diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2020-10-07 16:58:53 +0200 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2020-11-13 15:40:06 +0100 |
commit | 8e4a42aa429c6dec0d5face7c69554d8a0677e96 (patch) | |
tree | bbfff77e7b32a8b46af6f57d42965a7751bec18e /vendor/github.com/containers/buildah | |
parent | 0b1a60ec27928a40ac827148c1517098612616bd (diff) |
short-name aliasing
Add support for short-name aliasing.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/github.com/containers/buildah')
23 files changed, 376 insertions, 301 deletions
diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile index 7b2cfcf81..e70dd161d 100644 --- a/vendor/github.com/containers/buildah/Makefile +++ b/vendor/github.com/containers/buildah/Makefile @@ -34,7 +34,7 @@ RUNC_COMMIT := v1.0.0-rc8 LIBSECCOMP_COMMIT := release-2.3 EXTRA_LDFLAGS ?= -LDFLAGS := -ldflags '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT) $(EXTRA_LDFLAGS)' +BUILDAH_LDFLAGS := -ldflags '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT) $(EXTRA_LDFLAGS)' SOURCES=*.go imagebuildah/*.go bind/*.go chroot/*.go cmd/buildah/*.go copier/*.go docker/*.go pkg/blobcache/*.go pkg/cli/*.go pkg/parse/*.go util/*.go LINTFLAGS ?= @@ -56,7 +56,7 @@ static: .PHONY: bin/buildah bin/buildah: $(SOURCES) - $(GO_BUILD) $(LDFLAGS) -o $@ $(BUILDFLAGS) ./cmd/buildah + $(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ $(BUILDFLAGS) ./cmd/buildah .PHONY: buildah buildah: bin/buildah @@ -67,11 +67,11 @@ cross: bin/buildah.darwin.amd64 bin/buildah.linux.386 bin/buildah.linux.amd64 bi .PHONY: bin/buildah.% bin/buildah.%: mkdir -p ./bin - GOOS=$(word 2,$(subst ., ,$@)) GOARCH=$(word 3,$(subst ., ,$@)) $(GO_BUILD) $(LDFLAGS) -o $@ -tags "containers_image_openpgp" ./cmd/buildah + GOOS=$(word 2,$(subst ., ,$@)) GOARCH=$(word 3,$(subst ., ,$@)) $(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ -tags "containers_image_openpgp" ./cmd/buildah .PHONY: bin/imgtype bin/imgtype: *.go docker/*.go util/*.go tests/imgtype/imgtype.go - $(GO_BUILD) $(LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/imgtype/imgtype.go + $(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/imgtype/imgtype.go .PHONY: clean clean: diff --git a/vendor/github.com/containers/buildah/add.go b/vendor/github.com/containers/buildah/add.go index 80ee0d912..6cfd6a09f 100644 --- a/vendor/github.com/containers/buildah/add.go +++ b/vendor/github.com/containers/buildah/add.go @@ -71,7 +71,7 @@ func sourceIsRemote(source string) bool { } // getURL writes a tar archive containing the named content -func getURL(src, mountpoint, renameTarget string, writer io.Writer) error { +func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string, writer io.Writer) error { url, err := url.Parse(src) if err != nil { return err @@ -122,10 +122,18 @@ func getURL(src, mountpoint, renameTarget string, writer io.Writer) error { // Write the output archive. Set permissions for compatibility. tw := tar.NewWriter(writer) defer tw.Close() + uid := 0 + gid := 0 + if chown != nil { + uid = chown.UID + gid = chown.GID + } hdr := tar.Header{ Typeflag: tar.TypeReg, Name: name, Size: size, + Uid: uid, + Gid: gid, Mode: 0600, ModTime: date, } @@ -323,7 +331,7 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption pipeReader, pipeWriter := io.Pipe() wg.Add(1) go func() { - getErr = getURL(src, mountPoint, renameTarget, pipeWriter) + getErr = getURL(src, chownFiles, mountPoint, renameTarget, pipeWriter) pipeWriter.Close() wg.Done() }() @@ -341,9 +349,9 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption putOptions := copier.PutOptions{ UIDMap: destUIDMap, GIDMap: destGIDMap, - ChownDirs: chownDirs, + ChownDirs: nil, ChmodDirs: nil, - ChownFiles: chownFiles, + ChownFiles: nil, ChmodFiles: nil, } putErr = copier.Put(mountPoint, extractDirectory, putOptions, io.TeeReader(pipeReader, hasher)) diff --git a/vendor/github.com/containers/buildah/btrfs_installed_tag.sh b/vendor/github.com/containers/buildah/btrfs_installed_tag.sh index c4d99f377..f2f2b33c8 100644 --- a/vendor/github.com/containers/buildah/btrfs_installed_tag.sh +++ b/vendor/github.com/containers/buildah/btrfs_installed_tag.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -cc -E - > /dev/null 2> /dev/null << EOF +${CPP:-${CC:-cc} -E} ${CPPFLAGS} - > /dev/null 2> /dev/null << EOF #include <btrfs/ioctl.h> EOF if test $? -ne 0 ; then diff --git a/vendor/github.com/containers/buildah/btrfs_tag.sh b/vendor/github.com/containers/buildah/btrfs_tag.sh index 59cb969ad..ea753d4d0 100644 --- a/vendor/github.com/containers/buildah/btrfs_tag.sh +++ b/vendor/github.com/containers/buildah/btrfs_tag.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -cc -E - > /dev/null 2> /dev/null << EOF +${CPP:-${CC:-cc} -E} ${CPPFLAGS} - > /dev/null 2> /dev/null << EOF #include <btrfs/version.h> EOF if test $? -ne 0 ; then diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go index 86695508c..96e8619a8 100644 --- a/vendor/github.com/containers/buildah/buildah.go +++ b/vendor/github.com/containers/buildah/buildah.go @@ -28,7 +28,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.17.0" + Version = "1.18.0-dev" // The value we use to identify what type of information, currently a // serialized Builder structure, we are using as per-container state. // This should only be changed when we make incompatible changes to diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go index 9ebc8e2a3..84b636202 100644 --- a/vendor/github.com/containers/buildah/copier/copier.go +++ b/vendor/github.com/containers/buildah/copier/copier.go @@ -7,7 +7,9 @@ import ( "fmt" "io" "io/ioutil" + "net" "os" + "os/user" "path/filepath" "strconv" "strings" @@ -35,6 +37,14 @@ const ( func init() { reexec.Register(copierCommand, copierMain) + // Attempt a user and host lookup to force libc (glibc, and possibly others that use dynamic + // modules to handle looking up user and host information) to load modules that match the libc + // our binary is currently using. Hopefully they're loaded on first use, so that they won't + // need to be loaded after we've chrooted into the rootfs, which could