Switch containers/[image,storage,common] to go.podman.io. #4902
Conversation
WalkthroughThis PR migrates imports from github.com/containers/* to go.podman.io/* (strongunits, image, storage), updates go.mod/toolchain and dependencies, and refreshes vendored code accordingly. Notable vendor edits include Docker tlsconfig API adjustments (passphrase removal, cipher defaults), SQLite 3.50.4 headers and userauth deprecation, gpgme Key.Fingerprint addition, and pprof minor refactors. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Caller
participant DockerClient as Docker Client Factory
participant TLS as tlsconfig.defaultConfig
participant Cert as getCert
participant Key as getPrivateKey
Caller->>DockerClient: New docker client
DockerClient->>TLS: Build client TLS config
TLS->>Cert: Load cert/key (no passphrase support)
Cert->>Key: Parse private key
alt Key is encrypted
Key-->>Cert: errEncryptedKeyDeprecated
Cert-->>TLS: propagate error
TLS-->>DockerClient: error
DockerClient-->>Caller: error (encrypted key deprecated)
else Key is plain
Key-->>Cert: PrivateKey
Cert-->>TLS: tls.Certificate
TLS-->>DockerClient: tls.Config with ClientDefault CipherSuites
DockerClient-->>Caller: Client ready
end
note over TLS: CipherSuites now from ClientDefault()
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (31)
💤 Files with no reviewable changes (1)
✅ Files skipped from review due to trivial changes (2)
🚧 Files skipped from review as they are similar to previous changes (13)
🧰 Additional context used🧬 Code graph analysis (1)vendor/github.com/google/pprof/profile/merge.go (1)
🪛 markdownlint-cli2 (0.18.1)vendor/github.com/mattn/go-sqlite3/README.md354-354: Emphasis style (MD049, emphasis-style) 354-354: Emphasis style (MD049, emphasis-style) 🔇 Additional comments (27)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Hi @jankaluza. Thanks for your PR. I'm waiting for a crc-org member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Note that |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
pkg/crc/image/image.go (2)
69-73: Destroy the PolicyContext to avoid leaks.signature.PolicyContext should be destroyed; add a defer after creation.
policyContext, err := img.policyContext() if err != nil { return nil, err } + defer policyContext.Destroy()
74-76: Avoid panic on nil context; return an error instead.Panics here propagate to the CLI; prefer a typed error.
- if ctx == nil { - panic("ctx is nil, this should not happen") - } + if ctx == nil { + return nil, fmt.Errorf("nil context") + }pkg/crc/constants/constants.go (1)
10-10: LGTM on strongunits import migration; no legacy containers/ imports remain.*go.modstill includesgithub.com/containers/common(indirect)—rungo mod tidyto remove this stale dependency.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (107)
cmd/crc/cmd/start.go(1 hunks)cmd/crc/cmd/status.go(1 hunks)go.mod(8 hunks)pkg/crc/api/api_client_test.go(1 hunks)pkg/crc/api/client/types.go(1 hunks)pkg/crc/api/handlers.go(1 hunks)pkg/crc/cluster/cluster.go(1 hunks)pkg/crc/config/settings_test.go(1 hunks)pkg/crc/config/validations.go(1 hunks)pkg/crc/constants/constants.go(1 hunks)pkg/crc/image/image.go(1 hunks)pkg/crc/machine/config/config.go(1 hunks)pkg/crc/machine/driver.go(1 hunks)pkg/crc/machine/start.go(1 hunks)pkg/crc/machine/start_test.go(1 hunks)pkg/crc/machine/status.go(1 hunks)pkg/crc/machine/status_test.go(1 hunks)pkg/crc/machine/types/types.go(1 hunks)pkg/crc/validation/validation.go(1 hunks)pkg/drivers/libhvee/libhvee_windows.go(1 hunks)test/e2e/testsuite/testsuite.go(1 hunks)vendor/github.com/containers/image/v5/LICENSE(0 hunks)vendor/github.com/containers/image/v5/copy/blob.go(0 hunks)vendor/github.com/containers/image/v5/copy/compression.go(0 hunks)vendor/github.com/containers/image/v5/copy/copy.go(0 hunks)vendor/github.com/containers/image/v5/copy/digesting_reader.go(0 hunks)vendor/github.com/containers/image/v5/copy/encryption.go(0 hunks)vendor/github.com/containers/image/v5/copy/manifest.go(0 hunks)vendor/github.com/containers/image/v5/copy/multiple.go(0 hunks)vendor/github.com/containers/image/v5/copy/progress_bars.go(0 hunks)vendor/github.com/containers/image/v5/copy/progress_channel.go(0 hunks)vendor/github.com/containers/image/v5/copy/sign.go(0 hunks)vendor/github.com/containers/image/v5/copy/single.go(0 hunks)vendor/github.com/containers/image/v5/directory/directory_dest.go(0 hunks)vendor/github.com/containers/image/v5/directory/directory_src.go(0 hunks)vendor/github.com/containers/image/v5/directory/directory_transport.go(0 hunks)vendor/github.com/containers/image/v5/directory/explicitfilepath/path.go(0 hunks)vendor/github.com/containers/image/v5/docker/body_reader.go(0 hunks)vendor/github.com/containers/image/v5/docker/cache.go(0 hunks)vendor/github.com/containers/image/v5/docker/distribution_error.go(0 hunks)vendor/github.com/containers/image/v5/docker/docker_client.go(0 hunks)vendor/github.com/containers/image/v5/docker/docker_image.go(0 hunks)vendor/github.com/containers/image/v5/docker/docker_image_dest.go(0 hunks)vendor/github.com/containers/image/v5/docker/docker_image_src.go(0 hunks)vendor/github.com/containers/image/v5/docker/docker_transport.go(0 hunks)vendor/github.com/containers/image/v5/docker/errors.go(0 hunks)vendor/github.com/containers/image/v5/docker/paths_common.go(0 hunks)vendor/github.com/containers/image/v5/docker/paths_freebsd.go(0 hunks)vendor/github.com/containers/image/v5/docker/policyconfiguration/naming.go(0 hunks)vendor/github.com/containers/image/v5/docker/reference/README.md(0 hunks)vendor/github.com/containers/image/v5/docker/reference/helpers.go(0 hunks)vendor/github.com/containers/image/v5/docker/reference/normalize.go(0 hunks)vendor/github.com/containers/image/v5/docker/reference/reference.go(0 hunks)vendor/github.com/containers/image/v5/docker/reference/regexp-additions.go(0 hunks)vendor/github.com/containers/image/v5/docker/reference/regexp.go(0 hunks)vendor/github.com/containers/image/v5/docker/registries_d.go(0 hunks)vendor/github.com/containers/image/v5/docker/wwwauthenticate.go(0 hunks)vendor/github.com/containers/image/v5/internal/blobinfocache/blobinfocache.go(0 hunks)vendor/github.com/containers/image/v5/internal/blobinfocache/types.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/docker_list.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/docker_schema1.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/docker_schema2.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/manifest.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/memory.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/oci.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/oci_index.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/sourced.go(0 hunks)vendor/github.com/containers/image/v5/internal/image/unparsed.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/impl/helpers.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/impl/properties.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/stubs/original_oci_config.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/stubs/put_blob_partial.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/stubs/signatures.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/stubs/stubs.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagedestination/wrapper.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagesource/impl/compat.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagesource/impl/layer_infos.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagesource/impl/properties.