vendor c/common

Update the recent events-log changes to fix the build error.

[NO NEW TESTS NEEDED] since there's no functional change.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/containernetworking/cni v1.0.1
 	github.com/containernetworking/plugins v1.1.1
 	github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057
-	github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b
+	github.com/containers/common v0.47.5-0.20220421072908-49f1a40067b2
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0
 	github.com/containers/ocicrypt v1.1.3

go.sum

@@ -356,8 +356,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19
 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 h1:lKSxhMBpcHyyQrj2QJYzcm56uiSeibRdSL2KoppF6rg=
 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057/go.mod h1:iSoopbYRb6K4b5c3hXgXNkGTI/T085t2+XiGjceud94=
 github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18/go.mod h1:Vr2Fn6EdzD6JNAbz8L8bTv3uWLv2p31Ih2O3EAK6Hyc=
-github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b h1:HVOojcjTGPke7oOh1T/Wj67DK74LBJOR6qU5uW+33zk=
+github.com/containers/common v0.47.5-0.20220421072908-49f1a40067b2 h1:NadhQUF7FRaZkDeW7xDcU3nxk7kV6b2yRmwGWDp+BNY=
-github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b/go.mod h1:nRW9288gdZqIGoRwoV23i3qO7Zznbd34sdDOBnq2GjY=
+github.com/containers/common v0.47.5-0.20220421072908-49f1a40067b2/go.mod h1:BBq6jdyjXvJh69YzQPvIuZjBho0MRdA0XGaqBnsO+1Y=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.19.2-0.20220224100137-1045fb70b094/go.mod h1:XoYK6kE0dpazFNcuS+a8lra+QfbC6s8tzv+cUuCrZpE=

libpod/events.go

@@ -15,7 +15,7 @@ func (r *Runtime) newEventer() (events.Eventer, error) {
 	options := events.EventerOptions{
 		EventerType:    r.config.Engine.EventsLogger,
 		LogFilePath:    r.config.Engine.EventsLogFilePath,
-		LogFileMaxSize: r.config.Engine.EventsLogFileMaxSize,
+		LogFileMaxSize: r.config.Engine.EventsLogMaxSize(),
 	}
 	return events.NewEventer(options)
 }

libpod/events/logfile.go

@@ -158,6 +158,10 @@ func rotateLog(logfile string, content string, limit uint64) (bool, error) {
 	}
 	file, err := os.Stat(logfile)
 	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			// The logfile does not exist yet.
+			return false, nil
+		}
 		return false, err
 	}
 	var filesize = uint64(file.Size())

vendor/github.com/containers/common/libimage/copier.go

@@ -147,15 +147,13 @@ type copier struct {
 	destinationLookup LookupReferenceFunc
 }
 
-var (
 // storageAllowedPolicyScopes overrides the policy for local storage
 // to ensure that we can read images from it.
-	storageAllowedPolicyScopes = signature.PolicyTransportScopes{
+var storageAllowedPolicyScopes = signature.PolicyTransportScopes{
 	"": []signature.PolicyRequirement{
 		signature.NewPRInsecureAcceptAnything(),
 	},
 }
-)
 
 // getDockerAuthConfig extracts a docker auth config from the CopyOptions.  Returns
 // nil if no credentials are set.

vendor/github.com/containers/common/libimage/image_config.go

@@ -95,9 +95,7 @@ func ImageConfigFromChanges(changes []string) (*ImageConfig, error) { // nolint:
 			// For now: we only support key=value
 			// We will attempt to strip quotation marks if present.
 
-			var (
+			var key, val string
-				key, val string
-			)
 
 			splitEnv := strings.SplitN(value, "=", 2)
 			key = splitEnv[0]

vendor/github.com/containers/common/libimage/inspect.go

@@ -213,7 +213,6 @@ func (i *Image) inspectInfo(ctx context.Context) (*types.ImageInspectInfo, error
 
 	ref, err := i.StorageReference()
 	if err != nil {
-
 		return nil, err
 	}
 

vendor/github.com/containers/common/libimage/manifests/copy.go

@@ -4,12 +4,10 @@ import (
 	"github.com/containers/image/v5/signature"
 )
 
-var (
 // storageAllowedPolicyScopes overrides the policy for local storage
 // to ensure that we can read images from it.
-	storageAllowedPolicyScopes = signature.PolicyTransportScopes{
+var storageAllowedPolicyScopes = signature.PolicyTransportScopes{
 	"": []signature.PolicyRequirement{
 		signature.NewPRInsecureAcceptAnything(),
 	},
 }
-)

