buildah/internal/util/util.go

package util

import (
	"io"
	"os"
	"path/filepath"

	"github.com/containers/buildah/define"
	"github.com/containers/common/libimage"
	"github.com/containers/image/v5/types"
	"github.com/containers/storage"
	"github.com/containers/storage/pkg/archive"
	"github.com/containers/storage/pkg/chrootarchive"
	"github.com/containers/storage/pkg/unshare"
	"github.com/pkg/errors"
)

// LookupImage returns *Image to corresponding imagename or id
func LookupImage(ctx *types.SystemContext, store storage.Store, image string) (*libimage.Image, error) {
	systemContext := ctx
	if systemContext == nil {
		systemContext = &types.SystemContext{}
	}
	runtime, err := libimage.RuntimeFromStore(store, &libimage.RuntimeOptions{SystemContext: systemContext})
	if err != nil {
		return nil, err
	}
	localImage, _, err := runtime.LookupImage(image, nil)
	if err != nil {
		return nil, err
	}
	return localImage, nil
}

// GetTempDir returns base for a temporary directory on host.
func GetTempDir() string {
	if tmpdir, ok := os.LookupEnv("TMPDIR"); ok {
		return tmpdir
	}
	return "/var/tmp"
}

// ExportFromReader reads bytes from given reader and exports to external tar, directory or stdout.
func ExportFromReader(input io.Reader, opts define.BuildOutputOption) error {
	var err error
	if !filepath.IsAbs(opts.Path) {
		opts.Path, err = filepath.Abs(opts.Path)
		if err != nil {
			return err
		}
	}
	if opts.IsDir {
		// In order to keep this feature as close as possible to
		// buildkit it was decided to preserve ownership when
		// invoked as root since caller already has access to artifacts
		// therefore we can preserve ownership as is, however for rootless users
		// ownership has to be changed so exported artifacts can still
		// be accessible by unpriviledged users.
		// See: https://github.com/containers/buildah/pull/3823#discussion_r829376633
		noLChown := false
		if unshare.IsRootless() {
			noLChown = true
		}

		err = os.MkdirAll(opts.Path, 0700)
		if err != nil {
			return errors.Wrapf(err, "failed while creating the destination path %q", opts.Path)
		}

		err = chrootarchive.Untar(input, opts.Path, &archive.TarOptions{NoLchown: noLChown})
		if err != nil {
			return errors.Wrapf(err, "failed while performing untar at %q", opts.Path)
		}
	} else {
		outFile := os.Stdout
		if !opts.IsStdout {
			outFile, err = os.Create(opts.Path)
			if err != nil {
				return errors.Wrapf(err, "failed while creating destination tar at %q", opts.Path)
			}
			defer outFile.Close()
		}
		_, err = io.Copy(outFile, input)
		if err != nil {
			return errors.Wrapf(err, "failed while performing copy to %q", opts.Path)
		}
	}
	return nil
}
buildkit: add from field to bind and cache mounts so images can be used as source Following commit adds buildkit like support for `from` field to `--mount=type=bind` and `--mount=type=cache` so images and stage can be used as mount source. Usage looks like ```dockerfile RUN --mount=type=bind,source=.,from=<your-image>,target=/path ls /path ``` and ```dockerfile RUN --mount=type=cache,from=<your-image>,target=/path ls /path ``` Signed-off-by: Aditya Rajan <arajan@redhat.com> 2021-10-18 13:51:51 +08:00			`package util`

			`import (`
buildkit: add support for custom build output with --output Allows end-users to export final build content or rootfs to external formats. By default, a local container image is created from the build result. The --output (or -o) flag allows you to override this behavior, and a specify a custom exporter. For example, custom exporters allow you to export the build artifacts as files on the local filesystem instead of a Container image, which can be useful for generating local binaries, code generation etc. The value for --output is a CSV-formatted string defining the exporter type and options. Currently, local and tar exporters are supported. The local exporter writes the resulting build files to a directory on the client side. The tar exporter is similar but writes the files as a single tarball (.tar). ```console buildah build --output type=local,dest=dir . buildah build --output type=tar,dest=rootfs.tar . buildah build -o dir . ``` Reference: https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs Signed-off-by: Aditya R <arajan@redhat.com> 2022-04-29 21:39:42 +08:00			`"io"`
			`"os"`
			`"path/filepath"`