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagesource/impl/signatures.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagesource/stubs/get_blob_at.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagesource/stubs/stubs.go(0 hunks)vendor/github.com/containers/image/v5/internal/imagesource/wrapper.go(0 hunks)vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go(0 hunks)vendor/github.com/containers/image/v5/internal/manifest/common.go(0 hunks)vendor/github.com/containers/image/v5/internal/manifest/docker_schema2.go(0 hunks)vendor/github.com/containers/image/v5/internal/manifest/docker_schema2_list.go(0 hunks)vendor/github.com/containers/image/v5/internal/manifest/errors.go(0 hunks)vendor/github.com/containers/image/v5/internal/manifest/list.go(0 hunks)vendor/github.com/containers/image/v5/internal/manifest/manifest.go(0 hunks)vendor/github.com/containers/image/v5/internal/manifest/oci_index.go(0 hunks)vendor/github.com/containers/image/v5/internal/multierr/multierr.go(0 hunks)vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go(0 hunks)vendor/github.com/containers/image/v5/internal/private/private.go(0 hunks)vendor/github.com/containers/image/v5/internal/putblobdigest/put_blob_digest.go(0 hunks)vendor/github.com/containers/image/v5/internal/rootless/rootless.go(0 hunks)vendor/github.com/containers/image/v5/internal/set/set.go(0 hunks)vendor/github.com/containers/image/v5/internal/signature/signature.go(0 hunks)vendor/github.com/containers/image/v5/internal/signature/sigstore.go(0 hunks)vendor/github.com/containers/image/v5/internal/signature/simple.go(0 hunks)vendor/github.com/containers/image/v5/internal/signer/signer.go(0 hunks)vendor/github.com/containers/image/v5/internal/streamdigest/stream_digest.go(0 hunks)vendor/github.com/containers/image/v5/internal/tmpdir/tmpdir.go(0 hunks)vendor/github.com/containers/image/v5/internal/unparsedimage/wrapper.go(0 hunks)vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go(0 hunks)vendor/github.com/containers/image/v5/internal/useragent/useragent.go(0 hunks)vendor/github.com/containers/image/v5/manifest/common.go(0 hunks)
⛔ Files not processed due to max files limit (22)
- vendor/github.com/containers/image/v5/manifest/docker_schema1.go
- vendor/github.com/containers/image/v5/manifest/docker_schema2.go
- vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go
- vendor/github.com/containers/image/v5/manifest/list.go
- vendor/github.com/containers/image/v5/manifest/manifest.go
- vendor/github.com/containers/image/v5/manifest/oci.go
- vendor/github.com/containers/image/v5/manifest/oci_index.go
- vendor/github.com/containers/image/v5/pkg/blobinfocache/default.go
- vendor/github.com/containers/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go
- vendor/github.com/containers/image/v5/pkg/blobinfocache/memory/memory.go
- vendor/github.com/containers/image/v5/pkg/blobinfocache/none/none.go
- vendor/github.com/containers/image/v5/pkg/blobinfocache/sqlite/sqlite.go
- vendor/github.com/containers/image/v5/pkg/compression/compression.go
- vendor/github.com/containers/image/v5/pkg/compression/internal/types.go
- vendor/github.com/containers/image/v5/pkg/compression/types/types.go
- vendor/github.com/containers/image/v5/pkg/compression/zstd.go
- vendor/github.com/containers/image/v5/pkg/docker/config/config.go
- vendor/github.com/containers/image/v5/pkg/strslice/README.md
- vendor/github.com/containers/image/v5/pkg/strslice/strslice.go
- vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_common.go
- vendor/github.com/containers/image/v5/pkg/sysregistriesv2/paths_freebsd.go
- vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
💤 Files with no reviewable changes (86)
- vendor/github.com/containers/image/v5/internal/imagedestination/impl/helpers.go
- vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go
- vendor/github.com/containers/image/v5/docker/reference/regexp-additions.go
- vendor/github.com/containers/image/v5/internal/imagesource/impl/layer_infos.go
- vendor/github.com/containers/image/v5/internal/multierr/multierr.go
- vendor/github.com/containers/image/v5/docker/paths_common.go
- vendor/github.com/containers/image/v5/internal/manifest/docker_schema2.go
- vendor/github.com/containers/image/v5/docker/cache.go
- vendor/github.com/containers/image/v5/copy/multiple.go
- vendor/github.com/containers/image/v5/internal/imagesource/stubs/stubs.go
- vendor/github.com/containers/image/v5/internal/imagesource/impl/properties.go
- vendor/github.com/containers/image/v5/internal/useragent/useragent.go
- vendor/github.com/containers/image/v5/docker/reference/README.md
- vendor/github.com/containers/image/v5/internal/manifest/common.go
- vendor/github.com/containers/image/v5/LICENSE
- vendor/github.com/containers/image/v5/directory/explicitfilepath/path.go
- vendor/github.com/containers/image/v5/internal/image/oci_index.go
- vendor/github.com/containers/image/v5/internal/rootless/rootless.go
- vendor/github.com/containers/image/v5/docker/docker_image.go
- vendor/github.com/containers/image/v5/internal/streamdigest/stream_digest.go
- vendor/github.com/containers/image/v5/copy/progress_channel.go
- vendor/github.com/containers/image/v5/internal/image/manifest.go
- vendor/github.com/containers/image/v5/internal/signer/signer.go
- vendor/github.com/containers/image/v5/internal/blobinfocache/blobinfocache.go
- vendor/github.com/containers/image/v5/internal/manifest/manifest.go
- vendor/github.com/containers/image/v5/internal/signature/signature.go
- vendor/github.com/containers/image/v5/internal/imagesource/impl/signatures.go
- vendor/github.com/containers/image/v5/copy/digesting_reader.go
- vendor/github.com/containers/image/v5/internal/imagedestination/stubs/stubs.go
- vendor/github.com/containers/image/v5/docker/docker_image_dest.go
- vendor/github.com/containers/image/v5/internal/imagedestination/impl/properties.go
- vendor/github.com/containers/image/v5/internal/signature/simple.go
- vendor/github.com/containers/image/v5/copy/sign.go
- vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go
- vendor/github.com/containers/image/v5/docker/paths_freebsd.go
- vendor/github.com/containers/image/v5/docker/body_reader.go
- vendor/github.com/containers/image/v5/internal/image/docker_schema1.go
- vendor/github.com/containers/image/v5/copy/compression.go
- vendor/github.com/containers/image/v5/internal/imagedestination/stubs/signatures.go
- vendor/github.com/containers/image/v5/copy/encryption.go
- vendor/github.com/containers/image/v5/internal/imagesource/wrapper.go
- vendor/github.com/containers/image/v5/internal/imagesource/impl/compat.go
- vendor/github.com/containers/image/v5/internal/image/memory.go
- vendor/github.com/containers/image/v5/internal/image/docker_list.go
- vendor/github.com/containers/image/v5/docker/reference/normalize.go
- vendor/github.com/containers/image/v5/internal/imagesource/stubs/get_blob_at.go
- vendor/github.com/containers/image/v5/internal/imagedestination/stubs/put_blob_partial.go
- vendor/github.com/containers/image/v5/internal/manifest/docker_schema2_list.go
- vendor/github.com/containers/image/v5/docker/wwwauthenticate.go
- vendor/github.com/containers/image/v5/docker/policyconfiguration/naming.go
- vendor/github.com/containers/image/v5/docker/docker_client.go
- vendor/github.com/containers/image/v5/docker/registries_d.go
- vendor/github.com/containers/image/v5/docker/distribution_error.go
- vendor/github.com/containers/image/v5/internal/blobinfocache/types.go
- vendor/github.com/containers/image/v5/copy/progress_bars.go
- vendor/github.com/containers/image/v5/copy/blob.go
- vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go
- vendor/github.com/containers/image/v5/directory/directory_src.go
- vendor/github.com/containers/image/v5/docker/reference/regexp.go
- vendor/github.com/containers/image/v5/internal/imagedestination/wrapper.go
- vendor/github.com/containers/image/v5/docker/reference/helpers.go
- vendor/github.com/containers/image/v5/copy/manifest.go
- vendor/github.com/containers/image/v5/internal/image/docker_schema2.go
- vendor/github.com/containers/image/v5/internal/image/unparsed.go
- vendor/github.com/containers/image/v5/internal/tmpdir/tmpdir.go
- vendor/github.com/containers/image/v5/internal/image/oci.go
- vendor/github.com/containers/image/v5/internal/set/set.go
- vendor/github.com/containers/image/v5/docker/docker_image_src.go
- vendor/github.com/containers/image/v5/internal/manifest/list.go
- vendor/github.com/containers/image/v5/internal/imagedestination/impl/compat.go
- vendor/github.com/containers/image/v5/internal/putblobdigest/put_blob_digest.go
- vendor/github.com/containers/image/v5/internal/imagedestination/stubs/original_oci_config.go
- vendor/github.com/containers/image/v5/internal/private/private.go
- vendor/github.com/containers/image/v5/manifest/common.go
- vendor/github.com/containers/image/v5/internal/unparsedimage/wrapper.go
- vendor/github.com/containers/image/v5/internal/image/sourced.go
- vendor/github.com/containers/image/v5/internal/signature/sigstore.go
- vendor/github.com/containers/image/v5/internal/manifest/oci_index.go
- vendor/github.com/containers/image/v5/copy/copy.go
- vendor/github.com/containers/image/v5/docker/errors.go
- vendor/github.com/containers/image/v5/directory/directory_dest.go
- vendor/github.com/containers/image/v5/directory/directory_transport.go
- vendor/github.com/containers/image/v5/docker/reference/reference.go
- vendor/github.com/containers/image/v5/docker/docker_transport.go
- vendor/github.com/containers/image/v5/copy/single.go
- vendor/github.com/containers/image/v5/internal/manifest/errors.go
🔇 Additional comments (21)
pkg/drivers/libhvee/libhvee_windows.go (1)
15-15: Strongunits import migration verified in vendor/libhvee alignment is correct—nogithub.com/containers/common/pkg/strongunitsimports found in vendor/libhvee.pkg/crc/machine/types/types.go (1)
8-8: Import switch to go.podman.io/common/strongunits — LGTMType usage remains unchanged; no API drift observed.
go.mod (1)
15-15: No straygithub.com/containers/*imports found — graph is clean
Only the indirectgithub.com/containers/common v0.62.2in go.mod and vendor entries remain; no direct source imports outside vendor.cmd/crc/cmd/status.go (1)
14-14: Strongunits import updated — LGTMNo behavior change; JSON and printing paths unaffected.
pkg/crc/machine/start.go (1)
14-14: Strongunits import migrated — LGTMMinimum memory constant and conversions remain intact.
pkg/crc/image/image.go (1)
20-23: Import-path migration looks correct.Switched to go.podman.io/image/v5 for copy, directory, docker, signature without API changes. Good.
pkg/crc/validation/validation.go (1)
12-12: Import migration verified
No legacygithub.com/containers/(image|common|storage)imports remain in code—only module entries in go.mod/go.sum.pkg/crc/config/settings_test.go (1)
8-8: Test import updated correctly.No behavior change; compiles against new strongunits path.
pkg/crc/machine/driver.go (1)
6-6: Import migration acknowledged.strongunits path update only; setter logic unaffected.
pkg/crc/config/validations.go (1)
8-8: Import migration looks good.Validation logic unchanged; types match.
pkg/crc/api/api_client_test.go (1)
10-10: LGTM: switched to go.podman.io/common/strongunitsImport-path migration looks correct; no functional changes in this test.
test/e2e/testsuite/testsuite.go (1)
22-22: LGTM: strongunits import path updatedConsistent with the monorepo move; no behavior changes in the E2E steps.
pkg/crc/machine/config/config.go (1)
5-5: LGTM: config uses go.podman.io/common/strongunitsTypes (MiB, GiB) remain the same; no struct/API changes.
pkg/crc/machine/start_test.go (1)
10-10: LGTM: tests now import strongunits from go.podman.io/commonAssertions using B/GiB/ToBytes remain compatible.
pkg/crc/machine/status_test.go (1)
7-7: LGTM: strongunits import migratedTest expectations unchanged; import path aligns with the rest of the repo.
pkg/crc/cluster/cluster.go (1)
18-18: LGTM on import path change.Switch to go.podman.io/common/pkg/strongunits is consistent with the PR objective; usages remain compatible.
pkg/crc/api/handlers.go (1)
7-7: LGTM on strongunits migration.No behavior change; types align with existing Start config handling.
cmd/crc/cmd/start.go (1)
13-13: LGTM on strongunits import update.Flag parsing and validation still use strongunits consistently.
pkg/crc/machine/status.go (1)
9-9: LGTM on strongunits path migration.Status computation keeps the same units. The earlier verification script also checks for strongunits API presence.
pkg/crc/api/client/types.go (2)
7-7: Import path migration to go.podman.io/common looks goodMatches the monorepo move and aligns with the PR’s objective. No functional concerns here.
27-33: Manually verify JSON encoding of strongunits.B in the upstream moduleThe
strongunitspackage isn’t vendored here, so please confirm that the upstreamstrongunits.BMarshalJSON/UnmarshalJSON behavior (string vs numeric encoding) has not changed and remains compatible to avoid API contract drift.
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (18)
vendor/github.com/docker/go-connections/tlsconfig/config.go (2)
39-50: Avoid slice aliasing for exported cipher list; minor comment grammar fix.Assigning the exported
DefaultServerAcceptedCiphersdirectly todefaultCipherSuitesaliases the same backing array. External mutation of the exported slice (e.g., index assignment) would also mutate your internal default. Safer to publish a copy. Also fix “uses” → “used”.-// DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls +// DefaultServerAcceptedCiphers should be used by code which already has a crypto/tls // options struct but wants to use a commonly accepted set of TLS cipher suites, with // known weak algorithms removed. -var DefaultServerAcceptedCiphers = defaultCipherSuites +var DefaultServerAcceptedCiphers = append([]uint16(nil), defaultCipherSuites...)
164-167: Update stale comment: passphrase support was removed.Comment still mentions decrypting with a passphrase; the code now rejects encrypted keys.
-// getCert returns a Certificate from the CertFile and KeyFile in 'options', -// if the key is encrypted, the Passphrase in 'options' will be used to -// decrypt it. +// getCert returns a Certificate from the CertFile and KeyFile in 'options'. +// Encrypted (password-protected) private keys are not supported and will +// result in an error (see errEncryptedKeyDeprecated).vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go (1)
10-13: Stale -ldflags doc still references github.com/containers path.
If you keep vendor comments, no change needed here; otherwise consider updating upstream to prevent confusion.Proposed doc-only tweak (for upstream):
-// -ldflags '-X github.com/containers/image/v5/internal/tmpdir.unixTempDirForBigFiles=$your_path' +// -ldflags '-X go.podman.io/image/v5/internal/tmpdir.unixTempDirForBigFiles=$your_path'vendor/go.podman.io/image/v5/docker/registries_d.go (1)
23-26: Update ldflags override path in comment to new module path.The example still references github.com/containers/...; suggest aligning to go.podman.io to avoid confusion.