vendor/github.com/containers/common/libimage/manifests/manifests.go

@@ -384,11 +384,9 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag
 			}
 			instanceInfo.instanceDigest = &manifestDigest
 			instanceInfo.Size = int64(len(manifestBytes))
-		} else {
+		} else if manifestDigest == "" {
-			if manifestDigest == "" {
 			manifestDigest = *instanceInfo.instanceDigest
 		}
-		}
 		err = l.List.AddInstance(*instanceInfo.instanceDigest, instanceInfo.Size, manifestType, instanceInfo.OS, instanceInfo.Architecture, instanceInfo.OSVersion, instanceInfo.OSFeatures, instanceInfo.Variant, instanceInfo.Features, instanceInfo.Annotations)
 		if err != nil {
 			return "", errors.Wrapf(err, "error adding instance with digest %q", *instanceInfo.instanceDigest)
@@ -405,10 +403,8 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag
 func (l *list) Remove(instanceDigest digest.Digest) error {
 	err := l.List.Remove(instanceDigest)
 	if err == nil {
-		if _, needToDelete := l.instances[instanceDigest]; needToDelete {
 		delete(l.instances, instanceDigest)
 	}
-	}
 	return err
 }
 

vendor/github.com/containers/common/libimage/runtime.go

@@ -74,7 +74,7 @@ func (r *Runtime) SystemContext() *types.SystemContext {
 // Returns a copy of the runtime's system context.
 func (r *Runtime) systemContextCopy() *types.SystemContext {
 	var sys types.SystemContext
-	deepcopy.Copy(&sys, &r.systemContext)
+	_ = deepcopy.Copy(&sys, &r.systemContext)
 	return &sys
 }
 

vendor/github.com/containers/common/libimage/save.go

@@ -68,7 +68,6 @@ func (r *Runtime) Save(ctx context.Context, names []string, format, path string,
 	}
 
 	return errors.Errorf("unsupported format %q for saving images", format)
-
 }
 
 // saveSingleImage saves the specified image name to the specified path.

vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go

@@ -11,7 +11,6 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
-	"syscall"
 	"time"
 
 	"github.com/containernetworking/cni/libcni"
@@ -21,6 +20,7 @@ import (
 	pkgutil "github.com/containers/common/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 func createNetworkFromCNIConfigList(conf *libcni.NetworkConfigList, confPath string) (*types.Network, error) {
@@ -45,12 +45,11 @@ func createNetworkFromCNIConfigList(conf *libcni.NetworkConfigList, confPath str
 		}
 	}
 
-	f, err := os.Stat(confPath)
+	t, err := fileTime(confPath)
 	if err != nil {
 		return nil, err
 	}
-	stat := f.Sys().(*syscall.Stat_t)
+	network.Created = t
-	network.Created = time.Unix(int64(stat.Ctim.Sec), int64(stat.Ctim.Nsec))
 
 	firstPlugin := conf.Plugins[0]
 	network.Driver = firstPlugin.Network.Type
@@ -316,16 +315,15 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
 	cniPathName := ""
 	if writeToDisk {
 		cniPathName = filepath.Join(n.cniConfigDir, network.Name+".conflist")
-		err = ioutil.WriteFile(cniPathName, b, 0644)
+		err = ioutil.WriteFile(cniPathName, b, 0o644)
 		if err != nil {
 			return nil, "", err
 		}
-		f, err := os.Stat(cniPathName)
+		t, err := fileTime(cniPathName)
 		if err != nil {
 			return nil, "", err
 		}
-		stat := f.Sys().(*syscall.Stat_t)
+		network.Created = t
-		network.Created = time.Unix(int64(stat.Ctim.Sec), int64(stat.Ctim.Nsec))
 	} else {
 		network.Created = time.Now()
 	}
@@ -424,3 +422,17 @@ func parseOptions(networkOptions map[string]string, networkDriver string) (*opti
 	}
 	return opt, nil
 }
+
+func fileTime(file string) (time.Time, error) {
+	var st unix.Stat_t
+	for {
+		err := unix.Stat(file, &st)
+		if err == nil {
+			break
+		}
+		if err != unix.EINTR { //nolint:errorlint // unix errors are bare
+			return time.Time{}, &os.PathError{Path: file, Op: "stat", Err: err}
+		}
+	}
+	return time.Unix(int64(st.Ctim.Sec), int64(st.Ctim.Nsec)), nil //nolint:unconvert // On some platforms Sec and Nsec are int32.
+}

vendor/github.com/containers/common/libnetwork/cni/config.go

@@ -17,7 +17,6 @@ import (
 
 // NetworkCreate will take a partial filled Network and fill the
 // missing fields. It creates the Network and returns the full Network.
-// nolint:gocritic
 func (n *cniNetwork) NetworkCreate(net types.Network) (types.Network, error) {
 	n.lock.Lock()
 	defer n.lock.Unlock()

vendor/github.com/containers/common/libnetwork/internal/util/util.go

@@ -109,7 +109,6 @@ func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet, subnetPools []config.Su
 		return nil, err
 	}
 	return nil, errors.New("could not find free subnet from subnet pools")
-
 }
 
