diff --git a/src/code.cloudfoundry.org/go.mod b/src/code.cloudfoundry.org/go.mod index fa84f090c1..04b2fbd7d9 100644 --- a/src/code.cloudfoundry.org/go.mod +++ b/src/code.cloudfoundry.org/go.mod @@ -10,9 +10,6 @@ replace ( code.cloudfoundry.org/guardian => ../guardian code.cloudfoundry.org/idmapper => ../idmapper - // buildpacks/lifecycle depends on moby/buildkit and new versions of both are incompatible with one another - github.com/buildpacks/lifecycle => github.com/buildpacks/lifecycle v0.19.7 - // We have to pin this dep to v0.12.0 to remain compatible with Enovy 1.28 until Xenial is out of support // https://www.pivotaltracker.com/n/projects/2477027/stories/186946795 github.com/envoyproxy/go-control-plane => github.com/envoyproxy/go-control-plane v0.12.0 @@ -51,7 +48,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 github.com/cloudfoundry-community/go-uaa v0.3.3 github.com/cloudfoundry/dropsonde v1.1.0 - github.com/containers/image/v5 v5.32.2 + github.com/containers/image/v5 v5.33.0 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 github.com/envoyproxy/go-control-plane v0.13.1 github.com/fsnotify/fsnotify v1.8.0 @@ -87,7 +84,7 @@ require ( github.com/tedsuo/ifrit v0.0.0-20230516164442-7862c310ad26 github.com/tedsuo/rata v1.0.0 github.com/vito/go-sse v1.1.2 - golang.org/x/crypto v0.28.0 + golang.org/x/crypto v0.29.0 golang.org/x/net v0.30.0 golang.org/x/oauth2 v0.24.0 golang.org/x/sys v0.27.0 @@ -217,8 +214,8 @@ require ( go.uber.org/automaxprocs v1.6.0 // indirect golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect golang.org/x/sync v0.9.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect golang.org/x/tools v0.26.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect diff --git a/src/code.cloudfoundry.org/go.sum b/src/code.cloudfoundry.org/go.sum index 90d589acf3..7fa281647c 100644 --- a/src/code.cloudfoundry.org/go.sum +++ b/src/code.cloudfoundry.org/go.sum @@ -801,8 +801,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GaryBoone/GoStats v0.0.0-20130122001700-1993eafbef57 h1:EUQH/F+mzJBs53c75r7R5zdM/kz7BHXoWBFsVXzadVw= github.com/GaryBoone/GoStats v0.0.0-20130122001700-1993eafbef57/go.mod h1:5zDl2HgTb/k5i9op9y6IUSiuVkZFpUrWGQbZc9tNR40= -github.com/GoogleContainerTools/kaniko v1.23.0 h1:/YTWOF3uL40kNyK2821Wc+12Czlon1U+gmISWw9CLTM= -github.com/GoogleContainerTools/kaniko v1.23.0/go.mod h1:lTA7EDyPzSGYxcXxaxWCztINdHMb1Qxj6+eAn1vo2EI= +github.com/GoogleContainerTools/kaniko v1.23.1 h1:1N6XhVTrUB0CNVIUeruXfZ9CtpJP3TuZkxDZYg2NilA= +github.com/GoogleContainerTools/kaniko v1.23.1/go.mod h1:r3od0LXG7hnM2i/WMIX1e6kmLiKpV1D7skalBZBvsbk= github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= @@ -881,8 +881,8 @@ github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/buildpacks/imgutil v0.0.0-20240605145725-186f89b2d168 h1:yVYVi1V7x1bXklOx9lpbTfteyzQKGZC/wkl+IlaVRlU= github.com/buildpacks/imgutil v0.0.0-20240605145725-186f89b2d168/go.mod h1:n2R6VRuWsAX3cyHCp/u0Z4WJcixny0gYg075J39owrk= -github.com/buildpacks/lifecycle v0.19.7 h1:q9a96xDGC7mhzJ5h+Esrg7q8PSYgL5XmBiBnSRNLalw= -github.com/buildpacks/lifecycle v0.19.7/go.mod h1:OJ8JCdBSbzeY45l5l3YuGbcPAOKYUv1GUaKP2uDeUS0= +github.com/buildpacks/lifecycle v0.20.3 h1:52F4zlYiQMfN+puzzZZKwiAFFahaYd1pmG5JVBJjJ00= +github.com/buildpacks/lifecycle v0.20.3/go.mod h1:6N4eXv56btw/h9uwq9mfcVNIuNFBah3dbSgcF77AOfc= github.com/buildpacks/pack v0.35.1 h1:/WFUIo+gcrgH+mXe/H+66kqfnmChc4tl8EWKwykuNsg= github.com/buildpacks/pack v0.35.1/go.mod h1:ttb2Qmr1u7LKnhZNZJLCE/WQUXTtZoo+mJ4welgxS5c= github.com/cactus/go-statsd-client v3.1.1-0.20161031215955-d8eabe07bc70+incompatible h1:rvQnzqm2Wu56ndxRonf+5dakiUb1b5V24mA2Z6om554= @@ -934,8 +934,8 @@ github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/containers/image/v5 v5.32.2 h1:SzNE2Y6sf9b1GJoC8qjCuMBXwQrACFp4p0RK15+4gmQ= -github.com/containers/image/v5 v5.32.2/go.mod h1:v1l73VeMugfj/QtKI+jhYbwnwFCFnNGckvbST3rQ5Hk= +github.com/containers/image/v5 v5.33.0 h1:6oPEFwTurf7pDTGw7TghqGs8K0+OvPtY/UyzU0B2DfE= +github.com/containers/image/v5 v5.33.0/go.mod h1:T7HpASmvnp2H1u4cyckMvCzLuYgpD18dSmabSw0AcHk= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.2.0 h1:X14EgRK3xNFvJEfI5O4Qn4T3E25ANudSOZz/sirVuPM= @@ -1291,8 +1291,8 @@ github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= -github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= -github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= +github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= @@ -1595,8 +1595,8 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1895,8 +1895,8 @@ golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1917,8 +1917,8 @@ golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/api/apis.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/api/apis.go index e46a047006..821df45761 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/api/apis.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/api/apis.go @@ -11,7 +11,7 @@ var ( // Platform is a pair of lists of Platform API versions: // 1. All supported versions (including deprecated versions) // 2. The versions that are deprecated - Platform = newApisMustParse([]string{"0.7", "0.8", "0.9", "0.10", "0.11", "0.12", "0.13"}, []string{}) + Platform = newApisMustParse([]string{"0.7", "0.8", "0.9", "0.10", "0.11", "0.12", "0.13", "0.14"}, []string{}) // Buildpack is a pair of lists of Buildpack API versions: // 1. All supported versions (including deprecated versions) // 2. The versions that are deprecated diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/buildpack/build.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/buildpack/build.go index 354e724c4d..2d10cac5f6 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/buildpack/build.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/buildpack/build.go @@ -94,7 +94,7 @@ func (e *DefaultBuildExecutor) Build(d BpDescriptor, inputs BuildInputs, logger } logger.Debug("Updating environment") - if err := d.setupEnv(createdLayers, inputs.Env); err != nil { + if err := d.setupEnv(bpLayersDir, createdLayers, inputs.Env); err != nil { return BuildOutputs{}, err } @@ -162,39 +162,41 @@ func runBuildCmd(d BpDescriptor, bpLayersDir, planPath string, inputs BuildInput return nil } -func (d BpDescriptor) processLayers(layersDir string, logger log.Logger) (map[string]LayerMetadataFile, error) { - return eachLayer(layersDir, d.WithAPI, func(path, buildpackAPI string) (LayerMetadataFile, error) { - layerMetadataFile, err := DecodeLayerMetadataFile(path+".toml", buildpackAPI, logger) +func (d BpDescriptor) processLayers(bpLayersDir string, logger log.Logger) (map[string]LayerMetadataFile, error) { + bpLayers := make(map[string]LayerMetadataFile) + if err := eachLayer(bpLayersDir, func(layerPath string) error { + layerFile, err := DecodeLayerMetadataFile(layerPath+".toml", d.WithAPI, logger) if err != nil { - return LayerMetadataFile{}, err + return fmt.Errorf("failed to decode layer metadata file: %w", err) } - if err := renameLayerDirIfNeeded(layerMetadataFile, path); err != nil { - return LayerMetadataFile{}, err + if err = renameLayerDirIfNeeded(layerFile, layerPath); err != nil { + return fmt.Errorf("failed to rename layer directory: %w", err) } - return layerMetadataFile, nil - }) + bpLayers[layerPath] = layerFile + return nil + }); err != nil { + return nil, fmt.Errorf("failed to process buildpack layer: %w", err) + } + return bpLayers, nil } -func eachLayer(bpLayersDir, buildpackAPI string, fn func(path, api string) (LayerMetadataFile, error)) (map[string]LayerMetadataFile, error) { +func eachLayer(bpLayersDir string, fn func(layerPath string) error) error { files, err := os.ReadDir(bpLayersDir) if os.IsNotExist(err) { - return map[string]LayerMetadataFile{}, nil + return nil } else if err != nil { - return map[string]LayerMetadataFile{}, err + return err } - bpLayers := map[string]LayerMetadataFile{} for _, f := range files { if f.IsDir() || !strings.HasSuffix(f.Name(), ".toml") { continue } path := filepath.Join(bpLayersDir, strings.TrimSuffix(f.Name(), ".toml")) - layerMetadataFile, err := fn(path, buildpackAPI) - if err != nil { - return map[string]LayerMetadataFile{}, err + if err = fn(path); err != nil { + return err } - bpLayers[path] = layerMetadataFile } - return bpLayers, nil + return nil } func renameLayerDirIfNeeded(layerMetadataFile LayerMetadataFile, layerDir string) error { @@ -207,23 +209,25 @@ func renameLayerDirIfNeeded(layerMetadataFile LayerMetadataFile, layerDir string return nil } -func (d BpDescriptor) setupEnv(createdLayers map[string]LayerMetadataFile, buildEnv BuildEnv) error { +func (d BpDescriptor) setupEnv(bpLayersDir string, createdLayers map[string]LayerMetadataFile, buildEnv BuildEnv) error { bpAPI := api.MustParse(d.WithAPI) - for path, layerMetadataFile := range createdLayers { - if !layerMetadataFile.Build { - continue + return eachLayer(bpLayersDir, func(layerPath string) error { + var err error + layerMetadataFile, ok := createdLayers[layerPath] + if !ok { + return fmt.Errorf("failed to find layer metadata for %s", layerPath) } - if err := buildEnv.AddRootDir(path); err != nil { - return err + if !layerMetadataFile.Build { + return nil } - if err := buildEnv.AddEnvDir(filepath.Join(path, "env"), env.DefaultActionType(bpAPI)); err != nil { + if err = buildEnv.AddRootDir(layerPath); err != nil { return err } - if err := buildEnv.AddEnvDir(filepath.Join(path, "env.build"), env.DefaultActionType(bpAPI)); err != nil { + if err = buildEnv.AddEnvDir(filepath.Join(layerPath, "env"), env.DefaultActionType(bpAPI)); err != nil { return err } - } - return nil + return buildEnv.AddEnvDir(filepath.Join(layerPath, "env.build"), env.DefaultActionType(bpAPI)) + }) } func (d BpDescriptor) readOutputFilesBp(bpLayersDir, bpPlanPath string, bpPlanIn Plan, bpLayers map[string]LayerMetadataFile, logger log.Logger) (BuildOutputs, error) { diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/common.