Merge pull request #22797 from TomSweeneyRedHat/dev/tsweeney/buildah-1.36.0

Bump Buildah to v1.36.0

go.mod

@@ -13,8 +13,8 @@ require (
 	github.com/checkpoint-restore/checkpointctl v1.1.0
 	github.com/checkpoint-restore/go-criu/v7 v7.1.0
 	github.com/containernetworking/plugins v1.5.0
-	github.com/containers/buildah v1.35.1-0.20240510150258-77f239ae12e5
-	github.com/containers/common v0.58.1-0.20240523020001-79d954c77663
+	github.com/containers/buildah v1.36.0
+	github.com/containers/common v0.59.0
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/gvisor-tap-vsock v0.7.4-0.20240515153903-01a1a0cd3f70
 	github.com/containers/image/v5 v5.31.0
@@ -60,7 +60,7 @@ require (
 	github.com/opencontainers/runtime-spec v1.2.0
 	github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc
 	github.com/opencontainers/selinux v1.11.0
-	github.com/openshift/imagebuilder v1.2.7
+	github.com/openshift/imagebuilder v1.2.9
 	github.com/rootless-containers/rootlesskit/v2 v2.1.0
 	github.com/shirou/gopsutil/v3 v3.24.4
 	github.com/sirupsen/logrus v1.9.3
@@ -105,7 +105,7 @@ require (
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/containernetworking/cni v1.1.2 // indirect
 	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
-	github.com/containers/luksy v0.0.0-20240408185936-afd8e7619947 // indirect
+	github.com/containers/luksy v0.0.0-20240506205542-84b50f50f3ee // indirect
 	github.com/coreos/go-oidc/v3 v3.10.0 // indirect
 	github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect
@@ -116,7 +116,7 @@ require (
 	github.com/docker/docker-credential-helpers v0.8.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fsouza/go-dockerclient v1.10.1 // indirect
+	github.com/fsouza/go-dockerclient v1.11.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/gin-gonic/gin v1.9.1 // indirect

