Merge pull request #1649 from mtrmac/gpgme-native-pkg-config

Stop calling gpgme-config

Makefile

@@ -2,14 +2,6 @@
 
 export GOPROXY=https://proxy.golang.org
 
-# On some platforms (eg. macOS, FreeBSD) gpgme is installed in /usr/local/ but /usr/local/include/ is
-# not in the default search path. Rather than hard-code this directory, use gpgme-config.
-# Sadly that must be done at the top-level user instead of locally in the gpgme subpackage, because cgo
-# supports only pkg-config, not general shell scripts, and gpgme does not install a pkg-config file.
-# If gpgme is not installed or gpgme-config can’t be found for other reasons, the error is silently ignored
-# (and the user will probably find out because the cgo compilation will fail).
-GPGME_ENV := CGO_CFLAGS="$(shell gpgme-config --cflags 2>/dev/null)" CGO_LDFLAGS="$(shell gpgme-config --libs 2>/dev/null)"
-
 # The following variables very roughly follow https://www.gnu.org/prep/standards/standards.html#Makefile-Conventions .
 DESTDIR ?=
 PREFIX ?= /usr/local
@@ -144,7 +136,7 @@ binary: cmd/skopeo
 # Build w/o using containers
 .PHONY: bin/skopeo
 bin/skopeo:
-	$(GPGME_ENV) $(GO) build $(MOD_VENDOR) ${GO_DYN_FLAGS} ${SKOPEO_LDFLAGS} -gcflags "$(GOGCFLAGS)" -tags "$(BUILDTAGS)" -o $@ ./cmd/skopeo
+	$(GO) build $(MOD_VENDOR) ${GO_DYN_FLAGS} ${SKOPEO_LDFLAGS} -gcflags "$(GOGCFLAGS)" -tags "$(BUILDTAGS)" -o $@ ./cmd/skopeo
 bin/skopeo.%:
 	GOOS=$(word 2,$(subst ., ,$@)) GOARCH=$(word 3,$(subst ., ,$@)) $(GO) build $(MOD_VENDOR) ${SKOPEO_LDFLAGS} -tags "containers_image_openpgp $(BUILDTAGS)" -o $@ ./cmd/skopeo
 local-cross: bin/skopeo.darwin.amd64 bin/skopeo.linux.arm bin/skopeo.linux.arm64 bin/skopeo.windows.386.exe bin/skopeo.windows.amd64.exe
@@ -247,7 +239,7 @@ validate-docs:
 	hack/xref-helpmsgs-manpages
 
 test-unit-local: bin/skopeo
-	$(GPGME_ENV) $(GO) test $(MOD_VENDOR) -tags "$(BUILDTAGS)" $$($(GO) list $(MOD_VENDOR) -tags "$(BUILDTAGS)" -e ./... | grep -v '^github\.com/containers/skopeo/\(integration\|vendor/.*\)$$')
+	$(GO) test $(MOD_VENDOR) -tags "$(BUILDTAGS)" $$($(GO) list $(MOD_VENDOR) -tags "$(BUILDTAGS)" -e ./... | grep -v '^github\.com/containers/skopeo/\(integration\|vendor/.*\)$$')
 
 vendor:
 	$(GO) mod tidy

cmd/skopeo/cgo_pthread_ordering_workaround.go

@@ -1,35 +0,0 @@
-//go:build !containers_image_openpgp
-// +build !containers_image_openpgp
-
-package main
-
-/*
-This is a pretty horrible workaround.  Due to a glibc bug
-https://bugzilla.redhat.com/show_bug.cgi?id=1326903 , we must ensure we link
-with -lgpgme before -lpthread.  Such arguments come from various packages
-using cgo, and the ordering of these arguments is, with current (go tool link),
-dependent on the order in which the cgo-using packages are found in a
-breadth-first search following dependencies, starting from “main”.
-
-Thus, if
-   import "net"
-is processed before
-   import "…/skopeo/signature"
-it will, in the next level of the BFS, pull in "runtime/cgo" (a dependency of
-"net") before "mtrmac/gpgme" (a dependency of "…/skopeo/signature"), causing
--lpthread (used by "runtime/cgo") to be used before -lgpgme.
-
-This might be possible to work around by careful import ordering, or by removing
-a direct dependency on "net", but that would be very fragile.
-
-So, until the above bug is fixed, add -lgpgme directly in the "main" package
-to ensure the needed build order.
-
-Unfortunately, this workaround needs to be applied at the top level of any user
-of "…/skopeo/signature"; it cannot be added to "…/skopeo/signature" itself,
-by that time this package is first processed by the linker, a -lpthread may
-already be queued and it would be too late.
-*/
-
-// #cgo LDFLAGS: -lgpgme
-import "C"