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/common.go index 8b06e362f0..c37d2f20a3 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/common.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/common.go @@ -5,3 +5,25 @@ import ( ) var errCacheCommitted = errors.New("cache cannot be modified after commit") + +// ReadErr is an error type for filesystem read errors. +type ReadErr struct { + msg string +} + +// NewReadErr creates a new ReadErr. +func NewReadErr(msg string) ReadErr { + return ReadErr{msg: msg} +} + +// Error returns the error message. +func (e ReadErr) Error() string { + return e.msg +} + +// IsReadErr checks if an error is a ReadErr. +func IsReadErr(err error) (bool, *ReadErr) { + var e ReadErr + isReadErr := errors.As(err, &e) + return isReadErr, &e +} diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_cache.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_cache.go index efdbdf2e94..a029c87dc0 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_cache.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_cache.go @@ -99,15 +99,44 @@ func (c *ImageCache) AddLayerFile(tarPath string, diffID string) error { return c.newImage.AddLayerWithDiffID(tarPath, diffID) } +// isLayerNotFound checks if the error is a layer not found error +// +// FIXME: we should not have to rely on trapping ErrUnexpectedEOF. +// If a blob is not present in the registry, we should get imgutil.ErrLayerNotFound, +// but we do not and instead get io.ErrUnexpectedEOF +func isLayerNotFound(err error) bool { + var e imgutil.ErrLayerNotFound + return errors.As(err, &e) || errors.Is(err, io.ErrUnexpectedEOF) +} + func (c *ImageCache) ReuseLayer(diffID string) error { if c.committed { return errCacheCommitted } - return c.newImage.ReuseLayer(diffID) + err := c.newImage.ReuseLayer(diffID) + if err != nil { + // FIXME: this path is not currently executed. + // If a blob is not present in the registry, we should get imgutil.ErrLayerNotFound. + // We should then skip attempting to reuse the layer. + // However, we do not get imgutil.ErrLayerNotFound when the blob is not present. + if isLayerNotFound(err) { + return NewReadErr(fmt.Sprintf("failed to find cache layer with SHA '%s'", diffID)) + } + return fmt.Errorf("failed to reuse cache layer with SHA '%s'", diffID) + } + return nil } +// RetrieveLayer retrieves a layer from the cache func (c *ImageCache) RetrieveLayer(diffID string) (io.ReadCloser, error) { - return c.origImage.GetLayer(diffID) + closer, err := c.origImage.GetLayer(diffID) + if err != nil { + if isLayerNotFound(err) { + return nil, NewReadErr(fmt.Sprintf("failed to find cache layer with SHA '%s'", diffID)) + } + return nil, fmt.Errorf("failed to get cache layer with SHA '%s'", diffID) + } + return closer, nil } func (c *ImageCache) Commit() error { diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_deleter.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_deleter.go index 8807715d1c..f6fc03acdc 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_deleter.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/image_deleter.go @@ -12,6 +12,7 @@ import ( // ImageDeleter defines the methods available to delete and compare cached images type ImageDeleter interface { DeleteOrigImageIfDifferentFromNewImage(origImage, newImage imgutil.Image) + DeleteImage(image imgutil.Image) } // ImageDeleterImpl is a component to manage cache image deletion @@ -35,13 +36,13 @@ func (c *ImageDeleterImpl) DeleteOrigImageIfDifferentFromNewImage(origImage, new } if !same { - c.deleteImage(origImage) + c.DeleteImage(origImage) } } } -// deleteImage deletes an image -func (c *ImageDeleterImpl) deleteImage(image imgutil.Image) { +// DeleteImage deletes an image +func (c *ImageDeleterImpl) DeleteImage(image imgutil.Image) { if c.deletionEnabled { if err := image.Delete(); err != nil { c.logger.Warnf("Unable to delete cache image: %v", err.Error()) diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/volume_cache.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/volume_cache.go index 210e1afbfd..3ec0003ccf 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/volume_cache.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/cache/volume_cache.go @@ -2,6 +2,7 @@ package cache import ( "encoding/json" + "fmt" "io" "os" "path/filepath" @@ -10,6 +11,8 @@ import ( "github.com/pkg/errors" + "github.com/buildpacks/lifecycle/log" + "github.com/buildpacks/lifecycle/internal/fsutil" "github.com/buildpacks/lifecycle/platform" ) @@ -20,9 +23,11 @@ type VolumeCache struct { backupDir string stagingDir string committedDir string + logger log.Logger } -func NewVolumeCache(dir string) (*VolumeCache, error) { +// NewVolumeCache creates a new VolumeCache +func NewVolumeCache(dir string, logger log.Logger) (*VolumeCache, error) { if _, err := os.Stat(dir); err != nil { return nil, err } @@ -32,6 +37,7 @@ func NewVolumeCache(dir string) (*VolumeCache, error) { backupDir: filepath.Join(dir, "committed-backup"), stagingDir: filepath.Join(dir, "staging"), committedDir: filepath.Join(dir, "committed"), + logger: logger, } if err := c.setupStagingDir(); err != nil { @@ -133,7 +139,20 @@ func (c *VolumeCache) ReuseLayer(diffID string) error { if c.committed { return errCacheCommitted } - if err := os.Link(diffIDPath(c.committedDir, diffID), diffIDPath(c.stagingDir, diffID)); err != nil && !os.IsExist(err) { + committedPath := diffIDPath(c.committedDir, diffID) + stagingPath := diffIDPath(c.stagingDir, diffID) + + if _, err := os.Stat(committedPath); err != nil { + if os.IsNotExist(err) { + return NewReadErr(fmt.Sprintf("failed to find cache layer with SHA '%s'", diffID)) + } + if os.IsPermission(err) { + return NewReadErr(fmt.Sprintf("failed to read cache layer with SHA '%s' due to insufficient permissions", diffID)) + } + return fmt.Errorf("failed to re-use cache layer with SHA '%s': %w", diffID, err) + } + + if err := os.Link(committedPath, stagingPath); err != nil && !os.IsExist(err) { return errors.Wrapf(err, "reusing layer (%s)", diffID) } return nil @@ -146,7 +165,13 @@ func (c *VolumeCache) RetrieveLayer(diffID string) (io.ReadCloser, error) { } file, err := os.Open(path) if err != nil { - return nil, errors.Wrapf(err, "opening layer with SHA '%s'", diffID) + if os.IsPermission(err) { + return nil, NewReadErr(fmt.Sprintf("failed to read cache layer with SHA '%s' due to insufficient permissions", diffID)) + } + if os.IsNotExist(err) { + return nil, NewReadErr(fmt.Sprintf("failed to find cache layer with SHA '%s'", diffID)) + } + return nil, fmt.Errorf("failed to get cache layer with SHA '%s'", diffID) } return file, nil } @@ -165,7 +190,7 @@ func (c *VolumeCache) RetrieveLayerFile(diffID string) (string, error) { path := diffIDPath(c.committedDir, diffID) if _, err := os.Stat(path); err != nil { if os.IsNotExist(err) { - return "", errors.Wrapf(err, "layer with SHA '%s' not found", diffID) + return "", NewReadErr(fmt.Sprintf("failed to find cache layer with SHA '%s'", diffID)) } return "", errors.Wrapf(err, "retrieving layer with SHA '%s'", diffID) } diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/image/registry_handler.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/image/registry_handler.go index cbfcd563dd..2bf11056e9 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/image/registry_handler.