Bump github.com/containers/storage from 1.23.7 to 1.23.8

Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.23.7 to 1.23.8.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.23.7...v1.23.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.7.0
 	github.com/containers/psgo v1.5.1
-	github.com/containers/storage v1.23.7
+	github.com/containers/storage v1.23.8
 	github.com/coreos/go-systemd/v22 v22.1.0
 	github.com/cri-o/ocicni v0.2.0
 	github.com/cyphar/filepath-securejoin v0.2.2

go.sum

@@ -101,6 +101,8 @@ github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzP
 github.com/containers/storage v1.23.6/go.mod h1:haFs0HRowKwyzvWEx9EgI3WsL8XCSnBDb5f8P5CAxJY=
 github.com/containers/storage v1.23.7 h1:43ImvG/npvQSZXRjaudVvKISIuZSfI6qvtSNQQSGO/A=
 github.com/containers/storage v1.23.7/go.mod h1:cUT2zHjtx+WlVri30obWmM2gpqpi8jfPsmIzP1TVpEI=
+github.com/containers/storage v1.23.8 h1:Z3KKE9BkbW6CGOjIeTtvX+Dl9pFX8QgvSD2j/tS+r5E=
+github.com/containers/storage v1.23.8/go.mod h1:3b2ktpB6pw53SEeIoFfO0sQfP9+IoJJKPq5iJk74gxE=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38=
@@ -305,6 +307,8 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.11.1 h1:bPb7nMRdOZYDrpPMTA3EInUQrdgoBinqUuSwlGdKDdE=
 github.com/klauspost/compress v1.11.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.11.2 h1:MiK62aErc3gIiVEtyzKfeOHgW7atJb5g/KNX5m3c2nQ=
+github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

vendor/github.com/containers/storage/VERSION

@@ -1 +1 @@
-1.23.7
+1.23.8

vendor/github.com/containers/storage/drivers/chown_unix.go

@@ -50,22 +50,22 @@ func platformLChown(path string, info os.FileInfo, toHost, toContainer *idtools.
 	if uid != int(st.Uid) || gid != int(st.Gid) {
 		cap, err := system.Lgetxattr(path, "security.capability")
 		if err != nil && err != system.ErrNotSupportedPlatform {
-			return fmt.Errorf("%s: Lgetxattr(%q): %v", os.Args[0], path, err)
+			return fmt.Errorf("%s: %v", os.Args[0], err)
 		}
 
 		// Make the change.
-		if err := os.Lchown(path, uid, gid); err != nil {
+		if err := system.Lchown(path, uid, gid); err != nil {
-			return fmt.Errorf("%s: chown(%q): %v", os.Args[0], path, err)
+			return fmt.Errorf("%s: %v", os.Args[0], err)
 		}
 		// Restore the SUID and SGID bits if they were originally set.
 		if (info.Mode()&os.ModeSymlink == 0) && info.Mode()&(os.ModeSetuid|os.ModeSetgid) != 0 {
-			if err := os.Chmod(path, info.Mode()); err != nil {
+			if err := system.Chmod(path, info.Mode()); err != nil {
-				return fmt.Errorf("%s: chmod(%q): %v", os.Args[0], path, err)
+				return fmt.Errorf("%s: %v", os.Args[0], err)
 			}
 		}
 		if cap != nil {
 			if err := system.Lsetxattr(path, "security.capability", cap, 0); err != nil {
-				return fmt.Errorf("%s: Lsetxattr(%q): %v", os.Args[0], path, err)
+				return fmt.Errorf("%s: %v", os.Args[0], err)
 			}
 		}
 

vendor/github.com/containers/storage/drivers/copy/copy_linux.go

@@ -12,6 +12,7 @@ package copy
 import "C"
 import (
 	"container/list"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -98,7 +99,7 @@ func legacyCopy(srcFile io.Reader, dstFile io.Writer) error {
 
 func copyXattr(srcPath, dstPath, attr string) error {
 	data, err := system.Lgetxattr(srcPath, attr)
-	if err != nil && err != unix.EOPNOTSUPP {
+	if err != nil && !errors.Is(err, unix.EOPNOTSUPP) {
 		return err
 	}
 	if data != nil {
@@ -269,7 +270,7 @@ func doCopyXattrs(srcPath, dstPath string) error {
 	}
 
 	xattrs, err := system.Llistxattr(srcPath)
-	if err != nil && err != unix.EOPNOTSUPP {
+	if err != nil && !errors.Is(err, unix.EOPNOTSUPP) {
 		return err
 	}
 

vendor/github.com/containers/storage/drivers/overlay/overlay.go

@@ -42,6 +42,8 @@ var (
 	untar = chrootarchive.UntarUncompressed
 )
 
+const defaultPerms = os.FileMode(0555)
+
 // This backend uses the overlay union filesystem for containers
 // with diff directories for each layer.
 
