opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-28 09:15:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Vendor in latest containers/buildah

Browse Source 
Pull in changes to pkg/secrets/secrets.go that adds the
logic to disable fips mode if a pod/container has a
label set.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This commit is contained in:
Urvashi Mohnani
2019-11-01 09:37:05 -04:00
parent 69165fa04d
commit 2a149ad90a
21 changed files with 103 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -11,7 +11,7 @@ require (
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect
github.com/containernetworking/cni v0.7.1 github.com/containernetworking/cni v0.7.1
github.com/containernetworking/plugins v0.8.2 github.com/containernetworking/plugins v0.8.2
github.com/containers/buildah v1.11.4-0.20191028173731-21b4778b359e github.com/containers/buildah v1.11.5-0.20191031204705-20e92ffe0982
github.com/containers/image/v5 v5.0.0 github.com/containers/image/v5 v5.0.0
github.com/containers/psgo v1.3.2 github.com/containers/psgo v1.3.2
github.com/containers/storage v1.13.5 github.com/containers/storage v1.13.5

3
go.sum
View File

@ -57,6 +57,8 @@ github.com/containernetworking/plugins v0.8.2 h1:5lnwfsAYO+V7yXhysJKy3E1A2Gy9oVu
github.com/containernetworking/plugins v0.8.2/go.mod h1:TxALKWZpWL79BC3GOYKJzzXr7U8R23PdhwaLp6F3adc= github.com/containernetworking/plugins v0.8.2/go.mod h1:TxALKWZpWL79BC3GOYKJzzXr7U8R23PdhwaLp6F3adc=
github.com/containers/buildah v1.11.4-0.20191028173731-21b4778b359e h1:iDavHEx5Yr7o+0l6495Ya6N0YEPplIUZuWC2e14baDM= github.com/containers/buildah v1.11.4-0.20191028173731-21b4778b359e h1:iDavHEx5Yr7o+0l6495Ya6N0YEPplIUZuWC2e14baDM=
github.com/containers/buildah v1.11.4-0.20191028173731-21b4778b359e/go.mod h1:Igrk75FAxLnzDaHUbtpWB8pwL+Bv+cnakWMvqAXW2v8= github.com/containers/buildah v1.11.4-0.20191028173731-21b4778b359e/go.mod h1:Igrk75FAxLnzDaHUbtpWB8pwL+Bv+cnakWMvqAXW2v8=
github.com/containers/buildah v1.11.5-0.20191031204705-20e92ffe0982 h1:5WUe09k2sJSbmxwLHZLHc41TrIPrP0GlbhX+WDJBqvs=
github.com/containers/buildah v1.11.5-0.20191031204705-20e92ffe0982/go.mod h1:eGWB4tLoo0hIBuytQpvgUC0hk2mvl2ofaYBeDsU/qoc=
github.com/containers/image/v5 v5.0.0 h1:arnXgbt1ucsC/ndtSpiQY87rA0UjhF+/xQnPzqdBDn4= github.com/containers/image/v5 v5.0.0 h1:arnXgbt1ucsC/ndtSpiQY87rA0UjhF+/xQnPzqdBDn4=
github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY=
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE=
@ -283,6 +285,7 @@ github.com/onsi/ginkgo v1.8.0 h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.3 h1:OoxbjfXVZyod1fmWYhI7SEyaD8B00ynP3T+D5GiyHOY= github.com/onsi/ginkgo v1.10.3 h1:OoxbjfXVZyod1fmWYhI7SEyaD8B00ynP3T+D5GiyHOY=
github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=

2
libpod/container_internal_linux.go
View File

@ -1088,7 +1088,7 @@ func (c *Container) makeBindMounts() error {
} }
// Add Secret Mounts // Add Secret Mounts
secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile, c.state.RunDir, c.RootUID(), c.RootGID(), rootless.IsRootless()) secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile, c.state.RunDir, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
for _, mount := range secretMounts { for _, mount := range secretMounts {
if _, ok := c.state.BindMounts[mount.Destination]; !ok { if _, ok := c.state.BindMounts[mount.Destination]; !ok {
c.state.BindMounts[mount.Destination] = mount.Source c.state.BindMounts[mount.Destination] = mount.Source

