bump buildah to latest

Also includes a small change to make us of https://github.com/containers/buildah/pull/5039 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-12-02 11:08:36 +08:00 · 2023-09-12 15:30:07 +02:00
parent 18561f26ad
commit 2c2299ad85
155 changed files with 12220 additions and 14157 deletions
--- a/vendor/github.com/containers/buildah/define/build.go
+++ b/vendor/github.com/containers/buildah/define/build.go
@@ -163,6 +163,10 @@ type BuildOptions struct {
 	// It allows end user to export recently built rootfs into a directory or tar.
 	// See the documentation of 'buildah build --output' for the details of the format.
 	BuildOutput string
+	// ConfidentialWorkload controls whether or not, and if so, how, we produce an
+	// image that's meant to be run using krun as a VM instead of a conventional
+	// process-type container.
+	ConfidentialWorkload ConfidentialWorkloadOptions
 	// Additional tags to add to the image that we write, if we know of a
 	// way to add them.
 	AdditionalTags []string
@@ -244,6 +248,8 @@ type BuildOptions struct {
 	Squash bool
 	// Labels metadata for an image
 	Labels []string
+	// LayerLabels metadata for an intermediate image
+	LayerLabels []string
 	// Annotation metadata for an image
 	Annotations []string
 	// OnBuild commands to be run by images based on this image
--- a/vendor/github.com/containers/buildah/define/types.go
+++ b/vendor/github.com/containers/buildah/define/types.go
@@ -47,8 +47,16 @@ const (
 	OCI = "oci"
 	// DOCKER used to define the "docker" image format
 	DOCKER = "docker"
+
+	// SEV is a known trusted execution environment type: AMD-SEV (secure encrypted virtualization using encrypted state, requires epyc 1000 "naples")
+	SEV TeeType = "sev"
+	// SNP is a known trusted execution environment type: AMD-SNP (SEV secure nested pages) (requires epyc 3000 "milan")
+	SNP TeeType = "snp"
 )

+// TeeType is a supported trusted execution environment type.
+type TeeType string
+
 var (
 	// DefaultCapabilities is the list of capabilities which we grant by
 	// default to containers which are running under UID 0.
@@ -105,6 +113,23 @@ type BuildOutputOption struct {
 	IsStdout bool
 }

+// ConfidentialWorkloadOptions encapsulates options which control whether or not
+// we output an image whose rootfs contains a LUKS-compatibly-encrypted disk image
+// instead of the usual rootfs contents.
+type ConfidentialWorkloadOptions struct {
+	Convert                  bool
+	AttestationURL           string
+	CPUs                     int
+	Memory                   int
+	TempDir                  string
+	TeeType                  TeeType
+	IgnoreAttestationErrors  bool
+	WorkloadID               string
+	DiskEncryptionPassphrase string
+	Slop                     string
+	FirmwareLibrary          string
+}
+
 // TempDirForURL checks if the passed-in string looks like a URL or -.  If it is,
 // TempDirForURL creates a temporary directory, arranges for its contents to be
 // the contents of that URL, and returns the temporary directory's path, along