-// -ldflags '-X github.com/containers/image/v5/docker.systemRegistriesDirPath=$your_path' +// -ldflags '-X go.podman.io/image/v5/docker.systemRegistriesDirPath=$your_path'vendor/github.com/mattn/go-sqlite3/README.md (1)
354-355: Fix markdownlint MD049 (emphasis style) in vendored README.If lint checks include vendor, switch asterisks to underscores.
-***This is deprecated*** +__This is deprecated__If vendor is excluded from lint, feel free to ignore.
vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1)
3-3: User-Agent still references github.com/containers/imageLikely intentional upstream choice; don’t patch vendor here. Just flagging in case you expected UA to reflect the go.podman.io move.
vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (1)
438-444: Minor style tweak LGTM; be mindful of theoretical overflowType-inferred stamp doesn’t change behavior. Extremely large intervals could overflow int64 on time.Unix, but that’s preexisting and non-blocking.
vendor/github.com/containers/libhvee/pkg/wmiext/array.go (1)
44-45: Clarify nolint rationale on unsafe.Pointer cast.Add a short reason so future readers understand why bypassing vet is safe here (Win32 returns an allocation pointer which is immediately cast).
- safearray = (*ole.SafeArray)(unsafe.Pointer(ret)) //nolint:govet + safearray = (*ole.SafeArray)(unsafe.Pointer(ret)) //nolint:govet -- Windows API returns a heap pointer; immediate cast is intendedvendor/go.podman.io/image/v5/pkg/compression/compression.go (1)
110-112: Update stale path in comment to match new module.Keep comments consistent with imports.
-// github.com/containers/storage/pkg/chunked . +// go.podman.io/storage/pkg/chunked .vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (1)
433-456: Add fast-fail check for DVDDiskPath
Insert before the DVD-drive builder to validate the image exists:if _, err := os.Stat(config.DVDDiskPath); err != nil { return fmt.Errorf("DVD image not found: %w", err) }Slot 1 is confirmed free for the DVD drive—no other synthetic drives use it in this package.
vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (2)
111-112: Typos in comments (vendor nit).“THis” → “This”; “their” → “there”. No action required here unless you’re carrying local vendor patches.
62-63: Consider symbolic return codes for readability (vendor nit).Returning literal
1/0works; using named constants (e.g.,int(C.SQLITE_ERROR)/int(C.SQLITE_OK)) would self-document intent. Not necessary if you’re mirroring upstream.Also applies to: 92-93, 122-123, 147-148
vendor/go.podman.io/common/pkg/strongunits/config.go (1)
22-23: Minor doc typo (vendor nit).“gibToB s the math” → “gibToB is the math”.
vendor/go.podman.io/image/v5/docker/docker_image.go (1)
81-81: Avoid deferring res.Body.Close() inside a loopDeferring Close in a paginated loop holds bodies until function return and can inflate FD/memory usage. Consider closing the body explicitly per-iteration after decoding/using headers, and ensuring early-return paths close it as well. Since this is vendored upstream code, consider forwarding upstream rather than patching locally.
vendor/go.podman.io/image/v5/manifest/oci_index.go (1)
5-5: Coordinate merge with vfkit to drop stale github.com/containers/common.Given the noted circular dep, ensure CI tolerates a transient state or gate merges to avoid mixed modules.
vendor/go.podman.io/image/v5/docker/docker_client.go (1)
231-237: TLS cipher policy change: verify registry compatibility; consider an opt-in for TLS 1.3-only.Pinning CipherSuites to tlsconfig.ClientDefault() is reasonable. Leave MinVersion implicit (client default TLS 1.2) for compatibility, but please sanity-check against any registries in your matrix that only support legacy TLS 1.2 ciphers. If a hardened mode is needed later, exposing an optional SystemContext toggle to force TLS 1.3 could be added without breaking defaults.
vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (2)
5715-5832: Function flag set expansions (DETERMINISTIC, DIRECTONLY, INNOCUOUS, SUBTYPE, RESULT_SUBTYPE, SELFORDER1)These define set is unchanged in value but expanded docs. If we ever register custom SQL functions via go-sqlite3, prefer tagging with SQLITE_DETERMINISTIC and, where appropriate, SQLITE_DIRECTONLY/INNOCUOUS to harden use in triggers/views.
Happy to provide a small helper to wrap sqlite3_create_function*_v2 with safe flags.
6250-6270: Destructor macros (SQLITE_STATIC/TRANSIENT) unchanged — keep usage correct in CGOJust a reminder (since vendored header is updated): when passing Go strings/blobs into C APIs returning const char*, continue to use SQLITE_TRANSIENT to avoid lifetime bugs.
If desired, I can review any sqlite bindings usage sites for correct destructor flags.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (107)
cmd/crc/cmd/start.go(1 hunks)cmd/crc/cmd/status.go(1 hunks)go.mod(8 hunks)pkg/crc/api/api_client_test.go(1 hunks)pkg/crc/api/client/types.go(1 hunks)pkg/crc/api/handlers.go(1 hunks)pkg/crc/cluster/cluster.go(1 hunks)pkg/crc/config/settings_test.go(1 hunks)pkg/crc/config/validations.go(1 hunks)pkg/crc/constants/constants.go(1 hunks)pkg/crc/image/image.go(1 hunks)pkg/crc/machine/config/config.go(1 hunks)pkg/crc/machine/driver.go(1 hunks)pkg/crc/machine/start.go(1 hunks)pkg/crc/machine/start_test.go(1 hunks)pkg/crc/machine/status.go(1 hunks)pkg/crc/machine/status_test.go(1 hunks)pkg/crc/machine/types/types.go(1 hunks)pkg/crc/validation/validation.go(1 hunks)pkg/drivers/libhvee/libhvee_windows.go(1 hunks)test/e2e/testsuite/testsuite.go(1 hunks)vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go(1 hunks)vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go(2 hunks)vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go(1 hunks)vendor/github.com/containers/libhvee/pkg/wmiext/array.go(2 hunks)vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go(2 hunks)vendor/github.com/docker/go-connections/tlsconfig/config.go(7 hunks)vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go(0 hunks)vendor/github.com/mattn/go-sqlite3/README.md(1 hunks)vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h(71 hunks)vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go(10 hunks)vendor/github.com/mattn/go-sqlite3/sqlite3ext.h(2 hunks)vendor/github.com/proglottis/gpgme/gpgme.go(1 hunks)vendor/go.podman.io/common/LICENSE(1 hunks)vendor/go.podman.io/common/pkg/strongunits/config.go(1 hunks)vendor/go.podman.io/image/v5/copy/blob.go(1 hunks)vendor/go.podman.io/image/v5/copy/compression.go(1 hunks)vendor/go.podman.io/image/v5/copy/copy.go(1 hunks)vendor/go.podman.io/image/v5/copy/encryption.go(1 hunks)vendor/go.podman.io/image/v5/copy/manifest.go(1 hunks)vendor/go.podman.io/image/v5/copy/multiple.go(1 hunks)vendor/go.podman.io/image/v5/copy/progress_bars.go(1 hunks)vendor/go.podman.io/image/v5/copy/progress_channel.go(1 hunks)vendor/go.podman.io/image/v5/copy/sign.go(1 hunks)vendor/go.podman.io/image/v5/copy/single.go(1 hunks)vendor/go.podman.io/image/v5/directory/directory_dest.go(1 hunks)vendor/go.podman.io/image/v5/directory/directory_src.go(1 hunks)vendor/go.podman.io/image/v5/directory/directory_transport.go(1 hunks)vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go(1 hunks)vendor/go.podman.io/image/v5/docker/cache.go(1 hunks)vendor/go.podman.io/image/v5/docker/docker_client.go(2 hunks)vendor/go.podman.io/image/v5/docker/docker_image.go(1 hunks)vendor/go.podman.io/image/v5/docker/docker_image_dest.go(1 hunks)vendor/go.podman.io/image/v5/docker/docker_image_src.go(1 hunks)vendor/go.podman.io/image/v5/docker/docker_transport.go(1 hunks)vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go(1 hunks)vendor/go.podman.io/image/v5/docker/reference/regexp.go(1 hunks)vendor/go.podman.io/image/v5/docker/registries_d.go(1 hunks)vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go(1 hunks)vendor/go.podman.io/image/v5/internal/blobinfocache/types.