update c/common, c/image, c/storage

Pin them to the specific versions that Podman v3.3 targets for RHEL.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

vendor/github.com/containers/common/pkg/auth/auth.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/containers/image/v5/docker"
+	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/pkg/docker/config"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/types"
@@ -69,30 +70,50 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 	systemContext = systemContextWithOptions(systemContext, opts.AuthFile, opts.CertDir)
 
 	var (
-		server string
-		err    error
+		authConfig    types.DockerAuthConfig
+		key, registry string
+		ref           reference.Named
+		err           error
 	)
-	if len(args) > 1 {
-		return errors.New("login accepts only one registry to login to")
-	}
-	if len(args) == 0 {
+	l := len(args)
+	switch l {
+	case 0:
 		if !opts.AcceptUnspecifiedRegistry {
 			return errors.New("please provide a registry to login to")
 		}
-		if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+		if key, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
 			return err
 		}
-		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+		registry = key
+		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)
+
+	case 1:
+		key, registry, ref, err = parseRegistryArgument(args[0], opts.AcceptRepositories)
+		if err != nil {
+			return err
+		}
+
+	default:
+		return errors.New("login accepts only one registry to login to")
+
+	}
+
+	if ref != nil {
+		authConfig, err = config.GetCredentialsForRef(systemContext, ref)
+		if err != nil {
+			return errors.Wrap(err, "get credentials for repository")
+		}
 	} else {
-		server = getRegistryName(args[0])
-	}
-	authConfig, err := config.GetCredentials(systemContext, server)
-	if err != nil {
-		return errors.Wrap(err, "reading auth file")
+		// nolint: staticcheck
+		authConfig, err = config.GetCredentials(systemContext, registry)
+		if err != nil {
+			return errors.Wrap(err, "get credentials")
+		}
 	}
+
 	if opts.GetLoginSet {
 		if authConfig.Username == "" {
-			return errors.Errorf("not logged into %s", server)
+			return errors.Errorf("not logged into %s", key)
 		}
 		fmt.Fprintf(opts.Stdout, "%s\n", authConfig.Username)
 		return nil
@@ -119,9 +140,9 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 
 	// If no username and no password is specified, try to use existing ones.
 	if opts.Username == "" && password == "" && authConfig.Username != "" && authConfig.Password != "" {
-		fmt.Println("Authenticating with existing credentials...")
-		if err := docker.CheckAuth(ctx, systemContext, authConfig.Username, authConfig.Password, server); err == nil {
-			fmt.Fprintln(opts.Stdout, "Existing credentials are valid. Already logged in to", server)
+		fmt.Fprintf(opts.Stdout, "Authenticating with existing credentials for %s\n", key)
+		if err := docker.CheckAuth(ctx, systemContext, authConfig.Username, authConfig.Password, registry); err == nil {
+			fmt.Fprintf(opts.Stdout, "Existing credentials are valid. Already logged in to %s\n", registry)
 			return nil
 		}
 		fmt.Fprintln(opts.Stdout, "Existing credentials are invalid, please enter valid username and password")
@@ -132,9 +153,9 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 		return errors.Wrap(err, "getting username and password")
 	}
 
-	if err = docker.CheckAuth(ctx, systemContext, username, password, server); err == nil {
+	if err = docker.CheckAuth(ctx, systemContext, username, password, registry); err == nil {
 		// Write the new credentials to the authfile
-		desc, err := config.SetCredentials(systemContext, server, username, password)
+		desc, err := config.SetCredentials(systemContext, key, username, password)
 		if err != nil {
 			return err
 		}
@@ -147,10 +168,45 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 		return nil
 	}
 	if unauthorized, ok := err.(docker.ErrUnauthorizedForCredentials); ok {
-		logrus.Debugf("error logging into %q: %v", server, unauthorized)
-		return errors.Errorf("error logging into %q: invalid username/password", server)
+		logrus.Debugf("error logging into %q: %v", key, unauthorized)
+		return errors.Errorf("error logging into %q: invalid username/password", key)
 	}
-	return errors.Wrapf(err, "authenticating creds for %q", server)
+	return errors.Wrapf(err, "authenticating creds for %q", key)
+}
+
+// parseRegistryArgument verifies the provided arg depending if we accept
+// repositories or not.
+func parseRegistryArgument(arg string, acceptRepositories bool) (key, registry string, maybeRef reference.Named, err error) {
+	if !acceptRepositories {
+		registry = getRegistryName(arg)
+		key = registry
+		return key, registry, maybeRef, nil
+	}
+
+	key = trimScheme(arg)
+	if key != arg {
+		return key, registry, nil, errors.New("credentials key has https[s]:// prefix")
+	}
+
+	registry = getRegistryName(key)
+	if registry == key {
+		// We cannot parse a reference from a registry, so we stop here
+		return key, registry, nil, nil
+	}
+
+	ref, parseErr := reference.ParseNamed(key)
+	if parseErr != nil {
+		return key, registry, nil, errors.Wrapf(parseErr, "parse reference from %q", key)
+	}
+
+	if !reference.IsNameOnly(ref) {
+		return key, registry, nil, errors.Errorf("reference %q contains tag or digest", ref.String())
+	}
+
+	maybeRef = ref
+	registry = reference.Domain(ref)
+
+	return key, registry, maybeRef, nil
 }
 
