Bump github.com/containers/buildah from 1.16.4 to 1.16.5

Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/containers/buildah/compare/v1.16.4...v1.16.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/containers/buildah/.cirrus.yml

@@ -90,11 +90,13 @@ gce_instance:
 
 
 'cirrus-ci/only_prs/gate_task':
+    gce_instance:
+        memory: "12Gb"
 
     # see bors.toml
     skip: $CIRRUS_BRANCH =~ ".*\.tmp"
 
-    timeout_in: 30m
+    timeout_in: 10m
 
     setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}'
     build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}'

vendor/github.com/containers/buildah/CHANGELOG.md

@@ -2,6 +2,16 @@
 
 # Changelog
 
+## v1.16.5 (2020-10-21)
+    copier.copierHandlerPut: don't check length when there are errors
+    CI: run gating tasks with a lot more memory
+    Run(): ignore containers.conf's environment configuration
+    bump(github.com/openshift/imagebuilder) to v1.1.8
+    ADD and COPY: descend into excluded directories, sometimes
+    copier: add more context to a couple of error messages
+    copier: check an error earlier
+    Set directory ownership when copied with ID mapping
+
 ## v1.16.4 (2020-10-01)
     ADD: only expand archives at the right time
 

vendor/github.com/containers/buildah/add.go

@@ -137,6 +137,29 @@ func getURL(src, mountpoint, renameTarget string, writer io.Writer) error {
 	return errors.Wrapf(err, "error writing content from %q to tar stream", src)
 }
 
+// includeDirectoryAnyway returns true if "path" is a prefix for an exception
+// known to "pm".  If "path" is a directory that "pm" claims matches its list
+// of patterns, but "pm"'s list of exclusions contains a pattern for which
+// "path" is a prefix, then IncludeDirectoryAnyway() will return true.
+// This is not always correct, because it relies on the directory part of any
+// exception paths to be specified without wildcards.
+func includeDirectoryAnyway(path string, pm *fileutils.PatternMatcher) bool {
+	if !pm.Exclusions() {
+		return false
+	}
+	prefix := strings.TrimPrefix(path, string(os.PathSeparator)) + string(os.PathSeparator)
+	for _, pattern := range pm.Patterns() {
+		if !pattern.Exclusion() {
+			continue
+		}
+		spec := strings.TrimPrefix(pattern.String(), string(os.PathSeparator))
+		if strings.HasPrefix(spec, prefix) {
+			return true
+		}
+	}
+	return false
+}
+
 // Add copies the contents of the specified sources into the container's root
 // filesystem, optionally extracting contents of local files that look like
 // non-empty archives.
@@ -363,20 +386,32 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 		for _, glob := range localSourceStat.Globbed {
 			rel, err := filepath.Rel(contextDir, glob)
 			if err != nil {
-				return errors.Wrapf(err, "error computing path of %q", glob)
+				return errors.Wrapf(err, "error computing path of %q relative to %q", glob, contextDir)
 			}
 			if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) {
 				return errors.Errorf("possible escaping context directory error: %q is outside of %q", glob, contextDir)
 			}
 			// Check for dockerignore-style exclusion of this item.
 			if rel != "." {
-				matches, err := pm.Matches(filepath.ToSlash(rel)) // nolint:staticcheck
+				excluded, err := pm.Matches(filepath.ToSlash(rel)) // nolint:staticcheck
 				if err != nil {
 					return errors.Wrapf(err, "error checking if %q(%q) is excluded", glob, rel)
 				}
-				if matches {
-					continue
+				if excluded {
+					// non-directories that are excluded are excluded, no question, but
+					// directories can only be skipped if we don't have to allow for the
+					// possibility of finding things to include under them
+					globInfo := localSourceStat.Results[glob]
+					if !globInfo.IsDir || !includeDirectoryAnyway(rel, pm) {
+						continue
+					}
 				}
+			} else {
+				// Make sure we don't trigger a "copied nothing" error for an empty context
+				// directory if we were told to copy the context directory itself.  We won't
+				// actually copy it, but we need to make sure that we don't produce an error
+				// due to potentially not having anything in the tarstream that we passed.
+				itemsCopied++
 			}
 			st := localSourceStat.Results[glob]
 			pipeReader, pipeWriter := io.Pipe()
@@ -391,6 +426,10 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 						return false, false, nil
 					})
 				}
+				writer = newTarFilterer(writer, func(hdr *tar.Header) (bool, bool, io.Reader) {
+					itemsCopied++
+					return false, false, nil
+				})
 				getOptions := copier.GetOptions{
 					UIDMap:         srcUIDMap,
 					GIDMap:         srcGIDMap,
@@ -462,10 +501,9 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 				}
 				return multiErr.Errors[0]
 			}
-			itemsCopied++
 		}
 		if itemsCopied == 0 {
-			return errors.Wrapf(syscall.ENOENT, "no items matching glob %q copied (%d filtered)", localSourceStat.Glob, len(localSourceStat.Globbed))
+			return errors.Wrapf(syscall.ENOENT, "no items matching glob %q copied (%d filtered out)", localSourceStat.Glob, len(localSourceStat.Globbed))
 		}
 	}
 	return nil

vendor/github.com/containers/buildah/buildah.go

@@ -28,7 +28,7 @@ const (
 	Package = "buildah"
 	// Version for the Package.  Bump version in contrib/rpm/buildah.spec
 	// too.
-	Version = "1.16.4"
+	Version = "1.16.5"
 	// The value we use to identify what type of information, currently a
 	// serialized Builder structure, we are using as per-container state.
 	// This should only be changed when we make incompatible changes to

