Vendor in latest projectatomic/buildah

Buildah

Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link
Print out a digest message on successful push.
We should not drop the Bounding set when running as a non priv user in podman build

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1483
Approved by: rhatdan

vendor.conf

@@ -90,7 +90,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/
 k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils
 github.com/mrunalp/fileutils master
 github.com/varlink/go master
-github.com/projectatomic/buildah 9c8c58c33b0b6e15f2fa780042ef46552a8a26d4
+github.com/projectatomic/buildah af5bbde0180026ae87b7fc81c2dc124aa73ec959
 github.com/Nvveen/Gotty master
 github.com/fsouza/go-dockerclient master
 github.com/openshift/imagebuilder master

vendor/github.com/projectatomic/buildah/README.md

@@ -15,6 +15,8 @@ The Buildah package provides a command line tool that can be used to
 * delete a working container or an image
 * rename a local container
 
+## Buildah Information for Developers
+
 **[Buildah Demos](demos)**
 
 **[Changelog](CHANGELOG.md)**
@@ -29,6 +31,38 @@ The Buildah package provides a command line tool that can be used to
 
 **[Tutorials](docs/tutorials)**
 
+## Buildah and Podman relationship
+
+Buildah and Podman are two complementary Open-source projects that are available on
+most Linux platforms and both projects reside at [GitHub.com](https://github.com)
+with Buildah [here](https://github.com/projectatomic/buildah) and
+Podman [here](https://github.com/containers/libpod).  Both Buildah and Podman are
+command line tools that work on OCI images and containers.  The two projects
+differentiate in their specialization.
+
+Buildah specializes in building OCI images.  Buildah's commands replicate all
+of the commands that are found in a Dockerfile. Buildah’s goal is also to
+provide a lower level coreutils interface to build images, allowing people to build
+containers without requiring a Dockerfile.  The intent with Buildah is to allow other
+scripting languages to build container images, without requiring a daemon.
+
+Podman specializes in all of the commands and functions that help you to maintain and modify
+OCI images, such as pulling and tagging.  It also allows you to create, run, and maintain those containers
+created from those images.
+
+A major difference between Podman and Buildah is their concept of a container.  Podman
+allows users to create "traditional containers" where the intent of these containers is
+to be long lived.  While Buildah containers are really just created to allow content
+to be added back to the container image.   An easy way to think of it is the
+`buildah run` command emulates the RUN command in a Dockerfile while the `podman run`
+command emulates the `docker run` command in functionality.  Because of this and their underlying
+storage differences, you can not see Podman containers from within Buildah or vice versa.
+
+In short Buildah is an efficient way to create OCI images  while Podman allows
+you to manage and maintain those images and containers in a production environment using
+familiar container cli commands.  For more details, see the 
+[Container Tools Guide](https://github.com/projectatomic/buildah/tree/master/docs/containertools).
+
 ## Example
 
 From [`./examples/lighttpd.sh`](examples/lighttpd.sh):

