Remove hardcoded refs from ociartifact code

[inknos]

Fixes: https://issues.redhat.com/browse/RUN-3578
Depends on: containers/container-libs#411

Does this PR introduce a user-facing change?

None

[inknos]

@baude @Luap99 I am confused on how to write tests for this PR and how to build in this PR when code from container-libs/common is needed

[packit-as-a-service]

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

[packit-as-a-service]

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

[Luap99]

you need a go mod replace to build and test temporarily here in podman

https://github.com/containers/container-libs/blob/main/CONTRIBUTING_GO.md#testing-changes-in-a-dependent-repository

I am not sure we need to add a test

[baude]

im ok with no new tests for now.

[TomSweeneyRedHat]

Changes LGTM with a quick breeze

[inknos]

@Luap99 tbh I got lost a little bit thinking how we could append the podman version as a tag. Ideally, that is only when endpoint is the same as config.Machine.Image. I think my implementation is far from being nice, but I am getting closer to the solution.

[Luap99]

Ideally, that is only when endpoint is the same as config.Machine.Image

I don't think is is important and likely not what we want in case RHEL overrides that with a custom image. I think the logic could be quite simple, if it doesn't specify a tag/digest then append the current version. That seems the most logical and consitent behavior for users and documentation purposes because the cli and config values still behave the same then.

[Luap99]

Without the corresponding common update this will beak podman machine init.

Since the common PR is merged to update then vendor during dev cycles please run

go get go.podman.io/storage@main && go get go.podman.io/image/v5@main &&  go get go.podman.io/common@main && make vendor

then commit this. (Note vendor will fail currently due the cgroupv2 removal, @lsm5 will revert it in common then it should work afterwards)

Also machine test are failing as they don't hard code the image so they have none, the test should not parse the config file so just hard code the location in pkg/machine/e2e/machine_pull_test.go

[inknos]

@Luap99 I addressed the comments. should I squash the commits with the vendor?

also, I am hitting
libpod/oci_conmon_linux.go:378:21: cannot use resource.Pids.Limit (variable of type int64) as *int64 value in assignment on make podman. is it caused by vendoring?

[Luap99]

@Luap99 I addressed the comments. should I squash the commits with the vendor?

No, extra commits for vendor is what I usually prefer unless it breaks the build then we need the fix in the same commit as we require all commits to compile.

also, I am hitting libpod/oci_conmon_linux.go:378:21: cannot use resource.Pids.Limit (variable of type int64) as *int64 value in assignment on make podman. is it caused by vendoring?

Yeah, that is caused due the cgroups dependency update that got dragged in via common containers/container-libs#428, we need to update that in podman first. I try to take care of that now.

Also opencontainers/cgroups#48, looks like there are more changes around that need also for #27440 but that should not affect you here to much for now I think.

[Luap99]

Ah, one other things please don't just name the commit Vendor, we vendor a lot of things so a bit more info would be nice, like: vendor: update common, image, storage

[inknos]

Let me squash the commits then

[Luap99]

it should work once #27454 merged and you rebase

[inknos]

awesome, thanks a lot

[Luap99]

Did you run git add . before commiting? Looks like you did not commit all vendor files.

[inknos]

Idk how I excluded them, now all should be up to date

[Luap99]

@inknos Can you rebase and fix the CI issues so we can get this moving, for th elinter you can just add a nolint like here for example f47f74c

And you will need to specify the machine image in the machine e2e test as they don't read the containers.conf there.

This could be blocking others from vendoring common,image,storage.

[inknos]

ok there are a few things I am not understanding here.

1. I rebased the pr but there were conflicts of course. so I removed the vendor, restored main's go.mod and go.sum, and vendored again, which now gives this error. do I actually need to vendor now?