@@ -571,15 +573,17 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 	if err := idtools.MkdirAllAs(path.Dir(dir), 0700, rootUID, rootGID); err != nil {
 		return err
 	}
+	perms := defaultPerms
 	if parent != "" {
 		st, err := system.Stat(d.dir(parent))
 		if err != nil {
 			return err
 		}
+		perms = os.FileMode(st.Mode())
 		rootUID = int(st.UID())
 		rootGID = int(st.GID())
 	}
-	if err := idtools.MkdirAs(dir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAs(dir, perms, rootUID, rootGID); err != nil {
 		return err
 	}
 
@@ -604,7 +608,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr
 		}
 	}
 
-	if err := idtools.MkdirAs(path.Join(dir, "diff"), 0755, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAs(path.Join(dir, "diff"), perms, rootUID, rootGID); err != nil {
 		return err
 	}
 
@@ -847,7 +851,11 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
 		return "", err
 	}
 	diffN := 1
-	_, err = os.Stat(filepath.Join(dir, nameWithSuffix("diff", diffN)))
+	perms := defaultPerms
+	st, err := os.Stat(filepath.Join(dir, nameWithSuffix("diff", diffN)))
+	if err == nil {
+		perms = os.FileMode(st.Mode())
+	}
 	for err == nil {
 		absLowers = append(absLowers, filepath.Join(dir, nameWithSuffix("diff", diffN)))
 		relLowers = append(relLowers, dumbJoin(string(link), "..", nameWithSuffix("diff", diffN)))
@@ -908,7 +916,7 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
 		return "", err
 	}
 	diffDir := path.Join(dir, "diff")
-	if err := idtools.MkdirAllAs(diffDir, 0755, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAs(diffDir, perms, rootUID, rootGID); err != nil {
 		return "", err
 	}
 
@@ -1241,11 +1249,16 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp
 
 	// Rotate the diff directories.
 	i := 0
-	_, err = os.Stat(nameWithSuffix(diffDir, i))
+	perms := defaultPerms
+	st, err := os.Stat(nameWithSuffix(diffDir, i))
+	if err == nil {
+		perms = os.FileMode(st.Mode())
+	}
 	for err == nil {
 		i++
 		_, err = os.Stat(nameWithSuffix(diffDir, i))
 	}
+
 	for i > 0 {
 		err = os.Rename(nameWithSuffix(diffDir, i-1), nameWithSuffix(diffDir, i))
 		if err != nil {
@@ -1258,13 +1271,13 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp
 	// to the old upper layer in the index.
 	workDir := filepath.Join(dir, "work")
 	if err := os.RemoveAll(workDir); err == nil {
-		if err := idtools.MkdirAs(workDir, 0755, rootUID, rootGID); err != nil {
+		if err := idtools.MkdirAs(workDir, defaultPerms, rootUID, rootGID); err != nil {
 			return err
 		}
 	}
 
 	// Re-create the directory that we're going to use as the upper layer.
-	if err := idtools.MkdirAs(diffDir, 0755, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAs(diffDir, perms, rootUID, rootGID); err != nil {
 		return err
 	}
 	return nil

vendor/github.com/containers/storage/go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/Microsoft/hcsshim v0.8.9
 	github.com/docker/go-units v0.4.0
 	github.com/hashicorp/go-multierror v1.1.0
-	github.com/klauspost/compress v1.11.1
+	github.com/klauspost/compress v1.11.2
 	github.com/klauspost/pgzip v1.2.5
 	github.com/mattn/go-shellwords v1.0.10
 	github.com/mistifyio/go-zfs v2.1.1+incompatible

vendor/github.com/containers/storage/go.sum

@@ -62,8 +62,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.1 h1:bPb7nMRdOZYDrpPMTA3EInUQrdgoBinqUuSwlGdKDdE=
+github.com/klauspost/compress v1.11.2 h1:MiK62aErc3gIiVEtyzKfeOHgW7atJb5g/KNX5m3c2nQ=
-github.com/klauspost/compress v1.11.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