			`"github.com/containers/buildah/define"`
buildkit: add from field to bind and cache mounts so images can be used as source Following commit adds buildkit like support for `from` field to `--mount=type=bind` and `--mount=type=cache` so images and stage can be used as mount source. Usage looks like ```dockerfile RUN --mount=type=bind,source=.,from=<your-image>,target=/path ls /path ``` and ```dockerfile RUN --mount=type=cache,from=<your-image>,target=/path ls /path ``` Signed-off-by: Aditya Rajan <arajan@redhat.com> 2021-10-18 13:51:51 +08:00			`"github.com/containers/common/libimage"`
			`"github.com/containers/image/v5/types"`
			`"github.com/containers/storage"`
buildkit: add support for custom build output with --output Allows end-users to export final build content or rootfs to external formats. By default, a local container image is created from the build result. The --output (or -o) flag allows you to override this behavior, and a specify a custom exporter. For example, custom exporters allow you to export the build artifacts as files on the local filesystem instead of a Container image, which can be useful for generating local binaries, code generation etc. The value for --output is a CSV-formatted string defining the exporter type and options. Currently, local and tar exporters are supported. The local exporter writes the resulting build files to a directory on the client side. The tar exporter is similar but writes the files as a single tarball (.tar). ```console buildah build --output type=local,dest=dir . buildah build --output type=tar,dest=rootfs.tar . buildah build -o dir . ``` Reference: https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs Signed-off-by: Aditya R <arajan@redhat.com> 2022-04-29 21:39:42 +08:00			`"github.com/containers/storage/pkg/archive"`
			`"github.com/containers/storage/pkg/chrootarchive"`
			`"github.com/containers/storage/pkg/unshare"`
			`"github.com/pkg/errors"`
buildkit: add from field to bind and cache mounts so images can be used as source Following commit adds buildkit like support for `from` field to `--mount=type=bind` and `--mount=type=cache` so images and stage can be used as mount source. Usage looks like ```dockerfile RUN --mount=type=bind,source=.,from=<your-image>,target=/path ls /path ``` and ```dockerfile RUN --mount=type=cache,from=<your-image>,target=/path ls /path ``` Signed-off-by: Aditya Rajan <arajan@redhat.com> 2021-10-18 13:51:51 +08:00			`)`

			`// LookupImage returns *Image to corresponding imagename or id`
			`func LookupImage(ctx types.SystemContext, store storage.Store, image string) (libimage.Image, error) {`
			`systemContext := ctx`
			`if systemContext == nil {`
			`systemContext = &types.SystemContext{}`
			`}`
			`runtime, err := libimage.RuntimeFromStore(store, &libimage.RuntimeOptions{SystemContext: systemContext})`
			`if err != nil {`
			`return nil, err`
			`}`
			`localImage, _, err := runtime.LookupImage(image, nil)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return localImage, nil`
			`}`
buildkit: add support for custom build output with --output Allows end-users to export final build content or rootfs to external formats. By default, a local container image is created from the build result. The --output (or -o) flag allows you to override this behavior, and a specify a custom exporter. For example, custom exporters allow you to export the build artifacts as files on the local filesystem instead of a Container image, which can be useful for generating local binaries, code generation etc. The value for --output is a CSV-formatted string defining the exporter type and options. Currently, local and tar exporters are supported. The local exporter writes the resulting build files to a directory on the client side. The tar exporter is similar but writes the files as a single tarball (.tar). ```console buildah build --output type=local,dest=dir . buildah build --output type=tar,dest=rootfs.tar . buildah build -o dir . ``` Reference: https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs Signed-off-by: Aditya R <arajan@redhat.com> 2022-04-29 21:39:42 +08:00
buildkit: supports additionalBuildContext in builds via --build-context As builds got more complicated, the ability to only access files from one location became quite limiting. With `multi-stage` builds where you can `copy` files from other parts of the Containerfile by adding the `--from` flag and pointing it to the name of another Containerfile stage or a remote image. The new named build context feature is an extension of this pattern. You can now define additional build contexts when running the build command, give them a name, and then access them inside a Dockerfile the same way you previously did with build stages. Additional build contexts can be defined with a new `--build-context [name]=[value]` flag. The key component defines the name for your build context and the value can be: ```console Local directory – e.g. --build-context project2=../path/to/project2/src HTTP URL to a tarball – e.g. --build-context src=https://example.org/releases/src.tar Container image – Define with a docker-image:// prefix, e.g. --build-context alpine=docker-image://alpine:3.15, ( also supports docker://, container-image:// ) ``` On the Containerfile side, you can reference the build context on all commands that accept the “from” parameter. Here’s how that might look: ```Dockerfile FROM [name] COPY --from=[name] ... RUN --mount=from=[name] … ``` The value of [name] is matched with the following priority order: * Named build context defined with `--build-context [name]=..` * Stage defined with `AS [name]` inside Dockerfile * Remote image `[name]` in a container registry Added Features * Pinning images for `FROM` and `COPY` * Specifying multiple buildcontexts from different projects and using them with `--from` in `ADD` and `COPY` directive * Override a Remote Dependency with a Local One. * Using additional context from external `Tar` Signed-off-by: Aditya R <arajan@redhat.com> 2022-05-10 18:11:37 +08:00			`// GetTempDir returns base for a temporary directory on host.`
			`func GetTempDir() string {`
			`if tmpdir, ok := os.LookupEnv("TMPDIR"); ok {`
			`return tmpdir`
			`}`
			`return "/var/tmp"`
			`}`