30
vendor/github.com/containers/buildah/.cirrus.yml generated vendored
View File

@ -29,7 +29,7 @@ env:
#### ####
# Command to prefix every output line with a timestamp # Command to prefix every output line with a timestamp
# (can't do inline awk script, Cirrus-CI or YAML mangles quoting) # (can't do inline awk script, Cirrus-CI or YAML mangles quoting)
_TIMESTAMP: 'awk --file ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk' _TIMESTAMP: 'awk -f ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk'
_DFCMD: 'df -lhTx tmpfs' _DFCMD: 'df -lhTx tmpfs'
_RAUDITCMD: 'cat /var/log/audit/audit.log' _RAUDITCMD: 'cat /var/log/audit/audit.log'
_UAUDITCMD: 'cat /var/log/kern.log' _UAUDITCMD: 'cat /var/log/kern.log'
@ -75,9 +75,37 @@ testing_task:
failure_journal_log_script: '${_JOURNALCMD} || true' failure_journal_log_script: '${_JOURNALCMD} || true'
# This task runs `make vendor` followed by ./hack/tree_status.sh to check
# whether the git tree is clean. The reasoning for that is to make sure
# that the vendor.conf, the code and the vendored packages in ./vendor are
# in sync at all times.
vendor_task:
only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
env:
CIRRUS_WORKING_DIR: "/var/tmp/go/src/github.com/containers/buildah"
GOPATH: "/go"
GOSRC: "/go/src/github.com/containers/buildah"
# Runs within Cirrus's "community cluster"
container:
image: docker.io/library/golang:1.13
cpu: 1
memory: 1
timeout_in: 30m
vendor_script:
- 'cd ${CIRRUS_WORKING_DIR} && make vendor'
- 'cd ${CIRRUS_WORKING_DIR} && ./hack/tree_status.sh'
# Update metadata on VM images referenced by this repository state # Update metadata on VM images referenced by this repository state
meta_task: meta_task:
depends_on:
- "vendor"
container: container:
image: "quay.io/libpod/imgts:latest" # see contrib/imgts image: "quay.io/libpod/imgts:latest" # see contrib/imgts
cpu: 1 cpu: 1

1
vendor/github.com/containers/buildah/.golangci.yml generated vendored
View File

@ -2,7 +2,6 @@
run: run:
build-tags: build-tags:
- apparmor - apparmor
- ostree
- seccomp - seccomp
- selinux - selinux
concurrency: 6 concurrency: 6

1
vendor/github.com/containers/buildah/.papr.sh generated vendored
View File

@ -26,7 +26,6 @@ dnf install -y \
libselinux-utils \ libselinux-utils \
make \ make \
openssl \ openssl \
ostree-devel \
skopeo-containers \ skopeo-containers \
which which

1
vendor/github.com/containers/buildah/.papr.yml generated vendored
View File

@ -68,7 +68,6 @@ packages:
- golang - golang
- libassuan-devel - libassuan-devel
- make - make
- ostree-devel
- skopeo-containers - skopeo-containers
required: false required: false