vendor/github.com/containers/storage/layers.go

@@ -1329,6 +1329,7 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error
 	if err != nil {
 		return -1, err
 	}
+	defer uncompressed.Close()
 	uncompressedDigest := digest.Canonical.Digester()
 	uncompressedCounter := ioutils.NewWriteCounter(uncompressedDigest.Hash())
 	uidLog := make(map[uint32]struct{})

vendor/github.com/containers/storage/pkg/archive/archive.go

@@ -139,6 +139,7 @@ func IsArchivePath(path string) bool {
 	if err != nil {
 		return false
 	}
+	defer rdr.Close()
 	r := tar.NewReader(rdr)
 	_, err = r.Next()
 	return err == nil
@@ -398,7 +399,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
 	}
 	for _, xattr := range []string{"security.capability", "security.ima"} {
 		capability, err := system.Lgetxattr(path, xattr)
-		if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform {
+		if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
 			return errors.Wrapf(err, "failed to read %q attribute from %q", xattr, path)
 		}
 		if capability != nil {
@@ -411,17 +412,17 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
 // ReadUserXattrToTarHeader reads user.* xattr from filesystem to a tar header
 func ReadUserXattrToTarHeader(path string, hdr *tar.Header) error {
 	xattrs, err := system.Llistxattr(path)
-	if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform {
+	if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
 		return err
 	}
 	for _, key := range xattrs {
 		if strings.HasPrefix(key, "user.") {
 			value, err := system.Lgetxattr(path, key)
-			if err == system.E2BIG {
+			if err != nil {
+				if errors.Is(err, system.E2BIG) {
 					logrus.Errorf("archive: Skipping xattr for file %s since value is too big: %s", path, key)
 					continue
 				}
-			if err != nil {
 				return err
 			}
 			if hdr.Xattrs == nil {
@@ -724,16 +725,16 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 		}
 	}
 
-	var errors []string
+	var errs []string
 	for key, value := range hdr.Xattrs {
 		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
-			if err == syscall.ENOTSUP || (err == syscall.EPERM && inUserns) {
+			if errors.Is(err, syscall.ENOTSUP) || (inUserns && errors.Is(err, syscall.EPERM)) {
 				// We ignore errors here because not all graphdrivers support
 				// xattrs *cough* old versions of AUFS *cough*. However only
 				// ENOTSUP should be emitted in that case, otherwise we still
 				// bail.  We also ignore EPERM errors if we are running in a
 				// user namespace.
-				errors = append(errors, err.Error())
+				errs = append(errs, err.Error())
 				continue
 			}
 			return err
@@ -741,9 +742,9 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 
 	}
 
-	if len(errors) > 0 {
+	if len(errs) > 0 {
 		logrus.WithFields(logrus.Fields{
-			"errors": errors,
+			"errors": errs,
 		}).Warn("ignored xattrs in archive: underlying filesystem doesn't support them")
 	}
 

vendor/github.com/containers/storage/pkg/archive/changes_linux.go

@@ -2,6 +2,7 @@ package archive
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -86,21 +87,21 @@ func walkchunk(path string, fi os.FileInfo, dir string, root *FileInfo) error {
 	}
 	info.stat = stat
 	info.capability, err = system.Lgetxattr(cpath, "security.capability") // lgetxattr(2): fs access
-	if err != nil && err != system.EOPNOTSUPP {
+	if err != nil && !errors.Is(err, system.EOPNOTSUPP) {
 		return err
 	}
 	xattrs, err := system.Llistxattr(cpath)
-	if err != nil && err != system.EOPNOTSUPP {
+	if err != nil && !errors.Is(err, system.EOPNOTSUPP) {
 		return err
 	}
 	for _, key := range xattrs {
 		if strings.HasPrefix(key, "user.") {
 			value, err := system.Lgetxattr(cpath, key)
-			if err == system.E2BIG {
+			if err != nil {
+				if errors.Is(err, system.E2BIG) {
 					logrus.Errorf("archive: Skipping xattr for file %s since value is too big: %s", cpath, key)
 					continue
 				}
-			if err != nil {
 				return err
 			}
 			if info.xattrs == nil {

