 // Length of active part of the symbol table. -- actualTableLog uint8 // Selected tablelog. -- br byteReader -- bits bitReader -- bw bitWriter -- ct cTable // Compression tables. -- decTable []decSymbol // Decompression table. -- zeroBits bool // no bits has prob > 50%. -- clearCount bool // clear count -- maxCount int // count of the most probable symbol -+ count [maxSymbolValue + 1]uint32 -+ norm [maxSymbolValue + 1]int16 -+ br byteReader -+ bits bitReader -+ bw bitWriter -+ ct cTable // Compression tables. -+ decTable []decSymbol // Decompression table. -+ maxCount int // count of the most probable symbol - - // Per block parameters. - // These can be used to override compression parameters of the block. -@@ -68,17 +64,22 @@ type Scratch struct { - // and allocation will be avoided. - Out []byte - -- // MaxSymbolValue will override the maximum symbol value of the next block. -- MaxSymbolValue uint8 -- -- // TableLog will attempt to override the tablelog for the next block. -- TableLog uint8 -- - // DecompressLimit limits the maximum decoded size acceptable. - // If > 0 decompression will stop when approximately this many bytes - // has been decoded. - // If 0, maximum size will be 2GB. - DecompressLimit int -+ -+ symbolLen uint16 // Length of active part of the symbol table. -+ actualTableLog uint8 // Selected tablelog. -+ zeroBits bool // no bits has prob > 50%. -+ clearCount bool // clear count -+ -+ // MaxSymbolValue will override the maximum symbol value of the next block. -+ MaxSymbolValue uint8 -+ -+ // TableLog will attempt to override the tablelog for the next block. -+ TableLog uint8 - } - - // Histogram allows to populate the histogram and skip that step in the compression, -diff --git a/vendor/github.com/klauspost/compress/huff0/huff0.go b/vendor/github.com/klauspost/compress/huff0/huff0.go -index 53249df056..177d6c4ea0 100644 ---- a/vendor/github.com/klauspost/compress/huff0/huff0.go -+++ b/vendor/github.com/klauspost/compress/huff0/huff0.go -@@ -79,6 +79,13 @@ type Scratch struct { - // Slice of the returned data. - OutData []byte - -+ // MaxDecodedSize will set the maximum allowed output size. -+ // This value will automatically be set to BlockSizeMax if not set. -+ // Decoders will return ErrMaxDecodedSizeExceeded is this limit is exceeded. -+ MaxDecodedSize int -+ -+ br byteReader -+ - // MaxSymbolValue will override the maximum symbol value of the next block. - MaxSymbolValue uint8 - -@@ -95,12 +102,6 @@ type Scratch struct { - // If WantLogLess == 0 any improvement will do. - WantLogLess uint8 - -- // MaxDecodedSize will set the maximum allowed output size. -- // This value will automatically be set to BlockSizeMax if not set. -- // Decoders will return ErrMaxDecodedSizeExceeded is this limit is exceeded. -- MaxDecodedSize int -- -- br byteReader - symbolLen uint16 // Length of active part of the symbol table. - maxCount int // count of the most probable symbol - clearCount bool // clear count -diff --git a/vendor/github.com/klauspost/compress/zstd/blockdec.go b/vendor/github.com/klauspost/compress/zstd/blockdec.go -index ed670bcc7a..c2f855e75b 100644 ---- a/vendor/github.com/klauspost/compress/zstd/blockdec.go -+++ b/vendor/github.com/klauspost/compress/zstd/blockdec.go -@@ -75,21 +75,25 @@ type blockDec struct { - - // Window size of the block. - WindowSize uint64 -- Type blockType -- RLESize uint32 - -- // Is this the last block of a frame? -- Last bool -- -- // Use less memory -- lowMem bool - history chan *history - input chan struct{} - result chan decodeOutput - sequenceBuf []seq -- tmp [4]byte - err error - decWG sync.WaitGroup -+ -+ // Block is RLE, this is the size. -+ RLESize uint32 -+ tmp [4]byte -+ -+ Type blockType -+ -+ // Is this the last block of a frame? -+ Last bool -+ -+ // Use less memory -+ lowMem bool - } - - func (b *blockDec) String() string { -@@ -127,17 +131,25 @@ func (b *blockDec) reset(br byteBuffer, windowSize uint64) error { - b.Type = blockType((bh >> 1) & 3) - // find size. - cSize := int(bh >> 3) -+ maxSize := maxBlockSize - switch b.Type { - case blockTypeReserved: - return ErrReservedBlockType - case blockTypeRLE: - b.RLESize = uint32(cSize) -+ if b.lowMem { -+ maxSize = cSize -+ } - cSize = 1 - case blockTypeCompressed: - if debug { - println("Data size on stream:", cSize) - } - b.RLESize = 0 -+ maxSize = maxCompressedBlockSize -+ if windowSize < maxCompressedBlockSize && b.lowMem { -+ maxSize = int(windowSize) -+ } - if cSize > maxCompressedBlockSize || uint64(cSize) > b.WindowSize { - if debug { - printf("compressed block too big: csize:%d block: %+v\n", uint64(cSize), b) -@@ -156,8 +168,8 @@ func (b *blockDec) reset(br byteBuffer, windowSize uint64) error { - b.dataStorage = make([]byte, 0, maxBlockSize) - } - } -- if cap(b.dst) <= maxBlockSize { -- b.dst = make([]byte, 0, maxBlockSize+1) -+ if cap(b.dst) <= maxSize { -+ b.dst = make([]byte, 0, maxSize+1) - } - var err error - b.data, err = br.readBig(cSize, b.dataStorage) -@@ -675,8 +687,11 @@ func (b *blockDec) decodeCompressed(hist *history) error { - println("initializing sequences:", err) - return err - } -- -- err = seqs.decode(nSeqs, br, hist.b) -+ hbytes := hist.b -+ if len(hbytes) > hist.windowSize { -+ hbytes = hbytes[len(hbytes)-hist.windowSize:] -+ } -+ err = seqs.decode(nSeqs, br, hbytes) - if err != nil { - return err - } -diff --git a/vendor/github.com/klauspost/compress/zstd/decoder.go b/vendor/github.com/klauspost/compress/zstd/decoder.go -index 86553c2c36..2340255051 100644 ---- a/vendor/github.com/klauspost/compress/zstd/decoder.go -+++ b/vendor/github.com/klauspost/compress/zstd/decoder.go -@@ -169,7 +169,12 @@ func (d *Decoder) Reset(r io.Reader) error { - println("*bytes.Buffer detected, doing sync decode, len:", bb.Len()) - } - b := bb.Bytes() -- dst, err := d.DecodeAll(b, nil) -+ var dst []byte -+ if cap(d.current.b) > 0 { -+ dst = d.current.b -+ } -+ -+ dst, err := d.DecodeAll(b, dst[:0]) - if err == nil { - err = io.EOF - } -diff --git a/vendor/github.com/klauspost/compress/zstd/enc_better.go b/vendor/github.com/klauspost/compress/zstd/enc_better.go -index 4375e08b4d..c120d90548 100644 ---- a/vendor/github.com/klauspost/compress/zstd/enc_better.go -+++ b/vendor/github.com/klauspost/compress/zstd/enc_better.go -@@ -104,10 +104,7 @@ func (e *betterFastEncoder) Encode(blk *blockEnc, src []byte) { - sLimit := int32(len(src)) - inputMargin - // stepSize is the number of bytes to skip on every main loop iteration. - // It should be >= 1. -- stepSize := int32(e.o.targetLength) -- if stepSize == 0 { -- stepSize++ -- } -+ const stepSize = 1 - - const kSearchStrength = 9 - -diff --git a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go -index d640e6a9f2..5ebead9dc8 100644 ---- a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go -+++ b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go -@@ -80,10 +80,7 @@ func (e *doubleFastEncoder) Encode(blk *blockEnc, src []byte) { - sLimit := int32(len(src)) - inputMargin - // stepSize is the number of bytes to skip on every main loop iteration. - // It should be >= 1. -- stepSize := int32(e.o.targetLength) -- if stepSize == 0 { -- stepSize++ -- } -+ const stepSize = 1 - - const kSearchStrength = 8 - -@@ -401,10 +398,7 @@ func (e *doubleFastEncoder) EncodeNoHist(blk *blockEnc, src []byte) { - sLimit := int32(len(src)) - inputMargin - // stepSize is the number of bytes to skip on every main loop iteration. - // It should be >= 1. -- stepSize := int32(e.o.targetLength) -- if stepSize == 0 { -- stepSize++ -- } -+ const stepSize = 1 - - const kSearchStrength = 8 - -diff --git a/vendor/github.com/klauspost/compress/zstd/enc_fast.go b/vendor/github.com/klauspost/compress/zstd/enc_fast.go -index 1387b80823..d1d3658e61 100644 ---- a/vendor/github.com/klauspost/compress/zstd/enc_fast.go -+++ b/vendor/github.com/klauspost/compress/zstd/enc_fast.go -@@ -25,7 +25,6 @@ type tableEntry struct { - } - - type fastBase struct { -- o encParams - // cur is the offset at the start of hist - cur int32 - // maximum offset. Should be at least 2x block size. -@@ -117,11 +116,7 @@ func (e *fastEncoder) Encode(blk *blockEnc, src []byte) { - sLimit := int32(len(src)) - inputMargin - // stepSize is the number of bytes to skip on every main loop iteration. - // It should be >= 2. -- stepSize := int32(e.o.targetLength) -- if stepSize == 0 { -- stepSize++ -- } -- stepSize++ -+ const stepSize = 2 - - // TEMPLATE - const hashLog = tableBits -diff --git a/vendor/github.com/klauspost/compress/zstd/enc_params.go b/vendor/github.com/klauspost/compress/zstd/enc_params.go -index b6779ecb6d..d874116f71 100644 ---- a/vendor/github.com/klauspost/compress/zstd/enc_params.go -+++ b/vendor/github.com/klauspost/compress/zstd/enc_params.go -@@ -4,6 +4,8 @@ - - package zstd - -+/* -+// encParams are not really used, just here for reference. - type encParams struct { - // largest match distance : larger == more compression, more memory needed during decompression - windowLog uint8 -@@ -152,3 +154,4 @@ var defEncParams = [4][]encParams{ - {14, 15, 15, 10, 3, 999, strategyBtultra2}, // level 22. - }, - } -+*/ -diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go -index 67d45efb98..af4f00b734 100644 ---- a/vendor/github.com/klauspost/compress/zstd/encoder.go -+++ b/vendor/github.com/klauspost/compress/zstd/encoder.go -@@ -39,17 +39,18 @@ type encoder interface { - } - - type encoderState struct { -- w io.Writer -- filling []byte -- current []byte -- previous []byte -- encoder encoder -- writing *blockEnc -- err error -- writeErr error -- nWritten int64 -- headerWritten bool -- eofWritten bool -+ w io.Writer -+ filling []byte -+ current []byte -+ previous []byte -+ encoder encoder -+ writing *blockEnc -+ err error -+ writeErr error -+ nWritten int64 -+ headerWritten bool -+ eofWritten bool -+ fullFrameWritten bool - - // This waitgroup indicates an encode is running. - wg sync.WaitGroup -@@ -114,6 +115,7 @@ func (e *Encoder) Reset(w io.Writer) { - s.encoder.Reset() - s.headerWritten = false - s.eofWritten = false -+ s.fullFrameWritten = false - s.w = w - s.err = nil - s.nWritten = 0 -@@ -172,6 +174,22 @@ func (e *Encoder) nextBlock(final bool) error { - return fmt.Errorf("block > maxStoreBlockSize") - } - if !s.headerWritten { -+ // If we have a single block encode, do a sync compression. -+ if final && len(s.filling) > 0 { -+ s.current = e.EncodeAll(s.filling, s.current[:0]) -+ var n2 int -+ n2, s.err = s.w.Write(s.current) -+ if s.err != nil { -+ return s.err -+ } -+ s.nWritten += int64(n2) -+ s.current = s.current[:0] -+ s.filling = s.filling[:0] -+ s.headerWritten = true -+ s.fullFrameWritten = true -+ return nil -+ } -+ - var tmp [maxHeaderSize]byte - fh := frameHeader{ - ContentSize: 0, -@@ -294,7 +312,9 @@ func (e *Encoder) ReadFrom(r io.Reader) (n int64, err error) { - src := e.state.filling - for { - n2, err := r.Read(src) -- _, _ = e.state.encoder.CRC().Write(src[:n2]) -+ if e.o.crc { -+ _, _ = e.state.encoder.CRC().Write(src[:n2]) -+ } - // src is now the unfilled part... - src = src[n2:] - n += int64(n2) -@@ -359,6 +379,9 @@ func (e *Encoder) Close() error { - if err != nil { - return err - } -+ if e.state.fullFrameWritten { -+ return s.err -+ } - s.wg.Wait() - s.wWg.Wait() - -diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go -index 0ff970dac5..3fc03097a6 100644 ---- a/vendor/github.com/klauspost/compress/zstd/encoder_options.go -+++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go -@@ -12,15 +12,16 @@ type EOption func(*encoderOptions) error - - // options retains accumulated state of multiple options. - type encoderOptions struct { -- concurrent int -- crc bool -- single *bool -- pad int -- blockSize int -- windowSize int -- level EncoderLevel -- fullZero bool -- noEntropy bool -+ concurrent int -+ level EncoderLevel -+ single *bool -+ pad int -+ blockSize int -+ windowSize int -+ crc bool -+ fullZero bool -+ noEntropy bool -+ customWindow bool - } - - func (o *encoderOptions) setDefault() { -@@ -30,7 +31,7 @@ func (o *encoderOptions) setDefault() { - crc: true, - single: nil, - blockSize: 1 << 16, -- windowSize: 1 << 22, -+ windowSize: 8 << 20, - level: SpeedDefault, - } - } -@@ -85,6 +86,7 @@ func WithWindowSize(n int) EOption { - } - - o.windowSize = n -+ o.customWindow = true - if o.blockSize > o.windowSize { - o.blockSize = o.windowSize - } -@@ -195,6 +197,16 @@ func WithEncoderLevel(l EncoderLevel) EOption { - return fmt.Errorf("unknown encoder level") - } - o.level = l -+ if !o.customWindow { -+ switch o.level { -+ case SpeedFastest: -+ o.windowSize = 4 << 20 -+ case SpeedDefault: -+ o.windowSize = 8 << 20 -+ case SpeedBetterCompression: -+ o.windowSize = 16 << 20 -+ } -+ } - return nil - } - } -diff --git a/vendor/github.com/klauspost/compress/zstd/framedec.go b/vendor/github.com/klauspost/compress/zstd/framedec.go -index cda590b5f7..780880ebe4 100644 ---- a/vendor/github.com/klauspost/compress/zstd/framedec.go -+++ b/vendor/github.com/klauspost/compress/zstd/framedec.go -@@ -16,16 +16,11 @@ import ( - ) - - type frameDec struct { -- o decoderOptions -- crc hash.Hash64 -- frameDone sync.WaitGroup -- offset int64 -+ o decoderOptions -+ crc hash.Hash64 -+ offset int64 - -- WindowSize uint64 -- DictionaryID uint32 -- FrameContentSize uint64 -- HasCheckSum bool -- SingleSegment bool -+ WindowSize uint64 - - // maxWindowSize is the maximum windows size to support. - // should never be bigger than max-int. -@@ -42,9 +37,16 @@ type frameDec struct { - // Byte buffer that can be reused for small input blocks. - bBuf byteBuf - -+ FrameContentSize uint64 -+ frameDone sync.WaitGroup -+ -+ DictionaryID uint32 -+ HasCheckSum bool -+ SingleSegment bool -+ - // asyncRunning indicates whether the async routine processes input on 'decoding'. -- asyncRunning bool - asyncRunningMu sync.Mutex -+ asyncRunning bool - } - - const ( -@@ -231,7 +233,11 @@ func (d *frameDec) reset(br byteBuffer) error { - return ErrWindowSizeTooSmall - } - d.history.windowSize = int(d.WindowSize) -- d.history.maxSize = d.history.windowSize + maxBlockSize -+ if d.o.lowMem && d.history.windowSize < maxBlockSize { -+ d.history.maxSize = d.history.windowSize * 2 -+ } else { -+ d.history.maxSize = d.history.windowSize + maxBlockSize -+ } - // history contains input - maybe we do something - d.rawInput = br - return nil -@@ -318,8 +324,8 @@ func (d *frameDec) checkCRC() error { - - func (d *frameDec) initAsync() { - if !d.o.lowMem && !d.SingleSegment { -- // set max extra size history to 20MB. -- d.history.maxSize = d.history.windowSize + maxBlockSize*10 -+ // set max extra size history to 10MB. -+ d.history.maxSize = d.history.windowSize + maxBlockSize*5 - } - // re-alloc if more than one extra block size. - if d.o.lowMem && cap(d.history.b) > d.history.maxSize+maxBlockSize { -diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md -index 195333e51d..09a4a35c9b 100644 ---- a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md -+++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md -@@ -27,6 +27,7 @@ We thank all the authors who provided code to this library: - - * Felix Kollmann - * Nicolas Perraut -+* @dirty49374 - - ## License - -diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go -index ef18d8f978..57f530ae83 100644 ---- a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go -+++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go -@@ -4,7 +4,6 @@ package sequences - - import ( - "syscall" -- "unsafe" - ) - - var ( -@@ -27,7 +26,7 @@ func EnableVirtualTerminalProcessing(stream syscall.Handle, enable bool) error { - mode &^= ENABLE_VIRTUAL_TERMINAL_PROCESSING - } - -- ret, _, err := setConsoleMode.Call(uintptr(unsafe.Pointer(stream)), uintptr(mode)) -+ ret, _, err := setConsoleMode.Call(uintptr(stream), uintptr(mode)) - if ret == 0 { - return err - } -diff --git a/vendor/github.com/sirupsen/logrus/CHANGELOG.md b/vendor/github.com/sirupsen/logrus/CHANGELOG.md -index 51a7ab0cab..584026d67c 100644 ---- a/vendor/github.com/sirupsen/logrus/CHANGELOG.md -+++ b/vendor/github.com/sirupsen/logrus/CHANGELOG.md -@@ -1,9 +1,32 @@ -+# 1.6.0 -+Fixes: -+ * end of line cleanup -+ * revert the entry concurrency bug fix whic leads to deadlock under some circumstances -+ * update dependency on go-windows-terminal-sequences to fix a crash with go 1.14 -+ -+Features: -+ * add an option to the `TextFormatter` to completely disable fields quoting -+ -+# 1.5.0 -+Code quality: -+ * add golangci linter run on travis -+ -+Fixes: -+ * add mutex for hooks concurrent access on `Entry` data -+ * caller function field for go1.14 -+ * fix build issue for gopherjs target -+ -+Feature: -+ * add an hooks/writer sub-package whose goal is to split output on different stream depending on the trace level -+ * add a `DisableHTMLEscape` option in the `JSONFormatter` -+ * add `ForceQuote` and `PadLevelText` options in the `TextFormatter` -+ - # 1.4.2 - * Fixes build break for plan9, nacl, solaris - # 1.4.1 - This new release introduces: - * Enhance TextFormatter to not print caller information when they are empty (#944) -- * Remove dependency on golang.org/x/crypto (#932, #943) -+ * Remove dependency on golang.org/x/crypto (#932, #943) - - Fixes: - * Fix Entry.WithContext method to return a copy of the initial entry (#941) -@@ -11,7 +34,7 @@ Fixes: - # 1.4.0 - This new release introduces: - * Add `DeferExitHandler`, similar to `RegisterExitHandler` but prepending the