From f90bd48859d0dcee8d9c332a48c68462c4946e81 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 12 Jul 2024 14:19:33 +0200 Subject: [PATCH] vendor: bump c/storage Signed-off-by: Giuseppe Scrivano --- go.mod | 2 +- go.sum | 4 +-- .../containers/storage/.golangci.yml | 6 +--- vendor/github.com/containers/storage/check.go | 17 ++++++--- .../containers/storage/drivers/aufs/aufs.go | 29 ++++++++------- .../containers/storage/drivers/driver.go | 1 + .../storage/drivers/overlay/check.go | 6 +++- .../storage/drivers/overlay/overlay.go | 30 +++++++++++----- .../containers/storage/drivers/vfs/driver.go | 4 ++- .../containers/storage/drivers/zfs/zfs.go | 4 ++- .../github.com/containers/storage/layers.go | 4 ++- .../pkg/chrootarchive/archive_darwin.go | 2 ++ .../storage/pkg/chrootarchive/archive_unix.go | 7 ++-- .../storage/pkg/chrootarchive/diff_unix.go | 6 ++-- .../storage/pkg/chunked/cache_linux.go | 8 +++-- .../pkg/chunked/compressor/compressor.go | 15 ++++++-- .../storage/pkg/chunked/filesystem_linux.go | 6 ++-- .../storage/pkg/chunked/storage_linux.go | 36 +++++++++++-------- .../storage/pkg/idmap/idmapped_utils.go | 15 ++++++-- .../storage/pkg/ioutils/fswriters.go | 5 ++- .../storage/pkg/lockfile/lockfile.go | 4 ++- .../storage/pkg/unshare/unshare_linux.go | 7 +++- vendor/github.com/containers/storage/store.go | 12 ++----- .../containers/storage/types/options.go | 2 +- .../containers/storage/types/options_bsd.go | 2 +- .../storage/types/options_darwin.go | 2 +- .../containers/storage/types/options_linux.go | 2 +- .../storage/types/options_windows.go | 2 +- .../containers/storage/types/utils.go | 5 ++- vendor/modules.txt | 2 +- 30 files changed, 162 insertions(+), 85 deletions(-) diff --git a/go.mod b/go.mod index ad66f2a25d..851af37e4f 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/containers/libhvee v0.7.1 github.com/containers/ocicrypt v1.2.0 github.com/containers/psgo v1.9.0 - github.com/containers/storage v1.54.1-0.20240627145511-52b643e1ff51 + github.com/containers/storage v1.54.1-0.20240712121534-ab74785ce9e8 github.com/containers/winquit v1.1.0 github.com/coreos/go-systemd/v22 v22.5.1-0.20231103132048-7d375ecc2b09 github.com/coreos/stream-metadata-go v0.4.4 diff --git a/go.sum b/go.sum index dbd29f09db..74039748d0 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ github.com/containers/ocicrypt v1.2.0 h1:X14EgRK3xNFvJEfI5O4Qn4T3E25ANudSOZz/sir github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U= github.com/containers/psgo v1.9.0 h1:eJ74jzSaCHnWt26OlKZROSyUyRcGDf+gYBdXnxrMW4g= github.com/containers/psgo v1.9.0/go.mod h1:0YoluUm43Mz2UnBIh1P+6V6NWcbpTL5uRtXyOcH0B5A= -github.com/containers/storage v1.54.1-0.20240627145511-52b643e1ff51 h1:0ipwtt1iNX4gSje0iQHHtnvqnU45uUyGO1LVGBkpoSE= -github.com/containers/storage v1.54.1-0.20240627145511-52b643e1ff51/go.mod h1:y1CGloHDYq9uK3Og/zLkrJ8vpSuFwNaIWOyB8IX076w= +github.com/containers/storage v1.54.1-0.20240712121534-ab74785ce9e8 h1:Y1kUvxQhjtHIvjVivFqnis9QOWCMPXeehMVb50si/DE= +github.com/containers/storage v1.54.1-0.20240712121534-ab74785ce9e8/go.mod h1:EyuSB0B1ddqXN0pXGNKPrtxzma80jhRCeVl7/J/JAhE= github.com/containers/winquit v1.1.0 h1:jArun04BNDQvt2W0Y78kh9TazN2EIEMG5Im6/JY7+pE= github.com/containers/winquit v1.1.0/go.mod h1:PsPeZlnbkmGGIToMPHF1zhWjBUkd8aHjMOr/vFcPxw8= github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU= diff --git a/vendor/github.com/containers/storage/.golangci.yml b/vendor/github.com/containers/storage/.golangci.yml index 20968466c3..ec11f5dae3 100644 --- a/vendor/github.com/containers/storage/.golangci.yml +++ b/vendor/github.com/containers/storage/.golangci.yml @@ -1,11 +1,7 @@ --- run: concurrency: 6 - deadline: 5m - skip-dirs-use-default: true + timeout: 5m linters: enable: - gofumpt - disable: - - errcheck - - staticcheck diff --git a/vendor/github.com/containers/storage/check.go b/vendor/github.com/containers/storage/check.go index e58084fc7c..7176ba361f 100644 --- a/vendor/github.com/containers/storage/check.go +++ b/vendor/github.com/containers/storage/check.go @@ -304,7 +304,14 @@ func (s *store) Check(options *CheckOptions) (CheckReport, error) { archiveErr = err } // consume any trailer after the EOF marker - io.Copy(io.Discard, diffReader) + if _, err := io.Copy(io.Discard, diffReader); err != nil { + err = fmt.Errorf("layer %s: consume any trailer after the EOF marker: %w", layerID, err) + if isReadWrite { + report.Layers[layerID] = append(report.Layers[layerID], err) + } else { + report.ROLayers[layerID] = append(report.ROLayers[layerID], err) + } + } wg.Done() }(id, reader) wg.Wait() @@ -366,7 +373,7 @@ func (s *store) Check(options *CheckOptions) (CheckReport, error) { if options.LayerMountable { func() { // Mount the layer. - mountPoint, err := s.graphDriver.Get(id, drivers.MountOpts{MountLabel: layer.MountLabel}) + mountPoint, err := s.graphDriver.Get(id, drivers.MountOpts{MountLabel: layer.MountLabel, Options: []string{"ro"}}) if err != nil { err := fmt.Errorf("%slayer %s: %w", readWriteDesc, id, err) if isReadWrite { @@ -955,6 +962,9 @@ func (c *checkDirectory) add(path string, typeflag byte, uid, gid int, size int6 mtime: mtime, } } + case tar.TypeXGlobalHeader: + // ignore, since even though it looks like a valid pathname, it doesn't end + // up on the filesystem default: // treat these as TypeReg items delete(c.directory, components[0]) @@ -966,9 +976,6 @@ func (c *checkDirectory) add(path string, typeflag byte, uid, gid int, size int6 mode: mode, mtime: mtime, } - case tar.TypeXGlobalHeader: - // ignore, since even though it looks like a valid pathname, it doesn't end - // up on the filesystem } return } diff --git a/vendor/github.com/containers/storage/drivers/aufs/aufs.go b/vendor/github.com/containers/storage/drivers/aufs/aufs.go index 8d001a89ee..c12d4ca54c 100644 --- a/vendor/github.com/containers/storage/drivers/aufs/aufs.go +++ b/vendor/github.com/containers/storage/drivers/aufs/aufs.go @@ -30,7 +30,6 @@ import ( "io" "io/fs" "os" - "os/exec" "path" "path/filepath" "strings" @@ -183,13 +182,7 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error) } // Return a nil error if the kernel supports aufs -// We cannot modprobe because inside dind modprobe fails -// to run func supportsAufs() error { - // We can try to modprobe aufs first before looking at - // proc/filesystems for when aufs is supported - exec.Command("modprobe", "aufs").Run() - if unshare.IsRootless() { return ErrAufsNested } @@ -347,7 +340,9 @@ func (a *Driver) createDirsFor(id, parent string) error { // Remove will unmount and remove the given id. func (a *Driver) Remove(id string) error { a.locker.Lock(id) - defer a.locker.Unlock(id) + defer func() { + _ = a.locker.Unlock(id) + }() a.pathCacheLock.Lock() mountpoint, exists := a.pathCache[id] a.pathCacheLock.Unlock() @@ -438,7 +433,10 @@ func atomicRemove(source string) error { // This will mount the dir at its given path func (a *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { a.locker.Lock(id) - defer a.locker.Unlock(id) + defer func() { + _ = a.locker.Unlock(id) + }() + parents, err := a.getParentLayerPaths(id) if err != nil && !os.IsNotExist(err) { return "", err @@ -475,7 +473,10 @@ func (a *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { // Put unmounts and updates list of active mounts. func (a *Driver) Put(id string) error { a.locker.Lock(id) - defer a.locker.Unlock(id) + defer func() { + _ = a.locker.Unlock(id) + }() + a.pathCacheLock.Lock() m, exists := a.pathCache[id] if !exists { @@ -498,7 +499,9 @@ func (a *Driver) Put(id string) error { // For AUFS, it queries the mountpoint for this ID. func (a *Driver) ReadWriteDiskUsage(id string) (*directory.DiskUsage, error) { a.locker.Lock(id) - defer a.locker.Unlock(id) + defer func() { + _ = a.locker.Unlock(id) + }() a.pathCacheLock.Lock() m, exists := a.pathCache[id] if !exists { @@ -681,7 +684,9 @@ func (a *Driver) Cleanup() error { func (a *Driver) aufsMount(ro []string, rw, target string, options graphdriver.MountOpts) (err error) { defer func() { if err != nil { - Unmount(target) + if err1 := Unmount(target); err1 != nil { + logrus.Warnf("Unmount %q: %v", target, err1) + } } }() diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go index c1495162e2..b37837b001 100644 --- a/vendor/github.com/containers/storage/drivers/driver.go +++ b/vendor/github.com/containers/storage/drivers/driver.go @@ -193,6 +193,7 @@ type DriverWithDifferOutput struct { UIDs []uint32 GIDs []uint32 UncompressedDigest digest.Digest + CompressedDigest digest.Digest Metadata string BigData map[string][]byte TarSplit []byte diff --git a/vendor/github.com/containers/storage/drivers/overlay/check.go b/vendor/github.com/containers/storage/drivers/overlay/check.go index d8139f6566..d75c5fdf5e 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/check.go +++ b/vendor/github.com/containers/storage/drivers/overlay/check.go @@ -263,7 +263,11 @@ func