Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If errors for which os.IsExist() or os.IsNotExist() would have returned
true have been wrapped using fmt.Errorf()'s "%w" verb, os.IsExist() and
os.IsNotExist(), not having been retrofitted to use errors.Is(), will
return false.
Use errors.Is() to check if an error is an os.ErrExist or os.ErrNotExist
error instead of calling os.IsExist() or os.IsNotExist().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Fix this warning from gosimple linter:
> util.go:127:19: S1040: type assertion to the same type: ref.DockerReference() already has type reference.Named (gosimple)
> if named, ok := ref.DockerReference().(reference.Named); ok {
> ^
Since containers/image commit dfe2fafaa2d702e5a932721aed55b996024051b1
(made in 2017), DockerReference() always return reference.Named type.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Golang built in functions like os.Create and others print the name of
the file system object when they fail. Wrapping them a second time
with the file system object, makes the error message look like crap
when reported to the user.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use the copier package to rework how we handle ADD and COPY.
When evaluating cache for content that's being copied/added in, switch
from (digest the data, check for a cache entry, then maybe copy the data
and create the new layer) to (copy the data and create the new layer,
digesting as we go, check for a cache entry, either commit or discard
the new layer).
Use the copier package for ADD, COPY, and for ensuring that a specified
directory exists in the working container's rootfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This interface will allow callers to specify a storage container id
and the store and return whether or not the container is a buildah
container.
We want to add the ability to for Podman to identify containers in storage
that it did not create or were created via podman build command.
Podman will use this information to help user identify where the container
came from.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Close source files after we've finished reading from them, rather than
leaving it for later.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #2072
Approved by: giuseppe
Make sure we evaluate b.ContentDigester.Hash() every time the callback
returned by Builder.untarPath() is called, since it may be for a
different digest object than the previous time it was called, or
different even from when the callback was first retrieved.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1955
Approved by: rhatdan
Use digests of the added content in history entries that we create for
ADD and COPY instructions, tightening up cache checking just a little
bit more.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1792
Approved by: TomSweeneyRedHat
Add a DryRun flag to AddAndCopyOptions, so that we can "copy" content to
digest it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1792
Approved by: TomSweeneyRedHat
Detect files that are hard linked together, and use that information to
avoid copying their contents more often than we have to.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1789
Approved by: rhatdan
Teach copyFileWithTar() about symbolic links and directories, and use it
to produce tar data to feed to untar() instead of special-casing them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1785
Approved by: vrothberg
Fix handling of ID mapping for COPY: when copying from other containers,
use their mappings, and when copying from the host, use host mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1630
Approved by: TomSweeneyRedHat
Add configuration methods for adding entries which will show up in a
committed image's history, both before and after the new layer that we
add while committing the image. Expose them from the CLI in the form of
a new --add-history option for the "add", "config", "copy", and "run"
commands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1300
Approved by: rhatdan
These functions are no longer used. Also, code should typically rely
on the automatic use of the sysregistriesv2 configuration inside
c/image/docker instead of managing that manually, so they are
unlikely to have any users in the future.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1255
Approved by: rhatdan
Mostly this is a straightforward elimination of manual GetRegistries calls.
In getCopyOptions, we just remove setting the DockerInsecureSkipTLSVerify
values because the docker:// tranport now does that automatically. (This
actually changes behavior, because docker:// supports namespace prefixes
in addition to matching only by hostnames, but that's a superset of the
previous behavior.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1214
Approved by: rhatdan
ReserveSELinuxLabels() checks if an error returned by OpenBuilder() is a
does-not-exist error, but OpenBuilder() returns wrapped errors now, and
it wasn't checking the root cause error.
When newBuilder() fails, check the right error value when deciding
whether or not deleting the partially-constructed container failed.
OpenBuildersByPath() shouldn't choke on non-buildah containers, so have
it handle does-not-exist errors the same way OpenAllBuilders() does.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1109
Approved by: rhatdan
Use the value now returned by util.ResolveImage instead of trying to
recompute it.
Then drop the no longer used getRegistries. (It might be reasonable
to split that part of util.ResolveImage to make it shorter; but it should
not ideally have any independent second-guessing callers. So, just
keep the inlined one instead; that way we certainly don't break it.)
Also drop the no longer used hasRegistry.