 // GetFreeIPv6NetworkSubnet returns a unused ipv6 subnet

vendor/github.com/containers/common/libnetwork/netavark/config.go

@@ -19,7 +19,6 @@ import (
 
 // NetworkCreate will take a partial filled Network and fill the
 // missing fields. It creates the Network and returns the full Network.
-// nolint:gocritic
 func (n *netavarkNetwork) NetworkCreate(net types.Network) (types.Network, error) {
 	n.lock.Lock()
 	defer n.lock.Unlock()

vendor/github.com/containers/common/libnetwork/netavark/ipam.go

@@ -59,9 +59,7 @@ func newIPAMError(cause error, msg string, args ...interface{}) *ipamError {
 // openDB will open the ipam database
 // Note that the caller has to Close it.
 func (n *netavarkNetwork) openDB() (*bbolt.DB, error) {
-	// linter complains about the octal value
+	db, err := bbolt.Open(n.ipamDBPath, 0o600, nil)
-	// nolint:gocritic
-	db, err := bbolt.Open(n.ipamDBPath, 0600, nil)
 	if err != nil {
 		return nil, newIPAMError(err, "failed to open database %s", n.ipamDBPath)
 	}

vendor/github.com/containers/common/libnetwork/netavark/network.go

@@ -108,11 +108,11 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		return nil, errors.Wrap(err, "failed to parse default subnet")
 	}
 
-	if err := os.MkdirAll(conf.NetworkConfigDir, 0755); err != nil {
+	if err := os.MkdirAll(conf.NetworkConfigDir, 0o755); err != nil {
 		return nil, err
 	}
 
-	if err := os.MkdirAll(conf.NetworkRunDir, 0755); err != nil {
+	if err := os.MkdirAll(conf.NetworkRunDir, 0o755); err != nil {
 		return nil, err
 	}
 

vendor/github.com/containers/common/libnetwork/network/interface.go

@@ -121,8 +121,7 @@ func defaultNetworkBackend(store storage.Store, conf *config.Config) (backend ty
 	defer func() {
 		// only write when there is no error
 		if err == nil {
-			// nolint:gocritic
+			if err := ioutils.AtomicWriteFile(file, []byte(backend), 0o644); err != nil {
-			if err := ioutils.AtomicWriteFile(file, []byte(backend), 0644); err != nil {
 				logrus.Errorf("could not write network backend to file: %v", err)
 			}
 		}

vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go

@@ -233,7 +233,6 @@ func parseAAParserVersion(output string) (int, error) {
 	// major*10^5 + minor*10^3 + patch*10^0
 	numericVersion := majorVersion*1e5 + minorVersion*1e3 + patchLevel
 	return numericVersion, nil
-
 }
 
 // CheckProfileAndLoadDefault checks if the specified profile is loaded and

vendor/github.com/containers/common/pkg/cgroups/blkio.go

@@ -12,8 +12,7 @@ import (
 	"github.com/pkg/errors"
 )
 
-type blkioHandler struct {
+type blkioHandler struct{}
-}
 
 func getBlkioHandler() *blkioHandler {
 	return &blkioHandler{}

vendor/github.com/containers/common/pkg/cgroups/cgroups.go

@@ -265,7 +265,7 @@ func createCgroupv2Path(path string) (deferredError error) {
 	for i, e := range elements[3:] {
 		current = filepath.Join(current, e)
 		if i > 0 {
-			if err := os.Mkdir(current, 0755); err != nil {
+			if err := os.Mkdir(current, 0o755); err != nil {
 				if !os.IsExist(err) {
 					return err
 				}
@@ -281,7 +281,7 @@ func createCgroupv2Path(path string) (deferredError error) {
 		// We enable the controllers for all the path components except the last one.  It is not allowed to add
 		// PIDs if there are already enabled controllers.
 		if i < len(elements[3:])-1 {
-			if err := ioutil.WriteFile(filepath.Join(current, "cgroup.subtree_control"), res, 0755); err != nil {
+			if err := ioutil.WriteFile(filepath.Join(current, "cgroup.subtree_control"), res, 0o755); err != nil {
 				return err
 			}
 		}
@@ -323,7 +323,7 @@ func (c *CgroupControl) initialize() (err error) {
 				continue
 			}
 			path := c.getCgroupv1Path(ctr.name)
-			if err := os.MkdirAll(path, 0755); err != nil {
+			if err := os.MkdirAll(path, 0o755); err != nil {
 				return errors.Wrapf(err, "error creating cgroup path for %s", ctr.name)
 			}
 		}
@@ -343,7 +343,7 @@ func (c *CgroupControl) createCgroupDirectory(controller string) (bool, error) {
 		return false, err
 	}
 
-	if err := os.MkdirAll(cPath, 0755); err != nil {
+	if err := os.MkdirAll(cPath, 0o755); err != nil {
 		return false, errors.Wrapf(err, "error creating cgroup for %s", controller)
 	}
 	return true, nil
@@ -589,7 +589,7 @@ func (c *CgroupControl) AddPid(pid int) error {
 
 	if c.cgroup2 {
 		p := filepath.Join(cgroupRoot, c.path, "cgroup.procs")
-		if err := ioutil.WriteFile(p, pidString, 0644); err != nil {
+		if err := ioutil.WriteFile(p, pidString, 0o644); err != nil {
 			return errors.Wrapf(err, "write %s", p)
 		}
 		return nil
@@ -612,7 +612,7 @@ func (c *CgroupControl) AddPid(pid int) error {
 			continue
 		}
 		p := filepath.Join(c.getCgroupv1Path(n), "tasks")
-		if err := ioutil.WriteFile(p, pidString, 0644); err != nil {
+		if err := ioutil.WriteFile(p, pidString, 0o644); err != nil {
 			return errors.Wrapf(err, "write %s", p)
 		}
 	}

vendor/github.com/containers/common/pkg/cgroups/cpu.go

@@ -12,8 +12,7 @@ import (
 	"github.com/pkg/errors"
 )
 