16
vendor/github.com/containers/buildah/.travis.yml generated vendored
View File

@ -2,8 +2,8 @@ language: go
dist: xenial dist: xenial
sudo: required sudo: required
go: go:
- 1.11.x
- 1.12.x - 1.12.x
- 1.13.x
- tip - tip
go_import_path: github.com/containers/buildah go_import_path: github.com/containers/buildah
@ -40,9 +40,6 @@ matrix:
services: services:
- docker - docker
before_install: before_install:
- make vendor
- ./hack/tree_status.sh
- sudo apt-get update
- sudo apt-get -qq install software-properties-common - sudo apt-get -qq install software-properties-common
- sudo add-apt-repository -y ppa:duggan/bats - sudo add-apt-repository -y ppa:duggan/bats
- sudo apt-get update - sudo apt-get update
@ -51,15 +48,6 @@ before_install:
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
- mkdir /home/travis/auth - mkdir /home/travis/auth
- sudo mkdir -p /var/lib/containers/storage/overlay - sudo mkdir -p /var/lib/containers/storage/overlay
- >
OSTREE_VERSION=v2019.2;
git clone https://github.com/ostreedev/ostree &&
pushd ostree &&
git checkout $OSTREE_VERSION &&
./autogen.sh --prefix=/usr &&
sudo make -j4 install &&
popd &&
sudo rm -rf ostree
install: install:
# Let's create a self signed certificate and get it in the right places # Let's create a self signed certificate and get it in the right places
- hostname - hostname
@ -98,7 +86,7 @@ script:
# Setting up Docker Registry is complete, let's do Buildah testing! # Setting up Docker Registry is complete, let's do Buildah testing!
- make install.tools -j4 - make install.tools -j4
- make install.libseccomp.sudo all runc validate lint SECURITYTAGS="apparmor seccomp" - make install.libseccomp.sudo all runc validate lint SECURITYTAGS="apparmor seccomp"
- go test -c -tags "apparmor seccomp `./btrfs_tag.sh` `./libdm_tag.sh` `./ostree_tag.sh` `./selinux_tag.sh`" ./cmd/buildah - go test -c -tags "apparmor seccomp `./btrfs_tag.sh` `./libdm_tag.sh` `./selinux_tag.sh`" ./cmd/buildah
- tmp=`mktemp -d`; mkdir $tmp/root $tmp/runroot; sudo PATH="$PATH" ./buildah.test -test.v --root $tmp/root --runroot $tmp/runroot --storage-driver vfs --signature-policy `pwd`/tests/policy.json --registries-conf `pwd`/tests/registries.conf - tmp=`mktemp -d`; mkdir $tmp/root $tmp/runroot; sudo PATH="$PATH" ./buildah.test -test.v --root $tmp/root --runroot $tmp/runroot --storage-driver vfs --signature-policy `pwd`/tests/policy.json --registries-conf `pwd`/tests/registries.conf
- cd tests; sudo PATH="$PATH" ./test_runner.sh - cd tests; sudo PATH="$PATH" ./test_runner.sh
- cd .. - cd ..

22
vendor/github.com/containers/buildah/CHANGELOG.md generated vendored
View File

@ -2,6 +2,28 @@
# Changelog # Changelog
## v1.11.4 (2019-10-28)
buildah: add a "manifest" command
manifests: add the module
pkg/supplemented: add a package for grouping images together
pkg/manifests: add a manifest list build/manipulation API
Update for ErrUnauthorizedForCredentials API change in containers/image
Update for manifest-lists API changes in containers/image
version: also note the version of containers/image
Move to containers/image v5.0.0
Enable --device directory as src device
Fix git build with branch specified
Bump github.com/openshift/imagebuilder from 1.1.0 to 1.1.1
Bump github.com/fsouza/go-dockerclient from 1.4.4 to 1.5.0
Add clarification to the Tutorial for new users
Silence "using cache" to ensure -q is fully quiet
Add OWNERS File to Buildah
Bump github.com/containers/storage from 1.13.4 to 1.13.5
Move runtime flag to bud from common
Commit: check for storage.ErrImageUnknown using errors.Cause()
Fix crash when invalid COPY --from flag is specified.
Bump back to v1.12.0-dev
## v1.11.3 (2019-10-04) ## v1.11.3 (2019-10-04)
Update c/image to v4.0.1 Update c/image to v4.0.1
Bump github.com/spf13/pflag from 1.0.3 to 1.0.5 Bump github.com/spf13/pflag from 1.0.3 to 1.0.5

