Blake Burkhart reports that when running processes using "chroot"
isolation, the process being run can examine the environment of its
immediate parent and grandparent processes (CVE-2021-3602).
When run in a container in a CI/CD environment, the environment may
include sensitive information which was shared with the container in
order to be used only by buildah itself. The command being executed is
able to read such information.
This patch reduces the set of environment variables passed to these
intermediate processes, from all variables to the one which is used to
control the level of debug logging. It also corrects a misleading debug
message and expands the description of chroot isolation in man pages.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add new `buildah source {create,add,push,pull}` commands. All commands
are marked as experimental. None of it is meant to be officially
supported at the time of writing. All code resides in `internal/source`
and is hence not visible to external consumers of Buildah; just to be
on the safe side.
A source container or source image is an OCI artifact, that is an OCI
image with custom config (media type). There is a longer history behind
source images which are intended to ship the source artifacts of an
ordinary "executable" container image. Until now, source images at
Red Hat are built with github.com/containers/BuildSourceImage. We had a
growing desire (and always the long-term plan) to eventually replace
BuildSurceImage with something else, in this case Buildah.
This commit adds the initial base functionality along with tests to make
sure we're not regressing. The new commands do the following:
* `create` - creates an empty and initialized source image
* `add` - tar up a local path and add it as a layer to the souce image
* `push/pull` - intentionally separate commands from `buildah push/pull`
to allow for an easier usage and prevent the
implementations from undesired (future) interference
Further note: also vendor in c/image@master which ships a required fix.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
As pointed out in containers/podman/issues/10730, the man pages of
buildah/podman push/pull were incomplete in explaining all supported
transports. To keep things simple, explain the defaults, refer to
containers-transports(5).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
It affects all transports; and without --format, we try several manifest formats.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Currently the /usr/bin/cpp will blow up if a user adds a
comment to a containerfile that is not a preprocessor.
Since the Containerfile.in could include other Containerfile
which may have comments, begining with `#` this can cause
problems.
If we just warn on these errors, we can successfully process
all of the containerfiles.
Fixes: https://github.com/containers/buildah/issues/3229
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add support for secrets. Secrets is a two-part flag that allows secret files to
be accessed for a certain RUN instruction, but not any other
instructions, as well as now showing up in the final image.
Signed-off-by: Ashley Cui <acui@redhat.com>
Add command to actually remove the manifest list. This
uses the same basic code that buildah rmi uses, but makes
the error messages more specific to a manifest list.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Move all code related handling container image over to the new
`libimage` package in containers/common. The new package is an
attempt to consolidate the code across the containers tools under the
github.com/containers umbrella.
The new `libimage` packages provides functionality to perform all kinds
of operations for managing images such as local lookups, pushing,
pulling, listing, removing, etc.
The following packages have been moved over the containers/common:
`manifests` -> `common/image/manifests`
`pkg/manifests` -> `common/pkg/manifests`
`pkg/supplemented` -> `common/pkg/supplemented`
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Details:
1. CommitOptions struct does not belong to `define` package anymore.
2. Formatting fixes threw by MD lint.
Signed-off-by: Francisco M. Casares <francares@gmail.com>
If the logging level is at least "trace", log the final error we print,
if there is one, using %+v as the verb, or %v (changed from %s)
otherwise. If the error was wrapped using github.com/pkg/errors, this
will provide a backtrace.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --from option to `buildah add` and `buildah copy`, mirroring the
option for the Dockerfile instruction.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
@giuseppe spotted a typo in rootlful instead of rootful in
https://github.com/containers/podman/pull/9774.
As I'd cut/pasted from Buildah, I thought I should clean up
here too.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
We've had a few BZ's come in recently where users were confused about
using the `--userns*` options for build and from inside of a rootless
container. It's not allowed, but it's not documented that way. This
change adds further documenation for them. This will satisfy this
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1931261
Once merged, similar changes are necessary in the `podman build`
man pages.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
PR #2869 (--manifest) documented --arch and --os in the
buildah-from man page, without realizing that those were
already documented.
Here I choose to keep the old --arch and the new --os
Signed-off-by: Ed Santiago <santiago@redhat.com>
We want to shrink the size of the import when importing pkg from
buildah. This should help us shrink the size of the golang bindings
in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently we can remove configuration data in buildah config
by adding a trailing "-". This PR adds support for this in --port
calls. Also added support for clearing all config for a specified
option, if the user specifies "-".
Currently the code blocks setting ANNOTATIONS and LABELS without a
value. This is broken and should be allowed.
Similarly we were not expaning envioronment variables from the host when
they were not set.
podman run --env foobar
is valid,
so
buildah config --env foobar
should also be valid.
Fixes: https://github.com/containers/buildah/issues/2859
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Users have gotten confused when attempting the introduction turturial in
rootless mode. Explain that they have to `buildah unshare` before
mounting the image.
Fixes: https://github.com/containers/buildah/issues/2833
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When you create a manifest or pull a manifest, it shows up
inside of the buildah images list. When you go to inspect it
the inspect code blows up with a cryptic error message.
This patch fixes this problem and just uses the buildah manifest inspect
code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
OpenShift Merge Robot
Nalin Dahyabhai
Valentin Rothberg
Jan Luebbe
Daniel J Walsh
Jacob Gillespie
Дилян Палаузов
dependabot[bot]
Miloslav Trmač
Kye Shi
Ashley Cui
Francisco M. Casares
TomSweeneyRedHat
Dan Young
Jakub Guzik
Ed Santiago
Toomas Vendelin