go.sum

@@ -77,10 +77,10 @@ github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl3
 github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
 github.com/containernetworking/plugins v1.5.0 h1:P09DMlfvvsLSskDoftnuwXY7lwa7IAhTGznZxA5E8fk=
 github.com/containernetworking/plugins v1.5.0/go.mod h1:bcXMvG9gWGc6jVXeodmMzuXmXqpqMguZm6Zu/oIr7AA=
-github.com/containers/buildah v1.35.1-0.20240510150258-77f239ae12e5 h1:xtKtw/g2iDkirqSw6Dvvc2ZMPxBYhyN9xPdH81a7hO4=
-github.com/containers/buildah v1.35.1-0.20240510150258-77f239ae12e5/go.mod h1:ezOOMchy0Dcu/jKNNsTJbtxvOrhdogVkbG+UxkG77EY=
-github.com/containers/common v0.58.1-0.20240523020001-79d954c77663 h1:uuVZV1SZO4Mdtiyngf91HytchzlXPW90F8weyXk71hY=
-github.com/containers/common v0.58.1-0.20240523020001-79d954c77663/go.mod h1:53VicJCZ2AD0O+Br7VVoyrS7viXF4YmwlTIocWUT8XE=
+github.com/containers/buildah v1.36.0 h1:e369nE9bx0yJtPVRDMsbr0OzkW59XCYAl+5poGhFjcs=
+github.com/containers/buildah v1.36.0/go.mod h1:qlEF4RuCnzEUTQhAnCyGr5WoYNZaU0k2mPcZscUR//c=
+github.com/containers/common v0.59.0 h1:fy9Jz0B7Qs1C030bm73YJtVddaiFSZD3558EV1tgN2g=
+github.com/containers/common v0.59.0/go.mod h1:53VicJCZ2AD0O+Br7VVoyrS7viXF4YmwlTIocWUT8XE=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/gvisor-tap-vsock v0.7.4-0.20240515153903-01a1a0cd3f70 h1:aACcXSIgcuPq5QdNZZ8B53BCdhqYvw33/8QmZWJATvg=
@@ -91,8 +91,8 @@ github.com/containers/libhvee v0.7.1 h1:dWGF5GLq9DZvXo3P8aDp3cNieL5eCaSell4UmeA/
 github.com/containers/libhvee v0.7.1/go.mod h1:fRKB3AyIqHMvq6xaeYhTpckM2cdoq0oecolyoiuLP7M=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
-github.com/containers/luksy v0.0.0-20240408185936-afd8e7619947 h1:LDm12XWmz7PQ9K6iy70m+tGxNlr39KcxFVc8CSnMT+I=
-github.com/containers/luksy v0.0.0-20240408185936-afd8e7619947/go.mod h1:DeMi9C2WxgZtJLpBGd175oGZwX/pOmZ6xJVhA5XAG/g=
+github.com/containers/luksy v0.0.0-20240506205542-84b50f50f3ee h1:QU6XNrPcxyGejcEYJfpIH7LwB+yXVbb0tWxf7mZxfN4=
+github.com/containers/luksy v0.0.0-20240506205542-84b50f50f3ee/go.mod h1:cEhy3LVQzQqf/BHx0WS6CXmZp+RZZaUKmhQaFZ4NiiU=
 github.com/containers/ocicrypt v1.1.10 h1:r7UR6o8+lyhkEywetubUUgcKFjOWOaWz8cEBrCPX0ic=
 github.com/containers/ocicrypt v1.1.10/go.mod h1:YfzSSr06PTHQwSTUKqDSjish9BeW1E4HUmreluQcMd8=
 github.com/containers/psgo v1.9.0 h1:eJ74jzSaCHnWt26OlKZROSyUyRcGDf+gYBdXnxrMW4g=
@@ -163,8 +163,8 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/fsouza/go-dockerclient v1.10.1 h1:bSU5Wu2ARdub+iv9VtoDsN8yBUI0vgflmshbeQLKhvc=
-github.com/fsouza/go-dockerclient v1.10.1/go.mod h1:dyzGriw6v3pK4O4O1u/X+vXxDDsrnLLkCqYkcLsDq2k=
+github.com/fsouza/go-dockerclient v1.11.0 h1:4ZAk6W7rPAtPXm7198EFqA5S68rwnNQORxlOA5OurCA=
+github.com/fsouza/go-dockerclient v1.11.0/go.mod h1:0I3TQCRseuPTzqlY4Y3ajfsg2VAdMQoazrkxJTiJg8s=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -416,8 +416,8 @@ github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc h1:
 github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc/go.mod h1:8tx1helyqhUC65McMm3x7HmOex8lO2/v9zPuxmKHurs=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
-github.com/openshift/imagebuilder v1.2.7 h1:IJUrZ59iW8ekX8XONlyUyJTQHlkkXtKFvb6bpKWXwz0=
-github.com/openshift/imagebuilder v1.2.7/go.mod h1:Q7R8nLg2rziREGN1iZuXBcVv7LI8m5GLEOFQMcqtmsg=
+github.com/openshift/imagebuilder v1.2.9 h1:830/kg5FWtpLsQ6JcCQ23qOeb/KfzMK66pai544rAUI=
+github.com/openshift/imagebuilder v1.2.9/go.mod h1:KkkXOyRjJlZEXWQtHNBNzVHqh4vf/0xX5cDIQ2gr+5I=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=

