root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into history

This commit is contained in:
Ashley 2021-02-16 16:02:40 -05:00 committed by GitHub
parent b870be611d d5326efbb2
commit 021ae2f64a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
45 changed files with 680 additions and 402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
add.go
View File

@ -16,6 +16,7 @@ import (
"time"
"github.com/containers/buildah/copier"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/chrootuser"
"github.com/containers/storage/pkg/fileutils"
"github.com/containers/storage/pkg/idtools"
@ -51,7 +52,7 @@ type AddAndCopyOptions struct {
// ID mapping options to use when contents to be copied are part of
// another container, and need ownerships to be mapped from the host to
// that container's values before copying them into the container.
IDMappingOptions *IDMappingOptions
IDMappingOptions *define.IDMappingOptions
// DryRun indicates that the content should be digested, but not actually
// copied into the container.
DryRun bool
@ -303,6 +304,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
renameTarget = filepath.Base(extractDirectory)
extractDirectory = filepath.Dir(extractDirectory)
}
// if the destination is a directory that doesn't yet exist, let's copy it.
newDestDirFound := false
if (len(destStats) == 1 || len(destStats[0].Globbed) == 0) && destMustBeDirectory && !destCanBeFile {
newDestDirFound = true
}
if len(destStats) == 1 && len(destStats[0].Globbed) == 1 && destStats[0].Results[destStats[0].Globbed[0]].IsRegular {
if destMustBeDirectory {
return errors.Errorf("destination %v already exists but is not a directory", destination)
@ -415,6 +423,11 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
if !globInfo.IsDir || !includeDirectoryAnyway(rel, pm) {
continue
}
} else {
// if the destination is a directory that doesn't yet exist, and is not excluded, let's copy it.
if newDestDirFound {
itemsCopied++
}
}
} else {
// Make sure we don't trigger a "copied nothing" error for an empty context

124
buildah.go
View File

@ -25,10 +25,10 @@ import (
const (
// Package is the name of this package, used in help output and to
// identify working containers.
Package = "buildah"
Package = define.Package
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
Version = "1.20.0-dev"
Version = define.Version
// The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to
@ -66,35 +66,22 @@ const (
// NetworkConfigurationPolicy takes the value NetworkDefault, NetworkDisabled,
// or NetworkEnabled.
type NetworkConfigurationPolicy int
type NetworkConfigurationPolicy = define.NetworkConfigurationPolicy
const (
// NetworkDefault is one of the values that BuilderOptions.ConfigureNetwork
// can take, signalling that the default behavior should be used.
NetworkDefault NetworkConfigurationPolicy = iota
NetworkDefault = define.NetworkDefault
// NetworkDisabled is one of the values that BuilderOptions.ConfigureNetwork
// can take, signalling that network interfaces should NOT be configured for
// newly-created network namespaces.
NetworkDisabled
NetworkDisabled = define.NetworkDisabled
// NetworkEnabled is one of the values that BuilderOptions.ConfigureNetwork
// can take, signalling that network interfaces should be configured for
// newly-created network namespaces.
NetworkEnabled
NetworkEnabled = define.NetworkEnabled
)
// String formats a NetworkConfigurationPolicy as a string.
func (p NetworkConfigurationPolicy) String() string {
switch p {
case NetworkDefault:
return "NetworkDefault"
case NetworkDisabled:
return "NetworkDisabled"
case NetworkEnabled:
return "NetworkEnabled"
}
return fmt.Sprintf("unknown NetworkConfigurationPolicy %d", p)
}
// Builder objects are used to represent containers which are being used to
// build images. They also carry potential updates which will be applied to
// the image's configuration when the container's contents are used to build an
@ -149,15 +136,15 @@ type Builder struct {
DefaultMountsFilePath string `json:"defaultMountsFilePath,omitempty"`
// Isolation controls how we handle "RUN" statements and the Run() method.
Isolation Isolation
Isolation define.Isolation
// NamespaceOptions controls how we set up the namespaces for processes that we run in the container.
NamespaceOptions NamespaceOptions
NamespaceOptions define.NamespaceOptions
// ConfigureNetwork controls whether or not network interfaces and
// routing are configured for a new network namespace (i.e., when not
// joining another's namespace and not just using the host's
// namespace), effectively deciding whether or not the process has a
// usable network.
ConfigureNetwork NetworkConfigurationPolicy
ConfigureNetwork define.NetworkConfigurationPolicy
// CNIPluginPath is the location of CNI plugin helpers, if they should be
// run from a location other than the default location.
CNIPluginPath string
@ -165,7 +152,7 @@ type Builder struct {
// the default configuration directory shouldn't be used.
CNIConfigDir string
// ID mapping options to use when running processes in the container with non-host user namespaces.
IDMappingOptions IDMappingOptions
IDMappingOptions define.IDMappingOptions
// Capabilities is a list of capabilities to use when running commands in the container.
Capabilities []string
// PrependedEmptyLayers are history entries that we'll add to a
@ -177,7 +164,7 @@ type Builder struct {
// committed image after the history item for the layer that we're
// committing.
AppendedEmptyLayers []v1.History
CommonBuildOpts *CommonBuildOptions
CommonBuildOpts *define.CommonBuildOptions
// TopLayer is the top layer of the image
TopLayer string
// Format for the build Image
@ -187,7 +174,7 @@ type Builder struct {
// ContentDigester counts the digest of all Add()ed content
ContentDigester CompositeDigester
// Devices are the additional devices to add to the containers
Devices ContainerDevices
Devices define.ContainerDevices
}
// BuilderInfo are used as objects to display container information
@ -209,14 +196,14 @@ type BuilderInfo struct {
Docker docker.V2Image
DefaultMountsFilePath string
Isolation string
NamespaceOptions NamespaceOptions
NamespaceOptions define.NamespaceOptions
Capabilities []string
ConfigureNetwork string
CNIPluginPath string
CNIConfigDir string
IDMappingOptions IDMappingOptions
IDMappingOptions define.IDMappingOptions
History []v1.History
Devices ContainerDevices
Devices define.ContainerDevices
}
// GetBuildInfo gets a pointer to a Builder object and returns a BuilderInfo object from it.
@ -256,66 +243,7 @@ func GetBuildInfo(b *Builder) BuilderInfo {
}
// CommonBuildOptions are resources that can be defined by flags for both buildah from and build-using-dockerfile
type CommonBuildOptions struct {
// AddHost is the list of hostnames to add to the build container's /etc/hosts.
AddHost []string
// CgroupParent is the path to cgroups under which the cgroup for the container will be created.
CgroupParent string
// CPUPeriod limits the CPU CFS (Completely Fair Scheduler) period
CPUPeriod uint64
// CPUQuota limits the CPU CFS (Completely Fair Scheduler) quota
CPUQuota int64
// CPUShares (relative weight
CPUShares uint64
// CPUSetCPUs in which to allow execution (0-3, 0,1)
CPUSetCPUs string
// CPUSetMems memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
CPUSetMems string
// HTTPProxy determines whether *_proxy env vars from the build host are passed into the container.
HTTPProxy bool
// Memory is the upper limit (in bytes) on how much memory running containers can use.
Memory int64
// DNSSearch is the list of DNS search domains to add to the build container's /etc/resolv.conf
DNSSearch []string
// DNSServers is the list of DNS servers to add to the build container's /etc/resolv.conf
DNSServers []string
// DNSOptions is the list of DNS
DNSOptions []string
// MemorySwap limits the amount of memory and swap together.
MemorySwap int64
// LabelOpts is the a slice of fields of an SELinux context, given in "field:pair" format, or "disable".
// Recognized field names are "role", "type", and "level".
LabelOpts []string
// OmitTimestamp forces epoch 0 as created timestamp to allow for
// deterministic, content-addressable builds.
OmitTimestamp bool
// SeccompProfilePath is the pathname of a seccomp profile.
SeccompProfilePath string
// ApparmorProfile is the name of an apparmor profile.
ApparmorProfile string
// ShmSize is the "size" value to use when mounting an shmfs on the container's /dev/shm directory.
ShmSize string
// Ulimit specifies resource limit options, in the form type:softlimit[:hardlimit].
// These types are recognized:
// "core": maximum core dump size (ulimit -c)
// "cpu": maximum CPU time (ulimit -t)
// "data": maximum size of a process's data segment (ulimit -d)
// "fsize": maximum size of new files (ulimit -f)
// "locks": maximum number of file locks (ulimit -x)
// "memlock": maximum amount of locked memory (ulimit -l)
// "msgqueue": maximum amount of data in message queues (ulimit -q)
// "nice": niceness adjustment (nice -n, ulimit -e)
// "nofile": maximum number of open files (ulimit -n)
// "nproc": maximum number of processes (ulimit -u)
// "rss": maximum size of a process's (ulimit -m)
// "rtprio": maximum real-time scheduling priority (ulimit -r)
// "rttime": maximum amount of real-time execution between blocking syscalls
// "sigpending": maximum number of pending signals (ulimit -i)
// "stack": maximum stack size (ulimit -s)
Ulimit []string
// Volumes to bind mount into the container
Volumes []string
}
type CommonBuildOptions = define.CommonBuildOptions
// BuilderOptions are used to initialize a new Builder.
type BuilderOptions struct {
@ -331,7 +259,7 @@ type BuilderOptions struct {
// PullPolicy decides whether or not we should pull the image that
// we're using as a base image. It should be PullIfMissing,
// PullAlways, or PullNever.
PullPolicy PullPolicy
PullPolicy define.PullPolicy
// Registry is a value which is prepended to the image's name, if it
// needs to be pulled and the image name alone can not be resolved to a
// reference to a source image. No separator is implicitly added.
@ -360,16 +288,16 @@ type BuilderOptions struct {
DefaultMountsFilePath string
// Isolation controls how we handle "RUN" statements and the Run()
// method.
Isolation Isolation
Isolation define.Isolation
// NamespaceOptions controls how we set up namespaces for processes that
// we might need to run using the container's root filesystem.
NamespaceOptions NamespaceOptions
NamespaceOptions define.NamespaceOptions
// ConfigureNetwork controls whether or not network interfaces and
// routing are configured for a new network namespace (i.e., when not
// joining another's namespace and not just using the host's
// namespace), effectively deciding whether or not the process has a
// usable network.
ConfigureNetwork NetworkConfigurationPolicy
ConfigureNetwork define.NetworkConfigurationPolicy
// CNIPluginPath is the location of CNI plugin helpers, if they should be
// run from a location other than the default location.
CNIPluginPath string
@ -377,15 +305,15 @@ type BuilderOptions struct {
// the default configuration directory shouldn't be used.
CNIConfigDir string
// ID mapping options to use if we're setting up our own user namespace.
IDMappingOptions *IDMappingOptions
IDMappingOptions *define.IDMappingOptions
// Capabilities is a list of capabilities to use when
// running commands in the container.
Capabilities []string
CommonBuildOpts *CommonBuildOptions
CommonBuildOpts *define.CommonBuildOptions
// Format for the container image
Format string
// Devices are the additional devices to add to the containers
Devices ContainerDevices
Devices define.ContainerDevices
//DefaultEnv for containers
DefaultEnv []string
// MaxPullRetries is the maximum number of attempts we'll make to pull
@ -460,7 +388,7 @@ func OpenBuilder(store storage.Store, container string) (*Builder, error) {
return nil, errors.Wrapf(err, "error parsing %q, read from %q", string(buildstate), filepath.Join(cdir, stateFile))
}
if b.Type != containerType {
return nil, errors.Errorf("container %q is not a %s container (is a %q container)", container, Package, b.Type)
return nil, errors.Errorf("container %q is not a %s container (is a %q container)", container, define.Package, b.Type)
}
b.store = store
b.fixupConfig()
@ -504,7 +432,7 @@ func OpenBuilderByPath(store storage.Store, path string) (*Builder, error) {
if err != nil {
logrus.Debugf("error parsing %q, read from %q: %v", string(buildstate), filepath.Join(cdir, stateFile), err)
} else if b.Type != containerType {
logrus.Debugf("container %q is not a %s container (is a %q container)", container.ID, Package, b.Type)
logrus.Debugf("container %q is not a %s container (is a %q container)", container.ID, define.Package, b.Type)
}
}
return nil, storage.ErrContainerUnknown
@ -541,7 +469,7 @@ func OpenAllBuilders(store storage.Store) (builders []*Builder, err error) {
if err != nil {
logrus.Debugf("error parsing %q, read from %q: %v", string(buildstate), filepath.Join(cdir, stateFile), err)
} else if b.Type != containerType {
logrus.Debugf("container %q is not a %s container (is a %q container)", container.ID, Package, b.Type)
logrus.Debugf("container %q is not a %s container (is a %q container)", container.ID, define.Package, b.Type)
}
}
return builders, nil