go.mod

@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/containers/common v0.48.0
-	github.com/containers/image/v5 v5.21.1
+	github.com/containers/image/v5 v5.21.2-0.20220519193817-1e26896b8059
 	github.com/containers/ocicrypt v1.1.4
 	github.com/containers/storage v1.41.0
 	github.com/docker/docker v20.10.16+incompatible

go.sum

@@ -272,8 +272,9 @@ github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNB
 github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
 github.com/containers/common v0.48.0 h1:997nnXBZ+eNpfSM7L4SxhhZubQrfEyw3jRyNMTSsNlw=
 github.com/containers/common v0.48.0/go.mod h1:zPLZCfLXfnd1jI0QRsD4By54fP4k1+ifQs+tulIe3o0=
-github.com/containers/image/v5 v5.21.1 h1:Cr3zw2f0FZs4SCkdGlc8SN/mpcmg2AKG4OUuDbeGS/Q=
 github.com/containers/image/v5 v5.21.1/go.mod h1:zl35egpcDQa79IEXIuoUe1bW+D1pdxRxYjNlyb3YiXw=
+github.com/containers/image/v5 v5.21.2-0.20220519193817-1e26896b8059 h1:/FzsjrQ2nJtMom9IXEGieORlwUk/NyDuuz5SWcNo324=
+github.com/containers/image/v5 v5.21.2-0.20220519193817-1e26896b8059/go.mod h1:KntCBNQn3qOuZmQuJ38ORyTozmWXiuo05Vef2S0Sm5M=
 github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU=
 github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
@@ -781,8 +782,9 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/proglottis/gpgme v0.1.1 h1:72xI0pt/hy7pqsRxk32KExITkXp+RZErRizsA+up/lQ=
 github.com/proglottis/gpgme v0.1.1/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0=
+github.com/proglottis/gpgme v0.1.2 h1:dKlhDqJ0kdEt+YHCD8FQEUdF9cJj/+mbJUNyUGNAEzY=
+github.com/proglottis/gpgme v0.1.2/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0=
 github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=

vendor/github.com/containers/image/v5/copy/copy.go

@@ -305,7 +305,7 @@ func Image(ctx context.Context, policyContext *signature.PolicyContext, destRef,
 		unparsedInstance := image.UnparsedInstance(rawSource, &instanceDigest)
 
 		if copiedManifest, _, _, err = c.copyOneImage(ctx, policyContext, options, unparsedToplevel, unparsedInstance, nil); err != nil {
-			return nil, err
+			return nil, errors.Wrap(err, "copying system image from manifest list")
 		}
 	} else { /* options.ImageListSelection == CopyAllImages or options.ImageListSelection == CopySpecificImages, */
 		// If we were asked to copy multiple images and can't, that's an error.
@@ -501,7 +501,7 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur
 		unparsedInstance := image.UnparsedInstance(c.rawSource, &instanceDigest)
 		updatedManifest, updatedManifestType, updatedManifestDigest, err := c.copyOneImage(ctx, policyContext, options, unparsedToplevel, unparsedInstance, &instanceDigest)
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrapf(err, "copying image %d/%d from manifest list", instancesCopied+1, imagesToCopy)
 		}
 		instancesCopied++
 		// Record the result of a possible conversion here.

vendor/github.com/containers/image/v5/docker/docker_client.go

@@ -61,8 +61,8 @@ type certPath struct {
 var (
 	homeCertDir     = filepath.FromSlash(".config/containers/certs.d")
 	perHostCertDirs = []certPath{
-		{path: "/etc/containers/certs.d", absolute: true},
-		{path: "/etc/docker/certs.d", absolute: true},
+		{path: etcDir + "/containers/certs.d", absolute: true},
+		{path: etcDir + "/docker/certs.d", absolute: true},
 	}
 
 	defaultUserAgent = "containers/" + version.Version + " (github.com/containers/image)"

vendor/github.com/containers/image/v5/docker/docker_image_src.go

@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"regexp"
 	"strconv"
 	"strings"
 	"sync"
@@ -343,12 +344,16 @@ func handle206Response(streams chan io.ReadCloser, errs chan error, body io.Read
 	buffered := makeBufferedNetworkReader(body, 64, 16384)
 	defer buffered.Close()
 	mr := multipart.NewReader(buffered, boundary)
+	parts := 0
 	for {
 		p, err := mr.NextPart()
 		if err != nil {
 			if err != io.EOF {
 				errs <- err
 			}
+			if parts != len(chunks) {
+				errs <- errors.Errorf("invalid number of chunks returned by the server")
+			}
 			return
 		}
 		s := signalCloseReader{
@@ -359,9 +364,34 @@ func handle206Response(streams chan io.ReadCloser, errs chan error, body io.Read
 		// NextPart() cannot be called while the current part
 		// is being read, so wait until it is closed
 		<-s.closed
+		parts++
 	}
 }
 
