Merge pull request #10465 from containers/dependabot/go_modules/github.com/containers/common-0.39.0

Bump github.com/containers/common from 0.38.4 to 0.39.0

go.mod

@@ -12,12 +12,12 @@ require (
 	github.com/containernetworking/cni v0.8.1
 	github.com/containernetworking/plugins v0.9.1
 	github.com/containers/buildah v1.21.0
-	github.com/containers/common v0.38.4
+	github.com/containers/common v0.39.0
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.12.0
 	github.com/containers/ocicrypt v1.1.1
 	github.com/containers/psgo v1.5.2
-	github.com/containers/storage v1.31.2
+	github.com/containers/storage v1.32.0
 	github.com/coreos/go-systemd/v22 v22.3.2
 	github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
 	github.com/cri-o/ocicni v0.2.1-0.20210301205850-541cf7c703cf

go.sum

@@ -218,8 +218,9 @@ github.com/containernetworking/plugins v0.9.1 h1:FD1tADPls2EEi3flPc2OegIY1M9pUa9
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
 github.com/containers/buildah v1.21.0 h1:LuwuqRPjan3X3AIdGwfkEkqMgmrDMNpQznFqNdHgCz8=
 github.com/containers/buildah v1.21.0/go.mod h1:yPdlpVd93T+i91yGxrJbW1YOWrqN64j5ZhHOZmHUejs=
-github.com/containers/common v0.38.4 h1:WYv4R6Sw1qiOPZtBNbKglrmisXdPcq3fZ3bGy4prrjo=
 github.com/containers/common v0.38.4/go.mod h1:egfpX/Y3+19Dz4Wa1eRZDdgzoEOeneieF9CQppKzLBg=
+github.com/containers/common v0.39.0 h1:MrvpFa/bM4UmUILACv2IhOif4oLmWAiD4C+CpOc/MUo=
+github.com/containers/common v0.39.0/go.mod h1:vPUHCg/dHoiyqIyLN+EdbjUaGrVEhs/hAvsqsxuYepk=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.12.0 h1:1hNS2QkzFQ4lH3GYQLyAXB0acRMhS1Ubm6oV++8vw4w=
@@ -235,8 +236,8 @@ github.com/containers/psgo v1.5.2/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzP
 github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM=
 github.com/containers/storage v1.30.1/go.mod h1:NDJkiwxnSHD1Is+4DGcyR3SIEYSDOa0xnAW+uGQFx9E=
 github.com/containers/storage v1.31.1/go.mod h1:IFEf+yRTS0pvCGQt2tBv1Kzz2XUSPvED6uFBmWG7V/E=
-github.com/containers/storage v1.31.2 h1:wWi7OsNtHUydGdK0EpQiK94MfQNj5qK2GtxNLoj4tU4=
-github.com/containers/storage v1.31.2/go.mod h1:J3q772EVbN9vgqoN/dkvInKnp4xK9ZXm7wHNfuiIDgE=
+github.com/containers/storage v1.32.0 h1:l2O+EybfGVkisqDkRysKG1VAO6jPPIYOV5Q4/sau86c=
+github.com/containers/storage v1.32.0/go.mod h1:J3q772EVbN9vgqoN/dkvInKnp4xK9ZXm7wHNfuiIDgE=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=

vendor/github.com/containers/common/libimage/image.go

@@ -658,25 +658,6 @@ func (i *Image) Unmount(force bool) error {
 	return err
 }
 
-// MountPoint returns the fully-evaluated mount point of the image.  If the
-// image isn't mounted, an empty string is returned.
-func (i *Image) MountPoint() (string, error) {
-	counter, err := i.runtime.store.Mounted(i.TopLayer())
-	if err != nil {
-		return "", err
-	}
-
-	if counter == 0 {
-		return "", nil
-	}
-
-	layer, err := i.runtime.store.Layer(i.TopLayer())
-	if err != nil {
-		return "", err
-	}
-	return filepath.EvalSymlinks(layer.MountPoint)
-}
-
 // Size computes the size of the image layers and associated data.
 func (i *Image) Size() (int64, error) {
 	return i.runtime.store.ImageSize(i.ID())

vendor/github.com/containers/common/libimage/pull.go

@@ -279,6 +279,7 @@ func (r *Runtime) copyFromRegistry(ctx context.Context, ref types.ImageReference
 		return r.copySingleImageFromRegistry(ctx, inputName, pullPolicy, options)
 	}
 