-type cpuHandler struct {
+type cpuHandler struct{}
-}
 
 func getCPUHandler() *cpuHandler {
 	return &cpuHandler{}

vendor/github.com/containers/common/pkg/cgroups/cpuset.go

@@ -10,8 +10,7 @@ import (
 	"github.com/pkg/errors"
 )
 
-type cpusetHandler struct {
+type cpusetHandler struct{}
-}
 
 func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) {
 	if dir == cgroupRoot {
@@ -33,7 +32,7 @@ func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	if err := ioutil.WriteFile(path, data, 0644); err != nil {
+	if err := ioutil.WriteFile(path, data, 0o644); err != nil {
 		return nil, errors.Wrapf(err, "write %s", path)
 	}
 	return data, nil

vendor/github.com/containers/common/pkg/cgroups/pids.go

@@ -8,8 +8,7 @@ import (
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-type pidHandler struct {
+type pidHandler struct{}
-}
 
 func getPidsHandler() *pidHandler {
 	return &pidHandler{}
@@ -29,7 +28,7 @@ func (c *pidHandler) Apply(ctr *CgroupControl, res *spec.LinuxResources) error {
 	}
 
 	p := filepath.Join(PIDRoot, "pids.max")
-	return ioutil.WriteFile(p, []byte(fmt.Sprintf("%d\n", res.Pids.Limit)), 0644)
+	return ioutil.WriteFile(p, []byte(fmt.Sprintf("%d\n", res.Pids.Limit)), 0o644)
 }
 
 // Create the cgroup

vendor/github.com/containers/common/pkg/chown/chown_unix.go

@@ -41,7 +41,6 @@ func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error {
 
 			return nil
 		})
-
 		if err != nil {
 			return errors.Wrap(err, "failed to chown recursively host path")
 		}

vendor/github.com/containers/common/pkg/config/config.go

@@ -252,7 +252,7 @@ type EngineConfig struct {
 
 	// EventsLogFileMaxSize sets the maximum size for the events log. When the limit is exceeded,
 	// the logfile is rotated and the old one is deleted.
-	EventsLogFileMaxSize uint64 `toml:"events_logfile_max_size,omitempty,omitzero"`
+	EventsLogFileMaxSize eventsLogMaxSize `toml:"events_logfile_max_size,omitzero"`
 
 	// EventsLogger determines where events should be logged.
 	EventsLogger string `toml:"events_logger,omitempty"`
@@ -581,7 +581,6 @@ type Destination struct {
 // with cgroupv2v2. Other OCI runtimes are not yet supporting cgroupv2v2. This
 // might change in the future.
 func NewConfig(userConfigPath string) (*Config, error) {
-
 	// Generate the default config for the system
 	config, err := DefaultConfig()
 	if err != nil {
@@ -765,7 +764,6 @@ func (c *Config) addCAPPrefix() {
 
 // Validate is the main entry point for library configuration validation.
 func (c *Config) Validate() error {
-
 	if err := c.Containers.Validate(); err != nil {
 		return errors.Wrap(err, "validating containers config")
 	}
@@ -822,7 +820,6 @@ func (c *EngineConfig) Validate() error {
 // It returns an `error` on validation failure, otherwise
 // `nil`.
 func (c *ContainersConfig) Validate() error {
-
 	if err := c.validateUlimits(); err != nil {
 		return err
 	}
@@ -954,7 +951,6 @@ func (c *Config) GetDefaultEnvEx(envHost, httpProxy bool) []string {
 // Capabilities returns the capabilities parses the Add and Drop capability
 // list from the default capabiltiies for the container
 func (c *Config) Capabilities(user string, addCapabilities, dropCapabilities []string) ([]string, error) {
-
 	userNotRoot := func(user string) bool {
 		if user == "" || user == "root" || user == "0" {
 			return false
@@ -1014,7 +1010,7 @@ func Device(device string) (src, dst, permissions string, err error) {
 // IsValidDeviceMode checks if the mode for device is valid or not.
 // IsValid mode is a composition of r (read), w (write), and m (mknod).
 func IsValidDeviceMode(mode string) bool {
-	var legalDeviceMode = map[rune]bool{
+	legalDeviceMode := map[rune]bool{
 		'r': true,
 		'w': true,
 		'm': true,
@@ -1065,7 +1061,6 @@ func rootlessConfigPath() (string, error) {
 }
 
