Skip to content

Commit 2fe010d

Browse files
committed
chore: bump go-conainerregistry
Bump go-containerregistry See: siderolabs/talos#13462 Signed-off-by: Noel Georgi <git@frezbo.dev>
1 parent b5d3d92 commit 2fe010d

4 files changed

Lines changed: 16 additions & 18 deletions

File tree

go.mod

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,6 @@ module github.com/siderolabs/image-factory
22

33
go 1.26.3
44

5-
// downgrade the go-containerregistry to workaround the security changes in
6-
// https://github.com/google/go-containerregistry/pull/2227/changes: it breaks
7-
// our extensions
8-
replace github.com/google/go-containerregistry => github.com/google/go-containerregistry v0.21.2
9-
105
require (
116
cloud.google.com/go/auth v0.20.0
127
github.com/CalebQ42/squashfs v1.4.1
@@ -179,7 +174,6 @@ require (
179174
github.com/containerd/log v0.1.0 // indirect
180175
github.com/containerd/platforms v1.0.0-rc.4 // indirect
181176
github.com/containerd/plugin v1.1.0 // indirect
182-
github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect
183177
github.com/containerd/ttrpc v1.2.8 // indirect
184178
github.com/containerd/typeurl/v2 v2.2.3 // indirect
185179
github.com/containernetworking/cni v1.3.0 // indirect
@@ -194,7 +188,6 @@ require (
194188
github.com/diskfs/go-diskfs v1.7.0 // indirect
195189
github.com/distribution/reference v0.6.0 // indirect
196190
github.com/docker/cli v29.4.3+incompatible // indirect
197-
github.com/docker/distribution v2.8.3+incompatible // indirect
198191
github.com/docker/docker-credential-helpers v0.9.5 // indirect
199192
github.com/docker/go-connections v0.7.0 // indirect
200193
github.com/docker/go-units v0.5.0 // indirect
@@ -433,7 +426,6 @@ require (
433426
github.com/transparency-dev/merkle v0.0.2 // indirect
434427
github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
435428
github.com/vbatts/go-mtree v0.7.0 // indirect
436-
github.com/vbatts/tar-split v0.12.2 // indirect
437429
github.com/vifraa/gopom v1.0.0 // indirect
438430
github.com/vultr/metadata v1.1.0 // indirect
439431
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect

go.sum

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -378,8 +378,6 @@ github.com/containerd/platforms v1.0.0-rc.4 h1:M42JrUT4zfZTqtkUwkr0GzmUWbfyO5VO0
378378
github.com/containerd/platforms v1.0.0-rc.4/go.mod h1:lKlMXyLybmBedS/JJm11uDofzI8L2v0J2ZbYvNsbq1A=
379379
github.com/containerd/plugin v1.1.0 h1:O+7lczNJVMy8rz0YNx3xGB8tTf5qY4i5abF041Ew19U=
380380
github.com/containerd/plugin v1.1.0/go.mod h1:qBTum+A8lJ6lO44A19Eo7y1OlcLj4OWFH1DA/vnHmcc=
381-
github.com/containerd/stargz-snapshotter/estargz v0.18.2 h1:yXkZFYIzz3eoLwlTUZKz2iQ4MrckBxJjkmD16ynUTrw=
382-
github.com/containerd/stargz-snapshotter/estargz v0.18.2/go.mod h1:XyVU5tcJ3PRpkA9XS2T5us6Eg35yM0214Y+wvrZTBrY=
383381
github.com/containerd/ttrpc v1.2.8 h1:xbVu6D4qF2jihdh9rDVOKqUMiFBQk6YctTdo1zk087Y=
384382
github.com/containerd/ttrpc v1.2.8/go.mod h1:wyZW2K79t4Hfcxl+GUvkZqRBzJlqFFvgEeeWXa42tyE=
385383
github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40=
@@ -424,8 +422,6 @@ github.com/dlclark/regexp2 v1.12.0 h1:0j4c5qQmnC6XOWNjP3PIXURXN2gWx76rd3KvgdPkCz
424422
github.com/dlclark/regexp2 v1.12.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
425423
github.com/docker/cli v29.4.3+incompatible h1:u+UliYm2J/rYrIh2FqHQg32neRG8GjbvNuwQRTzGspU=
426424
github.com/docker/cli v29.4.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
427-
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
428-
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
429425
github.com/docker/docker-credential-helpers v0.9.5 h1:EFNN8DHvaiK8zVqFA2DT6BjXE0GzfLOZ38ggPTKePkY=
430426
github.com/docker/docker-credential-helpers v0.9.5/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c=
431427
github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c=
@@ -694,8 +690,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
694690
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
695691
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
696692
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
697-
github.com/google/go-containerregistry v0.21.2 h1:vYaMU4nU55JJGFC9JR/s8NZcTjbE9DBBbvusTW9NeS0=
698-
github.com/google/go-containerregistry v0.21.2/go.mod h1:ctO5aCaewH4AK1AumSF5DPW+0+R+d2FmylMJdp5G7p0=
693+
github.com/google/go-containerregistry v0.21.6 h1:T+yqQIlJXKrM98Om4DlW3GoWQAmhZuLMwoDOvVrtiUM=
694+
github.com/google/go-containerregistry v0.21.6/go.mod h1:U7MMSBIJynke2MVQrQk19NP9k/uQsGz/h0amIFSHMbo=
699695
github.com/google/go-github/v73 v73.0.0 h1:aR+Utnh+Y4mMkS+2qLQwcQ/cF9mOTpdwnzlaw//rG24=
700696
github.com/google/go-github/v73 v73.0.0/go.mod h1:fa6w8+/V+edSU0muqdhCVY7Beh1M8F1IlQPZIANKIYw=
701697
github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0=
@@ -1423,8 +1419,6 @@ github.com/umisama/go-cpe v0.0.0-20190323060751-cdd6c3c28a23 h1:+168JmE638t0Oxro
14231419
github.com/umisama/go-cpe v0.0.0-20190323060751-cdd6c3c28a23/go.mod h1:Jv/KoYWD3+46wW8r3pEwISwtgv5Q8NTfFto2wFRKvoA=
14241420
github.com/vbatts/go-mtree v0.7.0 h1:ytmOc3MTRidZiBi9VBCyZ2BHe4fZS47L5v7BVXDWW4E=
14251421
github.com/vbatts/go-mtree v0.7.0/go.mod h1:EjdpFC+LZy1TXbRGNa1MKKgjQ+7ew3foMFJK8o4/TdY=
1426-
github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4=
1427-
github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
14281422
github.com/vifraa/gopom v1.0.0 h1:L9XlKbyvid8PAIK8nr0lihMApJQg/12OBvMA28BcWh0=
14291423
github.com/vifraa/gopom v1.0.0/go.mod h1:oPa1dcrGrtlO37WPDBm5SqHAT+wTgF8An1Q71Z6Vv4o=
14301424
github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=

