diff --git a/go.mod b/go.mod index a808cee8d9..ab49d148b6 100644 --- a/go.mod +++ b/go.mod @@ -13,11 +13,11 @@ require ( github.com/checkpoint-restore/checkpointctl v1.3.0 github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containernetworking/plugins v1.5.1 - github.com/containers/buildah v1.39.3 - github.com/containers/common v0.62.2 + github.com/containers/buildah v1.39.4 + github.com/containers/common v0.62.3 github.com/containers/conmon v2.0.20+incompatible github.com/containers/gvisor-tap-vsock v0.8.3 - github.com/containers/image/v5 v5.34.2 + github.com/containers/image/v5 v5.34.3 github.com/containers/libhvee v0.9.0 github.com/containers/ocicrypt v1.2.1 github.com/containers/psgo v1.9.0 diff --git a/go.sum b/go.sum index fc84988202..b48572114d 100644 --- a/go.sum +++ b/go.sum @@ -76,16 +76,16 @@ github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8F github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ= github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= -github.com/containers/buildah v1.39.3 h1:JAIbtTblL6XIdhfH+/5ndSR++0yonF2409jlQ+rD8SE= -github.com/containers/buildah v1.39.3/go.mod h1:WtjZt6kqSVzibr7AVkW9QlLok6pB0jlLe2LedgmL4+s= -github.com/containers/common v0.62.2 h1:xO45OOoeq17EZMIDZoSyRqg7GXGcRHa9sXlrr75zH+U= -github.com/containers/common v0.62.2/go.mod h1:veFiR9iq2j3CHXtB4YnPHuOkSRdhIQ3bAY8AFMP/5bE= +github.com/containers/buildah v1.39.4 h1:XTL1+N9wJcSAqXUl4ReFK286QWLTIGp44jBqs9Qd2y0= +github.com/containers/buildah v1.39.4/go.mod h1:EPFAYD/27eXceT8shzWxKg+asgorc8nzrjiG9qFCqTk= +github.com/containers/common v0.62.3 h1:aOGryqXfW6aKBbHbqOveH7zB+ihavUN03X/2pUSvWFI= +github.com/containers/common v0.62.3/go.mod h1:3R8kDox2prC9uj/a2hmXj/YjZz5sBEUNrcDiw51S0Lo= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/gvisor-tap-vsock v0.8.3 h1:Am3VdjXTn8Mn+dNhgkiRcCFOTSM8u9aWKLW3KTHOGjk= github.com/containers/gvisor-tap-vsock v0.8.3/go.mod h1:46MvrqNuRNbjV4ZsZ3mHVJjR2Eh+fpyRh72EvWWFFjU= -github.com/containers/image/v5 v5.34.2 h1:3r1etun4uJYq5197tcymUcI1h6+zyzKS9PtRtBlEKMI= -github.com/containers/image/v5 v5.34.2/go.mod h1:MG++slvQSZVq5ejAcLdu4APGsKGMb0YHHnAo7X28fdE= +github.com/containers/image/v5 v5.34.3 h1:/cMgfyA4Y7ILH7nzWP/kqpkE5Df35Ek4bp5ZPvJOVmI= +github.com/containers/image/v5 v5.34.3/go.mod h1:MG++slvQSZVq5ejAcLdu4APGsKGMb0YHHnAo7X28fdE= github.com/containers/libhvee v0.9.0 h1:5UxJMka1lDfxTeITA25Pd8QVVttJAG43eQS1Getw1tc= github.com/containers/libhvee v0.9.0/go.mod h1:p44VJd8jMIx3SRN1eM6PxfCEwXQE0lJ0dQppCAlzjPQ= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index b3f4c4e33a..fe4a9b8575 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -2,6 +2,11 @@ # Changelog +## v1.39.4 (2025-03-27) + + [release-1.39] Bump c/image to v5.34.3, c/common v0.62.3 + createPlatformContainer: drop MS_REMOUNT|MS_BIND + ## v1.39.3 (2025-03-12) [release-1.39] Bump c/storage to v1.57.2, c/image v5.34.2, c/common v0.62.2 diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index 02e1abd24b..1c2be4aadb 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,3 +1,7 @@ +- Changelog for v1.39.4 (2025-03-27) + * [release-1.39] Bump c/image to v5.34.3, c/common v0.62.3 + * createPlatformContainer: drop MS_REMOUNT|MS_BIND + - Changelog for v1.39.3 (2025-03-12) * [release-1.39] Bump c/storage to v1.57.2, c/image v5.34.2, c/common v0.62.2 diff --git a/vendor/github.com/containers/buildah/chroot/run_linux.go b/vendor/github.com/containers/buildah/chroot/run_linux.go index 76900d7f0c..cd19fa0173 100644 --- a/vendor/github.com/containers/buildah/chroot/run_linux.go +++ b/vendor/github.com/containers/buildah/chroot/run_linux.go @@ -263,7 +263,7 @@ func createPlatformContainer(options runUsingChrootExecSubprocOptions) error { return fmt.Errorf("changing to host root directory: %w", err) } // make sure we only unmount things under this tree - if err := unix.Mount(".", ".", "bind", unix.MS_REMOUNT|unix.MS_BIND|unix.MS_SLAVE|unix.MS_REC, ""); err != nil { + if err := unix.Mount(".", ".", "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil { return fmt.Errorf("tweaking mount flags on host root directory before unmounting from mount namespace: %w", err) } // detach this (unnamed?) old directory diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go index d2a820b855..65b3a1bf28 100644 --- a/vendor/github.com/containers/buildah/define/types.go +++ b/vendor/github.com/containers/buildah/define/types.go @@ -29,7 +29,7 @@ const ( // identify working containers. Package = "buildah" // Version for the Package. Also used by .packit.sh for Packit builds. - Version = "1.39.3" + Version = "1.39.4" // DefaultRuntime if containers.conf fails. DefaultRuntime = "runc" diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 6487190a35..cef52d7aba 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.62.2" +const Version = "0.62.3" diff --git