From b1b5a3ed702d96d1e2abdd8a60c3b74f3d342b9c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:28:01 +0200 Subject: [PATCH 1/8] vendor: update containers/storage Signed-off-by: Giuseppe Scrivano --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 49167fee6a..5abd0ccb64 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/BurntSushi/toml v1.3.2 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 github.com/containers/ocicrypt v1.1.10 - github.com/containers/storage v1.53.0 + github.com/containers/storage v1.53.1-0.20240411065836-1fd0dc1d20e5 github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f github.com/distribution/reference v0.6.0 github.com/docker/cli v25.0.5+incompatible diff --git a/go.sum b/go.sum index 1010d48537..e8ab597985 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYgle github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.1.10 h1:r7UR6o8+lyhkEywetubUUgcKFjOWOaWz8cEBrCPX0ic= github.com/containers/ocicrypt v1.1.10/go.mod h1:YfzSSr06PTHQwSTUKqDSjish9BeW1E4HUmreluQcMd8= -github.com/containers/storage v1.53.0 h1:VSES3C/u1pxjTJIXvLrSmyP7OBtDky04oGu07UvdTEA= -github.com/containers/storage v1.53.0/go.mod h1:pujcoOSc+upx15Jirdkebhtd8uJiLwbSd/mYT6zDJK8= +github.com/containers/storage v1.53.1-0.20240411065836-1fd0dc1d20e5 h1:owLaLUu/RKf0x62tFm5ZQjU21oRUUIWTRMpZ0zkIt3E= +github.com/containers/storage v1.53.1-0.20240411065836-1fd0dc1d20e5/go.mod h1:P4tgJNR/o42wmg+9WZtoJtOJvmZKu2dwzFQggcH9aQw= github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= From 21beb2820d3c625eeb98fea2e0cc05306b3b1577 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:29:39 +0200 Subject: [PATCH 2/8] directory: use fileutils.(Le|E)xists Signed-off-by: Giuseppe Scrivano --- directory/directory_dest.go | 3 ++- directory/explicitfilepath/path.go | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/directory/directory_dest.go b/directory/directory_dest.go index 9d92192418..a0e35ed62f 100644 --- a/directory/directory_dest.go +++ b/directory/directory_dest.go @@ -15,6 +15,7 @@ import ( "github.com/containers/image/v5/internal/putblobdigest" "github.com/containers/image/v5/internal/signature" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" "github.com/opencontainers/go-digest" "github.com/sirupsen/logrus" ) @@ -249,7 +250,7 @@ func (d *dirImageDestination) Commit(context.Context, types.UnparsedImage) error // returns true if path exists func pathExists(path string) (bool, error) { - _, err := os.Stat(path) + err := fileutils.Exists(path) if err == nil { return true, nil } diff --git a/directory/explicitfilepath/path.go b/directory/explicitfilepath/path.go index 32ae1ae8a7..69c1e0727e 100644 --- a/directory/explicitfilepath/path.go +++ b/directory/explicitfilepath/path.go @@ -4,6 +4,8 @@ import ( "fmt" "os" "path/filepath" + + "github.com/containers/storage/pkg/fileutils" ) // ResolvePathToFullyExplicit returns the input path converted to an absolute, no-symlinks, cleaned up path. @@ -11,7 +13,7 @@ import ( // a non-existent name (but not a symlink pointing to a non-existent name) // This is intended as a helper for implementations of types.ImageReference.PolicyConfigurationIdentity etc. func ResolvePathToFullyExplicit(path string) (string, error) { - switch _, err := os.Lstat(path); { + switch err := fileutils.Lexists(path); { case err == nil: return resolveExistingPathToFullyExplicit(path) case os.IsNotExist(err): From 67a0466f82df2f18de958f4c5d222cbbe524e5f9 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:32:58 +0200 Subject: [PATCH 3/8] docker: use fileutils.(Le|E)xists Signed-off-by: Giuseppe Scrivano --- docker/docker_client.go | 3 ++- docker/registries_d.go | 3 ++- pkg/docker/config/config.go | 7 ++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docker/docker_client.go b/docker/docker_client.go index 79783316c0..932fb971ad 100644 --- a/docker/docker_client.go +++ b/docker/docker_client.go @@ -26,6 +26,7 @@ import ( "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/pkg/tlsclientconfig" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" "github.com/containers/storage/pkg/homedir" "github.com/docker/distribution/registry/api/errcode" v2 "github.com/docker/distribution/registry/api/v2" @@ -187,7 +188,7 @@ func dockerCertDir(sys *types.SystemContext, hostPort string) (string, error) { } fullCertDirPath = filepath.Join(hostCertDir, hostPort) - _, err := os.Stat(fullCertDirPath) + err := fileutils.Exists(fullCertDirPath) if