internal/asset/cache/s3/reference.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ func newObjectReference(asset cache.BootAsset) (*objectReference, error) {
2222
return nil, err
2323
}
2424

25+
defer r.Close() //nolint:errcheck
26+
2527
obj := &objectReference{}
2628

2729
err = json.NewDecoder(r).Decode(obj)

internal/remotewrap/remotewrap.go

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,16 @@ import (
2020
"github.com/siderolabs/image-factory/internal/remotewrap/internal/refresher"
2121
)
2222

23+
// defaultRemoteJobs sets the parallelism for remote pull/push operations.
24+
//
25+
// go-containerregistry v0.21.x introduced a pull limiter that gates concurrent
26+
// blob fetches on this value (default 4), with tokens only released when the
27+
// layer reader is closed. The default of 4 throttles Image Factory, which
28+
// fans out many concurrent image/layer pulls through a small set of shared
29+
// pullers. Restore the effectively-unbounded concurrency we relied on before
30+
// the limiter existed; actual concurrency stays bounded by the connection pool.
31+
const defaultRemoteJobs = 4
32+
2333
var transport = sync.OnceValue(func() *http.Transport {
2434
t := cleanhttp.DefaultPooledTransport()
2535
t.MaxIdleConnsPerHost = t.MaxIdleConns / 2 // use half of the default max idle connections per host
@@ -74,7 +84,7 @@ func NewPusher(refreshInterval time.Duration, opts ...remote.Option) (Pusher, er
7484
return &pusherWrapper{
7585
refresher: refresher.New(
7686
func() (*remote.Pusher, error) {
77-
return remote.NewPusher(slices.Concat(opts, []remote.Option{remote.WithTransport(transport())})...)
87+
return remote.NewPusher(slices.Concat([]remote.Option{remote.WithJobs(defaultRemoteJobs)}, opts, []remote.Option{remote.WithTransport(transport())})...)
7888
},
7989
refreshInterval,
8090
),
@@ -134,7 +144,7 @@ func NewPuller(refreshInterval time.Duration, opts ...remote.Option) (Puller, er
134144
return &pullerWrapper{
135145
refresher: refresher.New(
136146
func() (*remote.Puller, error) {
137-
return remote.NewPuller(slices.Concat(opts, []remote.Option{remote.WithTransport(transport())})...)
147+
return remote.NewPuller(slices.Concat([]remote.Option{remote.WithJobs(defaultRemoteJobs)}, opts, []remote.Option{remote.WithTransport(transport())})...)
138148
},
139149
refreshInterval,
140150
),

0 commit comments

Comments
 (0)