diff --git a/go.mod b/go.mod index 9c08432e..9189469a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/containers/common v0.51.0 github.com/containers/image/v5 v5.24.2-0.20230215091257-15e211694ae5 github.com/containers/ocicrypt v1.1.7 - github.com/containers/storage v1.45.3 + github.com/containers/storage v1.45.4 github.com/docker/distribution v2.8.1+incompatible github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 @@ -24,12 +24,12 @@ require ( require ( github.com/BurntSushi/toml v1.2.1 // indirect github.com/Microsoft/go-winio v0.6.0 // indirect - github.com/Microsoft/hcsshim v0.9.6 // indirect + github.com/Microsoft/hcsshim v0.9.7 // indirect github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/containerd/cgroups v1.0.4 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.13.0 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.14.1 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/coreos/go-oidc/v3 v3.5.0 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect @@ -85,7 +85,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/runc v1.1.4 // indirect - github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb // indirect + github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect github.com/opencontainers/selinux v1.11.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect @@ -101,7 +101,7 @@ require ( github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect github.com/sylabs/sif/v2 v2.9.1 // indirect - github.com/tchap/go-patricia v2.3.0+incompatible // indirect + github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/theupdateframework/go-tuf v0.5.2 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/ulikunitz/xz v0.5.11 // indirect diff --git a/go.sum b/go.sum index 8c4e106f..4a9bdd5b 100644 --- a/go.sum +++ b/go.sum @@ -60,8 +60,8 @@ github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= -github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= -github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.7 h1:mKNHW/Xvv1aFH87Jb6ERDzXTJTLPlmzfZ28VBFD/bfg= +github.com/Microsoft/hcsshim v0.9.7/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -190,8 +190,8 @@ github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFY github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM= -github.com/containerd/stargz-snapshotter/estargz v0.13.0 h1:fD7AwuVV+B40p0d9qVkH/Au1qhp8hn/HWJHIYjpEcfw= -github.com/containerd/stargz-snapshotter/estargz v0.13.0/go.mod h1:m+9VaGJGlhCnrcEUod8mYumTmRgblwd3rC5UCEh2Yp0= +github.com/containerd/stargz-snapshotter/estargz v0.14.1 h1:n9M2GDSWM96pyipFTA0DaU+zdtzi3Iwsnj/rIHr1yFM= +github.com/containerd/stargz-snapshotter/estargz v0.14.1/go.mod h1:uPtMw6ucGJYwImjhxk/oghZmfElF/841u86wReNggNk= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= @@ -223,8 +223,8 @@ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgU github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.7 h1:thhNr4fu2ltyGz8aMx8u48Ae0Pnbip3ePP9/mzkZ/3U= github.com/containers/ocicrypt v1.1.7/go.mod h1:7CAhjcj2H8AYp5YvEie7oVSK2AhBY8NscCYRawuDNtw= -github.com/containers/storage v1.45.3 h1:GbtTvTtp3GW2/tcFg5VhgHXcYMwVn2KfZKiHjf9FAOM= -github.com/containers/storage v1.45.3/go.mod h1:OdRUYHrq1HP6iAo79VxqtYuJzC5j4eA2I60jKOoCT7g= +github.com/containers/storage v1.45.4 h1:49u6l37f/QC2ylG4d9FNS3ERfFKH462jrd7HARf3tfw= +github.com/containers/storage v1.45.4/go.mod h1:mnFUauIJ9UiIYn2KIVavFz73PH8MUhI/8FCkjB7OX8o= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= @@ -574,7 +574,6 @@ github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0 github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= @@ -715,8 +714,8 @@ github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.m github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb h1:1xSVPOd7/UA+39/hXEGnBJ13p6JFB0E1EvQFlrRDOXI= -github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w= +github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= @@ -867,8 +866,8 @@ github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs= -github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= +github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= +github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/theupdateframework/go-tuf v0.5.2 h1:habfDzTmpbzBLIFGWa2ZpVhYvFBoK0C1onC3a4zuPRA= github.com/theupdateframework/go-tuf v0.5.2/go.mod h1:SyMV5kg5n4uEclsyxXJZI2UxPFJNDc4Y+r7wv+MlvTA= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go index f4605922..78490d6c 