a/vendor/github.com/containers/image/v5/tarball/tarball_src.go b/vendor/github.com/containers/image/v5/tarball/tarball_src.go index 7d4a83bc91..283a32d0ee 100644 --- a/vendor/github.com/containers/image/v5/tarball/tarball_src.go +++ b/vendor/github.com/containers/image/v5/tarball/tarball_src.go @@ -14,8 +14,9 @@ import ( "github.com/containers/image/v5/internal/imagesource/impl" "github.com/containers/image/v5/internal/imagesource/stubs" + "github.com/containers/image/v5/pkg/compression" + compressionTypes "github.com/containers/image/v5/pkg/compression/types" "github.com/containers/image/v5/types" - "github.com/klauspost/pgzip" digest "github.com/opencontainers/go-digest" imgspecs "github.com/opencontainers/image-spec/specs-go" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" @@ -82,31 +83,47 @@ func (r *tarballReference) NewImageSource(ctx context.Context, sys *types.System } } - // Default to assuming the layer is compressed. - layerType := imgspecv1.MediaTypeImageLayerGzip - // Set up to digest the file as it is. blobIDdigester := digest.Canonical.Digester() reader = io.TeeReader(reader, blobIDdigester.Hash()) - // Set up to digest the file after we maybe decompress it. - diffIDdigester := digest.Canonical.Digester() - uncompressed, err := pgzip.NewReader(reader) - if err == nil { - // It is compressed, so the diffID is the digest of the uncompressed version - reader = io.TeeReader(uncompressed, diffIDdigester.Hash()) - } else { - // It is not compressed, so the diffID and the blobID are going to be the same - diffIDdigester = blobIDdigester - layerType = imgspecv1.MediaTypeImageLayer - uncompressed = nil - } - // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done(). - if _, err := io.Copy(io.Discard, reader); err != nil { - return nil, fmt.Errorf("error reading %q: %w", filename, err) - } - if uncompressed != nil { - uncompressed.Close() + var layerType string + var diffIDdigester digest.Digester + // If necessary, digest the file after we decompress it. + if err := func() error { // A scope for defer + format, decompressor, reader, err := compression.DetectCompressionFormat(reader) + if err != nil { + return err + } + if decompressor != nil { + uncompressed, err := decompressor(reader) + if err != nil { + return err + } + defer uncompressed.Close() + // It is compressed, so the diffID is the digest of the uncompressed version + diffIDdigester = digest.Canonical.Digester() + reader = io.TeeReader(uncompressed, diffIDdigester.Hash()) + switch format.Name() { + case compressionTypes.GzipAlgorithmName: + layerType = imgspecv1.MediaTypeImageLayerGzip + case compressionTypes.ZstdAlgorithmName: + layerType = imgspecv1.MediaTypeImageLayerZstd + default: // This is incorrect, but we have no good options, and it is what this transport was historically doing. + layerType = imgspecv1.MediaTypeImageLayerGzip + } + } else { + // It is not compressed, so the diffID and the blobID are going to be the same + diffIDdigester = blobIDdigester + layerType = imgspecv1.MediaTypeImageLayer + } + // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done(). + if _, err := io.Copy(io.Discard, reader); err != nil { + return fmt.Errorf("error reading %q: %w", filename, err) + } + return nil + }(); err != nil { + return nil, err } // Grab our uncompressed and possibly-compressed digests and sizes. diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index 6c0cc885d5..611324a2ee 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -8,7 +8,7 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 34 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 2 + VersionPatch = 3 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/modules.txt b/vendor/modules.txt index 2adcafc6e8..2652f02e13 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -147,7 +147,7 @@ github.com/containernetworking/cni/pkg/version # github.com/containernetworking/plugins v1.5.1 ## explicit; go 1.20 github.com/containernetworking/plugins/pkg/ns -# github.com/containers/buildah v1.39.3 +# github.com/containers/buildah v1.39.4 ## explicit; go 1.22.8 github.com/containers/buildah github.com/containers/buildah/bind @@ -179,7 +179,7 @@ github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/pkg/volumes github.com/containers/buildah/util -# github.com/containers/common v0.62.2 +# github.com/containers/common v0.62.3 ## explicit; go 1.22.8 github.com/containers/common/internal github.com/containers/common/internal/attributedstring @@ -252,7 +252,7 @@ github.com/containers/conmon/runner/config # github.com/containers/gvisor-tap-vsock v0.8.3 ## explicit; go 1.22.0 github.com/containers/gvisor-tap-vsock/pkg/types -# github.com/containers/image/v5 v5.34.2 +# github.com/containers/image/v5 v5.34.3 ## explicit; go 1.22.8 github.com/containers/image/v5/copy github.com/containers/image/v5/directory