7
vendor/github.com/containers/buildah/Makefile generated vendored
View File

@ -2,7 +2,7 @@ export GOPROXY=https://proxy.golang.org
SELINUXTAG := $(shell ./selinux_tag.sh) SELINUXTAG := $(shell ./selinux_tag.sh)
APPARMORTAG := $(shell hack/apparmor_tag.sh) APPARMORTAG := $(shell hack/apparmor_tag.sh)
STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./libdm_tag.sh) $(shell ./ostree_tag.sh) STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./libdm_tag.sh)
SECURITYTAGS ?= seccomp $(SELINUXTAG) $(APPARMORTAG) SECURITYTAGS ?= seccomp $(SELINUXTAG) $(APPARMORTAG)
TAGS ?= $(SECURITYTAGS) $(STORAGETAGS) TAGS ?= $(SECURITYTAGS) $(STORAGETAGS)
BUILDTAGS += $(TAGS) BUILDTAGS += $(TAGS)
@ -24,7 +24,7 @@ endif
GIT_COMMIT ?= $(if $(shell git rev-parse --short HEAD),$(shell git rev-parse --short HEAD),$(error "git failed")) GIT_COMMIT ?= $(if $(shell git rev-parse --short HEAD),$(shell git rev-parse --short HEAD),$(error "git failed"))
SOURCE_DATE_EPOCH ?= $(if $(shell date +%s),$(shell date +%s),$(error "date failed")) SOURCE_DATE_EPOCH ?= $(if $(shell date +%s),$(shell date +%s),$(error "date failed"))
STATIC_STORAGETAGS = "containers_image_ostree_stub containers_image_openpgp exclude_graphdriver_devicemapper $(STORAGE_TAGS)" STATIC_STORAGETAGS = "containers_image_openpgp exclude_graphdriver_devicemapper $(STORAGE_TAGS)"
CNI_COMMIT := $(shell sed -n 's;\tgithub.com/containernetworking/cni \([^ \n]*\).*$\;\1;p' go.mod) CNI_COMMIT := $(shell sed -n 's;\tgithub.com/containernetworking/cni \([^ \n]*\).*$\;\1;p' go.mod)
#RUNC_COMMIT := $(shell sed -n 's;\tgithub.com/opencontainers/runc \([^ \n]*\).*$\;\1;p' go.mod) #RUNC_COMMIT := $(shell sed -n 's;\tgithub.com/opencontainers/runc \([^ \n]*\).*$\;\1;p' go.mod)
@ -130,6 +130,9 @@ test-unit: tests/testreport/testreport
mkdir -p $$tmp/root $$tmp/runroot; \ mkdir -p $$tmp/root $$tmp/runroot; \
$(GO) test -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" ./cmd/buildah -args -root $$tmp/root -runroot $$tmp/runroot -storage-driver vfs -signature-policy $(shell pwd)/tests/policy.json -registries-conf $(shell pwd)/tests/registries.conf $(GO) test -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" ./cmd/buildah -args -root $$tmp/root -runroot $$tmp/runroot -storage-driver vfs -signature-policy $(shell pwd)/tests/policy.json -registries-conf $(shell pwd)/tests/registries.conf
vendor-in-container:
podman run --privileged --rm --env HOME=/root -v `pwd`:/src -w /src docker.io/library/golang:1.13 make vendor
.PHONY: vendor .PHONY: vendor
vendor: vendor:
export GO111MODULE=on \ export GO111MODULE=on \

2
vendor/github.com/containers/buildah/buildah.go generated vendored
View File

@ -27,7 +27,7 @@ const (
Package = "buildah" Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec // Version for the Package. Bump version in contrib/rpm/buildah.spec
// too. // too.
Version = "1.11.4" Version = "1.12.0-dev"
// The value we use to identify what type of information, currently a // The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state. // serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to // This should only be changed when we make incompatible changes to

2
vendor/github.com/containers/buildah/go.mod generated vendored
View File

@ -21,7 +21,7 @@ require (
github.com/ishidawataru/sctp v0.0.0-20180918013207-6e2cb1366111 // indirect github.com/ishidawataru/sctp v0.0.0-20180918013207-6e2cb1366111 // indirect
github.com/mattn/go-shellwords v1.0.6 github.com/mattn/go-shellwords v1.0.6
github.com/morikuni/aec v1.0.0 // indirect github.com/morikuni/aec v1.0.0 // indirect
github.com/onsi/ginkgo v1.10.1 github.com/onsi/ginkgo v1.10.2
github.com/onsi/gomega v1.7.0 github.com/onsi/gomega v1.7.0
github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/go-digest v1.0.0-rc1
github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6

2
vendor/github.com/containers/buildah/go.sum generated vendored
View File

@ -212,6 +212,8 @@ github.com/onsi/ginkgo v1.8.0 h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.2 h1:uqH7bpe+ERSiDa34FDOF7RikN6RzXgduUF8yarlZp94=
github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo= github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo=
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=