CHANGES BEHAVIOR:
- Most notably, the "short name but no search registries" code
has been broken for some time; pullImage was called with
localhost/$shortname, which was a qualified name, so the
specialized error handling was never attempted.
- Temporarily, the error handling in the "short name but no
search registries" code trigers even if there were actually
valid values to try (in practice there is always localhost/$shortname,
and possibly also options.Registry/$shortname). The next commit
will improve it again.
- We now have more legitimate access to the original short name,
so include it in the error message (it was technically available
before, but using it was awkward).
NOTE: registriesConfPath is computed using the sysregistries
package, but actual access happens using the sysregistriesv2 package.
That should be cleaned up eventually.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #909
Approved by: rhatdan
Make sure that when attempting to diagnose an error, if we encounter an
error during the diagnostic attempt, we return the original error rather
than the error encountered in trying to diagnose it. Log that one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1072
Approved by: rhatdan
Check if reading and writing from the registry named by an image is
allowed when the transport is "docker".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1056
Approved by: rhatdan
The image library's copy routine doesn't itself consult the registries
configuration in order to decide whether or not to disable TLS
verification when communicating with a registry, so it's on us to use
the name of a source or destination image to decide whether to set the
flag for that behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1056
Approved by: rhatdan
We want to make sure that buildah and podman don't use the
same SELinux MCS Labels. So we need to export this function
so libpod can use it.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1041
Approved by: rhatdan
Switch from using github.com/containers/image/pkg/sysregistries to using
github.com/containers/image/pkg/sysregistriesv2 to complete unqualified
image names. Keep v1 around because it'll tell us which configuration
file to name in an error message if things don't work right.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #904
Approved by: rhatdan
Instead of ignoring the global --registries-conf option and using only
$REGISTRIES_CONFIG_PATH, use it for the option default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #854
Approved by: rhatdan
Break getProcIDMappings() out of run.go and turn it into
util.GetHostIDMappings(), and add util.GetSubIDMappings() and
util.ParseIDMappings().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #796
Approved by: rhatdan
Break runSetupIntermediateMountNamespace() into its own package.
Move stringInSlice(), getHostIDs(), and getHostRootIDs() into the util
subdirectory and export them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #796
Approved by: rhatdan
Add a field to AddOrCopyOptions that can take an io.Writer, more often a
hash.Hash returned by digest.Digester's Hash() method, to calculate a
sum over what we add or copy.
Make the help output summarizing the arguments that "buildah add" and
"buildah copy" accept more closely match their man pages.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #766
Approved by: rhatdan
Use CNI to configure networks for containers for which we create new
network namespaces.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
Use ID mapping information when setting permissions on content that we
add to the container, and on secrets that we copy in, on pipes that we
use for stdio, and when extracting the whole filesystem as a "layer".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
Add options to the CLI that specify which cgroups we execute "run"
commands under, and controlling how we set up namespaces for them.
Pass them down to Builders that we create, and allow them to be
overridden by options passed to Builder.Run().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
If we're creating a user namespace, we always need to supply at least
one mapping for the UID and GID maps. If we're not given any mappings,
map the ranges that are available to us, instead of assuming we can map
all possible values, in case we're already in a user namespace.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
Read UID/GID mapping information when creating or importing containers,
and if there is mapping information, use it when building runtime
configurations.
Mounting sysfs in a user namespace requires that we also have our own
network namespace, so default to creating one for that case.
Switch permissions on files that we bind in so that they're writable
from inside of the container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
Maintain the container configuration in multiple formats in the Buildah
object, initializing one based on the other, depending on which format
the source image used for its configuration.
Replace directly manipulated fields in the Buildah object (Annotations,
CreatedBy, OS, Architecture, Maintainer, User, Workdir, Env, Cmd,
Entrypoint, Expose, Labels, and Volumes) with accessor functions which
update both configurations and which read from whichever one we consider
to be authoritative. Drop Args because we weren't using them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #102
Approved by: rhatdan
Have imagebuildah reexport some constants and its own Mount type, to
reduce the number of our dependencies that a prospective consumer of
this package would also need to import directly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #84
Approved by: rhatdan
Daniel J Walsh
Nalin Dahyabhai
Sascha Grunert
Kir Kolyshkin
Miloslav Trmač
Valentin Rothberg
Sascha Grunert
TomSweeneyRedHat