Bump to Buildah v1.40.0

Bumps to Buildah v1.40.0 and adds the `--inherits-labels` option to build and farm build man pages. Also turn off the inherit-labels option test for now as it seems to be rathr unhappy. Issue for inherit-labels test failure: https://github.com/containers/podman/issues/25938 Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2025-11-30 18:18:18 +08:00 · 2025-04-21 15:45:26 -04:00
parent a3e132055d
commit 76b07dd48d
54 changed files with 661 additions and 305 deletions
--- a/vendor/github.com/containers/buildah/internal/config/convert.go
+++ b/vendor/github.com/containers/buildah/internal/config/convert.go
@@ -1,6 +1,7 @@
 package config

 import (
+	"maps"
 	"slices"

 	"github.com/containers/image/v5/manifest"
@@ -25,9 +26,7 @@ func Schema2ConfigFromGoDockerclientConfig(config *dockerclient.Config) *manifes
 		}
 	}
 	labels := make(map[string]string)
-	for k, v := range config.Labels {
-		labels[k] = v
-	}
+	maps.Copy(labels, config.Labels)
 	volumes := make(map[string]struct{})
 	for v := range config.Volumes {
 		volumes[v] = struct{}{}
@@ -82,9 +81,7 @@ func GoDockerclientConfigFromSchema2Config(s2config *manifest.Schema2Config) *do
 		}
 	}
 	labels := make(map[string]string)
-	for k, v := range s2config.Labels {
-		labels[k] = v
-	}
+	maps.Copy(labels, s2config.Labels)
 	volumes := make(map[string]struct{})
 	for v := range s2config.Volumes {
 		volumes[v] = struct{}{}
@@ -101,17 +98,17 @@ func GoDockerclientConfigFromSchema2Config(s2config *manifest.Schema2Config) *do
 		Tty:             s2config.Tty,
 		OpenStdin:       s2config.OpenStdin,
 		StdinOnce:       s2config.StdinOnce,
-		Env:             append([]string{}, s2config.Env...),
-		Cmd:             append([]string{}, s2config.Cmd...),
+		Env:             slices.Clone(s2config.Env),
+		Cmd:             slices.Clone(s2config.Cmd),
 		Healthcheck:     healthCheck,
 		ArgsEscaped:     s2config.ArgsEscaped,
 		Image:           s2config.Image,
 		Volumes:         volumes,
 		WorkingDir:      s2config.WorkingDir,
-		Entrypoint:      append([]string{}, s2config.Entrypoint...),
+		Entrypoint:      slices.Clone(s2config.Entrypoint),
 		NetworkDisabled: s2config.NetworkDisabled,
 		MacAddress:      s2config.MacAddress,
-		OnBuild:         append([]string{}, s2config.OnBuild...),
+		OnBuild:         slices.Clone(s2config.OnBuild),
 		Labels:          labels,
 		StopSignal:      s2config.StopSignal,
 		Shell:           s2config.Shell,
--- a/vendor/github.com/containers/buildah/internal/config/override.go
+++ b/vendor/github.com/containers/buildah/internal/config/override.go
@@ -3,6 +3,7 @@ package config
 import (
 	"fmt"
 	"os"
+	"slices"
 	"strings"

 	"github.com/containers/buildah/docker"
@@ -24,9 +25,9 @@ func firstStringElseSecondString(first, second string) string {
 // slice of strings if it has contents, else the second slice
 func firstSliceElseSecondSlice(first, second []string) []string {
 	if len(first) > 0 {
-		return append([]string{}, first...)
+		return slices.Clone(first)
 	}
-	return append([]string{}, second...)
+	return slices.Clone(second)
 }

 // firstSlicePairElseSecondSlicePair takes two pairs of string slices, and
@@ -34,9 +35,9 @@ func firstSliceElseSecondSlice(first, second []string) []string {
 // pair
 func firstSlicePairElseSecondSlicePair(firstA, firstB, secondA, secondB []string) ([]string, []string) {
 	if len(firstA) > 0 || len(firstB) > 0 {
-		return append([]string{}, firstA...), append([]string{}, firstB...)
+		return slices.Clone(firstA), slices.Clone(firstB)
 	}
-	return append([]string{}, secondA...), append([]string{}, secondB...)
+	return slices.Clone(secondA), slices.Clone(secondB)
 }