3
cmd/buildah/commit.go
View File

@ -6,6 +6,7 @@ import (
"time"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/buildah/imagebuildah"
buildahcli "github.com/containers/buildah/pkg/cli"
"github.com/containers/buildah/pkg/parse"
@ -168,7 +169,7 @@ func commitCmd(c *cobra.Command, args []string, iopts commitInputOptions) error
}
// Add builder identity information.
builder.SetLabel(buildah.BuilderIdentityAnnotation, buildah.Version)
builder.SetLabel(buildah.BuilderIdentityAnnotation, define.Version)
encConfig, encLayers, err := getEncryptConfig(iopts.encryptionKeys, iopts.encryptLayers)
if err != nil {

3
cmd/buildah/common_test.go
View File

@ -7,6 +7,7 @@ import (
"testing"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
is "github.com/containers/image/v5/storage"
"github.com/containers/image/v5/types"
"github.com/containers/storage"
@ -112,7 +113,7 @@ func pullTestImage(t *testing.T) string {
if err != nil {
t.Fatal(err)
}
commonOpts := &buildah.CommonBuildOptions{
commonOpts := &define.CommonBuildOptions{
LabelOpts: nil,
}
options := buildah.BuilderOptions{

3
cmd/buildah/containers.go
View File

@ -9,6 +9,7 @@ import (
"text/template"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/formats"
"github.com/containers/buildah/util"
"github.com/containers/storage"
@ -67,7 +68,7 @@ type containersResults struct {
func init() {
var (
containersDescription = "\n Lists containers which appear to be " + buildah.Package + " working containers, their\n names and IDs, and the names and IDs of the images from which they were\n initialized."
containersDescription = "\n Lists containers which appear to be " + define.Package + " working containers, their\n names and IDs, and the names and IDs of the images from which they were\n initialized."
opts containersResults
)
containersCommand := &cobra.Command{

11
cmd/buildah/from.go
View File

@ -8,6 +8,7 @@ import (
"strings"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
buildahcli "github.com/containers/buildah/pkg/cli"
"github.com/containers/buildah/pkg/parse"
"github.com/containers/common/pkg/auth"
@ -210,15 +211,15 @@ func fromCmd(c *cobra.Command, args []string, iopts fromReply) error {
return errors.Errorf("can only set one of 'pull' or 'pull-always' or 'pull-never'")
}
pullPolicy := buildah.PullIfMissing
pullPolicy := define.PullIfMissing
if iopts.pull {
pullPolicy = buildah.PullIfNewer
pullPolicy = define.PullIfNewer
}
if iopts.pullAlways {
pullPolicy = buildah.PullAlways
pullPolicy = define.PullAlways
}
if iopts.pullNever {
pullPolicy = buildah.PullNever
pullPolicy = define.PullNever
}
signaturePolicy := iopts.signaturePolicy
@ -252,7 +253,7 @@ func fromCmd(c *cobra.Command, args []string, iopts fromReply) error {
if err != nil {
return err
}
devices := buildah.ContainerDevices{}
devices := define.ContainerDevices{}
for _, device := range append(defaultContainerConfig.Containers.Devices, iopts.Devices...) {
dev, err := parse.DeviceFromPath(device)
if err != nil {

3
cmd/buildah/info.go
View File

@ -9,6 +9,7 @@ import (
"text/template"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"golang.org/x/crypto/ssh/terminal"
@ -96,7 +97,7 @@ func debugInfo() map[string]interface{} {
info := map[string]interface{}{}
info["compiler"] = runtime.Compiler
info["go version"] = runtime.Version()
info["buildah version"] = buildah.Version
info["buildah version"] = define.Version
info["git commit"] = GitCommit
return info
}

3
cmd/buildah/main.go
View File

@ -10,6 +10,7 @@ import (
"syscall"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/cli"
"github.com/containers/buildah/pkg/parse"
"github.com/containers/common/pkg/config"
@ -79,7 +80,7 @@ func init() {
cobra.OnInitialize(initConfig)
//rootCmd.TraverseChildren = true
rootCmd.Version = fmt.Sprintf("%s (image-spec %s, runtime-spec %s)", buildah.Version, ispecs.Version, rspecs.Version)
rootCmd.Version = fmt.Sprintf("%s (image-spec %s, runtime-spec %s)", define.Version, ispecs.Version, rspecs.Version)
rootCmd.PersistentFlags().BoolVar(&globalFlagResults.Debug, "debug", false, "print debugging information")
// TODO Need to allow for environment variable
rootCmd.PersistentFlags().StringVar(&globalFlagResults.RegistriesConf, "registries-conf", "", "path to registries.conf file (not usually used)")

4
cmd/buildah/version.go
View File

@ -7,7 +7,7 @@ import (
"time"
cniversion "github.com/containernetworking/cni/pkg/version"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
iversion "github.com/containers/image/v5/version"
ispecs "github.com/opencontainers/image-spec/specs-go"
rspecs "github.com/opencontainers/runtime-spec/specs-go"
@ -33,7 +33,7 @@ func versionCmd(c *cobra.Command, args []string) error {
}
}
fmt.Println("Version: ", buildah.Version)
fmt.Println("Version: ", define.Version)
fmt.Println("Go Version: ", runtime.Version())
fmt.Println("Image Spec: ", ispecs.Version)
fmt.Println("Runtime Spec: ", rspecs.Version)

5
common.go
View File

@ -7,6 +7,7 @@ import (
"path/filepath"
"time"
"github.com/containers/buildah/define"
"github.com/containers/common/pkg/retry"
cp "github.com/containers/image/v5/copy"
"github.com/containers/image/v5/docker"
@ -19,9 +20,9 @@ import (
const (
// OCI used to define the "oci" image format
OCI = "oci"
OCI = define.OCI
// DOCKER used to define the "docker" image format
DOCKER = "docker"
DOCKER = define.DOCKER
)
func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string, removeSignatures bool, addSigner string, ociEncryptLayers *[]int, ociEncryptConfig *encconfig.EncryptConfig, ociDecryptConfig *encconfig.DecryptConfig) *cp.Options {

63
define/build.go Normal file
View File

@ -0,0 +1,63 @@
package define
// CommonBuildOptions are resources that can be defined by flags for both buildah from and build-using-dockerfile
type CommonBuildOptions struct {
// AddHost is the list of hostnames to add to the build container's /etc/hosts.
AddHost []string
// CgroupParent is the path to cgroups under which the cgroup for the container will be created.
CgroupParent string
// CPUPeriod limits the CPU CFS (Completely Fair Scheduler) period
CPUPeriod uint64
// CPUQuota limits the CPU CFS (Completely Fair Scheduler) quota
CPUQuota int64
// CPUShares (relative weight
CPUShares uint64
// CPUSetCPUs in which to allow execution (0-3, 0,1)
CPUSetCPUs string
// CPUSetMems memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
CPUSetMems string
// HTTPProxy determines whether *_proxy env vars from the build host are passed into the container.
HTTPProxy bool
// Memory is the upper limit (in bytes) on how much memory running containers can use.
Memory int64
// DNSSearch is the list of DNS search domains to add to the build container's /etc/resolv.conf
DNSSearch []string
// DNSServers is the list of DNS servers to add to the build container's /etc/resolv.conf
DNSServers []string
// DNSOptions is the list of DNS
DNSOptions []string
// MemorySwap limits the amount of memory and swap together.
MemorySwap int64
// LabelOpts is the a slice of fields of an SELinux context, given in "field:pair" format, or "disable".
// Recognized field names are "role", "type", and "level".
LabelOpts []string
// OmitTimestamp forces epoch 0 as created timestamp to allow for
// deterministic, content-addressable builds.
OmitTimestamp bool
// SeccompProfilePath is the pathname of a seccomp profile.
SeccompProfilePath string
// ApparmorProfile is the name of an apparmor profile.
ApparmorProfile string
// ShmSize is the "size" value to use when mounting an shmfs on the container's /dev/shm directory.
ShmSize string
// Ulimit specifies resource limit options, in the form type:softlimit[:hardlimit].
// These types are recognized:
// "core": maximum core dump size (ulimit -c)
// "cpu": maximum CPU time (ulimit -t)
// "data": maximum size of a process's data segment (ulimit -d)
// "fsize": maximum size of new files (ulimit -f)
// "locks": maximum number of file locks (ulimit -x)
// "memlock": maximum amount of locked memory (ulimit -l)
// "msgqueue": maximum amount of data in message queues (ulimit -q)
// "nice": niceness adjustment (nice -n, ulimit -e)
// "nofile": maximum number of open files (ulimit -n)
// "nproc": maximum number of processes (ulimit -u)
// "rss": maximum size of a process's (ulimit -m)
// "rtprio": maximum real-time scheduling priority (ulimit -r)
// "rttime": maximum amount of real-time execution between blocking syscalls
// "sigpending": maximum number of pending signals (ulimit -i)
// "stack": maximum stack size (ulimit -s)
Ulimit []string
// Volumes to bind mount into the container
Volumes []string
}

