Fixes: #5349
Unanticipated missing `dnf` functionality likely negatively impacts a
significant number of image users. Further exploration of size
reduction is needed, but we cannot (likely) swap to `microdnf` easily.
This reverts commit cdb1a4ff8e.
Signed-off-by: Chris Evich <cevich@redhat.com>
This change will allow RHEL subscriptions from the host to flow to internal containers.
Fixes: containers/common#1735
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Adding a chown after the containers storage.conf file is made for the build user in the buildah container image otherwise the file is owned by root while it should be owned by the build user and its group.
Signed-off-by: Indy Van Mol <indy.van.mol@endstra.dev>
For image published at `quay.io/containers/buildah` buildah should
correctly use `fuseoverlay` for rootless `build` user `fuse-overlayfs`.
Closes: https://github.com/containers/buildah/issues/4669
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
As of this commit, the build script runs the process on x86_64 hardware
(4cpus/8gig) using emulation for foreign architectures. Due to various
delays, inefficiencies, and other emulation-related slowdowns, it's
possible for dnf to timeout and/or mis-measure a minimum repository
download rate. Bump up the minimum download rate by 10x and timeout
interval by double. This should allow the builds to complete more
consistently.
Signed-off-by: Chris Evich <cevich@redhat.com>
This project uses the American dialect of written English. Not the
English (or Canadian) dialects as some more befuddled individuals might
do. I hope you enjoy the humour of this, I do.
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
Due to concerns about the ambiguous overloaded meaning of RELEASE in
this context, the build argument has been renamed to `FLAVOUR`.
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
A single `Containerfile` should be easier to maintain and more reliable
than having three nearly identical files. The new file uses an argument
named `RELEASE` with the value `stable`, `testing`, or `upstream`.
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
As per discussion with @nalid, updating the inconsistent use of
sequential operator (`;`) to the AND operator (`&&`) to avoid ignoring
errors. (Previous commit mimicked existing style.)
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
Drop a reference as to why the rpm --setcaps... line is needed, along
with a TODO reminder to check if it's still needed.
Signed-off-by: Chris Evich <cevich@redhat.com>
When building the multi-arch "upstream" flavor of buildah container
images, it's more optimal to use separate compilation and image
construction steps. The image-build automation is time-limited,
and operating under a (slow) emulation environment. So using a
continuously pre-built buildah RPM will also improve build
reliability.
ref: https://github.com/containers/buildah/pull/4062
Signed-off-by: Chris Evich <cevich@redhat.com>
This specfile along with a webhook will trigger auto rpm builds on the
`rhcontainerbot/podman-next` copr after every upstream PR merge.
Useful for those who want to fetch the latest upstream buildah without
having to build from source.
This commit also gets rid of `contrib/rpm/buildah.spec` and
`tests/version.bats`.
Known issue: Currently fails to build for EL8 envs.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Previously, `;` were separating several `RUN` commands. This is
dangerous, as failure in one won't result in a build failure. This was
happening due to the `runc` package having a required dependency on
`contaqiner-selinux` which was excluded. Fix this by using `&&` and
switching to the crun package.
Signed-off-by: Chris Evich <cevich@redhat.com>
Contents updated to more closely resemble the same docs in the podman
repository. Also, remove the `centos7` compatibility section (and
build context) given it's not been built or maintained in over two
years.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fedora no longer ships /etc/containers/storage.conf but
/usr/share/containers/storage.conf, this causes the buildimages
to fail to build. This PR uses the storage.conf in /usr.
Removed Centos7 image, since this distribution is no longer supported
and no reason to ship an image specific to this distribution.
Removed stablebyhand image, since this does not look like it is needed
any longer, and was not being maintained.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Cleans up the Dockerfiles for the buildah images that land on quay.
A number of readability changes, and an adjustment to sed to
handle storage.conf.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Ship `cpp` with the Buildah container images to make sure that
preprocessing .in files works as expected and documented.
Fixes: #3822
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We have a limit of 50000 for subuid and subgid in the buildah container image
for the build user which may be too low for when running rootless
Increasing the value to 65535 skipping build own id (1000) which should be good
enough for most cases.
Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>
Base images don't have shadow-utils permissions set correctly, this
change should speed up the building of images a little bit.