 // mergeEnv combines variables from a and b into a single environment slice. if
@@ -45,7 +46,7 @@ func firstSlicePairElseSecondSlicePair(firstA, firstB, secondA, secondB []string
 func mergeEnv(a, b []string) []string {
 	index := make(map[string]int)
 	results := make([]string, 0, len(a)+len(b))
-	for _, kv := range append(append([]string{}, a...), b...) {
+	for _, kv := range slices.Concat(a, b) {
 		k, _, specifiesValue := strings.Cut(kv, "=")
 		if !specifiesValue {
 			if value, ok := os.LookupEnv(kv); ok {
@@ -134,7 +135,7 @@ func Override(dconfig *docker.Config, oconfig *v1.ImageConfig, overrideChanges [
 		oconfig.Entrypoint, oconfig.Cmd = firstSlicePairElseSecondSlicePair(overrideConfig.Entrypoint, overrideConfig.Cmd, oconfig.Entrypoint, oconfig.Cmd)
 		if overrideConfig.Healthcheck != nil {
 			dconfig.Healthcheck = &docker.HealthConfig{
-				Test:        append([]string{}, overrideConfig.Healthcheck.Test...),
+				Test:        slices.Clone(overrideConfig.Healthcheck.Test),
 				Interval:    overrideConfig.Healthcheck.Interval,
 				Timeout:     overrideConfig.Healthcheck.Timeout,
 				StartPeriod: overrideConfig.Healthcheck.StartPeriod,
--- a/vendor/github.com/containers/buildah/internal/mkcw/types/attest.go
+++ b/vendor/github.com/containers/buildah/internal/mkcw/types/attest.go
@@ -26,17 +26,18 @@ type TeeConfigFlags struct {
 // TeeConfigFlagBits are bits representing run-time expectations.
 type TeeConfigFlagBits int

+//nolint:revive,staticcheck // Don't warn about bad naming.
 const (
-	SEV_CONFIG_NO_DEBUG        TeeConfigFlagBits = 0b00000001 //revive:disable-line:var-naming no debugging of guests
-	SEV_CONFIG_NO_KEY_SHARING  TeeConfigFlagBits = 0b00000010 //revive:disable-line:var-naming no sharing keys between guests
-	SEV_CONFIG_ENCRYPTED_STATE TeeConfigFlagBits = 0b00000100 //revive:disable-line:var-naming requires SEV-ES
-	SEV_CONFIG_NO_SEND         TeeConfigFlagBits = 0b00001000 //revive:disable-line:var-naming no transferring the guest to another platform
-	SEV_CONFIG_DOMAIN          TeeConfigFlagBits = 0b00010000 //revive:disable-line:var-naming no transferring the guest out of the domain (?)
-	SEV_CONFIG_SEV             TeeConfigFlagBits = 0b00100000 //revive:disable-line:var-naming no transferring the guest to non-SEV platforms
-	SNP_CONFIG_SMT             TeeConfigFlagBits = 0b00000001 //revive:disable-line:var-naming SMT is enabled on the host machine
-	SNP_CONFIG_MANDATORY       TeeConfigFlagBits = 0b00000010 //revive:disable-line:var-naming reserved bit which should always be set
-	SNP_CONFIG_MIGRATE_MA      TeeConfigFlagBits = 0b00000100 //revive:disable-line:var-naming allowed to use a migration agent
-	SNP_CONFIG_DEBUG           TeeConfigFlagBits = 0b00001000 //revive:disable-line:var-naming allow debugging
+	SEV_CONFIG_NO_DEBUG        TeeConfigFlagBits = 0b00000001 // no debugging of guests
+	SEV_CONFIG_NO_KEY_SHARING  TeeConfigFlagBits = 0b00000010 // no sharing keys between guests
+	SEV_CONFIG_ENCRYPTED_STATE TeeConfigFlagBits = 0b00000100 // requires SEV-ES
+	SEV_CONFIG_NO_SEND         TeeConfigFlagBits = 0b00001000 // no transferring the guest to another platform
+	SEV_CONFIG_DOMAIN          TeeConfigFlagBits = 0b00010000 // no transferring the guest out of the domain (?)
+	SEV_CONFIG_SEV             TeeConfigFlagBits = 0b00100000 // no transferring the guest to non-SEV platforms
+	SNP_CONFIG_SMT             TeeConfigFlagBits = 0b00000001 // SMT is enabled on the host machine
+	SNP_CONFIG_MANDATORY       TeeConfigFlagBits = 0b00000010 // reserved bit which should always be set
+	SNP_CONFIG_MIGRATE_MA      TeeConfigFlagBits = 0b00000100 // allowed to use a migration agent
+	SNP_CONFIG_DEBUG           TeeConfigFlagBits = 0b00001000 // allow debugging
 )