+var multipartByteRangesRe = regexp.MustCompile("multipart/byteranges; boundary=([A-Za-z-0-9:]+)")
+
+func parseMediaType(contentType string) (string, map[string]string, error) {
+	mediaType, params, err := mime.ParseMediaType(contentType)
+	if err != nil {
+		if err == mime.ErrInvalidMediaParameter {
+			// CloudFront returns an invalid MIME type, that contains an unquoted ":" in the boundary
+			// param, let's handle it here.
+			matches := multipartByteRangesRe.FindStringSubmatch(contentType)
+			if len(matches) == 2 {
+				mediaType = "multipart/byteranges"
+				params = map[string]string{
+					"boundary": matches[1],
+				}
+				err = nil
+			}
+		}
+		if err != nil {
+			return "", nil, err
+		}
+	}
+	return mediaType, params, err
+}
+
 // GetBlobAt returns a sequential channel of readers that contain data for the requested
 // blob chunks, and a channel that might get a single error value.
 // The specified chunks must be not overlapping and sorted by their offset.
@@ -397,7 +427,7 @@ func (s *dockerImageSource) GetBlobAt(ctx context.Context, info types.BlobInfo,
 		go splitHTTP200ResponseToPartial(streams, errs, res.Body, chunks)
 		return streams, errs, nil
 	case http.StatusPartialContent:
-		mediaType, params, err := mime.ParseMediaType(res.Header.Get("Content-Type"))
+		mediaType, params, err := parseMediaType(res.Header.Get("Content-Type"))
 		if err != nil {
 			return nil, nil, err
 		}

vendor/github.com/containers/image/v5/docker/lookaside.go

@@ -25,7 +25,7 @@ var systemRegistriesDirPath = builtinRegistriesDirPath
 
 // builtinRegistriesDirPath is the path to registries.d.
 // DO NOT change this, instead see systemRegistriesDirPath above.
-const builtinRegistriesDirPath = "/etc/containers/registries.d"
+const builtinRegistriesDirPath = etcDir + "/containers/registries.d"
 
 // userRegistriesDirPath is the path to the per user registries.d.
 var userRegistriesDir = filepath.FromSlash(".config/containers/registries.d")

vendor/github.com/containers/image/v5/docker/paths_common.go

@@ -0,0 +1,6 @@
+//go:build !freebsd
+// +build !freebsd
+
+package docker
+
+const etcDir = "/etc"

vendor/github.com/containers/image/v5/docker/paths_freebsd.go

@@ -0,0 +1,6 @@
+//go:build freebsd
+// +build freebsd
+
+package docker
+
+const etcDir = "/usr/local/etc"

vendor/github.com/containers/image/v5/image/docker_list.go

@@ -19,7 +19,7 @@ func manifestSchema2FromManifestList(ctx context.Context, sys *types.SystemConte
 	}
 	manblob, mt, err := src.GetManifest(ctx, &targetManifestDigest)
 	if err != nil {
-		return nil, errors.Wrapf(err, "loading manifest for target platform")
+		return nil, errors.Wrapf(err, "fetching target platform image selected from manifest list")
 	}
 
 	matches, err := manifest.MatchesDigest(manblob, targetManifestDigest)

vendor/github.com/containers/image/v5/image/oci_index.go

@@ -19,7 +19,7 @@ func manifestOCI1FromImageIndex(ctx context.Context, sys *types.SystemContext, s
 	}
 	manblob, mt, err := src.GetManifest(ctx, &targetManifestDigest)
 	if err != nil {
-		return nil, errors.Wrapf(err, "loading manifest for target platform")
+		return nil, errors.Wrapf(err, "fetching target platform image selected from image index")
 	}
 
 	matches, err := manifest.MatchesDigest(manblob, targetManifestDigest)

vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_common.go

@@ -0,0 +1,12 @@
+//go:build !freebsd
+// +build !freebsd
+
+package sysregistriesv2
+
+// builtinRegistriesConfPath is the path to the registry configuration file.
+// DO NOT change this, instead see systemRegistriesConfPath above.
+const builtinRegistriesConfPath = "/etc/containers/registries.conf"
+
+// builtinRegistriesConfDirPath is the path to the registry configuration directory.
+// DO NOT change this, instead see systemRegistriesConfDirectoryPath above.
+const builtinRegistriesConfDirPath = "/etc/containers/registries.conf.d"

vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_freebsd.go

@@ -0,0 +1,12 @@
+//go:build freebsd
+// +build freebsd
+
+package sysregistriesv2
+
+// builtinRegistriesConfPath is the path to the registry configuration file.
+// DO NOT change this, instead see systemRegistriesConfPath above.
+const builtinRegistriesConfPath = "/usr/local/etc/containers/registries.conf"
+
+// builtinRegistriesConfDirPath is the path to the registry configuration directory.
+// DO NOT change this, instead see systemRegistriesConfDirectoryPath above.
+const builtinRegistriesConfDirPath = "/usr/local/etc/containers/registries.conf.d"

vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go

@@ -25,20 +25,12 @@ import (
 // -ldflags '-X github.com/containers/image/v5/sysregistries.systemRegistriesConfPath=$your_path'
 var systemRegistriesConfPath = builtinRegistriesConfPath
 