34
define/isolation.go Normal file
View File

@ -0,0 +1,34 @@
package define
import (
"fmt"
)
type Isolation int
const (
// IsolationDefault is whatever we think will work best.
IsolationDefault Isolation = iota
// IsolationOCI is a proper OCI runtime.
IsolationOCI
// IsolationChroot is a more chroot-like environment: less isolation,
// but with fewer requirements.
IsolationChroot
// IsolationOCIRootless is a proper OCI runtime in rootless mode.
IsolationOCIRootless
)
// String converts a Isolation into a string.
func (i Isolation) String() string {
switch i {
case IsolationDefault:
return "IsolationDefault"
case IsolationOCI:
return "IsolationOCI"
case IsolationChroot:
return "IsolationChroot"
case IsolationOCIRootless:
return "IsolationOCIRootless"
}
return fmt.Sprintf("unrecognized isolation type %d", i)
}

87
define/namespace.go Normal file
View File

@ -0,0 +1,87 @@
package define
import (
"fmt"
)
// NamespaceOption controls how we set up a namespace when launching processes.
type NamespaceOption struct {
// Name specifies the type of namespace, typically matching one of the
// ...Namespace constants defined in
// github.com/opencontainers/runtime-spec/specs-go.
Name string
// Host is used to force our processes to use the host's namespace of
// this type.
Host bool
// Path is the path of the namespace to attach our process to, if Host
// is not set. If Host is not set and Path is also empty, a new
// namespace will be created for the process that we're starting.
// If Name is specs.NetworkNamespace, if Path doesn't look like an
// absolute path, it is treated as a comma-separated list of CNI
// configuration names which will be selected from among all of the CNI
// network configurations which we find.
Path string
}
// NamespaceOptions provides some helper methods for a slice of NamespaceOption
// structs.
type NamespaceOptions []NamespaceOption
// Find the configuration for the namespace of the given type. If there are
// duplicates, find the _last_ one of the type, since we assume it was appended
// more recently.
func (n *NamespaceOptions) Find(namespace string) *NamespaceOption {
for i := range *n {
j := len(*n) - 1 - i
if (*n)[j].Name == namespace {
return &((*n)[j])
}
}
return nil
}
// AddOrReplace either adds or replaces the configuration for a given namespace.
func (n *NamespaceOptions) AddOrReplace(options ...NamespaceOption) {
nextOption:
for _, option := range options {
for i := range *n {
j := len(*n) - 1 - i
if (*n)[j].Name == option.Name {
(*n)[j] = option
continue nextOption
}
}
*n = append(*n, option)
}
}
// NetworkConfigurationPolicy takes the value NetworkDefault, NetworkDisabled,
// or NetworkEnabled.
type NetworkConfigurationPolicy int
const (
// NetworkDefault is one of the values that BuilderOptions.ConfigureNetwork
// can take, signalling that the default behavior should be used.
NetworkDefault NetworkConfigurationPolicy = iota
// NetworkDisabled is one of the values that BuilderOptions.ConfigureNetwork
// can take, signalling that network interfaces should NOT be configured for
// newly-created network namespaces.
NetworkDisabled
// NetworkEnabled is one of the values that BuilderOptions.ConfigureNetwork
// can take, signalling that network interfaces should be configured for
// newly-created network namespaces.
NetworkEnabled
)
// String formats a NetworkConfigurationPolicy as a string.
func (p NetworkConfigurationPolicy) String() string {
switch p {
case NetworkDefault:
return "NetworkDefault"
case NetworkDisabled:
return "NetworkDisabled"
case NetworkEnabled:
return "NetworkEnabled"
}
return fmt.Sprintf("unknown NetworkConfigurationPolicy %d", p)
}

55
define/pull.go Normal file
View File

@ -0,0 +1,55 @@
package define
import (
"fmt"
)
// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.
type PullPolicy int
const (
// PullIfMissing is one of the values that BuilderOptions.PullPolicy
// can take, signalling that the source image should be pulled from a
// registry if a local copy of it is not already present.
PullIfMissing PullPolicy = iota
// PullAlways is one of the values that BuilderOptions.PullPolicy can
// take, signalling that a fresh, possibly updated, copy of the image
// should be pulled from a registry before the build proceeds.
PullAlways
// PullIfNewer is one of the values that BuilderOptions.PullPolicy
// can take, signalling that the source image should only be pulled
// from a registry if a local copy is not already present or if a
// newer version the image is present on the repository.
PullIfNewer
// PullNever is one of the values that BuilderOptions.PullPolicy can
// take, signalling that the source image should not be pulled from a
// registry.
PullNever
// OCI used to define the "oci" image format
OCI = "oci"
// DOCKER used to define the "docker" image format
DOCKER = "docker"
)
// String converts a PullPolicy into a string.
func (p PullPolicy) String() string {
switch p {
case PullIfMissing:
return "PullIfMissing"
case PullAlways:
return "PullAlways"
case PullIfNewer:
return "PullIfNewer"
case PullNever:
return "PullNever"
}
return fmt.Sprintf("unrecognized policy %d", p)
}
var PolicyMap = map[string]PullPolicy{
"missing": PullIfMissing,
"always": PullAlways,
"never": PullNever,
"ifnewer": PullIfNewer,
}

55
define/types.go
View File

@ -1,50 +1,23 @@
package define
import (
"fmt"
"github.com/opencontainers/runtime-spec/specs-go"
)
// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.
type PullPolicy int
const (
// PullIfMissing is one of the values that BuilderOptions.PullPolicy
// can take, signalling that the source image should be pulled from a
// registry if a local copy of it is not already present.
PullIfMissing PullPolicy = iota
// PullAlways is one of the values that BuilderOptions.PullPolicy can
// take, signalling that a fresh, possibly updated, copy of the image
// should be pulled from a registry before the build proceeds.
PullAlways
// PullIfNewer is one of the values that BuilderOptions.PullPolicy
// can take, signalling that the source image should only be pulled
// from a registry if a local copy is not already present or if a
// newer version the image is present on the repository.
PullIfNewer
// PullNever is one of the values that BuilderOptions.PullPolicy can
// take, signalling that the source image should not be pulled from a
// registry if a local copy of it is not already present.
PullNever
// Package is the name of this package, used in help output and to
// identify working containers.
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
Version = "1.20.0-dev"
)
// String converts a PullPolicy into a string.
func (p PullPolicy) String() string {
switch p {
case PullIfMissing:
return "PullIfMissing"
case PullAlways:
return "PullAlways"
case PullIfNewer:
return "PullIfNewer"
case PullNever:
return "PullNever"
}
return fmt.Sprintf("unrecognized policy %d", p)
}
var PolicyMap = map[string]PullPolicy{
"missing": PullIfMissing,
"always": PullAlways,
"never": PullNever,
"ifnewer": PullIfNewer,
// IDMappingOptions controls how we set up UID/GID mapping when we set up a
// user namespace.
type IDMappingOptions struct {
HostUIDMapping bool
HostGIDMapping bool
UIDMap []specs.LinuxIDMapping
GIDMap []specs.LinuxIDMapping
}

9
define/types_unix.go Normal file
View File

@ -0,0 +1,9 @@
// +build darwin linux
package define
import (
"github.com/opencontainers/runc/libcontainer/devices"
)
type ContainerDevices = []devices.Device

6
define/types_unsupported.go Normal file
View File

@ -0,0 +1,6 @@
// +build !linux,!darwin
package define
// ContainerDevices is currently not implemented.
type ContainerDevices = []struct{}

17
docs/tutorials/04-include-in-your-build-tool.md
View File

@ -56,9 +56,9 @@ Define the builder options:
```go
builderOpts := buildah.BuilderOptions{
FromImage: "node:12-alpine", // Starting image
Isolation: buildah.IsolationChroot, // Isolation environment
CommonBuildOpts: &buildah.CommonBuildOptions{},
ConfigureNetwork: buildah.NetworkDefault,
Isolation: define.IsolationChroot, // Isolation environment
CommonBuildOpts: &define.CommonBuildOptions{},
ConfigureNetwork: define.NetworkDefault,
SystemContext: &types.SystemContext {},
}
```
@ -90,7 +90,7 @@ imageRef, err := is.Transport.ParseStoreReference(buildStore, "docker.io/myusern
Now you can run commit the build:
```go
imageId, _, _, err := builder.Commit(context.TODO(), imageRef, buildah.CommitOptions{})
imageId, _, _, err := builder.Commit(context.TODO(), imageRef, define.CommitOptions{})
```
## Rootless mode
@ -115,6 +115,7 @@ import (
"context"
"fmt"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/storage/pkg/unshare"
is "github.com/containers/image/v5/storage"
"github.com/containers/image/v5/types"
@ -141,9 +142,9 @@ func main() {
opts := buildah.BuilderOptions{
FromImage: "node:12-alpine",
Isolation: buildah.IsolationChroot,
CommonBuildOpts: &buildah.CommonBuildOptions{},
ConfigureNetwork: buildah.NetworkDefault,
Isolation: define.IsolationChroot,
CommonBuildOpts: &define.CommonBuildOptions{},
ConfigureNetwork: define.NetworkDefault,
SystemContext: &types.SystemContext {},
}
@ -167,7 +168,7 @@ func main() {
panic(err)
}
imageId, _, _, err := builder.Commit(context.TODO(), imageRef, buildah.CommitOptions{})
imageId, _, _, err := builder.Commit(context.TODO(), imageRef, define.CommitOptions{})
fmt.Printf("Image built! %s\n", imageId)
}

2
go.mod
View File

@ -7,7 +7,7 @@ require (
github.com/containers/common v0.34.2
github.com/containers/image/v5 v5.10.2
github.com/containers/ocicrypt v1.1.0
github.com/containers/storage v1.25.0
github.com/containers/storage v1.25.1-0.20210211165435-4b14efb34e07
github.com/docker/distribution v2.7.1+incompatible
github.com/docker/go-units v0.4.0
github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316

