go.mod: update github.com/containers/image/v5 #2925
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
See BurntSushi/toml#360 A recent change in BurntSushi/toml made encoding fail (later changed to error) if a struct is marked as omitempty and is comparable. Go docs about equality: https://go.dev/doc/go1#equality. Basically: A struct is comparable if all of its fields are comparable. Slices are not comparable. Customizations are marked as omitempty but they contain a lot of slices, thus they are not comparable. The new version of BurntSushi/toml therefore panics when we encode them. The solution is to remove the omitempty tag from Customizations. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Version 5.22 introduced a new option to /etc/containers/policy.json called keyPaths, see containers/image#1609 EL9 immediately took advantage of this new feature and started using it, see https://gitlab.com/redhat/centos-stream/rpms/containers-common/-/commit/04645c4a84442da3324eea8f6538a5768e69919a This quickly became an issue in our code: The go library (containers/image) parses the configuration file very strictly and refuses to create a client when policy.json with an unknown key is present on the filesystem. As we used 5.21.1 that doesn't know the new key, our unit tests started to failing when containers-common was present. Reproducer: podman run --pull=always --rm -it centos:stream9 dnf install -y dnf-plugins-core dnf config-manager --set-enabled crb dnf install -y gpgme-devel libassuan-devel krb5-devel golang git-core git clone https://github.com/osbuild/osbuild-composer cd osbuild-composer # install the new containers-common and run the test dnf install -y https://kojihub.stream.centos.org/kojifiles/packages/containers-common/1/44.el9/x86_64/containers-common-1-44.el9.x86_64.rpm go test -count 1 ./... # this returns: --- FAIL: TestClientResolve (0.00s) client_test.go:31: Error Trace: client_test.go:31 Error: Received unexpected error: Unknown key "keyPaths" invalid policy in "/etc/containers/policy.json" github.com/containers/image/v5/signature.NewPolicyFromFile /osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_config.go:88 github.com/osbuild/osbuild-composer/internal/container.NewClient /osbuild-composer/internal/container/client.go:123 github.com/osbuild/osbuild-composer/internal/container_test.TestClientResolve /osbuild-composer/internal/container/client_test.go:29 testing.tRunner /usr/lib/golang/src/testing/testing.go:1439 runtime.goexit /usr/lib/golang/src/runtime/asm_amd64.s:1571 Test: TestClientResolve client_test.go:32: Error Trace: client_test.go:32 Error: Expected value not to be nil. Test: TestClientResolve When run with an older containers-common, it succeeds: dnf install -y https://kojihub.stream.centos.org/kojifiles/packages/containers-common/1/40.el9/x86_64/containers-common-1-40.el9.x86_64.rpm go test -count 1 ./... PASS To sum it up, I had to upgrade github.com/containers/image/v5 to v5.22.0. Unfortunately, this wasn't so simple, see go get github.com/containers/image/v5@latest go: github.com/containers/image/v5@v5.22.0 requires github.com/letsencrypt/boulder@v0.0.0-20220331220046-b23ab962616e requires github.com/honeycombio/beeline-go@v1.1.1 requires github.com/gobuffalo/pop/v5@v5.3.1 requires github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown revision v2.0.3 It turns out that github.com/mattn/go-sqlite3@v2.0.3+incompatible has been recently retracted mattn/go-sqlite3#998 and this broke a ton of packages depending on it. I was able to fix it by adding exclude github.com/mattn/go-sqlite3 v2.0.3+incompatible to our go.mod, see mattn/go-sqlite3#975 (comment) After adding it, go get github.com/containers/image/v5@latest succeeded and tools/prepare-source.sh took care of the rest. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
|
I had to add yet another commit to fix a new "feature" of the updated Anyway, I tested this PR on CentOS Stream 9 with |
thozza
approved these changes
Aug 29, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TL;DR: This fixes broken unit tests and other code using
container.NewClientwhen running on EL9 withcontainers-common>=1-43.el9and on EL8 withcontainers-common>=1-40.el8. We will definitely be backporting this to 9.1 and 8.7.Version 5.22 introduced a new option to
/etc/containers/policy.jsoncalledkeyPaths, see containers/image#1609EL9 immediately took advantage of this new feature and started using it, see https://gitlab.com/redhat/centos-stream/rpms/containers-common/-/commit/04645c4a84442da3324eea8f6538a5768e69919a
This quickly became an issue in our code: The go library (
containers/image) parses the configuration file very strictly and refuses to create a client whenpolicy.jsonwith an unknown key is present on the filesystem. As we used 5.21.1 that doesn't know the new key, our unit tests started to failing when newercontainers-commonis present.Reproducer:
To sum it up, I had to upgrade github.com/containers/image/v5 to v5.22.0. Unfortunately, this wasn't so simple, see
It turns out that
github.com/mattn/go-sqlite3@v2.0.3+incompatiblehas been recently retracted, see mattn/go-sqlite3#998. This broke a ton of packages depending on it. I was able to fix it by addingto our
go.mod, see mattn/go-sqlite3#975 (comment)After adding it,
go get github.com/containers/image/v5@latestsucceeded andtools/prepare-source.shtook care of the rest.Signed-off-by: Ondřej Budai ondrej@budai.cz
This pull request includes: