Use the new etchosts package to generate the hosts file.
This will ensure that we use the same logic in podman and buildah.
New features are:
- no duplicated entries
- adds entries for the network/slirp4netns ips
- configure the host.containers.internal entry in containers.conf
- configure the base hosts file in containers.conf
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As pointed out by unparam linter, the bool returned by resolveName is
never used (at least since commit e1444dd71e).
Also, since commit dcd2a92e56, resolveName is no longer public.
Remove the bool and the code which calculates it.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The `IgnorePlatform` options has been removed from the
`LookupImageOptions` in libimage to properly support multi-arch images.
Buildah always set it to true.
Also temporarily remove /usr/share/containers/containers.conf. c/common
is now throwing warnings when facing unknown keys which unfortunately is
the case with the upstream containers.conf and ultimately breaks CI
since some output checks are failing.
Once an updated containers.conf has been shipped, we can revert the
change.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
It is not used, and it should check the current list of transports
from c/image/transports instead of hard-coding (like cmd/buildah/push.go
currently does).
(Is this an API break`?)
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Update Buildah to the latest libimage. Migrating Podman over to
libimage entailed a number of fixes and changes to libimage which
we need to account for in Buildah.
Most notably:
* `(*Runtime).LookupImage()` now returns `storage.ErrImageUnknown`
instead of `nil` in case no matching image is found.
* `(*Runtime).LookupImage()` now does quite a bit more work finding
a local image and will also look at the repotags (or digests) of
all local images if needed.
* The signature of `(*Runtime).RemoveImages()` was changed and now
returns a slice of reports and errors. The reports aggregate the
data of a removed image which allows the function to be used by
`podman image prune` which is also interested in the size of the
removed data. The slice of errors is also needed in Podman which
needs to have a closer look at _all_ rmi errors in order to determine
the appropriate exit code (Docker compat).
* `libimage/types` has been removed. Pull policies have been merged
into already existing logic in `pkg/config`.
Please refer to containers/podman/pull/10147 for a more detailed
changelog.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Restore the push and pull API that commit dcd2a92e56 removed.
These changes would break vendoring into openshift/builder due
to build errors.
For the same reason, restore `util.FindImage` and `util.AddImageNames`
but deprecate the `findRegistry` argument.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Move all code related handling container image over to the new
`libimage` package in containers/common. The new package is an
attempt to consolidate the code across the containers tools under the
github.com/containers umbrella.
The new `libimage` packages provides functionality to perform all kinds
of operations for managing images such as local lookups, pushing,
pulling, listing, removing, etc.
The following packages have been moved over the containers/common:
`manifests` -> `common/image/manifests`
`pkg/manifests` -> `common/pkg/manifests`
`pkg/supplemented` -> `common/pkg/supplemented`
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
runc now works with cgroupsV2 so buildah should not hard code crun.
Fixes: https://github.com/containers/buildah/issues/3160
[NO TESTS NEEDED] This would be very difficult and complicated to test.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently depending on the sort order of mount points, we can overmount
a volume specified from the user. Podman has a function sortMount that
sorts all mounts based on destination directory to ensure all mounts
show up. This PR moves the function from Podman to Buildah. Once merged
I will change Podman to use the buildah function.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This PR removes the pkg/auth which brings in docker/docker
since it really is not needed, and was only there to help users
discover the settings of where the authfile was, when the environment
variables were set. Would almost never be of any value.
Move imagebuildah.BuildOptions to define.BuildOptions
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Detect local-image lookups by digest. Those clearly refer to local
images only, so we must not proceed to remote lookups.
Note that the specifed digest refers to an image ID and not to the
digest of an image's manifest.
Fixes: #2836
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Currently we have a weird situation where the user sets the default
runtime in his containers.conf for podman but Buildah is still falling
back to use runc because it was hard coded as the default for Buildah.
I would like to remove this default, but that would theoretically break
the API promise of Buildah.
This should fix https://github.com/containers/podman/issues/8893
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When combining lists of environment variables, or environment variables
combined with build arguments, always deduplicate sets of values.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
fix#2205 Validate the supported transports to fix the corner case. Do not use docker as transport if `docker:` is Docker Official Image
Signed-off-by: Qi Wang <qiwan@redhat.com>
After determining the type of runtime to use,
either "runc" or "crun" dependent upon the system, search
the list of that type of runtime in the containers.conf
file. It includes the location of those runtimes in a
number of different architectures. Once found, set the
runtime to use to that value.
Fixes: #2113
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Before this patch, it was not possible to retrieve a remote manifest
just by specifying the image name, like:
```
> buildah manifest inspect alpine
Invalid image name "alpine", expected colon-separated transport:reference
```
It was possible to get the manifest via:
```
> buildah manifest inspect docker://alpine
…
```
But after pulling the image into the local storage, this works not any
more:
```
> buildah pull alpine
e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a
> buildah manifest inspect docker://alpine
manifest from image … is of type
"application/vnd.docker.distribution.manifest.v2+json", which
is not a list type
ERRO exit status 1
```
This means we now collect a list of possible local or remote manifests
and try to resolve them sequentially. This enables us to fallback to the
remote location if the locally fetched manifest is not an actual
manifest. It also enables us to see the remote manifest via:
```
> ./buildah manifest inspect alpine
{
…
}
```
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
We have moved share code from buildah, podman and others into containers/common.
Specifically for this PR we are moving to use containers/common/pkg/unshare and
containers/common/pkg/cgroups.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #2010
Approved by: QiWang19
Typo from 765c09d6db (Update containers/image to v2.0.0, 2019-06-03, #1634).