vendor/github.com/containers/buildah/CHANGELOG.md

@@ -2,6 +2,65 @@
 
 # Changelog
 
+## v1.36.0 (2024-05-23)
+
+    build: be more selective about specifying the default OS
+    Bump to c/common v0.59.0
+    Fix buildah prune --help showing the same example twice
+    fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0
+    fix(deps): update module github.com/containers/image/v5 to v5.31.0
+    bud tests: fix breakage when vendoring into podman
+    Integration tests: fake up a replacement for nixery.dev/shell
+    copierWithSubprocess(): try to capture stderr on io.ErrClosedPipe
+    Don't expand RUN heredocs ourselves, let the shell do it
+    Don't leak temp files on failures
+    Add release note template to split dependency chores
+    fix CentOS/RHEL build - no BATS there
+    fix(deps): update module github.com/containers/luksy to v0.0.0-20240506205542-84b50f50f3ee
+    Address CVE-2024-3727
+    chore(deps): update module github.com/opencontainers/runtime-spec to v1.2.0
+    Builder.cdiSetupDevicesInSpecdefConfig(): use configured CDI dirs
+    Setting --arch should set the TARGETARCH build arg
+    fix(deps): update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f
+    [CI:DOCS] Add link to Buildah image page to README.md
+    Don't set GOTOOLCHAIN=local
+    fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.5
+    Makefile: set GOTOOLCHAIN=local
+    Integration tests: switch some base images
+    containerImageRef.NewImageSource: merge the tar filters
+    fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.2
+    fix(deps): update module github.com/containers/luksy to v0.0.0-20240408185936-afd8e7619947
+    Disable packit builds for centos-stream+epel-next-8
+    Makefile: add missing files to $(SOURCES)
+    CI VMs: bump to new versions with tmpfs /tmp
+    chore(deps): update module golang.org/x/net to v0.23.0 [security]
+    integration test: handle new labels in "bud and test --unsetlabel"
+    Switch packit configuration to use epel-9-$arch ...
+    Give unit tests a bit more time
+    Integration tests: remove a couple of duplicated tests
+    Integration tests: whitespace tweaks
+    Integration tests: don't remove images at start or end of test
+    Integration tests: use cached images more
+    Integration tests _prefetch: use registry configs
+    internal: use fileutils.(Le|E)xists
+    pkg/parse: use fileutils.(Le|E)xists
+    buildah: use fileutils.(Le|E)xists
+    chroot: use fileutils.(Le|E)xists
+    vendor: update containers/(common|storage)
+    Fix issue/pr lock workflow
+    [CI:DOCS] Add golang 1.21 update warning
+    heredoc: honor inline COPY irrespective of ignorefiles
+    Update install.md
+    source-push: add support for --digestfile
+    Fix caching when mounting a cached stage with COPY/ADD
+    fix(deps): update github.com/containers/luksy digest to 3d2cf0e
+    Makefile: softcode `strip`, use it from env var
+    Man page updates
+    Add support for passing CDI specs to --device
+    Update comments on some API objects
+    pkg/parse.DeviceFromPath(): dereference src symlinks
+    fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
+
 ## v1.35.0 (2024-03-06)
 
     fix(deps): update module github.com/stretchr/testify to v1.9.0

vendor/github.com/containers/buildah/changelog.txt

@@ -1,3 +1,61 @@
+- Changelog for v1.36.0 (2024-05-23)
+  * build: be more selective about specifying the default OS
+  * Bump to c/common v0.59.0
+  * Fix buildah prune --help showing the same example twice
+  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0
+  * fix(deps): update module github.com/containers/image/v5 to v5.31.0
+  * bud tests: fix breakage when vendoring into podman
+  * Integration tests: fake up a replacement for nixery.dev/shell
+  * copierWithSubprocess(): try to capture stderr on io.ErrClosedPipe
+  * Don't expand RUN heredocs ourselves, let the shell do it
+  * Don't leak temp files on failures
+  * Add release note template to split dependency chores
+  * fix CentOS/RHEL build - no BATS there
+  * fix(deps): update module github.com/containers/luksy to v0.0.0-20240506205542-84b50f50f3ee
+  * Address CVE-2024-3727
+  * chore(deps): update module github.com/opencontainers/runtime-spec to v1.2.0
+  * Builder.cdiSetupDevicesInSpecdefConfig(): use configured CDI dirs
+  * Setting --arch should set the TARGETARCH build arg
+  * fix(deps): update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f
+  * [CI:DOCS] Add link to Buildah image page to README.md
+  * Don't set GOTOOLCHAIN=local
+  * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.5
+  * Makefile: set GOTOOLCHAIN=local
+  * Integration tests: switch some base images
+  * containerImageRef.NewImageSource: merge the tar filters
+  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.2
+  * fix(deps): update module github.com/containers/luksy to v0.0.0-20240408185936-afd8e7619947
+  * Disable packit builds for centos-stream+epel-next-8
+  * Makefile: add missing files to $(SOURCES)
+  * CI VMs: bump to new versions with tmpfs /tmp
+  * chore(deps): update module golang.org/x/net to v0.23.0 [security]
+  * integration test: handle new labels in "bud and test --unsetlabel"
+  * Switch packit configuration to use epel-9-$arch ...
+  * Give unit tests a bit more time
+  * Integration tests: remove a couple of duplicated tests
+  * Integration tests: whitespace tweaks
+  * Integration tests: don't remove images at start or end of test
+  * Integration tests: use cached images more
+  * Integration tests _prefetch: use registry configs
+  * internal: use fileutils.(Le|E)xists
+  * pkg/parse: use fileutils.(Le|E)xists
+  * buildah: use fileutils.(Le|E)xists
+  * chroot: use fileutils.(Le|E)xists
+  * vendor: update containers/(common|storage)
+  * Fix issue/pr lock workflow
+  * [CI:DOCS] Add golang 1.21 update warning
+  * heredoc: honor inline COPY irrespective of ignorefiles
+  * Update install.md
+  * source-push: add support for --digestfile
+  * Fix caching when mounting a cached stage with COPY/ADD
+  * fix(deps): update github.com/containers/luksy digest to 3d2cf0e
+  * Makefile: softcode `strip`, use it from env var
+  * Man page updates
+  * Add support for passing CDI specs to --device
+  * Update comments on some API objects
+  * pkg/parse.DeviceFromPath(): dereference src symlinks
+  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
+
 - Changelog for v1.35.0 (2024-03-06)
   * fix(deps): update module github.com/stretchr/testify to v1.9.0
   * cgroups: reuse version check from c/common