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/image/registry_handler.go @@ -1,12 +1,11 @@ package image import ( + "fmt" + "github.com/buildpacks/imgutil" "github.com/buildpacks/imgutil/remote" "github.com/google/go-containerregistry/pkg/authn" - "github.com/pkg/errors" - - "github.com/buildpacks/lifecycle/cmd" ) // RegistryHandler takes care of the registry settings and checks @@ -73,8 +72,7 @@ func verifyReadAccess(imageRef string, keychain authn.Keychain, opts []imgutil.I img, _ := remote.NewImage(imageRef, keychain, opts...) canRead, err := img.CheckReadAccess() if !canRead { - cmd.DefaultLogger.Debugf("Error checking read access: %s", err) - return errors.Errorf("ensure registry read access to %s", imageRef) + return fmt.Errorf("failed to ensure registry read access to %s: %w", imageRef, err) } return nil @@ -88,8 +86,7 @@ func verifyReadWriteAccess(imageRef string, keychain authn.Keychain, opts []imgu img, _ := remote.NewImage(imageRef, keychain, opts...) canReadWrite, err := img.CheckReadWriteAccess() if !canReadWrite { - cmd.DefaultLogger.Debugf("Error checking read/write access: %s", err) - return errors.Errorf("ensure registry read/write access to %s", imageRef) + return fmt.Errorf("failed to ensure registry read/write access to %s: %w", imageRef, err) } return nil } diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/internal/layer/metadata_restorer.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/internal/layer/metadata_restorer.go index f33e0e17e2..6660e7a00f 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/internal/layer/metadata_restorer.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/internal/layer/metadata_restorer.go @@ -6,6 +6,7 @@ import ( "github.com/pkg/errors" + "github.com/buildpacks/lifecycle/api" "github.com/buildpacks/lifecycle/buildpack" "github.com/buildpacks/lifecycle/internal/encoding" "github.com/buildpacks/lifecycle/launch" @@ -24,18 +25,21 @@ type MetadataRestorer interface { Restore(buildpacks []buildpack.GroupElement, appMeta files.LayersMetadata, cacheMeta platform.CacheMetadata, layerSHAStore SHAStore) error } -func NewDefaultMetadataRestorer(layersDir string, skipLayers bool, logger log.Logger) *DefaultMetadataRestorer { +// NewDefaultMetadataRestorer returns an instance of the DefaultMetadataRestorer struct +func NewDefaultMetadataRestorer(layersDir string, skipLayers bool, logger log.Logger, platformAPI *api.Version) *DefaultMetadataRestorer { return &DefaultMetadataRestorer{ - Logger: logger, - LayersDir: layersDir, - SkipLayers: skipLayers, + Logger: logger, + LayersDir: layersDir, + SkipLayers: skipLayers, + PlatformAPI: platformAPI, } } type DefaultMetadataRestorer struct { - LayersDir string - SkipLayers bool - Logger log.Logger + LayersDir string + SkipLayers bool + Logger log.Logger + PlatformAPI *api.Version } func (r *DefaultMetadataRestorer) Restore(buildpacks []buildpack.GroupElement, appMeta files.LayersMetadata, cacheMeta platform.CacheMetadata, layerSHAStore SHAStore) error { @@ -113,10 +117,12 @@ func (r *DefaultMetadataRestorer) restoreLayerMetadata(layerSHAStore SHAStore, a r.Logger.Debugf("Not restoring %q from cache, marked as cache=false", identifier) continue } - // If launch=true, the metadata was restored from the app image or the layer is stale. + // If launch=true, the metadata was restored from the appLayers if present. if layer.Launch { - r.Logger.Debugf("Not restoring %q from cache, marked as launch=true", identifier) - continue + if _, ok := appLayers[layerName]; ok || r.PlatformAPI.LessThan("0.14") { + r.Logger.Debugf("Not restoring %q from cache, marked as launch=true", identifier) + continue + } } r.Logger.Infof("Restoring metadata for %q from cache", identifier) if err := r.writeLayerMetadata(layerSHAStore, buildpackDir, layerName, layer, bp.ID); err != nil { diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/analyzer.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/analyzer.go index 946d5ba4c2..256dac7a9b 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/analyzer.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/analyzer.go @@ -42,7 +42,7 @@ func (f *ConnectedFactory) NewAnalyzer(inputs platform.LifecycleInputs, logger l } var err error - if analyzer.PreviousImage, err = f.getPreviousImage(inputs.PreviousImageRef, inputs.LaunchCacheDir); err != nil { + if analyzer.PreviousImage, err = f.getPreviousImage(inputs.PreviousImageRef, inputs.LaunchCacheDir, logger); err != nil { return nil, err } if analyzer.RunImage, err = f.getRunImage(inputs.RunImageRef); err != nil { diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/cache.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/cache.go index 16685d97d4..4467df0d87 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/cache.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/cache.go @@ -8,6 +8,7 @@ import ( "github.com/pkg/errors" "github.com/buildpacks/lifecycle/buildpack" + c "github.com/buildpacks/lifecycle/cache" "github.com/buildpacks/lifecycle/layers" "github.com/buildpacks/lifecycle/log" "github.com/buildpacks/lifecycle/platform" @@ -100,7 +101,14 @@ func (e *Exporter) addOrReuseCacheLayer(cache Cache, layerDir LayerDir, previous if layer.Digest == previousSHA { e.Logger.Infof("Reusing cache layer '%s'\n", layer.ID) e.Logger.Debugf("Layer '%s' SHA: %s\n", layer.ID, layer.Digest) - return layer.Digest, cache.ReuseLayer(previousSHA) + err = cache.ReuseLayer(previousSHA) + if err != nil { + isReadErr, readErr := c.IsReadErr(err) + if !isReadErr { + return "", errors.Wrapf(err, "reusing layer %s", layer.ID) + } + e.Logger.Warnf("Skipping re-use for layer %s: %s", layer.ID, readErr.Error()) + } } e.Logger.Infof("Adding cache layer '%s'\n", layer.ID) e.Logger.Debugf("Layer '%s' SHA: %s\n", layer.ID, layer.Digest) diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/connected_factory.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/connected_factory.go index 3514938a28..083d4ca0a7 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/connected_factory.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/connected_factory.go @@ -5,6 +5,8 @@ import ( "github.com/buildpacks/imgutil" + "github.com/buildpacks/lifecycle/log" + "github.com/buildpacks/lifecycle/api" "github.com/buildpacks/lifecycle/cache" "github.com/buildpacks/lifecycle/image" @@ -58,7 +60,7 @@ func (f *ConnectedFactory) ensureRegistryAccess(inputs platform.LifecycleInputs) return nil } -func (f *ConnectedFactory) getPreviousImage(imageRef string, launchCacheDir string) (imgutil.Image, error) { +func (f *ConnectedFactory) getPreviousImage(imageRef string, launchCacheDir string, logger log.Logger) (imgutil.Image, error) { if imageRef == "" { return nil, nil } @@ -69,7 +71,7 @@ func (f *ConnectedFactory) getPreviousImage(imageRef string, launchCacheDir stri if launchCacheDir == "" || f.imageHandler.Kind() != image.LocalKind { return previousImage, nil } - volumeCache, err := cache.NewVolumeCache(launchCacheDir) + volumeCache, err := cache.NewVolumeCache(launchCacheDir, logger) if err != nil { return nil, fmt.Errorf("creating launch cache: %w", err) } diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/exporter.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/exporter.go index 4808e85720..759668149e 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/exporter.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/exporter.go @@ -446,6 +446,8 @@ func (e *Exporter) addLauncherLayers(opts ExportOptions, buildMD *files.BuildMet func (e *Exporter) addAppLayers(opts ExportOptions, slices []layers.Slice, meta *files.LayersMetadata) error { // creating app layers (slices + app dir) + e.Logger.Debugf("Adding app layers") + sliceLayers, err := e.LayerFactory.SliceLayers(opts.AppDir, slices) if err != nil { return errors.Wrap(err, "creating app layers") @@ -453,6 +455,7 @@ func (e *Exporter) addAppLayers(opts ExportOptions, slices []layers.Slice, meta var numberOfReusedLayers int for _, slice := range sliceLayers { + e.Logger.Debugf("Layer '%s' SHA: %s\n", slice.ID, slice.Digest) var err error found := false @@ -471,16 +474,15 @@ func (e *Exporter) addAppLayers(opts ExportOptions, slices []layers.Slice, meta if err != nil { return err } - e.Logger.Debugf("Layer '%s' SHA: %s\n", slice.ID, slice.Digest) meta.App = append(meta.App, files.LayerMetadata{SHA: slice.Digest}) } delta := len(sliceLayers) - numberOfReusedLayers if numberOfReusedLayers > 0 { - e.Logger.Infof("Reusing %d/%d app layer(s)\n", numberOfReusedLayers, len(sliceLayers)) + e.Logger.Infof("Reused %d/%d app layer(s)\n", numberOfReusedLayers, len(sliceLayers)) } if delta != 0 { - e.Logger.Infof("Adding %d/%d app layer(s)\n", delta, len(sliceLayers)) + e.Logger.Infof("Added %d/%d app layer(s)\n", delta, len(sliceLayers)) } return nil } diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/restorer.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/restorer.go index 48b6da59e0..901c281241 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/restorer.