Migrate to containerd v1.7.0 and update dependencies

* Updates containerd to v1.7.0 and new binary for 32-bit
Arm OSes.
* Updates Go dependencies - openfaas and external

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>

vendor/github.com/containerd/fifo/.golangci.yml

@@ -1,19 +1,35 @@
 linters:
   enable:
-    - structcheck
-    - varcheck
-    - staticcheck
-    - unconvert
+    - exportloopref # Checks for pointers to enclosing loop variables
     - gofmt
     - goimports
-    - golint
+    - gosec
     - ineffassign
-    - vet
-    - unused
     - misspell
+    - nolintlint
+    - revive
+    - staticcheck
+    - tenv # Detects using os.Setenv instead of t.Setenv since Go 1.17
+    - unconvert
+    - unused
+    - vet
+    - dupword # Checks for duplicate words in the source code
   disable:
     - errcheck
 
+linters-settings:
+  gosec:
+    # The following issues surfaced when `gosec` linter
+    # was enabled. They are temporarily excluded to unblock
+    # the existing workflow, but still to be addressed by
+    # future works.
+    excludes:
+      - G204
+      - G305
+      - G306
+      - G402
+      - G404
+
 run:
   timeout: 3m
   skip-dirs:

vendor/github.com/containerd/fifo/fifo.go

@@ -1,4 +1,4 @@
-// +build !windows
+//go:build !windows
 
 /*
    Copyright The containerd Authors.
@@ -20,13 +20,13 @@ package fifo
 
 import (
 	"context"
+	"fmt"
 	"io"
 	"os"
 	"runtime"
 	"sync"
 	"syscall"
 
-	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 
@@ -48,12 +48,12 @@ var leakCheckWg *sync.WaitGroup
 func OpenFifoDup2(ctx context.Context, fn string, flag int, perm os.FileMode, fd int) (io.ReadWriteCloser, error) {
 	f, err := openFifo(ctx, fn, flag, perm)
 	if err != nil {
-		return nil, errors.Wrap(err, "fifo error")
+		return nil, fmt.Errorf("fifo error: %w", err)
 	}
 
 	if err := unix.Dup2(int(f.file.Fd()), fd); err != nil {
 		_ = f.Close()
-		return nil, errors.Wrap(err, "dup2 error")
+		return nil, fmt.Errorf("dup2 error: %w", err)
 	}
 
 	return f, nil
@@ -62,22 +62,28 @@ func OpenFifoDup2(ctx context.Context, fn string, flag int, perm os.FileMode, fd
 // OpenFifo opens a fifo. Returns io.ReadWriteCloser.
 // Context can be used to cancel this function until open(2) has not returned.
 // Accepted flags:
-// - syscall.O_CREAT - create new fifo if one doesn't exist
-// - syscall.O_RDONLY - open fifo only from reader side
-// - syscall.O_WRONLY - open fifo only from writer side
-// - syscall.O_RDWR - open fifo from both sides, never block on syscall level
-// - syscall.O_NONBLOCK - return io.ReadWriteCloser even if other side of the
+//   - syscall.O_CREAT - create new fifo if one doesn't exist
+//   - syscall.O_RDONLY - open fifo only from reader side
+//   - syscall.O_WRONLY - open fifo only from writer side
+//   - syscall.O_RDWR - open fifo from both sides, never block on syscall level
+//   - syscall.O_NONBLOCK - return io.ReadWriteCloser even if other side of the
 //     fifo isn't open. read/write will be connected after the actual fifo is
 //     open or after fifo is closed.
 func OpenFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (io.ReadWriteCloser, error) {
-	return openFifo(ctx, fn, flag, perm)
+	fifo, err := openFifo(ctx, fn, flag, perm)
+	if fifo == nil {
+		// Do not return a non-nil ReadWriteCloser((*fifo)(nil)) value
+		// as that can confuse callers.
+		return nil, err
+	}
+	return fifo, err
 }
 
 func openFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (*fifo, error) {
 	if _, err := os.Stat(fn); err != nil {
 		if os.IsNotExist(err) && flag&syscall.O_CREAT != 0 {
 			if err := syscall.Mkfifo(fn, uint32(perm&os.ModePerm)); err != nil && !os.IsExist(err) {
-				return nil, errors.Wrapf(err, "error creating fifo %v", fn)
+				return nil, fmt.Errorf("error creating fifo %v: %w", fn, err)
 			}
 		} else {
 			return nil, err
@@ -138,7 +144,7 @@ func openFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (*fifo
 				case <-ctx.Done():
 					err = ctx.Err()
 				default:
-					err = errors.Errorf("fifo %v was closed before opening", h.Name())
+					err = fmt.Errorf("fifo %v was closed before opening", h.Name())
 				}
 				if file != nil {
 					file.Close()
@@ -206,6 +212,10 @@ func (f *fifo) Write(b []byte) (int, error) {
 // before open(2) has returned and fifo was never opened.
 func (f *fifo) Close() (retErr error) {
 	for {
+		if f == nil {
+			return
+		}
+
 		select {
 		case <-f.closed:
 			f.handle.Close()

vendor/github.com/containerd/fifo/handle_linux.go

@@ -1,4 +1,4 @@
-// +build linux
+//go:build linux
 
 /*
    Copyright The containerd Authors.
@@ -23,11 +23,9 @@ import (
 	"os"
 	"sync"
 	"syscall"
-
-	"github.com/pkg/errors"
 )
 