include modules that + // don't match our libc and which can't be loaded, or modules which we don't want to execute + // because we don't trust their code. + _, _ = user.Lookup("buildah") + _, _ = net.LookupHost("localhost") } // isArchivePath returns true if the specified path can be read like a (possibly diff --git a/vendor/github.com/containers/buildah/copier/xattrs.go b/vendor/github.com/containers/buildah/copier/xattrs.go index 71769989c..c757adcc8 100644 --- a/vendor/github.com/containers/buildah/copier/xattrs.go +++ b/vendor/github.com/containers/buildah/copier/xattrs.go @@ -45,6 +45,11 @@ func Lgetxattrs(path string) (map[string]string, error) { listSize *= 2 continue } + if (unwrapError(err) == syscall.ENOTSUP) || (unwrapError(err) == syscall.ENOSYS) { + // treat these errors listing xattrs as equivalent to "no xattrs" + list = list[:0] + break + } return nil, errors.Wrapf(err, "error listing extended attributes of %q", path) } list = list[:size] diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod index 6fe683f4b..2bc71f948 100644 --- a/vendor/github.com/containers/buildah/go.mod +++ b/vendor/github.com/containers/buildah/go.mod @@ -5,10 +5,10 @@ go 1.12 require ( github.com/containerd/containerd v1.4.1 // indirect github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 - github.com/containers/common v0.26.2 - github.com/containers/image/v5 v5.7.0 + github.com/containers/common v0.26.3 + github.com/containers/image/v5 v5.8.0 github.com/containers/ocicrypt v1.0.3 - github.com/containers/storage v1.23.7 + github.com/containers/storage v1.23.9 github.com/docker/distribution v2.7.1+incompatible github.com/docker/docker v17.12.0-ce-rc1.0.20201020191947-73dc6a680cdd+incompatible // indirect github.com/docker/go-units v0.4.0 @@ -17,6 +17,7 @@ require ( github.com/ghodss/yaml v1.0.0 github.com/hashicorp/go-multierror v1.1.0 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 // indirect + github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect github.com/mattn/go-shellwords v1.0.10 github.com/moby/sys/mount v0.1.1 // indirect github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2 // indirect diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum index 65268af4e..1952ace1a 100644 --- a/vendor/github.com/containers/buildah/go.sum +++ b/vendor/github.com/containers/buildah/go.sum @@ -45,6 +45,12 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/checkpoint-restore/go-criu/v4 v4.0.2/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= +github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cilium/ebpf v0.0.0-20200507155900-a9f01edf17e3/go.mod h1:XT+cAw5wfvsodedcijoh1l9cf7v1x9FlFB/3VmF/O8s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -65,17 +71,20 @@ github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDG github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 h1:rqUVLD8I859xRgUx/WMC3v7QAFqbLKZbs+0kqYboRJc= github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containers/common v0.26.2 h1:TysMCBpzq3gDFD9GzM0TKTGjtq/9HySWevKtlrvVGRU= -github.com/containers/common v0.26.2/go.mod h1:igUeog5hx8rYhJk67rG6rGAh3zEcf0Uxuzm9KpXzo2E= +github.com/containers/common v0.26.3 h1:5Kb5fMmJ7/xMiJ+iEbPA+5pQpl/FGxCgJex4nml4Slo= +github.com/containers/common v0.26.3/go.mod h1:hJWZIlrl5MsE2ELNRa+MPp6I1kPbXHauuj0Ym4BsLG4= github.com/containers/image/v5 v5.7.0 h1:fiTC8/Xbr+zEP6njGTZtPW/3UD7MC93nC9DbUoWdxkA= github.com/containers/image/v5 v5.7.0/go.mod h1:8aOy+YaItukxghRORkvhq5ibWttHErzDLy6egrKfKos= +github.com/containers/image/v5 v5.8.0 h1:B3FGHi0bdGXgg698kBIGOlHCXN5n+scJr6/5354GOPU= +github.com/containers/image/v5 v5.8.0/go.mod h1:jKxdRtyIDumVa56hdsZvV+gwx4zB50hRou6pIuCWLkg= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.3 h1:vYgl+RZ9Q3DPMuTfxmN+qp0X2Bj52uuY2vnt6GzVe1c= github.com/containers/ocicrypt v1.0.3/go.mod h1:CUBa+8MRNL/VkpxYIpaMtgn1WgXGyvPQj8jcy0EVG6g= github.com/containers/storage v1.23.6/go.mod h1:haFs0HRowKwyzvWEx9EgI3WsL8XCSnBDb5f8P5CAxJY= -github.com/containers/storage v1.23.7 h1:43ImvG/npvQSZXRjaudVvKISIuZSfI6qvtSNQQSGO/A= github.com/containers/storage v1.23.7/go.mod h1:cUT2zHjtx+WlVri30obWmM2gpqpi8jfPsmIzP1TVpEI= +github.com/containers/storage v1.23.9 h1:qbgnTp76pLSyW3vYwY5GH4vk5cHYVXFJ+CsUEBp9TMw= +github.com/containers/storage v1.23.9/go.mod h1:3b2ktpB6pw53SEeIoFfO0sQfP9+IoJJKPq5iJk74gxE= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -214,25 +223,37 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU= +github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.11.1 h1:bPb7nMRdOZYDrpPMTA3EInUQrdgoBinqUuSwlGdKDdE= github.com/klauspost/compress v1.11.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.11.2 h1:MiK62aErc3gIiVEtyzKfeOHgW7atJb5g/KNX5m3c2nQ= +github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= +github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a h1:weJVJJRzAJBFRlAiJQROKQs8oC9vOxvm4rZmBBk0ONw= +github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/manifoldco/promptui v0.8.0 h1:R95mMF+McvXZQ7j1g8ucVZE1gLP3Sv6j9vlF9kyRqQo= +github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= +github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs= +github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw= @@ -479,6 +500,7 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index 76dfeaf54..a97a403b3 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -216,20 +216,19 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt } data = resp.Body } else { - // If the Dockerfile isn't found try prepending the - // context directory to it. dinfo, err := os.Stat(dfile) - if os.IsNotExist(err) { - // If they are "/workDir/Dockerfile" and "/workDir" - // so don't joint it + if err != nil { + // If the Dockerfile isn't available, try again with + // context directory prepended (if not prepended yet). if !strings.HasPrefix(dfile, options.ContextDirectory) { dfile = filepath.Join(options.ContextDirectory, dfile) + dinfo, err = os.Stat(dfile) } - dinfo, err = os.Stat(dfile) - if err != nil { - return "", nil, err - } } + if err != nil { + return "", nil, err + } + // If given a directory, add '/Dockerfile' to it. if