if a mountProgram is specified, use it also in rootfull mode.
Closes: https://github.com/containers/buildah/issues/3281
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The backend logic already supports specifying custom network names. This
only adds the support for the frontend parsing.
Fixescontainers/podman#12282
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Per @edsantiago 's suggestion, make the pull commands consistent, always
accepting a value. Currently we have:
--pull
--pull=true
--pull=false
--pull-never
--pull-always
With this changes, we will only have pull with a variety of options,
ala:
--pull
--pull=true
--pull=false
--pull=never
--pull=always
For backward compatibility, the --pull-never and --pull-always
options will remain operational, however they are not documented
and are conisdered deprecated.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Allow users to specify non-volatile `upper` and `workdir` with overlay
mounts.
Usage
```console
buildah from alpine
buildah run -v /something/lower:/test:z,O,upperdir=/somewhere/upperdir,workdir=/somwhere/workdir alpine-working-container cat /test/hello
```
Signed-off-by: Aditya R <arajan@redhat.com>
Expose `MountWithOptions` for overlay which allows users to pass more
verbose configuration for overlay mounts.
For instance `upperdir, workerdir` and in future `volatile`.
Signed-off-by: Aditya R <arajan@redhat.com>
In situations where you don't want/need Cobra climbing behavior nor
Cobra at all using FlagSet is the easier sell.
Signed-off-by: Andreas Bergmeier <abergmeier@gmx.net>
In situations where you don't want/need Cobra climbing behavior nor
Cobra at all using FlagSet is the easier sell.
Signed-off-by: Andreas Bergmeier <abergmeier@gmx.net>
In situations where you don't want/need Cobra climbing behavior nor
Cobra at all using FlagSet is the easier sell.
Signed-off-by: Andreas Bergmeier <abergmeier@gmx.net>
In situations where you don't want/need Cobra climbing behavior nor
Cobra at all using FlagSet is the easier sell.
Signed-off-by: Andreas Bergmeier <abergmeier@gmx.net>
We need to use the default from containers.conf and not hardcode them in
buildah. This fixes an issue with the cni network backend since it would
try to access /etc/cni/net.d/ even as rootless user. This regression was
introduced in commit f9cff07b81.
Also hide the cni flags as we do not expect users to change this. The
recommended way is to change them in containers.conf.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Following commit adds buildkit like support for `from` field to `--mount=type=bind`
and `--mount=type=cache` so images and stage can be used as mount source.
Usage looks like
```dockerfile
RUN --mount=type=bind,source=.,from=<your-image>,target=/path ls /path
```
and
```dockerfile
RUN --mount=type=cache,from=<your-image>,target=/path ls /path
```
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Buildah is mainly building with Host Namespaces, this changes most
namespaces to be private matching Podman and using containers.conf
Fixes: https://github.com/containers/buildah/issues/3634
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In image-spec 1.0.2, the MediaType field is now available in OCI
manifests, so set it.
Update the imgtype helper to output the MediaType field as-is from OCI
image manifests instead of just always supplying the expected value.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
There are cases where remote will close connection by itself with a message
make sure we give connection enough time instead of closing explictly
early.
Future improvement: Relay output and perform close instead of relying on `ServeAgent` to flush
buffer by closing connection.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
NetworkPolicy should be set as NetworkEnabled when expliclty specified using
`--network` instead of silently marking it as NetworkDefault.
NetworkDefault is equivalent to NetworkEnabled but we can use
NetworkEnabled to verify if user explicitly used `--network` and prevent
override from builder configs.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Run secrets can now be created from an environment variable. The
environment variable is read and is briefly stored as a file on /dev/shm
when it's being used, and the file is removed after the RUN command is
finished.
Fixes: #3524
Signed-off-by: Ashley Cui <acui@redhat.com>
In linux, directory can contains colon.
Add support to mount path contains colon.
buildah run --volume /root/a\\🅱️/root/test:O
Signed-off-by: chenk008 <kongchen28@gmail.com>
Users have accidently had a .containerignore or .dockerignore
file in their context directly which blocked all content.
Currently we report that no globs matched, but do not
identify where the globs came from.
This change is an attempt to add this data to the error.
Example: https://github.com/containers/buildah/issues/3318
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Following PR inroduces a new mount type=cache in parity to buildkit
which allows users to share persistant cache between different builds.
Allowing users to cache content generated by bussiness logic or enhance
build performance by caching components across builds.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Following commit adds support for using buildkit like
`--mount=type=bind` with `RUN` statements. Mounts created by `--mount`
are transient in nature and only scoped to current RUN statements.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Add a --all-platforms that instructs the builder to build for the
intersection of all platforms for which the build's base images are
available. Returns an error if any of them aren't references to
manifest lists. We've learned that we can't really trust architecture
and OS information stored in image config blobs, so we don't try to
salvage that case.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When checking if `go test` supports `-race` on the current platform, use
`-mod=vendor` if it's available, so that the compiler won't try to pull
down our dependencies, and run it against a package that has fewer
dependencies.
