- Update the version number to v1.24.5 for tagging a new release.
- Drop commas from changelog dates because `rpmspec -q` doesn't like them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We need to use the default from containers.conf and not hardcode them in
buildah. This fixes an issue with the cni network backend since it would
try to access /etc/cni/net.d/ even as rootless user. This regression was
introduced in commit f9cff07b81.
Also hide the cni flags as we do not expect users to change this. The
recommended way is to change them in containers.conf.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman uses the new netavark network stack. Buildah should be able to do
the same. Both projects should use the same networking code which was
move to c/common/libnetwork. The new network interface can use either
CNI or netvavark. Using the same code for podman and buildah is
important to ensure that both use the same backend. Mixing CNI and
netavark is not supported.
This also fixes some outstanding CNI issues, e.g. buildah trying to
connect all cni networks.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This idea of this PR is to allow Podman to add a Podman
prefix to containers. This would allow it to keep track
of containers created by Podman and make it easier to remove
them when it wants to remove all.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When define.TempDirForURL() runs an external command, if it fails,
include the command's output in the error that's handed back to its
caller so that the end-user has some idea of what happened.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Run secrets can now be created from an environment variable. The
environment variable is read and is briefly stored as a file on /dev/shm
when it's being used, and the file is removed after the RUN command is
finished.
Fixes: #3524
Signed-off-by: Ashley Cui <acui@redhat.com>
Users have accidently had a .containerignore or .dockerignore
file in their context directly which blocked all content.
Currently we report that no globs matched, but do not
identify where the globs came from.
This change is an attempt to add this data to the error.
Example: https://github.com/containers/buildah/issues/3318
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a --all-platforms that instructs the builder to build for the
intersection of all platforms for which the build's base images are
available. Returns an error if any of them aren't references to
manifest lists. We've learned that we can't really trust architecture
and OS information stored in image config blobs, so we don't try to
salvage that case.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The build with git URL recognizes git URLs by either a git:// scheme prefix, or
any other URL with other schemes such as https:// and a .git suffix.
The build with git URL and branch recognizes the branch name as the fragment
part of the URL, the part after the #.
The .git suffix check is performed by checking that the suffix of the full URL
is .git, however this causes URLs that begin with scheme https://, and have a
.git path suffix, to not be recognized as git URLs when a branch name is
appended.
The logic for checking if the URL path is suffixed with .git should parse the
URL first and consider only the path when looking for the suffix. This change
is implemented in this commit.
This commit also removes the guard within the cloneToDirectory function because
it is unnecessary since every location the function is called the check has
already been carried out.
Signed-off-by: Leigh McCulloch <351529+leighmcculloch@users.noreply.github.com>
Move multiple-platform build juggling logic from the CLI wrapper
directly into the imagebuildah package, to make using it easier for
packages that consume us as a library.
This requires reading Dockerfiles into byte slices so that we can
re-parse them for each per-platform build, rather than parsing them
directly, as we used to, since building modifies the parsed tree.
When building for multiple platforms, prefix progress log messages with
the platform description.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow ssh socket from host or certain ssh keys to be exposed to a
certain RUN instruction, but not any other instructions, as well as not
showing up in the final image.
This is done by spawining a new agent from buildah and mounting
the listening socket inside the run. SSH_AUTH_SOCK inside the container
will be set to the socket mountpoint. The defualt mountpoint is
/run/buildkit/ssh_agent.{i}
Signed-off-by: Ashley Cui <acui@redhat.com>
Add a pkg/parse.PlatformsFromOptions() which understands a "variant"
value as an optional third value in an OS/ARCH[/VARIANT] argument value,
which accepts a comma-separated list of them, and which returns a list
of platforms.
Teach "from" and "pull" about the --platform option and add integration
tests for them, warning if --platform was given multiple values.
Add a define.BuildOptions.JobSemaphore which an imagebuildah executor
will use in preference to one that it might allocate for itself.
In main(), allocate a JobSemaphore if the number of jobs is not 0 (which
we treat as "unlimited", and continue to allow executors to do).
In addManifest(), take a lock on the manifest list's image ID so that we
don't overwrite changes that another thread might be making while we're
attempting to make changes to it. In main(), create an empty list if
the list doesn't already exist before we start down this path, so that
we don't get two threads trying to create that manifest list at the same
time later on. Two processes could still try to create the same list
twice, but it's an incremental improvement.
Finally, if we've been given multiple platforms to build for, run their
builds concurrently and gather up their results.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Currently the rusage is reported to stdout and rather cumbersome to parse. The
new flag rusage-logfile can be used to specify a file to which the log will be
written instead.
Signed-off-by: Dan Čermák <dcermak@suse.com>
Add support for secrets. Secrets is a two-part flag that allows secret files to
be accessed for a certain RUN instruction, but not any other
instructions, as well as now showing up in the final image.
Signed-off-by: Ashley Cui <acui@redhat.com>
If a git repository contains submodules, we need to check them all
out because the Containerfile/Dockerfile at the repo might use them.
Fixes: https://github.com/containers/buildah/issues/3104
It is too complicated to setup a recursive submodules git repo, so
setting no tests needed.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently it is impossible to switch from a PullPolicy type
and PolicyMap via strings. This PR Makes the types align.
This is required to make passing of PullPolicy in podman-remote
to work.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This PR removes the pkg/auth which brings in docker/docker
since it really is not needed, and was only there to help users
discover the settings of where the authfile was, when the environment
variables were set. Would almost never be of any value.
Move imagebuildah.BuildOptions to define.BuildOptions
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When we parse isolation we expect users to input chroot, oci, rootless.
So when we translate the constants back to strings, we should use the
same values.
These human names need to be passed over the podman-remote build
bindings, so we need to make them match.
Also docker describes an isolation of "default", which we should also
handle for potential scripts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want to shrink the size of the import when importing pkg from
buildah. This should help us shrink the size of the golang bindings
in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
refeactor the pullpollicy to its own package so that it can be imported on its own without deps like containers/storage, etc. this will help consuming podman's go bindings.
Signed-off-by: baude <bbaude@redhat.com>
tomsweeneyredhat
Aditya R
Nalin Dahyabhai
Lokesh Mandvekar
Paul Holzinger
Daniel J Walsh
Ashley Cui
Leigh McCulloch
Kirill Shirinkin
openshift-ci[bot]
Dan Čermák
baude