 // getRegistryName scrubs and parses the input to get the server name
@@ -158,13 +214,21 @@ func getRegistryName(server string) string {
 	// removes 'http://' or 'https://' from the front of the
 	// server/registry string if either is there.  This will be mostly used
 	// for user input from 'Buildah login' and 'Buildah logout'.
-	server = strings.TrimPrefix(strings.TrimPrefix(server, "https://"), "http://")
+	server = trimScheme(server)
 	// gets the registry from the input. If the input is of the form
 	// quay.io/myuser/myimage, it will parse it and just return quay.io
 	split := strings.Split(server, "/")
 	return split[0]
 }
 
+// trimScheme removes the HTTP(s) scheme from the provided repository.
+func trimScheme(repository string) string {
+	// removes 'http://' or 'https://' from the front of the
+	// server/registry string if either is there.  This will be mostly used
+	// for user input from 'Buildah login' and 'Buildah logout'.
+	return strings.TrimPrefix(strings.TrimPrefix(repository, "https://"), "http://")
+}
+
 // getUserAndPass gets the username and password from STDIN if not given
 // using the -u and -p flags.  If the username prompt is left empty, the
 // displayed userFromAuthFile will be used instead.
@@ -209,8 +273,9 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 	systemContext = systemContextWithOptions(systemContext, opts.AuthFile, "")
 
 	var (
-		server string
-		err    error
+		key, registry string
+		ref           reference.Named
+		err           error
 	)
 	if len(args) > 1 {
 		return errors.New("logout accepts only one registry to logout from")
@@ -219,16 +284,20 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 		if !opts.AcceptUnspecifiedRegistry {
 			return errors.New("please provide a registry to logout from")
 		}
-		if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+		if key, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
 			return err
 		}
-		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+		registry = key
+		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)
 	}
 	if len(args) != 0 {
 		if opts.All {
 			return errors.New("--all takes no arguments")
 		}
-		server = getRegistryName(args[0])
+		key, registry, ref, err = parseRegistryArgument(args[0], opts.AcceptRepositories)
+		if err != nil {
+			return err
+		}
 	}
 
 	if opts.All {
@@ -239,24 +308,34 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 		return nil
 	}
 
-	err = config.RemoveAuthentication(systemContext, server)
+	err = config.RemoveAuthentication(systemContext, key)
 	switch errors.Cause(err) {
 	case nil:
-		fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server)
+		fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", key)
 		return nil
 	case config.ErrNotLoggedIn:
-		authConfig, err := config.GetCredentials(systemContext, server)
-		if err != nil {
-			return errors.Wrap(err, "reading auth file")
+		var authConfig types.DockerAuthConfig
+		if ref != nil {
+			authConfig, err = config.GetCredentialsForRef(systemContext, ref)
+			if err != nil {
+				return errors.Wrap(err, "get credentials for repository")
+			}
+		} else {
+			// nolint: staticcheck
+			authConfig, err = config.GetCredentials(systemContext, registry)
+			if err != nil {
+				return errors.Wrap(err, "get credentials")
+			}
 		}
-		authInvalid := docker.CheckAuth(context.Background(), systemContext, authConfig.Username, authConfig.Password, server)
+
+		authInvalid := docker.CheckAuth(context.Background(), systemContext, authConfig.Username, authConfig.Password, registry)
 		if authConfig.Username != "" && authConfig.Password != "" && authInvalid == nil {
-			fmt.Printf("Not logged into %s with current tool. Existing credentials were established via docker login. Please use docker logout instead.\n", server)
+			fmt.Printf("Not logged into %s with current tool. Existing credentials were established via docker login. Please use docker logout instead.\n", key)
 			return nil
 		}
-		return errors.Errorf("Not logged into %s\n", server)
+		return errors.Errorf("Not logged into %s\n", key)
 	default:
-		return errors.Wrapf(err, "logging out of %q", server)
+		return errors.Wrapf(err, "logging out of %q", key)
 	}
 }
 