Run `go tool dist list` once, and filter its results to derive the
cross-compile target lists, rather than running it three times.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This patch sets the userxattr field when run in rootless mode.
Fixes: https://github.com/containers/buildah/issues/3503
Patch came from @flouthoc Aditya Rajan <arajan@redhat.com>
[NO TESTS NEEDED] Since this can not be tested in CI/CD system yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Following PR makes sure that buildah mirrors --authfile to a temporary
file in filesystem if arg is pointing to an FD instead of actual file
as FD can be only consumed once.
Fixes: https://github.com/containers/buildah/issues/3070
Signed-off-by: Aditya Rajan <arajan@redhat.com>
The golang.org/x/crypto/ssh/terminal package has been deprecated and
replaced upstream by golang.org/x/term, so switch to that. It's a
simple 1:1 replacement.
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we're told to add built images to a manifest list, manipulate the
list ourselves, so that if we're creating a list, we won't have a
partially-populated list if some of the builds fail.
This also lets us include all of the platform information (including
variant info, which we can't sniff out after the fact) that we were
given when we started building the images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Following function generates a permanent overlayfs struct as compared to tempdir.
[NO NEW TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Allow ssh socket from host or certain ssh keys to be exposed to a
certain RUN instruction, but not any other instructions, as well as not
showing up in the final image.
This is done by spawining a new agent from buildah and mounting
the listening socket inside the run. SSH_AUTH_SOCK inside the container
will be set to the socket mountpoint. The defualt mountpoint is
/run/buildkit/ssh_agent.{i}
Signed-off-by: Ashley Cui <acui@redhat.com>
Add a pkg/parse.PlatformsFromOptions() which understands a "variant"
value as an optional third value in an OS/ARCH[/VARIANT] argument value,
which accepts a comma-separated list of them, and which returns a list
of platforms.
Teach "from" and "pull" about the --platform option and add integration
tests for them, warning if --platform was given multiple values.
Add a define.BuildOptions.JobSemaphore which an imagebuildah executor
will use in preference to one that it might allocate for itself.
In main(), allocate a JobSemaphore if the number of jobs is not 0 (which
we treat as "unlimited", and continue to allow executors to do).
In addManifest(), take a lock on the manifest list's image ID so that we
don't overwrite changes that another thread might be making while we're
attempting to make changes to it. In main(), create an empty list if
the list doesn't already exist before we start down this path, so that
we don't get two threads trying to create that manifest list at the same
time later on. Two processes could still try to create the same list
twice, but it's an incremental improvement.
Finally, if we've been given multiple platforms to build for, run their
builds concurrently and gather up their results.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add new `buildah source {create,add,push,pull}` commands. All commands
are marked as experimental. None of it is meant to be officially
supported at the time of writing. All code resides in `internal/source`
and is hence not visible to external consumers of Buildah; just to be
on the safe side.
A source container or source image is an OCI artifact, that is an OCI
image with custom config (media type). There is a longer history behind
source images which are intended to ship the source artifacts of an
ordinary "executable" container image. Until now, source images at
Red Hat are built with github.com/containers/BuildSourceImage. We had a
growing desire (and always the long-term plan) to eventually replace
BuildSurceImage with something else, in this case Buildah.
This commit adds the initial base functionality along with tests to make
sure we're not regressing. The new commands do the following:
* `create` - creates an empty and initialized source image
* `add` - tar up a local path and add it as a layer to the souce image
* `push/pull` - intentionally separate commands from `buildah push/pull`
to allow for an easier usage and prevent the
implementations from undesired (future) interference
Further note: also vendor in c/image@master which ships a required fix.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
At some point code from buildah/pkg/parse we copied into
containers/common/pkg/parse. Buildah should use the new code
now, so that we only have to make changes in one place.
[NO TESTS NEEDED] Since there is no new code added.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently the rusage is reported to stdout and rather cumbersome to parse. The
new flag rusage-logfile can be used to specify a file to which the log will be
written instead.
Signed-off-by: Dan Čermák <dcermak@suse.com>
Giuseppe Scrivano
OpenShift Merge Robot
Paul Holzinger
tomsweeneyredhat
Daniel J Walsh
Aditya R
Andreas Bergmeier
Kir Kolyshkin
Nalin Dahyabhai
Ashley Cui
chenk008
Aditya Rajan
Kirill Shirinkin
openshift-ci[bot]
Valentin Rothberg
Miloslav Trmač
Dan Čermák