Move to new github.com/sirupsen/logrus.

Need to mv to latest released and supported version of logrus
switch github.com/Sirupsen/logrus github.com/sirupsen/logrus

Also vendor in latest containers/storage and containers/image

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/containers/image/signature/mechanism_openpgp.go

@@ -132,11 +132,17 @@ func (m *openpgpSigningMechanism) Verify(unverifiedSignature []byte) (contents [
 	if md.SignedBy == nil {
 		return nil, "", InvalidSignatureError{msg: fmt.Sprintf("Invalid GPG signature: %#v", md.Signature)}
 	}
-	if md.Signature.SigLifetimeSecs != nil {
-		expiry := md.Signature.CreationTime.Add(time.Duration(*md.Signature.SigLifetimeSecs) * time.Second)
-		if time.Now().After(expiry) {
-			return nil, "", InvalidSignatureError{msg: fmt.Sprintf("Signature expired on %s", expiry)}
+	if md.Signature != nil {
+		if md.Signature.SigLifetimeSecs != nil {
+			expiry := md.Signature.CreationTime.Add(time.Duration(*md.Signature.SigLifetimeSecs) * time.Second)
+			if time.Now().After(expiry) {
+				return nil, "", InvalidSignatureError{msg: fmt.Sprintf("Signature expired on %s", expiry)}
+			}
 		}
+	} else if md.SignatureV3 == nil {
+		// Coverage: If md.SignedBy != nil, the final md.UnverifiedBody.Read() either sets one of md.Signature or md.SignatureV3,
+		// or sets md.SignatureError.
+		return nil, "", InvalidSignatureError{msg: "Unexpected openpgp.MessageDetails: neither Signature nor SignatureV3 is set"}
 	}
 
 	// Uppercase the fingerprint to be compatible with gpgme