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go @@ -161,7 +161,39 @@ func (process *Process) Kill(ctx context.Context) (bool, error) { return true, nil } - resultJSON, err := vmcompute.HcsTerminateProcess(ctx, process.handle) + // HCS serializes the signals sent to a target pid per compute system handle. + // To avoid SIGKILL being serialized behind other signals, we open a new compute + // system handle to deliver the kill signal. + // If the calls to opening a new compute system handle fail, we forcefully + // terminate the container itself so that no container is left behind + hcsSystem, err := OpenComputeSystem(ctx, process.system.id) + if err != nil { + // log error and force termination of container + log.G(ctx).WithField("err", err).Error("OpenComputeSystem() call failed") + err = process.system.Terminate(ctx) + // if the Terminate() call itself ever failed, log and return error + if err != nil { + log.G(ctx).WithField("err", err).Error("Terminate() call failed") + return false, err + } + process.system.Close() + return true, nil + } + defer hcsSystem.Close() + + newProcessHandle, err := hcsSystem.OpenProcess(ctx, process.Pid()) + if err != nil { + // Return true only if the target process has either already + // exited, or does not exist. + if IsAlreadyStopped(err) { + return true, nil + } else { + return false, err + } + } + defer newProcessHandle.Close() + + resultJSON, err := vmcompute.HcsTerminateProcess(ctx, newProcessHandle.handle) if err != nil { // We still need to check these two cases, as processes may still be killed by an // external actor (human operator, OOM, random script etc). @@ -185,9 +217,9 @@ func (process *Process) Kill(ctx context.Context) (bool, error) { } } events := processHcsResult(ctx, resultJSON) - delivered, err := process.processSignalResult(ctx, err) + delivered, err := newProcessHandle.processSignalResult(ctx, err) if err != nil { - err = makeProcessError(process, operation, err, events) + err = makeProcessError(newProcessHandle, operation, err, events) } process.killSignalDelivered = delivered diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml index 6f904856..9a694350 100644 --- a/vendor/github.com/containers/storage/.cirrus.yml +++ b/vendor/github.com/containers/storage/.cirrus.yml @@ -17,13 +17,13 @@ env: #### #### Cache-image names to test with (double-quotes around names are critical) ### - FEDORA_NAME: "fedora-36" - UBUNTU_NAME: "ubuntu-2204" + FEDORA_NAME: "fedora-37" ### 20230120t152650z-f37f36u2204 + UBUNTU_NAME: "ubuntu-2204" ### 20230120t152650z-f37f36u2204 # GCE project where images live IMAGE_PROJECT: "libpod-218412" # VM Image built in containers/automation_images - IMAGE_SUFFIX: "c5878804328480768" + IMAGE_SUFFIX: "c20230120t152650z-f37f36u2204" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}" @@ -58,7 +58,7 @@ fedora_testing_task: &fedora_testing name: &std_test_name "${OS_NAME} ${TEST_DRIVER}" depends_on: - lint - + only_if: $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' gce_instance: # Only need to specify differences from defaults (above) image_name: "${VM_IMAGE}" @@ -78,6 +78,8 @@ fedora_testing_task: &fedora_testing TEST_DRIVER: "fuse-overlay" - env: TEST_DRIVER: "fuse-overlay-whiteout" + - env: + TEST_DRIVER: "btrfs" # Separate scripts for separate outputs, makes debugging easier. setup_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' @@ -90,10 +92,12 @@ fedora_testing_task: &fedora_testing journal_log_script: '${_JOURNALCMD} || true' +# aufs was dropped between 20.04 and 22.04, can't test it ubuntu_testing_task: &ubuntu_testing <<: *fedora_testing alias: ubuntu_testing name: *std_test_name + only_if: $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' env: OS_NAME: "${UBUNTU_NAME}" VM_IMAGE: "${UBUNTU_CACHE_IMAGE_NAME}" @@ -102,6 +106,14 @@ ubuntu_testing_task: &ubuntu_testing TEST_DRIVER: "vfs" - env: TEST_DRIVER: "overlay" + - env: + TEST_DRIVER: "fuse-overlay" + - env: + TEST_DRIVER: "fuse-overlay-whiteout" + - env: + TEST_DRIVER: "btrfs" + - env: + TEST_DRIVER: "zfs" lint_task: @@ -152,6 +164,12 @@ vendor_task: test_script: hack/tree_status.sh +cross_task: + container: + image: golang:1.17 + build_script: make cross + + # Represent overall pass/fail status from required dependent tasks success_task: depends_on: @@ -160,6 +178,7 @@ success_task: - ubuntu_testing - meta - vendor + - cross container: image: golang:1.17 clone_script: 'mkdir -p "$CIRRUS_WORKING_DIR"' # Source code