+	// Copy all tags
 	named := reference.TrimNamed(ref.DockerReference())
 	tags, err := registryTransport.GetRepositoryTags(ctx, &r.systemContext, ref)
 	if err != nil {

vendor/github.com/containers/common/libimage/runtime.go

@@ -516,8 +516,9 @@ type RemoveImagesOptions struct {
 	WithSize bool
 }
 
-// RemoveImages removes images specified by names.  All images are expected to
-// exist in the local containers storage.
+// RemoveImages removes images specified by names.  If no names are specified,
+// remove images as specified via the options' filters.  All images are
+// expected to exist in the local containers storage.
 //
 // If an image has more names than one name, the image will be untagged with
 // the specified name.  RemoveImages returns a slice of untagged and removed
@@ -557,6 +558,9 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem
 	// orderedIDs and the deleteMap.
 	switch {
 	case len(names) > 0:
+		// Look up the images one-by-one.  That allows for removing
+		// images that have been looked up successfully while reporting
+		// lookup errors at the end.
 		lookupOptions := LookupImageOptions{IgnorePlatform: true}
 		for _, name := range names {
 			img, resolvedName, err := r.LookupImage(name, &lookupOptions)

vendor/github.com/containers/common/pkg/config/config.go

@@ -150,6 +150,11 @@ type ContainersConfig struct {
 	// PidNS indicates how to create a pid namespace for the container
 	PidNS string `toml:"pidns,omitempty"`
 
+	// RootlessNetworking depicts the "kind" of networking for rootless
+	// containers.  Valid options are `slirp4netns` and `cni`. Default is
+	// `slirp4netns`
+	RootlessNetworking string `toml:"rootless_networking,omitempty"`
+
 	// SeccompProfile is the seccomp.json profile path which is used as the
 	// default for the runtime.
 	SeccompProfile string `toml:"seccomp_profile,omitempty"`

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -389,6 +389,9 @@ default_sysctls = [
 # `podman --remote=true` for access to the remote Podman service.
 # remote = false
 
+# Indicates the networking to be used for rootless containers
+# rootless_networking="slirp4netns"
+
 # Directory for persistent engine files (database, etc)
 # By default, this will be configured relative to where the containers/storage
 # stores containers

vendor/github.com/containers/common/pkg/config/default.go

@@ -82,6 +82,10 @@ var (
 		"/usr/local/lib/cni",
 		"/opt/cni/bin",
 	}
+
+	// DefaultRootlessNetwork is the kind of of rootless networking
+	// for containers
+	DefaultRootlessNetwork = "slirp4netns"
 )
 
 const (
@@ -186,24 +190,25 @@ func DefaultConfig() (*Config, error) {
 				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 				"TERM=xterm",
 			},
-			EnvHost:        false,
-			HTTPProxy:      true,
-			Init:           false,
-			InitPath:       "",
-			IPCNS:          "private",
-			LogDriver:      DefaultLogDriver,
-			LogSizeMax:     DefaultLogSizeMax,
-			NetNS:          netns,
-			NoHosts:        false,
-			PidsLimit:      DefaultPidsLimit,
-			PidNS:          "private",
-			SeccompProfile: SeccompDefaultPath,
-			ShmSize:        DefaultShmSize,
-			TZ:             "",
-			Umask:          "0022",
-			UTSNS:          "private",
-			UserNS:         "host",
-			UserNSSize:     DefaultUserNSSize,
+			EnvHost:            false,
+			HTTPProxy:          true,
+			Init:               false,
+			InitPath:           "",
+			IPCNS:              "private",
+			LogDriver:          DefaultLogDriver,
+			LogSizeMax:         DefaultLogSizeMax,
+			NetNS:              netns,
+			NoHosts:            false,
+			PidsLimit:          DefaultPidsLimit,
+			PidNS:              "private",
+			RootlessNetworking: DefaultRootlessNetwork,
+			SeccompProfile:     SeccompDefaultPath,
+			ShmSize:            DefaultShmSize,
+			TZ:                 "",
+			Umask:              "0022",
+			UTSNS:              "private",
+			UserNS:             "host",
+			UserNSSize:         DefaultUserNSSize,
 		},
 		Network: NetworkConfig{
 			DefaultNetwork:   "podman",
@@ -410,9 +415,6 @@ func probeConmon(conmonBinary string) error {
 
