root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Allow cache mounts to be stages or additional build contexts 

Allow cache mounts (RUN --mount=type=cache) to refer to other stages or
additional build contexts.

Update the build-check-cve-2024-9675 integration test to use different
directories for its main build context and the additional build context
that it uses for its final run.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This commit is contained in:
Nalin Dahyabhai 2025-01-06 13:47:31 -05:00
parent 55ee4ec6f9
commit 8c7c9da3f2
4 changed files with 34 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
imagebuildah/stage_executor.go
View File

@ -635,7 +635,12 @@ func (s *StageExecutor) runStageMountPoints(mountList []string) (map[string]inte
// to `mountPoint` replaced from additional // to `mountPoint` replaced from additional
// build-context. Reason: Parser will use this // build-context. Reason: Parser will use this
// `from` to refer from stageMountPoints map later. // `from` to refer from stageMountPoints map later.
stageMountPoints[from] = internal.StageMountDetails{IsStage: false, DidExecute: true, MountPoint: mountPoint} stageMountPoints[from] = internal.StageMountDetails{
IsAdditionalBuildContext: true,
IsImage: true,
DidExecute: true,
MountPoint: mountPoint,
}
break break
} else { } else {
// Most likely this points to path on filesystem // Most likely this points to path on filesystem
@ -667,7 +672,11 @@ func (s *StageExecutor) runStageMountPoints(mountList []string) (map[string]inte
mountPoint = additionalBuildContext.DownloadedCache mountPoint = additionalBuildContext.DownloadedCache
} }
} }
stageMountPoints[from] = internal.StageMountDetails{IsStage: true, DidExecute: true, MountPoint: mountPoint} stageMountPoints[from] = internal.StageMountDetails{
IsAdditionalBuildContext: true,
DidExecute: true,
MountPoint: mountPoint,
}
break break
} }
} }
@ -678,14 +687,22 @@ func (s *StageExecutor) runStageMountPoints(mountList []string) (map[string]inte
return nil, err return nil, err
} }
if otherStage, ok := s.executor.stages[from]; ok && otherStage.index < s.index { if otherStage, ok := s.executor.stages[from]; ok && otherStage.index < s.index {
stageMountPoints[from] = internal.StageMountDetails{IsStage: true, DidExecute: otherStage.didExecute, MountPoint: otherStage.mountPoint} stageMountPoints[from] = internal.StageMountDetails{
IsStage: true,
DidExecute: otherStage.didExecute,
MountPoint: otherStage.mountPoint,
}
break break
} else { } else {
mountPoint, err := s.getImageRootfs(s.ctx, from) mountPoint, err := s.getImageRootfs(s.ctx, from)
if err != nil { if err != nil {
return nil, fmt.Errorf("%s from=%s: no stage or image found with that name", flag, from) return nil, fmt.Errorf("%s from=%s: no stage or image found with that name", flag, from)
} }
stageMountPoints[from] = internal.StageMountDetails{IsStage: false, DidExecute: true, MountPoint: mountPoint} stageMountPoints[from] = internal.StageMountDetails{
IsImage: true,
DidExecute: true,
MountPoint: mountPoint,
}
break break
} }
default: default:

8
internal/types.go
View File

@ -12,7 +12,9 @@ const (
// StageExecutor has ability to mount stages/images in current context and // StageExecutor has ability to mount stages/images in current context and
// automatically clean them up. // automatically clean them up.
type StageMountDetails struct { type StageMountDetails struct {
DidExecute bool // tells if the stage which is being mounted was freshly executed or was part of older cache DidExecute bool // true if this is a freshly-executed stage, or an image, possibly from a non-local cache
IsStage bool // tells if mountpoint returned from stage executor is stage or image IsStage bool // true if the mountpoint is a stage's rootfs
MountPoint string // mountpoint of stage/image IsImage bool // true if the mountpoint is an image's rootfs
IsAdditionalBuildContext bool // true if the mountpoint is an additional build context
MountPoint string // mountpoint of the stage or image's root directory or path of the additional build context
} }

