diff --git a/go.mod b/go.mod index 960d2e6a7b9..3ad567bc0be 100644 --- a/go.mod +++ b/go.mod @@ -64,9 +64,9 @@ require ( github.com/vbauerster/mpb/v8 v8.12.0 github.com/vishvananda/netlink v1.3.1 go.podman.io/buildah v1.42.1-0.20260501153811-377cf64e213b - go.podman.io/common v0.67.2-0.20260504145149-b5d50461d3b9 - go.podman.io/image/v5 v5.39.3-0.20260504145149-b5d50461d3b9 - go.podman.io/storage v1.62.1-0.20260504145149-b5d50461d3b9 + go.podman.io/common v0.67.2-0.20260506114327-35c76125c5b5 + go.podman.io/image/v5 v5.39.3-0.20260506114327-35c76125c5b5 + go.podman.io/storage v1.62.1-0.20260506114327-35c76125c5b5 golang.org/x/crypto v0.50.0 golang.org/x/net v0.53.0 golang.org/x/sync v0.20.0 diff --git a/go.sum b/go.sum index 4b4c952fd1d..b82124f5ec6 100644 --- a/go.sum +++ b/go.sum @@ -431,12 +431,12 @@ go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.podman.io/buildah v1.42.1-0.20260501153811-377cf64e213b h1:i8ntFzITajbJA3ojnA0ZdpbC+I+ccweZvZaGIhQb4i8= go.podman.io/buildah v1.42.1-0.20260501153811-377cf64e213b/go.mod h1:hPvgsjBU09C+15fKoIZJvKvNaxR+c0QvMg/n4NgBS7A= -go.podman.io/common v0.67.2-0.20260504145149-b5d50461d3b9 h1:rhSZjo2liJOlaa3SzPLvDTD93MDi4bl6E3RKTME9Hrc= -go.podman.io/common v0.67.2-0.20260504145149-b5d50461d3b9/go.mod h1:TYI+ocF4gfL8QCBo5GqOSUAOA3QnVgkjjg/nQZRG3o0= -go.podman.io/image/v5 v5.39.3-0.20260504145149-b5d50461d3b9 h1:xAeC/aqHQ01RWHq60B1FETR65XW2kfIaOBEmYNJFunc= -go.podman.io/image/v5 v5.39.3-0.20260504145149-b5d50461d3b9/go.mod h1:D+09OPzsrFuzeKqsJEaaxtItkSd12+eZyOdFyuJF8TY= -go.podman.io/storage v1.62.1-0.20260504145149-b5d50461d3b9 h1:1rviLyzh9boijwxX4UK6U6XUmE1Qyl21XPUSHNKTh0s= -go.podman.io/storage v1.62.1-0.20260504145149-b5d50461d3b9/go.mod h1:eZIqDigffFi9NlPezLvUVw/nsUIruaui436E5E4GmXs= +go.podman.io/common v0.67.2-0.20260506114327-35c76125c5b5 h1:rjsl4OiSteuD58lb76F9f0e3VOapd7cKdpL6sc+77PI= +go.podman.io/common v0.67.2-0.20260506114327-35c76125c5b5/go.mod h1:TYI+ocF4gfL8QCBo5GqOSUAOA3QnVgkjjg/nQZRG3o0= +go.podman.io/image/v5 v5.39.3-0.20260506114327-35c76125c5b5 h1:xkEpeE5/HO2MryNXLk443DJhXayWGJC7mku9CjRqHrg= +go.podman.io/image/v5 v5.39.3-0.20260506114327-35c76125c5b5/go.mod h1:D+09OPzsrFuzeKqsJEaaxtItkSd12+eZyOdFyuJF8TY= +go.podman.io/storage v1.62.1-0.20260506114327-35c76125c5b5 h1:yPIjkKjl5VTjz66zg8pStN2ysvd2OFMIzCvsO3CJYn0= +go.podman.io/storage v1.62.1-0.20260506114327-35c76125c5b5/go.mod h1:eZIqDigffFi9NlPezLvUVw/nsUIruaui436E5E4GmXs= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= diff --git a/vendor/go.podman.io/common/pkg/machine/machine.go b/vendor/go.podman.io/common/pkg/machine/machine.go index 57797a445f2..566fefc0ac6 100644 --- a/vendor/go.podman.io/common/pkg/machine/machine.go +++ b/vendor/go.podman.io/common/pkg/machine/machine.go @@ -1,6 +1,8 @@ package machine import ( + "errors" + "io/fs" "os" "strings" "sync" @@ -12,45 +14,55 @@ type Marker struct { } const ( - markerFile = "/etc/containers/podman-machine" - Wsl = "wsl" - Qemu = "qemu" - AppleHV = "applehv" - HyperV = "hyperv" + // New marker file as of podman 6.0 since /etc/containers get overmounted. + markerFile = "/etc/podman-machine" + // Marker file prior to podman 6.0. + markerFileOld = "/etc/containers/podman-machine" + Wsl = "wsl" + Qemu = "qemu" + AppleHV = "applehv" + HyperV = "hyperv" ) -var ( - markerSync sync.Once - marker *Marker -) - -func loadMachineMarker(file string) { - var kind string - enabled := false +var readMarkerOnce = sync.OnceValue(func() *Marker { + return loadMachineMarker(markerFile, markerFileOld) +}) +func loadMachineMarker(file, fallbackFile string) *Marker { if content, err := os.ReadFile(file); err == nil { - enabled = true - kind = strings.TrimSpace(string(content)) + return &Marker{Enabled: true, Type: strings.TrimSpace(string(content))} + } else if errors.Is(err, fs.ErrNotExist) { + if content, err := os.ReadFile(fallbackFile); err == nil { + return &Marker{Enabled: true, Type: strings.TrimSpace(string(content))} + } } + return &Marker{} +} - marker = &Marker{enabled, kind} +func (m *Marker) IsPodmanMachine() bool { + return m.Enabled } func IsPodmanMachine() bool { - return GetMachineMarker().Enabled + return GetMachineMarker().IsPodmanMachine() +} + +func (m *Marker) HostType() string { + return m.Type } func HostType() string { - return GetMachineMarker().Type + return GetMachineMarker().HostType() +} + +func (m *Marker) IsGvProxyBased() bool { + return m.IsPodmanMachine() && m.HostType() != Wsl } func IsGvProxyBased() bool { - return IsPodmanMachine() && HostType() != Wsl + return GetMachineMarker().IsGvProxyBased() } func GetMachineMarker() *Marker { - markerSync.Do(func() { - loadMachineMarker(markerFile) - }) - return marker + return readMarkerOnce() } diff --git a/vendor/go.podman.io/common/pkg/timezone/timezone.go b/vendor/go.podman.io/common/pkg/timezone/timezone.go index 40333841e29..10a972355f0 100644 --- a/vendor/go.podman.io/common/pkg/timezone/timezone.go +++ b/vendor/go.podman.io/common/pkg/timezone/timezone.go @@ -106,5 +106,5 @@ func copyTimezoneFile(containerRunDir, zonePath string) (string, error) { } func openDirectory(path string) (fd int, err error) { - return unix.Open(path, unix.O_RDONLY|O_PATH|unix.O_CLOEXEC, 0) + return unix.Open(path, O_PATH|unix.O_CLOEXEC, 0) } diff --git a/vendor/go.podman.io/storage/drivers/overlay/composefs.go b/vendor/go.podman.io/storage/drivers/overlay/composefs.go index 713aeed3cb7..17e10af69c7 100644 --- a/vendor/go.podman.io/storage/drivers/overlay/composefs.go +++ b/vendor/go.podman.io/storage/drivers/overlay/composefs.go @@ -68,6 +68,7 @@ func generateComposeFsBlob(verityDigests map[string]string, toc any, composefsDi outFile.Close() return fmt.Errorf("failed to reopen %s as read-only: %w", destFile, err) } + defer roFile.Close() err = func() error { // a scope to close outFile before setting fsverity on the read-only fd. diff --git a/vendor/go.podman.io/storage/drivers/overlay/overlay.go b/vendor/go.podman.io/storage/drivers/overlay/overlay.go index b12366852ae..b50319707b0 100644 --- a/vendor/go.podman.io/storage/drivers/overlay/overlay.go +++ b/vendor/go.podman.io/storage/drivers/overlay/overlay.go @@ -2057,17 +2057,27 @@ func (g *overlayFileGetter) Get(path string) (io.ReadCloser, error) { buf := make([]byte, unix.PathMax) for _, d := range g.diffDirs { if f, found := g.composefsMounts[d]; found { - // there is no *at equivalent for getxattr, but it can be emulated by opening the file under /proc/self/fd/$FD/$PATH - len, err := unix.Getxattr(fmt.Sprintf("/proc/self/fd/%d/%s", int(f.Fd()), path), "trusted.overlay.redirect", buf) + cfd, err := unix.Openat2(int(f.Fd()), path, &unix.OpenHow{ + Flags: unix.O_RDONLY | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_BENEATH, + }) + if err != nil { + if errors.Is(err, unix.ENOENT) { + continue + } + return nil, &fs.PathError{Op: "openat2", Path: path, Err: err} + } + n, err := unix.Fgetxattr(cfd, "trusted.overlay.redirect", buf) + unix.Close(cfd) if err != nil { if errors.Is(err, unix.ENODATA) { continue } - return nil, &fs.PathError{Op: "getxattr", Path: path, Err: err} + return nil, &fs.PathError{Op: "fgetxattr", Path: path, Err: err} } // the xattr value is the path to the file in the composefs layer diff directory - return os.Open(filepath.Join(d, string(buf[:len]))) + return os.Open(filepath.Join(d, string(buf[:n]))) } f, err := os.Open(filepath.Join(d, path)) diff --git a/vendor/go.podman.io/storage/pkg/chunked/filesystem_linux.go b/vendor/go.podman.io/storage/pkg/chunked/filesystem_linux.go index ceba7d0f3d9..152ffee392a 100644 --- a/vendor/go.podman.io/storage/pkg/chunked/filesystem_linux.go +++ b/vendor/go.podman.io/storage/pkg/chunked/filesystem_linux.go @@ -510,7 +510,7 @@ func safeMkdir(dirfd int, mode os.FileMode, name string, metadata *fileMetadata, } func safeLink(dirfd int, mode os.FileMode, metadata *fileMetadata, options *archive.TarOptions) error { - sourceFile, err := openFileUnderRoot(dirfd, metadata.Linkname, unix.O_PATH|unix.O_RDONLY|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + sourceFile, err := openFileUnderRoot(dirfd, metadata.Linkname, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) if err != nil { return err } diff --git a/vendor/go.podman.io/storage/pkg/chunked/storage_linux.go b/vendor/go.podman.io/storage/pkg/chunked/storage_linux.go index e42359d845c..2cae9737759 100644 --- a/vendor/go.podman.io/storage/pkg/chunked/storage_linux.go +++ b/vendor/go.podman.io/storage/pkg/chunked/storage_linux.go @@ -1549,7 +1549,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff } } - dirfd, err := unix.Open(dest, unix.O_RDONLY|unix.O_PATH|unix.O_CLOEXEC, 0) + dirfd, err := unix.Open(dest, unix.O_PATH|unix.O_CLOEXEC, 0) if err != nil { return output, &fs.PathError{Op: "open", Path: dest, Err: err} } diff --git a/vendor/modules.txt b/vendor/modules.txt index 5db15a2e23c..3f5c946dff3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -735,7 +735,7 @@ go.podman.io/buildah/pkg/sshagent go.podman.io/buildah/pkg/util go.podman.io/buildah/pkg/volumes go.podman.io/buildah/util -# go.podman.io/common v0.67.2-0.20260504145149-b5d50461d3b9 +# go.podman.io/common v0.67.2-0.20260506114327-35c76125c5b5 ## explicit; go 1.25.6 go.podman.io/common/internal go.podman.io/common/libimage @@ -801,7 +801,7 @@ go.podman.io/common/pkg/umask go.podman.io/common/pkg/util go.podman.io/common/pkg/version go.podman.io/common/version -# go.podman.io/image/v5 v5.39.3-0.20260504145149-b5d50461d3b9 +# go.podman.io/image/v5 v5.39.3-0.20260506114327-35c76125c5b5 ## explicit; go 1.25.6 go.podman.io/image/v5/copy go.podman.io/image/v5/directory @@ -878,7 +878,7 @@ go.podman.io/image/v5/transports go.podman.io/image/v5/transports/alltransports go.podman.io/image/v5/types go.podman.io/image/v5/version -# go.podman.io/storage v1.62.1-0.20260504145149-b5d50461d3b9 +# go.podman.io/storage v1.62.1-0.20260506114327-35c76125c5b5 ## explicit; go 1.25.0 go.podman.io/storage go.podman.io/storage/drivers