 // NetNS returns the default network namespace
 func (c *Config) NetNS() string {
-	if c.Containers.NetNS == "private" && unshare.IsRootless() {
-		return "slirp4netns"
-	}
 	return c.Containers.NetNS
 }
 
@@ -544,3 +546,9 @@ func (c *Config) LogDriver() string {
 func (c *Config) MachineEnabled() bool {
 	return c.Engine.MachineEnabled
 }
+
+// RootlessNetworking returns the "kind" of networking
+// rootless containers should use
+func (c *Config) RootlessNetworking() string {
+	return c.Containers.RootlessNetworking
+}

vendor/github.com/containers/common/version/version.go

@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.38.4"
+const Version = "0.39.0"

vendor/github.com/containers/storage/VERSION

@@ -1 +1 @@
-1.31.2
+1.32.0

vendor/github.com/containers/storage/drivers/devmapper/deviceset.go

@@ -2446,7 +2446,9 @@ func (devices *DeviceSet) UnmountDevice(hash, mountPath string) error {
 
 	logrus.Debugf("devmapper: Unmount(%s)", mountPath)
 	if err := mount.Unmount(mountPath); err != nil {
-		return err
+		if ok, _ := Mounted(mountPath); ok {
+			return err
+		}
 	}
 	logrus.Debug("devmapper: Unmount done")
 

vendor/github.com/containers/storage/drivers/driver.go

@@ -230,6 +230,9 @@ type AdditionalLayer interface {
 	// Info returns arbitrary information stored along with this layer (i.e. `info` file)
 	Info() (io.ReadCloser, error)
 
+	// Blob returns a reader of the raw contents of this layer.
+	Blob() (io.ReadCloser, error)
+
 	// Release tells the additional layer store that we don't use this handler.
 	Release()
 }
@@ -243,6 +246,10 @@ type AdditionalLayerStoreDriver interface {
 	// LookupAdditionalLayer looks up additional layer store by the specified
 	// digest and ref and returns an object representing that layer.
 	LookupAdditionalLayer(d digest.Digest, ref string) (AdditionalLayer, error)
+
+	// LookupAdditionalLayer looks up additional layer store by the specified
+	// ID and returns an object representing that layer.
+	LookupAdditionalLayerByID(id string) (AdditionalLayer, error)
 }
 
 // DiffGetterDriver is the interface for layered file system drivers that

vendor/github.com/containers/storage/drivers/overlay/overlay.go

@@ -721,6 +721,7 @@ func (d *Driver) Cleanup() error {
 // LookupAdditionalLayer looks up additional layer store by the specified
 // digest and ref and returns an object representing that layer.
 // This API is experimental and can be changed without bumping the major version number.
+// TODO: to remove the comment once it's no longer experimental.
 func (d *Driver) LookupAdditionalLayer(dgst digest.Digest, ref string) (graphdriver.AdditionalLayer, error) {
 	l, err := d.getAdditionalLayerPath(dgst, ref)
 	if err != nil {
@@ -736,6 +737,25 @@ func (d *Driver) LookupAdditionalLayer(dgst digest.Digest, ref string) (graphdri
 	}, nil
 }
 