15
vendor/github.com/containers/buildah/install.md generated vendored
View File

@ -139,7 +139,6 @@ Prior to installing Buildah, install the following packages on your Linux distro
* glib2-devel * glib2-devel
* libassuan-devel * libassuan-devel
* libseccomp-devel * libseccomp-devel
* ostree-devel
* runc (Requires version 1.0 RC4 or higher.) * runc (Requires version 1.0 RC4 or higher.)
* containers-common * containers-common
@ -158,7 +157,6 @@ In Fedora, you can use this command:
gpgme-devel \ gpgme-devel \
libassuan-devel \ libassuan-devel \
libseccomp-devel \ libseccomp-devel \
ostree-devel \
git \ git \
bzip2 \ bzip2 \
go-md2man \ go-md2man \
@ -196,7 +194,6 @@ run this command:
gpgme-devel \ gpgme-devel \
libassuan-devel \ libassuan-devel \
libseccomp-devel \ libseccomp-devel \
ostree-devel \
git \ git \
bzip2 \ bzip2 \
go-md2man \ go-md2man \
@ -241,7 +238,7 @@ In Ubuntu zesty and xenial, you can use these commands:
add-apt-repository -y ppa:gophers/archive add-apt-repository -y ppa:gophers/archive
apt-add-repository -y ppa:projectatomic/ppa apt-add-repository -y ppa:projectatomic/ppa
apt-get -y -qq update apt-get -y -qq update
apt-get -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libostree-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man apt-get -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man
apt-get -y install golang-1.10 apt-get -y install golang-1.10
``` ```
Then to install Buildah on Ubuntu follow the steps in this example: Then to install Buildah on Ubuntu follow the steps in this example:
@ -266,7 +263,7 @@ gpg --recv-keys 0x018BA5AD9DF57A4448F0E6CF8BECF1637AD8C79D
gpg --export 0x018BA5AD9DF57A4448F0E6CF8BECF1637AD8C79D >> /usr/share/keyrings/projectatomic-ppa.gpg gpg --export 0x018BA5AD9DF57A4448F0E6CF8BECF1637AD8C79D >> /usr/share/keyrings/projectatomic-ppa.gpg
echo 'deb [signed-by=/usr/share/keyrings/projectatomic-ppa.gpg] http://ppa.launchpad.net/projectatomic/ppa/ubuntu zesty main' > /etc/apt/sources.list.d/projectatomic-ppa.list echo 'deb [signed-by=/usr/share/keyrings/projectatomic-ppa.gpg] http://ppa.launchpad.net/projectatomic/ppa/ubuntu zesty main' > /etc/apt/sources.list.d/projectatomic-ppa.list
apt update apt update
apt -y install -t stretch-backports libostree-dev golang apt -y install -t stretch-backports golang
apt -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man apt -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man
``` ```
@ -274,7 +271,7 @@ The build steps on Debian are otherwise the same as Ubuntu, above.
## Vendoring - Dependency Management ## Vendoring - Dependency Management
This project is using [go modules](https://github.com/golang/go/wiki/Modules) for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run `make vendor` to synchronize the code with the go module and repopulate the `./vendor` directory. This project is using [go modules](https://github.com/golang/go/wiki/Modules) for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run `make vendor-in-container` to synchronize the code with the go module and repopulate the `./vendor` directory.
## Configuration files ## Configuration files
@ -381,7 +378,7 @@ Buildah uses Go Modules for vendoring purposes. If you need to update or add a
* Enter into your sandbox `src/github.com/containers/buildah` and ensure that the GOPATH variable is set to the directory prior as noted above. * Enter into your sandbox `src/github.com/containers/buildah` and ensure that the GOPATH variable is set to the directory prior as noted above.
* `export GO111MODULE=on` * `export GO111MODULE=on`
* Assuming you want to 'bump' the `github.com/containers/storage` package to version 1.12.13, use this command: `go get github.com/containers/storage@v1.12.13` * Assuming you want to 'bump' the `github.com/containers/storage` package to version 1.12.13, use this command: `go get github.com/containers/storage@v1.12.13`
* `make vendor` * `make vendor-in-container`
* `make` * `make`
* `make install` * `make install`
* Then add any updated or added files with `git add` then do a `git commit` and create a PR. * Then add any updated or added files with `git add` then do a `git commit` and create a PR.
@ -391,10 +388,10 @@ Buildah uses Go Modules for vendoring purposes. If you need to update or add a
If you wish to vendor in your personal fork to try changes out (assuming containers/storage in the below example): If you wish to vendor in your personal fork to try changes out (assuming containers/storage in the below example):
* `go mod edit -replace github.com/containers/storage=github.com/{mygithub_username}/storage@YOUR_BRANCH` * `go mod edit -replace github.com/containers/storage=github.com/{mygithub_username}/storage@YOUR_BRANCH`
* `make vendor` * `make vendor-in-container`
To revert To revert
* `go mod edit -dropreplace github.com/containers/storage` * `go mod edit -dropreplace github.com/containers/storage`
* `make vendor` * `make vendor-in-container`
To speed up fetching dependencies, you can use a [Go Module Proxy](https://proxy.golang.org) by setting `GOPROXY=https://proxy.golang.org`. To speed up fetching dependencies, you can use a [Go Module Proxy](https://proxy.golang.org) by setting `GOPROXY=https://proxy.golang.org`.

