go.mod: update osbuild/images to v0.156.0

tag v0.155.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.155.0 ---------------- * Fedora 43: add shadow-utils when LockRoot is enabled, update cloud-init service name (osbuild/images#1618) * Author: Achilleas Koutsou, Reviewers: Gianluca Zuccarelli, Michael Vogt * Update osbuild dependency commit ID to latest (osbuild/images#1609) * Author: SchutzBot, Reviewers: Achilleas Koutsou, Simon de Vlieger, Tomáš Hozza * Update snapshots to 20250626 (osbuild/images#1623) * Author: SchutzBot, Reviewers: Achilleas Koutsou, Simon de Vlieger * distro/rhel9: xz compress azure-cvm image type [HMS-8587] (osbuild/images#1620) * Author: Achilleas Koutsou, Reviewers: Simon de Vlieger, Tomáš Hozza * distro/rhel: introduce new image type: Azure SAP Apps [HMS-8738] (osbuild/images#1612) * Author: Achilleas Koutsou, Reviewers: Simon de Vlieger, Tomáš Hozza * distro/rhel: move ansible-core to sap_extras_pkgset (osbuild/images#1624) * Author: Achilleas Koutsou, Reviewers: Brian C. Lane, Tomáš Hozza * github/create-tag: allow passing the version when run manually (osbuild/images#1621) * Author: Achilleas Koutsou, Reviewers: Lukáš Zapletal, Tomáš Hozza * rhel9: move image-config into pure YAML (HMS-8593) (osbuild/images#1616) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * test: split manifest checksums into separate files (osbuild/images#1625) * Author: Achilleas Koutsou, Reviewers: Simon de Vlieger, Tomáš Hozza — Somewhere on the Internet, 2025-06-30 --- tag v0.156.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.156.0 ---------------- * Many: delete repositories for EOL distributions (HMS-7044) (osbuild/images#1607) * Author: Tomáš Hozza, Reviewers: Michael Vogt, Simon de Vlieger * RHSM/facts: add 'image-builder CLI' API type (osbuild/images#1640) * Author: Tomáš Hozza, Reviewers: Brian C. Lane, Simon de Vlieger * Update dependencies 2025-06-29 (osbuild/images#1628) * Author: SchutzBot, Reviewers: Simon de Vlieger, Tomáš Hozza * Update osbuild dependency commit ID to latest (osbuild/images#1627) * Author: SchutzBot, Reviewers: Simon de Vlieger, Tomáš Hozza * [RFC] image: drop `InstallWeakDeps` from image.DiskImage (osbuild/images#1642) * Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger, Tomáš Hozza * build(deps): bump the go-deps group across 1 directory with 3 updates (osbuild/images#1632) * Author: dependabot[bot], Reviewers: SchutzBot, Tomáš Hozza * distro/rhel10: xz compress azure-cvm image type (osbuild/images#1638) * Author: Achilleas Koutsou, Reviewers: Brian C. Lane, Simon de Vlieger * distro: cleanup/refactor distro/{defs,generic} (HMS-8744) (osbuild/images#1570) * Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza * distro: remove some hardcoded values from generic/images.go (osbuild/images#1636) * Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza * distro: small tweaks for the YAML based imagetypes (osbuild/images#1622) * Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger * fedora/wsl: packages and locale (osbuild/images#1635) * Author: Simon de Vlieger, Reviewers: Michael Vogt, Tomáš Hozza * image/many: make compression more generic (osbuild/images#1634) * Author: Simon de Vlieger, Reviewers: Brian C. Lane, Michael Vogt * manifest: handle content template name with spaces (osbuild/images#1641) * Author: Bryttanie, Reviewers: Brian C. Lane, Michael Vogt, Tomáš Hozza * many: implement gzip (osbuild/images#1633) * Author: Simon de Vlieger, Reviewers: Michael Vogt, Tomáš Hozza * rhel/azure: set GRUB_TERMINAL based on architecture [RHEL-91383] (osbuild/images#1626) * Author: Achilleas Koutsou, Reviewers: Simon de Vlieger, Tomáš Hozza — Somewhere on the Internet, 2025-07-07 ---
2025-07-10 16:14:25 +02:00 · 2025-07-10 16:14:25 +02:00 · 3fd7092db5
commit 3fd7092db5
parent 60c5f10af8
1486 changed files with 124742 additions and 82516 deletions
--- a/vendor/github.com/containers/image/v5/pkg/blobinfocache/memory/memory.go
+++ b/vendor/github.com/containers/image/v5/pkg/blobinfocache/memory/memory.go
@ -240,7 +240,7 @@ func (mem *cache) candidateLocations(transport types.ImageTransport, scope types
 		if uncompressedDigest = mem.uncompressedDigestLocked(primaryDigest); uncompressedDigest != "" {
 			otherDigests := mem.digestsByUncompressed[uncompressedDigest] // nil if not present in the map
 			if otherDigests != nil {
-				for _, d := range otherDigests.Values() {
+				for d := range otherDigests.All() {
 					if d != primaryDigest && d != uncompressedDigest {
 						res = mem.appendReplacementCandidates(res, transport, scope, d, v2Options)
 					}
--- a/vendor/github.com/containers/image/v5/pkg/blobinfocache/sqlite/sqlite.go
+++ b/vendor/github.com/containers/image/v5/pkg/blobinfocache/sqlite/sqlite.go
@ -87,14 +87,20 @@ func new2(path string) (*cache, error) {
 	if err != nil {
 		return nil, fmt.Errorf("initializing blob info cache at %q: %w", path, err)
 	}
-	defer db.Close()
-
-	// We don’t check the schema before every operation, because that would be costly
-	// and because we assume schema changes will be handled by using a different path.
-	if err := ensureDBHasCurrentSchema(db); err != nil {
+	err = func() (retErr error) { // A scope for defer
+		defer func() {
+			closeErr := db.Close()
+			if retErr == nil {
+				retErr = closeErr
+			}
+		}()
+		// We don’t check the schema before every operation, because that would be costly
+		// and because we assume schema changes will be handled by using a different path.
+		return ensureDBHasCurrentSchema(db)
+	}()
+	if err != nil {
 		return nil, err
 	}
-
 	return &cache{
 		path:     path,
 		refCount: 0,
@ -147,25 +153,30 @@ func (sqc *cache) Close() {
 type void struct{} // So that we don’t have to write struct{}{} all over the place

