Vendor Buildah 1.10.1

As the title says, vendor Buildah v1.10.1 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2025-12-04 04:09:40 +08:00 · 2019-08-08 16:05:35 -04:00
parent 09cedd152d
commit 711474d92e
74 changed files with 3343 additions and 301 deletions
--- a/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go
+++ b/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go
@@ -414,8 +414,8 @@ func saveStream(wg *sync.WaitGroup, decompressReader io.ReadCloser, tempFile *os
 	}
 }

-func (s *blobCacheDestination) HasThreadSafePutBlob() bool {
-	return s.destination.HasThreadSafePutBlob()
+func (d *blobCacheDestination) HasThreadSafePutBlob() bool {
+	return d.destination.HasThreadSafePutBlob()
 }

 func (d *blobCacheDestination) PutBlob(ctx context.Context, stream io.Reader, inputInfo types.BlobInfo, cache types.BlobInfoCache, isConfig bool) (types.BlobInfo, error) {
--- a/vendor/github.com/containers/buildah/pkg/cli/common.go
+++ b/vendor/github.com/containers/buildah/pkg/cli/common.go
@@ -71,7 +71,7 @@ type BudResults struct {
 	Squash              bool
 	Tag                 []string
 	Target              string
-	TlsVerify           bool
+	TLSVerify           bool
 }

 // FromAndBugResults represents the results for common flags
@@ -90,7 +90,7 @@ type FromAndBudResults struct {
 	DNSSearch    []string
 	DNSServers   []string
 	DNSOptions   []string
-	HttpProxy    bool
+	HTTPProxy    bool
 	Isolation    string
 	Memory       string
 	MemorySwap   string
@@ -166,7 +166,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet {
 	fs.BoolVar(&flags.Squash, "squash", false, "Squash newly built layers into a single new layer.")
 	fs.StringArrayVarP(&flags.Tag, "tag", "t", []string{}, "tagged `name` to apply to the built image")
 	fs.StringVar(&flags.Target, "target", "", "set the target build stage to build")
-	fs.BoolVar(&flags.TlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
+	fs.BoolVar(&flags.TLSVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
 	return fs
 }

@@ -188,7 +188,7 @@ func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults,
 	fs.StringSliceVar(&flags.DNSSearch, "dns-search", []string{}, "Set custom DNS search domains")
 	fs.StringSliceVar(&flags.DNSServers, "dns", []string{}, "Set custom DNS servers")
 	fs.StringSliceVar(&flags.DNSOptions, "dns-option", []string{}, "Set custom DNS options")
-	fs.BoolVar(&flags.HttpProxy, "http-proxy", true, "pass thru HTTP Proxy environment variables")
+	fs.BoolVar(&flags.HTTPProxy, "http-proxy", true, "pass thru HTTP Proxy environment variables")
 	fs.StringVar(&flags.Isolation, "isolation", DefaultIsolation(), "`type` of process isolation to use. Use BUILDAH_ISOLATION environment variable to override.")
 	fs.StringVarP(&flags.Memory, "memory", "m", "", "memory limit (format: <number>[<unit>], where unit = b, k, m or g)")
 	fs.StringVar(&flags.MemorySwap, "memory-swap", "", "swap limit equal to memory plus swap: '-1' to enable unlimited swap")
--- a/vendor/github.com/containers/buildah/pkg/overlay/overlay.go
+++ b/vendor/github.com/containers/buildah/pkg/overlay/overlay.go
@@ -4,21 +4,24 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"

+	"github.com/containers/buildah/pkg/unshare"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
 )

 // MountTemp creates a subdir of the contentDir based on the source directory
-// from the source system.  It then mounds up the source directory on to the
+// from the source system.  It then mounts up the source directory on to the
 // generated mount point and returns the mount point to the caller.
-func MountTemp(store storage.Store, containerId, source, dest string, rootUID, rootGID int) (mount specs.Mount, contentDir string, Err error) {
+func MountTemp(store storage.Store, containerID, source, dest string, rootUID, rootGID int) (mount specs.Mount, contentDir string, Err error) {

-	containerDir, err := store.ContainerDirectory(containerId)
+	containerDir, err := store.ContainerDirectory(containerID)
 	if err != nil {
 		return mount, "", err
 	}
@@ -46,10 +49,55 @@ func MountTemp(store storage.Store, containerId, source, dest string, rootUID, r
 		return mount, "", errors.Wrapf(err, "failed to create the overlay %s directory", workDir)
 	}