dinfo.Mode().IsDir() { dfile = filepath.Join(dfile, "Dockerfile") diff --git a/vendor/github.com/containers/buildah/imagebuildah/executor.go b/vendor/github.com/containers/buildah/imagebuildah/executor.go index 77c224ad8..8c96b4e67 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go @@ -17,6 +17,7 @@ import ( "github.com/containers/buildah/util" "github.com/containers/common/pkg/config" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/manifest" is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" @@ -111,6 +112,15 @@ type Executor struct { stagesSemaphore *semaphore.Weighted jobs int logRusage bool + imageInfoLock sync.Mutex + imageInfoCache map[string]imageTypeAndHistoryAndDiffIDs +} + +type imageTypeAndHistoryAndDiffIDs struct { + manifestType string + history []v1.History + diffIDs []digest.Digest + err error } // NewExecutor creates a new instance of the imagebuilder.Executor interface. @@ -215,6 +225,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod terminatedStage: make(map[string]struct{}), jobs: jobs, logRusage: options.LogRusage, + imageInfoCache: make(map[string]imageTypeAndHistoryAndDiffIDs), } if exec.err == nil { exec.err = os.Stderr @@ -335,22 +346,43 @@ func (b *Executor) waitForStage(ctx context.Context, name string, stages imagebu } } -// getImageHistoryAndDiffIDs returns the history and diff IDs list of imageID. -func (b *Executor) getImageHistoryAndDiffIDs(ctx context.Context, imageID string) ([]v1.History, []digest.Digest, error) { +// getImageTypeAndHistoryAndDiffIDs returns the manifest type, history, and diff IDs list of imageID. +func (b *Executor) getImageTypeAndHistoryAndDiffIDs(ctx context.Context, imageID string) (string, []v1.History, []digest.Digest, error) { + b.imageInfoLock.Lock() + imageInfo, ok := b.imageInfoCache[imageID] + b.imageInfoLock.Unlock() + if ok { + return imageInfo.manifestType, imageInfo.history, imageInfo.diffIDs, imageInfo.err + } imageRef, err := is.Transport.ParseStoreReference(b.store, "@"+imageID) if err != nil { - return nil, nil, errors.Wrapf(err, "error getting image reference %q", imageID) + return "", nil, nil, errors.Wrapf(err, "error getting image reference %q", imageID) } ref, err := imageRef.NewImage(ctx, nil) if err != nil { - return nil, nil, errors.Wrapf(err, "error creating new image from reference to image %q", imageID) + return "", nil, nil, errors.Wrapf(err, "error creating new image from reference to image %q", imageID) } defer ref.Close() oci, err := ref.OCIConfig(ctx) if err != nil { - return nil, nil, errors.Wrapf(err, "error getting possibly-converted OCI config of image %q", imageID) + return "", nil, nil, errors.Wrapf(err, "error getting possibly-converted OCI config of image %q", imageID) + } + manifestBytes, manifestFormat, err := ref.Manifest(ctx) + if err != nil { + return "", nil, nil, errors.Wrapf(err, "error getting manifest of image %q", imageID) + } + if manifestFormat == "" && len(manifestBytes) > 0 { + manifestFormat = manifest.GuessMIMEType(manifestBytes) + } + b.imageInfoLock.Lock() + b.imageInfoCache[imageID] = imageTypeAndHistoryAndDiffIDs{ + manifestType: manifestFormat, + history: oci.History, + diffIDs: oci.RootFS.DiffIDs, + err: nil, } - return oci.History, oci.RootFS.DiffIDs, nil + b.imageInfoLock.Unlock() + return manifestFormat, oci.History, oci.RootFS.DiffIDs, nil } func (b *Executor) buildStage(ctx context.Context, cleanupStages map[int]*StageExecutor, stages imagebuilder.Stages, stageIndex int) (imageID string, ref reference.Canonical, err error) { diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go index e157bb1c8..6c058e226 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go @@ -1110,7 +1110,7 @@ func (s *StageExecutor) intermediateImageExists(ctx context.Context, currNode *p var baseHistory []v1.History var baseDiffIDs []digest.Digest if s.builder.FromImageID != "" { - baseHistory, baseDiffIDs, err = s.executor.getImageHistoryAndDiffIDs(ctx, s.builder.FromImageID) + _, baseHistory, baseDiffIDs, err = s.executor.getImageTypeAndHistoryAndDiffIDs(ctx, s.builder.FromImageID) if err != nil { return "", errors.Wrapf(err, "error getting history of base image %q", s.builder.FromImageID) } @@ -1142,10 +1142,15 @@ func (s *StageExecutor) intermediateImageExists(ctx context.Context, currNode *p } // Next we double check that the history of this image is equivalent to the previous // lines in the Dockerfile up till the point we are at in the build. - history, diffIDs, err := s.executor.getImageHistoryAndDiffIDs(ctx, image.ID) + manifestType, history, diffIDs, err := s.executor.getImageTypeAndHistoryAndDiffIDs(ctx, image.ID) if err != nil { return "", errors.Wrapf(err, "error getting history of %q", image.ID) } + // If this candidate isn't of the type that we're building, then it may have lost + // some format-specific information that a building-without-cache run wouldn't lose. + if manifestType != s.executor.outputFormat { + continue + } // children + currNode is the point of the Dockerfile we are currently at. if s.historyAndDiffIDsMatch(baseHistory, baseDiffIDs, currNode, history, diffIDs, addedContentDigest, buildAddsLayer) { return image.ID, nil @@ -1276,5 +1281,5 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer } func (s *StageExecutor) EnsureContainerPath(path string) error { - return copier.Mkdir(s.mountPoint, path, copier.MkdirOptions{}) + return copier.Mkdir(s.mountPoint, filepath.Join(s.mountPoint, path), copier.MkdirOptions{}) } diff --git a/vendor/github.com/containers/buildah/libdm_tag.sh b/vendor/github.com/containers/buildah/libdm_tag.sh index d3668aab1..815b5d914 100644 --- a/vendor/github.com/containers/buildah/libdm_tag.sh +++ b/vendor/github.com/containers/buildah/libdm_tag.sh @@ -2,7 +2,7 @@ tmpdir="$PWD/tmp.