 // transaction calls fn within a read-write transaction in sqc.
-func transaction[T any](sqc *cache, fn func(tx *sql.Tx) (T, error)) (T, error) {
-	db, closeDB, err := func() (*sql.DB, func(), error) { // A scope for defer
+func transaction[T any](sqc *cache, fn func(tx *sql.Tx) (T, error)) (_ T, retErr error) {
+	db, closeDB, err := func() (*sql.DB, func() error, error) { // A scope for defer
 		sqc.lock.Lock()
 		defer sqc.lock.Unlock()

 		if sqc.db != nil {
-			return sqc.db, func() {}, nil
+			return sqc.db, func() error { return nil }, nil
 		}
 		db, err := rawOpen(sqc.path)
 		if err != nil {
 			return nil, nil, fmt.Errorf("opening blob info cache at %q: %w", sqc.path, err)
 		}
-		return db, func() { db.Close() }, nil
+		return db, db.Close, nil
 	}()
 	if err != nil {
 		var zeroRes T // A zero value of T
 		return zeroRes, err
 	}
-	defer closeDB()
+	defer func() {
+		closeErr := closeDB()
+		if retErr == nil {
+			retErr = closeErr
+		}
+	}()

 	return dbTransaction(db, fn)
 }
--- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
@ -6,6 +6,8 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"iter"
+	"maps"
 	"os"
 	"os/exec"
 	"path/filepath"
@ -93,9 +95,7 @@ func GetAllCredentials(sys *types.SystemContext) (map[string]types.DockerAuthCon
 				// Credential helpers in the auth file have a
 				// direct mapping to a registry, so we can just
 				// walk the map.
-				for registry := range fileContents.CredHelpers {
-					allKeys.Add(registry)
-				}
+				allKeys.AddSeq(maps.Keys(fileContents.CredHelpers))
 				for key := range fileContents.AuthConfigs {
 					key := normalizeAuthFileKey(key, path.legacyFormat)
 					if key == normalizedDockerIORegistry {
@ -115,16 +115,14 @@ func GetAllCredentials(sys *types.SystemContext) (map[string]types.DockerAuthCon
 					return nil, err
 				}
 			}
-			for registry := range creds {
-				allKeys.Add(registry)
-			}
+			allKeys.AddSeq(maps.Keys(creds))
 		}
 	}

 	// Now use `GetCredentials` to the specific auth configs for each
 	// previously listed registry.
 	allCreds := make(map[string]types.DockerAuthConfig)
-	for _, key := range allKeys.Values() {
+	for key := range allKeys.All() {
 		creds, err := GetCredentials(sys, key)
 		if err != nil {
 			// Note: we rely on the logging in `GetCredentials`.
@ -818,16 +816,10 @@ func findCredentialsInFile(key, registry string, path authPath) (types.DockerAut
 	// Support sub-registry namespaces in auth.
 	// (This is not a feature of ~/.docker/config.json; we support it even for
 	// those files as an extension.)
-	var keys []string
-	if !path.legacyFormat {
-		keys = authKeysForKey(key)
-	} else {
-		keys = []string{registry}
-	}
-
+	//
 	// Repo or namespace keys are only supported as exact matches. For registry
 	// keys we prefer exact matches as well.
-	for _, key := range keys {
+	for key := range authKeyLookupOrder(key, registry, path.legacyFormat) {
 		if val, exists := fileContents.AuthConfigs[key]; exists {
 			return decodeDockerAuth(path.path, key, val)
 		}
@ -854,25 +846,33 @@ func findCredentialsInFile(key, registry string, path authPath) (types.DockerAut
 	return types.DockerAuthConfig{}, nil
 }

