mirror of
				https://github.com/containers/podman.git
				synced 2025-10-25 10:16:43 +08:00 
			
		
		
		
	Vendor in latest projectatomic/buildah
Buildah Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link Print out a digest message on successful push. We should not drop the Bounding set when running as a non priv user in podman build Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1483 Approved by: rhatdan
This commit is contained in:
		 Daniel J Walsh
					Daniel J Walsh
				
			
				
					committed by
					
						 Atomic Bot
						Atomic Bot
					
				
			
			
				
	
			
			
			 Atomic Bot
						Atomic Bot
					
				
			
						parent
						
							70189f0223
						
					
				
				
					commit
					5e4f7e915e
				
			| @ -90,7 +90,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/ | ||||
| k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils | ||||
| github.com/mrunalp/fileutils master | ||||
| github.com/varlink/go master | ||||
| github.com/projectatomic/buildah 9c8c58c33b0b6e15f2fa780042ef46552a8a26d4 | ||||
| github.com/projectatomic/buildah af5bbde0180026ae87b7fc81c2dc124aa73ec959 | ||||
| github.com/Nvveen/Gotty master | ||||
| github.com/fsouza/go-dockerclient master | ||||
| github.com/openshift/imagebuilder master | ||||
|  | ||||
							
								
								
									
										34
									
								
								vendor/github.com/projectatomic/buildah/README.md
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										34
									
								
								vendor/github.com/projectatomic/buildah/README.md
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -15,6 +15,8 @@ The Buildah package provides a command line tool that can be used to | ||||
| * delete a working container or an image | ||||
| * rename a local container | ||||
|  | ||||
| ## Buildah Information for Developers | ||||
|  | ||||
| **[Buildah Demos](demos)** | ||||
|  | ||||
| **[Changelog](CHANGELOG.md)** | ||||
| @ -29,6 +31,38 @@ The Buildah package provides a command line tool that can be used to | ||||
|  | ||||
| **[Tutorials](docs/tutorials)** | ||||
|  | ||||
| ## Buildah and Podman relationship | ||||
|  | ||||
| Buildah and Podman are two complementary Open-source projects that are available on | ||||
| most Linux platforms and both projects reside at [GitHub.com](https://github.com) | ||||
| with Buildah [here](https://github.com/projectatomic/buildah) and | ||||
| Podman [here](https://github.com/containers/libpod).  Both Buildah and Podman are | ||||
| command line tools that work on OCI images and containers.  The two projects | ||||
| differentiate in their specialization. | ||||
|  | ||||
| Buildah specializes in building OCI images.  Buildah's commands replicate all | ||||
| of the commands that are found in a Dockerfile. Buildah’s goal is also to | ||||
| provide a lower level coreutils interface to build images, allowing people to build | ||||
| containers without requiring a Dockerfile.  The intent with Buildah is to allow other | ||||
| scripting languages to build container images, without requiring a daemon. | ||||
|  | ||||
| Podman specializes in all of the commands and functions that help you to maintain and modify | ||||
| OCI images, such as pulling and tagging.  It also allows you to create, run, and maintain those containers | ||||
| created from those images. | ||||
|  | ||||
| A major difference between Podman and Buildah is their concept of a container.  Podman | ||||
| allows users to create "traditional containers" where the intent of these containers is | ||||
| to be long lived.  While Buildah containers are really just created to allow content | ||||
| to be added back to the container image.   An easy way to think of it is the | ||||
| `buildah run` command emulates the RUN command in a Dockerfile while the `podman run` | ||||
| command emulates the `docker run` command in functionality.  Because of this and their underlying | ||||
| storage differences, you can not see Podman containers from within Buildah or vice versa. | ||||
|  | ||||
| In short Buildah is an efficient way to create OCI images  while Podman allows | ||||
| you to manage and maintain those images and containers in a production environment using | ||||
| familiar container cli commands.  For more details, see the  | ||||
| [Container Tools Guide](https://github.com/projectatomic/buildah/tree/master/docs/containertools). | ||||
|  | ||||
| ## Example | ||||
|  | ||||
| From [`./examples/lighttpd.sh`](examples/lighttpd.sh): | ||||
|  | ||||
							
								
								