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/phase/restorer.go @@ -6,6 +6,8 @@ import ( "github.com/pkg/errors" "golang.org/x/sync/errgroup" + c "github.com/buildpacks/lifecycle/cache" + "github.com/buildpacks/lifecycle/api" "github.com/buildpacks/lifecycle/buildpack" "github.com/buildpacks/lifecycle/internal/layer" @@ -36,7 +38,7 @@ func (r *Restorer) Restore(cache Cache) error { } if r.LayerMetadataRestorer == nil { - r.LayerMetadataRestorer = layer.NewDefaultMetadataRestorer(r.LayersDir, false, r.Logger) + r.LayerMetadataRestorer = layer.NewDefaultMetadataRestorer(r.LayersDir, false, r.Logger, r.PlatformAPI) } if r.SBOMRestorer == nil { @@ -98,7 +100,16 @@ func (r *Restorer) Restore(cache Cache) error { } else { r.Logger.Infof("Restoring data for %q from cache", bpLayer.Identifier()) g.Go(func() error { - return r.restoreCacheLayer(cache, cachedLayer.SHA) + err = r.restoreCacheLayer(cache, cachedLayer.SHA) + if err != nil { + isReadErr, readErr := c.IsReadErr(err) + if isReadErr { + r.Logger.Warnf("Skipping restore for layer %s: %s", bpLayer.Identifier(), readErr.Error()) + return nil + } + return errors.Wrapf(err, "restoring layer %s", bpLayer.Identifier()) + } + return nil }) } } diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/files/run.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/files/run.go index 00fbe038ae..310448b81c 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/files/run.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/files/run.go @@ -19,3 +19,14 @@ func (r *Run) Contains(providedImage string) bool { } return false } + +// FindByRef return the RunImageForExport struct which contains the imageRef. +func (r *Run) FindByRef(imageRef string) RunImageForExport { + for _, i := range r.Images { + if i.Contains(imageRef) { + return i + } + } + + return RunImageForExport{} +} diff --git a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/target_data.go b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/target_data.go index b77ce47742..85c32f68ae 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/target_data.go +++ b/src/code.cloudfoundry.org/vendor/github.com/buildpacks/lifecycle/platform/target_data.go @@ -1,6 +1,9 @@ package platform import ( + "fmt" + "runtime" + "github.com/buildpacks/imgutil" "github.com/buildpacks/lifecycle/buildpack" @@ -87,10 +90,16 @@ func matches(target1, target2 string) bool { return target1 == target2 } -// GetTargetOSFromFileSystem populates the target metadata you pass in if the information is available -// returns a boolean indicating whether it populated any data. +// GetTargetOSFromFileSystem populates the provided target metadata with information from /etc/os-release +// if it is available. func GetTargetOSFromFileSystem(d fsutil.Detector, tm *files.TargetMetadata, logger log.Logger) { if d.HasSystemdFile() { + if tm.OS == "" { + tm.OS = "linux" + } + if tm.Arch == "" { + tm.Arch = runtime.GOARCH // in a future world where we support cross platform builds, this should be removed + } contents, err := d.ReadSystemdFile() if err != nil { logger.Warnf("Encountered error trying to read /etc/os-release file: %s", err.Error()) @@ -112,21 +121,30 @@ func EnvVarsFor(d fsutil.Detector, tm files.TargetMetadata, logger log.Logger) [ logger.Info("target distro name/version labels not found, reading /etc/os-release file") GetTargetOSFromFileSystem(d, &tm, logger) } + // required ret := []string{ "CNB_TARGET_OS=" + tm.OS, "CNB_TARGET_ARCH=" + tm.Arch, - "CNB_TARGET_ARCH_VARIANT=" + tm.ArchVariant, } + // optional var distName, distVersion string if tm.Distro != nil { distName = tm.Distro.Name distVersion = tm.Distro.Version } - ret = append(ret, "CNB_TARGET_DISTRO_NAME="+distName) - ret = append(ret, "CNB_TARGET_DISTRO_VERSION="+distVersion) + ret = appendIfNotEmpty(ret, "CNB_TARGET_ARCH_VARIANT", tm.ArchVariant) + ret = appendIfNotEmpty(ret, "CNB_TARGET_DISTRO_NAME", distName) + ret = appendIfNotEmpty(ret, "CNB_TARGET_DISTRO_VERSION", distVersion) return ret } +func appendIfNotEmpty(env []string, key, val string) []string { + if val == "" { + return env + } + return append(env, fmt.Sprintf("%s=%s", key, val)) +} + // TargetSatisfiedForRebase treats optional fields (ArchVariant and Distribution fields) as wildcards if empty, returns true if all populated fields match func TargetSatisfiedForRebase(t files.TargetMetadata, appTargetMetadata files.TargetMetadata) bool { if t.OS != appTargetMetadata.OS || t.Arch != appTargetMetadata.Arch { diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/body_reader.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/body_reader.go index 7d66ef6bc0..e69e21ef7a 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/body_reader.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/body_reader.go @@ -6,7 +6,7 @@ import ( "fmt" "io" "math" - "math/rand" + "math/rand/v2" "net/http" "net/url" "strconv" @@ -158,7 +158,7 @@ func (br *bodyReader) Read(p []byte) (int, error) { logrus.Debugf("Error closing blob body: %v", err) // … and ignore err otherwise } br.body = nil - time.Sleep(1*time.Second + time.Duration(rand.Intn(100_000))*time.Microsecond) // Some jitter so that a failure blip doesn’t cause a deterministic stampede + time.Sleep(1*time.Second + rand.N(100_000*time.Microsecond)) // Some jitter so that a failure blip doesn’t cause a deterministic stampede headers := map[string][]string{ "Range": {fmt.Sprintf("bytes=%d-", br.offset)}, @@ -197,7 +197,7 @@ func (br *bodyReader) Read(p []byte) (int, error) { consumedBody = true br.body = res.Body br.lastRetryOffset = br.offset - br.lastRetryTime = time.Time{} + br.lastRetryTime = time.Now() return n, nil default: diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_client.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_client.go index 97d97fed5f..bd024422b1 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_client.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_client.go @@ -42,7 +42,6 @@ const ( dockerRegistry = "registry-1.docker.io" resolvedPingV2URL = "%s://%s/v2/" - resolvedPingV1URL = "%s://%s/v1/_ping" tagsPath = "/v2/%s/tags/list" manifestPath = "/v2/%s/manifests/%s" blobsPath = "/v2/%s/blobs/%s" @@ -936,34 +935,6 @@ func (c *dockerClient) detectPropertiesHelper(ctx context.Context) error { } if err != nil { err = fmt.Errorf("pinging container registry %s: %w", c.registry, err) - if c.sys != nil && c.sys.DockerDisableV1Ping { - return err - } - // best effort to understand if we're talking to a V1 registry - pingV1 := func(scheme string) bool { - pingURL, err := url.Parse(fmt.Sprintf(resolvedPingV1URL, scheme, c.registry)) - if err != nil { - return false - } - resp, err := c.makeRequestToResolvedURL(ctx, http.MethodGet, pingURL, nil, nil, -1, noAuth, nil) - if err != nil { - logrus.Debugf("Ping %s err %s (%#v)", pingURL.Redacted(), err.Error(), err) - return false - } - defer resp.Body.Close() - logrus.Debugf("Ping %s status %d", pingURL.Redacted(), resp.StatusCode) - if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusUnauthorized { - return false - } - return true - } - isV1 := pingV1("https") - if !isV1 && c.tlsClientConfig.InsecureSkipVerify { - isV1 = pingV1("http") - } - if isV1 { - err = ErrV1NotSupported - } } return err } diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image.go index 9741afc3f0..74f559dce7 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image.go @@ -91,6 +91,12 @@ func GetRepositoryTags(ctx context.Context, sys *types.SystemContext, ref types. } for _, tag := range tagsHolder.Tags { if _, err := reference.WithTag(dr.ref, tag); err != nil { // Ensure the tag does not contain unexpected values + // Per https://github.com/containers/skopeo/issues/2409 , Sonatype Nexus 3.58, contrary + // to the spec, may include JSON null values in the list; and Go silently parses them as "". + if tag == "" { + logrus.Debugf("Ignoring invalid empty tag") + continue + } // Per https://github.com/containers/skopeo/issues/2346 , unknown versions of JFrog Artifactory, // contrary to the tag format specified in // https://github.com/opencontainers/distribution-spec/blob/8a871c8234977df058f1a14e299fe0a673853da2/spec.md?plain=1#L160 , diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_dest.go index ed3d4a2c0b..f5e2bb61e8 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_dest.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_dest.go @@ -923,13 +923,10 @@ func (d *dockerImageDestination) putSignaturesToAPIExtension(ctx context.Context return nil } -// Commit marks the process of storing the image as successful and asks for the image to be persisted. -// unparsedToplevel contains data about the top-level manifest of the source (which may be a single-arch image or a manifest list -// if PutManifest was only called for the single-arch image with instanceDigest == nil), primarily to allow lookups by the -// original manifest list digest, if desired. +// CommitWithOptions marks the process of storing the image as successful and asks for the image to be persisted. // WARNING: This does not have any transactional semantics: -// - Uploaded data MAY be visible to others before Commit() is called -// - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed) -func (d *dockerImageDestination) Commit(context.Context, types.UnparsedImage) error { +// - Uploaded data MAY be visible to others before CommitWithOptions() is called +// - Uploaded data MAY be removed or MAY remain around if Close() is called without CommitWithOptions() (i.e. rollback is allowed but not guaranteed) +func (d *dockerImageDestination) CommitWithOptions(ctx context.Context, options private.CommitOptions) error { return nil } diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_src.go index c8f6ba3055..6e44ce0960 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_src.