mirror of
https://github.com/containers/skopeo.git
synced 2025-08-15 13:13:42 +00:00
fix(deps): update module github.com/containers/storage to v1.55.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
parent
4da797e353
commit
602c121f51
2
go.mod
2
go.mod
@ -10,7 +10,7 @@ require (
|
|||||||
github.com/containers/common v0.60.4
|
github.com/containers/common v0.60.4
|
||||||
github.com/containers/image/v5 v5.32.2
|
github.com/containers/image/v5 v5.32.2
|
||||||
github.com/containers/ocicrypt v1.2.0
|
github.com/containers/ocicrypt v1.2.0
|
||||||
github.com/containers/storage v1.55.0
|
github.com/containers/storage v1.55.1
|
||||||
github.com/docker/distribution v2.8.3+incompatible
|
github.com/docker/distribution v2.8.3+incompatible
|
||||||
github.com/moby/sys/capability v0.3.0
|
github.com/moby/sys/capability v0.3.0
|
||||||
github.com/opencontainers/go-digest v1.0.0
|
github.com/opencontainers/go-digest v1.0.0
|
||||||
|
4
go.sum
4
go.sum
@ -45,8 +45,8 @@ github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYgle
|
|||||||
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
|
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
|
||||||
github.com/containers/ocicrypt v1.2.0 h1:X14EgRK3xNFvJEfI5O4Qn4T3E25ANudSOZz/sirVuPM=
|
github.com/containers/ocicrypt v1.2.0 h1:X14EgRK3xNFvJEfI5O4Qn4T3E25ANudSOZz/sirVuPM=
|
||||||
github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U=
|
github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U=
|
||||||
github.com/containers/storage v1.55.0 h1:wTWZ3YpcQf1F+dSP4KxG9iqDfpQY1otaUXjPpffuhgg=
|
github.com/containers/storage v1.55.1 h1:ius7angdTqxO56hmTJnAznyEcUnYeLOV3ybwLozA/h8=
|
||||||
github.com/containers/storage v1.55.0/go.mod h1:28cB81IDk+y7ok60Of6u52RbCeBRucbFOeLunhER1RQ=
|
github.com/containers/storage v1.55.1/go.mod h1:28cB81IDk+y7ok60Of6u52RbCeBRucbFOeLunhER1RQ=
|
||||||
github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
|
github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
|
||||||
github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
|
github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
|
||||||
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||||
|
2
vendor/github.com/containers/storage/.cirrus.yml
generated
vendored
2
vendor/github.com/containers/storage/.cirrus.yml
generated
vendored
@ -120,7 +120,7 @@ lint_task:
|
|||||||
env:
|
env:
|
||||||
CIRRUS_WORKING_DIR: "/go/src/github.com/containers/storage"
|
CIRRUS_WORKING_DIR: "/go/src/github.com/containers/storage"
|
||||||
container:
|
container:
|
||||||
image: golang
|
image: golang:1.21
|
||||||
modules_cache:
|
modules_cache:
|
||||||
fingerprint_script: cat go.sum
|
fingerprint_script: cat go.sum
|
||||||
folder: $GOPATH/pkg/mod
|
folder: $GOPATH/pkg/mod
|
||||||
|
2
vendor/github.com/containers/storage/VERSION
generated
vendored
2
vendor/github.com/containers/storage/VERSION
generated
vendored
@ -1 +1 @@
|
|||||||
1.55.0
|
1.55.1
|
||||||
|
87
vendor/github.com/containers/storage/userns.go
generated
vendored
87
vendor/github.com/containers/storage/userns.go
generated
vendored
@ -1,18 +1,21 @@
|
|||||||
|
//go:build linux
|
||||||
|
|
||||||
package storage
|
package storage
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"os/user"
|
"os/user"
|
||||||
"path/filepath"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
drivers "github.com/containers/storage/drivers"
|
drivers "github.com/containers/storage/drivers"
|
||||||
"github.com/containers/storage/pkg/idtools"
|
"github.com/containers/storage/pkg/idtools"
|
||||||
"github.com/containers/storage/pkg/unshare"
|
"github.com/containers/storage/pkg/unshare"
|
||||||
"github.com/containers/storage/types"
|
"github.com/containers/storage/types"
|
||||||
|
securejoin "github.com/cyphar/filepath-securejoin"
|
||||||
libcontainerUser "github.com/moby/sys/user"
|
libcontainerUser "github.com/moby/sys/user"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
|
"golang.org/x/sys/unix"
|
||||||
)
|
)
|
||||||
|
|
||||||
// getAdditionalSubIDs looks up the additional IDs configured for
|
// getAdditionalSubIDs looks up the additional IDs configured for
|
||||||
@ -85,40 +88,59 @@ const nobodyUser = 65534
|
|||||||
// parseMountedFiles returns the maximum UID and GID found in the /etc/passwd and
|
// parseMountedFiles returns the maximum UID and GID found in the /etc/passwd and
|
||||||
// /etc/group files.
|
// /etc/group files.
|
||||||
func parseMountedFiles(containerMount, passwdFile, groupFile string) uint32 {
|
func parseMountedFiles(containerMount, passwdFile, groupFile string) uint32 {
|
||||||
|
var (
|
||||||
|
passwd *os.File
|
||||||
|
group *os.File
|
||||||
|
size int
|
||||||
|
err error
|
||||||
|
)
|
||||||
if passwdFile == "" {
|
if passwdFile == "" {
|
||||||
passwdFile = filepath.Join(containerMount, "etc/passwd")
|
passwd, err = secureOpen(containerMount, "/etc/passwd")
|
||||||
|
} else {
|
||||||
|
// User-specified override from a volume. Will not be in
|
||||||
|
// container root.
|
||||||
|
passwd, err = os.Open(passwdFile)
|
||||||
}
|
}
|
||||||
if groupFile == "" {
|
|
||||||
groupFile = filepath.Join(groupFile, "etc/group")
|
|
||||||
}
|
|
||||||
|
|
||||||
size := 0
|
|
||||||
|
|
||||||
users, err := libcontainerUser.ParsePasswdFile(passwdFile)
|
|
||||||
if err == nil {
|
if err == nil {
|
||||||
for _, u := range users {
|
defer passwd.Close()
|
||||||
// Skip the "nobody" user otherwise we end up with 65536
|
|
||||||
// ids with most images
|
users, err := libcontainerUser.ParsePasswd(passwd)
|
||||||
if u.Name == "nobody" {
|
if err == nil {
|
||||||
continue
|
for _, u := range users {
|
||||||
}
|
// Skip the "nobody" user otherwise we end up with 65536
|
||||||
if u.Uid > size && u.Uid != nobodyUser {
|
// ids with most images
|
||||||
size = u.Uid
|
if u.Name == "nobody" || u.Name == "nogroup" {
|
||||||
}
|
continue
|
||||||
if u.Gid > size && u.Gid != nobodyUser {
|
}
|
||||||
size = u.Gid
|
if u.Uid > size && u.Uid != nobodyUser {
|
||||||
|
size = u.Uid + 1
|
||||||
|
}
|
||||||
|
if u.Gid > size && u.Gid != nobodyUser {
|
||||||
|
size = u.Gid + 1
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
groups, err := libcontainerUser.ParseGroupFile(groupFile)
|
if groupFile == "" {
|
||||||
|
group, err = secureOpen(containerMount, "/etc/group")
|
||||||
|
} else {
|
||||||
|
// User-specified override from a volume. Will not be in
|
||||||
|
// container root.
|
||||||
|
group, err = os.Open(groupFile)
|
||||||
|
}
|
||||||
if err == nil {
|
if err == nil {
|
||||||
for _, g := range groups {
|
defer group.Close()
|
||||||
if g.Name == "nobody" {
|
|
||||||
continue
|
groups, err := libcontainerUser.ParseGroup(group)
|
||||||
}
|
if err == nil {
|
||||||
if g.Gid > size && g.Gid != nobodyUser {
|
for _, g := range groups {
|
||||||
size = g.Gid
|
if g.Name == "nobody" || g.Name == "nogroup" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if g.Gid > size && g.Gid != nobodyUser {
|
||||||
|
size = g.Gid + 1
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -309,3 +331,14 @@ func getAutoUserNSIDMappings(
|
|||||||
gidMap := append(availableGIDs.zip(requestedContainerGIDs), additionalGIDMappings...)
|
gidMap := append(availableGIDs.zip(requestedContainerGIDs), additionalGIDMappings...)
|
||||||
return uidMap, gidMap, nil
|
return uidMap, gidMap, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Securely open (read-only) a file in a container mount.
|
||||||
|
func secureOpen(containerMount, file string) (*os.File, error) {
|
||||||
|
tmpFile, err := securejoin.OpenInRoot(containerMount, file)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer tmpFile.Close()
|
||||||
|
|
||||||
|
return securejoin.Reopen(tmpFile, unix.O_RDONLY)
|
||||||
|
}
|
||||||
|
14
vendor/github.com/containers/storage/userns_unsupported.go
generated
vendored
Normal file
14
vendor/github.com/containers/storage/userns_unsupported.go
generated
vendored
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
//go:build !linux
|
||||||
|
|
||||||
|
package storage
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
|
||||||
|
"github.com/containers/storage/pkg/idtools"
|
||||||
|
"github.com/containers/storage/types"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (s *store) getAutoUserNS(_ *types.AutoUserNsOptions, _ *Image, _ rwLayerStore, _ []roLayerStore) ([]idtools.IDMap, []idtools.IDMap, error) {
|
||||||
|
return nil, nil, errors.New("user namespaces are not supported on this platform")
|
||||||
|
}
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -165,7 +165,7 @@ github.com/containers/ocicrypt/keywrap/pkcs7
|
|||||||
github.com/containers/ocicrypt/spec
|
github.com/containers/ocicrypt/spec
|
||||||
github.com/containers/ocicrypt/utils
|
github.com/containers/ocicrypt/utils
|
||||||
github.com/containers/ocicrypt/utils/keyprovider
|
github.com/containers/ocicrypt/utils/keyprovider
|
||||||
# github.com/containers/storage v1.55.0
|
# github.com/containers/storage v1.55.1
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/containers/storage
|
github.com/containers/storage
|
||||||
github.com/containers/storage/drivers
|
github.com/containers/storage/drivers
|
||||||
|
Loading…
Reference in New Issue
Block a user