not needed diff --git a/vendor/github.com/containers/storage/Makefile b/vendor/github.com/containers/storage/Makefile index ea2bb640..69298ba5 100644 --- a/vendor/github.com/containers/storage/Makefile +++ b/vendor/github.com/containers/storage/Makefile @@ -3,25 +3,19 @@ export GOPROXY=https://proxy.golang.org .PHONY: \ all \ - binary \ clean \ - cross \ default \ docs \ - gccgo \ help \ install.tools \ local-binary \ local-cross \ local-gccgo \ + local-test \ local-test-integration \ local-test-unit \ local-validate \ lint \ - test \ - test-integration \ - test-unit \ - validate \ vendor PACKAGE := github.com/containers/storage @@ -40,26 +34,24 @@ ifeq ($(shell $(GO) help mod >/dev/null 2>&1 && echo true), true) MOD_VENDOR=-mod=vendor endif -RUNINVM := vagrant/runinvm.sh - -default all: local-binary docs local-validate local-cross local-gccgo test-unit test-integration ## validate all checks, build and cross-build\nbinaries and docs, run tests in a VM +default all: local-binary docs local-validate local-cross ## validate all checks, build and cross-build\nbinaries and docs clean: ## remove all built files $(RM) -f containers-storage containers-storage.* docs/*.1 docs/*.5 -sources := $(wildcard *.go cmd/containers-storage/*.go drivers/*.go drivers/*/*.go pkg/*/*.go pkg/*/*/*.go) +sources := $(wildcard *.go cmd/containers-storage/*.go drivers/*.go drivers/*/*.go internal/*/*.go pkg/*/*.go pkg/*/*/*.go types/*.go) containers-storage: $(sources) ## build using gc on the host $(GO) build $(MOD_VENDOR) -compiler gc $(BUILDFLAGS) ./cmd/containers-storage codespell: - codespell -S Makefile,build,buildah,buildah.spec,imgtype,copy,AUTHORS,bin,vendor,.git,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L flate,uint,iff,od,ERRO -w + codespell -S Makefile,build,buildah,buildah.spec,imgtype,copy,AUTHORS,bin,vendor,.git,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L worl,flate,uint,iff,od,ERRO -w binary local-binary: containers-storage -local-gccgo: ## build using gccgo on the host +local-gccgo gccgo: ## build using gccgo on the host GCCGO=$(PWD)/hack/gccgo-wrapper.sh $(GO) build $(MOD_VENDOR) -compiler gccgo $(BUILDFLAGS) -o containers-storage.gccgo ./cmd/containers-storage -local-cross: ## cross build the binaries for arm, darwin, and freebsd +local-cross cross: ## cross build the binaries for arm, darwin, and freebsd @for target in linux/amd64 linux/386 linux/arm linux/arm64 linux/ppc64 linux/ppc64le linux/s390x linux/mips linux/mipsle linux/mips64 linux/mips64le darwin/amd64 windows/amd64 freebsd/amd64 freebsd/arm64 ; do \ os=`echo $${target} | cut -f1 -d/` ; \ arch=`echo $${target} | cut -f2 -d/` ; \ @@ -68,37 +60,21 @@ local-cross: ## cross build the binaries for arm, darwin, and freebsd env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} $(GO) build $(MOD_VENDOR) -compiler gc -tags "$(NATIVETAGS) $(TAGS)" $(FLAGS) -o containers-storage.$${suffix} ./cmd/containers-storage || exit 1 ; \ done -cross: ## cross build the binaries for arm, darwin, and\nfreebsd using VMs - $(RUNINVM) $(MAKE) local-$@ - docs: install.tools ## build the docs on the host $(MAKE) -C docs docs -gccgo: ## build using gccgo using VMs - $(RUNINVM) $(MAKE) local-$@ +local-test: local-binary local-test-unit local-test-integration ## build the binaries and run the tests -test: local-binary ## build the binaries and run the tests using VMs - $(RUNINVM) $(MAKE) local-binary local-cross local-test-unit local-test-integration - -local-test-unit: local-binary ## run the unit tests on the host (requires\nsuperuser privileges) +local-test-unit test-unit: local-binary ## run the unit tests on the host (requires\nsuperuser privileges) @$(GO) test $(MOD_VENDOR) $(BUILDFLAGS) $(TESTFLAGS) $(shell $(GO) list ./... | grep -v ^$(PACKAGE)/vendor) -test-unit: local-binary ## run the unit tests using VMs - $(RUNINVM) $(MAKE) local-$@ - -local-test-integration: local-binary ## run the integration tests on the host (requires\nsuperuser privileges) +local-test-integration test-integration: local-binary ## run the integration tests on the host (requires\nsuperuser privileges) @cd tests; ./test_runner.bash -test-integration: local-binary ## run the integration tests using VMs - $(RUNINVM) $(MAKE) local-$@ - -local-validate: install.tools ## validate DCO and gofmt on the host +local-validate validate: install.tools ## validate DCO and gofmt on the host @./hack/git-validation.sh @./hack/gofmt.sh -validate: ## validate