2
go.sum
View File

@ -89,6 +89,8 @@ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgU
github.com/containers/storage v1.24.5/go.mod h1:YC+2pY8SkfEAcZkwycxYbpK8EiRbx5soPPwz9dxe4IQ=
github.com/containers/storage v1.25.0 h1:p0PLlQcWmtE+7XLfOCR0WuYyMTby1yozpI4DaKOtWTA=
github.com/containers/storage v1.25.0/go.mod h1:UxTYd5F4mPVqmDRcRL0PBS8+HP74aBn96eahnhEvPtk=
github.com/containers/storage v1.25.1-0.20210211165435-4b14efb34e07 h1:oqr2Yu33PWYbujYHcSDKXwbyZj83/bxAS7/2Tt8e+oo=
github.com/containers/storage v1.25.1-0.20210211165435-4b14efb34e07/go.mod h1:NXVcxyRN2sRKfMaPlyuzslA7enBu/vcU+lKg3LoWERs=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=

5
image.go
View File

@ -14,6 +14,7 @@ import (
"time"
"github.com/containers/buildah/copier"
"github.com/containers/buildah/define"
"github.com/containers/buildah/docker"
"github.com/containers/image/v5/docker/reference"
"github.com/containers/image/v5/image"
@ -62,7 +63,7 @@ type containerImageRef struct {
exporting bool
squash bool
emptyLayer bool
idMappingOptions *IDMappingOptions
idMappingOptions *define.IDMappingOptions
parent string
blobDirectory string
preEmptyLayers []v1.History
@ -281,7 +282,7 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System
logrus.Debugf("layer list: %q", layers)
// Make a temporary directory to hold blobs.
path, err := ioutil.TempDir(os.TempDir(), Package)
path, err := ioutil.TempDir(os.TempDir(), define.Package)
if err != nil {
return nil, errors.Wrapf(err, "error creating temporary directory to hold layer blobs")
}

22
imagebuildah/build.go
View File

@ -13,7 +13,7 @@ import (
"strings"
"time"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/common/pkg/config"
"github.com/containers/image/v5/docker/reference"
"github.com/containers/image/v5/types"
@ -28,10 +28,10 @@ import (
)
const (
PullIfMissing = buildah.PullIfMissing
PullAlways = buildah.PullAlways
PullIfNewer = buildah.PullIfNewer
PullNever = buildah.PullNever
PullIfMissing = define.PullIfMissing
PullAlways = define.PullAlways
PullIfNewer = define.PullIfNewer
PullNever = define.PullNever
Gzip = archive.Gzip
Bzip2 = archive.Bzip2
@ -50,7 +50,7 @@ type BuildOptions struct {
ContextDirectory string
// PullPolicy controls whether or not we pull images. It should be one
// of PullIfMissing, PullAlways, PullIfNewer, or PullNever.
PullPolicy buildah.PullPolicy
PullPolicy define.PullPolicy
// Registry is a value which is prepended to the image's name, if it
// needs to be pulled and the image name alone can not be resolved to a
// reference to a source image. No separator is implicitly added.
@ -63,7 +63,7 @@ type BuildOptions struct {
// Quiet tells us whether or not to announce steps as we go through them.
Quiet bool
// Isolation controls how Run() runs things.
Isolation buildah.Isolation
Isolation define.Isolation
// Runtime is the name of the command to run for RUN instructions when
// Isolation is either IsolationDefault or IsolationOCI. It should
// accept the same arguments and flags that runc does.
@ -111,13 +111,13 @@ type BuildOptions struct {
SystemContext *types.SystemContext
// NamespaceOptions controls how we set up namespaces processes that we
// might need when handling RUN instructions.
NamespaceOptions []buildah.NamespaceOption
NamespaceOptions []define.NamespaceOption
// ConfigureNetwork controls whether or not network interfaces and
// routing are configured for a new network namespace (i.e., when not
// joining another's namespace and not just using the host's
// namespace), effectively deciding whether or not the process has a
// usable network.
ConfigureNetwork buildah.NetworkConfigurationPolicy
ConfigureNetwork define.NetworkConfigurationPolicy
// CNIPluginPath is the location of CNI plugin helpers, if they should be
// run from a location other than the default location.
CNIPluginPath string
@ -126,7 +126,7 @@ type BuildOptions struct {
CNIConfigDir string
// ID mapping options to use if we're setting up our own user namespace
// when handling RUN instructions.
IDMappingOptions *buildah.IDMappingOptions
IDMappingOptions *define.IDMappingOptions
// AddCapabilities is a list of capabilities to add to the default set when
// handling RUN instructions.
AddCapabilities []string
@ -135,7 +135,7 @@ type BuildOptions struct {
// will be dropped.
DropCapabilities []string
// CommonBuildOpts is *required*.
CommonBuildOpts *buildah.CommonBuildOptions
CommonBuildOpts *define.CommonBuildOptions
// DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format
DefaultMountsFilePath string
// IIDFile tells the builder to write the image ID to the specified file

17
imagebuildah/executor.go
View File

@ -13,6 +13,7 @@ import (
"time"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/parse"
"github.com/containers/buildah/util"
"github.com/containers/common/pkg/config"
@ -56,7 +57,7 @@ type Executor struct {
stages map[string]*StageExecutor
store storage.Store
contextDir string
pullPolicy buildah.PullPolicy
pullPolicy define.PullPolicy
registry string
ignoreUnrecognizedInstructions bool
quiet bool
@ -74,13 +75,13 @@ type Executor struct {
signaturePolicyPath string
systemContext *types.SystemContext
reportWriter io.Writer
isolation buildah.Isolation
namespaceOptions []buildah.NamespaceOption
configureNetwork buildah.NetworkConfigurationPolicy
isolation define.Isolation
namespaceOptions []define.NamespaceOption
configureNetwork define.NetworkConfigurationPolicy
cniPluginPath string
cniConfigDir string
idmappingOptions *buildah.IDMappingOptions
commonBuildOptions *buildah.CommonBuildOptions
idmappingOptions *define.IDMappingOptions
commonBuildOptions *define.CommonBuildOptions
defaultMountsFilePath string
iidfile string
squash bool
@ -98,7 +99,7 @@ type Executor struct {
excludes []string
unusedArgs map[string]struct{}
capabilities []string
devices buildah.ContainerDevices
devices define.ContainerDevices
signBy string
architecture string
timestamp *time.Time
@ -144,7 +145,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod
return nil, err
}
devices := buildah.ContainerDevices{}
devices := define.ContainerDevices{}
for _, device := range append(defaultContainerConfig.Containers.Devices, options.Devices...) {
dev, err := parse.DeviceFromPath(device)
if err != nil {

5
imagebuildah/stage_executor.go
View File

@ -13,6 +13,7 @@ import (
"github.com/containers/buildah"
"github.com/containers/buildah/copier"
"github.com/containers/buildah/define"
buildahdocker "github.com/containers/buildah/docker"
"github.com/containers/buildah/pkg/rusage"
"github.com/containers/buildah/util"
@ -275,7 +276,7 @@ func (s *StageExecutor) Copy(excludes []string, copies ...imagebuilder.Copy) err
// The From field says to read the content from another
// container. Update the ID mappings and
// all-content-comes-from-below-this-directory value.
var idMappingOptions *buildah.IDMappingOptions
var idMappingOptions *define.IDMappingOptions
var copyExcludes []string
stripSetuid := false
stripSetgid := false
@ -1234,7 +1235,7 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
s.builder.SetHealthcheck(nil)
}
s.builder.ClearLabels()
s.builder.SetLabel(buildah.BuilderIdentityAnnotation, buildah.Version)
s.builder.SetLabel(buildah.BuilderIdentityAnnotation, define.Version)
for k, v := range config.Labels {
s.builder.SetLabel(k, v)
}

3
import.go
View File

@ -3,6 +3,7 @@ package buildah
import (
"context"
"github.com/containers/buildah/define"
"github.com/containers/buildah/docker"
"github.com/containers/buildah/util"
"github.com/containers/image/v5/image"
@ -93,7 +94,7 @@ func importBuilderDataFromImage(ctx context.Context, store storage.Store, system
ImageAnnotations: map[string]string{},
ImageCreatedBy: "",
NamespaceOptions: defaultNamespaceOptions,
IDMappingOptions: IDMappingOptions{
IDMappingOptions: define.IDMappingOptions{
HostUIDMapping: len(uidmap) == 0,
HostGIDMapping: len(uidmap) == 0,
UIDMap: uidmap,

16
new.go
View File

@ -6,6 +6,7 @@ import (
"math/rand"
"strings"
"github.com/containers/buildah/define"
"github.com/containers/buildah/util"
"github.com/containers/image/v5/docker"
"github.com/containers/image/v5/image"
@ -86,7 +87,7 @@ func imageNamePrefix(imageName string) string {
return prefix
}
func newContainerIDMappingOptions(idmapOptions *IDMappingOptions) storage.IDMappingOptions {
func newContainerIDMappingOptions(idmapOptions *define.IDMappingOptions) storage.IDMappingOptions {
var options storage.IDMappingOptions
if idmapOptions != nil {
options.HostUIDMapping = idmapOptions.HostUIDMapping
@ -157,11 +158,11 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
return localImageRef, localImageRef.Transport().Name(), localImage, nil
}
if options.PullPolicy == PullNever || options.PullPolicy == PullIfMissing {
if options.PullPolicy == define.PullNever || options.PullPolicy == define.PullIfMissing {
if localImage != nil {
return localImageRef, localImageRef.Transport().Name(), localImage, nil
}
if options.PullPolicy == PullNever {
if options.PullPolicy == define.PullNever {
return nil, "", nil, errors.Errorf("pull policy is %q but %q could not be found locally", "never", options.FromImage)
}
}
@ -183,7 +184,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
// localImage`).
if desc := resolved.Description(); len(desc) > 0 {
logrus.Debug(desc)
if !(options.PullPolicy == PullIfNewer && localImage != nil) {
if !(options.PullPolicy == define.PullIfNewer && localImage != nil) {
if options.ReportWriter != nil {
if _, err := options.ReportWriter.Write([]byte(desc + "\n")); err != nil {
return nil, "", nil, err
@ -206,7 +207,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
// If there's a local image, the `pullCandidate` is considered
// to be newer if its time stamp differs from the local one.
// Otherwise, we don't pull and skip it.
if options.PullPolicy == PullIfNewer && localImage != nil {
if options.PullPolicy == define.PullIfNewer && localImage != nil {
remoteImage, err := ref.NewImage(ctx, systemContext)
if err != nil {
logrus.Debugf("unable to remote-inspect image %q: %v", pullCandidate.Value.String(), err)
@ -249,7 +250,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
// If we were looking for a newer image but could not find one, return
// the local image if present.
if options.PullPolicy == PullIfNewer && localImage != nil {
if options.PullPolicy == define.PullIfNewer && localImage != nil {
return localImageRef, localImageRef.Transport().Name(), localImage, nil
}
@ -359,6 +360,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
coptions := storage.ContainerOptions{
LabelOpts: options.CommonBuildOpts.LabelOpts,
IDMappingOptions: newContainerIDMappingOptions(options.IDMappingOptions),
Volatile: true,
}
container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions)
if err == nil {
@ -407,7 +409,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
ConfigureNetwork: options.ConfigureNetwork,
CNIPluginPath: options.CNIPluginPath,
CNIConfigDir: options.CNIConfigDir,
IDMappingOptions: IDMappingOptions{
IDMappingOptions: define.IDMappingOptions{
HostUIDMapping: len(uidmap) == 0,
HostGIDMapping: len(uidmap) == 0,
UIDMap: uidmap,