vendor/github.com/projectatomic/buildah/add.go

@@ -168,9 +168,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 			return errors.Wrapf(syscall.ENOENT, "no files found matching %q", src)
 		}
 		for _, gsrc := range glob {
-			srcfi, err := os.Stat(gsrc)
+			esrc, err := filepath.EvalSymlinks(gsrc)
 			if err != nil {
-				return errors.Wrapf(err, "error reading %q", gsrc)
+				return errors.Wrapf(err, "error evaluating symlinks %q", gsrc)
+			}
+			srcfi, err := os.Stat(esrc)
+			if err != nil {
+				return errors.Wrapf(err, "error reading %q", esrc)
 			}
 			if srcfi.IsDir() {
 				// The source is a directory, so copy the contents of
@@ -180,13 +184,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 				if err = idtools.MkdirAllAndChownNew(dest, 0755, hostOwner); err != nil {
 					return err
 				}
-				logrus.Debugf("copying %q to %q", gsrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*")
-				if err := copyWithTar(gsrc, dest); err != nil {
-					return errors.Wrapf(err, "error copying %q to %q", gsrc, dest)
+				logrus.Debugf("copying %q to %q", esrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*")
+				if err := copyWithTar(esrc, dest); err != nil {
+					return errors.Wrapf(err, "error copying %q to %q", esrc, dest)
 				}
 				continue
 			}
-			if !extract || !archive.IsArchivePath(gsrc) {
+			if !extract || !archive.IsArchivePath(esrc) {
 				// This source is a file, and either it's not an
 				// archive, or we don't care whether or not it's an
 				// archive.
@@ -195,16 +199,16 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 					d = filepath.Join(dest, filepath.Base(gsrc))
 				}
 				// Copy the file, preserving attributes.
-				logrus.Debugf("copying %q to %q", gsrc, d)
-				if err := copyFileWithTar(gsrc, d); err != nil {
-					return errors.Wrapf(err, "error copying %q to %q", gsrc, d)
+				logrus.Debugf("copying %q to %q", esrc, d)
+				if err := copyFileWithTar(esrc, d); err != nil {
+					return errors.Wrapf(err, "error copying %q to %q", esrc, d)
 				}
 				continue
 			}
 			// We're extracting an archive into the destination directory.
-			logrus.Debugf("extracting contents of %q into %q", gsrc, dest)
-			if err := untarPath(gsrc, dest); err != nil {
-				return errors.Wrapf(err, "error extracting %q into %q", gsrc, dest)
+			logrus.Debugf("extracting contents of %q into %q", esrc, dest)
+			if err := untarPath(esrc, dest); err != nil {
+				return errors.Wrapf(err, "error extracting %q into %q", esrc, dest)
 			}
 		}
 	}

vendor/github.com/projectatomic/buildah/chroot/run.go

@@ -1075,11 +1075,14 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 			// The target isn't there yet, so create it, and make a
 			// note to remove it later.
 			if srcinfo.IsDir() {
-				if err = os.Mkdir(target, 0111); err != nil {
+				if err = os.MkdirAll(target, 0111); err != nil {
 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
 				}
 				removes = append(removes, target)
 			} else {
+				if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
+					return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target))
+				}
 				var file *os.File
 				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil {
 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)

vendor/github.com/projectatomic/buildah/commit.go

@@ -171,7 +171,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options
 		return errors.Wrapf(err, "error creating new signature policy context")
 	}
 	// Look up the image.
-	src, _, err := util.FindImage(options.Store, "", systemContext, image)
+	src, img, err := util.FindImage(options.Store, "", systemContext, image)
 	if err != nil {
 		return err
 	}
@@ -181,7 +181,9 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options
 		return errors.Wrapf(err, "error copying layers and metadata")
 	}
 	if options.ReportWriter != nil {
-		fmt.Fprintf(options.ReportWriter, "\n")
+		fmt.Fprintf(options.ReportWriter, "")
 	}
+	digest := "@" + img.Digest.Hex()
+	fmt.Printf("Successfully pushed %s%s\n", dest.StringWithinTransport(), digest)
 	return nil
 }

vendor/github.com/projectatomic/buildah/new.go

@@ -12,6 +12,7 @@ import (
 	"github.com/containers/image/transports/alltransports"
 	"github.com/containers/image/types"
 	"github.com/containers/storage"
+	multierror "github.com/hashicorp/go-multierror"
 	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/openshift/imagebuilder"
@@ -144,6 +145,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
 	if err != nil {
 		return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage)
 	}
+	var pullErrors *multierror.Error
 	for _, image := range images {
 		var err error
 		if len(image) >= minimumTruncatedIDLength {
@@ -158,6 +160,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
 		if options.PullPolicy == PullAlways {
 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext)
 			if err != nil {
+				pullErrors = multierror.Append(pullErrors, err)
 				logrus.Debugf("unable to pull and read image %q: %v", image, err)
 				continue
 			}
@@ -169,6 +172,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
 		srcRef, err := alltransports.ParseImageName(image)
 		if err != nil {
 			if options.Transport == "" {
+				pullErrors = multierror.Append(pullErrors, err)
 				logrus.Debugf("error parsing image name %q: %v", image, err)
 				continue
 			}
@@ -178,6 +182,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
 			}
 			srcRef2, err := alltransports.ParseImageName(transport + image)
 			if err != nil {
+				pullErrors = multierror.Append(pullErrors, err)
 				logrus.Debugf("error parsing image name %q: %v", image, err)
 				continue
 			}
@@ -199,11 +204,13 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
 		img, err = is.Transport.GetStoreImage(store, ref)
 		if err != nil {
 			if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy != PullIfMissing {
+				pullErrors = multierror.Append(pullErrors, err)
 				logrus.Debugf("no such image %q: %v", transports.ImageName(ref), err)
 				continue
 			}
 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext)
 			if err != nil {
+				pullErrors = multierror.Append(pullErrors, err)
 				logrus.Debugf("unable to pull and read image %q: %v", image, err)
 				continue
 			}
@@ -212,6 +219,11 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
 		}
 		break
 	}
+
+	if img == nil && pullErrors != nil {
+		return nil, nil, pullErrors
+	}
+
 	return ref, img, nil
 }
 
@@ -262,26 +274,23 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
 	if options.Container != "" {
 		name = options.Container
 	} else {
-		var err2 error
 		if image != "" {
 			name = imageNamePrefix(image) + "-" + name
 		}
-		suffix := 1
-		tmpName := name
-		for errors.Cause(err2) != storage.ErrContainerUnknown {
-			_, err2 = store.Container(tmpName)
-			if err2 == nil {
-				suffix++
-				tmpName = fmt.Sprintf("%s-%d", name, suffix)
-			}
-		}
-		name = tmpName
 	}
 
 	coptions := storage.ContainerOptions{}
 	coptions.IDMappingOptions = newContainerIDMappingOptions(options.IDMappingOptions)
 
 	container, err := store.CreateContainer("", []string{name}, imageID, "", "", &coptions)
+	suffix := 1
+	for err != nil && errors.Cause(err) == storage.ErrDuplicateName && options.Container == "" {
+		suffix++
+		tmpName := fmt.Sprintf("%s-%d", name, suffix)
+		if container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions); err == nil {
+			name = tmpName
+		}
+	}
 	if err != nil {
 		return nil, errors.Wrapf(err, "error creating container")
 	}

vendor/github.com/projectatomic/buildah/pull.go

@@ -190,8 +190,8 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio
 	}()
 
 	logrus.Debugf("copying %q to %q", spec, destName)
-	err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, ""))
-	if err == nil {
+	pullError := cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, ""))
+	if pullError == nil {
 		return destRef, nil
 	}
 
@@ -206,9 +206,9 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio
 		return nil, err
 	}
 	if !hasRegistryInName && len(searchRegistries) == 0 {
-		return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s.", registryPath)
+		return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s: %s", registryPath, pullError)
 	}
-	return nil, errors.Errorf("unable to find image in the registries defined in %q", registryPath)
+	return nil, pullError
 }
 
 // getImageDigest creates an image object and uses the hex value of the digest as the image ID

vendor/github.com/projectatomic/buildah/run.go

@@ -868,9 +868,11 @@ func (b *Builder) configureUIDGID(g *generate.Generator, mountPoint string, opti
 		g.AddProcessAdditionalGid(gid)
 	}
 
-	// Remove capabilities if not running as root
+	// Remove capabilities if not running as root except Bounding set
 	if user.UID != 0 {
+		bounding := g.Config.Process.Capabilities.Bounding
 		g.ClearProcessCapabilities()
+		g.Config.Process.Capabilities.Bounding = bounding
 	}
 
 	return nil

vendor/github.com/projectatomic/buildah/vendor.conf

@@ -4,8 +4,8 @@ github.com/BurntSushi/toml master
 github.com/containerd/continuity master
 github.com/containernetworking/cni v0.7.0-alpha1
 github.com/seccomp/containers-golang master
-github.com/containers/image 5df44e095ed826fbe2beeaabb329c749d7d6c3b6
-github.com/containers/storage 9fcbb57eb6c732e7b67003bb8ed861f169d33d63
+github.com/containers/image d8b5cf2b804a48489e5203d51254ef576794049d
+github.com/containers/storage 243c4cd616afdf06b4a975f18c4db083d26b1641
 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
 github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1
@@ -42,7 +42,7 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460
 github.com/pborman/uuid master
 github.com/pkg/errors master
 github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac
-github.com/containers/libpod d20f3a51463ce75d139dd830e19a173906b0b0cb
+github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75
 github.com/sirupsen/logrus master
 github.com/syndtr/gocapability master
 github.com/tchap/go-patricia master