$RANDOM" mkdir -p "$tmpdir" trap 'rm -fr "$tmpdir"' EXIT -cc -o "$tmpdir"/libdm_tag -ldevmapper -x c - > /dev/null 2> /dev/null << EOF +${CC:-cc} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} -o "$tmpdir"/libdm_tag -x c - -ldevmapper > /dev/null 2> /dev/null << EOF #include <libdevmapper.h> int main() { struct dm_task *task; diff --git a/vendor/github.com/containers/buildah/new.go b/vendor/github.com/containers/buildah/new.go index 4f4b1564b..c1abb1cdb 100644 --- a/vendor/github.com/containers/buildah/new.go +++ b/vendor/github.com/containers/buildah/new.go @@ -4,13 +4,14 @@ import ( "context" "fmt" "math/rand" + "os" "strings" - "time" "github.com/containers/buildah/util" + "github.com/containers/image/v5/docker" "github.com/containers/image/v5/image" "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/sysregistriesv2" + "github.com/containers/image/v5/pkg/shortnames" is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" @@ -103,145 +104,168 @@ func newContainerIDMappingOptions(idmapOptions *IDMappingOptions) storage.IDMapp return options } -func resolveImage(ctx context.Context, systemContext *types.SystemContext, store storage.Store, options BuilderOptions) (types.ImageReference, string, *storage.Image, error) { - type failure struct { - resolvedImageName string - err error - } - candidates, transport, searchRegistriesWereUsedButEmpty, err := util.ResolveName(options.FromImage, options.Registry, systemContext, store) +func resolveLocalImage(systemContext *types.SystemContext, store storage.Store, options BuilderOptions) (types.ImageReference, string, *storage.Image, error) { + candidates, _, _, err := util.ResolveName(options.FromImage, options.Registry, systemContext, store) if err != nil { - return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage) + return nil, "", nil, errors.Wrapf(err, "error resolving local image %q", options.FromImage) } - - failures := []failure{} for _, image := range candidates { - if transport == "" { - img, err := store.Image(image) - if err != nil { - logrus.Debugf("error looking up known-local image %q: %v", image, err) - failures = append(failures, failure{resolvedImageName: image, err: err}) + img, err := store.Image(image) + if err != nil { + if errors.Cause(err) == storage.ErrImageUnknown { continue } - ref, err := is.Transport.ParseStoreReference(store, img.ID) - if err != nil { - return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", img.ID) - } - return ref, transport, img, nil + return nil, "", nil, err } - - trans := transport - if transport != util.DefaultTransport { - trans = trans + ":" - } - srcRef, err := alltransports.ParseImageName(trans + image) + ref, err := is.Transport.ParseStoreReference(store, img.ID) if err != nil { - logrus.Debugf("error parsing image name %q: %v", trans+image, err) - failures = append(failures, failure{ - resolvedImageName: image, - err: errors.Wrapf(err, "error parsing attempted image name %q", trans+image), - }) - continue + return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", img.ID) } + return ref, ref.Transport().Name(), img, nil + } + + return nil, "", nil, nil +} + +// getShortNameMode looks up the `CONTAINERS_SHORT_NAME_ALIASING` environment +// variable. If it's "on", return `nil` to use the defaults from +// containers/image and the registries.conf files on the system. If it's +// "off", empty or unset, return types.ShortNameModeDisabled to turn off +// short-name aliasing by default. +// +// TODO: remove this function once we want to default to short-name aliasing. +func getShortNameMode() *types.ShortNameMode { + env := os.Getenv("CONTAINERS_SHORT_NAME_ALIASING") + if strings.ToLower(env) == "on" { + return nil // default to whatever registries.conf and c/image decide + } + mode := types.ShortNameModeDisabled + return &mode +} - if options.PullPolicy == PullAlways { +func resolveImage(ctx context.Context, systemContext *types.SystemContext, store storage.Store, options BuilderOptions) (types.ImageReference, string, *storage.Image, error) { + if systemContext == nil { + systemContext = &types.SystemContext{} + } + systemContext.ShortNameMode = getShortNameMode() + + fromImage := options.FromImage + // If the image name includes a transport we can use it as it. Special + // treatment for docker references which are subject to pull policies + // that we're handling below. + srcRef, err := alltransports.ParseImageName(options.FromImage) + if err == nil { + if srcRef.Transport().Name() == docker.Transport.Name() { + fromImage = srcRef.DockerReference().String() + } else { pulledImg, pulledReference, err := pullAndFindImage(ctx, store, srcRef, options, systemContext) - if err != nil { - logrus.Debugf("unable to pull and read image %q: %v", image, err) - failures = append(failures, failure{resolvedImageName: image, err: err}) - continue - } - return pulledReference, transport, pulledImg, nil + return pulledReference, srcRef.Transport().Name(), pulledImg, err } + } - destImage, err := localImageNameForReference(ctx, store, srcRef) - if err != nil { - return nil, "", nil, errors.Wrapf(err, "error computing local image name for %q", transports.ImageName(srcRef)) + localImageRef, _, localImage, err := resolveLocalImage(systemContext, store, options) + if err != nil { + return nil, "", nil, err + } + + // If we could resolve the image locally, check if it was referenced by + // ID. In that case, we don't need to bother any further and can + // prevent prompting the user. + if localImage != nil && strings.HasPrefix(localImage.ID, options.FromImage) { + return localImageRef, localImageRef.Transport().Name(), localImage, nil + } + + if options.PullPolicy == PullNever || options.PullPolicy == PullIfMissing { + if localImage != nil { + return localImageRef, localImageRef.Transport().Name(), localImage, nil } - if destImage == "" { - return nil, "", nil, errors.Errorf("error computing local image name for %q", transports.ImageName(srcRef)) + if options.PullPolicy == PullNever { + return nil, "", nil, errors.Errorf("pull policy is %q but %q could not be found locally", "never", options.FromImage) } - ref, err := is.Transport.ParseStoreReference(store, destImage) + } + + resolved, err := shortnames.Resolve(systemContext, fromImage) + if err != nil { + return nil, "", nil, err + } + + // Print the image-resolution description unless we're looking for a + // new image and already found a local image. In many cases, the + // description will be more confusing than helpful (e.g., `buildah from + // localImage`). + if desc := resolved.Description(); len(desc) > 0 { + logrus.Debug(desc) + if !