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/docker_list.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/docker_schema1.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/docker_schema2.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/manifest.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/memory.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/oci.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/oci_index.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/sourced.go(1 hunks)vendor/go.podman.io/image/v5/internal/image/unparsed.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go(1 hunks)vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go(1 hunks)vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go(1 hunks)vendor/go.podman.io/image/v5/internal/manifest/list.go(1 hunks)vendor/go.podman.io/image/v5/internal/manifest/manifest.go(1 hunks)vendor/go.podman.io/image/v5/internal/manifest/oci_index.go(1 hunks)vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go(1 hunks)vendor/go.podman.io/image/v5/internal/private/private.go(1 hunks)vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go(1 hunks)vendor/go.podman.io/image/v5/internal/signer/signer.go(1 hunks)vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go(1 hunks)vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go(1 hunks)vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go(1 hunks)vendor/go.podman.io/image/v5/internal/useragent/useragent.go(1 hunks)vendor/go.podman.io/image/v5/manifest/common.go(1 hunks)vendor/go.podman.io/image/v5/manifest/docker_schema1.go(1 hunks)vendor/go.podman.io/image/v5/manifest/docker_schema2.go(1 hunks)vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go(1 hunks)vendor/go.podman.io/image/v5/manifest/list.go(1 hunks)vendor/go.podman.io/image/v5/manifest/manifest.go(1 hunks)vendor/go.podman.io/image/v5/manifest/oci.go(1 hunks)vendor/go.podman.io/image/v5/manifest/oci_index.go(1 hunks)vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go(1 hunks)vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go(1 hunks)vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go(1 hunks)vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go(1 hunks)vendor/go.podman.io/image/v5/pkg/blobinfocache/sqlite/sqlite.go(1 hunks)vendor/go.podman.io/image/v5/pkg/compression/compression.go(1 hunks)vendor/go.podman.io/image/v5/pkg/compression/types/types.go(1 hunks)
⛔ Files not processed due to max files limit (50)
- vendor/go.podman.io/image/v5/pkg/docker/config/config.go
- vendor/go.podman.io/image/v5/pkg/sysregistriesv2/shortnames.go
- vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go
- vendor/go.podman.io/image/v5/signature/docker.go
- vendor/go.podman.io/image/v5/signature/fulcio_cert.go
- vendor/go.podman.io/image/v5/signature/internal/json.go
- vendor/go.podman.io/image/v5/signature/internal/sigstore_payload.go
- vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go
- vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go
- vendor/go.podman.io/image/v5/signature/pki_cert.go
- vendor/go.podman.io/image/v5/signature/policy_config.go
- vendor/go.podman.io/image/v5/signature/policy_config_sigstore.go
- vendor/go.podman.io/image/v5/signature/policy_eval.go
- vendor/go.podman.io/image/v5/signature/policy_eval_baselayer.go
- vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go
- vendor/go.podman.io/image/v5/signature/policy_eval_sigstore.go
- vendor/go.podman.io/image/v5/signature/policy_eval_simple.go
- vendor/go.podman.io/image/v5/signature/policy_reference_match.go
- vendor/go.podman.io/image/v5/signature/signer/signer.go
- vendor/go.podman.io/image/v5/signature/sigstore/internal/signer.go
- vendor/go.podman.io/image/v5/signature/sigstore/signer.go
- vendor/go.podman.io/image/v5/signature/simple.go
- vendor/go.podman.io/image/v5/signature/simplesigning/signer.go
- vendor/go.podman.io/image/v5/transports/stub.go
- vendor/go.podman.io/image/v5/transports/transports.go
- vendor/go.podman.io/image/v5/types/types.go
- vendor/go.podman.io/image/v5/version/version.go
- vendor/go.podman.io/storage/pkg/archive/archive.go
- vendor/go.podman.io/storage/pkg/archive/archive_linux.go
- vendor/go.podman.io/storage/pkg/archive/archive_unix.go
- vendor/go.podman.io/storage/pkg/archive/archive_windows.go
- vendor/go.podman.io/storage/pkg/archive/changes.go
- vendor/go.podman.io/storage/pkg/archive/changes_linux.go
- vendor/go.podman.io/storage/pkg/archive/changes_other.go
- vendor/go.podman.io/storage/pkg/archive/changes_unix.go
- vendor/go.podman.io/storage/pkg/archive/changes_windows.go
- vendor/go.podman.io/storage/pkg/archive/copy.go
- vendor/go.podman.io/storage/pkg/archive/diff.go
- vendor/go.podman.io/storage/pkg/archive/fflags_bsd.go
- vendor/go.podman.io/storage/pkg/chunked/compressor/compressor.go
- vendor/go.podman.io/storage/pkg/chunked/internal/minimal/compression.go
- vendor/go.podman.io/storage/pkg/chunked/toc/toc.go
- vendor/go.podman.io/storage/pkg/homedir/homedir_unix.go
- vendor/go.podman.io/storage/pkg/idtools/idtools.go
- vendor/go.podman.io/storage/pkg/idtools/idtools_unix.go
- vendor/go.podman.io/storage/pkg/idtools/usergroupadd_linux.go
- vendor/go.podman.io/storage/pkg/ioutils/temp_windows.go
- vendor/go.podman.io/storage/pkg/lockfile/lockfile.go
- vendor/go.podman.io/storage/pkg/lockfile/lockfile_unix.go
- vendor/go.podman.io/storage/pkg/pools/pools.go
💤 Files with no reviewable changes (1)
- vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go
✅ Files skipped from review due to trivial changes (8)
- vendor/go.podman.io/image/v5/internal/signer/signer.go
- vendor/go.podman.io/image/v5/internal/image/docker_schema2.go
- vendor/go.podman.io/image/v5/internal/image/oci_index.go
- vendor/go.podman.io/image/v5/manifest/docker_schema1.go
- vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go
- pkg/crc/machine/start_test.go
- vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go
- pkg/crc/machine/config/config.go
🚧 Files skipped from review as they are similar to previous changes (18)
- pkg/crc/config/validations.go
- pkg/crc/api/api_client_test.go
- cmd/crc/cmd/start.go
- pkg/crc/config/settings_test.go
- cmd/crc/cmd/status.go
- pkg/crc/cluster/cluster.go
- pkg/crc/constants/constants.go
- pkg/crc/machine/start.go
- pkg/crc/machine/status.go
- pkg/crc/machine/driver.go
- pkg/crc/image/image.go
- pkg/crc/validation/validation.go
- pkg/crc/api/client/types.go
- pkg/crc/machine/status_test.go
- pkg/drivers/libhvee/libhvee_windows.go
- test/e2e/testsuite/testsuite.go
- pkg/crc/api/handlers.go
- pkg/crc/machine/types/types.go
🧰 Additional context used
🧬 Code graph analysis (2)
vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (1)
vendor/github.com/go-ole/go-ole/variant.go (1)
NewVariant(6-8)
vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (2)
vendor/github.com/containers/libhvee/pkg/hypervctl/drive_settings_builder.go (1)
NewDriveSettingsBuilder(41-43)vendor/github.com/containers/libhvee/pkg/hypervctl/vhd_storage_settings.go (1)
VirtualHardDiskStorageSettings(8-13)
🪛 ast-grep (0.38.6)
vendor/go.podman.io/image/v5/docker/docker_client.go
[warning] 229-236: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{
// As of 2025-08, tlsconfig.ClientDefault() differs from Go 1.23 defaults only in CipherSuites;
// so, limit us to only using that value. If go-connections/tlsconfig changes its policy, we
// will want to consider that and make a decision whether to follow suit.
