go.mod: update github.com/containers/image/v5

Version 5.22 introduced a new option to /etc/containers/policy.json called keyPaths, see https://github.com/containers/image/pull/1609 EL9 immediately took advantage of this new feature and started using it, see 04645c4a84 This quickly became an issue in our code: The go library (containers/image) parses the configuration file very strictly and refuses to create a client when policy.json with an unknown key is present on the filesystem. As we used 5.21.1 that doesn't know the new key, our unit tests started to failing when containers-common was present. Reproducer: podman run --pull=always --rm -it centos:stream9 dnf install -y dnf-plugins-core dnf config-manager --set-enabled crb dnf install -y gpgme-devel libassuan-devel krb5-devel golang git-core git clone https://github.com/osbuild/osbuild-composer cd osbuild-composer # install the new containers-common and run the test dnf install -y https://kojihub.stream.centos.org/kojifiles/packages/containers-common/1/44.el9/x86_64/containers-common-1-44.el9.x86_64.rpm go test -count 1 ./... # this returns: --- FAIL: TestClientResolve (0.00s) client_test.go:31: Error Trace: client_test.go:31 Error: Received unexpected error: Unknown key "keyPaths" invalid policy in "/etc/containers/policy.json" github.com/containers/image/v5/signature.NewPolicyFromFile /osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_config.go:88 github.com/osbuild/osbuild-composer/internal/container.NewClient /osbuild-composer/internal/container/client.go:123 github.com/osbuild/osbuild-composer/internal/container_test.TestClientResolve /osbuild-composer/internal/container/client_test.go:29 testing.tRunner /usr/lib/golang/src/testing/testing.go:1439 runtime.goexit /usr/lib/golang/src/runtime/asm_amd64.s:1571 Test: TestClientResolve client_test.go:32: Error Trace: client_test.go:32 Error: Expected value not to be nil. Test: TestClientResolve When run with an older containers-common, it succeeds: dnf install -y https://kojihub.stream.centos.org/kojifiles/packages/containers-common/1/40.el9/x86_64/containers-common-1-40.el9.x86_64.rpm go test -count 1 ./... PASS To sum it up, I had to upgrade github.com/containers/image/v5 to v5.22.0. Unfortunately, this wasn't so simple, see go get github.com/containers/image/v5@latest go: github.com/containers/image/v5@v5.22.0 requires github.com/letsencrypt/boulder@v0.0.0-20220331220046-b23ab962616e requires github.com/honeycombio/beeline-go@v1.1.1 requires github.com/gobuffalo/pop/v5@v5.3.1 requires github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown revision v2.0.3 It turns out that github.com/mattn/go-sqlite3@v2.0.3+incompatible has been recently retracted https://github.com/mattn/go-sqlite3/pull/998 and this broke a ton of packages depending on it. I was able to fix it by adding exclude github.com/mattn/go-sqlite3 v2.0.3+incompatible to our go.mod, see https://github.com/mattn/go-sqlite3/issues/975#issuecomment-955661657 After adding it, go get github.com/containers/image/v5@latest succeeded and tools/prepare-source.sh took care of the rest. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
2022-08-28 20:29:14 +02:00 · 2022-08-28 20:29:14 +02:00 · 29f66a251f
commit 29f66a251f
parent fa514c5326
694 changed files with 90636 additions and 50426 deletions
--- a/vendor/github.com/containers/image/v5/oci/internal/oci_util.go
+++ b/vendor/github.com/containers/image/v5/oci/internal/oci_util.go
@ -1,7 +1,8 @@
 package internal

 import (
-	"github.com/pkg/errors"
+	"errors"
+	"fmt"
 	"path/filepath"
 	"regexp"
 	"runtime"
@ -27,7 +28,7 @@ func ValidateImageName(image string) error {

 	var err error
 	if !refRegexp.MatchString(image) {
-		err = errors.Errorf("Invalid image %s", image)
+		err = fmt.Errorf("Invalid image %s", image)
 	}
 	return err
 }
@ -72,11 +73,11 @@ func ValidateOCIPath(path string) error {
 	if runtime.GOOS == "windows" {
 		// On Windows we must allow for a ':' as part of the path
 		if strings.Count(path, ":") > 1 {
-			return errors.Errorf("Invalid OCI reference: path %s contains more than one colon", path)
+			return fmt.Errorf("Invalid OCI reference: path %s contains more than one colon", path)
 		}
 	} else {
 		if strings.Contains(path, ":") {
-			return errors.Errorf("Invalid OCI reference: path %s contains a colon", path)
+			return fmt.Errorf("Invalid OCI reference: path %s contains a colon", path)
 		}
 	}
 	return nil
@ -96,7 +97,7 @@ func ValidateScope(scope string) error {

 	cleaned := filepath.Clean(scope)
 	if cleaned != scope {
-		return errors.Errorf(`Invalid scope %s: Uses non-canonical path format, perhaps try with path %s`, scope, cleaned)
+		return fmt.Errorf(`Invalid scope %s: Uses non-canonical path format, perhaps try with path %s`, scope, cleaned)
 	}

 	return nil
@ -105,7 +106,7 @@ func ValidateScope(scope string) error {
 func validateScopeWindows(scope string) error {
 	matched, _ := regexp.Match(`^[a-zA-Z]:\\`, []byte(scope))
 	if !matched {
-		return errors.Errorf("Invalid scope '%s'. Must be an absolute path", scope)
+		return fmt.Errorf("Invalid scope '%s'. Must be an absolute path", scope)
 	}

 	return nil
@ -113,7 +114,7 @@ func validateScopeWindows(scope string) error {

 func validateScopeNonWindows(scope string) error {
 	if !strings.HasPrefix(scope, "/") {
-		return errors.Errorf("Invalid scope %s: must be an absolute path", scope)
+		return fmt.Errorf("Invalid scope %s: must be an absolute path", scope)
 	}

 	// Refuse also "/", otherwise "/" and "" would have the same semantics,