-// builtinRegistriesConfPath is the path to the registry configuration file.
-// DO NOT change this, instead see systemRegistriesConfPath above.
-const builtinRegistriesConfPath = "/etc/containers/registries.conf"
-
 // systemRegistriesConfDirPath is the path to the system-wide registry
 // configuration directory and is used to add/subtract potential registries for
 // obtaining images.  You can override this at build time with
 // -ldflags '-X github.com/containers/image/v5/sysregistries.systemRegistriesConfDirectoryPath=$your_path'
 var systemRegistriesConfDirPath = builtinRegistriesConfDirPath
 
-// builtinRegistriesConfDirPath is the path to the registry configuration directory.
-// DO NOT change this, instead see systemRegistriesConfDirectoryPath above.
-const builtinRegistriesConfDirPath = "/etc/containers/registries.conf.d"
-
 // AuthenticationFileHelper is a special key for credential helpers indicating
 // the usage of consulting containers-auth.json files instead of a credential
 // helper.

vendor/github.com/containers/image/v5/signature/policy_config.go

@@ -32,10 +32,6 @@ import (
 // -ldflags '-X github.com/containers/image/v5/signature.systemDefaultPolicyPath=$your_path'
 var systemDefaultPolicyPath = builtinDefaultPolicyPath
 
-// builtinDefaultPolicyPath is the policy path used for DefaultPolicy().
-// DO NOT change this, instead see systemDefaultPolicyPath above.
-const builtinDefaultPolicyPath = "/etc/containers/policy.json"
-
 // userPolicyFile is the path to the per user policy path.
 var userPolicyFile = filepath.FromSlash(".config/containers/policy.json")
 

vendor/github.com/containers/image/v5/signature/policy_paths_common.go

@@ -0,0 +1,8 @@
+//go:build !freebsd
+// +build !freebsd
+
+package signature
+
+// builtinDefaultPolicyPath is the policy path used for DefaultPolicy().
+// DO NOT change this, instead see systemDefaultPolicyPath above.
+const builtinDefaultPolicyPath = "/etc/containers/policy.json"

vendor/github.com/containers/image/v5/signature/policy_paths_freebsd.go

@@ -0,0 +1,8 @@
+//go:build freebsd
+// +build freebsd
+
+package signature
+
+// builtinDefaultPolicyPath is the policy path used for DefaultPolicy().
+// DO NOT change this, instead see systemDefaultPolicyPath above.
+const builtinDefaultPolicyPath = "/usr/local/etc/containers/policy.json"

vendor/github.com/containers/image/v5/version/version.go

@@ -8,10 +8,10 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 21
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 1
+	VersionPatch = 2
 
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = ""
+	VersionDev = "-dev"
 )
 
 // Version is the specification version that the package types support.

vendor/github.com/proglottis/gpgme/gpgme.go

@@ -1,6 +1,7 @@
 // Package gpgme provides a Go wrapper for the GPGME library
 package gpgme
 
+// #cgo pkg-config: gpgme
 // #cgo LDFLAGS: -lgpgme -lassuan -lgpg-error
 // #cgo CPPFLAGS: -D_FILE_OFFSET_BITS=64
 // #include <stdlib.h>

vendor/modules.txt

@@ -50,7 +50,7 @@ github.com/containers/common/pkg/flag
 github.com/containers/common/pkg/report
 github.com/containers/common/pkg/report/camelcase
 github.com/containers/common/pkg/retry
-# github.com/containers/image/v5 v5.21.1
+# github.com/containers/image/v5 v5.21.2-0.20220519193817-1e26896b8059
 ## explicit
 github.com/containers/image/v5/copy
 github.com/containers/image/v5/directory
@@ -306,7 +306,7 @@ github.com/ostreedev/ostree-go/pkg/otbuiltin
 github.com/pkg/errors
 # github.com/pmezard/go-difflib v1.0.0
 github.com/pmezard/go-difflib/difflib
-# github.com/proglottis/gpgme v0.1.1
+# github.com/proglottis/gpgme v0.1.2
 github.com/proglottis/gpgme
 # github.com/prometheus/client_golang v1.11.1
 github.com/prometheus/client_golang/prometheus