handler to the list of handlers (semantically like `defer`) (#848). -- * Add `CallerPrettyfier` to `JSONFormatter` and `TextFormatter (#909, #911) -+ * Add `CallerPrettyfier` to `JSONFormatter` and `TextFormatter` (#909, #911) - * Add `Entry.WithContext()` and `Entry.Context`, to set a context on entries to be used e.g. in hooks (#919). - - Fixes: -diff --git a/vendor/github.com/sirupsen/logrus/appveyor.yml b/vendor/github.com/sirupsen/logrus/appveyor.yml -index 96c2ce15f8..df9d65c3a5 100644 ---- a/vendor/github.com/sirupsen/logrus/appveyor.yml -+++ b/vendor/github.com/sirupsen/logrus/appveyor.yml -@@ -1,14 +1,14 @@ --version: "{build}" --platform: x64 --clone_folder: c:\gopath\src\github.com\sirupsen\logrus --environment: -- GOPATH: c:\gopath --branches: -- only: -- - master --install: -- - set PATH=%GOPATH%\bin;c:\go\bin;%PATH% -- - go version --build_script: -- - go get -t -- - go test -+version: "{build}" -+platform: x64 -+clone_folder: c:\gopath\src\github.com\sirupsen\logrus -+environment: -+ GOPATH: c:\gopath -+branches: -+ only: -+ - master -+install: -+ - set PATH=%GOPATH%\bin;c:\go\bin;%PATH% -+ - go version -+build_script: -+ - go get -t -+ - go test -diff --git a/vendor/github.com/sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go -index 27b14bfb16..f6e062a346 100644 ---- a/vendor/github.com/sirupsen/logrus/entry.go -+++ b/vendor/github.com/sirupsen/logrus/entry.go -@@ -122,8 +122,6 @@ func (entry *Entry) WithField(key string, value interface{}) *Entry { - - // Add a map of fields to the Entry. - func (entry *Entry) WithFields(fields Fields) *Entry { -- entry.Logger.mu.Lock() -- defer entry.Logger.mu.Unlock() - data := make(Fields, len(entry.Data)+len(fields)) - for k, v := range entry.Data { - data[k] = v -diff --git a/vendor/github.com/sirupsen/logrus/go.mod b/vendor/github.com/sirupsen/logrus/go.mod -index 9ea6e841b4..d41329679f 100644 ---- a/vendor/github.com/sirupsen/logrus/go.mod -+++ b/vendor/github.com/sirupsen/logrus/go.mod -@@ -2,7 +2,7 @@ module github.com/sirupsen/logrus - - require ( - github.com/davecgh/go-spew v1.1.1 // indirect -- github.com/konsorten/go-windows-terminal-sequences v1.0.1 -+ github.com/konsorten/go-windows-terminal-sequences v1.0.3 - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/stretchr/testify v1.2.2 - golang.org/x/sys v0.0.0-20190422165155-953cdadca894 -diff --git a/vendor/github.com/sirupsen/logrus/go.sum b/vendor/github.com/sirupsen/logrus/go.sum -index 95a3f07de0..49c690f238 100644 ---- a/vendor/github.com/sirupsen/logrus/go.sum -+++ b/vendor/github.com/sirupsen/logrus/go.sum -@@ -2,6 +2,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c - github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= - github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= - github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -+github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= -+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= - github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= - github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= - github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= -diff --git a/vendor/github.com/sirupsen/logrus/text_formatter.go b/vendor/github.com/sirupsen/logrus/text_formatter.go -index 2d15a239fe..3c28b54cab 100644 ---- a/vendor/github.com/sirupsen/logrus/text_formatter.go -+++ b/vendor/github.com/sirupsen/logrus/text_formatter.go -@@ -37,6 +37,11 @@ type TextFormatter struct { - // Force quoting of all values - ForceQuote bool - -+ // DisableQuote disables quoting for all values. -+ // DisableQuote will have a lower priority than ForceQuote. -+ // If both of them are set to true, quote will be forced on all values. -+ DisableQuote bool -+ - // Override coloring based on CLICOLOR and CLICOLOR_FORCE. - https://bixense.com/clicolors/ - EnvironmentOverrideColors bool - -@@ -292,6 +297,9 @@ func (f *TextFormatter) needsQuoting(text string) bool { - if f.QuoteEmptyFields && len(text) == 0 { - return true - } -+ if f.DisableQuote { -+ return false -+ } - for _, ch := range text { - if !((ch >= 'a' && ch <= 'z') || - (ch >= 'A' && ch <= 'Z') || -diff --git a/vendor/github.com/vbauerster/mpb/v5/bar.go b/vendor/github.com/vbauerster/mpb/v5/bar.go -index 1a4c66fe1f..13bda22479 100644 ---- a/vendor/github.com/vbauerster/mpb/v5/bar.go -+++ b/vendor/github.com/vbauerster/mpb/v5/bar.go -@@ -69,6 +69,7 @@ type bState struct { - trimSpace bool - toComplete bool - completeFlushed bool -+ ignoreComplete bool - noPop bool - aDecorators []decor.Decorator - pDecorators []decor.Decorator -@@ -170,17 +171,18 @@ func (b *Bar) TraverseDecorators(cb func(decor.Decorator)) { - } - - // SetTotal sets total dynamically. --// If total is less or equal to zero it takes progress' current value. --// If complete is true, complete event will be triggered. -+// If total is less than or equal to zero it takes progress' current value. -+// A complete flag enables or disables complete event on `current >= total`. - func (b *Bar) SetTotal(total int64, complete bool) { - select { - case b.operateState <- func(s *bState) { -+ s.ignoreComplete = !complete - if total <= 0 { - s.total = s.current - } else { - s.total = total - } -- if complete && !s.toComplete { -+ if !s.ignoreComplete && !s.toComplete { - s.current = s.total - s.toComplete = true - go b.refreshTillShutdown() -@@ -197,7 +199,7 @@ func (b *Bar) SetCurrent(current int64) { - s.iterated = true - s.lastN = current - s.current - s.current = current -- if s.total > 0 && s.current >= s.total { -+ if !s.ignoreComplete && s.current >= s.total { - s.current = s.total - s.toComplete = true - go b.refreshTillShutdown() -@@ -224,7 +226,7 @@ func (b *Bar) IncrInt64(n int64) { - s.iterated = true - s.lastN = n - s.current += n -- if s.total > 0 && s.current >= s.total { -+ if !s.ignoreComplete && s.current >= s.total { - s.current = s.total - s.toComplete = true - go b.refreshTillShutdown() -diff --git a/vendor/github.com/vbauerster/mpb/v5/bar_filler.go b/vendor/github.com/vbauerster/mpb/v5/bar_filler.go -index 00bf0a494a..33dbf191db 100644 ---- a/vendor/github.com/vbauerster/mpb/v5/bar_filler.go -+++ b/vendor/github.com/vbauerster/mpb/v5/bar_filler.go -@@ -76,7 +76,7 @@ func (s *barFiller) SetReverse(reverse bool) { - s.flush = reverseFlush - } else { - s.tip = s.format[rTip] -- s.flush = normalFlush -+ s.flush = regularFlush - } - s.reverse = reverse - } -@@ -125,7 +125,7 @@ func (s *barFiller) Fill(w io.Writer, width int, stat *decor.Statistics) { - s.flush(w, bb) - } - --func normalFlush(w io.Writer, bb [][]byte) { -+func regularFlush(w io.Writer, bb [][]byte) { - for i := 0; i < len(bb); i++ { - w.Write(bb[i]) - } -diff --git a/vendor/github.com/vbauerster/mpb/v5/go.mod b/vendor/github.com/vbauerster/mpb/v5/go.mod -index 672191fc8d..1d8d529342 100644 ---- a/vendor/github.com/vbauerster/mpb/v5/go.mod -+++ b/vendor/github.com/vbauerster/mpb/v5/go.mod -@@ -3,8 +3,8 @@ module github.com/vbauerster/mpb/v5 - require ( - github.com/VividCortex/ewma v1.1.1 - github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d -- golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 -- golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 // indirect -+ golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 -+ golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f // indirect - ) - - go 1.14 -diff --git a/vendor/github.com/vbauerster/mpb/v5/go.sum b/vendor/github.com/vbauerster/mpb/v5/go.sum -index 9a411976aa..99ca1bf678 100644 ---- a/vendor/github.com/vbauerster/mpb/v5/go.sum -+++ b/vendor/github.com/vbauerster/mpb/v5/go.sum -@@ -3,11 +3,11 @@ github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmx - github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= - github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= - golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= --golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 h1:QmwruyY+bKbDDL0BaglrbZABEali68eoMFhTZpCjYVA= --golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -+golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU= -+golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= --golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= --golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8= -+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -diff --git a/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go b/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go -index 7e261cb221..e321e0a6b5 100644 ---- a/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go -+++ b/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go -@@ -7,6 +7,9 @@ func Percentage(total, current int64, width int) float64 { - if total <= 0 { - return 0 - } -+ if current >= total { -+ return float64(width) -+ } - return float64(int64(width)*current) / float64(total) - } - -diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go -index 7c498e90d9..a2ecf5c325 100644 ---- a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go -+++ b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go -@@ -42,10 +42,14 @@ type Cipher struct { - - // The last len bytes of buf are leftover key stream bytes from the previous - // XORKeyStream invocation. The size of buf depends on how many blocks are -- // computed at a time. -+ // computed at a time by xorKeyStreamBlocks. - buf [bufSize]byte - len int - -+ // overflow is set when the counter overflowed, no more blocks can be -+ // generated, and the next XORKeyStream call should panic. -+ overflow bool -+ - // The counter-independent results of the first round are cached after they - // are computed the first time. - precompDone bool -@@ -89,6 +93,7 @@ func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) { - return nil, errors.New("chacha20: wrong nonce size") - } - -+ key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint - c.key = [8]uint32{ - binary.LittleEndian.Uint32(key[0:4]), - binary.LittleEndian.Uint32(key[4:8]), -@@ -139,15 +144,18 @@ func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) { - // SetCounter sets the Cipher counter. The next invocation of XORKeyStream will - // behave as if (64 * counter) bytes had been encrypted so far. - // --// To prevent accidental counter reuse, SetCounter panics if counter is --// less than the current value. -+// To prevent accidental counter reuse, SetCounter panics if counter is less -+// than the current value. -+// -+// Note that the execution time of XORKeyStream is not independent of the -+// counter value. - func (s *Cipher) SetCounter(counter uint32) { - // Internally, s may buffer multiple blocks, which complicates this - // implementation slightly. When checking whether the counter has rolled - // back, we must use both s.counter and s.len to determine how many blocks - // we have already output. - outputCounter := s.counter - uint32(s.len)/blockSize -- if counter < outputCounter { -+ if s.overflow || counter < outputCounter { - panic("chacha20: SetCounter attempted to rollback counter") - } - -@@ -196,34 +204,52 @@ func (s *Cipher) XORKeyStream(dst, src []byte) { - dst[i] = src[i] ^ b - } - s.len -= len(keyStream) -- src = src[len(keyStream):] -- dst = dst[len(keyStream):] -+ dst, src = dst[len(keyStream):], src[len(keyStream):] -+ } -+ if len(src) == 0 { -+ return - } - -- const blocksPerBuf = bufSize / blockSize -- numBufs := (uint64(len(src)) + bufSize - 1) / bufSize -- if uint64(s.counter)+numBufs*blocksPerBuf >= 1<<32 { -+ // If we'd need to let the counter overflow and keep generating output, -+ // panic immediately. If instead we'd only reach the last block, remember -+ // not to generate any more output after the buffer is drained. -+ numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize -+ if s.overflow || uint64(s.counter)+numBlocks > 1<<32 { - panic("chacha20: counter overflow") -+ } else if uint64(s.counter)+numBlocks == 1<<32 { -+ s.overflow = true - } - - // xorKeyStreamBlocks implementations expect input lengths that are a - // multiple of bufSize. Platform-specific ones process multiple blocks at a - // time, so have bufSizes that are a multiple of blockSize. - -- rem := len(src) % bufSize -- full := len(src) - rem -- -+ full := len(src) - len(src)%bufSize - if full > 0 { - s.xorKeyStreamBlocks(dst[:full], src[:full]) - } -+ dst, src = dst[full:], src[full:] -+ -+ // If using a multi-block xorKeyStreamBlocks would overflow, use the generic -+ // one that does one block at a time. -+ const blocksPerBuf = bufSize / blockSize -+ if uint64(s.counter)+blocksPerBuf > 1<<32 { -+ s.buf = [bufSize]byte{} -+ numBlocks := (len(src) + blockSize - 1) / blockSize -+ buf := s.buf[bufSize-numBlocks*blockSize:] -+ copy(buf, src) -+ s.xorKeyStreamBlocksGeneric(buf, buf) -+ s.len = len(buf) - copy(dst, buf) -+ return -+ } - - // If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and - // keep the leftover keystream for the next XORKeyStream invocation. -- if rem > 0 { -+ if len(src) > 0 { - s.buf = [bufSize]byte{} -- copy(s.buf[:], src[full:]) -+ copy(s.buf[:], src) - s.xorKeyStreamBlocks(s.buf[:], s.buf[:]) -- s.len = bufSize - copy(dst[full:], s.buf[:]) -+ s.len = bufSize - copy(dst, s.buf[:]) - } - } - -@@ -260,7 +286,9 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) { - s.precompDone = true - } - -- for i := 0; i < len(src); i += blockSize { -+ // A condition of len(src) > 0 would be sufficient, but this also -+ // acts as a bounds check elimination hint. -+ for len(src) >= 64 && len(dst) >= 64 { - // The remainder of the first column round. - fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter) - -@@ -285,49 +313,28 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) { - x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14) - } - -- // Finally, add back the initial state to generate the key stream. -- x0 += c0 -- x1 += c1 -- x2 += c2 -- x3 += c3 -- x4 += c4 -- x5 += c5 -- x6 += c6 -- x7 += c7 -- x8 += c8 -- x9 += c9 -- x10 += c10 -- x11 += c11 -- x12 += s.counter -- x13 += c13 -- x14 += c14 -- x15 += c15 -+ // Add back the initial state to generate the key stream, then -+ // XOR the key stream with the source and write out the result. -+ addXor(dst[0:4], src[0:4], x0, c0) -+ addXor(dst[4:8], src[4:8], x1, c1) -+ addXor(dst[8:12], src[8:12], x2, c2) -+ addXor(dst[12:16], src[12:16], x3, c3) -+ addXor(dst[16:20], src[16:20], x4, c4) -+ addXor(dst[20:24], src[20:24], x5, c5) -+ addXor(dst[24:28], src[24:28], x6, c6) -+ addXor(dst[28:32], src[28:32], x7, c7) -+ addXor(dst[32:36], src[32:36], x8, c8) -+ addXor(dst[36:40], src[36:40], x9, c9) -+ addXor(dst[40:44], src[40:44], x10, c10) -+ addXor(dst[44:48], src[44:48], x11, c11) -+ addXor(dst[48:52], src[48:52], x12, s.counter) -+ addXor(dst[52:56], src[52:56], x13, c13) -+ addXor(dst[56:60], src[56:60], x14, c14) -+ addXor(dst[60:64], src[60:64], x15, c15) - - s.counter += 1 -- if s.counter == 0 { -- panic("chacha20: internal error: counter overflow") -- } - -- in, out := src[i:], dst[i:] -- in, out = in[:blockSize], out[:blockSize] // bounds check elimination hint -- -- // XOR the key stream with the source and write out the result. -- xor(out[0:], in[0:], x0) -- xor(out[4:], in[4:], x1) -- xor(out[8:], in[8:], x2) -- xor(out[12:], in[12:], x3) -- xor(out[16:], in[16:], x4) -- xor(out[20:], in[20:], x5) -- xor(out[24:], in[24:], x6) -- xor(out[28:], in[28:], x7) -- xor(out[32:], in[32:], x8) -- xor(out[36:], in[36:], x9) -- xor(out[40:], in[40:], x10) -- xor(out[44:], in[44:], x11) -- xor(out[48:], in[48:], x12) -- xor(out[52:], in[52:], x13) -- xor(out[56:], in[56:], x14) -- xor(out[60:], in[60:], x15) -+ src, dst = src[blockSize:], dst[blockSize:] - } - } - -diff --git a/vendor/golang.org/x/crypto/chacha20/xor.go b/vendor/golang.org/x/crypto/chacha20/xor.go -index 0110c9865a..c2d04851e0 100644 ---- a/vendor/golang.org/x/crypto/chacha20/xor.go -+++ b/vendor/golang.org/x/crypto/chacha20/xor.go -@@ -13,10 +13,10 @@ const unaligned = runtime.GOARCH == "386" || - runtime.GOARCH == "ppc64le" || - runtime.GOARCH == "s390x" - --// xor reads a little endian uint32 from src, XORs it with u and -+// addXor reads a little endian uint32 from src, XORs it with (a + b) and - // places the result in little endian byte order in dst. --func xor(dst, src []byte, u uint32) { -- _, _ = src[3], dst[3] // eliminate bounds checks -+func addXor(dst, src []byte, a, b uint32) { -+ _, _ = src[3], dst[3] // bounds check elimination hint - if unaligned { - // The compiler should optimize this code into - // 32-bit unaligned little endian loads and stores. -@@ -27,15 +27,16 @@ func xor(dst, src []byte, u uint32) { - v |= uint32(src[1]) << 8 - v |= uint32(src[2]) << 16 - v |= uint32(src[3]) << 24 -- v ^= u -+ v ^= a + b - dst[0] = byte(v) - dst[1] = byte(v >> 8) - dst[2] = byte(v >> 16) - dst[3] = byte(v >> 24) - } else { -- dst[0] = src[0] ^ byte(u) -- dst[1] = src[1] ^ byte(u>>8) -- dst[2] = src[2] ^ byte(u>>16) -- dst[3] = src[3] ^ byte(u>>24) -+ a += b -+ dst[0] = src[0] ^ byte(a) -+ dst[1] = src[1] ^ byte(a>>8) -+ dst[2] = src[2] ^ byte(a>>16) -+ dst[3] = src[3] ^ byte(a>>24) - } - } -diff --git a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go -index b0c2cd0561..347c8b15fb 100644 ---- a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go -+++ b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go -@@ -7,5 +7,3 @@ - package poly1305 - - type mac struct{ macGeneric } -- --func