buildah bud was not picking up the ENV from the base image
as it was being cleared. Fixes buildah bud to pick up the ENV.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #720
Approved by: rhatdan
Test that the --ipc, --net/--network, --pid, --userns, --uts options can
be used to control whether or not we create new namespaces of those
types in "buildah run".
Test that when ID mappings are not specified, we default to not using a
new user namespace, but when ID mappings are specified, we create a new
user namespace and ID mappings are set correctly in the running
container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
When testing the --chown flag, expect ownership of content that we copy
in while specifying an owner to match the IDs of that owner as the
container knows them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
Add an --annotation flag to "buildah build-using-dockerfile".
Refactor the logic for --label handling to use SetLabel() to set them in
the image configuration in Executor.Commit(), instead of passing them as
a field in CommitOptions for Builder.Commit() and expecting it to do so.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #716
Approved by: rhatdan
Handle a Squash option when committing images, and make it available as
a flag for "buildah commit" and "buildah build-using-dockerfile".
Breaks up containerImageRef.NewImageSource to keep the complexity more
manageable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #714
Approved by: rhatdan
Output the output of a command that we "run" before checking it over, so
that if the check fails, we'll see what we actually got. Also check the
exit status of a couple of 'images -q' runs that we weren't.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #708
Approved by: rhatdan
When checking if an image name includes a registry name, when checking
for cases where parsing it inserts additional path components, handle
cases where the name includes a tag or digest component.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #710
Approved by: rhatdan
Make it easier to parse our temporary directory's name as an image name,
by making sure that we don't add '.' unnecessarily.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #705
Approved by: rhatdan
We want to be able to add labels when building a container image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #698
Approved by: umohnani8
pushing with format <transport>:<path> is valid now.
Add support to pull images from oci-archive that have no image ref name.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #697
Approved by: rhatdan
Extend util.ResolveName() to prepend "localhost" to the list of
registries, and teach util.FindImage(), util.ExpandNames(), and
util.AddImageNames() to use util.ResolveName().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #648
Approved by: rhatdan
Add options to "buildah config" for setting comment, domainname, and
hostname configuration bits, and the comment in history items which
describe layers that we add, and tests for them. Add a test for the
--shell option while we're at it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #641
Approved by: rhatdan
Add support for an --iidfile which specifies the file to write the
image id, when committing a new image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #636
Approved by: TomSweeneyRedHat
Make it clearer to the user which options can be executed
multiple times, versus those that can only used once.
Cleanup some documentation issues
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #592
Approved by: rhatdan
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #602
Approved by: pixdrift
containers/storage now returns a copy of the image state, so need to
refetch the new state whenever we make a change such as untagging.
Also added more tests for buildah rm.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #578
Approved by: rhatdan
Changes to paramters in functions.
Change to the error returned by the oci and oci-archive transport.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #578
Approved by: rhatdan
The secrets code was just tarring and copying the contents of the secrets directory on host as is.
This meant it was not accounting for any symlinks inside the directory, leading up to the contents
not being copied over.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #582
Approved by: rhatdan
After a symlink is created, buildah bud would fail if the symlink was
mounted as a volume.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #541
Approved by: ripcurld
Also vendor in the latest imagebuilder code and all the packages
that come with it.
Note: imagebuilder.NewBuilderForReader has been removed from imagebuilder
so I had to split the function up into two different calls.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #517
Approved by: rhatdan
buildah from now supports pulling images using the following transports:
docker-archive, oci-archive, and dir.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #524
Approved by: TomSweeneyRedHat
In https://github.com/projectatomic/buildah/issues/363:
Config and Manifest are displayed as a string representing JSON
only when "--format" is set. However, this is necessary too if
"--format" is not set.
This patch fixes this by using the same technique above
to make the representation of Manifest and Config consistent.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Closes: #522
Approved by: rhatdan
This patch will allow commands like
buildah run $ctr ls -lZ /
To work correctly.
Need to update vendor of urfave cli.
Also changed all commands to no longer accept global options after the COMMAND.
Single boolean options can now be passed together.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #493
Approved by: rhatdan
Add the remaining --volume and --shm-size flags to buildah bud and from
--volume supports the following options: rw, ro, z, Z, private, slave, shared
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #491
Approved by: rhatdan
This is an initial attempt at bringing in the ginkgo test framework into
buildah. The inspect bats file was also imported.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #472
Approved by: rhatdan
We were interpreting the ignoreUnrecognizedInstructions incorrectly, so
fix that, and call out the unrecognized instruction keyword in the error
message (or debug message, if we're ignoring it).
Should fix#451.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #452
Approved by: rhatdan
When we encounter the MAINTAINER keyword in a Dockerfile, imagebuilder
updates the Author field in the imagebuilder.Builder structure. Pick up
that value when we go to commit the image.
Should fix#448.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #450
Approved by: rhatdan
When setting a container name the getImageName function goes through
all the names of the resolved image and finds the name that contains
the given name by the user.