vendor/github.com/containers/buildah/copier/copier.go

@@ -18,6 +18,7 @@ import (
 	"sync"
 	"syscall"
 	"time"
+	"unicode"
 
 	"github.com/containers/image/v5/pkg/compression"
 	"github.com/containers/storage/pkg/archive"
@@ -633,6 +634,15 @@ func copierWithSubprocess(bulkReader io.Reader, bulkWriter io.Writer, req reques
 		if err2 := cmd.Process.Kill(); err2 != nil {
 			return nil, fmt.Errorf("killing subprocess: %v; %s: %w", err2, step, err)
 		}
+		if errors.Is(err, io.ErrClosedPipe) || errors.Is(err, syscall.EPIPE) {
+			err2 := cmd.Wait()
+			if errorText := strings.TrimFunc(errorBuffer.String(), unicode.IsSpace); errorText != "" {
+				err = fmt.Errorf("%s: %w", errorText, err)
+			}
+			if err2 != nil {
+				return nil, fmt.Errorf("waiting on subprocess: %v; %s: %w", err2, step, err)
+			}
+		}
 		return nil, fmt.Errorf("%v: %w", step, err)
 	}
 	if err = encoder.Encode(req); err != nil {

vendor/github.com/containers/buildah/define/types.go

@@ -29,7 +29,7 @@ const (
 	// identify working containers.
 	Package = "buildah"
 	// Version for the Package. Also used by .packit.sh for Packit builds.
-	Version = "1.36.0-dev"
+	Version = "1.36.0"
 
 	// DefaultRuntime if containers.conf fails.
 	DefaultRuntime = "runc"

vendor/github.com/containers/buildah/docker/types.go

@@ -60,9 +60,10 @@ type HealthConfig struct {
 	Test []string `json:",omitempty"`
 
 	// Zero means to inherit. Durations are expressed as integer nanoseconds.
-	Interval    time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
-	Timeout     time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
-	StartPeriod time.Duration `json:",omitempty"` // Time to wait after the container starts before running the first check.
+	Interval      time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
+	Timeout       time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
+	StartPeriod   time.Duration `json:",omitempty"` // Time to wait after the container starts before running the first check.
+	StartInterval time.Duration `json:",omitempty"` // Time to wait between checks during the StartPeriod.
 