6
vendor/github.com/containers/buildah/ostree_tag.sh generated vendored
View File

@ -1,6 +0,0 @@
#!/usr/bin/env bash
if pkg-config ostree-1 2> /dev/null ; then
echo containers_image_ostree
else
echo containers_image_ostree_stub
fi

5
vendor/github.com/containers/buildah/pkg/cli/common.go generated vendored
View File

@ -7,7 +7,6 @@ package cli
import ( import (
"fmt" "fmt"
"os" "os"
"path/filepath"
"runtime" "runtime"
"strings" "strings"
@ -270,9 +269,5 @@ func GetDefaultAuthFile() string {
if authfile != "" { if authfile != "" {
return authfile return authfile
} }
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
if runtimeDir != "" {
return filepath.Join(runtimeDir, "containers/auth.json")
}
return "" return ""
} }

10
vendor/github.com/containers/buildah/pkg/secrets/secrets.go generated vendored
View File

@ -148,12 +148,12 @@ func getMountsMap(path string) (string, string, error) {
} }
// SecretMounts copies, adds, and mounts the secrets to the container root filesystem // SecretMounts copies, adds, and mounts the secrets to the container root filesystem
func SecretMounts(mountLabel, containerWorkingDir, mountFile string, rootless bool) []rspec.Mount { func SecretMounts(mountLabel, containerWorkingDir, mountFile string, rootless, disableFips bool) []rspec.Mount {
return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0, rootless) return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0, rootless, disableFips)
} }
// SecretMountsWithUIDGID specifies the uid/gid of the owner // SecretMountsWithUIDGID specifies the uid/gid of the owner
func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int, rootless bool) []rspec.Mount { func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int, rootless, disableFips bool) []rspec.Mount {
var ( var (
secretMounts []rspec.Mount secretMounts []rspec.Mount
mountFiles []string mountFiles []string
@ -180,6 +180,10 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
} }
} }
// Only add FIPS secret mount if disableFips=false
if disableFips {
return secretMounts
}
// Add FIPS mode secret if /etc/system-fips exists on the host // Add FIPS mode secret if /etc/system-fips exists on the host
_, err := os.Stat("/etc/system-fips") _, err := os.Stat("/etc/system-fips")
if err == nil { if err == nil {

2
vendor/github.com/containers/buildah/run_linux.go generated vendored
View File

@ -460,7 +460,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st
} }
// Get the list of secrets mounts. // Get the list of secrets mounts.
secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, cdir, int(rootUID), int(rootGID), unshare.IsRootless()) secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, cdir, int(rootUID), int(rootGID), unshare.IsRootless(), false)
// Add temporary copies of the contents of volume locations at the // Add temporary copies of the contents of volume locations at the
// volume locations, unless we already have something there. // volume locations, unless we already have something there.