6
pkg/cli/common.go
View File

@ -10,7 +10,7 @@ import (
"runtime"
"strings"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/completion"
"github.com/containers/buildah/pkg/parse"
"github.com/containers/buildah/util"
@ -361,7 +361,7 @@ func DefaultFormat() string {
if format != "" {
return format
}
return buildah.OCI
return define.OCI
}
// DefaultIsolation returns the default image format
@ -373,7 +373,7 @@ func DefaultIsolation() string {
if unshare.IsRootless() {
return "rootless"
}
return buildah.OCI
return define.OCI
}
// DefaultHistory returns the default add-history setting

60
pkg/parse/parse.go
View File

@ -14,7 +14,7 @@ import (
"strings"
"unicode"
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/containers/image/v5/types"
"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/unshare"
@ -45,7 +45,7 @@ var (
)
// CommonBuildOptions parses the build options from the bud cli
func CommonBuildOptions(c *cobra.Command) (*buildah.CommonBuildOptions, error) {
func CommonBuildOptions(c *cobra.Command) (*define.CommonBuildOptions, error) {
var (
memoryLimit int64
memorySwap int64
@ -125,7 +125,7 @@ func CommonBuildOptions(c *cobra.Command) (*buildah.CommonBuildOptions, error) {
ulimit, _ = c.Flags().GetStringSlice("ulimit")
}
commonOpts := &buildah.CommonBuildOptions{
commonOpts := &define.CommonBuildOptions{
AddHost: addHost,
CPUPeriod: cpuPeriod,
CPUQuota: cpuQuota,
@ -150,7 +150,7 @@ func CommonBuildOptions(c *cobra.Command) (*buildah.CommonBuildOptions, error) {
return commonOpts, nil
}
func parseSecurityOpts(securityOpts []string, commonOpts *buildah.CommonBuildOptions) error {
func parseSecurityOpts(securityOpts []string, commonOpts *define.CommonBuildOptions) error {
for _, opt := range securityOpts {
if opt == "no-new-privileges" {
return errors.Errorf("no-new-privileges is not supported")
@ -611,7 +611,7 @@ func SystemContextFromOptions(c *cobra.Command) (*types.SystemContext, error) {
if err == nil && c.Flag("registries-conf-dir").Changed {
ctx.RegistriesDirPath = regConfDir
}
ctx.DockerRegistryUserAgent = fmt.Sprintf("Buildah/%s", buildah.Version)
ctx.DockerRegistryUserAgent = fmt.Sprintf("Buildah/%s", define.Version)
if c.Flag("os") != nil && c.Flag("os").Changed {
if os, err := c.Flags().GetString("os"); err == nil {
ctx.OSChoice = os
@ -740,7 +740,7 @@ func getDockerAuth(creds string) (*types.DockerAuthConfig, error) {
}
// IDMappingOptions parses the build options related to user namespaces and ID mapping.
func IDMappingOptions(c *cobra.Command, isolation buildah.Isolation) (usernsOptions buildah.NamespaceOptions, idmapOptions *buildah.IDMappingOptions, err error) {
func IDMappingOptions(c *cobra.Command, isolation define.Isolation) (usernsOptions define.NamespaceOptions, idmapOptions *define.IDMappingOptions, err error) {
user := c.Flag("userns-uid-map-user").Value.String()
group := c.Flag("userns-gid-map-group").Value.String()
// If only the user or group was specified, use the same value for the
@ -815,7 +815,7 @@ func IDMappingOptions(c *cobra.Command, isolation buildah.Isolation) (usernsOpti
// By default, having mappings configured means we use a user
// namespace. Otherwise, we don't.
usernsOption := buildah.NamespaceOption{
usernsOption := define.NamespaceOption{
Name: string(specs.UserNamespace),
Host: len(uidmap) == 0 && len(gidmap) == 0,
}
@ -837,11 +837,11 @@ func IDMappingOptions(c *cobra.Command, isolation buildah.Isolation) (usernsOpti
usernsOption.Path = how
}
}
usernsOptions = buildah.NamespaceOptions{usernsOption}
usernsOptions = define.NamespaceOptions{usernsOption}
usernetwork := c.Flags().Lookup("network")
if usernetwork != nil && !usernetwork.Changed {
usernsOptions = append(usernsOptions, buildah.NamespaceOption{
usernsOptions = append(usernsOptions, define.NamespaceOption{
Name: string(specs.NetworkNamespace),
Host: usernsOption.Host,
})
@ -851,7 +851,7 @@ func IDMappingOptions(c *cobra.Command, isolation buildah.Isolation) (usernsOpti
if (len(uidmap) != 0 || len(gidmap) != 0) && usernsOption.Host {
return nil, nil, errors.Errorf("can not specify ID mappings while using host's user namespace")
}
return usernsOptions, &buildah.IDMappingOptions{
return usernsOptions, &define.IDMappingOptions{
HostUIDMapping: usernsOption.Host,
HostGIDMapping: usernsOption.Host,
UIDMap: uidmap,
@ -886,9 +886,9 @@ func parseIDMap(spec []string) (m [][3]uint32, err error) {
}
// NamespaceOptions parses the build options for all namespaces except for user namespace.
func NamespaceOptions(c *cobra.Command) (namespaceOptions buildah.NamespaceOptions, networkPolicy buildah.NetworkConfigurationPolicy, err error) {
options := make(buildah.NamespaceOptions, 0, 7)
policy := buildah.NetworkDefault
func NamespaceOptions(c *cobra.Command) (namespaceOptions define.NamespaceOptions, networkPolicy define.NetworkConfigurationPolicy, err error) {
options := make(define.NamespaceOptions, 0, 7)
policy := define.NetworkDefault
for _, what := range []string{string(specs.IPCNamespace), "network", string(specs.PIDNamespace), string(specs.UTSNamespace)} {
if c.Flags().Lookup(what) != nil && c.Flag(what).Changed {
how := c.Flag(what).Value.String()
@ -899,33 +899,33 @@ func NamespaceOptions(c *cobra.Command) (namespaceOptions buildah.NamespaceOptio
switch how {
case "", "container", "private":
logrus.Debugf("setting %q namespace to %q", what, "")
options.AddOrReplace(buildah.NamespaceOption{
options.AddOrReplace(define.NamespaceOption{
Name: what,
})
case "host":
logrus.Debugf("setting %q namespace to host", what)
options.AddOrReplace(buildah.NamespaceOption{
options.AddOrReplace(define.NamespaceOption{
Name: what,
Host: true,
})
default:
if what == string(specs.NetworkNamespace) {
if how == "none" {
options.AddOrReplace(buildah.NamespaceOption{
options.AddOrReplace(define.NamespaceOption{
Name: what,
})
policy = buildah.NetworkDisabled
policy = define.NetworkDisabled
logrus.Debugf("setting network to disabled")
break
}
}
how = strings.TrimPrefix(how, "ns:")
if _, err := os.Stat(how); err != nil {
return nil, buildah.NetworkDefault, errors.Wrapf(err, "error checking for %s namespace", what)
return nil, define.NetworkDefault, errors.Wrapf(err, "error checking for %s namespace", what)
}
policy = buildah.NetworkEnabled
policy = define.NetworkEnabled
logrus.Debugf("setting %q namespace to %q", what, how)
options.AddOrReplace(buildah.NamespaceOption{
options.AddOrReplace(define.NamespaceOption{
Name: what,
Path: how,
})
@ -935,36 +935,36 @@ func NamespaceOptions(c *cobra.Command) (namespaceOptions buildah.NamespaceOptio
return options, policy, nil
}
func defaultIsolation() (buildah.Isolation, error) {
func defaultIsolation() (define.Isolation, error) {
isolation, isSet := os.LookupEnv("BUILDAH_ISOLATION")
if isSet {
switch strings.ToLower(isolation) {
case "oci":
return buildah.IsolationOCI, nil
return define.IsolationOCI, nil
case "rootless":
return buildah.IsolationOCIRootless, nil
return define.IsolationOCIRootless, nil
case "chroot":
return buildah.IsolationChroot, nil
return define.IsolationChroot, nil
default:
return 0, errors.Errorf("unrecognized $BUILDAH_ISOLATION value %q", isolation)
}
}
if unshare.IsRootless() {
return buildah.IsolationOCIRootless, nil
return define.IsolationOCIRootless, nil
}
return buildah.IsolationDefault, nil
return define.IsolationDefault, nil
}
// IsolationOption parses the --isolation flag.
func IsolationOption(isolation string) (buildah.Isolation, error) {
func IsolationOption(isolation string) (define.Isolation, error) {
if isolation != "" {
switch strings.ToLower(isolation) {
case "oci":
return buildah.IsolationOCI, nil
return define.IsolationOCI, nil
case "rootless":
return buildah.IsolationOCIRootless, nil
return define.IsolationOCIRootless, nil
case "chroot":
return buildah.IsolationChroot, nil
return define.IsolationChroot, nil
default:
return 0, errors.Errorf("unrecognized isolation type %q", isolation)
}

5
pkg/parse/parse_unix.go
View File

@ -6,13 +6,14 @@ import (
"os"
"path/filepath"
"github.com/containers/buildah/define"
"github.com/containers/storage/pkg/unshare"
"github.com/opencontainers/runc/libcontainer/devices"
"github.com/pkg/errors"
)
func DeviceFromPath(device string) ([]devices.Device, error) {
var devs []devices.Device
func DeviceFromPath(device string) (define.ContainerDevices, error) {
var devs define.ContainerDevices
src, dst, permissions, err := Device(device)
if err != nil {
return nil, err

6
pkg/parse/parse_unsupported.go
View File

@ -3,7 +3,7 @@
package parse
import (
"github.com/containers/buildah"
"github.com/containers/buildah/define"
"github.com/pkg/errors"
)
@ -11,6 +11,6 @@ func getDefaultProcessLimits() []string {
return []string{}
}
func DeviceFromPath(device string) (buildah.ContainerDevices, error) {
return buildah.ContainerDevices{}, errors.Errorf("devices not supported")
func DeviceFromPath(device string) (define.ContainerDevices, error) {
return nil, errors.Errorf("devices not supported")
}