 	// Retries is the number of consecutive failures needed to consider a container as unhealthy.
 	// Zero means inherit.

vendor/github.com/containers/buildah/image.go

@@ -952,7 +952,7 @@ func (i *containerImageSource) GetBlob(ctx context.Context, blob types.BlobInfo,
 // makeExtraImageContentDiff creates an archive file containing the contents of
 // files named in i.extraImageContent.  The footer that marks the end of the
 // archive may be omitted.
-func (i *containerImageRef) makeExtraImageContentDiff(includeFooter bool) (string, digest.Digest, int64, error) {
+func (i *containerImageRef) makeExtraImageContentDiff(includeFooter bool) (_ string, _ digest.Digest, _ int64, retErr error) {
 	cdir, err := i.store.ContainerDirectory(i.containerID)
 	if err != nil {
 		return "", "", -1, err
@@ -962,6 +962,11 @@ func (i *containerImageRef) makeExtraImageContentDiff(includeFooter bool) (strin
 		return "", "", -1, err
 	}
 	defer diff.Close()
+	defer func() {
+		if retErr != nil {
+			os.Remove(diff.Name())
+		}
+	}()
 	digester := digest.Canonical.Digester()
 	counter := ioutils.NewWriteCounter(digester.Hash())
 	tw := tar.NewWriter(io.MultiWriter(diff, counter))
@@ -1001,10 +1006,10 @@ func (i *containerImageRef) makeExtraImageContentDiff(includeFooter bool) (strin
 		}
 	}
 	if !includeFooter {
-		return diff.Name(), "", -1, err
+		return diff.Name(), "", -1, nil
 	}
 	tw.Close()
-	return diff.Name(), digester.Digest(), counter.Count, err
+	return diff.Name(), digester.Digest(), counter.Count, nil
 }
 
 // makeContainerImageRef creates a containers/image/v5/types.ImageReference

vendor/github.com/containers/buildah/imagebuildah/build.go

@@ -11,6 +11,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"runtime"
 	"strconv"
 	"strings"
 	"sync"
@@ -221,6 +222,9 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
 	systemContext := options.SystemContext
 	for _, platform := range options.Platforms {
 		platformContext := *systemContext
+		if platform.OS == "" && platform.Arch != "" {
+			platform.OS = runtime.GOOS
+		}
 		platformSpec := internalUtil.NormalizePlatform(v1.Platform{
 			OS:           platform.OS,
 			Architecture: platform.Arch,

vendor/github.com/containers/buildah/run_common.go

@@ -1659,7 +1659,7 @@ func (b *Builder) getTmpfsMount(tokens []string, idMaps IDMaps) (*specs.Mount, e
 	return &volumes[0], nil
 }
 
-func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secret, idMaps IDMaps, workdir string) (*specs.Mount, string, error) {
+func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secret, idMaps IDMaps, workdir string) (_ *specs.Mount, _ string, retErr error) {
 	errInvalidSyntax := errors.New("secret should have syntax id=id[,target=path,required=bool,mode=uint,uid=uint,gid=uint")
 	if len(tokens) == 0 {
 		return nil, "", errInvalidSyntax
@@ -1739,6 +1739,11 @@ func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secr
 		if err != nil {
 			return nil, "", err
 		}
+		defer func() {
+			if retErr != nil {
+				os.Remove(tmpFile.Name())
+			}
+		}()
 		envFile = tmpFile.Name()
 		ctrFileOnHost = tmpFile.Name()
 	case "file":

vendor/github.com/containers/common/version/version.go

@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.60.0-dev"
+const Version = "0.59.0"

vendor/github.com/fsouza/go-dockerclient/container.go

@@ -389,9 +389,10 @@ type HealthConfig struct {
 	Test []string `json:"Test,omitempty" yaml:"Test,omitempty" toml:"Test,omitempty"`
 
 	// Zero means to inherit. Durations are expressed as integer nanoseconds.
-	Interval    time.Duration `json:"Interval,omitempty" yaml:"Interval,omitempty" toml:"Interval,omitempty"`          // Interval is the time to wait between checks.
-	Timeout     time.Duration `json:"Timeout,omitempty" yaml:"Timeout,omitempty" toml:"Timeout,omitempty"`             // Timeout is the time to wait before considering the check to have hung.
-	StartPeriod time.Duration `json:"StartPeriod,omitempty" yaml:"StartPeriod,omitempty" toml:"StartPeriod,omitempty"` // The start period for the container to initialize before the retries starts to count down.
+	Interval      time.Duration `json:"Interval,omitempty" yaml:"Interval,omitempty" toml:"Interval,omitempty"`                // Interval is the time to wait between checks.
+	Timeout       time.Duration `json:"Timeout,omitempty" yaml:"Timeout,omitempty" toml:"Timeout,omitempty"`                   // Timeout is the time to wait before considering the check to have hung.
+	StartPeriod   time.Duration `json:"StartPeriod,omitempty" yaml:"StartPeriod,omitempty" toml:"StartPeriod,omitempty"`       // The start period for the container to initialize before the retries starts to count down.
+	StartInterval time.Duration `json:"StartInterval,omitempty" yaml:"StartInterval,omitempty" toml:"StartInterval,omitempty"` // The start interval is the time to wait between checks during the start period.
 