									
										28
									
								
								vendor/github.com/projectatomic/buildah/add.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										28
									
								
								vendor/github.com/projectatomic/buildah/add.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -168,9 +168,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption | ||||
| 			return errors.Wrapf(syscall.ENOENT, "no files found matching %q", src) | ||||
| 		} | ||||
| 		for _, gsrc := range glob { | ||||
| 			srcfi, err := os.Stat(gsrc) | ||||
| 			esrc, err := filepath.EvalSymlinks(gsrc) | ||||
| 			if err != nil { | ||||
| 				return errors.Wrapf(err, "error reading %q", gsrc) | ||||
| 				return errors.Wrapf(err, "error evaluating symlinks %q", gsrc) | ||||
| 			} | ||||
| 			srcfi, err := os.Stat(esrc) | ||||
| 			if err != nil { | ||||
| 				return errors.Wrapf(err, "error reading %q", esrc) | ||||
| 			} | ||||
| 			if srcfi.IsDir() { | ||||
| 				// The source is a directory, so copy the contents of | ||||
| @ -180,13 +184,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption | ||||
| 				if err = idtools.MkdirAllAndChownNew(dest, 0755, hostOwner); err != nil { | ||||
| 					return err | ||||
| 				} | ||||
| 				logrus.Debugf("copying %q to %q", gsrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*") | ||||
| 				if err := copyWithTar(gsrc, dest); err != nil { | ||||
| 					return errors.Wrapf(err, "error copying %q to %q", gsrc, dest) | ||||
| 				logrus.Debugf("copying %q to %q", esrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*") | ||||
| 				if err := copyWithTar(esrc, dest); err != nil { | ||||
| 					return errors.Wrapf(err, "error copying %q to %q", esrc, dest) | ||||
| 				} | ||||
| 				continue | ||||
| 			} | ||||
| 			if !extract || !archive.IsArchivePath(gsrc) { | ||||
| 			if !extract || !archive.IsArchivePath(esrc) { | ||||
| 				// This source is a file, and either it's not an | ||||
| 				// archive, or we don't care whether or not it's an | ||||
| 				// archive. | ||||
| @ -195,16 +199,16 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption | ||||
| 					d = filepath.Join(dest, filepath.Base(gsrc)) | ||||
| 				} | ||||
| 				// Copy the file, preserving attributes. | ||||
| 				logrus.Debugf("copying %q to %q", gsrc, d) | ||||
| 				if err := copyFileWithTar(gsrc, d); err != nil { | ||||
| 					return errors.Wrapf(err, "error copying %q to %q", gsrc, d) | ||||
| 				logrus.Debugf("copying %q to %q", esrc, d) | ||||
| 				if err := copyFileWithTar(esrc, d); err != nil { | ||||
| 					return errors.Wrapf(err, "error copying %q to %q", esrc, d) | ||||
| 				} | ||||
| 				continue | ||||
| 			} | ||||
| 			// We're extracting an archive into the destination directory. | ||||
| 			logrus.Debugf("extracting contents of %q into %q", gsrc, dest) | ||||
| 			if err := untarPath(gsrc, dest); err != nil { | ||||
| 				return errors.Wrapf(err, "error extracting %q into %q", gsrc, dest) | ||||
| 			logrus.Debugf("extracting contents of %q into %q", esrc, dest) | ||||
| 			if err := untarPath(esrc, dest); err != nil { | ||||
| 				return errors.Wrapf(err, "error extracting %q into %q", esrc, dest) | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
							
								
								
									
										5
									
								
								vendor/github.com/projectatomic/buildah/chroot/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										5
									
								
								vendor/github.com/projectatomic/buildah/chroot/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -1075,11 +1075,14 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( | ||||
| 			// The target isn't there yet, so create it, and make a | ||||
| 			// note to remove it later. | ||||
| 			if srcinfo.IsDir() { | ||||
| 				if err = os.Mkdir(target, 0111); err != nil { | ||||
| 				if err = os.MkdirAll(target, 0111); err != nil { | ||||
| 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) | ||||
| 				} | ||||
| 				removes = append(removes, target) | ||||
| 			} else { | ||||
| 				if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil { | ||||
| 					return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target)) | ||||
| 				} | ||||
| 				var file *os.File | ||||
| 				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil { | ||||
| 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) | ||||
|  | ||||
							
								
								