-// authKeysForKey returns the keys matching a provided auth file key, in order
-// from the best match to worst. For example,
+// authKeyLookupOrder returns a sequence for lookup keys matching (key or registry)
+// in file with legacyFormat, in order from the best match to worst.
+// For example, in a non-legacy file,
 // when given a repository key "quay.io/repo/ns/image", it returns
 // - quay.io/repo/ns/image
 // - quay.io/repo/ns
 // - quay.io/repo
 // - quay.io
-func authKeysForKey(key string) (res []string) {
-	for {
-		res = append(res, key)
-
-		lastSlash := strings.LastIndex(key, "/")
-		if lastSlash == -1 {
-			break
+func authKeyLookupOrder(key, registry string, legacyFormat bool) iter.Seq[string] {
+	return func(yield func(string) bool) {
+		if legacyFormat {
+			_ = yield(registry) // We stop in any case
+			return
 		}
-		key = key[:lastSlash]
-	}

-	return res
+		for {
+			if !yield(key) {
+				return
+			}
+
+			lastSlash := strings.LastIndex(key, "/")
+			if lastSlash == -1 {
+				break
+			}
+			key = key[:lastSlash]
+		}
+	}
 }

 // decodeDockerAuth decodes the username and password from conf,
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_common.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_common.go
@ -1,5 +1,4 @@
 //go:build !freebsd
-// +build !freebsd

 package sysregistriesv2

--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_freebsd.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_freebsd.go
@ -1,5 +1,4 @@
 //go:build freebsd
-// +build freebsd

 package sysregistriesv2

--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
@ -134,7 +134,7 @@ func ResolveShortNameAlias(ctx *types.SystemContext, name string) (reference.Nam
 // editShortNameAlias loads the aliases.conf file and changes it. If value is
 // set, it adds the name-value pair as a new alias. Otherwise, it will remove
 // name from the config.
-func editShortNameAlias(ctx *types.SystemContext, name string, value *string) error {
+func editShortNameAlias(ctx *types.SystemContext, name string, value *string) (retErr error) {
 	if err := validateShortName(name); err != nil {
 		return err
 	}
@ -178,7 +178,13 @@ func editShortNameAlias(ctx *types.SystemContext, name string, value *string) er
 	if err != nil {
 		return err
 	}
-	defer f.Close()
+	// since we are writing to this file, make sure we handle err on Close()
+	defer func() {
+		closeErr := f.Close()
+		if retErr == nil {
+			retErr = closeErr
+		}
+	}()

 	encoder := toml.NewEncoder(f)
 	return encoder.Encode(conf)
@ -229,7 +235,7 @@ func parseShortNameValue(alias string) (reference.Named, error) {
 	}

 	registry := reference.Domain(named)
-	if !(strings.ContainsAny(registry, ".:") || registry == "localhost") {
+	if !strings.ContainsAny(registry, ".:") && registry != "localhost" {
 		return nil, fmt.Errorf("invalid alias %q: must contain registry and repository", alias)
 	}

--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
@ -4,9 +4,11 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"maps"
 	"os"
 	"path/filepath"
 	"reflect"
+	"slices"
 	"sort"
 	"strings"
 	"sync"
@ -18,7 +20,6 @@ import (
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/regexp"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/exp/maps"
 )

 // systemRegistriesConfPath is the path to the system-wide registry
@ -430,7 +431,8 @@ func (config *V2RegistriesConf) postProcessRegistries() error {
 			return fmt.Errorf("pull-from-mirror must not be set for a non-mirror registry %q", reg.Prefix)
 		}
 		// make sure mirrors are valid
-		for _, mir := range reg.Mirrors {
+		for j := range reg.Mirrors {
+			mir := &reg.Mirrors[j]
 			mir.Location, err = parseLocation(mir.Location)
 			if err != nil {
 				return err
@ -1040,12 +1042,10 @@ func (c *parsedConfig) updateWithConfigurationFrom(updates *parsedConfig) {
 	}

 	// Go maps have a non-deterministic order when iterating the keys, so
-	// we dump them in a slice and sort it to enforce some order in
-	// Registries slice.  Some consumers of c/image (e.g., CRI-O) log the
-	// configuration where a non-deterministic order could easily cause
-	// confusion.
-	prefixes := maps.Keys(registryMap)
-	sort.Strings(prefixes)
+	// we sort the keys to enforce some order in Registries slice.
+	// Some consumers of c/image (e.g., CRI-O) log the configuration
+	// and a non-deterministic order could easily cause confusion.
+	prefixes := slices.Sorted(maps.Keys(registryMap))

 	c.partialV2.Registries = []Registry{}
 	for _, prefix := range prefixes {