vendor/github.com/containers/buildah/changelog.txt

@@ -1,3 +1,13 @@
+- Changelog for v1.16.5 (2020-10-21)
+  * copier.copierHandlerPut: don't check length when there are errors
+  * CI: run gating tasks with a lot more memory
+  * Run(): ignore containers.conf's environment configuration
+  * bump(github.com/openshift/imagebuilder) to v1.1.8
+  * ADD and COPY: descend into excluded directories, sometimes
+  * copier: add more context to a couple of error messages
+  * copier: check an error earlier
+  * Set directory ownership when copied with ID mapping
+
 - Changelog for v1.16.4 (2020-10-01)
   * ADD: only expand archives at the right time
 

vendor/github.com/containers/buildah/copier/copier.go

@@ -976,20 +976,7 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
 			return errorResponse("copier: get: glob %q: %v", glob, err)
 		}
 		globMatchedCount += len(globMatched)
-		filtered := make([]string, 0, len(globMatched))
-		for _, globbed := range globMatched {
-			rel, excluded, err := pathIsExcluded(req.Root, globbed, pm)
-			if err != nil {
-				return errorResponse("copier: get: checking if %q is excluded: %v", globbed, err)
-			}
-			if rel == "." || !excluded {
-				filtered = append(filtered, globbed)
-			}
-		}
-		if len(filtered) == 0 {
-			return errorResponse("copier: get: glob %q matched nothing (%d filtered out of %v): %v", glob, len(globMatched), globMatched, syscall.ENOENT)
-		}
-		queue = append(queue, filtered...)
+		queue = append(queue, globMatched...)
 	}
 	// no matches -> error
 	if len(queue) == 0 {
@@ -1042,6 +1029,9 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
 				options := req.GetOptions
 				options.ExpandArchives = false
 				walkfn := func(path string, info os.FileInfo, err error) error {
+					if err != nil {
+						return errors.Wrapf(err, "copier: get: error reading %q", path)
+					}
 					// compute the path of this item
 					// relative to the top-level directory,
 					// for the tar header
@@ -1049,9 +1039,6 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
 					if relErr != nil {
 						return errors.Wrapf(relErr, "copier: get: error computing path of %q relative to top directory %q", path, item)
 					}
-					if err != nil {
-						return errors.Wrapf(err, "copier: get: error reading %q", path)
-					}
 					// prefix the original item's name if we're keeping it
 					if relNamePrefix != "" {
 						rel = filepath.Join(relNamePrefix, rel)
@@ -1108,7 +1095,7 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
 			}
 		}
 		if itemsCopied == 0 {
-			return errors.New("copier: get: copied no items")
+			return errors.Wrapf(syscall.ENOENT, "copier: get: copied no items")
 		}
 		return nil
 	}
@@ -1271,6 +1258,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 			return errorResponse("copier: put: error mapping container filesystem owner %d:%d to host filesystem owners: %v", dirUID, dirGID, err)
 		}
 		dirUID, dirGID = hostDirPair.UID, hostDirPair.GID
+		defaultDirUID, defaultDirGID = hostDirPair.UID, hostDirPair.GID
 		if req.PutOptions.ChownFiles != nil {
 			containerFilePair := idtools.IDPair{UID: *fileUID, GID: *fileGID}
 			hostFilePair, err := idMappings.ToHost(containerFilePair)
@@ -1399,7 +1387,9 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 			case tar.TypeReg, tar.TypeRegA:
 				var written int64
 				written, err = createFile(path, tr)
-				if written != hdr.Size {
+				// only check the length if there wasn't an error, which we'll
+				// check along with errors for other types of entries
+				if err == nil && written != hdr.Size {
 					return errors.Errorf("copier: put: error creating %q: incorrect length (%d != %d)", path, written, hdr.Size)
 				}
 			case tar.TypeLink:

vendor/github.com/containers/buildah/go.mod

@@ -24,7 +24,7 @@ require (
 	github.com/opencontainers/runtime-spec v1.0.3-0.20200710190001-3e4195d92445
 	github.com/opencontainers/runtime-tools v0.9.0
 	github.com/opencontainers/selinux v1.6.0
-	github.com/openshift/imagebuilder v1.1.6
+	github.com/openshift/imagebuilder v1.1.8
 	github.com/pkg/errors v0.9.1
 	github.com/seccomp/libseccomp-golang v0.9.2-0.20200616122406-847368b35ebf
 	github.com/sirupsen/logrus v1.6.0

vendor/github.com/containers/buildah/go.sum

@@ -264,8 +264,8 @@ github.com/opencontainers/selinux v1.5.2 h1:F6DgIsjgBIcDksLW4D5RG9bXok6oqZ3nvMwj
 github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.6.0 h1:+bIAS/Za3q5FTwWym4fTB0vObnfCf3G/NC7K6Jx62mY=
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/openshift/imagebuilder v1.1.6 h1:1+YzRxIIefY4QqtCImx6rg+75QrKNfBoPAKxgMo/khM=
-github.com/openshift/imagebuilder v1.1.6/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo=
+github.com/openshift/imagebuilder v1.1.8 h1:gjiIl8pbNj0eC4XWvFJHATdDvYm64p9/pLDLQWoLZPA=
+github.com/openshift/imagebuilder v1.1.8/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=

vendor/github.com/containers/buildah/run_linux.go

@@ -91,11 +91,8 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 		return err
 	}
 
-	defaultContainerConfig, err := config.Default()
-	if err != nil {
-		return errors.Wrapf(err, "failed to get container config")
-	}
-	b.configureEnvironment(g, options, defaultContainerConfig.Containers.Env)
+	// hardwire the environment to match docker build to avoid subtle and hard-to-debug differences due to containers.conf
+	b.configureEnvironment(g, options, []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"})
 
 	if b.CommonBuildOpts == nil {
 		return errors.Errorf("Invalid format on container you must recreate the container")