 func stringsEq(a, b []string) bool {
-
 	if len(a) != len(b) {
 		return false
 	}
@@ -1150,10 +1145,10 @@ func (c *Config) Write() error {
 	if err != nil {
 		return err
 	}
-	if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
 		return err
 	}
-	configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644)
+	configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0o644)
 	if err != nil {
 		return err
 	}
@@ -1266,3 +1261,33 @@ func (c *Config) setupEnv() error {
 	}
 	return nil
 }
+
+// eventsLogMaxSize is the type used by EventsLogFileMaxSize
+type eventsLogMaxSize uint64
+
+// UnmarshalText parses the JSON encoding of eventsLogMaxSize and
+// stores it in a value.
+func (e *eventsLogMaxSize) UnmarshalText(text []byte) error {
+	// REMOVE once writing works
+	if string(text) == "" {
+		return nil
+	}
+	val, err := units.FromHumanSize((string(text)))
+	if err != nil {
+		return err
+	}
+	if val < 0 {
+		return fmt.Errorf("events log file max size cannot be negative: %s", string(text))
+	}
+	*e = eventsLogMaxSize(uint64(val))
+	return nil
+}
+
+// MarshalText returns the JSON encoding of eventsLogMaxSize.
+func (e eventsLogMaxSize) MarshalText() ([]byte, error) {
+	if uint64(e) == DefaultEventsLogSizeMax || e == 0 {
+		v := []byte{}
+		return v, nil
+	}
+	return []byte(fmt.Sprintf("%d", e)), nil
+}

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -373,11 +373,14 @@ default_sysctls = [
 # Define where event logs will be stored, when events_logger is "file".
 #events_logfile_path=""
 
-# Sets the maximum size for events_logfile_path in bytes. When the limit is exceeded,
+# Sets the maximum size for events_logfile_path.
-# the logfile will be rotated and the old one will be deleted.
+# The size can be b (bytes), k (kilobytes), m (megabytes), or g (gigabytes).
+# The format for the size is `<number><unit>`, e.g., `1b` or `3g`.
+# If no unit is included then the size will be read in bytes.
+# When the limit is exceeded, the logfile will be rotated and the old one will be deleted.
 # If the maximum size is set to 0, then no limit will be applied,
 # and the logfile will not be rotated.
-#events_logfile_max_size = 0
+#events_logfile_max_size = "1m"
 
 # Selects which logging mechanism to use for container engine events.
 # Valid values are `journald`, `file` and `none`.
@@ -641,3 +644,4 @@ default_sysctls = [
 # TOML does not provide a way to end a table other than a further table being
 # defined, so every key hereafter will be part of [machine] and not the
 # main config.
+

vendor/github.com/containers/common/pkg/config/default.go

@@ -109,7 +109,6 @@ func parseSubnetPool(subnet string, size int) SubnetPool {
 		Base: &nettypes.IPNet{IPNet: *n},
 		Size: size,
 	}
-
 }
 
 const (
@@ -128,6 +127,9 @@ const (
 	// DefaultLogSizeMax is the default value for the maximum log size
 	// allowed for a container. Negative values mean that no limit is imposed.
 	DefaultLogSizeMax = -1
+	// DefaultEventsLogSize is the default value for the maximum events log size
+	// before rotation.
+	DefaultEventsLogSizeMax = uint64(1000000)
 	// DefaultPidsLimit is the default value for maximum number of processes
 	// allowed inside a container
 	DefaultPidsLimit = 2048
@@ -156,7 +158,6 @@ const (
 
 // DefaultConfig defines the default values from containers.conf
 func DefaultConfig() (*Config, error) {
-
 	defaultEngineConfig, err := defaultConfigFromMemory()
 	if err != nil {
 		return nil, err
@@ -263,6 +264,8 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 
 	c.EventsLogFilePath = filepath.Join(c.TmpDir, "events", "events.log")
 
+	c.EventsLogFileMaxSize = eventsLogMaxSize(DefaultEventsLogSizeMax)
+
 	c.CompatAPIEnforceDockerHub = true
 
 	if path, ok := os.LookupEnv("CONTAINERS_STORAGE_CONF"); ok {
@@ -399,10 +402,10 @@ func defaultTmpDir() (string, error) {
 	}
 	libpodRuntimeDir := filepath.Join(runtimeDir, "libpod")
 
-	if err := os.Mkdir(libpodRuntimeDir, 0700|os.ModeSticky); err != nil {
+	if err := os.Mkdir(libpodRuntimeDir, 0o700|os.ModeSticky); err != nil {
 		if !os.IsExist(err) {
 			return "", err
-		} else if err := os.Chmod(libpodRuntimeDir, 0700|os.ModeSticky); err != nil {
+		} else if err := os.Chmod(libpodRuntimeDir, 0o700|os.ModeSticky); err != nil {
 			// The directory already exist, just set the sticky bit
 			return "", errors.Wrap(err, "set sticky bit on")
 		}
@@ -466,6 +469,10 @@ func (c *Config) NetNS() string {
 	return c.Containers.NetNS
 }
 