(options.PullPolicy == PullIfNewer && localImage != nil) { + if options.ReportWriter != nil { + if _, err := options.ReportWriter.Write([]byte(desc + "\n")); err != nil { + return nil, "", nil, err + } + } + } + } + + var pullErrors []error + for _, pullCandidate := range resolved.PullCandidates { + ref, err := docker.NewReference(pullCandidate.Value) if err != nil { - return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", destImage) + return nil, "", nil, err } - if options.PullPolicy == PullIfNewer { - img, err := is.Transport.GetStoreImage(store, ref) - if err == nil { - // Let's see if this image is on the repository and if it's there - // then note it's Created date. - var repoImageCreated time.Time - repoImageFound := false - repoImage, err := srcRef.NewImage(ctx, systemContext) - if err == nil { - inspect, err := repoImage.Inspect(ctx) - if err == nil { - repoImageFound = true - repoImageCreated = *inspect.Created - } - repoImage.Close() - } - if !repoImageFound || repoImageCreated == img.Created { - // The image is only local or the same date is on the - // local and repo versions of the image, no need to pull. - return ref, transport, img, nil - } + // We're tasked to pull a "newer" image. If there's no local + // image, we have no base for comparison, so we'll pull the + // first available image. + // + // If there's a local image, the `pullCandidate` is considered + // to be newer if its time stamp differs from the local one. + // Otherwise, we don't pull and skip it. + if options.PullPolicy == PullIfNewer && localImage != nil { + remoteImage, err := ref.NewImage(ctx, systemContext) + if err != nil { + logrus.Debugf("unable to remote-inspect image %q: %v", pullCandidate.Value.String(), err) + pullErrors = append(pullErrors, err) + continue } - } else { - // Get the image from the store if present for PullNever and PullIfMissing - img, err := is.Transport.GetStoreImage(store, ref) - if err == nil { - return ref, transport, img, nil + defer remoteImage.Close() + + remoteData, err := remoteImage.Inspect(ctx) + if err != nil { + logrus.Debugf("unable to remote-inspect image %q: %v", pullCandidate.Value.String(), err) + pullErrors = append(pullErrors, err) + continue } - if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy == PullNever { - logrus.Debugf("no such image %q: %v", transports.ImageName(ref), err) - failures = append(failures, failure{ - resolvedImageName: image, - err: errors.Errorf("no such image %q", transports.ImageName(ref)), - }) + + // FIXME: we should compare image digests not time stamps. + // Comparing time stamps is flawed. Be aware that fixing + // it may entail non-trivial changes to the tests. Please + // refer to https://github.com/containers/buildah/issues/2779 + // for more. + if localImage.Created.Equal(*remoteData.Created) { continue } } - pulledImg, pulledReference, err := pullAndFindImage(ctx, store, srcRef, options, systemContext) + pulledImg, pulledReference, err := pullAndFindImage(ctx, store, ref, options, systemContext) if err != nil { - logrus.Debugf("unable to pull and read image %q: %v", image, err) - failures = append(failures, failure{resolvedImageName: image, err: err}) + logrus.Debugf("unable to pull and read image %q: %v", pullCandidate.Value.String(), err) + pullErrors = append(pullErrors, err) continue } - return pulledReference, transport, pulledImg, nil - } - - if len(failures) != len(candidates) { - return nil, "", nil, errors.Errorf("internal error: %d candidates (%#v) vs. %d failures (%#v)", len(candidates), candidates, len(failures), failures) - } - registriesConfPath := sysregistriesv2.ConfigPath(systemContext) - switch len(failures) { - case 0: - if searchRegistriesWereUsedButEmpty { - return nil, "", nil, errors.Errorf("image name %q is a short name and no search registries are defined in %s.", options.FromImage, registriesConfPath) + // Make sure to record the short-name alias if necessary. + if err = pullCandidate.Record(); err != nil { + return nil, "", nil, err } - return nil, "", nil, errors.Errorf("internal error: no pull candidates were available for %q for an unknown reason", options.FromImage) - case 1: - err := failures[0].err - if failures[0].resolvedImageName != options.FromImage { - err = errors.Wrapf(err, "while pulling %q as %q", options.FromImage, failures[0].resolvedImageName) - } - if searchRegistriesWereUsedButEmpty { - err = errors.Wrapf(err, "(image name %q is a short name and no search registries are defined in %s)", options.FromImage, registriesConfPath) - } - return nil, "", nil, err + return pulledReference, "", pulledImg, nil + } - default: - // NOTE: a multi-line error string: - e := fmt.Sprintf("The following failures happened while trying to pull image specified by %q based on search registries in %s:", options.FromImage, registriesConfPath) - for _, f := range failures { - e = e + fmt.Sprintf("\n* %q: %s", f.resolvedImageName, f.err.Error()) - } - return nil, "", nil, errors.New(e) + // If we were looking for a newer image but could not find one, return + // the local image if present. + if options.PullPolicy == PullIfNewer && localImage != nil { + return localImageRef, localImageRef.Transport().Name(), localImage, nil } + + return nil, "", nil, resolved.FormatPullErrors(pullErrors) } func containerNameExist(name string, containers []storage.Container) bool { diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go index af7453c91..62a328de0 100644 --- a/vendor/github.com/containers/buildah/pkg/cli/common.go +++ b/vendor/github.com/containers/buildah/pkg/cli/common.go @@ -59,7 +59,6 @@ type BudResults struct { Creds string DisableCompression bool DisableContentTrust bool - DecryptionKeys []string File []string Format string Iidfile string @@ -90,38 +89,39 @@ type BudResults struct { // FromAndBugResults represents the results for common flags // in bud and from type FromAndBudResults struct { - AddHost []string - BlobCache string - CapAdd []string - CapDrop []string - CgroupParent string - CPUPeriod uint64 - CPUQuota int64 - CPUSetCPUs string - CPUSetMems string - CPUShares uint64 - Devices []string - DNSSearch []string - DNSServers []string - DNSOptions []string - HTTPProxy bool - Isolation string - Memory string - MemorySwap string - OverrideArch string - OverrideOS string - SecurityOpt []string - ShmSize string - Ulimit []string - Volumes []string + AddHost []string + BlobCache string + CapAdd []string + CapDrop []string + CgroupParent string + CPUPeriod uint64 + CPUQuota int64 + CPUSetCPUs string + CPUSetMems string + CPUShares uint64 + DecryptionKeys []string + Devices []string + DNSSearch []string + DNSServers []string + DNSOptions []string + HTTPProxy bool + Isolation string + Memory string + MemorySwap string + OverrideArch string + OverrideOS string + SecurityOpt []string + ShmSize string + Ulimit []string + Volumes []string } // GetUserNSFlags returns the common flags for usernamespace func GetUserNSFlags(flags *UserNSResults) pflag.FlagSet { usernsFlags := pflag.FlagSet{} usernsFlags.StringVar(&flags.UserNS, "userns", "", "'container', `path` of user namespace to join, or 'host'") - usernsFlags.StringSliceVar(&flags.UserNSUIDMap, "userns-uid-map", []string{}, "`containerID:hostID:length` UID mapping to use in user namespace") - usernsFlags.StringSliceVar(&flags.UserNSGIDMap, "userns-gid-map", []string{}, "`containerID:hostID:length` GID mapping to use in user namespace") + usernsFlags.StringSliceVar(&flags.UserNSUIDMap, "userns-uid-map", []string{}, "`containerUID:hostUID:length` UID mapping to use in user namespace") + usernsFlags.StringSliceVar(&flags.UserNSGIDMap, "userns-gid-map", []string{}, "`containerGID:hostGID:length` GID mapping to use in user namespace") usernsFlags.StringVar(&flags.UserNSUIDMapUser, "userns-uid-map-user", "", "`name` of entries from /etc/subuid to use to set user namespace UID mapping") usernsFlags.StringVar(&flags.UserNSGIDMapGroup, "userns-gid-map-group", "", "`name` of entries from /etc/subgid to use to set user namespace GID mapping") return usernsFlags @@ -208,6 +208,9 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { fs.StringSliceVar(&flags.RuntimeFlags, "runtime-flag", []string{}, "add global flags for the container runtime") fs.StringVar(&flags.SignBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`") fs.StringVar(&flags.SignaturePolicy, "signature-policy", "", "`pathname` of signature policy file (not usually used)") + if err := fs.MarkHidden("signature-policy"); err != nil { + panic(fmt.Sprintf("error marking the signature-policy flag as hidden: %v", err)) + } fs.BoolVar(&flags.Squash, "squash", false, "squash newly built layers into a single new layer") fs.StringArrayVarP(&flags.Tag, "tag", "t", []string{}, "tagged `name` to apply to the built image") fs.StringVar(&flags.Target, "target", "", "set the target build stage to build") @@ -265,6 +268,7 @@ func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults, fs.Uint64VarP(&flags.CPUShares, "cpu-shares", "c", 0, "CPU shares (relative weight)") fs.StringVar(&flags.CPUSetCPUs, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)") fs.StringVar(&flags.CPUSetMems, "cpuset-mems", "", "memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.") + fs.StringSliceVar(&flags.DecryptionKeys, "decryption-key", nil, "key needed to decrypt the image") fs.StringArrayVar(&flags.Devices, "device", defaultContainerConfig.Containers.Devices, "Additional devices to be used within containers (default [])") fs.StringSliceVar(&flags.DNSSearch, "dns-search", defaultContainerConfig.Containers.DNSSearches, "Set custom DNS search domains") fs.StringSliceVar(&flags.DNSServers, "dns", defaultContainerConfig.Containers.DNSServers, "Set custom DNS servers or disable it completely by setting it to 'none', which prevents the automatic creation of `/etc/resolv.conf`.") @@ -308,6 +312,7 @@ func GetFromAndBudFlagsCompletions() commonComp.FlagCompletions { flagCompletion["cpu-shares"] = commonComp.AutocompleteNone flagCompletion["cpuset-cpus"] = commonComp.AutocompleteNone flagCompletion["cpuset-mems"] = commonComp.AutocompleteNone + flagCompletion["decryption-key"] = commonComp.AutocompleteNone flagCompletion["device"] = commonComp.AutocompleteDefault flagCompletion["dns-search"] = commonComp.AutocompleteNone flagCompletion["dns"] = commonComp.AutocompleteNone diff --git a/vendor/github.com/containers/buildah/pkg/secrets/secrets.go b/vendor/github.com/containers/buildah/pkg/secrets/secrets.go index ee2e9a7c8..32f888fa8 100644 --- a/vendor/github.com/containers/buildah/pkg/secrets/secrets.go +++ b/vendor/github.com/containers/buildah/pkg/secrets/secrets.go @@ -38,7 +38,7 @@ type secretData struct { // saveTo saves secret data to given directory func (s secretData) saveTo(dir string) error { path := filepath.Join(dir, s.name) - if err := os.MkdirAll(filepath.Dir(path), s.dirMode); err != nil && !os.IsExist(err) { + if err := os.MkdirAll(filepath.Dir(path), s.dirMode); err != nil { return err } return ioutil.WriteFile(path, s.data, s.mode) diff --git a/vendor/github.com/containers/buildah/pull.go b/vendor/github.com/containers/buildah/pull.go index bb52ec1ed..d7e7b8890 100644 --- a/vendor/github.com/containers/buildah/pull.go +++ b/vendor/github.com/containers/buildah/pull.go @@ -7,7 +7,6 @@ import ( "time" "github.com/containers/buildah/pkg/blobcache" - "github.com/containers/buildah/util" "github.com/containers/image/v5/directory" "github.com/containers/image/v5/docker" dockerarchive "github.com/containers/image/v5/docker/archive" @@ -18,6 +17,7 @@ import ( "github.com/containers/image/v5/signature" is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/transports" + "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" encconfig "github.com/containers/ocicrypt/config" "github.com/containers/storage" @@ -171,63 +171,63 @@ func Pull(ctx context.Context, imageName string, options PullOptions) (imageID s OciDecryptConfig: options.OciDecryptConfig, } - storageRef, transport, img, err := resolveImage(ctx, systemContext, options.Store, boptions) + if !options.AllTags { + _, _, img, err := resolveImage(ctx, systemContext, options.Store, boptions) + if