build(deps): bump the go-deps group with 10 updates

Bumps the go-deps group with 10 updates: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/compute](https://github.com/googleapis/google-cloud-go) | `1.23.1` | `1.23.3` | | [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.33.0` | `1.35.1` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.45.27` | `1.47.9` | | [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.4` | `0.7.5` | | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.11.2` | `4.11.3` | | [github.com/labstack/gommon](https://github.com/labstack/gommon) | `0.4.0` | `0.4.1` | | [github.com/openshift-online/ocm-sdk-go](https://github.com/openshift-online/ocm-sdk-go) | `0.1.374` | `0.1.385` | | [github.com/osbuild/images](https://github.com/osbuild/images) | `0.12.0` | `0.15.0` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.7.0` | `1.8.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.13.0` | `0.14.0` | Updates `cloud.google.com/go/compute` from 1.23.1 to 1.23.3 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.23.1...compute/v1.23.3) Updates `cloud.google.com/go/storage` from 1.33.0 to 1.35.1 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.33.0...storage/v1.35.1) Updates `github.com/aws/aws-sdk-go` from 1.45.27 to 1.47.9 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.45.27...v1.47.9) Updates `github.com/hashicorp/go-retryablehttp` from 0.7.4 to 0.7.5 - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.4...v0.7.5) Updates `github.com/labstack/echo/v4` from 4.11.2 to 4.11.3 - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](https://github.com/labstack/echo/compare/v4.11.2...v4.11.3) Updates `github.com/labstack/gommon` from 0.4.0 to 0.4.1 - [Release notes](https://github.com/labstack/gommon/releases) - [Commits](https://github.com/labstack/gommon/compare/v0.4.0...v0.4.1) Updates `github.com/openshift-online/ocm-sdk-go` from 0.1.374 to 0.1.385 - [Release notes](https://github.com/openshift-online/ocm-sdk-go/releases) - [Changelog](https://github.com/openshift-online/ocm-sdk-go/blob/main/CHANGES.md) - [Commits](https://github.com/openshift-online/ocm-sdk-go/compare/v0.1.374...v0.1.385) Updates `github.com/osbuild/images` from 0.12.0 to 0.15.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.12.0...v0.15.0) Updates `github.com/spf13/cobra` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0) Updates `golang.org/x/oauth2` from 0.13.0 to 0.14.0 - [Commits](https://github.com/golang/oauth2/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/compute dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/labstack/echo/v4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/labstack/gommon dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/openshift-online/ocm-sdk-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/osbuild/images dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 04:25:22 +00:00 · 2023-11-13 04:25:22 +00:00 · a1e428fc53
commit a1e428fc53
parent 13d642bb46
565 changed files with 10888 additions and 5729 deletions
--- a/vendor/github.com/osbuild/images/internal/pathpolicy/policies.go
+++ b/vendor/github.com/osbuild/images/internal/pathpolicy/policies.go
@ -2,16 +2,32 @@ package pathpolicy

 // MountpointPolicies is a set of default mountpoint policies used for filesystem customizations
 var MountpointPolicies = NewPathPolicies(map[string]PathPolicy{
-	"/":     {Exact: true},
-	"/boot": {Exact: true},
-	"/var":  {},
-	"/opt":  {},
-	"/srv":  {},
-	"/usr":  {},
-	"/app":  {},
-	"/data": {},
-	"/home": {},
-	"/tmp":  {},
+	"/": {},
+	// /etc must be on the root filesystem
+	"/etc": {Deny: true},
+	// NB: any mountpoints under /usr are not supported by systemd fstab
+	// generator in initram before the switch-root, so we don't allow them.
+	"/usr": {Exact: true},
+	// API filesystems
+	"/sys":  {Deny: true},
+	"/proc": {Deny: true},
+	"/dev":  {Deny: true},
+	"/run":  {Deny: true},
+	// not allowed due to merged-usr
+	"/bin":   {Deny: true},
+	"/sbin":  {Deny: true},
+	"/lib":   {Deny: true},
+	"/lib64": {Deny: true},
+	// used by ext filesystems
+	"/lost+found": {Deny: true},
+	// used by EFI
+	"/boot/efi": {Deny: true},
+	// used by systemd / ostree
+	"/sysroot": {Deny: true},
+	// symlink to ../run which is on tmpfs
+	"/var/run": {Deny: true},
+	// symlink to ../run/lock which is on tmpfs
+	"/var/lock": {Deny: true},
 })

 // CustomDirectoriesPolicies is a set of default policies for custom directories
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go
@ -65,12 +65,13 @@ func edgeRawImgType() imageType {
 		filename:            "image.raw.xz",
 		compression:         "xz",
 		mimeType:            "application/xz",
+		image:               edgeRawImage,
 		packageSets:         nil,
 		defaultSize:         10 * common.GibiByte,
 		rpmOstree:           true,
 		bootable:            true,
 		bootISO:             false,
-		image:               edgeRawImage,
+		kernelOptions:       "modprobe.blacklist=vc4",
 		buildPipelines:      []string{"build"},
 		payloadPipelines:    []string{"ostree-deployment", "image", "xz"},
 		exports:             []string{"xz"},
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/ami.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/ami.go
@ -8,6 +8,7 @@ import (
 	"github.com/osbuild/images/pkg/subscription"
 )