 // TeeConfigFlagMinFW corresponds to a minimum version of the kernel+initrd
--- a/vendor/github.com/containers/buildah/internal/mkcw/types/workload.go
+++ b/vendor/github.com/containers/buildah/internal/mkcw/types/workload.go
@@ -28,7 +28,8 @@ type SnpWorkloadData struct {
 	Generation string `json:"gen"` // "milan" (naples=1, rome=2, milan=3, genoa/bergamo/siena=4, turin=5)
 }

+//nolint:revive,staticcheck // Don't warn about bad naming.
 const (
 	// SEV_NO_ES is a known trusted execution environment type: AMD-SEV (secure encrypted virtualization without encrypted state, requires epyc 1000 "naples")
-	SEV_NO_ES define.TeeType = "sev_no_es" //revive:disable-line:var-naming
+	SEV_NO_ES define.TeeType = "sev_no_es"
 )
--- a/vendor/github.com/containers/buildah/internal/mkcw/workload.go
+++ b/vendor/github.com/containers/buildah/internal/mkcw/workload.go
@@ -28,18 +28,23 @@ type (
 const (
 	maxWorkloadConfigSize    = 1024 * 1024
 	preferredPaddingBoundary = 4096
-	// SEV is a known trusted execution environment type: AMD-SEV
-	SEV = define.SEV
-	// SEV_NO_ES is a known trusted execution environment type: AMD-SEV without encrypted state
-	SEV_NO_ES = types.SEV_NO_ES //revive:disable-line:var-naming
-	// SNP is a known trusted execution environment type: AMD-SNP
-	SNP = define.SNP
+
 	// krun looks for its configuration JSON directly in a disk image if the last twelve bytes
 	// of the disk image are this magic value followed by a little-endian 64-bit
 	// length-of-the-configuration
 	krunMagic = "KRUN"
 )

+//nolint:revive,staticcheck
+const (
+	// SEV is a known trusted execution environment type: AMD-SEV
+	SEV = define.SEV
+	// SEV_NO_ES is a known trusted execution environment type: AMD-SEV without encrypted state
+	SEV_NO_ES = types.SEV_NO_ES
+	// SNP is a known trusted execution environment type: AMD-SNP
+	SNP = define.SNP
+)
+
 // ReadWorkloadConfigFromImage reads the workload configuration from the
 // specified disk image file
 func ReadWorkloadConfigFromImage(path string) (WorkloadConfig, error) {
--- a/vendor/github.com/containers/buildah/internal/sbom/presets.go
+++ b/vendor/github.com/containers/buildah/internal/sbom/presets.go
@@ -1,6 +1,10 @@
 package sbom

-import "github.com/containers/buildah/define"
+import (
+	"slices"
+
+	"github.com/containers/buildah/define"
+)

 // Preset returns a predefined SBOMScanOptions structure that has the passed-in
 // name as one of its "Type" values.
@@ -55,10 +59,8 @@ func Preset(name string) (preset *define.SBOMScanOptions, err error) {
 		},
 	}
 	for _, preset := range presets {
-		for _, presetName := range preset.Type {
-			if presetName == name {
-				return &preset, nil
-			}
+		if slices.Contains(preset.Type, name) {
+			return &preset, nil
 		}
 	}
 	return nil, nil