vendor/github.com/containers/common/pkg/auth/cli.go

@@ -14,13 +14,14 @@ type LoginOptions struct {
 	// CLI flags managed by the FlagSet returned by GetLoginFlags
 	// Callers that use GetLoginFlags should not need to touch these values at all; callers that use
 	// other CLI frameworks should set them based on user input.
-	AuthFile      string
-	CertDir       string
-	Password      string
-	Username      string
-	StdinPassword bool
-	GetLoginSet   bool
-	Verbose       bool // set to true for verbose output
+	AuthFile           string
+	CertDir            string
+	Password           string
+	Username           string
+	StdinPassword      bool
+	GetLoginSet        bool
+	Verbose            bool // set to true for verbose output
+	AcceptRepositories bool // set to true to allow namespaces or repositories rather than just registries
 	// Options caller can set
 	Stdin                     io.Reader // set to os.Stdin
 	Stdout                    io.Writer // set to os.Stdout
@@ -32,8 +33,9 @@ type LogoutOptions struct {
 	// CLI flags managed by the FlagSet returned by GetLogoutFlags
 	// Callers that use GetLogoutFlags should not need to touch these values at all; callers that use
 	// other CLI frameworks should set them based on user input.
-	AuthFile string
-	All      bool
+	AuthFile           string
+	All                bool
+	AcceptRepositories bool // set to true to allow namespaces or repositories rather than just registries
 	// Options caller can set
 	Stdout                    io.Writer // set to os.Stdout
 	AcceptUnspecifiedRegistry bool      // set to true if allows logout with unspecified registry

vendor/github.com/containers/image/v5/copy/copy.go

@@ -124,7 +124,6 @@ type copier struct {
 	ociEncryptConfig      *encconfig.EncryptConfig
 	maxParallelDownloads  uint
 	downloadForeignLayers bool
-	fetchPartialBlobs     bool
 }
 
 // imageCopier tracks state specific to a single image (possibly an item of a manifest list)
@@ -208,9 +207,6 @@ type Options struct {
 	// Download layer contents with "nondistributable" media types ("foreign" layers) and translate the layer media type
 	// to not indicate "nondistributable".
 	DownloadForeignLayers bool
-
-	// FetchPartialBlobs indicates whether to attempt to fetch the blob partially.  Experimental.
-	FetchPartialBlobs bool
 }
 
 // validateImageListSelection returns an error if the passed-in value is not one that we recognize as a valid ImageListSelection value
@@ -291,7 +287,6 @@ func Image(ctx context.Context, policyContext *signature.PolicyContext, destRef,
 		ociEncryptConfig:      options.OciEncryptConfig,
 		maxParallelDownloads:  options.MaxParallelDownloads,
 		downloadForeignLayers: options.DownloadForeignLayers,
-		fetchPartialBlobs:     options.FetchPartialBlobs,
 	}
 	// Default to using gzip compression unless specified otherwise.
 	if options.DestinationCtx == nil || options.DestinationCtx.CompressionFormat == nil {
@@ -1283,7 +1278,7 @@ func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, to
 	// the destination has support for it.
 	imgSource, okSource := ic.c.rawSource.(internalTypes.ImageSourceSeekable)
 	imgDest, okDest := ic.c.dest.(internalTypes.ImageDestinationPartial)
-	if ic.c.fetchPartialBlobs && okSource && okDest && !diffIDIsNeeded {
+	if okSource && okDest && !diffIDIsNeeded {
 		bar := ic.c.createProgressBar(pool, true, srcInfo, "blob", "done")
 
 		progress := make(chan int64)
@@ -1317,7 +1312,7 @@ func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, to
 			return info, cachedDiffID, nil
 		}
 		bar.Abort(true)
-		logrus.Errorf("Failed to retrieve partial blob: %v", err)
+		logrus.Debugf("Failed to retrieve partial blob: %v", err)
 	}
 
 	// Fallback: copy the layer, computing the diffID if we need to do so

vendor/github.com/containers/image/v5/version/version.go

@@ -6,12 +6,12 @@ const (
 	// VersionMajor is for an API incompatible changes
 	VersionMajor = 5
 	// VersionMinor is for functionality in a backwards-compatible manner
-	VersionMinor = 14
+	VersionMinor = 15
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 1
+	VersionPatch = 0
 
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = "-dev"
+	VersionDev = ""
 )
 
 // Version is the specification version that the package types support.

vendor/github.com/containers/storage/VERSION

@@ -1 +1 @@
-1.33.0
+1.33.1

vendor/github.com/containers/storage/drivers/quota/projectquota.go

@@ -52,8 +52,11 @@ import "C"
 import (
 	"fmt"
 	"io/ioutil"
+	"math"
+	"os"
 	"path"
 	"path/filepath"
+	"syscall"
 	"unsafe"
 