// There is some chance that eventually the Go default will be to require TLS 1.3, and that point
// we might want to drop the dependency on go-connections entirely.
CipherSuites: tlsconfig.ClientDefault().CipherSuites,
}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures
(missing-ssl-minversion-go)
🪛 markdownlint-cli2 (0.17.2)
vendor/github.com/mattn/go-sqlite3/README.md
354-354: Emphasis style
Expected: underscore; Actual: asterisk
(MD049, emphasis-style)
354-354: Emphasis style
Expected: underscore; Actual: asterisk
(MD049, emphasis-style)
🔇 Additional comments (99)
vendor/github.com/docker/go-connections/tlsconfig/config.go (5)
62-75: Centralizing config via defaultConfig() looks good.Consolidation reduces drift between client and server and enforces TLS1.2+ with modern suites.
81-100: Cert pool logic LGTM.Exclusive vs system pool handling and strict PEM append erroring are appropriate.
195-218: Client config changes LGTM.Uses shared defaults, optional custom roots, and honors MinVersion override with validation.
222-245: Server config changes LGTM.Reasonable error messages for encrypted keys and conditional client-CA wiring based on ClientAuth.
133-146: No TLS passphrase support is exercised by any caller
A full‐repo grep shows no use of tlsconfig.Options, getCert/getPrivateKey, or passphrase-protected PEMs for TLS—only in signature, SSH, and GPG subsystems. Change is safe.vendor/go.podman.io/image/v5/docker/cache.go (1)
4-6: Imports switched to go.podman.io/image/v5/{docker/reference,types}—LGTM.vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go (1)
10-10: strongunits import migrated to go.podman.io/common—looks good.vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go (1)
6-8: Internal imports moved to go.podman.io/image/v5/{internal/private,internal/signature,types}—OK.vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go (1)
8-8: docker/reference import path migrated to go.podman.io—LGTM.vendor/go.podman.io/image/v5/docker/registries_d.go (1)
15-19: LGTM on import path migration.Imports correctly point to go.podman.io equivalents.
vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go (1)
29-30: LGTM on types import switch.Consistent with the monorepo migration.
vendor/github.com/proglottis/gpgme/gpgme.go (1)
880-884: Good addition: Key.Fingerprint accessor with KeepAlive.Matches existing SubKey.Fingerprint pattern and respects cgo liveness.
vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go (1)
7-8: LGTM on import path migration.No functional changes; interfaces unchanged.
vendor/go.podman.io/image/v5/docker/reference/regexp.go (2)
7-7: Import-path migration LGTMAlias preserved; behavior unchanged.
7-7: No stale containers/ imports detected*
All non-vendor .go files and go.mod contain no direct github.com/containers/* imports; the only github.com/containers/common entry is an expected indirect dependency (via vfkit).vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1)
3-3: Import-path migration LGTMModule path updated to go.podman.io; no functional changes.
vendor/go.podman.io/image/v5/internal/private/private.go (1)
10-15: Import-path migration LGTMAll image/v5 imports consistently switched to go.podman.io; types/interfaces unchanged.
vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1)
104-106: Adding DVDDiskPath is backward-compatible and optionalZero-value preserves previous behavior; exposes DVD support when set.
vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (1)
350-358: Refactor of day constant is safeRenaming to dayTime and using it consistently keeps semantics identical.
vendor/go.podman.io/common/LICENSE (1)
1-202: License addition aligns with vendored go.podman.io/common.No action needed.
vendor/github.com/containers/libhvee/pkg/wmiext/array.go (1)
151-155: LGTM: readability improvement.Explicit early return is clear and equivalent.
vendor/go.podman.io/image/v5/pkg/compression/compression.go (1)
12-15: Import path migration looks correct.Matches the go.podman.io module move; no functional changes.
vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (1)
222-223: LGTM: ReplaceAll for newline sanitization.Minor cleanup; equivalent behavior.
go.mod (5)
55-56: Direct migration to go.podman.io modules looks right.Pseudo-versions pin to recent commits; OK if intentional.
Please confirm these pseudo-versions correspond to the intended commits/releases in your release matrix.
179-179: Aligned storage module path (indirect).Consistent with the image/common migration.
15-15: Validate Windows flows after libhvee bump
The upgrade to libhvee v0.10.1 adds Hyper-V drive plumbing (e.g.,hypervctl.NewDriveSettingsBuilder,hypervctl.GetDiskSize,hypervctl.ResizeDisk) inpkg/drivers/libhvee/libhvee_windows.go; confirm VM create/start/stop/remove workflows on Windows still pass with DVD drive configurations.
81-81: No action needed: old common module is only an indirect dependency
All code imports usego.podman.io/common; there are no references togithub.com/containers/commonor related packages outside ofgo.mod, so the indirectcontainers/common v0.62.2via vfkit poses no current risk of type duplication.
3-3: No CI updates needed
All GitHub Actions workflows pinmatrix.goto1.24(e.g. in windows-chocolatey.yml) and useactions/setup-gowith that value, so CI already matchesgo 1.24.0.vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (2)
32-33: Clear deprecation error is good.Returning a single, well-described sentinel error makes the API behavior explicit when sqlite_userauth is enabled.
49-153: No sqlite_userauth build tags detected outside vendor Verified viarg -nP '(^//\s*go:build.*sqlite_userauth)|sqlite_userauth' -g '!vendor/**'with no matches; userauth paths remain disabled.vendor/go.podman.io/common/pkg/strongunits/config.go (1)
58-60: Public API casing inconsistency: ToMib vs MiB.Function is
ToMibbut type isMiB; elsewhere you useKiB/GiB. If this mirrors upstream, fine; otherwise considerToMiBfor consistency to avoid confusion.vendor/go.podman.io/image/v5/copy/encryption.go (2)
11-12: Import path migration LGTM.Switch to
go.podman.io/image/v5/typesmatches the PR goal; no functional changes here.
3-12: No lingering github.com/containers imports in Go files
Only indirect references remain in go.mod/go.sum (e.g. github.com/containers/common), but no Go source files outside vendor import containers/{image,common,storage}.vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go (2)
8-8: Import path migrated to go.podman.io/storage/pkg/fileutils — OKLexists API unchanged; behavior preserved.