 	// Retries is the number of consecutive failures needed to consider a container as unhealthy.
 	// Zero means inherit.
@@ -555,6 +556,7 @@ type HostConfig struct {
 	PublishAllPorts      bool                   `json:"PublishAllPorts,omitempty" yaml:"PublishAllPorts,omitempty" toml:"PublishAllPorts,omitempty"`
 	ReadonlyRootfs       bool                   `json:"ReadonlyRootfs,omitempty" yaml:"ReadonlyRootfs,omitempty" toml:"ReadonlyRootfs,omitempty"`
 	AutoRemove           bool                   `json:"AutoRemove,omitempty" yaml:"AutoRemove,omitempty" toml:"AutoRemove,omitempty"`
+	Annotations          map[string]string      `json:"Annotations,omitempty" yaml:"Annotations,omitempty" toml:"Annotations,omitempty"`
 }
 
 // NetworkingConfig represents the container's networking configuration for each of its interfaces

vendor/github.com/openshift/imagebuilder/.travis.yml

@@ -9,7 +9,11 @@ go:
   - "1.20"
 
 before_install:
+  - sudo systemctl stop docker.service && sudo systemctl stop docker.socket
+  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  - yes | sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
   - sudo apt-get update -q -y
+  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
   - docker pull busybox
   - docker pull centos:7
   - chmod -R go-w ./dockerclient/testdata

vendor/github.com/openshift/imagebuilder/dispatchers.go

@@ -23,6 +23,7 @@ import (
 	"github.com/openshift/imagebuilder/signal"
 	"github.com/openshift/imagebuilder/strslice"
 
+	buildkitcommand "github.com/moby/buildkit/frontend/dockerfile/command"
 	buildkitparser "github.com/moby/buildkit/frontend/dockerfile/parser"
 	buildkitshell "github.com/moby/buildkit/frontend/dockerfile/shell"
 )
@@ -130,7 +131,7 @@ func label(b *Builder, args []string, attributes map[string]bool, flagArgs []str
 	return nil
 }
 
-func processHereDocs(originalInstruction string, heredocs []buildkitparser.Heredoc, args []string) ([]File, error) {
+func processHereDocs(instruction, originalInstruction string, heredocs []buildkitparser.Heredoc, args []string) ([]File, error) {
 	var files []File
 	for _, heredoc := range heredocs {
 		var err error
@@ -138,7 +139,7 @@ func processHereDocs(originalInstruction string, heredocs []buildkitparser.Hered
 		if heredoc.Chomp {
 			content = buildkitparser.ChompHeredocContent(content)
 		}
-		if heredoc.Expand {
+		if heredoc.Expand && !strings.EqualFold(instruction, buildkitcommand.Run) {
 			shlex := buildkitshell.NewLex('\\')
 			shlex.RawQuotes = true
 			shlex.RawEscapes = true
@@ -202,7 +203,7 @@ func add(b *Builder, args []string, attributes map[string]bool, flagArgs []strin
 			return fmt.Errorf("ADD only supports the --chmod=<permissions>, --chown=<uid:gid>, and --checksum=<checksum> flags")
 		}
 	}
-	files, err := processHereDocs(original, heredocs, userArgs)
+	files, err := processHereDocs(buildkitcommand.Add, original, heredocs, userArgs)
 	if err != nil {
 		return err
 	}
@@ -256,7 +257,7 @@ func dispatchCopy(b *Builder, args []string, attributes map[string]bool, flagArg
 			return fmt.Errorf("COPY only supports the --chmod=<permissions> --chown=<uid:gid> and the --from=<image|stage> flags")
 		}
 	}
-	files, err := processHereDocs(original, heredocs, userArgs)
+	files, err := processHereDocs(buildkitcommand.Copy, original, heredocs, userArgs)
 	if err != nil {
 		return err
 	}
@@ -422,7 +423,7 @@ func run(b *Builder, args []string, attributes map[string]bool, flagArgs []strin
 		}
 	}
 