However, if the user is specifying "docker.io/tagged-image"
the Docker transport returns "docker.io/library/tagged-image" which
makes getImageName returns the original image name because it does
not find a match.
To resolve this issue before calling getImageName the image given
by the user will be trimmed to be just the name.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Closes: #422
Approved by: rhatdan
Allows rmi to remove all dangling images (images without a tag and without a child image)
Add new test case
Signed-off-by: Arthur Mello <amello@redhat.com>
Closes: #418
Approved by: rhatdan
By default, the JSON encoder from the Go standard library
escapes the HTML characters which causes the maintainer output
looks strange:
"maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e"
Instead of:
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
This patch fixes this issue in "buildah-inspect" only as this is
the only place that such characters are displayed.
Note: if the output of "buildah-inspect" is piped or redirected
then the HTML characters are not escaped.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Closes: #421
Approved by: rhatdan
In commit 47ac96155f the image name that is used
for setting the container name is taken from the resolved image
unless it is empty.
The image has the "Names" field and right now the first name is
taken. However, when the image is a tagged image, the container name
will end up using the original name instead of the given one.
For example:
$ buildah tag busybox busybox1
$ buildah from busybox1
Will set the name of the container as "busybox-working-container"
while it was expected to be "busybox1-working-container".
This patch fixes this particular issue.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Closes: #399
Approved by: rhatdan
When building an image's config blob, add a sanity check that the number
of diffIDs that we're including matches the number of entries in the
history which don't claim to be empty layers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #383
Approved by: rhatdan
We often use err as a variable inside of subblocks, and
we don't want golint to complain about it.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #379
Approved by: nalind
Add a test to ensure that 'buildah rmi' works if passed a truncated
version of an image's ID.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #361
Approved by: rhatdan
When locating an image for pulling, inspection, or pushing, if we're
given an image name that doesn't include a domain/registry, try building
a set of candidate names using the configured registries as domains, and
then pull/inspect/push using the first of those names that works.
If a name that we're given corresponds to a prefix of the ID of a local
image, skip completion and use the ID directly instead.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #360
Approved by: rhatdan
Update shallowCopy() to work with the newer version of image.
Remove things from Push() that we don't need to do any more.
Preserve digests in image names, make sure we update creation times, and
add a test to ensure that we can pull, commit, and push using such names
as sources.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #187
Approved by: rhatdan
Bump the GIT_VALIDATION_EPOCH in tests/validate/git-validation.sh to a
later commit.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #340
Approved by: rhatdan
buildah push supports manifest type conversion when pushing using the 'dir' transport
Manifest types include oci, v2s1, and v2s2
e.g buildah push --format v2s2 alpine dir:my-directory
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Add a test that makes sure that "buildah run" fails if it can't resolve
the name of the user for the container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Change our behavior when we're given USER with a numeric UID and no GID,
so that we no longer error out if the UID doesn't correspond to a known
user so that we can use that user's primary GID. Instead, use GID 0.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Add a test that makes sure we catch cases where we attempt to open a
file in the container's tree that's actually a symlink that points out
of the tree.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
We don't need to mount the container for this test or add files to it,
and switching to a smaller base image that already includes a "hostname"
command means we don't need to run a package installer in the container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #320
Approved by: nalind
Default to running integration tests using /var/tmp as scratch space,
since it's more likely to support proper SELinux labeling than /tmp,
which is more likely to be on a tmpfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #320
Approved by: nalind
This is no simpler then putting the transport in the image page,
we should default to the registry specified in containers/image
and not override it. People are confused by this option, and I
see no value.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #234
Approved by: rhatdan
We have implemented most of this code in kpod export, and we now
have kpod import/load/save. No reason to implement them in both
commands.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #245
Approved by: nalind
Replace --registry command line flags with --transport. For backward
compatibility, add Transport as an addtional setting that we prepend to
the still-optional Registry setting if the Transport and image name
alone don't provide a parseable image reference.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #235
Approved by: rhatdan
Fix our instantiation behavior when the source image reference is not a
named reference.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #235
Approved by: rhatdan
It looks like the metalinter is running out of memory while running
tests under PAPR, so give this a try.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #221
Approved by: rhatdan
Add a CI test that ensures that we can build an RPM package on the
current version (as of this writing, 26) of Fedora, using the .spec file
under contrib.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #208
Approved by: jlebon
Try to ensure that we have runc, so that we can test the "run" command
in CI. In the absence of a compatible packaged version of runc, we may
have to build our own.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #202
Approved by: rhatdan
Add a test to compare the version we claim to be with the version
recorded in the RPM .spec file.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #202
Approved by: rhatdan
If you specify an option in a buildah run command, the command fails.
