@@ -280,6 +280,7 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \

             libnl-3-200 \

             libprotobuf-c1 \

             net-tools \

+            patch \

             pigz \

             python3-pip \

             python3-setuptools \

@@ -5,12 +5,13 @@ source "${SCRIPTDIR}/.validate"

 validate_vendor_diff(){

 	IFS=$'\n'

+	# shellcheck disable=SC2207

 	files=( $(validate_diff --diff-filter=ACMR --name-only -- 'vendor.conf' 'vendor/' || true) )

 	unset IFS

 	if [ -n "${TEST_FORCE_VALIDATE:-}" ] || [ ${#files[@]} -gt 0 ]; then

 		# recreate vendor/

-		vndr -whitelist=^archive/tar

+		./hack/vendor.sh

 		# check if any files have changed

 		diffs="$(git status --porcelain -- vendor 2>/dev/null)"

 		mfiles="$(echo "$diffs" | awk '/^ M / {print $2}')"

@@ -12,4 +12,17 @@ if ! hash vndr; then

 	exit 1

 fi

-vndr -whitelist=^archive/tar "$@"

+if [ $# -eq 0 ] || [ "$1" = "archive/tar" ]; then

+	echo "update vendored copy of archive/tar"

+	: "${GO_VERSION:=$(awk -F '[ =]' '$1 == "ARG" && $2 == "GO_VERSION" { print $3; exit }' ./Dockerfile)}"

+	rm -rf vendor/archive

+	mkdir -p ./vendor/archive/tar

+	echo "downloading: https://golang.org/dl/go${GO_VERSION}.src.tar.gz"

+	curl -fsSL "https://golang.org/dl/go${GO_VERSION}.src.tar.gz" \

+		| tar --extract --gzip --directory=vendor/archive/tar --strip-components=4 go/src/archive/tar

+	patch --strip=4 --directory=vendor/archive/tar --input="$PWD/patches/0001-archive-tar-do-not-populate-user-group-names.patch"

+fi

+

+if [ $# -eq 0 ] || [ "$1" != "archive/tar" ]; then

+	vndr -whitelist=^archive/tar "$@"

+fi