vendor/github.com/containers/storage/pkg/system/chmod.go

@@ -0,0 +1,17 @@
+package system
+
+import (
+	"errors"
+	"os"
+	"syscall"
+)
+
+func Chmod(name string, mode os.FileMode) error {
+	err := os.Chmod(name, mode)
+
+	for err != nil && errors.Is(err, syscall.EINTR) {
+		err = os.Chmod(name, mode)
+	}
+
+	return err
+}

vendor/github.com/containers/storage/pkg/system/lchown.go

@@ -0,0 +1,20 @@
+package system
+
+import (
+	"os"
+	"syscall"
+)
+
+func Lchown(name string, uid, gid int) error {
+	err := syscall.Lchown(name, uid, gid)
+
+	for err == syscall.EINTR {
+		err = syscall.Lchown(name, uid, gid)
+	}
+
+	if err != nil {
+		return &os.PathError{Op: "lchown", Path: name, Err: err}
+	}
+
+	return nil
+}

vendor/github.com/containers/storage/pkg/system/xattrs_linux.go

@@ -2,6 +2,7 @@ package system
 
 import (
 	"bytes"
+	"os"
 
 	"golang.org/x/sys/unix"
 )
@@ -26,7 +27,7 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
 		// Buffer too small, use zero-sized buffer to get the actual size
 		sz, errno = unix.Lgetxattr(path, attr, []byte{})
 		if errno != nil {
-			return nil, errno
+			return nil, &os.PathError{Op: "lgetxattr", Path: path, Err: errno}
 		}
 		dest = make([]byte, sz)
 		sz, errno = unix.Lgetxattr(path, attr, dest)
@@ -36,7 +37,7 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
 	case errno == unix.ENODATA:
 		return nil, nil
 	case errno != nil:
-		return nil, errno
+		return nil, &os.PathError{Op: "lgetxattr", Path: path, Err: errno}
 	}
 
 	return dest[:sz], nil
@@ -45,7 +46,11 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
 // Lsetxattr sets the value of the extended attribute identified by attr
 // and associated with the given path in the file system.
 func Lsetxattr(path string, attr string, data []byte, flags int) error {
-	return unix.Lsetxattr(path, attr, data, flags)
+	if err := unix.Lsetxattr(path, attr, data, flags); err != nil {
+		return &os.PathError{Op: "lsetxattr", Path: path, Err: err}
+	}
+
+	return nil
 }
 
 // Llistxattr lists extended attributes associated with the given path
@@ -58,14 +63,14 @@ func Llistxattr(path string) ([]string, error) {
 		// Buffer too small, use zero-sized buffer to get the actual size
 		sz, errno = unix.Llistxattr(path, []byte{})
 		if errno != nil {
-			return nil, errno
+			return nil, &os.PathError{Op: "llistxattr", Path: path, Err: errno}
 		}
 
 		dest = make([]byte, sz)
 		sz, errno = unix.Llistxattr(path, dest)
 	}
 	if errno != nil {
-		return nil, errno
+		return nil, &os.PathError{Op: "llistxattr", Path: path, Err: errno}
 	}
 
 	var attrs []string

vendor/github.com/klauspost/compress/zstd/README.md

@@ -251,14 +251,14 @@ For streaming use a simple setup could look like this:
 import "github.com/klauspost/compress/zstd"
 
 func Decompress(in io.Reader, out io.Writer) error {
-    d, err := zstd.NewReader(input)
+    d, err := zstd.NewReader(in)
     if err != nil {
         return err
     }
     defer d.Close()
     
     // Copy content...
-    _, err := io.Copy(out, d)
+    _, err = io.Copy(out, d)
     return err
 }
 ```

vendor/modules.txt

@@ -166,7 +166,7 @@ github.com/containers/psgo/internal/dev
 github.com/containers/psgo/internal/host
 github.com/containers/psgo/internal/proc
 github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.23.7
+# github.com/containers/storage v1.23.8
 github.com/containers/storage
 github.com/containers/storage/drivers
 github.com/containers/storage/drivers/aufs
@@ -334,7 +334,7 @@ github.com/inconshreveable/mousetrap
 github.com/ishidawataru/sctp
 # github.com/json-iterator/go v1.1.10
 github.com/json-iterator/go
-# github.com/klauspost/compress v1.11.1
+# github.com/klauspost/compress v1.11.2
 github.com/klauspost/compress/flate
 github.com/klauspost/compress/fse
 github.com/klauspost/compress/huff0