newMAC(key *[32]byte) mac { return mac{newMACGeneric(key)} } -diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go -index 066159b797..3c75c2a670 100644 ---- a/vendor/golang.org/x/crypto/poly1305/poly1305.go -+++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go -@@ -46,10 +46,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool { - // two different messages with the same key allows an attacker - // to forge messages at will. - func New(key *[32]byte) *MAC { -- return &MAC{ -- mac: newMAC(key), -- finalized: false, -- } -+ m := &MAC{} -+ initialize(key, &m.macState) -+ return m - } - - // MAC is an io.Writer computing an authentication tag -@@ -58,7 +57,7 @@ func New(key *[32]byte) *MAC { - // MAC cannot be used like common hash.Hash implementations, - // because using a poly1305 key twice breaks its security. - // Therefore writing data to a running MAC after calling --// Sum causes it to panic. -+// Sum or Verify causes it to panic. - type MAC struct { - mac // platform-dependent implementation - -@@ -71,10 +70,10 @@ func (h *MAC) Size() int { return TagSize } - // Write adds more data to the running message authentication code. - // It never returns an error. - // --// It must not be called after the first call of Sum. -+// It must not be called after the first call of Sum or Verify. - func (h *MAC) Write(p []byte) (n int, err error) { - if h.finalized { -- panic("poly1305: write to MAC after Sum") -+ panic("poly1305: write to MAC after Sum or Verify") - } - return h.mac.Write(p) - } -@@ -87,3 +86,12 @@ func (h *MAC) Sum(b []byte) []byte { - h.finalized = true - return append(b, mac[:]...) - } -+ -+// Verify returns whether the authenticator of all data written to -+// the message authentication code matches the expected value. -+func (h *MAC) Verify(expected []byte) bool { -+ var mac [TagSize]byte -+ h.mac.Sum(&mac) -+ h.finalized = true -+ return subtle.ConstantTimeCompare(expected, mac[:]) == 1 -+} -diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go -index 35b9e38c90..99e5a1d50e 100644 ---- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go -+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go -@@ -9,17 +9,6 @@ package poly1305 - //go:noescape - func update(state *macState, msg []byte) - --func sum(out *[16]byte, m []byte, key *[32]byte) { -- h := newMAC(key) -- h.Write(m) -- h.Sum(out) --} -- --func newMAC(key *[32]byte) (h mac) { -- initialize(key, &h.r, &h.s) -- return --} -- - // mac is a wrapper for macGeneric that redirects calls that would have gone to - // updateGeneric to update. - // -diff --git a/vendor/golang.org/x/crypto/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/poly1305/sum_generic.go -index 1187eab78f..c77ff179d0 100644 ---- a/vendor/golang.org/x/crypto/poly1305/sum_generic.go -+++ b/vendor/golang.org/x/crypto/poly1305/sum_generic.go -@@ -31,9 +31,10 @@ func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) { - h.Sum(out) - } - --func newMACGeneric(key *[32]byte) (h macGeneric) { -- initialize(key, &h.r, &h.s) -- return -+func newMACGeneric(key *[32]byte) macGeneric { -+ m := macGeneric{} -+ initialize(key, &m.macState) -+ return m - } - - // macState holds numbers in saturated 64-bit little-endian limbs. That is, -@@ -97,11 +98,12 @@ const ( - rMask1 = 0x0FFFFFFC0FFFFFFC - ) - --func initialize(key *[32]byte, r, s *[2]uint64) { -- r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0 -- r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1 -- s[0] = binary.LittleEndian.Uint64(key[16:24]) -- s[1] = binary.LittleEndian.Uint64(key[24:32]) -+// initialize loads the 256-bit key into the two 128-bit secret values r and s. -+func initialize(key *[32]byte, m *macState) { -+ m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0 -+ m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1 -+ m.s[0] = binary.LittleEndian.Uint64(key[16:24]) -+ m.s[1] = binary.LittleEndian.Uint64(key[24:32]) - } - - // uint128 holds a 128-bit number as two 64-bit limbs, for use with the -diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go -index 2e3ae34c7d..2b55a29c50 100644 ---- a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go -+++ b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go -@@ -2,12 +2,17 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --// +build s390x,!go1.11 !amd64,!s390x,!ppc64le gccgo purego -+// At this point only s390x has an assembly implementation of sum. All other -+// platforms have assembly implementations of mac, and just define sum as using -+// that through New. Once s390x is ported, this file can be deleted and the body -+// of sum moved into Sum. -+ -+// +build !go1.11 !s390x gccgo purego - - package poly1305 - - func sum(out *[TagSize]byte, msg []byte, key *[32]byte) { -- h := newMAC(key) -+ h := New(key) - h.Write(msg) -- h.Sum(out) -+ h.Sum(out[:0]) - } -diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go -index 92597bb8c2..2e7a120b19 100644 ---- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go -+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go -@@ -9,17 +9,6 @@ package poly1305 - //go:noescape - func update(state *macState, msg []byte) - --func sum(out *[16]byte, m []byte, key *[32]byte) { -- h := newMAC(key) -- h.Write(m) -- h.Sum(out) --} -- --func newMAC(key *[32]byte) (h mac) { -- initialize(key, &h.r, &h.s) -- return --} -- - // mac is a wrapper for macGeneric that redirects calls that would have gone to - // updateGeneric to update. - // -diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go -index b0204ee59f..8bd6b3daff 100644 ---- a/vendor/golang.org/x/crypto/ssh/cipher.go -+++ b/vendor/golang.org/x/crypto/ssh/cipher.go -@@ -119,7 +119,7 @@ var cipherModes = map[string]*cipherMode{ - chacha20Poly1305ID: {64, 0, newChaCha20Cipher}, - - // CBC mode is insecure and so is not included in the default config. -- // (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely -+ // (See https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf). If absolutely - // needed, it's possible to specify a custom Config to enable it. - // You should expect that an active attacker can recover plaintext if - // you do. -diff --git a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go -index d1b4fca3a9..2ffb97bfb8 100644 ---- a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go -+++ b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go -@@ -113,6 +113,7 @@ func NewTerminal(c io.ReadWriter, prompt string) *Terminal { - } - - const ( -+ keyCtrlC = 3 - keyCtrlD = 4 - keyCtrlU = 21 - keyEnter = '\r' -@@ -151,8 +152,12 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) { - switch b[0] { - case 1: // ^A - return keyHome, b[1:] -+ case 2: // ^B -+ return keyLeft, b[1:] - case 5: // ^E - return keyEnd, b[1:] -+ case 6: // ^F -+ return keyRight, b[1:] - case 8: // ^H - return keyBackspace, b[1:] - case 11: // ^K -@@ -738,6 +743,9 @@ func (t *Terminal) readLine() (line string, err error) { - return "", io.EOF - } - } -+ if key == keyCtrlC { -+ return "", io.EOF -+ } - if key == keyPasteStart { - t.pasteActive = true - if len(t.line) == 0 { -diff --git a/vendor/golang.org/x/sys/unix/README.md b/vendor/golang.org/x/sys/unix/README.md -index ab433ccfbb..579d2d7355 100644 ---- a/vendor/golang.org/x/sys/unix/README.md -+++ b/vendor/golang.org/x/sys/unix/README.md -@@ -89,7 +89,7 @@ constants. - - Adding new syscall numbers is mostly done by running the build on a sufficiently - new installation of the target OS (or updating the source checkouts for the --new build system). However, depending on the OS, you make need to update the -+new build system). However, depending on the OS, you may need to update the - parsing in mksysnum. - - ### mksyscall.go -@@ -163,7 +163,7 @@ The merge is performed in the following steps: - - ## Generated files - --### `zerror_${GOOS}_${GOARCH}.go` -+### `zerrors_${GOOS}_${GOARCH}.go` - - A file containing all of the system's generated error numbers, error strings, - signal numbers, and constants. Generated by `mkerrors.sh` (see above). -diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh -index 2979bc9ac4..ab09aafcf9 100644 ---- a/vendor/golang.org/x/sys/unix/mkerrors.sh -+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh -@@ -486,6 +486,7 @@ ccflags="$@" - $2 ~ /^LINUX_REBOOT_MAGIC[12]$/ || - $2 ~ /^MODULE_INIT_/ || - $2 !