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/docker_image_src.go @@ -116,10 +116,10 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef // Don’t just build a string, try to preserve the typed error. primary := &attempts[len(attempts)-1] extras := []string{} - for i := 0; i < len(attempts)-1; i++ { + for _, attempt := range attempts[:len(attempts)-1] { // This is difficult to fit into a single-line string, when the error can contain arbitrary strings including any metacharacters we decide to use. // The paired [] at least have some chance of being unambiguous. - extras = append(extras, fmt.Sprintf("[%s: %v]", attempts[i].ref.String(), attempts[i].err)) + extras = append(extras, fmt.Sprintf("[%s: %v]", attempt.ref.String(), attempt.err)) } return nil, fmt.Errorf("(Mirrors also failed: %s): %s: %w", strings.Join(extras, "\n"), primary.ref.String(), primary.err) } @@ -464,26 +464,20 @@ func (s *dockerImageSource) GetSignaturesWithFormat(ctx context.Context, instanc var res []signature.Signature switch { case s.c.supportsSignatures: - sigs, err := s.getSignaturesFromAPIExtension(ctx, instanceDigest) - if err != nil { + if err := s.appendSignaturesFromAPIExtension(ctx, &res, instanceDigest); err != nil { return nil, err } - res = append(res, sigs...) case s.c.signatureBase != nil: - sigs, err := s.getSignaturesFromLookaside(ctx, instanceDigest) - if err != nil { + if err := s.appendSignaturesFromLookaside(ctx, &res, instanceDigest); err != nil { return nil, err } - res = append(res, sigs...) default: return nil, errors.New("Internal error: X-Registry-Supports-Signatures extension not supported, and lookaside should not be empty configuration") } - sigstoreSigs, err := s.getSignaturesFromSigstoreAttachments(ctx, instanceDigest) - if err != nil { + if err := s.appendSignaturesFromSigstoreAttachments(ctx, &res, instanceDigest); err != nil { return nil, err } - res = append(res, sigstoreSigs...) return res, nil } @@ -505,35 +499,35 @@ func (s *dockerImageSource) manifestDigest(ctx context.Context, instanceDigest * return manifest.Digest(s.cachedManifest) } -// getSignaturesFromLookaside implements GetSignaturesWithFormat() from the lookaside location configured in s.c.signatureBase, -// which is not nil. -func (s *dockerImageSource) getSignaturesFromLookaside(ctx context.Context, instanceDigest *digest.Digest) ([]signature.Signature, error) { +// appendSignaturesFromLookaside implements GetSignaturesWithFormat() from the lookaside location configured in s.c.signatureBase, +// which is not nil, storing the signatures to *dest. +// On error, the contents of *dest are undefined. +func (s *dockerImageSource) appendSignaturesFromLookaside(ctx context.Context, dest *[]signature.Signature, instanceDigest *digest.Digest) error { manifestDigest, err := s.manifestDigest(ctx, instanceDigest) if err != nil { - return nil, err + return err } // NOTE: Keep this in sync with docs/signature-protocols.md! - signatures := []signature.Signature{} for i := 0; ; i++ { if i >= maxLookasideSignatures { - return nil, fmt.Errorf("server provided %d signatures, assuming that's unreasonable and a server error", maxLookasideSignatures) + return fmt.Errorf("server provided %d signatures, assuming that's unreasonable and a server error", maxLookasideSignatures) } sigURL, err := lookasideStorageURL(s.c.signatureBase, manifestDigest, i) if err != nil { - return nil, err + return err } signature, missing, err := s.getOneSignature(ctx, sigURL) if err != nil { - return nil, err + return err } if missing { break } - signatures = append(signatures, signature) + *dest = append(*dest, signature) } - return signatures, nil + return nil } // getOneSignature downloads one signature from sigURL, and returns (signature, false, nil) @@ -596,48 +590,51 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, sigURL *url.URL } } -// getSignaturesFromAPIExtension implements GetSignaturesWithFormat() using the X-Registry-Supports-Signatures API extension. -func (s *dockerImageSource) getSignaturesFromAPIExtension(ctx context.Context, instanceDigest *digest.Digest) ([]signature.Signature, error) { +// appendSignaturesFromAPIExtension implements GetSignaturesWithFormat() using the X-Registry-Supports-Signatures API extension, +// storing the signatures to *dest. +// On error, the contents of *dest are undefined. +func (s *dockerImageSource) appendSignaturesFromAPIExtension(ctx context.Context, dest *[]signature.Signature, instanceDigest *digest.Digest) error { manifestDigest, err := s.manifestDigest(ctx, instanceDigest) if err != nil { - return nil, err + return err } parsedBody, err := s.c.getExtensionsSignatures(ctx, s.physicalRef, manifestDigest) if err != nil { - return nil, err + return err } - var sigs []signature.Signature for _, sig := range parsedBody.Signatures { if sig.Version == extensionSignatureSchemaVersion && sig.Type == extensionSignatureTypeAtomic { - sigs = append(sigs, signature.SimpleSigningFromBlob(sig.Content)) + *dest = append(*dest, signature.SimpleSigningFromBlob(sig.Content)) } } - return sigs, nil + return nil } -func (s *dockerImageSource) getSignaturesFromSigstoreAttachments(ctx context.Context, instanceDigest *digest.Digest) ([]signature.Signature, error) { +// appendSignaturesFromSigstoreAttachments implements GetSignaturesWithFormat() using the sigstore tag convention, +// storing the signatures to *dest. +// On error, the contents of *dest are undefined. +func (s *dockerImageSource) appendSignaturesFromSigstoreAttachments(ctx context.Context, dest *[]signature.Signature, instanceDigest *digest.Digest) error { if !s.c.useSigstoreAttachments { logrus.Debugf("Not looking for sigstore attachments: disabled by configuration") - return nil, nil + return nil } manifestDigest, err := s.manifestDigest(ctx, instanceDigest) if err != nil { - return nil, err + return err } ociManifest, err := s.c.getSigstoreAttachmentManifest(ctx, s.physicalRef, manifestDigest) if err != nil { - return nil, err + return err } if ociManifest == nil { - return nil, nil + return nil } logrus.Debugf("Found a sigstore attachment manifest with %d layers", len(ociManifest.Layers)) - res := []signature.Signature{} for layerIndex, layer := range ociManifest.Layers { // Note that this copies all kinds of attachments: attestations, and whatever else is there, // not just signatures. We leave the signature consumers to decide based on the MIME type. @@ -648,11 +645,11 @@ func (s *dockerImageSource) getSignaturesFromSigstoreAttachments(ctx context.Con payload, err := s.c.getOCIDescriptorContents(ctx, s.physicalRef, layer, iolimits.MaxSignatureBodySize, none.NoCache) if err != nil { - return nil, err + return err } - res = append(res, signature.SigstoreFromComponents(layer.MediaType, payload, layer.Annotations)) + *dest = append(*dest, signature.SigstoreFromComponents(layer.MediaType, payload, layer.Annotations)) } - return res, nil + return nil } // deleteImage deletes the named image from the registry, if supported. @@ -830,7 +827,7 @@ func makeBufferedNetworkReader(stream io.ReadCloser, nBuffers, bufferSize uint) handleBufferedNetworkReader(&br) }() - for i := uint(0); i < nBuffers; i++ { + for range nBuffers { b := bufferedNetworkReaderBuffer{ data: make([]byte, bufferSize), } diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/errors.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/errors.go index 4392f9d182..e749b50148 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/errors.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/docker/errors.go @@ -12,6 +12,7 @@ import ( var ( // ErrV1NotSupported is returned when we're trying to talk to a // docker V1 registry. + // Deprecated: The V1 container registry detection is no longer performed, so this error is never returned. ErrV1NotSupported = errors.New("can't talk to a V1 container registry") // ErrTooManyRequests is returned when the status code returned is 429 ErrTooManyRequests = errors.New("too many requests to registry") diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go index 47c169a1f8..70b207d9b5 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go @@ -99,3 +99,16 @@ func (c *Compat) PutSignatures(ctx context.Context, signatures [][]byte, instanc } return c.dest.PutSignaturesWithFormat(ctx, withFormat, instanceDigest) } + +// Commit marks the process of storing the image as successful and asks for the image to be persisted. +// unparsedToplevel contains data about the top-level manifest of the source (which may be a single-arch image or a manifest list +// if PutManifest was only called for the single-arch image with instanceDigest == nil), primarily to allow lookups by the +// original manifest list digest, if desired. +// WARNING: This does not have any transactional semantics: +// - Uploaded data MAY be visible to others before Commit() is called +// - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed) +func (c *Compat) Commit(ctx context.Context, unparsedToplevel types.UnparsedImage) error { + return c.dest.CommitWithOptions(ctx, private.CommitOptions{ + UnparsedToplevel: unparsedToplevel, + }) +} diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/put_blob_partial.