8-8: No leftover github.com/containers imports
rg -nP -g '!vendor/**' -g '**/*.go' 'github\.com/containers/(image|common|storage)'returned zero matches outsidevendor/; thego.podman.io/...imports listed are the intended replacements.vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go (1)
4-4: Internal manifest import switched to go.podman.io/image/v5 — OKModule major version and API aliasing remain consistent.
vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1)
8-11: All internal imports retargeted under go.podman.io/image/v5 — OKConsistent module root keeps internal visibility rules intact.
vendor/go.podman.io/image/v5/internal/image/sourced.go (1)
9-9: types import updated to go.podman.io/image/v5/types — OKNo functional diffs; callers unaffected.
vendor/go.podman.io/image/v5/copy/manifest.go (1)
12-16: copy/manifest imports migrated to go.podman.io — OKAliases preserved; constants and helpers resolve under new module.
vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go (1)
9-12: Import migration verified—no old containers imports remain
Allgithub.com/containers/...imports have been removed andgo.podman.io/...imports are present repository-wide.vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go (2)
10-12: Import migration to go.podman.io: LGTMAliases retained appropriately; usages resolve as before.
155-165: Guard against empty WantedPlatforms() slice (potential panic)ChooseInstance indexes wantedPlatforms[0] without checking length. Upstream likely guarantees non-empty, but please confirm invariant holds in your call paths.
vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go (1)
3-3: Import migration to go.podman.io: LGTMNo behavioral change; types resolve identically.
vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go (1)
12-15: Import migration to go.podman.io: LGTMInternal references map cleanly to the new module paths.
vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go (1)
8-9: Import migration to go.podman.io: LGTMStubs remain functionally identical.
vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (2)
7-8: LGTM: import path migration to go.podman.io/image/v5Imports updated cleanly; behavior unchanged.
7-8: No direct imports of github.com/containers/ found outside vendor; module graph edge to containers/common is expected until the vfkit PR lands.*vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1)
8-12: LGTM: imports pointed to go.podman.io/image/v5 equivalentsTypes and internals align; no semantic changes.
vendor/go.podman.io/image/v5/docker/docker_image.go (1)
14-18: LGTM: docker package imports switched to go.podman.io/image/v5Straight import relocation; APIs unchanged.
vendor/go.podman.io/image/v5/internal/image/docker_list.go (1)
7-9: LGTM: internal manifest/types imports migratedConsistent with v5; no behavior change.
vendor/go.podman.io/image/v5/copy/progress_channel.go (1)
7-7: LGTM: types import migrated to go.podman.io/image/v5No functional changes.
vendor/go.podman.io/image/v5/internal/image/docker_schema1.go (1)
9-11: LGTM: import migration verified No legacygithub.com/containers/...imports remain outsidevendordirectories.vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go (1)
7-7: LGTM: internal package path updatedInternal signature import aligns with new module path.
vendor/go.podman.io/image/v5/internal/image/memory.go (1)
7-7: LGTM: types import migratedNo behavioral change; matches go.podman.io/image/v5/types.
vendor/go.podman.io/image/v5/docker/docker_transport.go (1)
9-12: LGTM: docker_ imports migrated and Go version requirement satisfied*
Imports correctly updated to go.podman.io equivalents, and go.mod specifies Go 1.24.0 (>= 1.20), enabling strings.CutPrefix/CutSuffix support.vendor/go.podman.io/image/v5/internal/image/manifest.go (1)
8-10: Merge as-is: imports properly migrated; residual containers/common modules in vendor expected via indirect vfkit dependency.vendor/go.podman.io/image/v5/manifest/common.go (2)
7-8: Import remap LGTMImports correctly switched to go.podman.io/image/v5; symbol usage (compressiontypes.Algorithm, types.BlobInfo/OptionalBool) remains consistent.
7-8: No direct github.com/containers imports remain; github.com/containers/common is indirect in go.mod.vendor/go.podman.io/image/v5/internal/manifest/oci_index.go (1)
15-18: Import path switch looks correctAliases preserved (platform, compression, types); no behavioral changes in the file stem from this remap.
vendor/go.podman.io/image/v5/directory/directory_transport.go (1)
11-15: Directory transport imports updated cleanlyAll c/image imports replaced with go.podman.io/image/v5 equivalents; transport registration and reference methods unaffected.
vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go (1)
6-8: BlobInfoCache imports remapped; behavior unchangedSwitch to go.podman.io/image/v5 internal/types is consistent; no logic touched.
vendor/go.podman.io/image/v5/pkg/compression/types/types.go (1)
4-4: Internal compression types import updatedRemap to go.podman.io/image/v5/pkg/compression/internal stays within module boundary; constants/type aliases unchanged.
vendor/go.podman.io/image/v5/directory/directory_src.go (1)
10-16: LGTM: directory transport imports moved to go.podman.io/image/v5Consistent monorepo migration; no logic alterations.
vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go (1)
7-10: LGTM: internal/imagesource imports migratedPure path updates; wrapper behavior unchanged.
vendor/go.podman.io/image/v5/directory/directory_dest.go (1)
14-21: LGTM: imports updated (incl. storage fileutils path)Matches go.podman.io modules; usage of fileutils.Exists remains valid.
vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go (1)
10-13: LGTM: blobinfocache imports point to go.podman.io/image/v5No functional change.
vendor/go.podman.io/image/v5/manifest/oci_index.go (1)
5-5: Import path migration looks correct (containers/image → go.podman.io/image).No behavioral change; alias remains consistent with upstream.
vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go (1)
4-6: Updated internal imports to go.podman.io paths are consistent.Build surface unchanged; private and manifest packages resolve within the vendored module.
vendor/go.podman.io/image/v5/manifest/list.go (1)
5-5: Mechanical import switch only; safe.Matches the monorepo layout under go.podman.io/image/v5/internal/manifest.
vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go (1)
5-5: types import migrated to go.podman.io/image/v5/types; OK.No API/behavioral changes in this file.
vendor/go.podman.io/image/v5/manifest/docker_schema2.go (2)
9-12: All containers/ imports replaced with go.podman.io equivalents; aliases intact.*No functional change; consistent with the rest of the vendor updates.
9-12: No mixed namespaces detected. Verified zero imports ofgithub.com/containers/{image,common,storage}outsidevendor/, andgo.moddirectly requires onlygo.podman.io/common,go.podman.io/image/v5, andgo.podman.io/storage(legacygithub.com/containers/commonappears only as an indirect dependency).vendor/go.podman.io/image/v5/copy/sign.go (1)
7-13: Imports migration verified: no stray github.com/containers/(image|common|storage) imports outsidevendor; all code now references go.podman.io/* andgo.modreflects the expected module paths.vendor/go.podman.io/image/v5/pkg/blobinfocache/sqlite/sqlite.go (1)
15-17: Import relocation to go.podman.io/image/v5 is consistentMatches the monorepo switch; no logic changes.
vendor/go.podman.io/image/v5/internal/manifest/manifest.go (1)
10-10: Compression types import updated to go.podman.io — OKAlias retained; downstream references remain valid.
vendor/go.podman.io/image/v5/internal/image/oci.go (1)
13-18: Switched internal/image imports to go.podman.io — OKocicrypt import correctly remains under github.com/containers.
vendor/go.podman.io/image/v5/manifest/oci.go (1)
13-15: go.podman.io imports for internal/manifest, compression/types, and types — OKNo behavioral changes; consistent with module migration.
vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1)
7-7: Import path migration looks correct.
typesnow points to go.podman.io/image/v5/types; API usage unchanged.vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1)
8-8: Signature package import updated as expected.References to signature.Signature remain consistent.