~ "NLA_TYPE_MASK" && -+ $2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ && - $2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ || - $2 ~ /^SIOC/ || - $2 ~ /^TIOC/ || -diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go -index 99a59d685b..219739407b 100644 ---- a/vendor/golang.org/x/sys/unix/zerrors_linux.go -+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go -@@ -216,6 +216,7 @@ const ( - BPF_F_RDONLY = 0x8 - BPF_F_RDONLY_PROG = 0x80 - BPF_F_RECOMPUTE_CSUM = 0x1 -+ BPF_F_REPLACE = 0x4 - BPF_F_REUSE_STACKID = 0x400 - BPF_F_SEQ_NUMBER = 0x8 - BPF_F_SKIP_FIELD_MASK = 0xff -@@ -389,6 +390,7 @@ const ( - CLONE_NEWNET = 0x40000000 - CLONE_NEWNS = 0x20000 - CLONE_NEWPID = 0x20000000 -+ CLONE_NEWTIME = 0x80 - CLONE_NEWUSER = 0x10000000 - CLONE_NEWUTS = 0x4000000 - CLONE_PARENT = 0x8000 -@@ -737,6 +739,7 @@ const ( - GENL_NAMSIZ = 0x10 - GENL_START_ALLOC = 0x13 - GENL_UNS_ADMIN_PERM = 0x10 -+ GRND_INSECURE = 0x4 - GRND_NONBLOCK = 0x1 - GRND_RANDOM = 0x2 - HDIO_DRIVE_CMD = 0x31f -@@ -1487,6 +1490,7 @@ const ( - PR_GET_FPEMU = 0x9 - PR_GET_FPEXC = 0xb - PR_GET_FP_MODE = 0x2e -+ PR_GET_IO_FLUSHER = 0x3a - PR_GET_KEEPCAPS = 0x7 - PR_GET_NAME = 0x10 - PR_GET_NO_NEW_PRIVS = 0x27 -@@ -1522,6 +1526,7 @@ const ( - PR_SET_FPEMU = 0xa - PR_SET_FPEXC = 0xc - PR_SET_FP_MODE = 0x2d -+ PR_SET_IO_FLUSHER = 0x39 - PR_SET_KEEPCAPS = 0x8 - PR_SET_MM = 0x23 - PR_SET_MM_ARG_END = 0x9 -@@ -1750,12 +1755,15 @@ const ( - RTM_DELRULE = 0x21 - RTM_DELTCLASS = 0x29 - RTM_DELTFILTER = 0x2d -+ RTM_DELVLAN = 0x71 - RTM_F_CLONED = 0x200 - RTM_F_EQUALIZE = 0x400 - RTM_F_FIB_MATCH = 0x2000 - RTM_F_LOOKUP_TABLE = 0x1000 - RTM_F_NOTIFY = 0x100 -+ RTM_F_OFFLOAD = 0x4000 - RTM_F_PREFIX = 0x800 -+ RTM_F_TRAP = 0x8000 - RTM_GETACTION = 0x32 - RTM_GETADDR = 0x16 - RTM_GETADDRLABEL = 0x4a -@@ -1777,7 +1785,8 @@ const ( - RTM_GETSTATS = 0x5e - RTM_GETTCLASS = 0x2a - RTM_GETTFILTER = 0x2e -- RTM_MAX = 0x6f -+ RTM_GETVLAN = 0x72 -+ RTM_MAX = 0x73 - RTM_NEWACTION = 0x30 - RTM_NEWADDR = 0x14 - RTM_NEWADDRLABEL = 0x48 -@@ -1792,6 +1801,7 @@ const ( - RTM_NEWNETCONF = 0x50 - RTM_NEWNEXTHOP = 0x68 - RTM_NEWNSID = 0x58 -+ RTM_NEWNVLAN = 0x70 - RTM_NEWPREFIX = 0x34 - RTM_NEWQDISC = 0x24 - RTM_NEWROUTE = 0x18 -@@ -1799,8 +1809,8 @@ const ( - RTM_NEWSTATS = 0x5c - RTM_NEWTCLASS = 0x28 - RTM_NEWTFILTER = 0x2c -- RTM_NR_FAMILIES = 0x18 -- RTM_NR_MSGTYPES = 0x60 -+ RTM_NR_FAMILIES = 0x19 -+ RTM_NR_MSGTYPES = 0x64 - RTM_SETDCB = 0x4f - RTM_SETLINK = 0x13 - RTM_SETNEIGHTBL = 0x43 -@@ -2090,7 +2100,7 @@ const ( - TASKSTATS_GENL_NAME = "TASKSTATS" - TASKSTATS_GENL_VERSION = 0x1 - TASKSTATS_TYPE_MAX = 0x6 -- TASKSTATS_VERSION = 0x9 -+ TASKSTATS_VERSION = 0xa - TCIFLUSH = 0x0 - TCIOFF = 0x2 - TCIOFLUSH = 0x2 -@@ -2271,7 +2281,7 @@ const ( - VMADDR_CID_ANY = 0xffffffff - VMADDR_CID_HOST = 0x2 - VMADDR_CID_HYPERVISOR = 0x0 -- VMADDR_CID_RESERVED = 0x1 -+ VMADDR_CID_LOCAL = 0x1 - VMADDR_PORT_ANY = 0xffffffff - VM_SOCKETS_INVALID_VERSION = 0xffffffff - VQUIT = 0x1 -@@ -2398,6 +2408,7 @@ const ( - XENFS_SUPER_MAGIC = 0xabba1974 - XFS_SUPER_MAGIC = 0x58465342 - Z3FOLD_MAGIC = 0x33 -+ ZONEFS_MAGIC = 0x5a4f4653 - ZSMALLOC_MAGIC = 0x58295829 - ) - -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go -index 7aae554f21..54559a8956 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go -@@ -431,4 +431,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go -index 7968439a92..054a741b7f 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go -@@ -353,4 +353,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go -index 3c663c69d4..307f2ba12e 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go -@@ -395,4 +395,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go -index 1f3b4d150f..e9404dd545 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go -@@ -298,4 +298,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go -index 00da3de907..68bb6d29b8 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go -@@ -416,4 +416,6 @@ const ( - SYS_FSPICK = 4433 - SYS_PIDFD_OPEN = 4434 - SYS_CLONE3 = 4435 -+ SYS_OPENAT2 = 4437 -+ SYS_PIDFD_GETFD = 4438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go -index d404fbd4d4..4e5251185f 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go -@@ -346,4 +346,6 @@ const ( - SYS_FSPICK = 5433 - SYS_PIDFD_OPEN = 5434 - SYS_CLONE3 = 5435 -+ SYS_OPENAT2 = 5437 -+ SYS_PIDFD_GETFD = 5438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go -index bfbf242f33..4d9aa3003b 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go -@@ -346,4 +346,6 @@ const ( - SYS_FSPICK = 5433 - SYS_PIDFD_OPEN = 5434 - SYS_CLONE3 = 5435 -+ SYS_OPENAT2 = 5437 -+ SYS_PIDFD_GETFD = 5438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go -index 3826f497ad..64af0707d5 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go -@@ -416,4 +416,6 @@ const ( - SYS_FSPICK = 4433 - SYS_PIDFD_OPEN = 4434 - SYS_CLONE3 = 4435 -+ SYS_OPENAT2 = 4437 -+ SYS_PIDFD_GETFD = 4438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go -index 52e3da6490..cc3c067ba3 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go -@@ -395,4 +395,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go -index 6141f90a82..4050ff9836 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go -@@ -395,4 +395,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -index 4f7261a884..529abb6a7f 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -@@ -297,4 +297,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go -index f47014ac05..2766500109 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go -@@ -360,4 +360,6 @@ const ( - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go -index dd78abb0d6..4dc82bb249 100644 ---- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go -@@ -374,4 +374,6 @@ const ( - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 -+ SYS_OPENAT2 = 437 -+ SYS_PIDFD_GETFD = 438 - ) -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go -index a8d0eac81d..af5ab4552f 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go -@@ -114,7 +114,8 @@ type FscryptKeySpecifier struct { - type FscryptAddKeyArg struct { - Key_spec FscryptKeySpecifier - Raw_size uint32 -- _ [9]uint32 -+ Key_id uint32 -+ _ [8]uint32 - } - - type FscryptRemoveKeyArg struct { -@@ -479,7 +480,7 @@ const ( - IFLA_NEW_IFINDEX = 0x31 - IFLA_MIN_MTU = 0x32 - IFLA_MAX_MTU = 0x33 -- IFLA_MAX = 0x35 -+ IFLA_MAX = 0x36 - IFLA_INFO_KIND = 0x1 - IFLA_INFO_DATA = 0x2 - IFLA_INFO_XSTATS = 0x3 -@@ -2308,3 +2309,32 @@ type FsverityEnableArg struct { - Sig_ptr uint64 - _ [11]uint64 - } -+ -+type Nhmsg struct { -+ Family uint8 -+ Scope uint8 -+ Protocol uint8 -+ Resvd uint8 -+ Flags uint32 -+} -+ -+type NexthopGrp struct { -+ Id uint32 -+ Weight uint8 -+ Resvd1 uint8 -+ Resvd2 uint16 -+} -+ -+const ( -+ NHA_UNSPEC = 0x0 -+ NHA_ID = 0x1 -+ NHA_GROUP = 0x2 -+ NHA_GROUP_TYPE = 0x3 -+ NHA_BLACKHOLE = 0x4 -+ NHA_OIF = 0x5 -+ NHA_GATEWAY = 0x6 -+ NHA_ENCAP_TYPE = 0x7 -+ NHA_ENCAP = 0x8 -+ NHA_GROUPS = 0x9 -+ NHA_MASTER = 0xa -+) -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -index fc6b3fb5c4..761b67c864 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -@@ -287,6 +287,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint32 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -index 26c30b84d0..201fb3482d 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -@@ -298,6 +298,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -index 814d42d543..8051b56108 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -@@ -276,6 +276,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint32 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -index d9664c7135..a936f21692 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -@@ -277,6 +277,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -index 0d721454f5..aaca03dd7d 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -@@ -281,6 +281,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint32 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -index ef697684d1..2e7f3b8ca4 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -@@ -280,6 +280,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -index 485fda70be..16add5a257 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -@@ -280,6 +280,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -index 569477eef8..4ed2c8e54c 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -@@ -281,6 +281,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint32 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -index 602d8b4eed..7415190997 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -@@ -287,6 +287,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -index 6db9a7b737..046c2debd4 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -@@ -287,6 +287,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -index 52b5348c2e..0f2f61a6ad 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -@@ -305,6 +305,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -index a111387b3a..cca1b6be27 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -@@ -300,6 +300,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -index 