bump c/image

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

vendor/github.com/containers/image/docker/docker_client.go

@@ -264,8 +264,25 @@ func (c *dockerClient) setupRequestAuth(req *http.Request) error {
 			return err
 		}
 		chs := parseAuthHeader(res.Header)
+		// We could end up in this "if" statement if the /v2/ call (during ping)
+		// returned 401 with a valid WWW-Authenticate=Bearer header.
+		// That doesn't **always** mean, however, that the specific API request
+		// (different from /v2/) actually needs to be authorized.
+		// One example of this _weird_ scenario happens with GCR.io docker
+		// registries.
 		if res.StatusCode != http.StatusUnauthorized || chs == nil || len(chs) == 0 {
-			// try again one last time with Basic Auth (gcr.io for instance)
+			// With gcr.io, the /v2/ call returns a 401 with a valid WWW-Authenticate=Bearer
+			// header but the repository could be _public_ (no authorization is needed).
+			// Hence, the registry response contains no challenges and the status
+			// code is not 401.
+			// We just skip this case as it's not standard on docker/distribution
+			// registries (https://github.com/docker/distribution/blob/master/docs/spec/api.md#api-version-check)
+			if res.StatusCode != http.StatusUnauthorized {
+				return nil
+			}
+			// gcr.io private repositories pull instead requires us to send user:pass pair in
+			// order to retrieve a token and setup the correct Bearer token.
+			// try again one last time with Basic Auth
 			testReq2 := *req
 			// Do not use the body stream, or we couldn't reuse it for the "real" call later.
 			testReq2.Body = nil

vendor/github.com/containers/image/image/memory.go

@@ -37,11 +37,7 @@ func (i *memoryImage) Close() {
 
 // Size returns the size of the image as stored, if known, or -1 if not.
 func (i *memoryImage) Size() (int64, error) {
-	s, err := i.serialize()
-	if err != nil {
-		return -1, err
-	}
-	return int64(len(s)), nil
+	return -1, nil
 }
 
 // Manifest is like ImageSource.GetManifest, but the result is cached; it is OK to call this however often you need.

vendor/github.com/containers/image/signature/mechanism.go

@@ -7,7 +7,6 @@ import (
 	"fmt"
 
 	"github.com/mtrmac/gpgme"
-	"github.com/pkg/errors"
 )
 
 // SigningMechanism abstracts a way to sign binary blobs and verify their signatures.
@@ -77,9 +76,6 @@ func (m gpgSigningMechanism) ImportKeysFromBytes(blob []byte) ([]string, error)
 func (m gpgSigningMechanism) Sign(input []byte, keyIdentity string) ([]byte, error) {
 	key, err := m.ctx.GetKey(keyIdentity, true)
 	if err != nil {
-		if e, ok := err.(gpgme.Error); ok && e.Code() == gpgme.ErrorEOF {
-			return nil, errors.Errorf("key %q not found", keyIdentity)
-		}
 		return nil, err
 	}
 	inputData, err := gpgme.NewDataBytes(input)

vendor/github.com/containers/storage/storageversion/version_lib.go

@@ -1,4 +1,4 @@
-// +build !autogen
+// +build !containersstorageautogen
 
 // Package storageversion is auto-generated at build-time
 package storageversion

vendor/github.com/mtrmac/gpgme/gpgme.go

@@ -9,6 +9,7 @@ package gpgme
 import "C"
 
 import (
+	"fmt"
 	"io"
 	"os"
 	"runtime"
@@ -389,7 +390,14 @@ func (c *Context) GetKey(fingerprint string, secret bool) (*Key, error) {
 	key := newKey()
 	cfpr := C.CString(fingerprint)
 	defer C.free(unsafe.Pointer(cfpr))
-	return key, handleError(C.gpgme_get_key(c.ctx, cfpr, &key.k, cbool(secret)))
+	err := handleError(C.gpgme_get_key(c.ctx, cfpr, &key.k, cbool(secret)))
+	if e, ok := err.(Error); key.k == nil && ok && e.Code() == ErrorEOF {
+		return nil, fmt.Errorf("key %q not found", fingerprint)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return key, nil
 }
 
 func (c *Context) Decrypt(ciphertext, plaintext *Data) error {