DCO, gofmt, ./pkg/ isolation, golint,\ngo vet and vendor using VMs - $(RUNINVM) $(MAKE) local-$@ - install.tools: $(MAKE) -C tests/tools diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION index 53999456..4d3b50f2 100644 --- a/vendor/github.com/containers/storage/VERSION +++ b/vendor/github.com/containers/storage/VERSION @@ -1 +1 @@ -1.45.3 +1.45.4 diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go index 106d1d15..bdb280e0 100644 --- a/vendor/github.com/containers/storage/containers.go +++ b/vendor/github.com/containers/storage/containers.go @@ -14,6 +14,7 @@ import ( "github.com/containers/storage/pkg/stringid" "github.com/containers/storage/pkg/truncindex" digest "github.com/opencontainers/go-digest" + "github.com/sirupsen/logrus" ) type containerLocations uint8 @@ -420,6 +421,7 @@ func (r *containerStore) GarbageCollect() error { } // Otherwise remove datadir + logrus.Debugf("removing %q", filepath.Join(r.dir, id)) moreErr := os.RemoveAll(filepath.Join(r.dir, id)) // Propagate first error if moreErr != nil && err == nil { diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go index b3b0614f..3d4a15ee 100644 --- a/vendor/github.com/containers/storage/drivers/driver.go +++ b/vendor/github.com/containers/storage/drivers/driver.go @@ -223,7 +223,7 @@ type CapabilityDriver interface { Capabilities() Capabilities } -// AdditionalLayer reprents a layer that is stored in the additional layer store +// AdditionalLayer represents a layer that is stored in the additional layer store // This API is experimental and can be changed without bumping the major version number. type AdditionalLayer interface { // CreateAs creates a new layer from this additional layer diff --git a/vendor/github.com/containers/storage/drivers/overlay/check.go b/vendor/github.com/containers/storage/drivers/overlay/check.go index 0a0ad7dd..43711274 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/check.go +++ b/vendor/github.com/containers/storage/drivers/overlay/check.go @@ -12,6 +12,7 @@ import ( "syscall" "github.com/containers/storage/pkg/archive" + "github.com/containers/storage/pkg/idmap" "github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/ioutils" "github.com/containers/storage/pkg/mount" @@ -243,20 +244,20 @@ func supportsIdmappedLowerLayers(home string) (bool, error) { _ = idtools.MkdirAs(upperDir, 0700, 0, 0) _ = idtools.MkdirAs(workDir, 0700, 0, 0) - idmap := []idtools.IDMap{ + mapping := []idtools.IDMap{ { ContainerID: 0, HostID: 0, Size: 1, }, } - pid, cleanupFunc, err := createUsernsProcess(idmap, idmap) + pid, cleanupFunc, err := idmap.CreateUsernsProcess(mapping, mapping) if err != nil { return false, err } defer cleanupFunc() - if err := createIDMappedMount(lowerDir, lowerMappedDir, int(pid)); err != nil { + if err := idmap.CreateIDMappedMount(lowerDir, lowerMappedDir, int(pid)); err != nil { return false, fmt.Errorf("create mapped mount: %w", err) } defer unix.Unmount(lowerMappedDir, unix.MNT_DETACH) diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index e33bf16d..d85cdd95 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -26,6 +26,7 @@ import ( "github.com/containers/storage/pkg/chrootarchive" "github.com/containers/storage/pkg/directory" "github.com/containers/storage/pkg/fsutils" + "github.com/containers/storage/pkg/idmap" "github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/mount" "github.com/containers/storage/pkg/parsers" @@ -46,8 +47,7 @@ var ( ) const ( - defaultPerms = os.FileMode(0555) - selinuxLabelTest = "system_u:object_r:container_file_t:s0" + defaultPerms = os.FileMode(0555) ) // This backend uses the overlay union filesystem for containers @@ -314,7 +314,10 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error) } fsName, ok := graphdriver.FsNames[fsMagic] if !ok { - return nil, fmt.Errorf("filesystem type %#x reported for %s is not supported with 'overlay': %w", fsMagic, filepath.Dir(home), graphdriver.ErrIncompatibleFS) + if opts.mountProgram == "" { + return nil, fmt.Errorf("filesystem type %#x reported for %s is not supported with 'overlay': %w", fsMagic, filepath.Dir(home), graphdriver.ErrIncompatibleFS) + } + fsName = "" } backingFs = fsName @@ -653,6 +656,8 @@ func SupportsNativeOverlay(home, runhome string) (bool, error) { func supportsOverlay(home string, homeMagic graphdriver.FsMagic, rootUID, rootGID int) (supportsDType bool, err error) { // We can try to modprobe overlay first + selinuxLabelTest := selinux.PrivContainerMountLabel() + exec.Command("modprobe", "overlay").Run() logLevel := logrus.ErrorLevel @@ -1504,14 +1509,14 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO } } - if d.supportsIDmappedMounts() && len(options.UidMaps) > 0 && len(options.GidMaps) > 0 { + if !disableShifting && len(options.UidMaps) > 0 && len(options.GidMaps) > 0 { var newAbsDir []string mappedRoot := filepath.Join(d.home, id, "mapped") if err := os.MkdirAll(mappedRoot, 0700); err != nil { return "", err } - pid, cleanupFunc, err := createUsernsProcess(options.UidMaps, options.GidMaps) + pid, cleanupFunc, err := idmap.CreateUsernsProcess(options.UidMaps, options.GidMaps) if err != nil { return "", err } @@ -1528,7 +1533,7 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO if !found { root = filepath.Join(mappedRoot, fmt.Sprintf("%d", c)) c++ - if err := createIDMappedMount(mappedMountSrc, root, int(pid)); err != nil { + if err := idmap.CreateIDMappedMount(mappedMountSrc, root, int(pid)); err != nil { return "", fmt.Errorf("create mapped mount for %q on %q: %w", mappedMountSrc, root, err) } idMappedMounts[mappedMountSrc] = root @@ -2097,8 +2102,8 @@ func (d *Driver) supportsIDmappedMounts() bool { // SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS func (d *Driver) SupportsShifting() bool { - if os.Getenv("_TEST_FORCE_SUPPORT_SHIFTING") == "yes-please" { - return true + if os.Getenv("_CONTAINERS_OVERLAY_DISABLE_IDMAP") == "yes" { + return false } if d.options.mountProgram != "" { return true diff --git a/vendor/github.com/containers/storage/images.go b/vendor/github.com/containers/storage/images.go index 577b6f8e..2079c0ff 100644 --- a/vendor/github.com/containers/storage/images.go +++ b/vendor/github.com/containers/storage/images.go @@ -14,6 +14,7 @@ import ( "github.com/containers/storage/pkg/stringutils" "github.com/containers/storage/pkg/truncindex" digest "github.com/opencontainers/go-digest" + "github.com/sirupsen/logrus" ) const ( @@ -152,6 +153,9 @@ type rwImageStore interface { addMappedTopLayer(id, layer string) error removeMappedTopLayer(id, layer string) error + // Clean up unreferenced per-image data. + GarbageCollect() error + // Wipe removes records of all images. Wipe() error } @@ -396,6 +400,41 @@ func (r *imageStore) Images() ([]Image, error) { return images, nil } +// This looks for datadirs in the store directory that are not referenced +// by the json file and removes it. These can happen in the case of unclean +// shutdowns. +// Requires startReading or startWriting. +func (r *imageStore) GarbageCollect() error { + entries, err := os.ReadDir(r.dir) + if err != nil { + // Unexpected, don't try any GC + return err + } + + for _, entry := range entries { + id := entry.Name() + // Does it look like a datadir directory? + if !entry.IsDir() || !nameLooksLikeID(id) { + continue + } + + // Should the id be there? + if r.byid[id] != nil { + continue + } + + // Otherwise remove datadir + logrus.Debugf("removing %q", filepath.Join(r.dir, id)) + moreErr := os.RemoveAll(filepath.Join(r.dir, id)) + // Propagate first error + if moreErr != nil && err == nil { + err = moreErr + } + } + + return err +} + func (r *imageStore) imagespath() string { return filepath.Join(r.dir, "images.json") } diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go index f14108be..3176062b 100644 --- a/vendor/github.com/containers/storage/layers.go +++ b/vendor/github.com/containers/storage/layers.go @@ -281,7 +281,7 @@ type rwLayerStore interface { // unmount unmounts a layer when it is no longer in use. // If conditional is set, it will fail with ErrLayerNotMounted if the layer is not mounted (without conditional, the caller is // making a promise that the layer is actually mounted). - // If force is set, it will physically try to unmount it even if it is mounted multple times, or even if (!conditional and) + // If force is set, it will physically try to unmount it even if it is mounted multiple times, or even if (!conditional and) // there are no records of it being mounted in the first place. // It returns whether the layer was still mounted at the time this function returned. // WARNING: The return value may already be obsolete by the time it is available @@ -678,10 +678,13 @@ func (r *layerStore) GarbageCollect() error { // Remove layer and any related data of unreferenced id if err := r.driver.Remove(id); err != nil { + logrus.Debugf("removing driver layer %q", id) return err } + logrus.Debugf("removing %q", r.tspath(id)) os.Remove(r.tspath(id)) + logrus.Debugf("removing %q", r.datadir(id)) os.RemoveAll(r.datadir(id)) } return nil diff --git a/vendor/github.com/containers/storage/drivers/overlay/idmapped_utils.go b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go similarity index 93% rename from vendor/github.com/containers/storage/drivers/overlay/idmapped_utils.go rename to vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go index 0b7c868a..98ce7072 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/idmapped_utils.go +++ b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go @@ -1,7 +1,7 @@ //go:build linux // +build linux -package overlay +package idmap import ( "fmt" @@ -77,9 +77,9 @@ func mountSetAttr(dfd int, path string, flags uint, attr *attr, size uint) (err return } -// createIDMappedMount creates a IDMapped bind mount from SOURCE to TARGET using the user namespace +// CreateIDMappedMount creates a IDMapped bind mount from SOURCE to TARGET using the user namespace // for the PID process. -func createIDMappedMount(source, target string, pid int) error { +func CreateIDMappedMount(source, target string, pid int) error { path := fmt.Sprintf("/proc/%d/ns/user", pid) userNsFile, err := os.Open(path) if err != nil { @@ -110,9 +110,9 @@ func createIDMappedMount(source, target string, pid int) error { return moveMount(targetDirFd, target) } -// createUsernsProcess forks the current process and creates a user namespace using the specified +// CreateUsernsProcess forks the current process and creates a user namespace using the specified // mappings. It returns the pid of the new process. -func createUsernsProcess(uidMaps []idtools.IDMap, gidMaps []idtools.IDMap) (int, func(), error) { +func CreateUsernsProcess(uidMaps []idtools.IDMap, gidMaps []idtools.IDMap) (int, func(), error) { var pid uintptr var err syscall.Errno diff --git a/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils_unsupported.go b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils_unsupported.go new file mode 100644 index 00000000..81c6072a --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils_unsupported.go @@ -0,0 +1,22 @@ +//go:build !linux +// +build !linux + +package idmap + +import ( + "fmt" + + "github.com/containers/storage/pkg/idtools" +) + +// CreateIDMappedMount creates a IDMapped bind mount from SOURCE to TARGET using the user namespace +// for the PID process. +func CreateIDMappedMount(source, target string, pid int) error { + return fmt.Errorf("IDMapped mounts are not supported") +} + +// CreateUsernsProcess forks the current process and creates a user namespace using the specified +// mappings. It returns the pid of the new process. +func CreateUsernsProcess(uidMaps []idtools.IDMap, gidMaps []idtools.IDMap) (int, func(), error) { + return -1, nil, fmt.Errorf("IDMapped mounts are not supported") +} diff --git a/vendor/github.com/containers/storage/pkg/ioutils/readers.go b/vendor/github.com/containers/storage/pkg/ioutils/readers.go index 0e89787d..146e1a5f 100644 --- a/vendor/github.com/containers/storage/pkg/ioutils/readers.go +++ b/vendor/github.com/containers/storage/pkg/ioutils/readers.go @@ -1,11 +1,10 @@ package ioutils import ( + "context" "crypto/sha256" "encoding/hex" "io" - - "golang.org/x/net/context" ) type readCloserWrapper struct { diff --git a/vendor/github.com/containers/storage/pkg/regexp/regexp.go b/vendor/github.com/containers/storage/pkg/regexp/regexp.go index ec879710..458b8337 100644 --- a/vendor/github.com/containers/storage/pkg/regexp/regexp.go +++ b/vendor/github.com/containers/storage/pkg/regexp/regexp.go @@ -7,7 +7,7 @@ import ( ) // Regexp is a wrapper struct used for wrapping MustCompile regex expressions -// used as global variables. Using this stucture helps speed the startup time +// used as global variables. Using this structure helps speed the startup time // of apps that want to use global regex variables. This library initializes them on // first use as opposed to the start of the executable. type Regexp struct { diff --git a/vendor/github.com/containers/storage/pkg/truncindex/truncindex.go b/vendor/github.com/containers/storage/pkg/truncindex/truncindex.go index 8f073265..b81793ad 100644 --- a/vendor/github.com/containers/storage/pkg/truncindex/truncindex.go +++ b/vendor/github.com/containers/storage/pkg/truncindex/truncindex.go @@ -9,7 +9,7 @@ import ( "strings" "sync" - "github.com/tchap/go-patricia/patricia" + "github.com/tchap/go-patricia/v2/patricia" ) var ( diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index d208e0bf..6e7a9931 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -519,7 +519,7 @@ type Store interface { GarbageCollect() error } -// AdditionalLayer reprents a layer that is contained in the additional layer store +// AdditionalLayer represents a layer that is contained in the additional layer store // This API is experimental and can be changed without bumping the major version number. type AdditionalLayer interface { // PutAs creates layer based on this handler, using diff contents from the additional @@ -820,7 +820,7 @@ func (s *store) GIDMap() []idtools.IDMap { return copyIDMap(s.gidMap) } -// This must only be called when constructing store; it writes to fields that are assumed to be constant after constrution. +// This must only be called when constructing store; it writes to fields that are assumed to be constant after construction. func (s *store) load() error { var driver drivers.Driver if err := func() error { // A scope for defer @@ -3341,7 +3341,14 @@ func (s *store) GarbageCollect() error { return s.containerStore.GarbageCollect() }) - moreErr := s.writeToLayerStore(func(rlstore rwLayerStore) error { + moreErr := s.writeToImageStore(func() error { + return s.imageStore.GarbageCollect() + }) + if firstErr == nil { + firstErr = moreErr + } + + moreErr = s.writeToLayerStore(func(rlstore rwLayerStore) error { return rlstore.GarbageCollect() }) if firstErr == nil { diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go index 01f4e5a7..7189a8e6 100644 --- a/vendor/github.com/containers/storage/types/options.go +++ b/vendor/github.com/containers/storage/types/options.go @@ -152,20 +152,24 @@ func defaultStoreOptionsIsolated(rootless bool, rootlessUID int, storageConf str } } } - if storageOpts.RunRoot != "" { - runRoot, err := expandEnvPath(storageOpts.RunRoot, rootlessUID) - if err != nil { - return storageOpts, err - } - storageOpts.RunRoot = runRoot + if storageOpts.RunRoot == "" { + return storageOpts, fmt.Errorf("runroot must be set") } - if storageOpts.GraphRoot != "" { - graphRoot, err := expandEnvPath(storageOpts.GraphRoot, rootlessUID) - if err != nil { - return storageOpts, err - } - storageOpts.GraphRoot = graphRoot + runRoot, err := expandEnvPath(storageOpts.RunRoot, rootlessUID) + if err != nil { + return storageOpts, err } + storageOpts.RunRoot = runRoot + + if storageOpts.GraphRoot == "" { + return storageOpts, fmt.Errorf("graphroot must be set") + } + graphRoot, err := expandEnvPath(storageOpts.GraphRoot, rootlessUID) + if err != nil { + return storageOpts, err + } + storageOpts.GraphRoot = graphRoot + if storageOpts.RootlessStoragePath != "" { storagePath, err := expandEnvPath(storageOpts.RootlessStoragePath, rootlessUID) if err != nil { @@ -186,7 +190,7 @@ func loadStoreOptions(rootless bool, rootlessUID int) (StoreOptions, error) { return defaultStoreOptionsIsolated(rootless, rootlessUID, storageConf) } -// UpdateOptions should be called iff container engine recieved a SIGHUP, +// UpdateOptions should be called iff container engine received a SIGHUP, // otherwise use DefaultStoreOptions func UpdateStoreOptions(rootless bool, rootlessUID int) (StoreOptions, error) { storeOptions, storeError = loadStoreOptions(rootless, rootlessUID) diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 7e912210..5b4f691c 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -319,6 +319,10 @@ type LinuxMemory struct { DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` // Enables hierarchical memory accounting UseHierarchy *bool `json:"useHierarchy,omitempty"` + // CheckBeforeUpdate enables checking if a new memory limit is lower + // than the current usage during update, and if so, rejecting the new + // limit. + CheckBeforeUpdate *bool `json:"checkBeforeUpdate,omitempty"` } // LinuxCPU for Linux cgroup 'cpu' resource management @@ -327,6 +331,9 @@ type LinuxCPU struct { Shares *uint64 `json:"shares,omitempty"` // CPU hardcap limit (in usecs). Allowed cpu time in a given period. Quota *int64 `json:"quota,omitempty"` + // CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a + // given period. + Burst *uint64 `json:"burst,omitempty"` // CPU period to be used for hardcapping (in usecs). Period *uint64 `json:"period,omitempty"` // How much time realtime scheduling may use (in usecs). @@ -645,6 +652,10 @@ const ( // LinuxSeccompFlagSpecAllow can be used to disable Speculative