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/put_blob_partial.go index bbb53c198f..22bed4b0fa 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/put_blob_partial.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/imagedestination/stubs/put_blob_partial.go @@ -36,8 +36,9 @@ func (stub NoPutBlobPartialInitialize) SupportsPutBlobPartial() bool { // PutBlobPartial attempts to create a blob using the data that is already present // at the destination. chunkAccessor is accessed in a non-sequential way to retrieve the missing chunks. // It is available only if SupportsPutBlobPartial(). -// Even if SupportsPutBlobPartial() returns true, the call can fail, in which case the caller -// should fall back to PutBlobWithOptions. +// Even if SupportsPutBlobPartial() returns true, the call can fail. +// If the call fails with ErrFallbackToOrdinaryLayerDownload, the caller can fall back to PutBlobWithOptions. +// The fallback _must not_ be done otherwise. func (stub NoPutBlobPartialInitialize) PutBlobPartial(ctx context.Context, chunkAccessor private.BlobChunkAccessor, srcInfo types.BlobInfo, options private.PutBlobPartialOptions) (private.UploadedBlob, error) { return private.UploadedBlob{}, fmt.Errorf("internal error: PutBlobPartial is not supported by the %q transport", stub.transportName) } diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/docker_schema2_list.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/docker_schema2_list.go index f847fa9cc8..07922ceceb 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/docker_schema2_list.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/docker_schema2_list.go @@ -152,10 +152,7 @@ func (list *Schema2ListPublic) ChooseInstanceByCompression(ctx *types.SystemCont // ChooseInstance parses blob as a schema2 manifest list, and returns the digest // of the image which is appropriate for the current environment. func (list *Schema2ListPublic) ChooseInstance(ctx *types.SystemContext) (digest.Digest, error) { - wantedPlatforms, err := platform.WantedPlatforms(ctx) - if err != nil { - return "", fmt.Errorf("getting platform information %#v: %w", ctx, err) - } + wantedPlatforms := platform.WantedPlatforms(ctx) for _, wantedPlatform := range wantedPlatforms { for _, d := range list.Manifests { imagePlatform := ociPlatformFromSchema2PlatformSpec(d.Platform) diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/oci_index.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/oci_index.go index fe78efaebe..6a0f88d3a6 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/oci_index.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/manifest/oci_index.go @@ -236,10 +236,7 @@ func (index *OCI1IndexPublic) chooseInstance(ctx *types.SystemContext, preferGzi if preferGzip == types.OptionalBoolTrue { didPreferGzip = true } - wantedPlatforms, err := platform.WantedPlatforms(ctx) - if err != nil { - return "", fmt.Errorf("getting platform information %#v: %w", ctx, err) - } + wantedPlatforms := platform.WantedPlatforms(ctx) var bestMatch *instanceCandidate bestMatch = nil for manifestIndex, d := range index.Manifests { diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go index afdce1d3d9..3a16dad637 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go @@ -153,7 +153,7 @@ var compatibility = map[string][]string{ // WantedPlatforms returns all compatible platforms with the platform specifics possibly overridden by user, // the most compatible platform is first. // If some option (arch, os, variant) is not present, a value from current platform is detected. -func WantedPlatforms(ctx *types.SystemContext) ([]imgspecv1.Platform, error) { +func WantedPlatforms(ctx *types.SystemContext) []imgspecv1.Platform { // Note that this does not use Platform.OSFeatures and Platform.OSVersion at all. // The fields are not specified by the OCI specification, as of version 1.1, usefully enough // to be interoperable, anyway. @@ -211,7 +211,7 @@ func WantedPlatforms(ctx *types.SystemContext) ([]imgspecv1.Platform, error) { Variant: v, }) } - return res, nil + return res } // MatchesPlatform returns true if a platform descriptor from a multi-arch image matches diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/private/private.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/private/private.go index d81ea6703e..4247a8db77 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/private/private.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/internal/private/private.go @@ -53,8 +53,9 @@ type ImageDestinationInternalOnly interface { // PutBlobPartial attempts to create a blob using the data that is already present // at the destination. chunkAccessor is accessed in a non-sequential way to retrieve the missing chunks. // It is available only if SupportsPutBlobPartial(). - // Even if SupportsPutBlobPartial() returns true, the call can fail, in which case the caller - // should fall back to PutBlobWithOptions. + // Even if SupportsPutBlobPartial() returns true, the call can fail. + // If the call fails with ErrFallbackToOrdinaryLayerDownload, the caller can fall back to PutBlobWithOptions. + // The fallback _must not_ be done otherwise. PutBlobPartial(ctx context.Context, chunkAccessor BlobChunkAccessor, srcInfo types.BlobInfo, options PutBlobPartialOptions) (UploadedBlob, error) // TryReusingBlobWithOptions checks whether the transport already contains, or can efficiently reuse, a blob, and if so, applies it to the current destination @@ -69,6 +70,12 @@ type ImageDestinationInternalOnly interface { // (when the primary manifest is a manifest list); this should always be nil if the primary manifest is not a manifest list. // MUST be called after PutManifest (signatures may reference manifest contents). PutSignaturesWithFormat(ctx context.Context, signatures []signature.Signature, instanceDigest *digest.Digest) error + + // CommitWithOptions marks the process of storing the image as successful and asks for the image to be persisted. + // WARNING: This does not have any transactional semantics: + // - Uploaded data MAY be visible to others before CommitWithOptions() is called + // - Uploaded data MAY be removed or MAY remain around if Close() is called without CommitWithOptions() (i.e. rollback is allowed but not guaranteed) + CommitWithOptions(ctx context.Context, options CommitOptions) error } // ImageDestination is an internal extension to the types.ImageDestination @@ -145,6 +152,19 @@ type ReusedBlob struct { MatchedByTOCDigest bool // Whether the layer was reused/matched by TOC digest. Used only for UI purposes. } +// CommitOptions are used in CommitWithOptions +type CommitOptions struct { + // UnparsedToplevel contains data about the top-level manifest of the source (which may be a single-arch image or a manifest list + // if PutManifest was only called for the single-arch image with instanceDigest == nil), primarily to allow lookups by the + // original manifest list digest, if desired. + UnparsedToplevel types.UnparsedImage + // ReportResolvedReference, if set, asks the transport to store a “resolved” (more detailed) reference to the created image + // into the value this option points to. + // What “resolved” means is transport-specific. + // Transports which don’t support reporting resolved references can ignore the field; the generic copy code writes "nil" into the value. + ReportResolvedReference *types.ImageReference +} + // ImageSourceChunk is a portion of a blob. // This API is experimental and can be changed without bumping the major version number. type ImageSourceChunk struct { @@ -183,3 +203,22 @@ type UnparsedImage interface { // UntrustedSignatures is like ImageSource.GetSignaturesWithFormat, but the result is cached; it is OK to call this however often you need. UntrustedSignatures(ctx context.Context) ([]signature.Signature, error) } + +// ErrFallbackToOrdinaryLayerDownload is a custom error type returned by PutBlobPartial. +// It suggests to the caller that a fallback mechanism can be used instead of a hard failure; +// otherwise the caller of PutBlobPartial _must not_ fall back to PutBlob. +type ErrFallbackToOrdinaryLayerDownload struct { + err error +} + +func (c ErrFallbackToOrdinaryLayerDownload) Error() string { + return c.err.Error() +} + +func (c ErrFallbackToOrdinaryLayerDownload) Unwrap() error { + return c.err +} + +func NewErrFallbackToOrdinaryLayerDownload(err error) error { + return ErrFallbackToOrdinaryLayerDownload{err: err} +} diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/docker_schema1.