									
										6
									
								
								vendor/github.com/projectatomic/buildah/commit.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								vendor/github.com/projectatomic/buildah/commit.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -171,7 +171,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options | ||||
| 		return errors.Wrapf(err, "error creating new signature policy context") | ||||
| 	} | ||||
| 	// Look up the image. | ||||
| 	src, _, err := util.FindImage(options.Store, "", systemContext, image) | ||||
| 	src, img, err := util.FindImage(options.Store, "", systemContext, image) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| @ -181,7 +181,9 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options | ||||
| 		return errors.Wrapf(err, "error copying layers and metadata") | ||||
| 	} | ||||
| 	if options.ReportWriter != nil { | ||||
| 		fmt.Fprintf(options.ReportWriter, "\n") | ||||
| 		fmt.Fprintf(options.ReportWriter, "") | ||||
| 	} | ||||
| 	digest := "@" + img.Digest.Hex() | ||||
| 	fmt.Printf("Successfully pushed %s%s\n", dest.StringWithinTransport(), digest) | ||||
| 	return nil | ||||
| } | ||||
|  | ||||
							
								
								
									
										31
									
								
								vendor/github.com/projectatomic/buildah/new.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										31
									
								
								vendor/github.com/projectatomic/buildah/new.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -12,6 +12,7 @@ import ( | ||||
| 	"github.com/containers/image/transports/alltransports" | ||||
| 	"github.com/containers/image/types" | ||||
| 	"github.com/containers/storage" | ||||
| 	multierror "github.com/hashicorp/go-multierror" | ||||
| 	"github.com/opencontainers/selinux/go-selinux" | ||||
| 	"github.com/opencontainers/selinux/go-selinux/label" | ||||
| 	"github.com/openshift/imagebuilder" | ||||
| @ -144,6 +145,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | ||||
| 	if err != nil { | ||||
| 		return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage) | ||||
| 	} | ||||
| 	var pullErrors *multierror.Error | ||||
| 	for _, image := range images { | ||||
| 		var err error | ||||
| 		if len(image) >= minimumTruncatedIDLength { | ||||
| @ -158,6 +160,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | ||||
| 		if options.PullPolicy == PullAlways { | ||||
| 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) | ||||
| 			if err != nil { | ||||
| 				pullErrors = multierror.Append(pullErrors, err) | ||||
| 				logrus.Debugf("unable to pull and read image %q: %v", image, err) | ||||
| 				continue | ||||
| 			} | ||||
| @ -169,6 +172,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | ||||
| 		srcRef, err := alltransports.ParseImageName(image) | ||||
| 		if err != nil { | ||||
| 			if options.Transport == "" { | ||||
| 				pullErrors = multierror.Append(pullErrors, err) | ||||
| 				logrus.Debugf("error parsing image name %q: %v", image, err) | ||||
| 				continue | ||||
| 			} | ||||
| @ -178,6 +182,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | ||||
| 			} | ||||
| 			srcRef2, err := alltransports.ParseImageName(transport + image) | ||||
| 			if err != nil { | ||||
| 				pullErrors = multierror.Append(pullErrors, err) | ||||
| 				logrus.Debugf("error parsing image name %q: %v", image, err) | ||||
| 				continue | ||||
| 			} | ||||
| @ -199,11 +204,13 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | ||||
| 		img, err = is.Transport.GetStoreImage(store, ref) | ||||
| 		if err != nil { | ||||
| 			if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy != PullIfMissing { | ||||
| 				pullErrors = multierror.Append(pullErrors, err) | ||||
| 				logrus.Debugf("no such image %q: %v", transports.ImageName(ref), err) | ||||
| 				continue | ||||
| 			} | ||||
| 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) | ||||
| 			if err != nil { | ||||
| 				pullErrors = multierror.Append(pullErrors, err) | ||||
| 				logrus.Debugf("unable to pull and read image %q: %v", image, err) | ||||
| 				continue | ||||
| 			} | ||||
| @ -212,6 +219,11 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | ||||
| 		} | ||||
| 		break | ||||
| 	} | ||||
|  | ||||
| 	if img == nil && pullErrors != nil { | ||||
| 		return nil, nil, pullErrors | ||||
| 	} | ||||
|  | ||||
| 	return ref, img, nil | ||||
| } | ||||
|  | ||||
| @ -262,26 +274,23 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions | ||||
| 	if options.Container != "" { | ||||
| 		name = options.Container | ||||
| 	} else { | ||||
| 		var err2 error | ||||
| 		if image != "" { | ||||
| 			name = imageNamePrefix(image) + "-" + name | ||||
| 		} | ||||
| 		suffix := 1 | ||||
| 		tmpName := name | ||||
| 		for errors.Cause(err2) != storage.ErrContainerUnknown { | ||||
| 			_, err2 = store.Container(tmpName) | ||||
| 			if err2 == nil { | ||||
| 				suffix++ | ||||
| 				tmpName = fmt.Sprintf("%s-%d", name, suffix) | ||||
| 			} | ||||
| 		} | ||||
| 		name = tmpName | ||||
| 	} | ||||
|  | ||||
| 	coptions := storage.ContainerOptions{} | ||||
| 	coptions.IDMappingOptions = newContainerIDMappingOptions(options.IDMappingOptions) | ||||
|  | ||||
| 	container, err := store.CreateContainer("", []string{name}, imageID, "", "", &coptions) | ||||
| 	suffix := 1 | ||||
| 	for err != nil && errors.Cause(err) == storage.ErrDuplicateName && options.Container == "" { | ||||
| 		suffix++ | ||||
| 		tmpName := fmt.Sprintf("%s-%d", name, suffix) | ||||
| 		if container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions); err == nil { | ||||
| 			name = tmpName | ||||
| 		} | ||||
| 	} | ||||
| 	if err != nil { | ||||
| 		return nil, errors.Wrapf(err, "error creating container") | ||||
| 	} | ||||
|  | ||||
							