[NO TESTS NEEDED] This does not change buildah in any way, so no need to
tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is a port from the podman repository, of substantially the same
workflow with a number of bugfixes and readability improvements
compared to the original. Same for the README.md updates.
The significant changes compared to the prior implementation are:
* Run periodically instead of only after every master push.
* Add a build for the "testing" image flavor.
* Fix a blank `org.opencontainers.image.source` value.
* Instead of pushing a `main` (or `master`) tagged image, use `latest`.
* Simplify use of env. vars. and workflow vars.
Note: Aside from a `s/podman/buildah/g` this commit makes the
buildah and podman workflows identical. This is needed to better
support a smooth transition to a future/intended unification effort.
In other words, I intend to develop a single, shared workflow/script
that can be used for all three: skopeo, buildah, and podman.
Signed-off-by: Chris Evich <cevich@redhat.com>
We've recently had a number of issues reported against our
pre-fabricated images on quay.io and a couple of rhel repositories
throwing a fuse error when run:
```
fuse: device not found, try 'modprobe fuse' first
```
The tip on modprobe fuse is not always seen by or displayed to
the end user. Adding a couple of doc pointers to hopefully help.
Arises from this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1867892
and several others.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
xz package is required by buildah and podman when building a
image and ADD a tar.xz file archive is used
Closes https://github.com/containers/buildah/issues/2525
Signed-off-by: Job Cespedes Ortiz <jobcespedes@gmail.com>
Updates the buildahimage README.md to document what
the settings of PATH, ENTRYPOINT and WORKDIR are within
the container images that are stored in quay.io.
Addresses: #1693
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
For the overlay driver, the buildah container was given an additional
image store. Unfortunatley, overlay doesn't work out-of-the-box in a
Kubernetes cluster do to the lack of appropriate access to /dev/fuse.
In Minikube, it's non-trivial to provide that access, but it is trivial
to use the VFS storage driver.
Previously, the VFS storage driver would fail due to not having the
appropriate directory structure and required files in the additional
image store. This commit adds those files to the pre-built container
images to allow for easy use in Kubernetes.
Signed-off-by: Zvi "CtrlZvi" Effron <viz_skywalker+GitHub@outlook.com>
Signed-off-by: xiaotuanyu120 <zhaopeiwu@outlook.com>
Update contrib/buildahimage/centos7/Dockerfile
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Update contrib/buildahimage/README.md
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Update contrib/buildahimage/README.md
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Update contrib/buildahimage/README.md
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
update description of the image centos7 and using containers.conf in stable instead
Signed-off-by: xiaotuanyu120 <zhaopeiwu@outlook.com>
Update contrib/buildahimage/centos7/Dockerfile
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Adding the registry name registry.fedoraproject.org/
to the `FROM fedora:latest` statement in each of the
buildahimage Docker/Containerfiles.
When the buildah/testing:latest image is autobuilt by
the quay.io build triggers, Buildah's version is set to
v1.14.0 instead of v1.14.8. If I use the same Dockerfile
and build on my test machine, the version is set to v1.14.8
as it should be.
quay.io uses Docker to do their image builds and it pulls
fedoara from docker.io by default. I'm hoping that fully
specifying the image name will help that out. Regardelss,
it won't hurt.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
When running in a rootless buildah, the build user
is not allowed to read /etc/containers/containers.conf
which is causing these containers to fail.
This patch makes containers.conf world readable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the containers.conf in the build process of the
"stablebyhand" Containerfile which is used to build
a particular variant of Buildah by hand for use in quay.io.
The change for that is the ADD of the container.conf in
GitHub.com and emulates @rhatdan 's work in #2284
Also bumped the version to a more recent release while
I was in here.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Change the default cgroup_manager to cgroupfs to change the warning
inside of the containers on systemd not being supported.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Chris Evich
Ian Kerins
Daniel J Walsh
Indy Van Mol
Aditya R
Andrew Meadows
openshift-ci[bot]
Lokesh Mandvekar
tomsweeneyredhat
Valentin Rothberg
Chmouel Boudjnah
Yulia Gaponenko
Tim Etchells
Josh Soref
Job Céspedes Ortiz
Zvi "CtrlZvi" Effron
xiaotuanyu120