-//nolint:golint
+//nolint:revive
 const O_PATH = 010000000
 
 type handle struct {
@@ -42,7 +40,7 @@ type handle struct {
 func getHandle(fn string) (*handle, error) {
 	f, err := os.OpenFile(fn, O_PATH, 0)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to open %v with O_PATH", fn)
+		return nil, fmt.Errorf("failed to open %v with O_PATH: %w", fn, err)
 	}
 
 	var (
@@ -51,7 +49,7 @@ func getHandle(fn string) (*handle, error) {
 	)
 	if err := syscall.Fstat(int(fd), &stat); err != nil {
 		f.Close()
-		return nil, errors.Wrapf(err, "failed to stat handle %v", fd)
+		return nil, fmt.Errorf("failed to stat handle %v: %w", fd, err)
 	}
 
 	h := &handle{
@@ -66,7 +64,7 @@ func getHandle(fn string) (*handle, error) {
 	// check /proc just in case
 	if _, err := os.Stat(h.procPath()); err != nil {
 		f.Close()
-		return nil, errors.Wrapf(err, "couldn't stat %v", h.procPath())
+		return nil, fmt.Errorf("couldn't stat %v: %w", h.procPath(), err)
 	}
 
 	return h, nil
@@ -83,11 +81,11 @@ func (h *handle) Name() string {
 func (h *handle) Path() (string, error) {
 	var stat syscall.Stat_t
 	if err := syscall.Stat(h.procPath(), &stat); err != nil {
-		return "", errors.Wrapf(err, "path %v could not be statted", h.procPath())
+		return "", fmt.Errorf("path %v could not be statted: %w", h.procPath(), err)
 	}
 	//nolint:unconvert
 	if uint64(stat.Dev) != h.dev || stat.Ino != h.ino {
-		return "", errors.Errorf("failed to verify handle %v/%v %v/%v", stat.Dev, h.dev, stat.Ino, h.ino)
+		return "", fmt.Errorf("failed to verify handle %v/%v %v/%v", stat.Dev, h.dev, stat.Ino, h.ino)
 	}
 	return h.procPath(), nil
 }

vendor/github.com/containerd/fifo/handle_nolinux.go

@@ -1,4 +1,4 @@
-// +build !linux,!windows
+//go:build !linux && !windows
 
 /*
    Copyright The containerd Authors.
@@ -19,9 +19,8 @@
 package fifo
 
 import (
+	"fmt"
 	"syscall"
-
-	"github.com/pkg/errors"
 )
 
 type handle struct {
@@ -33,13 +32,13 @@ type handle struct {
 func getHandle(fn string) (*handle, error) {
 	var stat syscall.Stat_t
 	if err := syscall.Stat(fn, &stat); err != nil {
-		return nil, errors.Wrapf(err, "failed to stat %v", fn)
+		return nil, fmt.Errorf("failed to stat %v: %w", fn, err)
 	}
 
 	h := &handle{
 		fn:  fn,
-		dev: uint64(stat.Dev), //nolint: unconvert
-		ino: uint64(stat.Ino), //nolint: unconvert
+		dev: uint64(stat.Dev), //nolint:unconvert,nolintlint
+		ino: uint64(stat.Ino), //nolint:unconvert,nolintlint
 	}
 
 	return h, nil
@@ -48,10 +47,10 @@ func getHandle(fn string) (*handle, error) {
 func (h *handle) Path() (string, error) {
 	var stat syscall.Stat_t
 	if err := syscall.Stat(h.fn, &stat); err != nil {
-		return "", errors.Wrapf(err, "path %v could not be statted", h.fn)
+		return "", fmt.Errorf("path %v could not be statted: %w", h.fn, err)
 	}
-	if uint64(stat.Dev) != h.dev || uint64(stat.Ino) != h.ino { //nolint: unconvert
-		return "", errors.Errorf("failed to verify handle %v/%v %v/%v for %v", stat.Dev, h.dev, stat.Ino, h.ino, h.fn)
+	if uint64(stat.Dev) != h.dev || uint64(stat.Ino) != h.ino { //nolint:unconvert,nolintlint
+		return "", fmt.Errorf("failed to verify handle %v/%v %v/%v for %v", stat.Dev, h.dev, stat.Ino, h.ino, h.fn)
 	}
 	return h.fn, nil
 }

vendor/github.com/containerd/fifo/raw.go

@@ -1,4 +1,4 @@
-// +build !windows
+//go:build !windows
 
 /*
    Copyright The containerd Authors.