								
								
									
										8
									
								
								vendor/github.com/projectatomic/buildah/pull.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								vendor/github.com/projectatomic/buildah/pull.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -190,8 +190,8 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio | ||||
| 	}() | ||||
|  | ||||
| 	logrus.Debugf("copying %q to %q", spec, destName) | ||||
| 	err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, "")) | ||||
| 	if err == nil { | ||||
| 	pullError := cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, "")) | ||||
| 	if pullError == nil { | ||||
| 		return destRef, nil | ||||
| 	} | ||||
|  | ||||
| @ -206,9 +206,9 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	if !hasRegistryInName && len(searchRegistries) == 0 { | ||||
| 		return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s.", registryPath) | ||||
| 		return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s: %s", registryPath, pullError) | ||||
| 	} | ||||
| 	return nil, errors.Errorf("unable to find image in the registries defined in %q", registryPath) | ||||
| 	return nil, pullError | ||||
| } | ||||
|  | ||||
| // getImageDigest creates an image object and uses the hex value of the digest as the image ID | ||||
|  | ||||
							
								
								
									
										4
									
								
								vendor/github.com/projectatomic/buildah/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								vendor/github.com/projectatomic/buildah/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -868,9 +868,11 @@ func (b *Builder) configureUIDGID(g *generate.Generator, mountPoint string, opti | ||||
| 		g.AddProcessAdditionalGid(gid) | ||||
| 	} | ||||
|  | ||||
| 	// Remove capabilities if not running as root | ||||
| 	// Remove capabilities if not running as root except Bounding set | ||||
| 	if user.UID != 0 { | ||||
| 		bounding := g.Config.Process.Capabilities.Bounding | ||||
| 		g.ClearProcessCapabilities() | ||||
| 		g.Config.Process.Capabilities.Bounding = bounding | ||||
| 	} | ||||
|  | ||||
| 	return nil | ||||
|  | ||||
							
								
								
									
										6
									
								
								vendor/github.com/projectatomic/buildah/vendor.conf
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								vendor/github.com/projectatomic/buildah/vendor.conf
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -4,8 +4,8 @@ github.com/BurntSushi/toml master | ||||
| github.com/containerd/continuity master | ||||
| github.com/containernetworking/cni v0.7.0-alpha1 | ||||
| github.com/seccomp/containers-golang master | ||||
| github.com/containers/image 5df44e095ed826fbe2beeaabb329c749d7d6c3b6 | ||||
| github.com/containers/storage 9fcbb57eb6c732e7b67003bb8ed861f169d33d63 | ||||
| github.com/containers/image d8b5cf2b804a48489e5203d51254ef576794049d | ||||
| github.com/containers/storage 243c4cd616afdf06b4a975f18c4db083d26b1641 | ||||
| github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 | ||||
| github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 | ||||
| github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 | ||||
| @ -42,7 +42,7 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 | ||||
| github.com/pborman/uuid master | ||||
| github.com/pkg/errors master | ||||
| github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac | ||||
| github.com/containers/libpod d20f3a51463ce75d139dd830e19a173906b0b0cb | ||||
| github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75 | ||||
| github.com/sirupsen/logrus master | ||||
| github.com/syndtr/gocapability master | ||||
| github.com/tchap/go-patricia master | ||||
|  | ||||
		Reference in New Issue
	
	Block a user