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/docker_schema1.go index 222aa896ee..b74a1e240d 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/docker_schema1.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/docker_schema1.go @@ -318,20 +318,20 @@ func (m *Schema1) ToSchema2Config(diffIDs []digest.Digest) ([]byte, error) { // Add the history and rootfs information. rootfs, err := json.Marshal(rootFS) if err != nil { - return nil, fmt.Errorf("error encoding rootfs information %#v: %v", rootFS, err) + return nil, fmt.Errorf("error encoding rootfs information %#v: %w", rootFS, err) } rawRootfs := json.RawMessage(rootfs) raw["rootfs"] = &rawRootfs history, err := json.Marshal(convertedHistory) if err != nil { - return nil, fmt.Errorf("error encoding history information %#v: %v", convertedHistory, err) + return nil, fmt.Errorf("error encoding history information %#v: %w", convertedHistory, err) } rawHistory := json.RawMessage(history) raw["history"] = &rawHistory // Encode the result. config, err = json.Marshal(raw) if err != nil { - return nil, fmt.Errorf("error re-encoding compat image config %#v: %v", s1, err) + return nil, fmt.Errorf("error re-encoding compat image config %#v: %w", s1, err) } return config, nil } diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/oci.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/oci.go index f714574ee9..0faa866b7f 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/oci.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/manifest/oci.go @@ -60,7 +60,7 @@ func OCI1FromManifest(manifestBlob []byte) (*OCI1, error) { if err := json.Unmarshal(manifestBlob, &oci1); err != nil { return nil, err } - if err := manifest.ValidateUnambiguousManifestFormat(manifestBlob, imgspecv1.MediaTypeImageIndex, + if err := manifest.ValidateUnambiguousManifestFormat(manifestBlob, imgspecv1.MediaTypeImageManifest, manifest.AllowedFieldConfig|manifest.AllowedFieldLayers); err != nil { return nil, err } diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/pkg/compression/internal/types.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/pkg/compression/internal/types.go index d6f85274dd..e715705b43 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/pkg/compression/internal/types.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/pkg/compression/internal/types.go @@ -3,6 +3,15 @@ package internal import "io" // CompressorFunc writes the compressed stream to the given writer using the specified compression level. +// +// Compressing a stream may create integrity data that allows consuming the compressed byte stream +// while only using subsets of the compressed data (if the compressed data is seekable and most +// of the uncompressed data is already present via other means), while still protecting integrity +// of the compressed stream against unwanted modification. (In OCI container images, this metadata +// is usually carried in manifest annotations.) +// +// If the compression generates such metadata, it is written to the provided metadata map. +// // The caller must call Close() on the stream (even if the input stream does not need closing!). type CompressorFunc func(io.Writer, map[string]string, *int) (io.WriteCloser, error) diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/types/types.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/types/types.go index 7d6097346a..9a7a0da2bb 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/types/types.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/types/types.go @@ -643,6 +643,7 @@ type SystemContext struct { // if true, a V1 ping attempt isn't done to give users a better error. Default is false. // Note that this field is used mainly to integrate containers/image into projectatomic/docker // in order to not break any existing docker's integration tests. + // Deprecated: The V1 container registry detection is no longer performed, so setting this flag has no effect. DockerDisableV1Ping bool // If true, dockerImageDestination.SupportedManifestMIMETypes will omit the Schema1 media types from the supported list DockerDisableDestSchema1MIMETypes bool diff --git a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/version/version.go b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/version/version.go index 64e4687259..3743721fc3 100644 --- a/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/version/version.go +++ b/src/code.cloudfoundry.org/vendor/github.com/containers/image/v5/version/version.go @@ -6,9 +6,9 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 5 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 32 + VersionMinor = 33 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 2 + VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go index db42e6676a..c709b72847 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (!arm64 && !s390x && !ppc64le) || !gc || purego +//go:build (!arm64 && !s390x && !ppc64 && !ppc64le) || !gc || purego package chacha20 diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.go similarity index 89% rename from src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go rename to src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.go index 3a4287f990..bd183d9ba1 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build gc && !purego +//go:build gc && !purego && (ppc64 || ppc64le) package chacha20 diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.s similarity index 76% rename from src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s rename to src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.s index c672ccf698..a660b4112f 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.s @@ -19,7 +19,7 @@ // The differences in this and the original implementation are // due to the calling conventions and initialization of constants. -//go:build gc && !purego +//go:build gc && !purego && (ppc64 || ppc64le) #include "textflag.h" @@ -36,32 +36,68 @@ // for VPERMXOR #define MASK R18 -DATA consts<>+0x00(SB)/8, $0x3320646e61707865 -DATA consts<>+0x08(SB)/8, $0x6b20657479622d32 -DATA consts<>+0x10(SB)/8, $0x0000000000000001 -DATA consts<>+0x18(SB)/8, $0x0000000000000000 -DATA consts<>+0x20(SB)/8, $0x0000000000000004 -DATA consts<>+0x28(SB)/8, $0x0000000000000000 -DATA consts<>+0x30(SB)/8, $0x0a0b08090e0f0c0d -DATA consts<>+0x38(SB)/8, $0x0203000106070405 -DATA consts<>+0x40(SB)/8, $0x090a0b080d0e0f0c -DATA consts<>+0x48(SB)/8, $0x0102030005060704 -DATA consts<>+0x50(SB)/8, $0x6170786561707865 -DATA consts<>+0x58(SB)/8, $0x6170786561707865 -DATA consts<>+0x60(SB)/8, $0x3320646e3320646e -DATA consts<>+0x68(SB)/8, $0x3320646e3320646e -DATA consts<>+0x70(SB)/8, $0x79622d3279622d32 -DATA consts<>+0x78(SB)/8, $0x79622d3279622d32 -DATA consts<>+0x80(SB)/8, $0x6b2065746b206574 -DATA consts<>+0x88(SB)/8, $0x6b2065746b206574 -DATA consts<>+0x90(SB)/8, $0x0000000100000000 -DATA consts<>+0x98(SB)/8, $0x0000000300000002 -DATA consts<>+0xa0(SB)/8, $0x5566774411223300 -DATA consts<>+0xa8(SB)/8, $0xddeeffcc99aabb88 -DATA consts<>+0xb0(SB)/8, $0x6677445522330011 -DATA consts<>+0xb8(SB)/8, $0xeeffccddaabb8899 +DATA consts<>+0x00(SB)/4, $0x61707865 +DATA consts<>+0x04(SB)/4, $0x3320646e +DATA consts<>+0x08(SB)/4, $0x79622d32 +DATA consts<>+0x0c(SB)/4, $0x6b206574 +DATA consts<>+0x10(SB)/4, $0x00000001 +DATA consts<>+0x14(SB)/4, $0x00000000 +DATA consts<>+0x18(SB)/4, $0x00000000 +DATA consts<>+0x1c(SB)/4, $0x00000000 +DATA consts<>+0x20(SB)/4, $0x00000004 +DATA consts<>+0x24(SB)/4, $0x00000000 +DATA consts<>+0x28(SB)/4, $0x00000000 +DATA consts<>+0x2c(SB)/4, $0x00000000 +DATA consts<>+0x30(SB)/4, $0x0e0f0c0d +DATA consts<>+0x34(SB)/4, $0x0a0b0809 +DATA consts<>+0x38(SB)/4, $0x06070405 +DATA consts<>+0x3c(SB)/4, $0x02030001 +DATA consts<>+0x40(SB)/4, $0x0d0e0f0c +DATA consts<>+0x44(SB)/4, $0x090a0b08 +DATA consts<>+0x48(SB)/4, $0x05060704 +DATA consts<>+0x4c(SB)/4, $0x01020300 +DATA consts<>+0x50(SB)/4, $0x61707865 +DATA consts<>+0x54(SB)/4, $0x61707865 +DATA consts<>+0x58(SB)/4, $0x61707865 +DATA consts<>+0x5c(SB)/4, $0x61707865 +DATA consts<>+0x60(SB)/4, $0x3320646e +DATA consts<>+0x64(SB)/4, $0x3320646e +DATA consts<>+0x68(SB)/4, $0x3320646e +DATA consts<>+0x6c(SB)/4, $0x3320646e +DATA consts<>+0x70(SB)/4, $0x79622d32 +DATA consts<>+0x74(SB)/4, $0x79622d32 +DATA consts<>+0x78(SB)/4, $0x79622d32 +DATA consts<>+0x7c(SB)/4, $0x79622d32 +DATA consts<>+0x80(SB)/4, $0x6b206574 +DATA consts<>+0x84(SB)/4, $0x6b206574 +DATA consts<>+0x88(SB)/4, $0x6b206574 +DATA consts<>+0x8c(SB)/4, $0x6b206574 +DATA consts<>+0x90(SB)/4, $0x00000000 +DATA consts<>+0x94(SB)/4, $0x00000001 +DATA consts<>+0x98(SB)/4, $0x00000002 +DATA consts<>+0x9c(SB)/4, $0x00000003 +DATA