err == nil { break } diff --git a/docker/registries_d.go b/docker/registries_d.go index c7b884ab3c..4a9f02252c 100644 --- a/docker/registries_d.go +++ b/docker/registries_d.go @@ -12,6 +12,7 @@ import ( "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/internal/rootless" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" "github.com/containers/storage/pkg/homedir" "github.com/opencontainers/go-digest" "github.com/sirupsen/logrus" @@ -93,7 +94,7 @@ func registriesDirPathWithHomeDir(sys *types.SystemContext, homeDir string) stri return sys.RegistriesDirPath } userRegistriesDirPath := filepath.Join(homeDir, userRegistriesDir) - if _, err := os.Stat(userRegistriesDirPath); err == nil { + if err := fileutils.Exists(userRegistriesDirPath); err == nil { return userRegistriesDirPath } if sys != nil && sys.RootForImplicitAbsolutePaths != "" { diff --git a/pkg/docker/config/config.go b/pkg/docker/config/config.go index e62286ae06..da2238a0b6 100644 --- a/pkg/docker/config/config.go +++ b/pkg/docker/config/config.go @@ -17,6 +17,7 @@ import ( "github.com/containers/image/v5/internal/set" "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" "github.com/containers/storage/pkg/homedir" "github.com/containers/storage/pkg/ioutils" helperclient "github.com/docker/docker-credential-helpers/client" @@ -576,9 +577,9 @@ func getPathToAuthWithOS(sys *types.SystemContext, goOS string) (authPath, bool, runtimeDir := os.Getenv("XDG_RUNTIME_DIR") if runtimeDir != "" { // This function does not in general need to separately check that the returned path exists; that’s racy, and callers will fail accessing the file anyway. - // We are checking for os.IsNotExist here only to give the user better guidance what to do in this special case. - _, err := os.Stat(runtimeDir) - if os.IsNotExist(err) { + // We are checking for fs.ErrNotExist here only to give the user better guidance what to do in this special case. + err := fileutils.Exists(runtimeDir) + if errors.Is(err, fs.ErrNotExist) { // This means the user set the XDG_RUNTIME_DIR variable and either forgot to create the directory // or made a typo while setting the environment variable, // so return an error referring to $XDG_RUNTIME_DIR instead of xdgRuntimeDirPath inside. From 75517e0588ba02e4667a712181a87034151bb13c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:37:57 +0200 Subject: [PATCH 4/8] oci: use fileutils.(Le|E)xists Signed-off-by: Giuseppe Scrivano --- oci/layout/oci_dest.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/oci/layout/oci_dest.go b/oci/layout/oci_dest.go index 305d8c9c71..e46c67b516 100644 --- a/oci/layout/oci_dest.go +++ b/oci/layout/oci_dest.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "io" + "io/fs" "os" "path/filepath" "runtime" @@ -16,6 +17,7 @@ import ( "github.com/containers/image/v5/internal/private" "github.com/containers/image/v5/internal/putblobdigest" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" digest "github.com/opencontainers/go-digest" imgspec "github.com/opencontainers/image-spec/specs-go" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" @@ -301,7 +303,7 @@ func (d *ociImageDestination) Commit(context.Context, types.UnparsedImage) error } func ensureDirectoryExists(path string) error { - if _, err := os.Stat(path); err != nil && os.IsNotExist(err) { + if err := fileutils.Exists(path); err != nil && errors.Is(err, fs.ErrNotExist) { if err := os.MkdirAll(path, 0755); err != nil { return err } @@ -317,7 +319,7 @@ func ensureParentDirectoryExists(path string) error { // indexExists checks whether the index location specified in the OCI reference exists. // The implementation is opinionated, since in case of unexpected errors false is returned func indexExists(ref ociReference) bool { - _, err := os.Stat(ref.indexPath()) + err := fileutils.Exists(ref.indexPath()) if err == nil { return true } From f50f01811b0bad3dae78dd8f52ae06bad147c7f5 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:39:54 +0200 Subject: [PATCH 5/8] ostree: use fileutils.(Le|E)xists Signed-off-by: Giuseppe Scrivano --- ostree/ostree_dest.