 	"github.com/containers/storage/pkg/directory"
@@ -61,6 +64,8 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+const projectIDsAllocatedPerQuotaHome = 10000
+
 // Quota limit params - currently we only control blocks hard limit and inodes
 type Quota struct {
 	Size   uint64
@@ -75,23 +80,48 @@ type Control struct {
 	quotas            map[string]uint32
 }
 
+// Attempt to generate a unigue projectid.  Multiple directories
+// per file system can have quota and they need a group of unique
+// ids. This function attempts to allocate at least projectIDsAllocatedPerQuotaHome(10000)
+// unique projectids, based on the inode of the basepath.
+func generateUniqueProjectID(path string) (uint32, error) {
+	fileinfo, err := os.Stat(path)
+	if err != nil {
+		return 0, err
+	}
+	stat, ok := fileinfo.Sys().(*syscall.Stat_t)
+	if !ok {
+		return 0, fmt.Errorf("Not a syscall.Stat_t %s", path)
+
+	}
+	projectID := projectIDsAllocatedPerQuotaHome + (stat.Ino*projectIDsAllocatedPerQuotaHome)%(math.MaxUint32-projectIDsAllocatedPerQuotaHome)
+	return uint32(projectID), nil
+}
+
 // NewControl - initialize project quota support.
 // Test to make sure that quota can be set on a test dir and find
 // the first project id to be used for the next container create.
 //
 // Returns nil (and error) if project quota is not supported.
 //
-// First get the project id of the home directory.
+// First get the project id of the basePath directory.
 // This test will fail if the backing fs is not xfs.
 //
 // xfs_quota tool can be used to assign a project id to the driver home directory, e.g.:
-//    echo 999:/var/lib/containers/storage/overlay >> /etc/projects
-//    echo storage:999 >> /etc/projid
-//    xfs_quota -x -c 'project -s storage' /<xfs mount point>
+//    echo 100000:/var/lib/containers/storage/overlay >> /etc/projects
+//    echo 200000:/var/lib/containers/storage/volumes >> /etc/projects
+//    echo storage:100000 >> /etc/projid
+//    echo volumes:200000 >> /etc/projid
+//    xfs_quota -x -c 'project -s storage volumes' /<xfs mount point>
 //
-// In that case, the home directory project id will be used as a "start offset"
-// and all containers will be assigned larger project ids (e.g. >= 1000).
-// This is a way to prevent xfs_quota management from conflicting with containers/storage.
+// In the example above, the storage directory project id will be used as a
+// "start offset" and all containers will be assigned larger project ids
+// (e.g. >= 100000). Then the volumes directory project id will be used as a
+// "start offset" and all volumes will be assigned larger project ids
+// (e.g. >= 200000).
+// This is a way to prevent xfs_quota management from conflicting with
+// containers/storage.
+
 //
 // Then try to create a test directory with the next project id and set a quota
 // on it. If that works, continue to scan existing containers to map allocated
@@ -105,8 +135,15 @@ func NewControl(basePath string) (*Control, error) {
 	if err != nil {
 		return nil, err
 	}
-	minProjectID++
+	if minProjectID == 0 {
+		// Indicates the storage was never initialized
+		// Generate a unique range of Projectids for this basepath
+		minProjectID, err = generateUniqueProjectID(basePath)
+		if err != nil {
+			return nil, err
+		}
 
+	}
 	//
 	// create backing filesystem device node
 	//
@@ -180,12 +217,12 @@ func setProjectQuota(backingFsBlockDev string, projectID uint32, quota Quota) er
 	d.d_flags = C.FS_PROJ_QUOTA
 
 	if quota.Size > 0 {
-		d.d_fieldmask = C.FS_DQ_BHARD | C.FS_DQ_BSOFT
+		d.d_fieldmask = d.d_fieldmask | C.FS_DQ_BHARD | C.FS_DQ_BSOFT
 		d.d_blk_hardlimit = C.__u64(quota.Size / 512)
 		d.d_blk_softlimit = d.d_blk_hardlimit
 	}
 	if quota.Inodes > 0 {
-		d.d_fieldmask = C.FS_DQ_IHARD | C.FS_DQ_ISOFT
+		d.d_fieldmask = d.d_fieldmask | C.FS_DQ_IHARD | C.FS_DQ_ISOFT
 		d.d_ino_hardlimit = C.__u64(quota.Inodes)
 		d.d_ino_softlimit = d.d_ino_hardlimit
 	}