3
pull.go
View File

@ -6,6 +6,7 @@ import (
"strings"
"time"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/blobcache"
"github.com/containers/image/v5/directory"
"github.com/containers/image/v5/docker"
@ -61,7 +62,7 @@ type PullOptions struct {
// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
OciDecryptConfig *encconfig.DecryptConfig
// PullPolicy takes the value PullIfMissing, PullAlways, PullIfNewer, or PullNever.
PullPolicy PullPolicy
PullPolicy define.PullPolicy
}
func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference) (string, error) {

91
run.go
View File

@ -4,12 +4,13 @@ import (
"fmt"
"io"
"github.com/containers/buildah/define"
"github.com/opencontainers/runtime-spec/specs-go"
)
const (
// runUsingRuntimeCommand is a command we use as a key for reexec
runUsingRuntimeCommand = Package + "-oci-runtime"
runUsingRuntimeCommand = define.Package + "-oci-runtime"
)
// TerminalPolicy takes the value DefaultTerminal, WithoutTerminal, or WithTerminal.
@ -41,74 +42,38 @@ func (t TerminalPolicy) String() string {
}
// NamespaceOption controls how we set up a namespace when launching processes.
type NamespaceOption struct {
// Name specifies the type of namespace, typically matching one of the
// ...Namespace constants defined in
// github.com/opencontainers/runtime-spec/specs-go.
Name string
// Host is used to force our processes to use the host's namespace of
// this type.
Host bool
// Path is the path of the namespace to attach our process to, if Host
// is not set. If Host is not set and Path is also empty, a new
// namespace will be created for the process that we're starting.
// If Name is specs.NetworkNamespace, if Path doesn't look like an
// absolute path, it is treated as a comma-separated list of CNI
// configuration names which will be selected from among all of the CNI
// network configurations which we find.
Path string
}
type NamespaceOption = define.NamespaceOption
// NamespaceOptions provides some helper methods for a slice of NamespaceOption
// structs.
type NamespaceOptions []NamespaceOption
type NamespaceOptions = define.NamespaceOptions
// IDMappingOptions controls how we set up UID/GID mapping when we set up a
// user namespace.
type IDMappingOptions struct {
HostUIDMapping bool
HostGIDMapping bool
UIDMap []specs.LinuxIDMapping
GIDMap []specs.LinuxIDMapping
}
type IDMappingOptions = define.IDMappingOptions
// Isolation provides a way to specify whether we're supposed to use a proper
// OCI runtime, or some other method for running commands.
type Isolation int
type Isolation = define.Isolation
const (
// IsolationDefault is whatever we think will work best.
IsolationDefault Isolation = iota
IsolationDefault = define.IsolationDefault
// IsolationOCI is a proper OCI runtime.
IsolationOCI
IsolationOCI = define.IsolationOCI
// IsolationChroot is a more chroot-like environment: less isolation,
// but with fewer requirements.
IsolationChroot
IsolationChroot = define.IsolationChroot
// IsolationOCIRootless is a proper OCI runtime in rootless mode.
IsolationOCIRootless
IsolationOCIRootless = define.IsolationOCIRootless
)
// String converts a Isolation into a string.
func (i Isolation) String() string {
switch i {
case IsolationDefault:
return "IsolationDefault"
case IsolationOCI:
return "IsolationOCI"
case IsolationChroot:
return "IsolationChroot"
case IsolationOCIRootless:
return "IsolationOCIRootless"
}
return fmt.Sprintf("unrecognized isolation type %d", i)
}
// RunOptions can be used to alter how a command is run in the container.
type RunOptions struct {
// Hostname is the hostname we set for the running container.
Hostname string
// Isolation is either IsolationDefault, IsolationOCI, IsolationChroot, or IsolationOCIRootless.
Isolation Isolation
Isolation define.Isolation
// Runtime is the name of the runtime to run. It should accept the
// same arguments that runc does, and produce similar output.
Runtime string
@ -131,13 +96,13 @@ type RunOptions struct {
// Entrypoint is an override for the configured entry point.
Entrypoint []string
// NamespaceOptions controls how we set up the namespaces for the process.
NamespaceOptions NamespaceOptions
NamespaceOptions define.NamespaceOptions
// ConfigureNetwork controls whether or not network interfaces and
// routing are configured for a new network namespace (i.e., when not
// joining another's namespace and not just using the host's
// namespace), effectively deciding whether or not the process has a
// usable network.
ConfigureNetwork NetworkConfigurationPolicy
ConfigureNetwork define.NetworkConfigurationPolicy
// CNIPluginPath is the location of CNI plugin helpers, if they should be
// run from a location other than the default location.
CNIPluginPath string
@ -168,33 +133,5 @@ type RunOptions struct {
// lists, it will be dropped.
DropCapabilities []string
// Devices are the additional devices to add to the containers
Devices ContainerDevices
}
// Find the configuration for the namespace of the given type. If there are
// duplicates, find the _last_ one of the type, since we assume it was appended
// more recently.
func (n *NamespaceOptions) Find(namespace string) *NamespaceOption {
for i := range *n {
j := len(*n) - 1 - i
if (*n)[j].Name == namespace {
return &((*n)[j])
}
}
return nil
}
// AddOrReplace either adds or replaces the configuration for a given namespace.
func (n *NamespaceOptions) AddOrReplace(options ...NamespaceOption) {
nextOption:
for _, option := range options {
for i := range *n {
j := len(*n) - 1 - i
if (*n)[j].Name == option.Name {
(*n)[j] = option
continue nextOption
}
}
*n = append(*n, option)
}
Devices define.ContainerDevices
}