8
internal/volumes/volumes.go
View File

@ -197,7 +197,7 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st
// buildkit parity: support absolute path for sources from current build context // buildkit parity: support absolute path for sources from current build context
if contextDir != "" { if contextDir != "" {
// path should be /contextDir/specified path // path should be /contextDir/specified path
evaluated, err := copier.Eval(contextDir, newMount.Source, copier.EvalOptions{}) evaluated, err := copier.Eval(contextDir, string(filepath.Separator)+newMount.Source, copier.EvalOptions{})
if err != nil { if err != nil {
return newMount, "", err return newMount, "", err
} }
@ -359,12 +359,10 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
} }
if fromStage != "" { if fromStage != "" {
// do not create cache on host
// instead use read-only mounted stage as cache
mountPoint := "" mountPoint := ""
if additionalMountPoints != nil { if additionalMountPoints != nil {
if val, ok := additionalMountPoints[fromStage]; ok { if val, ok := additionalMountPoints[fromStage]; ok {
if val.IsStage { if !val.IsImage {
mountPoint = val.MountPoint mountPoint = val.MountPoint
} }
} }
@ -372,7 +370,7 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
// Cache does not supports using image so if not stage found // Cache does not supports using image so if not stage found
// return with error // return with error
if mountPoint == "" { if mountPoint == "" {
return newMount, nil, fmt.Errorf("no stage found with name %s", fromStage) return newMount, nil, fmt.Errorf("no stage or additional build context found with name %s", fromStage)
} }
// path should be /contextDir/specified path // path should be /contextDir/specified path
evaluated, err := copier.Eval(mountPoint, string(filepath.Separator)+newMount.Source, copier.EvalOptions{}) evaluated, err := copier.Eval(mountPoint, string(filepath.Separator)+newMount.Source, copier.EvalOptions{})

8
tests/bud.bats
View File

@ -6570,8 +6570,8 @@ _EOF
run_buildah build -t buildkitbase $WITH_POLICY_JSON -f $contextdir/Dockerfilebuildkitbase $contextdir/ run_buildah build -t buildkitbase $WITH_POLICY_JSON -f $contextdir/Dockerfilebuildkitbase $contextdir/
# try reading something from persistent cache in a different build # try reading something from persistent cache in a different build
run_buildah 125 build -t testbud $WITH_POLICY_JSON -f $contextdir/Dockerfilecachefromimage TMPDIR=${TEST_SCRATCH_DIR} run_buildah 125 build -t testbud $WITH_POLICY_JSON -f $contextdir/Dockerfilecachefromimage
expect_output --substring "no stage found with name buildkitbase" expect_output --substring "no stage or additional build context found with name buildkitbase"
} }
@test "bud-with-mount-cache-multiple-from-like-buildkit" { @test "bud-with-mount-cache-multiple-from-like-buildkit" {
@ -6948,6 +6948,8 @@ RUN --mount=type=cache,from=testbuild,source=../,target=/var/tmp \
ls -l /var/tmp && cat /var/tmp/file.txt ls -l /var/tmp && cat /var/tmp/file.txt
EOF EOF
run_buildah 1 build --security-opt label=disable --build-context testbuild=${TEST_SCRATCH_DIR}/cve20249675/ --no-cache ${TEST_SCRATCH_DIR}/cve20249675/ mkdir ${TEST_SCRATCH_DIR}/cachedir
run_buildah 1 build --security-opt label=disable --build-context testbuild=${TEST_SCRATCH_DIR}/cachedir/ --no-cache ${TEST_SCRATCH_DIR}/cve20249675/
expect_output --substring "cat: can't open '/var/tmp/file.txt': No such file or directory" expect_output --substring "cat: can't open '/var/tmp/file.txt': No such file or directory"
} }