+// LookupAdditionalLayerByID looks up additional layer store by the specified
+// ID and returns an object representing that layer.
+// This API is experimental and can be changed without bumping the major version number.
+// TODO: to remove the comment once it's no longer experimental.
+func (d *Driver) LookupAdditionalLayerByID(id string) (graphdriver.AdditionalLayer, error) {
+	l, err := d.getAdditionalLayerPathByID(id)
+	if err != nil {
+		return nil, err
+	}
+	// Tell the additional layer store that we use this layer.
+	// This will increase reference counter on the store's side.
+	// This will be decreased on Release() method.
+	notifyUseAdditionalLayer(l)
+	return &additionalLayer{
+		path: l,
+		d:    d,
+	}, nil
+}
+
 // CreateFromTemplate creates a layer with the same contents and parent as another layer.
 func (d *Driver) CreateFromTemplate(id, template string, templateIDMappings *idtools.IDMappings, parent string, parentIDMappings *idtools.IDMappings, opts *graphdriver.CreateOpts, readWrite bool) error {
 	if readWrite {
@@ -1655,7 +1675,7 @@ func (d *Driver) getLowerDiffPaths(id string) ([]string, error) {
 // and its parent and returns the size in bytes of the changes
 // relative to its base filesystem directory.
 func (d *Driver) DiffSize(id string, idMappings *idtools.IDMappings, parent string, parentMappings *idtools.IDMappings, mountLabel string) (size int64, err error) {
-	if d.useNaiveDiff() || !d.isParent(id, parent) {
+	if d.options.mountProgram == "" && (d.useNaiveDiff() || !d.isParent(id, parent)) {
 		return d.naiveDiff.DiffSize(id, idMappings, parent, parentMappings, mountLabel)
 	}
 
@@ -1833,9 +1853,7 @@ func (d *Driver) getAdditionalLayerPath(dgst digest.Digest, ref string) (string,
 		for _, p := range []string{
 			filepath.Join(target, "diff"),
 			filepath.Join(target, "info"),
-			// TODO(ktock): We should have an API to expose the stream data of this layer
-			//              to enable the client to retrieve the entire contents of this
-			//              layer when it exports this layer.
+			filepath.Join(target, "blob"),
 		} {
 			if _, err := os.Stat(p); err != nil {
 				return "", errors.Wrapf(graphdriver.ErrLayerUnknown,
@@ -1850,8 +1868,8 @@ func (d *Driver) getAdditionalLayerPath(dgst digest.Digest, ref string) (string,
 }
 
 func (d *Driver) releaseAdditionalLayerByID(id string) {
-	if al, err := ioutil.ReadFile(path.Join(d.dir(id), "additionallayer")); err == nil {
-		notifyReleaseAdditionalLayer(string(al))
+	if al, err := d.getAdditionalLayerPathByID(id); err == nil {
+		notifyReleaseAdditionalLayer(al)
 	} else if !os.IsNotExist(err) {
 		logrus.Warnf("unexpected error on reading Additional Layer Store pointer %v", err)
 	}
@@ -1866,12 +1884,19 @@ type additionalLayer struct {
 
 // Info returns arbitrary information stored along with this layer (i.e. `info` file).
 // This API is experimental and can be changed without bumping the major version number.
+// TODO: to remove the comment once it's no longer experimental.
 func (al *additionalLayer) Info() (io.ReadCloser, error) {
 	return os.Open(filepath.Join(al.path, "info"))
 }
 
+// Blob returns a reader of the raw contents of this leyer.
+func (al *additionalLayer) Blob() (io.ReadCloser, error) {
+	return os.Open(filepath.Join(al.path, "blob"))
+}
+
 // CreateAs creates a new layer from this additional layer.
 // This API is experimental and can be changed without bumping the major version number.
+// TODO: to remove the comment once it's no longer experimental.
 func (al *additionalLayer) CreateAs(id, parent string) error {
 	// TODO: support opts
 	if err := al.d.Create(id, parent, nil); err != nil {
@@ -1891,8 +1916,17 @@ func (al *additionalLayer) CreateAs(id, parent string) error {
 	return os.Symlink(filepath.Join(al.path, "diff"), diffDir)
 }
 