+func (c EngineConfig) EventsLogMaxSize() uint64 {
+	return uint64(c.EventsLogFileMaxSize)
+}
+
 // SecurityOptions returns the default security options
 func (c *Config) SecurityOptions() []string {
 	securityOpts := []string{}

vendor/github.com/containers/common/pkg/config/systemd.go

@@ -58,7 +58,6 @@ func useSystemd() bool {
 			val := strings.TrimSuffix(string(dat), "\n")
 			usesSystemd = (val == "systemd")
 		}
-		return
 	})
 	return usesSystemd
 }
@@ -82,7 +81,6 @@ func useJournald() bool {
 				}
 			}
 		}
-		return
 	})
 	return usesJournald
 }

vendor/github.com/containers/common/pkg/manifests/manifests.go

@@ -16,31 +16,22 @@ import (
 type List interface {
 	AddInstance(manifestDigest digest.Digest, manifestSize int64, manifestType, os, architecture, osVersion string, osFeatures []string, variant string, features []string, annotations []string) error
 	Remove(instanceDigest digest.Digest) error
-
 	SetURLs(instanceDigest digest.Digest, urls []string) error
 	URLs(instanceDigest digest.Digest) ([]string, error)
-
 	SetAnnotations(instanceDigest *digest.Digest, annotations map[string]string) error
 	Annotations(instanceDigest *digest.Digest) (map[string]string, error)
-
 	SetOS(instanceDigest digest.Digest, os string) error
 	OS(instanceDigest digest.Digest) (string, error)
-
 	SetArchitecture(instanceDigest digest.Digest, arch string) error
 	Architecture(instanceDigest digest.Digest) (string, error)
-
 	SetOSVersion(instanceDigest digest.Digest, osVersion string) error
 	OSVersion(instanceDigest digest.Digest) (string, error)
-
 	SetVariant(instanceDigest digest.Digest, variant string) error
 	Variant(instanceDigest digest.Digest) (string, error)
-
 	SetFeatures(instanceDigest digest.Digest, features []string) error
 	Features(instanceDigest digest.Digest) ([]string, error)
-
 	SetOSFeatures(instanceDigest digest.Digest, osFeatures []string) error
 	OSFeatures(instanceDigest digest.Digest) ([]string, error)
-
 	Serialize(mimeType string) ([]byte, error)
 	Instances() []digest.Digest
 	OCIv1() *v1.Index
@@ -81,7 +72,7 @@ func Create() List {
 
 // AddInstance adds an entry for the specified manifest digest, with assorted
 // additional information specified in parameters, to the list or index.
-func (l *list) AddInstance(manifestDigest digest.Digest, manifestSize int64, manifestType, osName, architecture, osVersion string, osFeatures []string, variant string, features []string, annotations []string) error {
+func (l *list) AddInstance(manifestDigest digest.Digest, manifestSize int64, manifestType, osName, architecture, osVersion string, osFeatures []string, variant string, features, annotations []string) error {
 	if err := l.Remove(manifestDigest); err != nil && !os.IsNotExist(errors.Cause(err)) {
 		return err
 	}
@@ -451,38 +442,37 @@ func (l *list) preferOCI() bool {
 // Serialize encodes the list using the specified format, or by selecting one
 // which it thinks is appropriate.
 func (l *list) Serialize(mimeType string) ([]byte, error) {
-	var manifestBytes []byte
+	var (
+		res []byte
+		err error
+	)
 	switch mimeType {
 	case "":
 		if l.preferOCI() {
-			manifest, err := json.Marshal(&l.oci)
+			res, err = json.Marshal(&l.oci)
 			if err != nil {
 				return nil, errors.Wrapf(err, "error marshalling OCI image index")
 			}
-			manifestBytes = manifest
 		} else {
-			manifest, err := json.Marshal(&l.docker)
+			res, err = json.Marshal(&l.docker)
 			if err != nil {
 				return nil, errors.Wrapf(err, "error marshalling Docker manifest list")
 			}
-			manifestBytes = manifest
 		}
 	case v1.MediaTypeImageIndex:
-		manifest, err := json.Marshal(&l.oci)
+		res, err = json.Marshal(&l.oci)
 		if err != nil {
 			return nil, errors.Wrapf(err, "error marshalling OCI image index")
 		}
-		manifestBytes = manifest
 	case manifest.DockerV2ListMediaType:
-		manifest, err := json.Marshal(&l.docker)
+		res, err = json.Marshal(&l.docker)
 		if err != nil {
 			return nil, errors.Wrapf(err, "error marshalling Docker manifest list")
 		}
-		manifestBytes = manifest
 	default:
 		return nil, errors.Wrapf(ErrManifestTypeNotSupported, "serializing list to type %q not implemented", mimeType)
 	}
-	return manifestBytes, nil
+	return res, nil
 }
 
 // Instances returns the list of image instances mentioned in this list.

vendor/github.com/containers/common/pkg/netns/netns_linux.go

@@ -71,7 +71,7 @@ func NewNSWithName(name string) (ns.NetNS, error) {
 	// Create the directory for mounting network namespaces
 	// This needs to be a shared mountpoint in case it is mounted in to
 	// other namespaces (containers)
-	err = os.MkdirAll(nsRunDir, 0755)
+	err = os.MkdirAll(nsRunDir, 0o755)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/containers/common/pkg/parse/parse.go