+// TODO: move these to the EC2 environment
 const amiKernelOptions = "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295"

 var (
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go
@ -69,6 +69,7 @@ var (
 		defaultImageConfig: &distro.ImageConfig{
 			Locale: common.ToPtr("en_US.UTF-8"),
 		},
+		kernelOptions:       "modprobe.blacklist=vc4",
 		defaultSize:         10 * common.GibiByte,
 		rpmOstree:           true,
 		bootable:            true,
@ -145,6 +146,7 @@ var (
 		defaultImageConfig: &distro.ImageConfig{
 			Locale: common.ToPtr("en_US.UTF-8"),
 		},
+		kernelOptions:       amiKernelOptions + " modprobe.blacklist=vc4",
 		defaultSize:         10 * common.GibiByte,
 		rpmOstree:           true,
 		bootable:            true,
@ -165,6 +167,7 @@ var (
 		defaultImageConfig: &distro.ImageConfig{
 			Locale: common.ToPtr("en_US.UTF-8"),
 		},
+		kernelOptions:       "modprobe.blacklist=vc4",
 		defaultSize:         10 * common.GibiByte,
 		rpmOstree:           true,
 		bootable:            true,
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go
@ -405,7 +405,12 @@ func edgeRawImage(workload workload.Workload,
 	img.Users = users.UsersFromBP(customizations.GetUsers())
 	img.Groups = users.GroupsFromBP(customizations.GetGroups())

-	img.KernelOptionsAppend = []string{"modprobe.blacklist=vc4"}
+	// The kernel options defined on the image type are usually handled in
+	// osCustomiztions() but ostree images don't use OSCustomizations, so we
+	// handle them here separately.
+	if t.kernelOptions != "" {
+		img.KernelOptionsAppend = append(img.KernelOptionsAppend, t.kernelOptions)
+	}
 	img.Keyboard = "us"
 	img.Locale = "C.UTF-8"
 	if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || !t.arch.distro.isRHEL() {
--- a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go
@ -155,10 +155,10 @@ func (p *AnacondaInstallerISOTree) serialize() osbuild.Pipeline {
 	pipeline.AddStage(osbuild.NewMkdirStage(&osbuild.MkdirStageOptions{
 		Paths: []osbuild.MkdirStagePath{
 			{
-				Path: "images",
+				Path: "/images",
 			},
 			{
-				Path: "images/pxeboot",
+				Path: "/images/pxeboot",
 			},
 		},
 	}))
@ -167,7 +167,7 @@ func (p *AnacondaInstallerISOTree) serialize() osbuild.Pipeline {
 		pipeline.AddStage(osbuild.NewMkdirStage(&osbuild.MkdirStageOptions{
 			Paths: []osbuild.MkdirStagePath{
 				{
-					Path: "LiveOS",
+					Path: "/LiveOS",
 				},
 			},
 		}))
--- a/vendor/github.com/osbuild/images/pkg/manifest/coi_iso_tree.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/coi_iso_tree.go
@ -98,10 +98,10 @@ func (p *CoreOSISOTree) serialize() osbuild.Pipeline {
 	pipeline.AddStage(osbuild.NewMkdirStage(&osbuild.MkdirStageOptions{
 		Paths: []osbuild.MkdirStagePath{
 			{
-				Path: "images",
+				Path: "/images",
 			},
 			{
-				Path: "images/pxeboot",
+				Path: "/images/pxeboot",
 			},
 		},
 	}))
--- a/vendor/github.com/osbuild/images/pkg/manifest/iso_rootfs.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/iso_rootfs.go
@ -30,12 +30,12 @@ func (p *ISORootfsImg) serialize() osbuild.Pipeline {
 	pipeline.AddStage(osbuild.NewMkdirStage(&osbuild.MkdirStageOptions{
 		Paths: []osbuild.MkdirStagePath{
 			{
-				Path: "LiveOS",
+				Path: "/LiveOS",
 			},
 		},
 	}))
 	pipeline.AddStage(osbuild.NewTruncateStage(&osbuild.TruncateStageOptions{
-		Filename: "LiveOS/rootfs.img",
+		Filename: "/LiveOS/rootfs.img",
 		Size:     fmt.Sprintf("%d", p.Size),
 	}))

--- a/vendor/github.com/osbuild/images/pkg/manifest/raw_ostree.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/raw_ostree.go
@ -83,10 +83,24 @@ func (p *RawOSTreeImage) serialize() osbuild.Pipeline {
 			"ostree-tree": *osbuild.NewOSTreeCheckoutInput("org.osbuild.source", commitChecksum),
 		}