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1861
Approved by: TomSweeneyRedHat
Image names longer than 32 characters will now be truncated via `...` in
the default table output. For example this:
```
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
579aa959bb4d * 9b1a5a0c02f5 docker.io/clearlinux/golang:latest golang-working-container
```
Now looks like this:
```
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
579aa959bb4d * 9b1a5a0c02f5 docker.io/clearlinux/golang:l... golang-working-container
```
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1841
Approved by: rhatdan
We need to run with crun rather then runc on cgroupsV2 platforms.
runc does not currently support cgroups V2, so if the machine is
in cgroups V2 mode we have to use crun by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1823
Approved by: @TomSweeneyRedHat
Fix handling of ID mapping for COPY: when copying from other containers,
use their mappings, and when copying from the host, use host mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1630
Approved by: TomSweeneyRedHat
Container image also switched out the version of bolddb
we were uisng.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1586
Approved by: vrothberg
In multistage builds without caching, if an intermediate stage's image
ended up being the final image (i.e., when the last instruction in the
Dockerfile is a FROM instruction that references a previous stage), we
would remove it when we finished building. Fix that by modifying the
cleanup logic to compare the ID of an image that it's about to delete to
the final image's ID, if it has one, and skipping it if they match.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1564
Approved by: vrothberg
This will make vendoring in pkg/unshare easier into other
packages like skopeo.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1532
Approved by: TomSweeneyRedHat
When ResolveName has already determined that the value is an
ID (prefix), and returned the full ID, rely on that knowledge
and don't try at all to pull the image from a 'remote transport ""';
also, don't try to match strings that are already known not to be
ID prefixes, or that are known to use a different transport, against
local storage.
Should not change behavior, except possibly in theoretical
inconsistency cases when store.Image(knownImageID) fails; the code
now does not report other unrelated errors on the transport == ""
path below.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1361
Approved by: rhatdan
No need to hard-code the :tag / @digest syntax when there
already is an API returning the string representation.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1361
Approved by: rhatdan
Change references to Transfer to transfer to make it internal only.
It should be determined from the image specification and only determined
in one place.
Make buildah.Pull use registries.conf
Currently buildah pull does not resolve images based on registries.conf
This does not match the behaviour of buildah from or buildah bud
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1319
Approved by: rhatdan
When reading the last of the output from a child process, ignore an EIO,
since we already got the HUP indication.
Avoid double-logging errors in our I/O loop when using isolation other
than chroot (spotted by @afbjorklund).
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1273
Approved by: rhatdan
Mostly this is a straightforward elimination of manual GetRegistries calls.
In getCopyOptions, we just remove setting the DockerInsecureSkipTLSVerify
values because the docker:// tranport now does that automatically. (This
actually changes behavior, because docker:// supports namespace prefixes
in addition to matching only by hostnames, but that's a superset of the
previous behavior.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1214
Approved by: rhatdan
pullImage now tries (incorrectly) to redundantly compute the same
value as part of error handling. So, return the actually used
data in util.ResolveName.
The computed value is not used yet, so should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #909
Approved by: rhatdan
if XDG_RUNTIME_DIR is not set, try in the order:
- /var/run/user/$UID/run
- $HOME/rundir
also set the XDG_RUNTIME_DIR so that the OCI runtime will
use the same settings.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1077
Approved by: rhatdan
Allow util.ResolveName() to return errors from libraries that it uses.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #948
Approved by: rhatdan
Switch from using github.com/containers/image/pkg/sysregistries to using
github.com/containers/image/pkg/sysregistriesv2 to complete unqualified
image names. Keep v1 around because it'll tell us which configuration
file to name in an error message if things don't work right.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #904
Approved by: rhatdan
When building with layers, the last step wouldn't get implemented
if a cache already existed. This fix checks if every step in the dockerfile
is the same, and if it is it just creates a copy of the existing image
with the new name passed in by the user. The images will have the same
IDs and the new one will just be another tag of the original image.
This is what docker build does as well.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #832
Approved by: rhatdan
If our CLI is invoked as an unprivileged user (uid != 0),
* create a namespace using our own UID and GID as "0" followed by the
ranges matching our name and our primary group's name that we find in
/etc/subuid and /etc/subgid (the latter by way of using newuidmap and
newgidmap)
* re-exec ourselves inside of that user namespace, prepending global CLI arguments that:
* override the driver from storage.conf with "vfs"
* override the storage root from storage.conf with a "containers/storage" subdirectory
of $XDG_DATA_HOME, or $HOME/.local/share.
* override the storage runroot from storage.conf with either "$XDG_RUNTIME_DIR/run" or
"/var/run/user/$uid/run"
* set default ID mapping settings to map all of the ranges matching
our name and our primary group's name that we found in /etc/subuid
and /etc/subgid
* can still be overridden using the command line
Add a "buildah unshare" CLI that will start an arbitrary command in the
first namespace, so that manual cleanup of locations used by the second
namespace will be possible.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #823
Approved by: rhatdan
Break getProcIDMappings() out of run.go and turn it into
util.GetHostIDMappings(), and add util.GetSubIDMappings() and
util.ParseIDMappings().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #796
Approved by: rhatdan
Paul Holzinger
Kir Kolyshkin
Daniel J Walsh
Valentin Rothberg
Miloslav Trmač
Nalin Dahyabhai
Qi Wang
TomSweeneyRedHat
Sascha Grunert
W. Trevor King
Šimon Lukašík
Giuseppe Scrivano
umohnani8