8153af1818..33a73bf183 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -@@ -282,6 +282,7 @@ type Taskstats struct { - Freepages_delay_total uint64 - Thrashing_count uint64 - Thrashing_delay_total uint64 -+ Ac_btime64 uint64 - } - - type cpuMask uint64 -diff --git a/vendor/modules.txt b/vendor/modules.txt -index 602dd1e354..c02b26ded8 100644 ---- a/vendor/modules.txt -+++ b/vendor/modules.txt -@@ -90,7 +90,7 @@ github.com/containers/common/pkg/config - github.com/containers/common/pkg/sysinfo - # github.com/containers/conmon v2.0.14+incompatible - github.com/containers/conmon/runner/config --# github.com/containers/image/v5 v5.4.3 -+# github.com/containers/image/v5 v5.4.4 - github.com/containers/image/v5/copy - github.com/containers/image/v5/directory - github.com/containers/image/v5/directory/explicitfilepath -@@ -105,6 +105,7 @@ github.com/containers/image/v5/internal/iolimits - github.com/containers/image/v5/internal/pkg/keyctl - github.com/containers/image/v5/internal/pkg/platform - github.com/containers/image/v5/internal/tmpdir -+github.com/containers/image/v5/internal/uploadreader - github.com/containers/image/v5/manifest - github.com/containers/image/v5/oci/archive - github.com/containers/image/v5/oci/internal -@@ -150,7 +151,7 @@ github.com/containers/psgo/internal/dev - github.com/containers/psgo/internal/host - github.com/containers/psgo/internal/proc - github.com/containers/psgo/internal/process --# github.com/containers/storage v1.18.2 -+# github.com/containers/storage v1.19.1 - github.com/containers/storage - github.com/containers/storage/drivers - github.com/containers/storage/drivers/aufs -@@ -320,7 +321,7 @@ github.com/inconshreveable/mousetrap - github.com/ishidawataru/sctp - # github.com/json-iterator/go v1.1.9 - github.com/json-iterator/go --# github.com/klauspost/compress v1.10.3 -+# github.com/klauspost/compress v1.10.5 - github.com/klauspost/compress/flate - github.com/klauspost/compress/fse - github.com/klauspost/compress/huff0 -@@ -329,7 +330,7 @@ github.com/klauspost/compress/zstd - github.com/klauspost/compress/zstd/internal/xxhash - # github.com/klauspost/pgzip v1.2.3 - github.com/klauspost/pgzip --# github.com/konsorten/go-windows-terminal-sequences v1.0.2 -+# github.com/konsorten/go-windows-terminal-sequences v1.0.3 - github.com/konsorten/go-windows-terminal-sequences - # github.com/mattn/go-shellwords v1.0.10 - github.com/mattn/go-shellwords -@@ -471,7 +472,7 @@ github.com/safchain/ethtool - github.com/seccomp/containers-golang - # github.com/seccomp/libseccomp-golang v0.9.1 - github.com/seccomp/libseccomp-golang --# github.com/sirupsen/logrus v1.5.0 -+# github.com/sirupsen/logrus v1.6.0 - github.com/sirupsen/logrus - github.com/sirupsen/logrus/hooks/syslog - # github.com/spf13/cobra v0.0.7 -@@ -519,7 +520,7 @@ github.com/varlink/go/varlink/idl - github.com/vbatts/tar-split/archive/tar - github.com/vbatts/tar-split/tar/asm - github.com/vbatts/tar-split/tar/storage --# github.com/vbauerster/mpb/v5 v5.0.3 -+# github.com/vbauerster/mpb/v5 v5.0.4 - github.com/vbauerster/mpb/v5 - github.com/vbauerster/mpb/v5/cwriter - github.com/vbauerster/mpb/v5/decor -@@ -545,7 +546,7 @@ go.opencensus.io/trace/internal - go.opencensus.io/trace/tracestate - # go.uber.org/atomic v1.4.0 - go.uber.org/atomic --# golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 -+# golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 - golang.org/x/crypto/blowfish - golang.org/x/crypto/cast5 - golang.org/x/crypto/chacha20 -@@ -582,7 +583,7 @@ golang.org/x/oauth2/internal - # golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a - golang.org/x/sync/errgroup - golang.org/x/sync/semaphore --# golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 -+# golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f - golang.org/x/sys/cpu - golang.org/x/sys/unix - golang.org/x/sys/windows diff --git a/SPECS/podman.spec b/SPECS/podman.spec index 2275c99..355a4da 100644 --- a/SPECS/podman.spec +++ b/SPECS/podman.spec @@ -14,6 +14,8 @@ %if 0%{?rhel} > 7 && ! 0%{?fedora} %define gobuild(o:) \ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; +%else +%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; %endif %global provider github @@ -24,17 +26,20 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} %global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo} +%global commit0 f5c92373ec5e9d118cf6c098d1ae1b770e5055ae +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) +%global cataver 0.1.5 Name: podman -Version: 1.9.3 -Release: 2%{?dist} +Version: 2.0.5 +Release: 5%{?dist} Summary: Manage Pods, Containers and Container Images -License: ASL 2.0 +License: ASL 2.0 and GPLv3+ URL: https://%{name}.io/ -Source0: %{git0}/archive/v%{version}.tar.gz -# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1829061 -# patch: https://github.com/containers/libpod/pull/6424.patch -Patch0: podman-1829061.patch +Source0: %{git0}/archive/%{commit0}/podman-%{shortcommit0}.tar.gz +Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz +# Build fails with: No matching package to install: 'golang >= 1.12.12-4' on i686 +ExcludeArch: i686 Provides: %{name}-manpages = %{version}-%{release} Obsoletes: %{name}-manpages < %{version}-%{release} BuildRequires: golang >= 1.12.12-4 @@ -53,6 +58,12 @@ BuildRequires: pkgconfig BuildRequires: make BuildRequires: systemd BuildRequires: systemd-devel +# for catatonit +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: file +BuildRequires: gcc +BuildRequires: libtool Requires: containers-common >= 0.1.29-3 Requires: containernetworking-plugins >= 0.8.1-1 Requires: iptables @@ -65,6 +76,7 @@ Requires: slirp4netns >= 0.4.0-1 Requires: runc >= 1.0.0-57 Requires: fuse-overlayfs Requires: libvarlink +Requires: %{name}-catatonit >= %{version}-%{release} %description %{name} (Pod Manager) is a fully featured container engine that is a simple @@ -85,11 +97,7 @@ manipulate images (but not containers) created by the other. Summary: Emulate Docker CLI using %{name} BuildArch: noarch Requires: %{name} = %{version}-%{release} -Conflicts: docker -Conflicts: docker-latest -Conflicts: docker-ce -Conflicts: docker-ee -Conflicts: moby-engine +Provides: docker = %{version}-%{release} %description docker This package installs a script named docker that emulates the Docker CLI by @@ -109,10 +117,25 @@ run %{name}-remote in production. manage pods, containers and container images. %{name}-remote supports ssh connections as well. +%package catatonit +Summary: A signal-forwarding process manager for containers +Requires: %{name} = %{version}-%{release} + +%description catatonit +Catatonit is a /sbin/init program for use within containers. It +forwards (almost) all signals to the spawned child, tears down +the container when the spawned child exits, and otherwise +cleans up other exited processes (zombies). + +This is a reimplementation of other container init programs (such as +"tini" or "dumb-init"), but uses modern Linux facilities (such as +signalfd(2)) and has no additional features. + %package tests Summary: Tests for %{name} Requires: %{name} = %{version}-%{release} #Requires: bats (which RHEL8 doesn't have. If it ever does, un-comment this) +Requires: nmap-ncat Requires: jq %description tests @@ -121,11 +144,9 @@ Requires: jq This package contains system tests for %{name} %prep -%autosetup -Sgit -n %{repo}-%{version} +%autosetup -Sgit -n %{name}-%{commit0} +tar fx %{SOURCE1} -sed -i 's/install.bin: podman/install.bin:/' Makefile -sed -i 's/install.man: docs/install.man:/' Makefile -sed -i 's/install.remote: podman-remote/install.remote:/' Makefile mv pkg/hooks/README.md pkg/hooks/README-hooks.md # this is shipped by skopeo: containers-common subpackage @@ -134,6 +155,7 @@ rm -rf docs/source/markdown/containers-mounts.conf.5.md %build export GO111MODULE=off export GOPATH=$(pwd):$(pwd)/_build +export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" mkdir -p $(pwd)/_build pushd $(pwd)/_build @@ -147,47 +169,64 @@ rm -rf vendor/github.com/containers/storage/drivers/register/register_btrfs.go # build %%{name} export BUILDTAGS="varlink systemd selinux seccomp btrfs_noversion exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)" +# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here? +LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)" %gobuild -o bin/%{name} %{import_path}/cmd/%{name} # build %%{name}-remote -export BUILDTAGS="remoteclient $BUILDTAGS" +export BUILDTAGS="remote $BUILDTAGS" %gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name} %{__make} docs -./docs/dckrman.sh ./docs/build/man/* + +# build catatonit +unset LDFLAGS +pushd catatonit-%{cataver} +autoreconf -fi +%configure +%{__make} %{?