When reading content, discard xattrs in the user.overlay namespace, to
keep up with the storage library.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Yes, this helper function always returns nil as one of its results, but
that lets the callers not have to remember to do that, so it's shorter
than changing the call sites.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Drop the "omitempty" tag from the "json" tag on struct members that are
themselves structs, since the JSON encoder doesn't actually do that, per
golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the CutPrefix(), SplitSeq(), and FieldsSeq() functions from the
strings package when chopping up or iterating over parts of strings, per
golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When generating archives, clear user and group names to keep up with
recent changes to the storage library.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Have Ensure() also return the parent directories of items that it
created, along with information about them that can be used to filter
them out of the layer at commit-time.
This modifies the signature of Ensure(), but it was added in 1.41.0, and
shouldn't (yet) have any external users.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add an optional ModTimeNew field to MkdirOptions, for setting the
timestamp on newly-created directories. Note that the timestamps on
parent directories of the topmost newly-created directories are not
something we affect, so they'll be updated as usual.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The `filepath.Glob` function does not provide deterministic output. In order to achieve a reproducible build, files must be copied in a deterministic manner, and `filepath.Glob` did not guarantee this. Other functions such as `filepath.Walk` and `os.ReadDir` return deterministic output. So copying files to the image is done in the same order each time.
Fixes: https://issues.redhat.com/browse/RUN-2661
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Add copier.Ensure() and copier.ConditionalRemove(), for controlling the
permissions and datestamps we set on multiple items we create with one
call (along with any parents), and selectively removing multiple items
with one call.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --timestamp flag to the "add" and "copy" CLIs, along with a
corresponding field in AddAndCopyOptions.
When a timestamp is set, we'll force the timestamp on data copied in to
be the specified value while reading it, so that the content will have
the specified datestamp in the rootfs and when the image is committed.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This function always returns nil as the first parameter, which makes
unparam linter sad.
Rather than adding //nolint:unparam, let's just move nil to actual
returns.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
These:
> copier/copier.go:1664:2: QF1003: could use tagged switch on hdr.Typeflag (staticcheck)
> if hdr.Typeflag == tar.TypeReg {
> ^
> pkg/parse/parse.go:708:4: QF1003: could use tagged switch on arr[1] (staticcheck)
> if arr[1] == "local" {
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
github.com/moby/sys/capability is a fork of the (no longer maintained)
github.com/syndtr/gocapability package.
For the list of changes since the fork took place, see
https://github.com/moby/sys/blob/main/capability/CHANGELOG.md
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Rootless users cannot set the `security.ima` xattr on files
(presumably for security reasons, they get an EPERM on trying to
do so). We will normally try and preserve that xattr, so when
trying to add a file with an IMA xattr to a build on a Buildah
without this patch, you get an error. With this patch, the error
is downgraded to a warning, as it's better to successfully build
with a missing xattr than blocking all builds which want to
include the offending file.
The urgency on this has become somewhat higher as it seems like
F41/Rawhide are installing rpm-plugin-ima by default, which is
setting IMA xattrs on some files that Podman relies on - for
example, the catatonit binary we use for pid pause images.
Without this patch, building the pause image as rootless will
always fail on a system with rpm-plugin-ima installed.
Fixes: https://github.com/containers/podman/issues/18543
Signed-off-by: Matt Heon <mheon@redhat.com>
Handle glob patterns with "**" path components by expanding "**" to the
set of subdirectories and calling filepath.Glob() on the results.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This change is generated by `go1.23rc2 fix ./...`.
Had to use go1.23rc2, since all released go versions have a bug
preventing it from working with `go 1.22.0` in go.mod (opened
https://github.com/golang/go/issues/68825,
https://github.com/golang/go/issues/68824 for awareness).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
If it's linux, darwin, and a BSD, it might be easier to write it this
way.
Intended to add support for NetBSD.
Signed-off-by: Maya Rashish <maya@NetBSD.org>
When we get a tried-to-write-to-closed-pipe error while encoding
something for a coprocess, try to capture error output from the
coprocess and add it to the error message, to hopefully catch a flake
we're seeing in CI.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This allows podman to import the copier package on the remote client
without needing the full libimage package.
Based on Miloslav's work: https://github.com/containers/podman/pull/19718
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixes golangci-lint message:
`tar.TypeRegA has been deprecated since Go 1.11 and an alternative has
been available since Go 1.1: Use TypeReg instead.`
Signed-off-by: Chris Evich <cevich@redhat.com>
In golang 1.19, `io/ioutil` is fully deprecated preventing Buildah from
compiling. Replace all calls with equivalent calls from the `os`
package.
Signed-off-by: Chris Evich <cevich@redhat.com>
When noting that a non-symlink has setuid/setgid/sticky bits, switch
from using "syscall" package bits and syscall.Chmod() to using "os"
package bits and os.Chmod(), and if the item's a directory, record the
updated mode information in the "directoryModes" map that we'll use to
reset its permissions later.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This call to os.Mkdir got missed the first time I tried to add the
workaround for the FreeBSD EISDIR bug since I was only testing with
'buildah run'. Trying to use 'buildah add' triggers the same bug whan
trying to extract an archive into a container's filesystem.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit replaces `ioutil.TempDir` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.
Prior to this commit, temporary directory created using `ioutil.TempDir`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
defer func() {
if err := os.RemoveAll(dir); err != nil {
t.Fatal(err)
}
}
is also tedious, but `t.TempDir` handles this for us nicely.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
If errors for which os.IsExist() or os.IsNotExist() would have returned
true have been wrapped using fmt.Errorf()'s "%w" verb, os.IsExist() and
os.IsNotExist(), not having been retrofitted to use errors.Is(), will
return false.
Use errors.Is() to check if an error is an os.ErrExist or os.ErrNotExist
error instead of calling os.IsExist() or os.IsNotExist().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
On FreeBSD, os.Mkdir can return EISDIR if the target is the root. As a
workaround, treat EISDIR as a non-error similarly to EEXISTS.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Nalin Dahyabhai
Jan Kaluza
Jan Rodák
openshift-merge-bot[bot]
Sascha Brawer
Kir Kolyshkin
David Negstad
flouthoc
Matt Heon
Maya Rashish
Paul Holzinger
Chris Evich
Doug Rabson
Daniel J Walsh
Eng Zer Jun
Sascha Grunert