supportsIdmappedLowerLayers(home string) (bool, error) { if err := idmap.CreateIDMappedMount(lowerDir, lowerMappedDir, int(pid)); err != nil { return false, fmt.Errorf("create mapped mount: %w", err) } - defer unix.Unmount(lowerMappedDir, unix.MNT_DETACH) + defer func() { + if err := unix.Unmount(lowerMappedDir, unix.MNT_DETACH); err != nil { + logrus.Warnf("Unmount %q: %v", lowerMappedDir, err) + } + }() opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerMappedDir, upperDir, workDir) flags := uintptr(0) diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index 0585228981..d94f99550d 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -688,12 +688,8 @@ func SupportsNativeOverlay(home, runhome string) (bool, error) { } func supportsOverlay(home string, homeMagic graphdriver.FsMagic, rootUID, rootGID int) (supportsDType bool, err error) { - // We can try to modprobe overlay first - selinuxLabelTest := selinux.PrivContainerMountLabel() - exec.Command("modprobe", "overlay").Run() - logLevel := logrus.ErrorLevel if unshare.IsRootless() { logLevel = logrus.DebugLevel @@ -821,7 +817,9 @@ func (d *Driver) useNaiveDiff() bool { logrus.Info(nativeDiffCacheText) useNaiveDiffOnly = true } - cachedFeatureRecord(d.runhome, feature, !useNaiveDiffOnly, nativeDiffCacheText) + if err := cachedFeatureRecord(d.runhome, feature, !useNaiveDiffOnly, nativeDiffCacheText); err != nil { + logrus.Warnf("Recording overlay native-diff support status: %v", err) + } }) return useNaiveDiffOnly } @@ -1553,7 +1551,11 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO composefsMounts := []string{} defer func() { for _, m := range composefsMounts { - defer unix.Unmount(m, unix.MNT_DETACH) + defer func(m string) { + if err := unix.Unmount(m, unix.MNT_DETACH); err != nil { + logrus.Warnf("Unmount %q: %v", m, err) + } + }(m) } }() @@ -1657,7 +1659,11 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO skipIDMappingLayers[composefsMount] = composefsMount // overlay takes a reference on the mount, so it is safe to unmount // the mapped idmounts as soon as the final overlay file system is mounted. - defer unix.Unmount(composefsMount, unix.MNT_DETACH) + defer func() { + if err := unix.Unmount(composefsMount, unix.MNT_DETACH); err != nil { + logrus.Warnf("Unmount %q: %v", composefsMount, err) + } + }() } absLowers = append(absLowers, composefsMount) continue @@ -1764,7 +1770,11 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO // overlay takes a reference on the mount, so it is safe to unmount // the mapped idmounts as soon as the final overlay file system is mounted. - defer unix.Unmount(root, unix.MNT_DETACH) + defer func() { + if err := unix.Unmount(root, unix.MNT_DETACH); err != nil { + logrus.Warnf("Unmount %q: %v", root, err) + } + }() } // relative path to the layer through the id mapped mount @@ -2085,7 +2095,9 @@ func (d *Driver) DiffGetter(id string) (_ graphdriver.FileGetCloser, Err error) if Err != nil { for _, f := range composefsMounts { f.Close() - unix.Rmdir(f.Name()) + if err := unix.Rmdir(f.Name()); err != nil && !os.IsNotExist(err) { + logrus.Warnf("Failed to remove %s: %v", f.Name(), err) + } } } }() diff --git a/vendor/github.com/containers/storage/drivers/vfs/driver.go b/vendor/github.com/containers/storage/drivers/vfs/driver.go index 1b9de2dc2a..f60ec17b3f 100644 --- a/vendor/github.com/containers/storage/drivers/vfs/driver.go +++ b/vendor/github.com/containers/storage/drivers/vfs/driver.go @@ -193,7 +193,9 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts, ro bool } labelOpts := []string{"level:s0"} if _, mountLabel, err := label.InitLabels(labelOpts); err == nil { - label.SetFileLabel(dir, mountLabel) + if err := label.SetFileLabel(dir, mountLabel); err != nil { + logrus.Debugf("Set %s label to %q file ended with error: %v", mountLabel, dir, err) + } } if parent != "" { parentDir, err := d.Get(parent, graphdriver.MountOpts{}) diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go index 5a7b2da7b0..0e859a93b8 100644 --- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go +++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go @@ -240,7 +240,9 @@ func (d *Driver) cloneFilesystem(name, parentName string) error { } if err != nil { - snapshot.Destroy(zfs.DestroyDeferDeletion) + if err1 := snapshot.Destroy(zfs.DestroyDeferDeletion); err1 != nil { + logrus.Warnf("Destroy zfs.DestroyDeferDeletion: %v", err1) + } return err } return