Store // Bypass mitigation. (since Linux 4.17) LinuxSeccompFlagSpecAllow LinuxSeccompFlag = "SECCOMP_FILTER_FLAG_SPEC_ALLOW" + + // LinuxSeccompFlagWaitKillableRecv can be used to switch to the wait + // killable semantics. (since Linux 5.19) + LinuxSeccompFlagWaitKillableRecv LinuxSeccompFlag = "SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV" ) // Additional architectures permitted to be used for system calls diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 596af0c2..8ae4227b 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -6,12 +6,12 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 0 + VersionMinor = 1 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 2 + VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-dev" + VersionDev = "-rc.1" ) // Version is the specification version that the package types support. diff --git a/vendor/github.com/tchap/go-patricia/AUTHORS b/vendor/github.com/tchap/go-patricia/v2/AUTHORS similarity index 100% rename from vendor/github.com/tchap/go-patricia/AUTHORS rename to vendor/github.com/tchap/go-patricia/v2/AUTHORS diff --git a/vendor/github.com/tchap/go-patricia/LICENSE b/vendor/github.com/tchap/go-patricia/v2/LICENSE similarity index 100% rename from vendor/github.com/tchap/go-patricia/LICENSE rename to vendor/github.com/tchap/go-patricia/v2/LICENSE diff --git a/vendor/github.com/tchap/go-patricia/patricia/children.go b/vendor/github.com/tchap/go-patricia/v2/patricia/children.go similarity index 100% rename from vendor/github.com/tchap/go-patricia/patricia/children.go rename to vendor/github.com/tchap/go-patricia/v2/patricia/children.go diff --git a/vendor/github.com/tchap/go-patricia/patricia/patricia.go b/vendor/github.com/tchap/go-patricia/v2/patricia/patricia.go similarity index 100% rename from vendor/github.com/tchap/go-patricia/patricia/patricia.go rename to vendor/github.com/tchap/go-patricia/v2/patricia/patricia.go diff --git a/vendor/modules.txt b/vendor/modules.txt index ffa8b5f8..7e0da217 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -10,7 +10,7 @@ github.com/Microsoft/go-winio/internal/socket github.com/Microsoft/go-winio/pkg/guid github.com/Microsoft/go-winio/pkg/security github.com/Microsoft/go-winio/vhd -# github.com/Microsoft/hcsshim v0.9.6 +# github.com/Microsoft/hcsshim v0.9.7 ## explicit; go 1.13 github.com/Microsoft/hcsshim github.com/Microsoft/hcsshim/computestorage @@ -46,8 +46,8 @@ github.com/asaskevich/govalidator # github.com/containerd/cgroups v1.0.4 ## explicit; go 1.17 github.com/containerd/cgroups/stats/v1 -# github.com/containerd/stargz-snapshotter/estargz v0.13.0 -## explicit; go 1.16 +# github.com/containerd/stargz-snapshotter/estargz v0.14.1 +## explicit; go 1.19 github.com/containerd/stargz-snapshotter/estargz github.com/containerd/stargz-snapshotter/estargz/errorutil # github.com/containers/common v0.51.0 @@ -150,7 +150,7 @@ github.com/containers/ocicrypt/keywrap/pkcs7 github.com/containers/ocicrypt/spec github.com/containers/ocicrypt/utils github.com/containers/ocicrypt/utils/keyprovider -# github.com/containers/storage v1.45.3 +# github.com/containers/storage v1.45.4 ## explicit; go 1.17 github.com/containers/storage github.com/containers/storage/drivers @@ -177,6 +177,7 @@ github.com/containers/storage/pkg/dmesg github.com/containers/storage/pkg/fileutils github.com/containers/storage/pkg/fsutils github.com/containers/storage/pkg/homedir +github.com/containers/storage/pkg/idmap github.com/containers/storage/pkg/idtools github.com/containers/storage/pkg/ioutils github.com/containers/storage/pkg/locker @@ -437,7 +438,7 @@ github.com/opencontainers/image-tools/image # github.com/opencontainers/runc v1.1.4 ## explicit; go 1.16 github.com/opencontainers/runc/libcontainer/user -# github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb +# github.com/opencontainers/runtime-spec v1.1.0-rc.1 ## explicit github.com/opencontainers/runtime-spec/specs-go # github.com/opencontainers/selinux v1.11.0 @@ -520,9 +521,9 @@ github.com/sylabs/sif/v2/pkg/sif # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 ## explicit github.com/syndtr/gocapability/capability -# github.com/tchap/go-patricia v2.3.0+incompatible -## explicit -github.com/tchap/go-patricia/patricia +# github.com/tchap/go-patricia/v2 v2.3.1 +## explicit; go 1.16 +github.com/tchap/go-patricia/v2/patricia # github.com/theupdateframework/go-tuf v0.5.2 ## explicit; go 1.18 github.com/theupdateframework/go-tuf/encrypted