* Refactor NewImageSource to add a manifest type abstraction
Currently, NewImageSource creates a Docker schema2 manifest and an OCI
manifest at the same time. This precludes functionality that isn't
supported by both manifest types, for example zstd compression.
Refactoring this to create only the desired manifest type solves this
and also cleans up the code by separating manifest-type-specific code
into distinct implementations of a "manifest builder".
See discussion in https://github.com/containers/buildah/pull/5452.
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
* Review feedback
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
* Review feedback, round 2
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
---------
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
Co-authored-by: flouthoc <flouthoc@users.noreply.github.com>
If multiple layers are found as cache candidates then select the layer
which was created recently.
Closes: https://github.com/containers/buildah/issues/6152
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Added a ROADMAP.md file per CNCF requirements.
Updated the GOVERNANCE.md file to point to and use the local
MAINTAINERS.md file instead of the one in Podman. Also added
links to the OWNERS file.
Updated the MAINTAINERS.md file to bump Aditya Rajan to a
Maintainer from a reviewer. Having him as a reviewer was
a cut/paste error that was not caught when the file was
first generated from the Podman file.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Fixes: https://github.com/containers/buildah/issues/6160
label_users tells buildah and podman to maintain the user and role
from the SELinux label, the default is to change the user and role to
system_u:system_r.
With this change we end up with an unconfined_u user running the
container as unconfined_u:unconfined_r.
I don't believe our CI/CD system can test this, because it runs with
system_u:system_r by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fix a descriptor leak in the helper, and add some minimal support for
clients that might want to scrape HTML of a directory to walk the
filesystem.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Replace our use of the
github.com/opencontainers/runc/libcontainer/devices.Permissions type
with the github.com/opencontainers/cgroups/devices/config.Permissions
type, which the former is now an alias for.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This option is set from CommitOptions.HistoryTimestamp, which
corresponds to the buildah option '--timestamp', and therefore is off
by default.
If this option is not given, we can save ourselves one layer of
copying (tar filtering is a tar.Reader/tar.Writer connnected with io.Pipe())
Signed-off-by: Han-Wen Nienhuys <hanwen@engflow.com>
As of
e024854ba3,
Uname/Gname fields are not populated on Unix. On Windows, the golang
tar package leaves the Uname/Gname fields empty.
Signed-off-by: Han-Wen Nienhuys <hanwen@engflow.com>
Bumps:
c/storage to v1.58.0
c/image to v5.35.0
c/common to v0.63.0
In preparation for Buildah 1.40.0 and Podman v5.5.0
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Aaron Lehmann
Lokesh Mandvekar
flouthoc
tomsweeneyredhat
openshift-merge-bot[bot]
renovate[bot]
Sascha Brawer
Daniel J Walsh
Nalin Dahyabhai
Han-Wen Nienhuys
Paul Holzinger