snapshot.Destroy(zfs.DestroyDeferDeletion) diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go index f1325262b5..6caf28ab71 100644 --- a/vendor/github.com/containers/storage/layers.go +++ b/vendor/github.com/containers/storage/layers.go @@ -2529,7 +2529,9 @@ func (r *layerStore) applyDiffFromStagingDirectory(id string, diffOutput *driver layer.GIDs = diffOutput.GIDs updateDigestMap(&r.byuncompressedsum, layer.UncompressedDigest, diffOutput.UncompressedDigest, layer.ID) layer.UncompressedDigest = diffOutput.UncompressedDigest - updateDigestMap(&r.bytocsum, diffOutput.TOCDigest, diffOutput.TOCDigest, layer.ID) + updateDigestMap(&r.bycompressedsum, layer.CompressedDigest, diffOutput.CompressedDigest, layer.ID) + layer.CompressedDigest = diffOutput.CompressedDigest + updateDigestMap(&r.bytocsum, layer.TOCDigest, diffOutput.TOCDigest, layer.ID) layer.TOCDigest = diffOutput.TOCDigest layer.UncompressedSize = diffOutput.Size layer.Metadata = diffOutput.Metadata diff --git a/vendor/github.com/containers/storage/pkg/chrootarchive/archive_darwin.go b/vendor/github.com/containers/storage/pkg/chrootarchive/archive_darwin.go index f7a16e9f98..a0a578d3e7 100644 --- a/vendor/github.com/containers/storage/pkg/chrootarchive/archive_darwin.go +++ b/vendor/github.com/containers/storage/pkg/chrootarchive/archive_darwin.go @@ -10,9 +10,11 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions, root string, ) error { + _ = root // Restricting the operation to this root is not implemented on macOS return archive.Unpack(decompressedArchive, dest, options) } func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) { + _ = root // Restricting the operation to this root is not implemented on macOS return archive.TarWithOptions(srcPath, options) } diff --git a/vendor/github.com/containers/storage/pkg/chrootarchive/archive_unix.go b/vendor/github.com/containers/storage/pkg/chrootarchive/archive_unix.go index 259f8c99a1..9907d24c30 100644 --- a/vendor/github.com/containers/storage/pkg/chrootarchive/archive_unix.go +++ b/vendor/github.com/containers/storage/pkg/chrootarchive/archive_unix.go @@ -107,12 +107,15 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T w.Close() if err := cmd.Wait(); err != nil { + errorOut := fmt.Errorf("unpacking failed (error: %w; output: %s)", err, output) // when `xz -d -c -q | storage-untar ...` failed on storage-untar side, // we need to exhaust `xz`'s output, otherwise the `xz` side will be // pending on write pipe forever - io.Copy(io.Discard, decompressedArchive) + if _, err := io.Copy(io.Discard, decompressedArchive); err != nil { + return fmt.Errorf("%w\nexhausting input failed (error: %w)", errorOut, err) + } - return fmt.Errorf("processing tar file(%s): %w", output, err) + return errorOut } return nil } diff --git a/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go b/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go index 71ed094d1e..cdcd9fdc3b 100644 --- a/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go +++ b/vendor/github.com/containers/storage/pkg/chrootarchive/diff_unix.go @@ -40,11 +40,13 @@ func applyLayer() { } // We need to be able to set any perms - oldmask, err := system.Umask(0) - defer system.Umask(oldmask) + oldMask, err := system.Umask(0) if err != nil { fatal(err) } + defer func() { + _, _ = system.Umask(oldMask) // Ignore err. This can only fail with ErrNotSupportedPlatform, in which case we would have failed above. + }() if err := json.Unmarshal([]byte(os.Getenv("OPT")), &options); err != nil { fatal(err) diff --git a/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go b/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go index 6d6a575ba7..34f1a49648 100644 --- a/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go +++ b/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go @@ -80,7 +80,9 @@ var ( func (c *layer) release() { runtime.SetFinalizer(c, nil) if c.mmapBuffer != nil { - unix.Munmap(c.mmapBuffer) + if err := unix.Munmap(c.mmapBuffer); err != nil { + logrus.Warnf("Error Munmap: layer %q: %v", c.id, err) + } } } @@ -192,7 +194,9 @@ func (c *layersCache) loadLayerCache(layerID string) (_ *layer, errRet error) { } defer func() { if errRet != nil && mmapBuffer != nil { - unix.Munmap(mmapBuffer) + if err := unix.Munmap(mmapBuffer); err != nil { + logrus.Warnf("Error Munmap: layer %q: %v", layerID, err) + } } }() cacheFile, err := readCacheFileFromMemory(buffer) diff --git a/vendor/github.com/containers/storage/pkg/chunked/compressor/compressor.go