err != nil { + return "", err + } + return img.ID, nil + } + + srcRef, err := alltransports.ParseImageName(imageName) + if err == nil && srcRef.Transport().Name() != docker.Transport.Name() { + return "", errors.New("Non-docker transport is not supported, for --all-tags pulling") + } + + storageRef, _, _, err := resolveImage(ctx, systemContext, options.Store, boptions) if err != nil { return "", err } var errs *multierror.Error - if options.AllTags { - if transport != util.DefaultTransport { - return "", errors.New("Non-docker transport is not supported, for --all-tags pulling") - } - - repo := reference.TrimNamed(storageRef.DockerReference()) - dockerRef, err := docker.NewReference(reference.TagNameOnly(storageRef.DockerReference())) + repo := reference.TrimNamed(storageRef.DockerReference()) + dockerRef, err := docker.NewReference(reference.TagNameOnly(storageRef.DockerReference())) + if err != nil { + return "", errors.Wrapf(err, "internal error creating docker.Transport reference for %s", storageRef.DockerReference().String()) + } + tags, err := docker.GetRepositoryTags(ctx, systemContext, dockerRef) + if err != nil { + return "", errors.Wrapf(err, "error getting repository tags") + } + for _, tag := range tags { + tagged, err := reference.WithTag(repo, tag) if err != nil { - return "", errors.Wrapf(err, "internal error creating docker.Transport reference for %s", storageRef.DockerReference().String()) + errs = multierror.Append(errs, err) + continue } - tags, err := docker.GetRepositoryTags(ctx, systemContext, dockerRef) + taggedRef, err := docker.NewReference(tagged) if err != nil { - return "", errors.Wrapf(err, "error getting repository tags") + return "", errors.Wrapf(err, "internal error creating docker.Transport reference for %s", tagged.String()) } - for _, tag := range tags { - tagged, err := reference.WithTag(repo, tag) - if err != nil { - errs = multierror.Append(errs, err) - continue + if options.ReportWriter != nil { + if _, err := options.ReportWriter.Write([]byte("Pulling " + tagged.String() + "\n")); err != nil { + return "", errors.Wrapf(err, "error writing pull report") } - taggedRef, err := docker.NewReference(tagged) - if err != nil { - return "", errors.Wrapf(err, "internal error creating docker.Transport reference for %s", tagged.String()) - } - if options.ReportWriter != nil { - if _, err := options.ReportWriter.Write([]byte("Pulling " + tagged.String() + "\n")); err != nil { - return "", errors.Wrapf(err, "error writing pull report") - } - } - ref, err := pullImage(ctx, options.Store, taggedRef, options, systemContext) - if err != nil { - errs = multierror.Append(errs, err) - continue - } - taggedImg, err := is.Transport.GetStoreImage(options.Store, ref) - if err != nil { - errs = multierror.Append(errs, err) - continue - } - imageID = taggedImg.ID } - } else { - imageID = img.ID - } - if errs == nil { - err = nil - } else { - err = errs.ErrorOrNil() + ref, err := pullImage(ctx, options.Store, taggedRef, options, systemContext) + if err != nil { + errs = multierror.Append(errs, err) + continue + } + taggedImg, err := is.Transport.GetStoreImage(options.Store, ref) + if err != nil { + errs = multierror.Append(errs, err) + continue + } + imageID = taggedImg.ID } - return imageID, err + return imageID, errs.ErrorOrNil() } func pullImage(ctx context.Context, store storage.Store, srcRef types.ImageReference, options PullOptions, sc *types.SystemContext) (types.ImageReference, error) { diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index 3a07407b0..d907941ed 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -23,6 +23,7 @@ import ( "github.com/containernetworking/cni/libcni" "github.com/containers/buildah/bind" "github.com/containers/buildah/chroot" + "github.com/containers/buildah/copier" "github.com/containers/buildah/pkg/overlay" "github.com/containers/buildah/pkg/secrets" "github.com/containers/buildah/util" @@ -165,11 +166,6 @@ func (b *Builder) Run(command []string, options RunOptions) error { spec := g.Config g = nil - logrus.Debugf("ensuring working directory %q exists", filepath.Join(mountPoint, spec.Process.Cwd)) - if err = os.MkdirAll(filepath.Join(mountPoint, spec.Process.Cwd), 0755); err != nil && !os.IsExist(err) { - return err - } - // Set the seccomp configuration using the specified profile name. Some syscalls are // allowed if certain capabilities are to be granted (example: CAP_SYS_CHROOT and chroot), // so we sorted out the capabilities lists first. @@ -184,6 +180,15 @@ func (b *Builder) Run(command []string, options RunOptions) error { } rootIDPair := &idtools.IDPair{UID: int(rootUID), GID: int(rootGID)} + mode := os.FileMode(0755) + coptions := copier.MkdirOptions{ + ChownNew: rootIDPair, + ChmodNew: &mode, + } + if err := copier.Mkdir(mountPoint, filepath.Join(mountPoint, spec.Process.Cwd), coptions); err != nil { + return err + } + bindFiles := make(map[string]string) namespaceOptions := append(b.NamespaceOptions, options.NamespaceOptions...) volumes := b.Volumes() @@ -1981,7 +1986,6 @@ func (b *Builder) configureEnvironment(g *generate.Generator, options RunOptions } func setupRootlessSpecChanges(spec *specs.Spec, bundleDir string, shmSize string) error { - spec.Hostname = "" spec.Process.User.AdditionalGids = nil spec.Linux.Resources = nil @@ -2137,10 +2141,6 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions) logrus.Debugf("Forcing use of a user namespace.") } options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.UserNamespace)}) - if ns := options.NamespaceOptions.Find(string(specs.UTSNamespace)); ns != nil && !ns.Host { - logrus.Debugf("Disabling UTS namespace.") - } - options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.UTSNamespace), Host: true}) case IsolationOCI: pidns := options.NamespaceOptions.Find(string(specs.PIDNamespace)) userns := options.NamespaceOptions.Find(string(specs.UserNamespace)) diff --git a/vendor/github.com/containers/buildah/util/util.go b/vendor/github.com/containers/buildah/util/util.go index 00efc8d21..99f68d9e1 100644 --- a/vendor/github.com/containers/buildah/util/util.go +++ b/vendor/github.com/containers/buildah/util/util.go @@ -12,10 +12,10 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/pkg/shortnames" "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/signature" is "github.com/containers/image/v5/storage" - "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" "github.com/containers/storage" @@ -69,42 +69,10 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto } } - // If the image includes a transport's name as a prefix, use it as-is. - if strings.HasPrefix(name, DefaultTransport) { - return []string{strings.TrimPrefix(name, DefaultTransport)}, DefaultTransport, false, nil - } - split := strings.SplitN(name, ":", 2) - if StartsWithValidTransport(name) && len(split) == 2 { - if trans := transports.Get(split[0]); trans != nil { - return []string{split[1]}, trans.Name(), false, nil - } - } - // If the image name already included a domain component, we're done. - named, err := reference.ParseNormalizedNamed(name) - if err != nil { - return nil, "", false, errors.Wrapf(err, "error parsing image name %q", name) - } - if named.String() == name { - // Parsing produced the same result, so there was a domain name in there to begin with. - return []string{name}, DefaultTransport, false, nil - } - if reference.Domain(named) != "" && RegistryDefaultPathPrefix[reference.Domain(named)] != "" { - // If this domain can cause us to insert something in the middle, check if that happened. - repoPath := reference.Path(named) - domain := reference.Domain(named) - tag := "" - if tagged, ok := named.(reference.Tagged); ok { - tag = ":" + tagged.Tag() - } - digest := "" - if digested, ok := named.(reference.Digested); ok { - digest = "@" + digested.Digest().String() - } - defaultPrefix := RegistryDefaultPathPrefix[reference.Domain(named)] + "/" - if strings.HasPrefix(repoPath, defaultPrefix) && path.Join(domain, repoPath[len(defaultPrefix):])+tag+digest == name { - // Yup, parsing just inserted a bit in the middle, so there was a domain name there to begin with. - return []string{name}, DefaultTransport, false, nil - } + // Transports are not supported for local image look ups. + srcRef, err := alltransports.ParseImageName(name) + if err == nil { + return []string{srcRef.StringWithinTransport()}, srcRef.Transport().Name(), false, nil } // Figure out the list of registries. @@ -126,25 +94,26 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto } searchRegistriesAreEmpty := len(registries) == 0 - // Create all of the combinations. Some registries need an additional component added, so - // use our lookaside map to keep track of them. If there are no configured registries, we'll - // return a name using "localhost" as the registry name. - candidates := []string{} - initRegistries := []string{"localhost"} + var candidates []string + // Set the first registry if requested. if firstRegistry != "" && firstRegistry != "localhost" { - initRegistries = append([]string{firstRegistry}, initRegistries...) - } - for _, registry := range append(initRegistries, registries...) { - if registry == "" { - continue - } middle := "" - if prefix, ok := RegistryDefaultPathPrefix[registry]; ok && !strings.ContainsRune(name, '/') { + if prefix, ok := RegistryDefaultPathPrefix[firstRegistry]; ok && !strings.ContainsRune(name, '/') { middle = prefix } - candidate := path.Join(registry, middle, name) + candidate := path.Join(firstRegistry, middle, name) candidates = append(candidates, candidate) } + + // Local short-name resolution. + namedCandidates, err := shortnames.ResolveLocally(sc, name) + if err != nil { + return nil, "", false, err + } + for _, named := range namedCandidates { + candidates = append(candidates, named.String()) + } + return candidates, DefaultTransport, searchRegistriesAreEmpty, nil } diff --git a/vendor/github.com/containers/buildah/util/util_linux.go b/vendor/github.com/containers/buildah/util/util_linux.go index 1a13699df..cca1f9e7e 100644 --- a/vendor/github.com/containers/buildah/util/util_linux.go +++ b/vendor/github.com/containers/buildah/util/util_linux.go @@ -1,7 +1,6 @@ package util import ( - "os" "syscall" "golang.org/x/sys/unix" @@ -19,11 +18,3 @@ func IsCgroup2UnifiedMode() (bool, error) { }) return isUnified, isUnifiedErr } - -func UID(st os.FileInfo) int { - return int(st.Sys().(*syscall.Stat_t).Uid) -} - -func GID(st os.FileInfo) int { - return int(st.Sys().(*syscall.Stat_t).Gid) -} diff --git a/vendor/github.com/containers/buildah/util/util_unix.go b/vendor/github.com/containers/buildah/util/util_unix.go index 04d9a01cc..29983e40f 100644 --- a/vendor/github.com/containers/buildah/util/util_unix.go +++ b/vendor/github.com/containers/buildah/util/util_unix.go @@ -29,3 +29,11 @@ func (h *HardlinkChecker) Add(fi os.FileInfo, name string) { h.hardlinks.Store(makeHardlinkDeviceAndInode(st), name) } } + +func UID(st os.FileInfo) int { + return int(st.Sys().(*syscall.Stat_t).Uid) +} + +func GID(st os.FileInfo) int { + return int(st.Sys().(*syscall.Stat_t).Gid) +} diff --git a/vendor/github.com/containers/buildah/util/util_unsupported.go b/vendor/github.com/containers/buildah/util/util_unsupported.go index 8810536a6..05a68f60b 100644 --- a/vendor/github.com/containers/buildah/util/util_unsupported.go +++ b/vendor/github.com/containers/buildah/util/util_unsupported.go @@ -2,19 +2,7 @@ package util -import ( - "os" -) - // IsCgroup2UnifiedMode returns whether we are running in cgroup 2 cgroup2 mode. func IsCgroup2UnifiedMode() (bool, error) { return false, nil } - -func UID(st os.FileInfo) int { - return 0 -} - -func GID(st os.FileInfo) int { - return 0 -} diff --git a/vendor/github.com/containers/buildah/util/util_windows.go b/vendor/github.com/containers/buildah/util/util_windows.go index 0e7f92325..18965ab17 100644 --- a/vendor/github.com/containers/buildah/util/util_windows.go +++ b/vendor/github.com/containers/buildah/util/util_windows.go @@ -14,3 +14,11 @@ func (h *HardlinkChecker) Check(fi os.FileInfo) string { } func (h *HardlinkChecker) Add(fi os.FileInfo, name string) { } + +func UID(st os.FileInfo) int { + return 0 +} + +func GID(st os.FileInfo) int { + return 0 +} |