+		// Find the FS root mount name to use as the destination root
+		// for the target when copying the boot files.
+		var fsRootMntName string
+		for _, mnt := range *bootCopyMounts {
+			if mnt.Target == "/" {
+				fsRootMntName = mnt.Name
+				break
+			}
+		}
+
+		if fsRootMntName == "" {
+			panic("no mount found for the filesystem root")
+		}
+
 		for _, paths := range bootFiles {
 			bootCopyOptions.Paths = append(bootCopyOptions.Paths, osbuild.CopyStagePath{
 				From: fmt.Sprintf("input://ostree-tree/%s%s", commitChecksum, paths[0]),
-				To:   fmt.Sprintf("mount://root%s", paths[1]),
+				To:   fmt.Sprintf("mount://%s%s", fsRootMntName, paths[1]),
 			})
 		}

--- a/vendor/github.com/osbuild/images/pkg/osbuild/copy_stage.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/copy_stage.go
@ -2,6 +2,7 @@ package osbuild

 import (
 	"fmt"
+	"reflect"
 	"sort"

 	"github.com/osbuild/images/pkg/disk"
@ -64,10 +65,15 @@ func GenCopyFSTreeOptions(inputName, inputPipeline, filename string, pt *disk.Pa

 	devices := make(map[string]Device, len(pt.Partitions))
 	mounts := make([]Mount, 0, len(pt.Partitions))
+	var fsRootMntName string
 	genMounts := func(mnt disk.Mountable, path []disk.Entity) error {
 		stageDevices, name := getDevices(path, filename, false)
 		mountpoint := mnt.GetMountpoint()

+		if mountpoint == "/" {
+			fsRootMntName = name
+		}
+
 		var mount *Mount
 		t := mnt.GetFSType()
 		switch t {
@ -86,6 +92,13 @@ func GenCopyFSTreeOptions(inputName, inputPipeline, filename string, pt *disk.Pa

 		// update devices map with new elements from stageDevices
 		for devName := range stageDevices {
+			if existingDevice, exists := devices[devName]; exists {
+				// It is usual that the a device is generated twice for the same Entity e.g. LVM VG, which is OK.
+				// Therefore fail only if a device with the same name is generated for two different Entities.
+				if !reflect.DeepEqual(existingDevice, stageDevices[devName]) {
+					panic(fmt.Sprintf("the device name %q has been generated for two different devices", devName))
+				}
+			}
 			devices[devName] = stageDevices[devName]
 		}
 		return nil
@ -101,6 +114,10 @@ func GenCopyFSTreeOptions(inputName, inputPipeline, filename string, pt *disk.Pa
 		return mounts[i].Target < mounts[j].Target
 	})

+	if fsRootMntName == "" {
+		panic("no mount found for the filesystem root")
+	}
+
 	stageMounts := Mounts(mounts)
 	stageDevices := Devices(devices)

@ -108,7 +125,7 @@ func GenCopyFSTreeOptions(inputName, inputPipeline, filename string, pt *disk.Pa
 		Paths: []CopyStagePath{
 			{
 				From: fmt.Sprintf("input://%s/", inputName),
-				To:   "mount://root/",
+				To:   fmt.Sprintf("mount://%s/", fsRootMntName),
 			},
 		},
 	}
--- a/vendor/github.com/osbuild/images/pkg/osbuild/device.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/device.go
@ -153,11 +153,11 @@ func deviceName(p disk.Entity) string {

 	switch payload := p.(type) {
 	case disk.Mountable:
-		return pathdot(payload.GetMountpoint())
+		return pathEscape(payload.GetMountpoint())
 	case *disk.LUKSContainer:
 		return "luks-" + payload.UUID[:4]
 	case *disk.LVMVolumeGroup:
-		return payload.Name + "vg"
+		return payload.Name
 	case *disk.LVMLogicalVolume:
 		return payload.Name
 	}
@ -206,12 +206,21 @@ func getDevices(path []disk.Entity, filename string, lockLoopback bool) (map[str
 	return do, parent
 }

-func pathdot(path string) string {
-	if path == "/" {
-		return "root"
+// pathEscape implements similar path escaping as used by systemd-escape
+// https://github.com/systemd/systemd/blob/c57ff6230e4e199d40f35a356e834ba99f3f8420/src/basic/unit-name.c#L389
+func pathEscape(path string) string {
+	if len(path) == 0 || path == "/" {
+		return "-"
 	}

-	path = strings.TrimLeft(path, "/")
+	path = strings.Trim(path, "/")

-	return strings.ReplaceAll(path, "/", ".")
+	escapeChars := func(s, char string) string {
+		return strings.ReplaceAll(s, char, fmt.Sprintf("\\x%x", char[0]))
+	}
+
+	path = escapeChars(path, "\\")
+	path = escapeChars(path, "-")
+
+	return strings.ReplaceAll(path, "/", "-")
 }