@@ -141,7 +141,7 @@ func Device(device string) (src, dest, permissions string, err error) {
 // isValidDeviceMode checks if the mode for device is valid or not.
 // isValid mode is a composition of r (read), w (write), and m (mknod).
 func isValidDeviceMode(mode string) bool {
-	var legalDeviceMode = map[rune]bool{
+	legalDeviceMode := map[rune]bool{
 		'r': true,
 		'w': true,
 		'm': true,

vendor/github.com/containers/common/pkg/report/template.go

@@ -40,14 +40,14 @@ var DefaultFuncs = FuncMap{
 		buf := new(bytes.Buffer)
 		enc := json.NewEncoder(buf)
 		enc.SetEscapeHTML(false)
-		enc.Encode(v)
+		_ = enc.Encode(v)
 		// Remove the trailing new line added by the encoder
 		return strings.TrimSpace(buf.String())
 	},
 	"lower":    strings.ToLower,
 	"pad":      padWithSpace,
 	"split":    strings.Split,
-	"title":    strings.Title,
+	"title":    strings.Title, //nolint:staticcheck
 	"truncate": truncateWithLength,
 	"upper":    strings.ToUpper,
 }

vendor/github.com/containers/common/pkg/seccomp/seccomp_linux.go

@@ -112,7 +112,7 @@ func setupSeccomp(config *Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error)
 	newConfig := &specs.LinuxSeccomp{}
 
 	var arch string
-	var native, err = libseccomp.GetNativeArch()
+	native, err := libseccomp.GetNativeArch()
 	if err == nil {
 		arch = native.String()
 	}

vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go

@@ -34,7 +34,7 @@ func NewDriver(rootPath string) (*Driver, error) {
 	fileDriver := new(Driver)
 	fileDriver.secretsDataFilePath = filepath.Join(rootPath, secretsDataFile)
 	// the lockfile functions require that the rootPath dir is executable
-	if err := os.MkdirAll(rootPath, 0700); err != nil {
+	if err := os.MkdirAll(rootPath, 0o700); err != nil {
 		return nil, err
 	}
 
@@ -95,7 +95,7 @@ func (d *Driver) Store(id string, data []byte) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0600)
+	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
@@ -119,7 +119,7 @@ func (d *Driver) Delete(id string) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0600)
+	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}

vendor/github.com/containers/common/pkg/secrets/secrets.go

@@ -102,7 +102,7 @@ func NewManager(rootPath string) (*SecretsManager, error) {
 		return nil, errors.Wrapf(errInvalidPath, "path must be absolute: %s", rootPath)
 	}
 	// the lockfile functions require that the rootPath dir is executable
-	if err := os.MkdirAll(rootPath, 0700); err != nil {
+	if err := os.MkdirAll(rootPath, 0o700); err != nil {
 		return nil, err
 	}
 
@@ -237,7 +237,6 @@ func (s *SecretsManager) List() ([]Secret, error) {
 	var ls []Secret
 	for _, v := range secrets {
 		ls = append(ls, v)
-
 	}
 	return ls, nil
 }

vendor/github.com/containers/common/pkg/secrets/secretsdb.go

@@ -177,7 +177,7 @@ func (s *SecretsManager) store(entry *Secret) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0600)
+	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
@@ -203,7 +203,7 @@ func (s *SecretsManager) delete(nameOrID string) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0600)
+	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}

vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go

@@ -262,7 +262,6 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string
 				data, err := readFileOrDir("", hostDirOrFile, mode.Perm())
 				if err != nil {
 					return nil, err
-
 				}
 				for _, s := range data {
 					if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), s.dirMode); err != nil {
@@ -313,7 +312,7 @@ func addFIPSModeSubscription(mounts *[]rspec.Mount, containerRunDir, mountPoint,
 	subscriptionsDir := "/run/secrets"
 	ctrDirOnHost := filepath.Join(containerRunDir, subscriptionsDir)
 	if _, err := os.Stat(ctrDirOnHost); os.IsNotExist(err) {
-		if err = idtools.MkdirAllAs(ctrDirOnHost, 0755, uid, gid); err != nil { //nolint
+		if err = idtools.MkdirAllAs(ctrDirOnHost, 0o755, uid, gid); err != nil { //nolint
 			return err
 		}
 		if err = label.Relabel(ctrDirOnHost, mountLabel, false); err != nil {

vendor/github.com/containers/common/pkg/sysinfo/sysinfo_solaris.go

@@ -64,7 +64,6 @@ func New(quiet bool) *SysInfo {
 
 // setCgroupMem reads the memory information for Solaris.
 func setCgroupMem(quiet bool) cgroupMemInfo {
-
 	return cgroupMemInfo{
 		MemoryLimit:       true,
 		SwapLimit:         true,
@@ -77,7 +76,6 @@ func setCgroupMem(quiet bool) cgroupMemInfo {
 