_smp_mflags} +# Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers +# that don't have the necessary shared libs. +file catatonit | grep 'statically linked' +if [ $? != 0 ]; then + echo "ERROR: catatonit binary must be statically linked!" + exit 1 +fi +popd %install install -dp %{buildroot}%{_unitdir} -PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \ - install.bin \ - install.remote \ - install.man \ +install -dp %{buildroot}%{_userunitdir} +install -dp %{buildroot}%{_tmpfilesdir} +PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} \ + ETCDIR=%{buildroot}%{_sysconfdir} BUILDTAGS="varlink" \ + install.bin-nobuild \ + install.remote-nobuild \ + install.man-nobuild \ install.cni \ install.systemd \ install.completions \ install.docker -# install libpod.conf -install -dp %{buildroot}%{_datadir}/containers -install -m 644 %{repo}.conf %{buildroot}%{_datadir}/containers - -# install docker-docs -install -dp %{buildroot}%{_mandir}/man1 -install -m 644 docs/build/man/docker*.1 -t %{buildroot}%{_mandir}/man1 - -# install docker symlink -install -m 755 docker %{buildroot}%{_bindir} - -# install test stuff +# install test scripts, but not the internal helpers.t meta-test ln -s ./ ./vendor/src # ./vendor/src -> ./vendor install -d -p %{buildroot}/%{_datadir}/%{name}/test/system cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ +rm -f %{buildroot}/%{_datadir}/%{name}/test/system/*.t # do not include docker and podman-remote man pages in main package for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e remote -e docker`; do echo "$file*" >> podman.file-list done +# install catatonit +install -dp %{buildroot}%{_libexecdir}/catatonit +install -p catatonit-%{cataver}/catatonit %{buildroot}%{_libexecdir}/catatonit +install -dp %{buildroot}%{_libexecdir}/podman +install -dp %{buildroot}%{_datadir}/licenses/podman-catatonit +install -p catatonit-%{cataver}/COPYING %{buildroot}%{_datadir}/licenses/podman-catatonit/COPYING +ln -s %{_libexecdir}/catatonit/catatonit %{buildroot}%{_libexecdir}/podman/catatonit + %check %if 0%{?with_check} # Since we aren't packaging up the vendor directory we need to link @@ -224,16 +263,16 @@ exit 0 %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_%{name} %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist -%{_datadir}/containers/%{repo}.conf -%{_unitdir}/io.%{name}.service -%{_unitdir}/io.%{name}.socket -%{_userunitdir}/io.%{name}.service -%{_userunitdir}/io.%{name}.socket -%{_usr}/lib/tmpfiles.d/%{name}.conf %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %{_userunitdir}/%{name}.service %{_userunitdir}/%{name}.socket +%{_unitdir}/io.%{name}.service +%{_unitdir}/io.%{name}.socket +%{_userunitdir}/io.%{name}.service +%{_userunitdir}/io.%{name}.socket +%{_tmpfilesdir}/%{name}.conf + %files docker %{_bindir}/docker @@ -243,50 +282,155 @@ exit 0 %files remote %{_bindir}/%{name}-remote %{_mandir}/man1/%{name}-remote*.1* -%{_mandir}/man5/%{name}-remote*.5* + +%files catatonit +%license COPYING +%doc README.md +%dir %{_libexecdir}/catatonit +%{_libexecdir}/catatonit/catatonit +%dir %{_libexecdir}/podman +%{_libexecdir}/podman/catatonit %files tests %license LICENSE %{_datadir}/%{name}/test %changelog -* Mon Jun 01 2020 Jindrich Novy - 1.9.3-2 +* Wed Sep 23 2020 Jindrich Novy - 2.0.5-5 +- fix "[FJ8.3 Bug]: [REG] "--group-add" option of "podman create" doesn't work with "--user" option" +- Resolves: #1877177 +- fix "`podman images --all` fails on images with digest" +- Resolves: #1879622 + +* Fri Sep 11 2020 Jindrich Novy - 2.0.5-4 +- consume content directly from the dedicated upstream branch +- Related: #1877187 + +* Thu Sep 10 2020 Jindrich Novy - 2.0.5-3 +- fix "[FJ8.3 Bug]: [REG] "--oom-score-adj" flag is ignored in "podman run" and "podman create"" +- Resolves: #1877187 + +* Thu Aug 27 2020 Jindrich Novy - 2.0.5-2 +- fix gating test errors - thanks for patches to Ed Santiago +- Related: #1872263 + +* Thu Aug 27 2020 Jindrich Novy - 2.0.5-1 +- update to https://github.com/containers/podman/releases/tag/v2.0.5 +- Resolves: #1872263 + +* Thu Aug 20 2020 Jindrich Novy - 2.0.4-3 +- fix "podman run namespace in man page ambiguous" +- Resolves: #1860126 + +* Tue Aug 11 2020 Jindrich Novy - 2.0.4-2 +- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization +- Related: #1821193 + +* Sat Aug 01 2020 Jindrich Novy - 2.0.4-1 +- update to https://github.com/containers/podman/releases/tag/v2.0.4 +- Related: #1821193 + +* Fri Jul 31 2020 Jindrich Novy - 2.0.3-2 +- fix "Podman build from url failed to get correct temp directory for store files" +- Resolves: #1858862 + +* Thu Jul 23 2020 Lokesh Mandvekar - 2.0.3-1 +- update to https://github.com/containers/podman/releases/tag/v2.0.3 +- Resolves: #1785242 - podman-docker Provides: docker +- Resolves: #1804195 + +* Fri Jul 17 2020 Jindrich Novy - 2.0.2-3 +- fix "CVE-2020-14040 podman: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhel-8]" +- Resolves: #1854718 + +* Wed Jul 15 2020 Jindrich Novy - 2.0.2-2 +- always pull in catatonit with podman and vice versa +- Related: #1821193 + +* Wed Jul 08 2020 Jindrich Novy - 2.0.2-1 +- update to https://github.com/containers/libpod/releases/tag/v2.0.2 +- Related: #1821193 + +* Thu Jul 02 2020 Jindrich Novy - 2.0.1-3 +- include catatonit +- Related: #1821193 + +* Wed Jul 01 2020 Jindrich Novy - 2.0.1-2 +- fix "Podman does not use --tmpdir when pulling an image" +- Resolves: #1769918 + +* Fri Jun 26 2020 Jindrich Novy - 2.0.1-1 +- update to https://github.com/containers/libpod/releases/tag/v2.0.1 +- Related: #1821193 + +* Mon Jun 22 2020 Jindrich Novy - 2.0.0-1 +- update to https://github.com/containers/libpod/releases/tag/v2.0.0 +- Related: #1821193 + +* Thu Jun 18 2020 Jindrich Novy - 2.0.0-0.9.rc7 +- update to https://github.com/containers/libpod/releases/tag/v2.0.0-rc7 +- Related: #1821193 + +* Tue Jun 16 2020 Jindrich Novy - 2.0.0-0.8.rc6 +- attempt to fix test user for gating tests (Ed Santiago) +- Related: #1821193 + +* Tue Jun 16 2020 Jindrich Novy - 2.0.0-0.7.rc6 +- fix "Socket-activated Varlink (io.podman.socket) fails after first call" +- Related: #1821193 + +* Tue Jun 16 2020 Jindrich Novy - 2.0.0-0.6.rc6 +- fix build: add relevant socket/service/conf files and re-enable varlink +- Related: #1821193 + +* Mon Jun 15 2020 Jindrich Novy - 2.0.0-0.5.rc6 +- update to https://github.com/containers/libpod/releases/tag/v2.0.0-rc6 +- Related: #1821193 + +* Wed Jun 10 2020 Jindrich Novy - 2.0.0-0.4.rc5 +- update to https://github.com/containers/libpod/releases/tag/v2.0.0-rc5 +- Related: #1821193 + +* Thu Jun 04 2020 Jindrich Novy - 2.0.0-0.3.rc4 +- update to https://github.com/containers/libpod/releases/tag/v2.0.0-rc4 +- Related: #1821193 + +* Thu Jun 04 2020 Jindrich Novy - 2.0.0-0.2.rc3 +- podman-tests requires nmap-ncat now +- Related: #1821193 + +* Tue Jun 02 2020 Jindrich Novy - 2.0.0-0.1.rc3 +- update to https://github.com/containers/libpod/releases/tag/v2.0.0-rc3 +- Related: #1821193 + +* Mon Jun 01 2020 Jindrich Novy - 1.9.3-3 - fix "Signature verification incorrectly uses mirror’s references" -- Resolves: #1829061 +- Related: #1821193 + +* Wed May 27 2020 Jindrich Novy - 1.9.3-2 +- exclude i686 arch due to "No matching package to install: 'golang >= 1.12.12-4'" on i686 +- Related: #1821193 * Mon May 25 2020 Jindrich Novy - 1.9.3-1 - update to https://github.com/containers/libpod/releases/tag/v1.9.3 -- Related: RHELPLAN-39206 +- Related: #1821193 * Wed May 20 2020 Jindrich Novy - 1.9.2-3 - fix "Podman support for FIPS Mode requires a bind mount inside the container" - version the oci-systemd-hook obsolete -- Related: #1784950 -- Related: #1836180 +- Related: #1821193 * Tue May 19 2020 Jindrich Novy - 1.9.2-2 - obsolete oci-systemd-hook package -- Resolves: #1836180 +- Related: #1821193 * Thu May 14 2020 Jindrich Novy - 1.9.2-1 - update to https://github.com/containers/libpod/releases/tag/v1.9.2 -- Related: RHELPLAN-39206 - -* Fri May 01 2020 Jindrich Novy - 1.9.1-2 -- make container-selinux a soft dependency -- Related: #1806044 - -* Wed Apr 29 2020 Jindrich Novy - 1.9.1-1 -- update to https://github.com/containers/libpod/releases/tag/v1.9.1 -- Related: RHELPLAN-39206 - -* Fri Apr 17 2020 Jindrich Novy - 1.9.0-2 -- remove containers-mounts.conf man page, this is shipped by skopeo: containers-common subpackage -- Related: RHELPLAN-39206 +- Related: #1821193 -* Fri Apr 17 2020 Jindrich Novy - 1.9.0-1 -- update to https://github.com/containers/libpod/releases/tag/v1.9.0 -- Related: RHELPLAN-39206 +* Tue May 12 2020 Jindrich Novy - 1.9.1-1 +- synchronize containter-tools 8.3.0 with 8.2.1 +- Related: #1821193 * Wed Apr 01 2020 Jindrich Novy - 1.6.4-11 - fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process"