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ostree/ostree_dest.go b/ostree/ostree_dest.go index 228af90ca0..5ad681b6ac 100644 --- a/ostree/ostree_dest.go +++ b/ostree/ostree_dest.go @@ -11,6 +11,7 @@ import ( "errors" "fmt" "io" + "io/fs" "os" "os/exec" "path/filepath" @@ -29,6 +30,7 @@ import ( "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/containers/storage/pkg/archive" + "github.com/containers/storage/pkg/fileutils" "github.com/klauspost/pgzip" "github.com/opencontainers/go-digest" selinux "github.com/opencontainers/selinux/go-selinux" @@ -504,7 +506,7 @@ func (d *ostreeImageDestination) Commit(context.Context, types.UnparsedImage) er } func ensureDirectoryExists(path string) error { - if _, err := os.Stat(path); err != nil && os.IsNotExist(err) { + if err := fileutils.Exists(path); err != nil && errors.Is(err, fs.ErrNotExist) { if err := os.MkdirAll(path, 0755); err != nil { return err } From 2268d6cab42ac00d292ff6ee27e63dec3b71556c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:45:56 +0200 Subject: [PATCH 6/8] sysregistriesv2: use fileutils.(Le|E)xists Signed-off-by: Giuseppe Scrivano --- pkg/sysregistriesv2/system_registries_v2.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/sysregistriesv2/system_registries_v2.go b/pkg/sysregistriesv2/system_registries_v2.go index f45fd9de11..45427a350f 100644 --- a/pkg/sysregistriesv2/system_registries_v2.go +++ b/pkg/sysregistriesv2/system_registries_v2.go @@ -13,6 +13,7 @@ import ( "github.com/BurntSushi/toml" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" "github.com/containers/storage/pkg/homedir" "github.com/containers/storage/pkg/regexp" "github.com/sirupsen/logrus" @@ -564,7 +565,7 @@ func newConfigWrapperWithHomeDir(ctx *types.SystemContext, homeDir string) confi // decide configPath using per-user path or system file if ctx != nil && ctx.SystemRegistriesConfPath != "" { wrapper.configPath = ctx.SystemRegistriesConfPath - } else if _, err := os.Stat(userRegistriesFilePath); err == nil { + } else if err := fileutils.Exists(userRegistriesFilePath); err == nil { // per-user registries.conf exists, not reading system dir // return config dirs from ctx or per-user one wrapper.configPath = userRegistriesFilePath From 546868c1f185097a765e8bd0603aeeac92d6fcb5 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:48:25 +0200 Subject: [PATCH 7/8] signature: use fileutils.(Le|E)xists Signed-off-by: Giuseppe Scrivano --- signature/policy_config.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/signature/policy_config.go b/signature/policy_config.go index 7eb5cab7d8..33117a2e88 100644 --- a/signature/policy_config.go +++ b/signature/policy_config.go @@ -24,6 +24,7 @@ import ( "github.com/containers/image/v5/signature/internal" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" "github.com/containers/storage/pkg/homedir" "github.com/containers/storage/pkg/regexp" ) @@ -65,7 +66,7 @@ func defaultPolicyPathWithHomeDir(sys *types.SystemContext, homeDir string) stri return sys.SignaturePolicyPath } userPolicyFilePath := filepath.Join(homeDir, userPolicyFile) - if _, err := os.Stat(userPolicyFilePath); err == nil { + if err := fileutils.Exists(userPolicyFilePath); err == nil { return userPolicyFilePath } if sys != nil && sys.RootForImplicitAbsolutePaths != "" { From 8d4b25e7256963fc93ffe4e331bdcce7144509e7 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 11 Apr 2024 09:55:41 +0200 Subject: [PATCH 8/8] pkg/blobinfocache: use fileutils.(Le|E)xists Signed-off-by: Giuseppe Scrivano --- pkg/blobinfocache/boltdb/boltdb.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkg/blobinfocache/boltdb/boltdb.go b/pkg/blobinfocache/boltdb/boltdb.go index 3d8382ecd4..07230f8738 100644 --- a/pkg/blobinfocache/boltdb/boltdb.go +++ b/pkg/blobinfocache/boltdb/boltdb.go @@ -2,14 +2,16 @@ package boltdb import ( + "errors" "fmt" - "os" + "io/fs" "sync" "time" "github.com/containers/image/v5/internal/blobinfocache" "github.com/containers/image/v5/pkg/blobinfocache/internal/prioritize" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/fileutils" "github.com/opencontainers/go-digest" "github.com/sirupsen/logrus" bolt "go.etcd.io/bbolt" @@ -125,8 +127,8 @@ func (bdc *cache) view(fn func(tx *bolt.Tx) error) (retErr error) { // nevertheless create it, but with an O_RDONLY file descriptor, try to initialize it, and fail — while holding // a read lock, blocking any future writes. // Hence this preliminary check, which is RACY: Another process could remove the file - // between the Lstat call and opening the database. - if _, err := os.Lstat(bdc.path); err != nil && os.IsNotExist(err) { + // between the Lexists call and opening the database. + if err := fileutils.Lexists(bdc.path); err != nil && errors.Is(err, fs.ErrNotExist) { return err }