60
run_linux.go
View File

@ -24,6 +24,7 @@ import (
"github.com/containers/buildah/bind"
"github.com/containers/buildah/chroot"
"github.com/containers/buildah/copier"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/overlay"
"github.com/containers/buildah/util"
"github.com/containers/common/pkg/capabilities"
@ -39,7 +40,6 @@ import (
"github.com/docker/libnetwork/resolvconf"
"github.com/docker/libnetwork/types"
"github.com/opencontainers/go-digest"
"github.com/opencontainers/runc/libcontainer/devices"
"github.com/opencontainers/runtime-spec/specs-go"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
@ -51,7 +51,7 @@ import (
)
// ContainerDevices is an alias for a slice of github.com/opencontainers/runc/libcontainer/configs.Device structures.
type ContainerDevices = []devices.Device
type ContainerDevices define.ContainerDevices
func setChildProcess() error {
if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil {
@ -63,7 +63,7 @@ func setChildProcess() error {
// Run runs the specified command in the container's root filesystem.
func (b *Builder) Run(command []string, options RunOptions) error {
p, err := ioutil.TempDir("", Package)
p, err := ioutil.TempDir("", define.Package)
if err != nil {
return err
}
@ -87,10 +87,10 @@ func (b *Builder) Run(command []string, options RunOptions) error {
g := &gp
isolation := options.Isolation
if isolation == IsolationDefault {
if isolation == define.IsolationDefault {
isolation = b.Isolation
if isolation == IsolationDefault {
isolation = IsolationOCI
if isolation == define.IsolationDefault {
isolation = define.IsolationOCI
}
}
if err := checkAndOverrideIsolationOptions(isolation, &options); err != nil {
@ -200,7 +200,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
return err
}
// Only bind /etc/hosts if there's a network
if options.ConfigureNetwork != NetworkDisabled {
if options.ConfigureNetwork != define.NetworkDisabled {
bindFiles["/etc/hosts"] = hostFile
}
}
@ -211,7 +211,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
return err
}
// Only bind /etc/resolv.conf if there's a network
if options.ConfigureNetwork != NetworkDisabled {
if options.ConfigureNetwork != define.NetworkDisabled {
bindFiles["/etc/resolv.conf"] = resolvFile
}
}
@ -234,7 +234,7 @@ id=%q
image=%q
imageid=%q
rootless=%d
`, Version, b.Container, b.ContainerID, b.FromImage, b.FromImageID, rootless)
`, define.Version, b.Container, b.ContainerID, b.FromImage, b.FromImageID, rootless)
if err = ioutils.AtomicWriteFile(containerenvPath, []byte(containerenv), 0755); err != nil {
return err
@ -266,14 +266,14 @@ rootless=%d
}
switch isolation {
case IsolationOCI:
case define.IsolationOCI:
var moreCreateArgs []string
if options.NoPivot {
moreCreateArgs = []string{"--no-pivot"}
} else {
moreCreateArgs = nil
}
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, Package+"-"+filepath.Base(path))
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, define.Package+"-"+filepath.Base(path))
case IsolationChroot:
err = chroot.RunUsingChroot(spec, path, homeDir, options.Stdin, options.Stdout, options.Stderr)
case IsolationOCIRootless:
@ -284,14 +284,14 @@ rootless=%d
if err := setupRootlessSpecChanges(spec, path, b.CommonBuildOpts.ShmSize); err != nil {
return err
}
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, Package+"-"+filepath.Base(path))
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, define.Package+"-"+filepath.Base(path))
default:
err = errors.Errorf("don't know how to run this command")
}
return err
}
func addCommonOptsToSpec(commonOpts *CommonBuildOptions, g *generate.Generator) error {
func addCommonOptsToSpec(commonOpts *define.CommonBuildOptions, g *generate.Generator) error {
// Resources - CPU
if commonOpts.CPUPeriod != 0 {
g.SetLinuxResourcesCPUPeriod(commonOpts.CPUPeriod)
@ -393,7 +393,7 @@ func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, builtin
return mounts, nil
}
func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath string, optionMounts []specs.Mount, bindFiles map[string]string, builtinVolumes, volumeMounts []string, shmSize string, namespaceOptions NamespaceOptions) error {
func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath string, optionMounts []specs.Mount, bindFiles map[string]string, builtinVolumes, volumeMounts []string, shmSize string, namespaceOptions define.NamespaceOptions) error {
// Start building a new list of mounts.
var mounts []specs.Mount
haveMount := func(destination string) bool {
@ -535,7 +535,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st
}
// addNetworkConfig copies files from host and sets them up to bind mount into container
func (b *Builder) addNetworkConfig(rdir, hostPath string, chownOpts *idtools.IDPair, dnsServers, dnsSearch, dnsOptions []string, namespaceOptions NamespaceOptions) (string, error) {
func (b *Builder) addNetworkConfig(rdir, hostPath string, chownOpts *idtools.IDPair, dnsServers, dnsSearch, dnsOptions []string, namespaceOptions define.NamespaceOptions) (string, error) {
stat, err := os.Stat(hostPath)
if err != nil {
return "", err
@ -678,7 +678,7 @@ func setupTerminal(g *generate.Generator, terminalPolicy TerminalPolicy, termina
}
}
func runUsingRuntime(isolation Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) {
func runUsingRuntime(isolation define.Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) {
// Lock the caller to a single OS-level thread.
runtime.LockOSThread()
@ -1040,7 +1040,7 @@ func setupRootlessNetwork(pid int) (teardown func(), err error) {
}, nil
}
func runConfigureNetwork(isolation Isolation, options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
func runConfigureNetwork(isolation define.Isolation, options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
var netconf, undo []*libcni.NetworkConfigList
if isolation == IsolationOCIRootless {
@ -1504,7 +1504,7 @@ func runUsingRuntimeMain() {
os.Exit(1)
}
func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, idmapOptions IDMappingOptions, policy NetworkConfigurationPolicy) (configureNetwork bool, configureNetworks []string, configureUTS bool, err error) {
func setupNamespaces(g *generate.Generator, namespaceOptions define.NamespaceOptions, idmapOptions define.IDMappingOptions, policy define.NetworkConfigurationPolicy) (configureNetwork bool, configureNetworks []string, configureUTS bool, err error) {
// Set namespace options in the container configuration.
configureUserns := false
specifiedNetwork := false
@ -1523,7 +1523,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i
configureNetworks = strings.Split(namespaceOption.Path, ",")
namespaceOption.Path = ""
}
configureNetwork = (policy != NetworkDisabled)
configureNetwork = (policy != define.NetworkDisabled)
}
case string(specs.UTSNamespace):
configureUTS = false
@ -1572,7 +1572,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i
if err := g.AddOrReplaceLinuxNamespace(string(specs.NetworkNamespace), ""); err != nil {
return false, nil, false, errors.Wrapf(err, "error adding new %q namespace for run", string(specs.NetworkNamespace))
}
configureNetwork = (policy != NetworkDisabled)
configureNetwork = (policy != define.NetworkDisabled)
}
} else {
if err := g.RemoveLinuxNamespace(string(specs.UserNamespace)); err != nil {
@ -2084,7 +2084,7 @@ func setupRootlessSpecChanges(spec *specs.Spec, bundleDir string, shmSize string
return nil
}
func (b *Builder) runUsingRuntimeSubproc(isolation Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) {
func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) {
var confwg sync.WaitGroup
config, conferr := json.Marshal(runUsingRuntimeSubprocOptions{
Options: options,
@ -2144,13 +2144,13 @@ func (b *Builder) runUsingRuntimeSubproc(isolation Isolation, options RunOptions
return err
}
func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions) error {
func checkAndOverrideIsolationOptions(isolation define.Isolation, options *RunOptions) error {
switch isolation {
case IsolationOCIRootless:
if ns := options.NamespaceOptions.Find(string(specs.IPCNamespace)); ns == nil || ns.Host {
logrus.Debugf("Forcing use of an IPC namespace.")
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.IPCNamespace)})
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{Name: string(specs.IPCNamespace)})
_, err := exec.LookPath("slirp4netns")
hostNetworking := err != nil
networkNamespacePath := ""
@ -2162,7 +2162,7 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions)
networkNamespacePath = ""
}
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{
Name: string(specs.NetworkNamespace),
Host: hostNetworking,
Path: networkNamespacePath,
@ -2170,11 +2170,11 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions)
if ns := options.NamespaceOptions.Find(string(specs.PIDNamespace)); ns == nil || ns.Host {
logrus.Debugf("Forcing use of a PID namespace.")
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.PIDNamespace), Host: false})
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{Name: string(specs.PIDNamespace), Host: false})
if ns := options.NamespaceOptions.Find(string(specs.UserNamespace)); ns == nil || ns.Host {
logrus.Debugf("Forcing use of a user namespace.")
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.UserNamespace)})
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{Name: string(specs.UserNamespace)})
case IsolationOCI:
pidns := options.NamespaceOptions.Find(string(specs.PIDNamespace))
userns := options.NamespaceOptions.Find(string(specs.UserNamespace))
@ -2187,8 +2187,8 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions)
// DefaultNamespaceOptions returns the default namespace settings from the
// runtime-tools generator library.
func DefaultNamespaceOptions() (NamespaceOptions, error) {
options := NamespaceOptions{
func DefaultNamespaceOptions() (define.NamespaceOptions, error) {
options := define.NamespaceOptions{
{Name: string(specs.CgroupNamespace), Host: true},
{Name: string(specs.IPCNamespace), Host: true},
{Name: string(specs.MountNamespace), Host: true},
@ -2204,7 +2204,7 @@ func DefaultNamespaceOptions() (NamespaceOptions, error) {
spec := g.Config
if spec.Linux != nil {
for _, ns := range spec.Linux.Namespaces {
options.AddOrReplace(NamespaceOption{
options.AddOrReplace(define.NamespaceOption{
Name: string(ns.Type),
Path: ns.Path,
})
@ -2231,7 +2231,7 @@ type runUsingRuntimeSubprocOptions struct {
ConfigureNetworks []string
MoreCreateArgs []string
ContainerName string
Isolation Isolation
Isolation define.Isolation
}
func init() {

3
run_unsupported.go
View File

@ -6,9 +6,6 @@ import (
"github.com/pkg/errors"
)
// ContainerDevices is currently not implemented.
type ContainerDevices = []struct{}
func setChildProcess() error {
return errors.New("function not supported on non-linux systems")
}

22
tests/bud.bats
View File

@ -2564,3 +2564,25 @@ _EOF
run_buildah manifest inspect testlist
expect_output --substring $digest
}
@test "bud test empty newdir" {
_prefetch alpine
mytmpdir=${TESTDIR}/my-dir
mkdir -p ${mytmpdir}
cat > $mytmpdir/Containerfile << _EOF
FROM alpine as galaxy
RUN mkdir -p /usr/share/ansible/roles /usr/share/ansible/collections
RUN echo "bar"
RUN echo "foo" > /usr/share/ansible/collections/file.txt
FROM galaxy
RUN mkdir -p /usr/share/ansible/roles /usr/share/ansible/collections
COPY --from=galaxy /usr/share/ansible/roles /usr/share/ansible/roles
COPY --from=galaxy /usr/share/ansible/collections /usr/share/ansible/collections
_EOF
run_buildah bud --layers --signature-policy ${TESTSDIR}/policy.json -t testbud $mytmpdir
expect_output --substring "COPY --from=galaxy /usr/share/ansible/collections /usr/share/ansible/collections"
}

5
tests/conformance/conformance_test.go
View File

@ -22,6 +22,7 @@ import (
"github.com/containers/buildah"
"github.com/containers/buildah/copier"
"github.com/containers/buildah/define"
"github.com/containers/buildah/imagebuildah"
"github.com/containers/image/v5/docker/daemon"
"github.com/containers/image/v5/image"
@ -507,8 +508,8 @@ func buildUsingBuildah(ctx context.Context, t *testing.T, store storage.Store, t
output := &bytes.Buffer{}
options := imagebuildah.BuildOptions{
ContextDirectory: contextDir,
CommonBuildOpts: &buildah.CommonBuildOptions{},
NamespaceOptions: []buildah.NamespaceOption{{
CommonBuildOpts: &define.CommonBuildOptions{},
NamespaceOptions: []define.NamespaceOption{{
Name: string(rspec.NetworkNamespace),
Host: true,
}},

2
vendor/github.com/containers/storage/VERSION generated vendored
View File

@ -1 +1 @@
1.25.0
1.25.1-dev

3
vendor/github.com/containers/storage/containers.go generated vendored
View File

@ -313,6 +313,9 @@ func (r *containerStore) Create(id string, names []string, image, layer, metadat
if options.MountOpts != nil {
options.Flags["MountOpts"] = append([]string{}, options.MountOpts...)
}
if options.Volatile {
options.Flags["Volatile"] = true
}
names = dedupeNames(names)
for _, name := range names {
if _, nameInUse := r.byname[name]; nameInUse {

4
vendor/github.com/containers/storage/drivers/driver.go generated vendored
View File

@ -53,6 +53,10 @@ type MountOpts struct {
UidMaps []idtools.IDMap // nolint: golint
GidMaps []idtools.IDMap // nolint: golint
Options []string
// Volatile specifies whether the container storage can be optimized
// at the cost of not syncing all the dirty files in memory.
Volatile bool
}
// ApplyDiffOpts contains optional arguments for ApplyDiff methods.

37
vendor/github.com/containers/storage/drivers/overlay/check.go generated vendored
View File

@ -163,3 +163,40 @@ func doesMetacopy(d, mountOpts string) (bool, error) {
}
return metacopy != nil, nil
}
// doesVolatile checks if the filesystem supports the "volatile" mount option
func doesVolatile(d string) (bool, error) {
td, err := ioutil.TempDir(d, "volatile-check")
if err != nil {
return false, err
}
defer func() {
if err := os.RemoveAll(td); err != nil {
logrus.Warnf("Failed to remove check directory %v: %v", td, err)
}
}()
if err := os.MkdirAll(filepath.Join(td, "lower"), 0755); err != nil {
return false, err
}
if err := os.MkdirAll(filepath.Join(td, "upper"), 0755); err != nil {
return false, err
}
if err := os.Mkdir(filepath.Join(td, "work"), 0755); err != nil {
return false, err
}
if err := os.Mkdir(filepath.Join(td, "merged"), 0755); err != nil {
return false, err
}
// Mount using the mandatory options and configured options
opts := fmt.Sprintf("volatile,lowerdir=%s,upperdir=%s,workdir=%s", path.Join(td, "lower"), path.Join(td, "upper"), path.Join(td, "work"))
if err := unix.Mount("overlay", filepath.Join(td, "merged"), "overlay", 0, opts); err != nil {
return false, errors.Wrapf(err, "failed to mount overlay for volatile check")
}
defer func() {
if err := unix.Unmount(filepath.Join(td, "merged"), 0); err != nil {
logrus.Warnf("Failed to unmount check directory %v: %v", filepath.Join(td, "merged"), err)
}
}()
return true, nil
}

88
vendor/github.com/containers/storage/drivers/overlay/overlay.go generated vendored
View File