b/vendor/github.com/containers/storage/pkg/chunked/compressor/compressor.go index 47d64c543c..d18392f8a7 100644 --- a/vendor/github.com/containers/storage/pkg/chunked/compressor/compressor.go +++ b/vendor/github.com/containers/storage/pkg/chunked/compressor/compressor.go @@ -10,6 +10,7 @@ import ( "encoding/base64" "io" "strings" + "time" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chunked/internal" @@ -233,6 +234,14 @@ func newTarSplitData(level int) (*tarSplitData, error) { }, nil } +// timeIfNotZero returns a pointer to the time.Time if it is not zero, otherwise it returns nil. +func timeIfNotZero(t *time.Time) *time.Time { + if t == nil || t.IsZero() { + return nil + } + return t +} + func writeZstdChunkedStream(destFile io.Writer, outMetadata map[string]string, reader io.Reader, level int) error { // total written so far. Used to retrieve partial offsets in the file dest := ioutils.NewWriteCounter(destFile) @@ -392,9 +401,9 @@ func writeZstdChunkedStream(destFile io.Writer, outMetadata map[string]string, r Size: hdr.Size, UID: hdr.Uid, GID: hdr.Gid, - ModTime: &hdr.ModTime, - AccessTime: &hdr.AccessTime, - ChangeTime: &hdr.ChangeTime, + ModTime: timeIfNotZero(&hdr.ModTime), + AccessTime: timeIfNotZero(&hdr.AccessTime), + ChangeTime: timeIfNotZero(&hdr.ChangeTime), Devmajor: hdr.Devmajor, Devminor: hdr.Devminor, Xattrs: xattrs, diff --git a/vendor/github.com/containers/storage/pkg/chunked/filesystem_linux.go b/vendor/github.com/containers/storage/pkg/chunked/filesystem_linux.go index b7aa88cb5f..4fc4864a28 100644 --- a/vendor/github.com/containers/storage/pkg/chunked/filesystem_linux.go +++ b/vendor/github.com/containers/storage/pkg/chunked/filesystem_linux.go @@ -76,7 +76,9 @@ func doHardLink(dirfd, srcFd int, destFile string) error { // if the destination exists, unlink it first and try again if err != nil && os.IsExist(err) { - unix.Unlinkat(destDirFd, destBase, 0) + if err := unix.Unlinkat(destDirFd, destBase, 0); err != nil { + return err + } return doLink() } return err @@ -503,7 +505,7 @@ func safeLink(dirfd int, mode os.FileMode, metadata *fileMetadata, options *arch return setFileAttrs(dirfd, newFile, mode, metadata, options, false) } -func safeSymlink(dirfd int, mode os.FileMode, metadata *fileMetadata, options *archive.TarOptions) error { +func safeSymlink(dirfd int, metadata *fileMetadata) error { destDir, destBase := filepath.Split(metadata.Name) destDirFd := dirfd if destDir != "" && destDir != "." { diff --git a/vendor/github.com/containers/storage/pkg/chunked/storage_linux.go b/vendor/github.com/containers/storage/pkg/chunked/storage_linux.go index f7a514e3b6..403d7d5aa3 100644 --- a/vendor/github.com/containers/storage/pkg/chunked/storage_linux.go +++ b/vendor/github.com/containers/storage/pkg/chunked/storage_linux.go @@ -162,20 +162,20 @@ func GetDiffer(ctx context.Context, store storage.Store, blobDigest digest.Diges if err != nil { return nil, fmt.Errorf("parsing zstd:chunked TOC digest %q: %w", zstdChunkedTOCDigestString, err) } - return makeZstdChunkedDiffer(ctx, store, blobSize, zstdChunkedTOCDigest, annotations, iss, pullOptions) + return makeZstdChunkedDiffer(store, blobSize, zstdChunkedTOCDigest, annotations, iss, pullOptions) } if hasEstargzTOC { estargzTOCDigest, err := digest.Parse(estargzTOCDigestString) if err != nil { return nil, fmt.Errorf("parsing estargz TOC digest %q: %w", estargzTOCDigestString, err) } - return makeEstargzChunkedDiffer(ctx, store, blobSize, estargzTOCDigest, iss, pullOptions) + return makeEstargzChunkedDiffer(store, blobSize, estargzTOCDigest, iss, pullOptions) } - return makeConvertFromRawDiffer(ctx, store, blobDigest, blobSize, annotations, iss, pullOptions) + return makeConvertFromRawDiffer(store, blobDigest, blobSize, iss, pullOptions) } -func makeConvertFromRawDiffer(ctx context.Context, store storage.Store, blobDigest digest.Digest, blobSize int64, annotations map[string]string, iss ImageSourceSeekable, pullOptions map[string]string) (*chunkedDiffer, error) { +func makeConvertFromRawDiffer(store storage.Store, blobDigest digest.Digest, blobSize int64, iss ImageSourceSeekable, pullOptions map[string]string) (*chunkedDiffer, error) { if !parseBooleanPullOption(pullOptions, "convert_images", false) { return nil, errors.New("convert_images not configured") } @@ -197,7 +197,7 @@ func makeConvertFromRawDiffer(ctx context.Context, store storage.Store, blobDige }, nil } -func