$ go get go.podman.io/storage@main && go get go.podman.io/image/v5@main &&  go get go.podman.io/common@main && make vendo
r                                                                               
go: downloading cyphar.com/go-pathrs v0.2.1       
go: upgraded github.com/containerd/stargz-snapshotter/estargz v0.17.0 => v0.18.1 
go: upgraded github.com/cyphar/filepath-securejoin v0.5.1 => v0.6.0                                                                                             
go: upgraded github.com/klauspost/compress v1.18.0 => v1.18.1
go: added github.com/mistifyio/go-zfs/v4 v4.0.0             
go: upgraded github.com/opencontainers/selinux v1.12.0 => v1.13.0       
go: upgraded github.com/vbatts/tar-split v0.12.1 => v0.12.2                                                                                                     
go: upgraded go.podman.io/storage v1.61.0 => v1.61.1-0.20251112195944-4afce3558e66
go: upgraded github.com/go-jose/go-jose/v4 v4.1.2 => v4.1.3
go: upgraded go.opentelemetry.io/auto/sdk v1.1.0 => v1.2.1
go: upgraded go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 => v0.63.0
go: upgraded go.opentelemetry.io/otel v1.37.0 => v1.38.0
go: upgraded go.opentelemetry.io/otel/metric v1.37.0 => v1.38.0
go: upgraded go.opentelemetry.io/otel/trace v1.37.0 => v1.38.0         
go: upgraded go.podman.io/image/v5 v5.38.0 => v5.38.1-0.20251112195944-4afce3558e66
go: upgraded golang.org/x/oauth2 v0.32.0 => v0.33.0
go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b => v0.0.0-20250825161204-c5933d9347a5
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b => v0.0.0-20250825161204-c5933d9347a5
go: upgraded github.com/pkg/sftp v1.13.9 => v1.13.10            
go: upgraded go.podman.io/common v0.66.0 => v0.66.1-0.20251112195944-4afce3558e66
go mod tidy      
go: downloading cyphar.com/go-pathrs v0.2.1
go: github.com/containers/podman/v6/libpod imports
        github.com/cyphar/filepath-securejoin/pathrs-lite imports
        cyphar.com/go-pathrs: unrecognized import path "cyphar.com/go-pathrs": parse https://cyphar.com/go-pathrs?go-get=1: no go-import meta tags ()
go: github.com/containers/podman/v6/libpod imports               
        github.com/opencontainers/selinux/go-selinux imports
        github.com/cyphar/filepath-securejoin/pathrs-lite/procfs imports
        cyphar.com/go-pathrs/procfs: unrecognized import path "cyphar.com/go-pathrs": parse https://cyphar.com/go-pathrs?go-get=1: no go-import meta tags ()
make: *** [Makefile:354: vendor] Error 1 

2. now, make validatepr is sane now though, so I don't think I need any nolint right now

[Luap99]

@inknos I saw that do, you can try setting GOPROXY="https://proxy.golang.org" env when you see such issues, generally means the website seems to have an issue. I can chase that down and report in the right place.

You still have to fix the machine test so they actually fin the image now

something like this I think
diff

$ git diff
diff --git a/pkg/machine/e2e/machine_pull_test.go b/pkg/machine/e2e/machine_pull_test.go
index bf05219aed..9528784c1b 100644
--- a/pkg/machine/e2e/machine_pull_test.go
+++ b/pkg/machine/e2e/machine_pull_test.go
@@ -25,7 +25,7 @@ func pullOCITestDisk(finalDir string, vmType define.VMType) error {
        dirs := define.MachineDirs{ImageCacheDir: imageCacheDir}
 
        var skipTlsVerify types.OptionalBool
-       ociArtPull, err := ocipull.NewOCIArtifactPull(context.Background(), &dirs, "", "e2emachine", vmType, unusedFinalPath, skipTlsVerify)
+       ociArtPull, err := ocipull.NewOCIArtifactPull(context.Background(), &dirs, "docker://quay.io/podman/machine-os", "e2emachine", vmType, unusedFinalPath, skipTlsVerify)
        if err != nil {
                return err
        }

[Luap99]

Oh an yes you still need to vendor this as common hasn't been updated here yet

[Luap99]

I am unable to reproducer the vendor problem now even with clean caches, it might have been a temporary server thing.

If it still doesn't work there is also make vendor-in-container which may work better

[inknos]

GOPROXY="https://proxy.golang.org"

This did it, thanks.

You still have to fix the machine test so they actually fin the image now

now everything should be done. thanks for the help with this

[baude]

LGTM

[Luap99]

Looks like swagger was not happy with the new moby/docker types that got tragged in so I pushed a small commit here to fix so we can get this merged.

[Luap99]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inknos, Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Luap99]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment