go.mod: update github.com/containers/image/v5

Version 5.22 introduced a new option to /etc/containers/policy.json called keyPaths, see https://github.com/containers/image/pull/1609 EL9 immediately took advantage of this new feature and started using it, see 04645c4a84 This quickly became an issue in our code: The go library (containers/image) parses the configuration file very strictly and refuses to create a client when policy.json with an unknown key is present on the filesystem. As we used 5.21.1 that doesn't know the new key, our unit tests started to failing when containers-common was present. Reproducer: podman run --pull=always --rm -it centos:stream9 dnf install -y dnf-plugins-core dnf config-manager --set-enabled crb dnf install -y gpgme-devel libassuan-devel krb5-devel golang git-core git clone https://github.com/osbuild/osbuild-composer cd osbuild-composer # install the new containers-common and run the test dnf install -y https://kojihub.stream.centos.org/kojifiles/packages/containers-common/1/44.el9/x86_64/containers-common-1-44.el9.x86_64.rpm go test -count 1 ./... # this returns: --- FAIL: TestClientResolve (0.00s) client_test.go:31: Error Trace: client_test.go:31 Error: Received unexpected error: Unknown key "keyPaths" invalid policy in "/etc/containers/policy.json" github.com/containers/image/v5/signature.NewPolicyFromFile /osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_config.go:88 github.com/osbuild/osbuild-composer/internal/container.NewClient /osbuild-composer/internal/container/client.go:123 github.com/osbuild/osbuild-composer/internal/container_test.TestClientResolve /osbuild-composer/internal/container/client_test.go:29 testing.tRunner /usr/lib/golang/src/testing/testing.go:1439 runtime.goexit /usr/lib/golang/src/runtime/asm_amd64.s:1571 Test: TestClientResolve client_test.go:32: Error Trace: client_test.go:32 Error: Expected value not to be nil. Test: TestClientResolve When run with an older containers-common, it succeeds: dnf install -y https://kojihub.stream.centos.org/kojifiles/packages/containers-common/1/40.el9/x86_64/containers-common-1-40.el9.x86_64.rpm go test -count 1 ./... PASS To sum it up, I had to upgrade github.com/containers/image/v5 to v5.22.0. Unfortunately, this wasn't so simple, see go get github.com/containers/image/v5@latest go: github.com/containers/image/v5@v5.22.0 requires github.com/letsencrypt/boulder@v0.0.0-20220331220046-b23ab962616e requires github.com/honeycombio/beeline-go@v1.1.1 requires github.com/gobuffalo/pop/v5@v5.3.1 requires github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown revision v2.0.3 It turns out that github.com/mattn/go-sqlite3@v2.0.3+incompatible has been recently retracted https://github.com/mattn/go-sqlite3/pull/998 and this broke a ton of packages depending on it. I was able to fix it by adding exclude github.com/mattn/go-sqlite3 v2.0.3+incompatible to our go.mod, see https://github.com/mattn/go-sqlite3/issues/975#issuecomment-955661657 After adding it, go get github.com/containers/image/v5@latest succeeded and tools/prepare-source.sh took care of the rest. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
2022-08-28 20:29:14 +02:00 · 2022-08-28 20:29:14 +02:00 · 29f66a251f
commit 29f66a251f
parent fa514c5326
694 changed files with 90636 additions and 50426 deletions
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_common.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_common.go
@ -0,0 +1,12 @@
+//go:build !freebsd
+// +build !freebsd
+
+package sysregistriesv2
+
+// builtinRegistriesConfPath is the path to the registry configuration file.
+// DO NOT change this, instead see systemRegistriesConfPath above.
+const builtinRegistriesConfPath = "/etc/containers/registries.conf"
+
+// builtinRegistriesConfDirPath is the path to the registry configuration directory.
+// DO NOT change this, instead see systemRegistriesConfDirectoryPath above.
+const builtinRegistriesConfDirPath = "/etc/containers/registries.conf.d"
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_freebsd.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_freebsd.go
@ -0,0 +1,12 @@
+//go:build freebsd
+// +build freebsd
+
+package sysregistriesv2
+
+// builtinRegistriesConfPath is the path to the registry configuration file.
+// DO NOT change this, instead see systemRegistriesConfPath above.
+const builtinRegistriesConfPath = "/usr/local/etc/containers/registries.conf"
+
+// builtinRegistriesConfDirPath is the path to the registry configuration directory.
+// DO NOT change this, instead see systemRegistriesConfDirectoryPath above.
+const builtinRegistriesConfDirPath = "/usr/local/etc/containers/registries.conf.d"
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
@ -1,6 +1,7 @@
 package sysregistriesv2

 import (
+	"fmt"
 	"os"
 	"path/filepath"
 	"reflect"
@ -12,7 +13,6 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/lockfile"
-	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )

@ -166,7 +166,7 @@ func editShortNameAlias(ctx *types.SystemContext, name string, value *string) er
 	} else {
 		// If the name does not exist, throw an error.
 		if _, exists := conf.Aliases[name]; !exists {
-			return errors.Errorf("short-name alias %q not found in %q: please check registries.conf files", name, confPath)
+			return fmt.Errorf("short-name alias %q not found in %q: please check registries.conf files", name, confPath)
 		}

 		delete(conf.Aliases, name)
@ -210,25 +210,25 @@ func RemoveShortNameAlias(ctx *types.SystemContext, name string) error {
 func parseShortNameValue(alias string) (reference.Named, error) {
 	ref, err := reference.Parse(alias)
 	if err != nil {
-		return nil, errors.Wrapf(err, "parsing alias %q", alias)
+		return nil, fmt.Errorf("parsing alias %q: %w", alias, err)
 	}

 	if _, ok := ref.(reference.Digested); ok {
-		return nil, errors.Errorf("invalid alias %q: must not contain digest", alias)
+		return nil, fmt.Errorf("invalid alias %q: must not contain digest", alias)
 	}

 	if _, ok := ref.(reference.Tagged); ok {
-		return nil, errors.Errorf("invalid alias %q: must not contain tag", alias)
+		return nil, fmt.Errorf("invalid alias %q: must not contain tag", alias)
 	}

 	named, ok := ref.(reference.Named)
 	if !ok {
-		return nil, errors.Errorf("invalid alias %q: must contain registry and repository", alias)
+		return nil, fmt.Errorf("invalid alias %q: must contain registry and repository", alias)
 	}

 	registry := reference.Domain(named)
 	if !(strings.ContainsAny(registry, ".:") || registry == "localhost") {
-		return nil, errors.Errorf("invalid alias %q: must contain registry and repository", alias)
+		return nil, fmt.Errorf("invalid alias %q: must contain registry and repository", alias)
 	}

 	// A final parse to make sure that docker.io references are correctly
@ -242,25 +242,25 @@ func parseShortNameValue(alias string) (reference.Named, error) {
 func validateShortName(name string) error {
 	repo, err := reference.Parse(name)
 	if err != nil {
-		return errors.Wrapf(err, "cannot parse short name: %q", name)
+		return fmt.Errorf("cannot parse short name: %q: %w", name, err)
 	}

 	if _, ok := repo.(reference.Digested); ok {
-		return errors.Errorf("invalid short name %q: must not contain digest", name)
+		return fmt.Errorf("invalid short name %q: must not contain digest", name)
 	}

 	if _, ok := repo.(reference.Tagged); ok {
-		return errors.Errorf("invalid short name %q: must not contain tag", name)
+		return fmt.Errorf("invalid short name %q: must not contain tag", name)
 	}

 	named, ok := repo.(reference.Named)
 	if !ok {
-		return errors.Errorf("invalid short name %q: no name", name)
+		return fmt.Errorf("invalid short name %q: no name", name)
 	}

 	registry := reference.Domain(named)
 	if strings.ContainsAny(registry, ".:") || registry == "localhost" {
-		return errors.Errorf("invalid short name %q: must not contain registry", name)
+		return fmt.Errorf("invalid short name %q: must not contain registry", name)
 	}
 	return nil
 }
@ -298,7 +298,7 @@ func newShortNameAliasCache(path string, conf *shortNameAliasConf) (*shortNameAl
 	if len(errs) > 0 {
 		err := errs[0]
 		for i := 1; i < len(errs); i++ {
-			err = errors.Wrapf(err, "%v\n", errs[i])
+			err = fmt.Errorf("%v\n: %w", errs[i], err)
 		}
 		return nil, err
 	}
@ -319,7 +319,7 @@ func loadShortNameAliasConf(confPath string) (*shortNameAliasConf, *shortNameAli
 	meta, err := toml.DecodeFile(confPath, &conf)
 	if err != nil && !os.IsNotExist(err) {
 		// It's okay if the config doesn't exist.  Other errors are not.
-		return nil, nil, errors.Wrapf(err, "loading short-name aliases config file %q", confPath)
+		return nil, nil, fmt.Errorf("loading short-name aliases config file %q: %w", confPath, err)
 	}
 	if keys := meta.Undecoded(); len(keys) > 0 {
 		logrus.Debugf("Failed to decode keys %q from %q", keys, confPath)
@ -329,7 +329,7 @@ func loadShortNameAliasConf(confPath string) (*shortNameAliasConf, *shortNameAli
 	// file could still be corrupted by another process or user.
 	cache, err := newShortNameAliasCache(confPath, &conf)
 	if err != nil {
-		return nil, nil, errors.Wrapf(err, "loading short-name aliases config file %q", confPath)
+		return nil, nil, fmt.Errorf("loading short-name aliases config file %q: %w", confPath, err)
 	}

 	return &conf, cache, nil
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
@ -15,7 +15,6 @@ import (
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/storage/pkg/homedir"
-	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )

@ -25,20 +24,12 @@ import (
 // -ldflags '-X github.com/containers/image/v5/sysregistries.systemRegistriesConfPath=$your_path'
 var systemRegistriesConfPath = builtinRegistriesConfPath

-// builtinRegistriesConfPath is the path to the registry configuration file.
-// DO NOT change this, instead see systemRegistriesConfPath above.
-const builtinRegistriesConfPath = "/etc/containers/registries.conf"
-
 // systemRegistriesConfDirPath is the path to the system-wide registry
 // configuration directory and is used to add/subtract potential registries for
 // obtaining images.  You can override this at build time with
 // -ldflags '-X github.com/containers/image/v5/sysregistries.systemRegistriesConfDirectoryPath=$your_path'
 var systemRegistriesConfDirPath = builtinRegistriesConfDirPath

-// builtinRegistriesConfDirPath is the path to the registry configuration directory.
-// DO NOT change this, instead see systemRegistriesConfDirectoryPath above.
-const builtinRegistriesConfDirPath = "/etc/containers/registries.conf.d"
-
 // AuthenticationFileHelper is a special key for credential helpers indicating
 // the usage of consulting containers-auth.json files instead of a credential
 // helper.
@ -111,7 +102,7 @@ func (e *Endpoint) rewriteReference(ref reference.Named, prefix string) (referen
 	newNamedRef = e.Location + refString[prefixLen:]
 	newParsedRef, err := reference.ParseNamed(newNamedRef)
 	if err != nil {
-		return nil, errors.Wrapf(err, "rewriting reference")
+		return nil, fmt.Errorf("rewriting reference: %w", err)
 	}

 	return newParsedRef, nil
@ -674,7 +665,7 @@ func dropInConfigs(wrapper configWrapper) ([]string, error) {
 		if err != nil && !os.IsNotExist(err) {
 			// Ignore IsNotExist errors: most systems won't have a registries.conf.d
 			// directory.
-			return nil, errors.Wrapf(err, "reading registries.conf.d")
+			return nil, fmt.Errorf("reading registries.conf.d: %w", err)
 		}
 	}

@ -716,7 +707,7 @@ func tryUpdatingCache(ctx *types.SystemContext, wrapper configWrapper) (*parsedC
 				return nil, err // Should never happen
 			}
 		} else {
-			return nil, errors.Wrapf(err, "loading registries configuration %q", wrapper.configPath)
+			return nil, fmt.Errorf("loading registries configuration %q: %w", wrapper.configPath, err)
 		}
 	}

@ -729,7 +720,7 @@ func tryUpdatingCache(ctx *types.SystemContext, wrapper configWrapper) (*parsedC
 		// Enforce v2 format for drop-in-configs.
 		dropIn, err := loadConfigFile(path, true)
 		if err != nil {
-			return nil, errors.Wrapf(err, "loading drop-in registries configuration %q", path)
+			return nil, fmt.Errorf("loading drop-in registries configuration %q: %w", path, err)
 		}
 		config.updateWithConfigurationFrom(dropIn)
 	}
@ -790,7 +781,7 @@ func parseShortNameMode(mode string) (types.ShortNameMode, error) {
 	case "permissive":
 		return types.ShortNameModePermissive, nil
 	default:
-		return types.ShortNameModeInvalid, errors.Errorf("invalid short-name mode: %q", mode)
+		return types.ShortNameModeInvalid, fmt.Errorf("invalid short-name mode: %q", mode)
 	}
 }

@ -983,7 +974,7 @@ func loadConfigFile(path string, forceV2 bool) (*parsedConfig, error) {
 	// Parse and validate short-name aliases.
 	cache, err := newShortNameAliasCache(path, &res.partialV2.shortNameAliasConf)
 	if err != nil {
-		return nil, errors.Wrap(err, "validating short-name aliases")
+		return nil, fmt.Errorf("validating short-name aliases: %w", err)
 	}
 	res.aliasCache = cache
 	// Clear conf.partialV2.shortNameAliasConf to make it available for garbage collection and