buildkit: add support for custom build output with --output Allows end-users to export final build content or rootfs to external formats. By default, a local container image is created from the build result. The --output (or -o) flag allows you to override this behavior, and a specify a custom exporter. For example, custom exporters allow you to export the build artifacts as files on the local filesystem instead of a Container image, which can be useful for generating local binaries, code generation etc. The value for --output is a CSV-formatted string defining the exporter type and options. Currently, local and tar exporters are supported. The local exporter writes the resulting build files to a directory on the client side. The tar exporter is similar but writes the files as a single tarball (.tar). ```console buildah build --output type=local,dest=dir . buildah build --output type=tar,dest=rootfs.tar . buildah build -o dir . ``` Reference: https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs Signed-off-by: Aditya R <arajan@redhat.com> 2022-04-29 21:39:42 +08:00			`// ExportFromReader reads bytes from given reader and exports to external tar, directory or stdout.`
			`func ExportFromReader(input io.Reader, opts define.BuildOutputOption) error {`
			`var err error`
			`if !filepath.IsAbs(opts.Path) {`
			`opts.Path, err = filepath.Abs(opts.Path)`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`if opts.IsDir {`
			`// In order to keep this feature as close as possible to`
			`// buildkit it was decided to preserve ownership when`
			`// invoked as root since caller already has access to artifacts`
			`// therefore we can preserve ownership as is, however for rootless users`
			`// ownership has to be changed so exported artifacts can still`
			`// be accessible by unpriviledged users.`
			`// See: https://github.com/containers/buildah/pull/3823#discussion_r829376633`
			`noLChown := false`
			`if unshare.IsRootless() {`
			`noLChown = true`
			`}`

			`err = os.MkdirAll(opts.Path, 0700)`
			`if err != nil {`
			`return errors.Wrapf(err, "failed while creating the destination path %q", opts.Path)`
			`}`

			`err = chrootarchive.Untar(input, opts.Path, &archive.TarOptions{NoLchown: noLChown})`
			`if err != nil {`
			`return errors.Wrapf(err, "failed while performing untar at %q", opts.Path)`
			`}`
			`} else {`
			`outFile := os.Stdout`
			`if !opts.IsStdout {`
			`outFile, err = os.Create(opts.Path)`
			`if err != nil {`
			`return errors.Wrapf(err, "failed while creating destination tar at %q", opts.Path)`
			`}`
			`defer outFile.Close()`
			`}`
			`_, err = io.Copy(outFile, input)`
			`if err != nil {`
			`return errors.Wrapf(err, "failed while performing copy to %q", opts.Path)`
			`}`
			`}`
			`return nil`
			`}`