Fix the bug that buildah reads /var/run/containers.. as authentication file.(in readme files it should be /run/containers/uid).
Add `buildah login`, `buildah logout` to close#1329, enable to use buildah login before running buildah bud for multi-stage bud and avoiding using --creds flag.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1501
Approved by: rhatdan
buildah bud is ignoring --volumes flag.
This patch parses the volumes and then passes them into the builder to be used.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1559
Approved by: vrothberg
the podman remote-client for windows pulls in some buildah code for
things like commit and build. we need to perform some slight
refactoring of buildah code to accomodate that build.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1551
Approved by: rhatdan
- pass all proxy env vars
- --http-proxy option for bud and from
- bash_completion and docs
Signed-off-by: James Cassell <code@james.cassell.me>
Closes: #1525
Approved by: giuseppe
use --dns* flags to change /etc/resolv.conf in the container during the build.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1491
Approved by: rhatdan
Cobra does not allow a "," in a StringSlice, so we should
be using StringArrays. This fixes issues with setting
security-opts level flags.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1467
Approved by: TomSweeneyRedHat
if --net is not specified, default to use the host network namespace.
It is still possible to use slirp4netns with --network container.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1690209
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1421
Approved by: rhatdan
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Fix the polarity of tls-verify, during the Cobra conversion
it was inadvertently flipped.
At least partially addresses: #1332
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1351
Approved by: rhatdan
Mostly this is a straightforward elimination of manual GetRegistries calls.
In getCopyOptions, we just remove setting the DockerInsecureSkipTLSVerify
values because the docker:// tranport now does that automatically. (This
actually changes behavior, because docker:// supports namespace prefixes
in addition to matching only by hostnames, but that's a superset of the
previous behavior.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1214
Approved by: rhatdan
To verify the value of the isolation, verify that all strings are the same, not just the beginning of the string.
Avoid users mistakenly thinking that the wrong value entered is also a correct value.
```
➜ buildah git:(isolation-fix) ✗ buildah from --isolation chrootcc cc510acfcd70
fedora-working-container-7
```
After Change:
```
➜ buildah git:(isolation-fix) ✗ ./buildah from --isolation chrootcc cc510acfcd70
unrecognized isolation type "chrootcc"
ERRO[0000] exit status 1
```
Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com>
Closes: #1067
Approved by: rhatdan
The image library's copy routine doesn't itself consult the registries
configuration in order to decide whether or not to disable TLS
verification when communicating with a registry, so it's on us to use
the name of a source or destination image to decide whether to set the
flag for that behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1056
Approved by: rhatdan
Add a new Isolation value: IsolationOCIRootless, for which we add a
global --rootless=true flag and a local --no-new-keyring flag when
creating a runtime container, and make some changes to the mounts list,
default namespacing configurations, and supplemental groups list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #873
Approved by: rhatdan
When using chroot isolation, if we're configured to raise any process
limits above their current values, do so in the grandparent process,
before it transfers execution to a child that it starts in a user
namespace, which won't have the privileges to do so.
The child can still lower resource limits and set limits to the values
that it inherited, so let it continue to do so.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #891
Approved by: rhatdan
We want to set the maximum number of processes and number of open files
to match the Docker defaults.
nofile=1048576:1048576, nproc=1048576:1048576
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #891
Approved by: rhatdan
Add an IsolationChroot that trades flexibility and isolation for being
able to do what it does in a host environment that's already isolated to
the point where we're not allowed to set up some of that isolation,
producing a result that leans more toward chroot(1) than runc(1) does.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #836
Approved by: rhatdan
Add the basics of handling the "--isolation" option, though at the
moment, the only recognized option is "oci", which is our default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #822
Approved by: rhatdan
Append address+"\t"+hostname to the hosts file instead of the
"hostname:address" format that we picked up from the command line.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #798
Approved by: rhatdan
Allow --userns-uid-map and --userns-gid-map to be specified as global
options, which can be overridden by options specified to commands which
know them as non-global options.
This will mainly benefit tools that want to set ID mappings for buildah
to use, but which don't want to have to figure out whether or not
they're invoking it with a subcommand that recognizes these options.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #803
Approved by: rhatdan
Print proper error message if the host or container paths
are relative paths. Only absolute paths are allowed.
Fix the buildah run documentation for the --volume flag
and add an example.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #643
Approved by: rhatdan
Projects like libpod would benefit greatly if we could vendor in buildah
rather than execing it. This refactor moves some of the key parsing
functions that buds uses to pkg/parse so that the project vendoring
buildah can also benefit from them.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #608
Approved by: rhatdan
Qi Wang
Daniel J Walsh
baude
James Cassell
Giuseppe Scrivano
TomSweeneyRedHat
Miloslav Trmač
Zhou Hao
Nalin Dahyabhai
umohnani8