The proper syntax for this is to add --
buildah run $ctr -- ls -l /
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Closes: #197
Approved by: nalind
I think this would be good practice to eliminate wasted disk space.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Closes: #189
Approved by: rhatdan
Just build imgtype once, and reuse the flags we use for the main binary.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #174
Approved by: rhatdan
Logging at Fatal calls os.Exit(), which keeps us from shutting down
storage properly, which prevents test cleanup from succeeding.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #162
Approved by: rhatdan
In the imgtype test helper, add a -debug flag, correctly handle things
on the off chance that we need to call a reexec handler, and read the
manifest using the Manifest() method of an image that we're already
opening, rather than creating a source image just so that we can call
its GetManifest() method.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #162
Approved by: rhatdan
Make the tests use the storage driver named in $STORAGE_DRIVER, if one's
set, instead of hard-coding the default of "vfs".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #162
Approved by: rhatdan
When "run" isn't explicitly given a command, mix the command and
entrypoint options and configured values together correctly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #160
Approved by: rhatdan
Ensure that volume points are created, if they don't exist, when they're
defined in a Dockerfile (#151), and that if we create them, we create
them with 0755 permissions (#152).
When processing RUN instructions or the run command, if we're not
mounting something in a volume's location, create a copy of the volume's
initial contents under the container directory and bind mount that.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #154
Approved by: rhatdan
Add a "push" command, which pulls an image's layers from local storage,
recomputes the image's digest and manifest, and uses the image library
to write the result to the specified location.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #141
Approved by: rhatdan
We weren't properly passing the preferred output format to the Commit()
method when committing images that we were building using
build-with-dockerfile. Fix that.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #127
Approved by: rhatdan
Test setting and importing of configuration settings by saving to both
formats, and then checking that the values in both configuration fields
has the right data when we use either image type as a source image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #118
Approved by: rhatdan
Add a test helper for examining image metadata and checking their types,
and add tests that use it to verify that after writing either Docker v2
or OCI v1 images, that the manifest and configuration blobs that we
stored for them successfully decode as the correct data types.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #118
Approved by: rhatdan
Increase the timeout that we set for running the metalinter from 2
minutes to 4 minutes, for cases where the calling environment is more
heavily loaded than we expected.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #119
Approved by: rhatdan
Add an "inspect" command, which can be used to dump the contents of the
Buildah object for a working container, or the starting one we'd get for
a specified image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #109
Approved by: rhatdan
Add an AdditionalTags field to the imagebuildah options structure, to
provide for additional tags which we'll want to apply to the image that
we're writing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #88
Approved by: rhatdan
Add a "validate" target to the top level Makefile that checks formatting
of source files with golint, signed-off-by tags with git-validate, and
for various other warnings with gometalinter.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #62
Approved by: rhatdan
When we have cgo, use fgetpwent() to try to look up user IDs and primary
GIDs in containers. If that fails for any reason (or if we don't have
cgo), fall back to doing what we were doing before (i.e., trying to look
up the information on the host).
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #63
Approved by: rhatdan
Make Run() default to running the command with a PTY if we're being run
with stdout connected to terminal, and provide options to force the
decision one way or the other.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #64
Approved by: rhatdan
When saving the contents of a URL to a local file, attempt to set mtime
based on the response's Last-Modified header, if there is one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #58
Approved by: nalind
We can use "scratch" now as a source for building images, so speed
things up a bit by using it instead of pulling alpine in tests where it
isn't expected to affect the test result.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #55
Approved by: rhatdan
When the destination for an ADD or COPY operation ends with a path
separator, take that as an indicator that the destination should be a
directory, that we should create it if it doesn't already exist, and
that any files we're copying should be placed in the directory.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #56
Approved by: rhatdan
When copying or adding a source directory, copy the directory's contents
to the destination directory, to better match Dockerfile COPY behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #50
Approved by: rhatdan
Accept commit target names which don't include a transport name by
checking if they parse as valid containers-storage references after they
fail to parse as a general reference.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #49
Approved by: rhatdan
Rename the "list" and "delete" commands to "containers" and "rm",
respectively, and add "images" and "rmi" counterparts for them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #32
Approved by: rhatdan
Add options to Run() for passing in additional environment variables,
overriding the default command, user, and working directory, and a flag
for controlling whether or not we attach to the host's network.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #46
Approved by: rhatdan
Closes: #39
Approved by: nalind
We need to match the syntax of Dockerfile, three forms
buildah copy $CID SOURCE
buildah copy $CID SOURCE DESTINATION
buildah copy $CID SOURCE SOURCE SOURCE DESTINATION
Closes: #40
Approved by: nalind
Change copy behavior so that the destination can be a file rather than a
directory if we're copying a single item.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When flags that we'd require be specified aren't, if there are command
line arguments, use their values as flag values.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Clean up the tests so that data files that we generate don't get dropped
in the root directory of the host, or in a part of ${TMPDIR} that we
won't clean up. Add tests to exercise "add"'s extracting logic.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Simplify our implementation of copy/add to always assume that the
destination location will be a directory. Trying to be cleverer, like
cp is, would just be confusing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Zhou Hao
umohnani8
Nalin Dahyabhai
pixdrift
Daniel J Walsh
Tom Sweeney
Fabio Bertinatto
Boaz Shuster
baude
Arthur Mello
Ryan Cole