+func (d *Driver) getAdditionalLayerPathByID(id string) (string, error) {
+	al, err := ioutil.ReadFile(path.Join(d.dir(id), "additionallayer"))
+	if err != nil {
+		return "", err
+	}
+	return string(al), nil
+}
+
 // Release tells the additional layer store that we don't use this handler.
 // This API is experimental and can be changed without bumping the major version number.
+// TODO: to remove the comment once it's no longer experimental.
 func (al *additionalLayer) Release() {
 	// Tell the additional layer store that we don't use this layer handler.
 	// This will decrease the reference counter on the store's side, which was

vendor/github.com/containers/storage/layers.go

@@ -1401,6 +1401,52 @@ func (r *layerStore) Diff(from, to string, options *DiffOptions) (io.ReadCloser,
 		return maybeCompressReadCloser(diff)
 	}
 
+	if ad, ok := r.driver.(drivers.AdditionalLayerStoreDriver); ok {
+		if aLayer, err := ad.LookupAdditionalLayerByID(to); err == nil {
+			// This is an additional layer. We leverage blob API for aquiring the reproduced raw blob.
+			info, err := aLayer.Info()
+			if err != nil {
+				aLayer.Release()
+				return nil, err
+			}
+			defer info.Close()
+			layer := &Layer{}
+			if err := json.NewDecoder(info).Decode(layer); err != nil {
+				aLayer.Release()
+				return nil, err
+			}
+			blob, err := aLayer.Blob()
+			if err != nil {
+				aLayer.Release()
+				return nil, err
+			}
+			// If layer compression type is different from the expected one, decompress and convert it.
+			if compression != layer.CompressionType {
+				diff, err := archive.DecompressStream(blob)
+				if err != nil {
+					if err2 := blob.Close(); err2 != nil {
+						err = errors.Wrapf(err, "failed to close blob file: %v", err2)
+					}
+					aLayer.Release()
+					return nil, err
+				}
+				rc, err := maybeCompressReadCloser(diff)
+				if err != nil {
+					if err2 := closeAll(blob.Close, diff.Close); err2 != nil {
+						err = errors.Wrapf(err, "failed to cleanup: %v", err2)
+					}
+					aLayer.Release()
+					return nil, err
+				}
+				return ioutils.NewReadCloserWrapper(rc, func() error {
+					defer aLayer.Release()
+					return closeAll(blob.Close, rc.Close)
+				}), nil
+			}
+			return ioutils.NewReadCloserWrapper(blob, func() error { defer aLayer.Release(); return blob.Close() }), nil
+		}
+	}
+
 	tsfile, err := os.Open(r.tspath(to))
 	if err != nil {
 		if !os.IsNotExist(err) {
@@ -1733,3 +1779,16 @@ func (r *layerStore) ReloadIfChanged() error {
 	}
 	return nil
 }
+
+func closeAll(closes ...func() error) (rErr error) {
+	for _, f := range closes {
+		if err := f(); err != nil {
+			if rErr == nil {
+				rErr = errors.Wrapf(err, "close error")
+				continue
+			}
+			rErr = errors.Wrapf(rErr, "%v", err)
+		}
+	}
+	return
+}

vendor/modules.txt

@@ -91,7 +91,7 @@ github.com/containers/buildah/pkg/overlay
 github.com/containers/buildah/pkg/parse
 github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/util
-# github.com/containers/common v0.38.4
+# github.com/containers/common v0.39.0
 github.com/containers/common/libimage
 github.com/containers/common/libimage/manifests
 github.com/containers/common/pkg/apparmor
@@ -192,7 +192,7 @@ github.com/containers/psgo/internal/dev
 github.com/containers/psgo/internal/host
 github.com/containers/psgo/internal/proc
 github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.31.2
+# github.com/containers/storage v1.32.0
 github.com/containers/storage
 github.com/containers/storage/drivers
 github.com/containers/storage/drivers/aufs