6
vendor/github.com/containers/buildah/troubleshooting.md generated vendored
View File

@ -82,9 +82,9 @@ the command with single quotes and use `bash -c`. The previous examples would b
changed to: changed to:
```console ```console
# buildah run bash -c '$whalecontainer /usr/games/fortune -a | cowsay' # buildah run $whalecontainer bash -c '/usr/games/fortune -a | cowsay'
# buildah run bash -c '$newcontainer echo "daemon off;" >> /etc/nginx/nginx.conf' # buildah run $newcontainer bash -c 'echo "daemon off;" >> /etc/nginx/nginx.conf'
# buildah run bash -c '$newcontainer echo "nginx on Fedora" > /usr/share/nginx/html/index.html' # buildah run $newcontainer bash -c 'echo "nginx on Fedora" > /usr/share/nginx/html/index.html'
``` ```
--- ---

28
vendor/github.com/containers/buildah/util.go generated vendored
View File

@ -248,28 +248,36 @@ func (b *Builder) copyWithTar(tarIDMappingOptions *IDMappingOptions, chownOpts *
// location into our working container, mapping permissions using the // location into our working container, mapping permissions using the
// container's ID maps, possibly overridden using the passed-in chownOpts // container's ID maps, possibly overridden using the passed-in chownOpts
func (b *Builder) untarPath(chownOpts *idtools.IDPair, hasher io.Writer, dryRun bool) func(src, dest string) error { func (b *Builder) untarPath(chownOpts *idtools.IDPair, hasher io.Writer, dryRun bool) func(src, dest string) error {
if hasher != nil && b.ContentDigester.Hash() != nil {
hasher = io.MultiWriter(hasher, b.ContentDigester.Hash())
}
if hasher == nil {
hasher = b.ContentDigester.Hash()
}
convertedUIDMap, convertedGIDMap := convertRuntimeIDMaps(b.IDMappingOptions.UIDMap, b.IDMappingOptions.GIDMap) convertedUIDMap, convertedGIDMap := convertRuntimeIDMaps(b.IDMappingOptions.UIDMap, b.IDMappingOptions.GIDMap)
if dryRun { if dryRun {
return func(src, dest string) error { return func(src, dest string) error {
if hasher == nil { thisHasher := hasher
hasher = ioutil.Discard if thisHasher != nil && b.ContentDigester.Hash() != nil {
thisHasher = io.MultiWriter(thisHasher, b.ContentDigester.Hash())
}
if thisHasher == nil {
thisHasher = b.ContentDigester.Hash()
} }
f, err := os.Open(src) f, err := os.Open(src)
if err != nil { if err != nil {
return errors.Wrapf(err, "error opening %q", src) return errors.Wrapf(err, "error opening %q", src)
} }
defer f.Close() defer f.Close()
_, err = io.Copy(hasher, f) _, err = io.Copy(thisHasher, f)
return err return err
} }
} }
return chrootarchive.UntarPathAndChown(chownOpts, hasher, convertedUIDMap, convertedGIDMap) return func(src, dest string) error {
thisHasher := hasher
if thisHasher != nil && b.ContentDigester.Hash() != nil {
thisHasher = io.MultiWriter(thisHasher, b.ContentDigester.Hash())
}
if thisHasher == nil {
thisHasher = b.ContentDigester.Hash()
}
untarPathAndChown := chrootarchive.UntarPathAndChown(chownOpts, thisHasher, convertedUIDMap, convertedGIDMap)
return untarPathAndChown(src, dest)
}
} }
// tarPath returns a function which creates an archive of a specified location, // tarPath returns a function which creates an archive of a specified location,

2
vendor/modules.txt vendored
View File

@ -55,7 +55,7 @@ github.com/containernetworking/plugins/pkg/ip
github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator
github.com/containernetworking/plugins/pkg/utils/hwaddr github.com/containernetworking/plugins/pkg/utils/hwaddr
github.com/containernetworking/plugins/plugins/ipam/host-local/backend github.com/containernetworking/plugins/plugins/ipam/host-local/backend
# github.com/containers/buildah v1.11.4-0.20191028173731-21b4778b359e # github.com/containers/buildah v1.11.5-0.20191031204705-20e92ffe0982
github.com/containers/buildah github.com/containers/buildah
github.com/containers/buildah/imagebuildah github.com/containers/buildah/imagebuildah
github.com/containers/buildah/pkg/chrootuser github.com/containers/buildah/pkg/chrootuser