@ -28,6 +28,7 @@ import (
"github.com/containers/storage/pkg/mount"
"github.com/containers/storage/pkg/parsers"
"github.com/containers/storage/pkg/system"
"github.com/containers/storage/pkg/unshare"
units "github.com/docker/go-units"
rsystem "github.com/opencontainers/runc/libcontainer/system"
"github.com/opencontainers/selinux/go-selinux/label"
@ -108,6 +109,7 @@ type Driver struct {
options overlayOptions
naiveDiff graphdriver.DiffDriver
supportsDType bool
supportsVolatile bool
usingMetacopy bool
locker *locker.Locker
}
@ -125,6 +127,51 @@ func init() {
graphdriver.Register("overlay2", Init)
}
func hasMetacopyOption(opts []string) bool {
for _, s := range opts {
if s == "metacopy=on" {
return true
}
}
return false
}
func hasVolatileOption(opts []string) bool {
for _, s := range opts {
if s == "volatile" {
return true
}
}
return false
}
func checkSupportVolatile(home, runhome string) (bool, error) {
feature := fmt.Sprintf("volatile")
volatileCacheResult, _, err := cachedFeatureCheck(runhome, feature)
var usingVolatile bool
if err == nil {
if volatileCacheResult {
logrus.Debugf("cached value indicated that volatile is being used")
} else {
logrus.Debugf("cached value indicated that volatile is not being used")
}
usingVolatile = volatileCacheResult
} else {
usingVolatile, err = doesVolatile(home)
if err == nil {
if usingVolatile {
logrus.Debugf("overlay test mount indicated that volatile is being used")
} else {
logrus.Debugf("overlay test mount indicated that volatile is not being used")
}
if err = cachedFeatureRecord(runhome, feature, usingVolatile, ""); err != nil {
return false, errors.Wrap(err, "error recording volatile-being-used status")
}
}
}
return usingVolatile, nil
}
// Init returns the a native diff driver for overlay filesystem.
// If overlay filesystem is not supported on the host, a wrapped graphdriver.ErrNotSupported is returned as error.
// If an overlay filesystem is not supported over an existing filesystem then a wrapped graphdriver.ErrIncompatibleFS is returned.
@ -169,8 +216,10 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error)
var usingMetacopy bool
var supportsDType bool
var supportsVolatile bool
if opts.mountProgram != "" {
supportsDType = true
supportsVolatile = true
} else {
feature := "overlay"
overlayCacheResult, overlayCacheText, err := cachedFeatureCheck(runhome, feature)
@ -229,6 +278,10 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error)
return nil, err
}
}
supportsVolatile, err = checkSupportVolatile(home, runhome)
if err != nil {
return nil, err
}
}
if !opts.skipMountHome {
@ -251,6 +304,7 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error)
ctr: graphdriver.NewRefCounter(graphdriver.NewFsChecker(fileSystemType)),
supportsDType: supportsDType,
usingMetacopy: usingMetacopy,
supportsVolatile: supportsVolatile,
locker: locker.New(),
options: *opts,
}
@ -880,7 +934,17 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
}
readWrite := true
for _, o := range options.Options {
optsList := options.Options
if len(optsList) == 0 {
optsList = strings.Split(d.options.mountOptions, ",")
} else {
// If metacopy=on is present in d.options.mountOptions it must be present in the mount
// options otherwise the kernel refuses to follow the metacopy xattr.
if hasMetacopyOption(strings.Split(d.options.mountOptions, ",")) && !hasMetacopyOption(options.Options) {
optsList = append(optsList, "metacopy=on")
}
}
for _, o := range optsList {
if o == "ro" {
readWrite = false
break
@ -1018,11 +1082,25 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
} else {
opts = fmt.Sprintf("lowerdir=%s:%s", diffDir, strings.Join(absLowers, ":"))
}
if len(options.Options) > 0 {
opts = fmt.Sprintf("%s,%s", strings.Join(options.Options, ","), opts)
} else if d.options.mountOptions != "" {
opts = fmt.Sprintf("%s,%s", d.options.mountOptions, opts)
if len(optsList) > 0 {
opts = fmt.Sprintf("%s,%s", strings.Join(optsList, ","), opts)
}
if d.options.mountProgram == "" && unshare.IsRootless() {
opts = fmt.Sprintf("%s,userxattr", opts)
}
// overlay has a check in place to prevent mounting the same file system twice
// if volatile was already specified.
err = os.RemoveAll(filepath.Join(dir, "work", "incompat/volatile"))
if err != nil && !os.IsNotExist(err) {
return "", err
}
// If "volatile" is not supported by the file system, just ignore the request
if d.supportsVolatile && options.Volatile && !hasVolatileOption(strings.Split(opts, ",")) {
opts = fmt.Sprintf("%s,volatile", opts)
}
mountData := label.FormatMountLabel(opts, options.MountLabel)
mountFunc := unix.Mount
mountTarget := mergedDir

8
vendor/github.com/containers/storage/go.mod generated vendored
View File

@ -14,17 +14,17 @@ require (
github.com/mistifyio/go-zfs v2.1.1+incompatible
github.com/moby/sys/mountinfo v0.4.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/runc v1.0.0-rc91
github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2
github.com/opencontainers/runc v1.0.0-rc93
github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d
github.com/opencontainers/selinux v1.8.0
github.com/pkg/errors v0.9.1
github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7
github.com/sirupsen/logrus v1.7.0
github.com/stretchr/testify v1.7.0
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
github.com/tchap/go-patricia v2.3.0+incompatible
github.com/vbatts/tar-split v0.11.1
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9
golang.org/x/net v0.0.0-20201224014010-6772e930b67b
golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3
gotest.tools v2.2.0+incompatible
)

57
vendor/github.com/containers/storage/go.sum generated vendored
View File

@ -5,18 +5,15 @@ github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331 h1:3YnB7Hpmh
github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
github.com/Microsoft/hcsshim v0.8.14 h1:lbPVK25c1cu5xTLITwpUcxoA9vKrKErASPYygvouJns=
github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
github.com/checkpoint-restore/go-criu/v4 v4.0.2 h1:jt+rnBIhFtPw0fhtpYGcUOilh4aO9Hj7r+YLEtf30uA=
github.com/checkpoint-restore/go-criu/v4 v4.0.2/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
github.com/cilium/ebpf v0.0.0-20200507155900-a9f01edf17e3 h1:qcqzLJa2xCo9sgdCzpT/SJSYxROTEstuhf7ZBHMirms=
github.com/cilium/ebpf v0.0.0-20200507155900-a9f01edf17e3/go.mod h1:XT+cAw5wfvsodedcijoh1l9cf7v1x9FlFB/3VmF/O8s=
github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59 h1:qWj4qVYZ95vLWwqyNJCQg7rDsG5wPdze0UaPolH7DUk=
github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1 h1:uict5mhHFTzKLUCufdSLym7z/J0CbBJT59lYbP9wtbg=
github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v1.0.0 h1:fU3UuQapBs+zLJu82NhR11Rif1ny2zfMMAyPJzSN5tQ=
github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
@ -25,6 +22,7 @@ github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDG
github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
github.com/coreos/go-systemd/v22 v22.0.0 h1:XJIw/+VlJ+87J+doOxznsAWIdmWuViOVhkQamW5YV28=
github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@ -47,9 +45,19 @@ github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls=
github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
@ -64,8 +72,6 @@ github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE
github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -75,22 +81,18 @@ github.com/mattn/go-shellwords v1.0.11 h1:vCoR9VPpsk/TZFW2JwK5I9S0xdrtUq2bph6/Yj
github.com/mattn/go-shellwords v1.0.11/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
github.com/mistifyio/go-zfs v2.1.1+incompatible h1:gAMO1HM9xBRONLHHYnu5iFsOJUiJdNZo6oqSENd4eW8=
github.com/mistifyio/go-zfs v2.1.1+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
github.com/moby/sys/mountinfo v0.1.3 h1:KIrhRO14+AkwKvG/g2yIpNMOUVZ02xNhOw8KY1WsLOI=
github.com/moby/sys/mountinfo v0.1.3/go.mod h1:w2t2Avltqx8vE7gX5l+QiBKxODu2TX0+Syr3h52Tw4o=
github.com/moby/sys/mountinfo v0.4.0 h1:1KInV3Huv18akCu58V7lzNlt+jFmqlu1EaErnEHE/VM=
github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618 h1:7InQ7/zrOh6SlFjaXFubv0xX0HsuC9qJsdqm7bNQpYM=
github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc91 h1:Tp8LWs5G8rFpzTsbRjAtQkPVexhCu0bnANE5IfIhJ6g=
github.com/opencontainers/runc v1.0.0-rc91/go.mod h1:3Sm6Dt7OT8z88EbdQqqcRN2oCT54jbi72tT/HqgflT8=
github.com/opencontainers/runc v1.0.0-rc93 h1:x2UMpOOVf3kQ8arv/EsDGwim8PTNqzL1/EYDr/+scOM=
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E=
github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d h1:pNa8metDkwZjb9g4T8s+krQ+HRgZAkqnXml+wNir/+s=
github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.8.0 h1:+77ba4ar4jsCbL1GLbFL8fFM57w6suPfSS9PDLDY7KM=
github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@ -109,8 +111,6 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5I
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -120,8 +120,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs=
github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY=
@ -149,6 +149,8 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw=
golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -164,18 +166,19 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 h1:1/DFK4b7JH8DmkqhUk48onnSfrPzImPoVxuomtbT2nk=
golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE=
golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009 h1:W0lCpv29Hv0UaM1LXb9QlBHLNP8UFfcKjblhVCWftOM=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3 h1:kzM6+9dur93BcC2kVlYl34cHU+TYZLanmpSJHVMmL64=
golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -192,6 +195,12 @@ google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRn
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

4
vendor/github.com/containers/storage/store.go generated vendored
View File

@ -599,6 +599,7 @@ type ContainerOptions struct {
LabelOpts []string
Flags map[string]interface{}
MountOpts []string
Volatile bool
}
type store struct {
@ -2813,6 +2814,9 @@ func (s *store) Mount(id, mountLabel string) (string, error) {
options.UidMaps = container.UIDMap
options.GidMaps = container.GIDMap
options.Options = container.MountOpts()
if v, found := container.Flags["Volatile"]; found {
options.Volatile = v.(bool)
}
}
return s.mount(id, options)
}

2
vendor/modules.txt vendored
View File

@ -136,7 +136,7 @@ github.com/containers/ocicrypt/keywrap/pkcs7
github.com/containers/ocicrypt/spec
github.com/containers/ocicrypt/utils
github.com/containers/ocicrypt/utils/keyprovider
# github.com/containers/storage v1.25.0
# github.com/containers/storage v1.25.1-0.20210211165435-4b14efb34e07
github.com/containers/storage
github.com/containers/storage/drivers
github.com/containers/storage/drivers/aufs