-	files, err := processHereDocs(original, heredocs, userArgs)
+	files, err := processHereDocs(buildkitcommand.Run, original, heredocs, userArgs)
 	if err != nil {
 		return err
 	}
@@ -606,6 +607,7 @@ func healthcheck(b *Builder, args []string, attributes map[string]bool, flagArgs
 
 		flags := flag.NewFlagSet("", flag.ContinueOnError)
 		flags.String("start-period", "", "")
+		flags.String("start-interval", "", "")
 		flags.String("interval", "", "")
 		flags.String("timeout", "", "")
 		flRetries := flags.String("retries", "", "")
@@ -642,6 +644,12 @@ func healthcheck(b *Builder, args []string, attributes map[string]bool, flagArgs
 		}
 		healthcheck.Interval = interval
 
+		startInterval, err := parseOptInterval(flags.Lookup("start-interval"))
+		if err != nil {
+			return err
+		}
+		healthcheck.StartInterval = startInterval
+
 		timeout, err := parseOptInterval(flags.Lookup("timeout"))
 		if err != nil {
 			return err

vendor/github.com/openshift/imagebuilder/imagebuilder.spec

@@ -12,7 +12,7 @@
 #
 
 %global golang_version 1.19
-%{!?version: %global version 1.2.7}
+%{!?version: %global version 1.2.9}
 %{!?release: %global release 1}
 %global package_name imagebuilder
 %global product_name Container Image Builder

vendor/modules.txt

@@ -141,7 +141,7 @@ github.com/containernetworking/cni/pkg/version
 # github.com/containernetworking/plugins v1.5.0
 ## explicit; go 1.20
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/buildah v1.35.1-0.20240510150258-77f239ae12e5
+# github.com/containers/buildah v1.36.0
 ## explicit; go 1.21
 github.com/containers/buildah
 github.com/containers/buildah/bind
@@ -171,7 +171,7 @@ github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/pkg/volumes
 github.com/containers/buildah/util
-# github.com/containers/common v0.58.1-0.20240523020001-79d954c77663
+# github.com/containers/common v0.59.0
 ## explicit; go 1.21
 github.com/containers/common/internal
 github.com/containers/common/internal/attributedstring
@@ -325,7 +325,7 @@ github.com/containers/libhvee/pkg/wmiext
 # github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01
 ## explicit
 github.com/containers/libtrust
-# github.com/containers/luksy v0.0.0-20240408185936-afd8e7619947
+# github.com/containers/luksy v0.0.0-20240506205542-84b50f50f3ee
 ## explicit; go 1.20
 github.com/containers/luksy
 # github.com/containers/ocicrypt v1.1.10
@@ -529,8 +529,8 @@ github.com/felixge/httpsnoop
 # github.com/fsnotify/fsnotify v1.7.0
 ## explicit; go 1.17
 github.com/fsnotify/fsnotify
-# github.com/fsouza/go-dockerclient v1.10.1
-## explicit; go 1.20
+# github.com/fsouza/go-dockerclient v1.11.0
+## explicit; go 1.21
 github.com/fsouza/go-dockerclient
 # github.com/gabriel-vasile/mimetype v1.4.3
 ## explicit; go 1.20
@@ -911,7 +911,7 @@ github.com/opencontainers/selinux/go-selinux
 github.com/opencontainers/selinux/go-selinux/label
 github.com/opencontainers/selinux/pkg/pwalk
 github.com/opencontainers/selinux/pkg/pwalkdir
-# github.com/openshift/imagebuilder v1.2.7
+# github.com/openshift/imagebuilder v1.2.9
 ## explicit; go 1.19
 github.com/openshift/imagebuilder
 github.com/openshift/imagebuilder/dockerfile/command