+	overlayOptions := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s,private", source, upperDir, workDir)
+
+	if unshare.IsRootless() {
+		mountProgram := ""
+
+		mountMap := map[string]bool{
+			".mount_program":         true,
+			"overlay.mount_program":  true,
+			"overlay2.mount_program": true,
+		}
+
+		for _, i := range store.GraphOptions() {
+			s := strings.SplitN(i, "=", 2)
+			if len(s) != 2 {
+				continue
+			}
+			k := s[0]
+			v := s[1]
+			if mountMap[k] {
+				mountProgram = v
+				break
+			}
+		}
+		if mountProgram != "" {
+			mergeDir := filepath.Join(contentDir, "merge")
+
+			if err := idtools.MkdirAllAs(mergeDir, 0700, rootUID, rootGID); err != nil {
+				return mount, "", errors.Wrapf(err, "failed to create the overlay %s directory", mergeDir)
+			}
+
+			cmd := exec.Command(mountProgram, "-o", overlayOptions, mergeDir)
+
+			if err := cmd.Run(); err != nil {
+				return mount, "", errors.Wrapf(err, "exec %s", mountProgram)
+			}
+
+			mount.Source = mergeDir
+			mount.Destination = dest
+			mount.Type = "bind"
+			mount.Options = []string{"bind", "slave"}
+			return mount, contentDir, nil
+		}
+		/* If a mount_program is not specified, fallback to try mount native overlay.  */
+	}
+
 	mount.Source = "overlay"
 	mount.Destination = dest
 	mount.Type = "overlay"
-	mount.Options = strings.Split(fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s,private", source, upperDir, workDir), ",")
+	mount.Options = strings.Split(overlayOptions, ",")

 	return mount, contentDir, nil
 }
@@ -57,6 +105,14 @@ func MountTemp(store storage.Store, containerId, source, dest string, rootUID, r
 // RemoveTemp removes temporary mountpoint and all content from its parent
 // directory
 func RemoveTemp(contentDir string) error {
+	if unshare.IsRootless() {
+		mergeDir := filepath.Join(contentDir, "merge")
+		if err := unix.Unmount(mergeDir, 0); err != nil {
+			if !os.IsNotExist(err) {
+				return errors.Wrapf(err, "unmount overlay %s", mergeDir)
+			}
+		}
+	}
 	return os.RemoveAll(contentDir)
 }

@@ -64,6 +120,15 @@ func RemoveTemp(contentDir string) error {
 // directory
 func CleanupContent(containerDir string) (Err error) {
 	contentDir := filepath.Join(containerDir, "overlay")
+
+	if unshare.IsRootless() {
+		mergeDir := filepath.Join(contentDir, "merge")
+		if err := unix.Unmount(mergeDir, 0); err != nil {
+			if !os.IsNotExist(err) {
+				return errors.Wrapf(err, "unmount overlay %s", mergeDir)
+			}
+		}
+	}
 	if err := os.RemoveAll(contentDir); err != nil && !os.IsNotExist(err) {
 		return errors.Wrapf(err, "failed to cleanup overlay %s directory", contentDir)
 	}
--- a/vendor/github.com/containers/buildah/pkg/parse/parse.go
+++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go
@@ -14,7 +14,6 @@ import (
 	"unicode"

 	"github.com/containers/buildah"
-	"github.com/containers/buildah/pkg/unshare"
 	"github.com/containers/image/types"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/docker/go-units"
@@ -104,7 +103,7 @@ func CommonBuildOptions(c *cobra.Command) (*buildah.CommonBuildOptions, error) {
 		return nil, errors.Wrapf(err, "invalid --shm-size")
 	}
 	volumes, _ := c.Flags().GetStringSlice("volume")
-	if err := ParseVolumes(volumes); err != nil {
+	if err := Volumes(volumes); err != nil {
 		return nil, err
 	}
 	cpuPeriod, _ := c.Flags().GetUint64("cpu-period")
@@ -179,8 +178,8 @@ func parseSecurityOpts(securityOpts []string, commonOpts *buildah.CommonBuildOpt
 	return nil
 }

-// ParseVolume parses the input of --volume
-func ParseVolume(volume string) (specs.Mount, error) {
+// Volume parses the input of --volume
+func Volume(volume string) (specs.Mount, error) {
 	mount := specs.Mount{}
 	arr := strings.SplitN(volume, ":", 3)
 	if len(arr) < 2 {
@@ -207,13 +206,13 @@ func ParseVolume(volume string) (specs.Mount, error) {
 	return mount, nil
 }

-// ParseVolumes validates the host and container paths passed in to the --volume flag
-func ParseVolumes(volumes []string) error {
+// Volumes validates the host and container paths passed in to the --volume flag
+func Volumes(volumes []string) error {
 	if len(volumes) == 0 {
 		return nil
 	}
 	for _, volume := range volumes {
-		if _, err := ParseVolume(volume); err != nil {
+		if _, err := Volume(volume); err != nil {
 			return err
 		}
 	}
@@ -224,7 +223,7 @@ func getVolumeMounts(volumes []string) (map[string]specs.Mount, error) {
 	finalVolumeMounts := make(map[string]specs.Mount)

 	for _, volume := range volumes {
-		volumeMount, err := ParseVolume(volume)
+		volumeMount, err := Volume(volume)
 		if err != nil {
 			return nil, err
 		}
@@ -473,9 +472,6 @@ func ValidateVolumeOpts(options []string) ([]string, error) {
 			}
 			foundRWRO++
 		case "z", "Z", "O":
-			if opt == "O" && unshare.IsRootless() {
-				return nil, errors.Errorf("invalid options %q, overlay mounts not supported in rootless mode", strings.Join(options, ", "))
-			}
 			if foundLabelChange > 1 {
 				return nil, errors.Errorf("invalid options %q, can only specify 1 'z', 'Z', or 'O' option", strings.Join(options, ", "))
 			}