vendor/go.podman.io/image/v5/internal/image/unparsed.go (1)
8-14: All image-related imports migrated to go.podman.io.Aliases maintained; no behavioral changes implied.
vendor/go.podman.io/image/v5/internal/manifest/list.go (1)
8-9: Compression/types and types imports correctly switched.Alias “compression” preserved; downstream field types remain compatible.
vendor/go.podman.io/image/v5/docker/docker_image_src.go (1)
22-33: Migration verified: nogithub.com/containers/*imports remain; go.mod specifies Go 1.24.0 (>=1.22).vendor/go.podman.io/image/v5/internal/blobinfocache/types.go (1)
3-7: Imports migrated to go.podman.io/image/v5 — LGTM.Path switches to go.podman.io/image/v5 for compression/types and types look consistent and non-functional.
vendor/go.podman.io/image/v5/manifest/manifest.go (1)
9-11: Consistent import switch to go.podman.io/image/v5.Matches the PR’s intent; no behavioral change.
vendor/go.podman.io/image/v5/copy/multiple.go (1)
16-22: Import migration LGTM—go.mod targets Go 1.24.0 (supports stdlib maps & slices), no iter imports or stray github.com/containers/ outside vendor detected.*vendor/go.podman.io/image/v5/copy/progress_bars.go (1)
12-13: LGTM on go.podman.io/image/v5 import updates.No functional changes.
vendor/go.podman.io/image/v5/copy/single.go (1)
20-31: Broad import-path migration LGTM; storage chunked/toc import is valid, no residual “github.com/containers/*” imports outside vendor, and Go 1.24.0 meets the vendored image/v5 go.mod requirement.vendor/go.podman.io/image/v5/copy/compression.go (1)
11-16: Import path migration looks correct.The switch to go.podman.io modules for image/storage-related imports is consistent and preserves behavior.
vendor/go.podman.io/image/v5/docker/docker_image_dest.go (1)
24-39: Namespace migration LGTM.All containers/image imports are correctly migrated to go.podman.io/image/v5; no functional changes observed.
vendor/go.podman.io/image/v5/copy/copy.go (1)
15-29: No remaining github.com/containers imports outside vendor; go.mod only has an indirect containers/common dependency.vendor/github.com/mattn/go-sqlite3/sqlite3ext.h (1)
375-376: SQLite extension API bump acknowledged.The new setlk_timeout entry and macro align with 3.50.0+; additive and safe for the bundled amalgamation.
Also applies to: 709-711
vendor/go.podman.io/image/v5/docker/docker_client.go (1)
26-38: Import migration LGTM.All containers/* imports now reference go.podman.io; storage utils map correctly to go.podman.io/storage.
vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (7)
150-153: SQLite upgrade to 3.50.3 — check ABI/runtime and build pairingThe header now advertises 3.50.3 (SQLITE_VERSION/NUMBER/SOURCE_ID). Please ensure:
- The corresponding sqlite3-binding.c (amalgamation) in vendor matches 3.50.3 to avoid header/impl skew.
- No downstream code assumes older structs/opcodes (e.g., FTS5/rtree/session API sizes).
- If any host platform ever toggles USE_LIBSQLITE3 (system SQLite), verify the runtime lib is ≥ 3.50.3 or that we don’t rely on new symbols at runtime. Mixing newer headers with older shared libs will break when dynamically linked.
Would you like me to scan the tree for USE_LIBSQLITE3 and places where we might link against system SQLite in CI/build scripts?
3026-3057: New setlk-timeout API and FCNTL addendums — confirm we don’t (yet) depend on themAdditions:
- sqlite3_setlk_timeout(sqlite3*, int ms, int flags) + SQLITE_SETLK_BLOCK_ON_CONNECT
- New file-control: SQLITE_FCNTL_BLOCK_ON_CONNECT (44)
Notes:
- sqlite3_setlk_timeout is only meaningful with SQLITE_ENABLE_SETLK_TIMEOUT builds. Ensure we never call it unless our amalgamation is built with that option; otherwise link-time will fail if we ever switch to system SQLite.
- If any downstream CGO or Go code begins using these symbols, guard usage behind build tags or feature probes (sqlite3_compileoption_used / version checks) to remain compatible with older libsqlite3 on host machines when USE_LIBSQLITE3 is enabled.
I can add a tiny runtime probe wrapper to check for these features and gate calls accordingly if you plan to use them.
Also applies to: 3060-3063, 1167-1172, 1269-1269
1999-2009: Documentation-only edits (lookaside/DBCONFIG) — no runtime impactThese are comment/doc updates for SQLITE_CONFIG_LOOKASIDE and SQLITE_DBCONFIG_LOOKASIDE. No code or ABI impact; safe to vendor.
Also applies to: 2247-2273
137-137: Minor doc link tweakUpstream doc link adjusted; nothing to do here.
13778-13780: USE_LIBSQLITE3 noop guard — keep header/impl strategy consistentReminder: when USE_LIBSQLITE3 is defined, this header becomes a no-op to avoid mismatches with system SQLite headers. Ensure our build never defines USE_LIBSQLITE3 while still compiling the amalgamation sources, and conversely that when linking to system SQLite we don’t compile the amalgamation, to avoid ODR/duplicate symbol issues.
I can check build tags/CGO flags across platforms to confirm we never mix these modes.
9947-9954: New checkpoint mode constants reiterated — match any consumersIf we have local wrappers that pass checkpoint modes into sqlite3_wal_checkpoint_v2, verify enums/values still align (they do), and that no hard-coded integers are elsewhere.
Should I grep for direct integer literals used as checkpoint modes and replace with the enum names?
820-907: No-op calling convention macro section unchanged — cross-platform build sanityGiven we target Linux/macOS/Windows, keeping SQLITE_CDECL/APICALL consistent is important. No change here, but worth re-running builds for all targets after the version bump.
Can we schedule a quick matrix build (linux/amd64, linux/arm64, darwin/arm64, windows/amd64) to validate CGO with the new amalgamation?
|
/ok-to-test |
|
Hi @jankaluza, thanks for this PR. In the meantime, some conflicts appeared, can you rebase your branch? |
These go packages were migrated to a monorepo, as stated in the https://blog.podman.io/2025/08/migration-to-the-container-libs-monorepo-is-complete/. This commit updates the crc package to use these packages from new locations. It was generated using following commands: ``` $ find . -type f -name '*.go' -exec sed -i -e 's,"github.com/containers/image,"go.podman.io/image,g' {} \; $ find . -type f -name '*.go' -exec sed -i -e 's,"github.com/containers/common,"go.podman.io/common,g' {} \; $ find . -type f -name '*.go' -exec sed -i -e 's,"github.com/containers/storage,"go.podman.io/storage,g' {} \; $ goimports -v -w . $ git checkout vendor/ $ git checkout tools/vendor $ vi go.mod # to change the storage, image and common imports $ go mod tidy $ go mod vendor ``` Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
|
@redbeam , rebased. |
|
/retest |
|
@jankaluza: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
@jankaluza Closing this in favor of #4954 (reason is in that PR). |
3 participants
These go packages were migrated to a monorepo, as stated in the https://blog.podman.io/2025/08/migration-to-the-container-libs-monorepo-is-complete/.
This commit updates the crc package to use these packages from new locations.
It was generated using following commands:
Description
See the description above.
Type of change
test, version modification, documentation, etc.)
Proposed changes
Testing
Contribution Checklist
Summary by CodeRabbit