makeZstdChunkedDiffer(ctx context.Context, store storage.Store, blobSize int64, tocDigest digest.Digest, annotations map[string]string, iss ImageSourceSeekable, pullOptions map[string]string) (*chunkedDiffer, error) { +func makeZstdChunkedDiffer(store storage.Store, blobSize int64, tocDigest digest.Digest, annotations map[string]string, iss ImageSourceSeekable, pullOptions map[string]string) (*chunkedDiffer, error) { manifest, toc, tarSplit, tocOffset, err := readZstdChunkedManifest(iss, tocDigest, annotations) if err != nil { return nil, fmt.Errorf("read zstd:chunked manifest: %w", err) @@ -223,7 +223,7 @@ func makeZstdChunkedDiffer(ctx context.Context, store storage.Store, blobSize in }, nil } -func makeEstargzChunkedDiffer(ctx context.Context, store storage.Store, blobSize int64, tocDigest digest.Digest, iss ImageSourceSeekable, pullOptions map[string]string) (*chunkedDiffer, error) { +func makeEstargzChunkedDiffer(store storage.Store, blobSize int64, tocDigest digest.Digest, iss ImageSourceSeekable, pullOptions map[string]string) (*chunkedDiffer, error) { manifest, tocOffset, err := readEstargzChunkedManifest(iss, blobSize, tocDigest) if err != nil { return nil, fmt.Errorf("read zstd:chunked manifest: %w", err) @@ -557,7 +557,11 @@ func hashHole(h hash.Hash, size int64, copyBuffer []byte) error { func (c *chunkedDiffer) appendCompressedStreamToFile(compression compressedFileType, destFile *destinationFile, size int64) error { switch compression { case fileTypeZstdChunked: - defer c.zstdReader.Reset(nil) + defer func() { + if err := c.zstdReader.Reset(nil); err != nil { + logrus.Warnf("release of references to the previous zstd reader failed: %v", err) + } + }() if _, err := io.CopyBuffer(destFile.to, io.LimitReader(c.zstdReader, size), c.copyBuffer); err != nil { return err } @@ -703,7 +707,7 @@ func (c *chunkedDiffer) recordFsVerity(path string, roFile *os.File) error { return nil } -func (c *chunkedDiffer) storeMissingFiles(streams chan io.ReadCloser, errs chan error, dest string, dirfd int, missingParts []missingPart, options *archive.TarOptions) (Err error) { +func (c *chunkedDiffer) storeMissingFiles(streams chan io.ReadCloser, errs chan error, dirfd int, missingParts []missingPart, options *archive.TarOptions) (Err error) { var destFile *destinationFile filesToClose := make(chan *destinationFile, 3) @@ -917,7 +921,7 @@ func mergeMissingChunks(missingParts []missingPart, target int) []missingPart { return newMissingParts } -func (c *chunkedDiffer) retrieveMissingFiles(stream ImageSourceSeekable, dest string, dirfd int, missingParts []missingPart, options *archive.TarOptions) error { +func (c *chunkedDiffer) retrieveMissingFiles(stream ImageSourceSeekable, dirfd int, missingParts []missingPart, options *archive.TarOptions) error { var chunksToRequest []ImageSourceChunk calculateChunksToRequest := func() { @@ -956,7 +960,7 @@ func (c *chunkedDiffer) retrieveMissingFiles(stream ImageSourceSeekable, dest st return err } - if err := c.storeMissingFiles(streams, errs, dest, dirfd, missingParts, options); err != nil { + if err := c.storeMissingFiles(streams, errs, dirfd, missingParts, options); err != nil { return err } return nil @@ -1122,6 +1126,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff // stream to use for reading the zstd:chunked or Estargz file. stream := c.stream + var compressedDigest digest.Digest var uncompressedDigest digest.Digest var convertedBlobSize int64 @@ -1138,7 +1143,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff }() // calculate the checksum before accessing the file. - compressedDigest, err := c.copyAllBlobToFile(blobFile) + compressedDigest, err = c.copyAllBlobToFile(blobFile) if err != nil { return graphdriver.DriverWithDifferOutput{}, err } @@ -1224,6 +1229,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff }, TOCDigest: c.tocDigest, UncompressedDigest: uncompressedDigest, + CompressedDigest: compressedDigest, } // When the hard links deduplication is used, file attributes are ignored because setting them @@ -1283,7 +1289,9 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff for _, e := range mergedEntries { d := e.Name[0:2] if _, found := createdDirs[d]; !found { - unix.Mkdirat(dirfd, d, 0o755) + if err := unix.Mkdirat(dirfd, d, 0o755); err != nil { + return output, &fs.PathError{Op: "mkdirat", Path: d, Err: err} + } createdDirs[d] = struct{}{} } } @@ -1429,7 +1437,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff continue case tar.TypeSymlink: - if err := safeSymlink(dirfd, mode, r, options); err != nil { + if err := safeSymlink(dirfd, r); err != nil { return output, err } continue @@ -1531,7 +1539,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff } // There are some missing files. Prepare a multirange request for the missing chunks. if len(missingParts) > 0 { - if err := c.retrieveMissingFiles(stream, dest, dirfd, missingParts, options); err != nil { + if err := c.retrieveMissingFiles(stream, dirfd, missingParts, options); err != nil { return output, err } } diff --git a/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go index 87484d95b6..35b93e6263 100644 --- a/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go +++ b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go @@ -10,6 +10,7 @@ import ( "syscall" "github.com/containers/storage/pkg/idtools" + "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -61,12 +62,20 @@ func CreateUsernsProcess(uidMaps []idtools.IDMap, gidMaps []idtools.IDMap) (int, _ = unix.Prctl(unix.PR_SET_PDEATHSIG, uintptr(unix.SIGKILL), 0, 0, 0) // just wait for the SIGKILL for { - syscall.Pause() + _ = syscall.Pause() } } cleanupFunc := func() { - unix.Kill(int(pid), unix.SIGKILL) - _, _ = unix.Wait4(int(pid), nil, 0, nil) + err1 := unix.Kill(int(pid), unix.SIGKILL) + if err1 != nil && err1 != syscall.ESRCH { + logrus.Warnf("kill process pid: %d with SIGKILL ended with error: %v", int(pid), err1) + } + if err1 != nil { + return + } + if _, err := unix.Wait4(int(pid), nil, 0, nil); err != nil { + logrus.Warnf("wait4 pid: %d ended with error: %v", int(pid), err) + } } writeMappings := func(fname string, idmap []idtools.IDMap) error { mappings := "" diff --git a/vendor/github.com/containers/storage/pkg/ioutils/fswriters.go b/vendor/github.com/containers/storage/pkg/ioutils/fswriters.go index 2a8c85ad44..fd6addd73b 100644 --- a/vendor/github.com/containers/storage/pkg/ioutils/fswriters.go +++ b/vendor/github.com/containers/storage/pkg/ioutils/fswriters.go @@ -150,10 +150,13 @@ func (w *atomicFileWriter) complete(commit bool) (retErr error) { } defer func() { - w.closeTempFile() + err := w.closeTempFile() if retErr != nil || w.writeErr != nil { os.Remove(w.f.Name()) } + if retErr == nil { + retErr = err + } }() if commit { diff --git a/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go b/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go index faf995a2d6..25a71ac908 100644 --- a/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go +++ b/vendor/github.com/containers/storage/pkg/lockfile/lockfile.go @@ -415,7 +415,9 @@ func (l *LockFile) lock(lType lockType) { // Optimization: only use the (expensive) syscall when // the counter is 0. In this case, we're either the first // reader lock or a writer lock. - lockHandle(l.fd, lType, false) + if err := lockHandle(l.fd, lType, false); err != nil { + panic(err) + } } l.lockType = lType l.locked = true diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go index 58adbfb8ab..32e8d7dca3 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go @@ -590,7 +590,12 @@ func MaybeReexecUsingUserNamespace(evenForRoot bool) { cmd.Hook = func(int) error { go func() { for receivedSignal := range interrupted { - cmd.Cmd.Process.Signal(receivedSignal) + if err := cmd.Cmd.Process.Signal(receivedSignal); err != nil { + logrus.Warnf( + "Failed to send a signal '%d' to the Process (PID: %d): %v", + receivedSignal, cmd.Cmd.Process.Pid, err, + ) + } } }() return nil diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index 29af593201..3aac9fd454 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -1509,23 +1509,17 @@ func (s *store) putLayer(rlstore rwLayerStore, rlstores []roLayerStore, id, pare gidMap = s.gidMap } } - layerOptions := LayerOptions{ - OriginalDigest: options.OriginalDigest, - OriginalSize: options.OriginalSize, - UncompressedDigest: options.UncompressedDigest, - Flags: options.Flags, - } if s.canUseShifting(uidMap, gidMap) { - layerOptions.IDMappingOptions = types.IDMappingOptions{HostUIDMapping: true, HostGIDMapping: true, UIDMap: nil, GIDMap: nil} + options.IDMappingOptions = types.IDMappingOptions{HostUIDMapping: true, HostGIDMapping: true, UIDMap: nil, GIDMap: nil} } else { - layerOptions.IDMappingOptions = types.IDMappingOptions{ + options.IDMappingOptions = types.IDMappingOptions{ HostUIDMapping: options.HostUIDMapping, HostGIDMapping: options.HostGIDMapping, UIDMap: copyIDMap(uidMap), GIDMap: copyIDMap(gidMap), } } - return rlstore.create(id, parentLayer, names, mountLabel, nil, &layerOptions, writeable, diff, slo) + return rlstore.create(id, parentLayer, names, mountLabel, nil, &options, writeable, diff, slo) } func (s *store) PutLayer(id, parent string, names []string, mountLabel string, writeable bool, lOptions *LayerOptions, diff io.Reader) (*Layer, int64, error) { diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go index 7cf5bcf93b..f1a900b8d8 100644 --- a/vendor/github.com/containers/storage/types/options.go +++ b/vendor/github.com/containers/storage/types/options.go @@ -352,7 +352,7 @@ func getRootlessStorageOpts(systemOpts StoreOptions) (StoreOptions, error) { } if opts.GraphDriverName == "" { - if canUseRootlessOverlay(opts.GraphRoot, opts.RunRoot) { + if canUseRootlessOverlay() { opts.GraphDriverName = overlayDriver } else { opts.GraphDriverName = "vfs" diff --git a/vendor/github.com/containers/storage/types/options_bsd.go b/vendor/github.com/containers/storage/types/options_bsd.go index 300eb19b56..040fdc797d 100644 --- a/vendor/github.com/containers/storage/types/options_bsd.go +++ b/vendor/github.com/containers/storage/types/options_bsd.go @@ -16,6 +16,6 @@ var ( ) // canUseRootlessOverlay returns true if the overlay driver can be used for rootless containers -func canUseRootlessOverlay(home, runhome string) bool { +func canUseRootlessOverlay() bool { return false } diff --git a/vendor/github.com/containers/storage/types/options_darwin.go b/vendor/github.com/containers/storage/types/options_darwin.go index 3eecc2b827..27ba6a061d 100644 --- a/vendor/github.com/containers/storage/types/options_darwin.go +++ b/vendor/github.com/containers/storage/types/options_darwin.go @@ -11,6 +11,6 @@ const ( var defaultOverrideConfigFile = "/etc/containers/storage.conf" // canUseRootlessOverlay returns true if the overlay driver can be used for rootless containers -func canUseRootlessOverlay(home, runhome string) bool { +func canUseRootlessOverlay() bool { return false } diff --git a/vendor/github.com/containers/storage/types/options_linux.go b/vendor/github.com/containers/storage/types/options_linux.go index a28e82883c..09cbae54b6 100644 --- a/vendor/github.com/containers/storage/types/options_linux.go +++ b/vendor/github.com/containers/storage/types/options_linux.go @@ -22,7 +22,7 @@ var ( ) // canUseRootlessOverlay returns true if the overlay driver can be used for rootless containers -func canUseRootlessOverlay(home, runhome string) bool { +func canUseRootlessOverlay() bool { // we check first for fuse-overlayfs since it is cheaper. if path, _ := exec.LookPath("fuse-overlayfs"); path != "" { return true diff --git a/vendor/github.com/containers/storage/types/options_windows.go b/vendor/github.com/containers/storage/types/options_windows.go index c1bea9fac0..99a67ff210 100644 --- a/vendor/github.com/containers/storage/types/options_windows.go +++ b/vendor/github.com/containers/storage/types/options_windows.go @@ -14,6 +14,6 @@ var ( ) // canUseRootlessOverlay returns true if the overlay driver can be used for rootless containers -func canUseRootlessOverlay(home, runhome string) bool { +func canUseRootlessOverlay() bool { return false } diff --git a/vendor/github.com/containers/storage/types/utils.go b/vendor/github.com/containers/storage/types/utils.go index b313a47288..73fcd2405e 100644 --- a/vendor/github.com/containers/storage/types/utils.go +++ b/vendor/github.com/containers/storage/types/utils.go @@ -66,7 +66,10 @@ func reloadConfigurationFileIfNeeded(configFile string, storeOptions *StoreOptio return } - ReloadConfigurationFile(configFile, storeOptions) + if err := ReloadConfigurationFile(configFile, storeOptions); err != nil { + logrus.Warningf("Failed to reload %q %v\n", configFile, err) + return + } prevReloadConfig.storeOptions = storeOptions prevReloadConfig.mod = mtime diff --git a/vendor/modules.txt b/vendor/modules.txt index 1e093979ef..d488656c47 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -355,7 +355,7 @@ github.com/containers/psgo/internal/dev github.com/containers/psgo/internal/host github.com/containers/psgo/internal/proc github.com/containers/psgo/internal/process -# github.com/containers/storage v1.54.1-0.20240627145511-52b643e1ff51 +# github.com/containers/storage v1.54.1-0.20240712121534-ab74785ce9e8 ## explicit; go 1.21 github.com/containers/storage github.com/containers/storage/drivers