consts<>+0xa0(SB)/4, $0x11223300 +DATA consts<>+0xa4(SB)/4, $0x55667744 +DATA consts<>+0xa8(SB)/4, $0x99aabb88 +DATA consts<>+0xac(SB)/4, $0xddeeffcc +DATA consts<>+0xb0(SB)/4, $0x22330011 +DATA consts<>+0xb4(SB)/4, $0x66774455 +DATA consts<>+0xb8(SB)/4, $0xaabb8899 +DATA consts<>+0xbc(SB)/4, $0xeeffccdd GLOBL consts<>(SB), RODATA, $0xc0 +#ifdef GOARCH_ppc64 +#define BE_XXBRW_INIT() \ + LVSL (R0)(R0), V24 \ + VSPLTISB $3, V25 \ + VXOR V24, V25, V24 \ + +#define BE_XXBRW(vr) VPERM vr, vr, V24, vr +#else +#define BE_XXBRW_INIT() +#define BE_XXBRW(vr) +#endif + //func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32) TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40 MOVD out+0(FP), OUT @@ -94,6 +130,8 @@ TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40 // Clear V27 VXOR V27, V27, V27 + BE_XXBRW_INIT() + // V28 LXVW4X (CONSTBASE)(R11), VS60 @@ -299,6 +337,11 @@ loop_vsx: VADDUWM V8, V18, V8 VADDUWM V12, V19, V12 + BE_XXBRW(V0) + BE_XXBRW(V4) + BE_XXBRW(V8) + BE_XXBRW(V12) + CMPU LEN, $64 BLT tail_vsx @@ -327,6 +370,11 @@ loop_vsx: VADDUWM V9, V18, V8 VADDUWM V13, V19, V12 + BE_XXBRW(V0) + BE_XXBRW(V4) + BE_XXBRW(V8) + BE_XXBRW(V12) + CMPU LEN, $64 BLT tail_vsx @@ -334,8 +382,8 @@ loop_vsx: LXVW4X (INP)(R8), VS60 LXVW4X (INP)(R9), VS61 LXVW4X (INP)(R10), VS62 - VXOR V27, V0, V27 + VXOR V27, V0, V27 VXOR V28, V4, V28 VXOR V29, V8, V29 VXOR V30, V12, V30 @@ -354,6 +402,11 @@ loop_vsx: VADDUWM V10, V18, V8 VADDUWM V14, V19, V12 + BE_XXBRW(V0) + BE_XXBRW(V4) + BE_XXBRW(V8) + BE_XXBRW(V12) + CMPU LEN, $64 BLT tail_vsx @@ -381,6 +434,11 @@ loop_vsx: VADDUWM V11, V18, V8 VADDUWM V15, V19, V12 + BE_XXBRW(V0) + BE_XXBRW(V4) + BE_XXBRW(V8) + BE_XXBRW(V12) + CMPU LEN, $64 BLT tail_vsx @@ -408,9 +466,9 @@ loop_vsx: done_vsx: // Increment counter by number of 64 byte blocks - MOVD (CNT), R14 + MOVWZ (CNT), R14 ADD BLOCKS, R14 - MOVD R14, (CNT) + MOVWZ R14, (CNT) RET tail_vsx: diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go index 333da285b3..bd896bdc76 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (!amd64 && !ppc64le && !s390x) || !gc || purego +//go:build (!amd64 && !ppc64le && !ppc64 && !s390x) || !gc || purego package poly1305 diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go similarity index 95% rename from src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go rename to src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go index 4aec4874b5..1a1679aaad 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build gc && !purego +//go:build gc && !purego && (ppc64 || ppc64le) package poly1305 diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.s similarity index 89% rename from src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s rename to src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.s index b3c1699bff..6899a1dabc 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.s @@ -2,15 +2,25 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build gc && !purego +//go:build gc && !purego && (ppc64 || ppc64le) #include "textflag.h" // This was ported from the amd64 implementation. +#ifdef GOARCH_ppc64le +#define LE_MOVD MOVD +#define LE_MOVWZ MOVWZ +#define LE_MOVHZ MOVHZ +#else +#define LE_MOVD MOVDBR +#define LE_MOVWZ MOVWBR +#define LE_MOVHZ MOVHBR +#endif + #define POLY1305_ADD(msg, h0, h1, h2, t0, t1, t2) \ - MOVD (msg), t0; \ - MOVD 8(msg), t1; \ + LE_MOVD (msg)( R0), t0; \ + LE_MOVD (msg)(R24), t1; \ MOVD $1, t2; \ ADDC t0, h0, h0; \ ADDE t1, h1, h1; \ @@ -50,10 +60,6 @@ ADDE t3, h1, h1; \ ADDZE h2 -DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF -DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC -GLOBL ·poly1305Mask<>(SB), RODATA, $16 - // func update(state *[7]uint64, msg []byte) TEXT ·update(SB), $0-32 MOVD state+0(FP), R3 @@ -66,6 +72,8 @@ TEXT ·update(SB), $0-32 MOVD 24(R3), R11 // r0 MOVD 32(R3), R12 // r1 + MOVD $8, R24 + CMP R5, $16 BLT bytes_between_0_and_15 @@ -94,7 +102,7 @@ flush_buffer: // Greater than 8 -- load the rightmost remaining bytes in msg // and put into R17 (h1) - MOVD (R4)(R21), R17 + LE_MOVD (R4)(R21), R17 MOVD $16, R22 // Find the offset to those bytes @@ -118,7 +126,7 @@ just1: BLT less8 // Exactly 8 - MOVD (R4), R16 + LE_MOVD (R4), R16 CMP R17, $0 @@ -133,7 +141,7 @@ less8: MOVD $0, R22 // shift count CMP R5, $4 BLT less4 - MOVWZ (R4), R16 + LE_MOVWZ (R4), R16 ADD $4, R4 ADD $-4, R5 MOVD $32, R22 @@ -141,7 +149,7 @@ less8: less4: CMP R5, $2 BLT less2 - MOVHZ (R4), R21 + LE_MOVHZ (R4), R21 SLD R22, R21, R21 OR R16, R21, R16 ADD $16, R22 diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/ssh/client_auth.go b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/ssh/client_auth.go index b93961010d..b86dde151d 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/ssh/client_auth.go +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/crypto/ssh/client_auth.go @@ -555,6 +555,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe } gotMsgExtInfo := false + gotUserAuthInfoRequest := false for { packet, err := c.readPacket() if err != nil { @@ -585,6 +586,9 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe if msg.PartialSuccess { return authPartialSuccess, msg.Methods, nil } + if !gotUserAuthInfoRequest { + return authFailure, msg.Methods, unexpectedMessageError(msgUserAuthInfoRequest, packet[0]) + } return authFailure, msg.Methods, nil case msgUserAuthSuccess: return authSuccess, nil, nil @@ -596,6 +600,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe if err := Unmarshal(packet, &msg); err != nil { return authFailure, nil, err } + gotUserAuthInfoRequest = true // Manually unpack the prompt/echo pairs. rest := msg.Prompts diff --git a/src/code.cloudfoundry.org/vendor/golang.org/x/term/README.md b/src/code.cloudfoundry.org/vendor/golang.org/x/term/README.md index d03d0aefef..05ff623f94 100644 --- a/src/code.cloudfoundry.org/vendor/golang.org/x/term/README.md +++ b/src/code.cloudfoundry.org/vendor/golang.org/x/term/README.md @@ -4,16 +4,13 @@ This repository provides Go terminal and console support packages. -## Download/Install - -The easiest way to install is to run `go get -u golang.org/x/term`. You can -also manually git clone the repository to `$GOPATH/src/golang.org/x/term`. - ## Report Issues / Send Patches This repository uses Gerrit for code changes. To learn how to submit changes to -this repository, see https://golang.org/doc/contribute.html. +this repository, see https://go.dev/doc/contribute. + +The git repository is https://go.googlesource.com/term. The main issue tracker for the term repository is located at -https://github.com/golang/go/issues. Prefix your issue with "x/term:" in the +https://go.dev/issues. Prefix your issue with "x/term:" in the subject line, so it is easy to find. diff --git a/src/code.cloudfoundry.org/vendor/modules.txt b/src/code.cloudfoundry.org/vendor/modules.txt index 8f952da769..3cf437a096 100644 --- a/src/code.cloudfoundry.org/vendor/modules.txt +++ b/src/code.cloudfoundry.org/vendor/modules.txt @@ -362,7 +362,7 @@ github.com/buildpacks/imgutil/layout github.com/buildpacks/imgutil/layout/sparse github.com/buildpacks/imgutil/local github.com/buildpacks/imgutil/remote -# github.com/buildpacks/lifecycle v0.20.3 => github.com/buildpacks/lifecycle v0.19.7 +# github.com/buildpacks/lifecycle v0.20.3 ## explicit; go 1.22 github.com/buildpacks/lifecycle/api github.com/buildpacks/lifecycle/archive @@ -462,8 +462,8 @@ github.com/containerd/stargz-snapshotter/estargz/errorutil # github.com/containerd/typeurl/v2 v2.2.3 ## explicit; go 1.21 github.com/containerd/typeurl/v2 -# github.com/containers/image/v5 v5.32.2 -## explicit; go 1.21.0 +# github.com/containers/image/v5 v5.33.0 +## explicit; go 1.22.6 github.com/containers/image/v5/docker github.com/containers/image/v5/docker/policyconfiguration github.com/containers/image/v5/docker/reference @@ -1069,7 +1069,7 @@ go.step.sm/crypto/x25519 go.uber.org/automaxprocs/internal/cgroups go.uber.org/automaxprocs/internal/runtime go.uber.org/automaxprocs/maxprocs -# golang.org/x/crypto v0.28.0 +# golang.org/x/crypto v0.29.0 ## explicit; go 1.20 golang.org/x/crypto/bcrypt golang.org/x/crypto/blake2b @@ -1128,10 +1128,10 @@ golang.org/x/sys/windows/registry golang.org/x/sys/windows/svc golang.org/x/sys/windows/svc/eventlog golang.org/x/sys/windows/svc/mgr -# golang.org/x/term v0.25.0 +# golang.org/x/term v0.26.0 ## explicit; go 1.18 golang.org/x/term -# golang.org/x/text v0.19.0 +# golang.org/x/text v0.20.0 ## explicit; go 1.18 golang.org/x/text/cases golang.org/x/text/encoding @@ -1278,6 +1278,5 @@ gopkg.in/yaml.v3 # code.cloudfoundry.org/grootfs => ../grootfs # code.cloudfoundry.org/guardian => ../guardian # code.cloudfoundry.org/idmapper => ../idmapper -# github.com/buildpacks/lifecycle => github.com/buildpacks/lifecycle v0.19.7 # github.com/envoyproxy/go-control-plane => github.com/envoyproxy/go-control-plane v0.12.0 # github.com/moby/buildkit => github.com/moby/buildkit v0.13.2