 // setCgroupCPU reads the cpu information for Solaris.
 func setCgroupCPU(quiet bool) cgroupCPUInfo {
-
 	return cgroupCPUInfo{
 		CPUShares:          true,
 		CPUCfsPeriod:       false,
@@ -89,7 +87,6 @@ func setCgroupCPU(quiet bool) cgroupCPUInfo {
 
 // blkio switches are not supported in Solaris.
 func setCgroupBlkioInfo(quiet bool) cgroupBlkioInfo {
-
 	return cgroupBlkioInfo{
 		BlkioWeight:       false,
 		BlkioWeightDevice: false,
@@ -98,7 +95,6 @@ func setCgroupBlkioInfo(quiet bool) cgroupBlkioInfo {
 
 // setCgroupCPUsetInfo reads the cpuset information for Solaris.
 func setCgroupCPUsetInfo(quiet bool) cgroupCpusetInfo {
-
 	return cgroupCpusetInfo{
 		Cpuset: true,
 		Cpus:   getCPUCount(),

vendor/github.com/containers/common/pkg/timetype/timestamp.go

@@ -34,13 +34,14 @@ func GetTimestamp(value string, reference time.Time) (string, error) {
 	// if the string has a Z or a + or three dashes use parse otherwise use parseinlocation
 	parseInLocation := !(strings.ContainsAny(value, "zZ+") || strings.Count(value, "-") == 3)
 
-	if strings.Contains(value, ".") { // nolint:gocritic
+	switch {
+	case strings.Contains(value, "."):
 		if parseInLocation {
 			format = rFC3339NanoLocal
 		} else {
 			format = time.RFC3339Nano
 		}
-	} else if strings.Contains(value, "T") {
+	case strings.Contains(value, "T"):
 		// we want the number of colons in the T portion of the timestamp
 		tcolons := strings.Count(value, ":")
 		// if parseInLocation is off and we have a +/- zone offset (not Z) then
@@ -68,9 +69,9 @@ func GetTimestamp(value string, reference time.Time) (string, error) {
 				format = time.RFC3339
 			}
 		}
-	} else if parseInLocation {
+	case parseInLocation:
 		format = dateLocal
-	} else {
+	default:
 		format = dateWithZone
 	}
 
@@ -112,7 +113,7 @@ func ParseTimestamps(value string, def int64) (secs, nanoSecs int64, err error)
 	return parseTimestamp(value)
 }
 
-func parseTimestamp(value string) (int64, int64, error) { // nolint:gocritic
+func parseTimestamp(value string) (int64, int64, error) {
 	sa := strings.SplitN(value, ".", 2)
 	s, err := strconv.ParseInt(sa[0], 10, 64)
 	if err != nil {

vendor/github.com/containers/common/pkg/umask/umask_unix.go

@@ -10,8 +10,8 @@ import (
 )
 
 func Check() {
-	oldUmask := syscall.Umask(0022) //nolint
+	oldUmask := syscall.Umask(0o022) //nolint
-	if (oldUmask & ^0022) != 0 {
+	if (oldUmask & ^0o022) != 0 {
 		logrus.Debugf("umask value too restrictive.  Forcing it to 022")
 	}
 }

vendor/github.com/containers/common/pkg/util/util_supported.go

@@ -1,5 +1,5 @@
-//go:build linux || darwin
+//go:build linux || darwin || freebsd
-// +build linux darwin
+// +build linux darwin freebsd
 
 package util
 
@@ -23,7 +23,7 @@ var (
 // isWriteableOnlyByOwner checks that the specified permission mask allows write
 // access only to the owner.
 func isWriteableOnlyByOwner(perm os.FileMode) bool {
-	return (perm & 0722) == 0700
+	return (perm & 0o722) == 0o700
 }
 
 // GetRuntimeDir returns the runtime directory
@@ -46,7 +46,7 @@ func GetRuntimeDir() (string, error) {
 		uid := fmt.Sprintf("%d", unshare.GetRootlessUID())
 		if runtimeDir == "" {
 			tmpDir := filepath.Join("/run", "user", uid)
-			if err := os.MkdirAll(tmpDir, 0700); err != nil {
+			if err := os.MkdirAll(tmpDir, 0o700); err != nil {
 				logrus.Debugf("unable to make temp dir: %v", err)
 			}
 			st, err := os.Stat(tmpDir)
@@ -56,7 +56,7 @@ func GetRuntimeDir() (string, error) {
 		}
 		if runtimeDir == "" {
 			tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("podman-run-%s", uid))
-			if err := os.MkdirAll(tmpDir, 0700); err != nil {
+			if err := os.MkdirAll(tmpDir, 0o700); err != nil {
 				logrus.Debugf("unable to make temp dir %v", err)
 			}
 			st, err := os.Stat(tmpDir)

vendor/modules.txt

@@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/util
-# github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b
+# github.com/containers/common v0.47.5-0.20220421072908-49f1a40067b2
 ## explicit
 github.com/containers/common/libimage
 github.com/containers/common/libimage/manifests