`golang-1.8` *is* available in stretch, but /usr/bin/go does *not*
point to it by default, *unless* the `golang` meta-package is
installed from backports.
Signed-off-by: Antoine Beaupré <anarcat@debian.org>
Closes: #354
Approved by: rhatdan
We need this for platforms like Ubuntu and Debian that do not ship a
standard (post 1.0rc4) version of runc.
I'm assuming here this is why we're building `runc` on our own here -
but it doesn't make sense to just do that while leaving only a symlink
in $PWD. We want to actually install the thing as well. So we add an
`install.runc` target, similar to `install.libseccomp.sudo` to make
sure we install `runc` in the right location.
An alternative to this would be to change the documentation to do the
`install` command by hand, but this is more error-prone. As runc
trickles down to the Debian distros, we can then just remove the `make
install.runc` call and, eventually, the target itself.
Closes: #355
Signed-off-by: Antoine Beaupré <anarcat@debian.org>
Closes: #354
Approved by: rhatdan
Explicitly using `sudo` in the `make install` line makes it clear that
the rest of the commands can (and probably should) be ran as non-root.
Signed-off-by: Antoine Beaupré <anarcat@debian.org>
Closes: #354
Approved by: rhatdan
Note that the instructions may seem unusual to people used to
`apt-key`, but they conform to the [emerging standard](https://wiki.debian.org/DebianRepository/UseThirdParty) for
third-party repositories in Debian.
We use ostree from backports because it matches the version in the
Ubuntu Flatpak PPA. We also explicitly require golang 1.8, which gives
us a 1.8.1 runtime in stretch. We otherwise use the Project Atomic,
but that's only because of Skopeo and similar tools.
Signed-off-by: Antoine Beaupré <anarcat@debian.org>
Closes: #354
Approved by: rhatdan
Bump the GIT_VALIDATION_EPOCH in tests/validate/git-validation.sh to a
later commit.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #340
Approved by: rhatdan
buildah bud was not setting the mount label on the image
so SELinux in enforcing mode is blocking writing to the image
This patch also fixes a similar problem with the `buildah mount`
command
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #332
Approved by: TomSweeneyRedHat
Since we fall back to reading the credentials from $HOME/.docker/config
set by docker login when kpod login doesn't have the credentials
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #331
Approved by: rhatdan
Since containers can be created using other tools then buildah
we can not fail when they don't have buildah config.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #327
Approved by: nalind
buildah push and from now use the credentials stored in ${XDG_RUNTIME_DIR}/containers/auth.json by kpod login
if the auth file path is changed, buildah push and from can get the credentials from the custom auth file
using the --authfile flag
e.g buildah push --authfile /tmp/auths/myauths.json alpine docker://username/image
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #325
Approved by: rhatdan
buildah push supports manifest type conversion when pushing using the 'dir' transport
Manifest types include oci, v2s1, and v2s2
e.g buildah push --format v2s2 alpine dir:my-directory
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Adds support for converting manifest types when using the dir transport
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Add a test that makes sure that "buildah run" fails if it can't resolve
the name of the user for the container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
* Use chroot() instead of trying to read the right file ourselves.
This should resolve#66.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Change our behavior when we're given USER with a numeric UID and no GID,
so that we no longer error out if the UID doesn't correspond to a known
user so that we can use that user's primary GID. Instead, use GID 0.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Add a test that makes sure we catch cases where we attempt to open a
file in the container's tree that's actually a symlink that points out
of the tree.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Drop fallbacks for resolving USER values that attempt to look up names
on the host, since that's never predictable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Switch fopenContainerFile from using Stat/Lstat after opening the file
to using openat() to walk the given path, resolving links to keep them
from escaping the container's root fs. This should resolve#66.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
We don't need to mount the container for this test or add files to it,
and switching to a smaller base image that already includes a "hostname"
command means we don't need to run a package installer in the container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #320
Approved by: nalind
Default to running integration tests using /var/tmp as scratch space,
since it's more likely to support proper SELinux labeling than /tmp,
which is more likely to be on a tmpfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #320
Approved by: nalind
Antoine Beaupré
Daniel J Walsh
Nalin Dahyabhai
William Henry
Fabio Bertinatto
Boaz Shuster
TomSweeneyRedHat
Vincent Batts
Urvashi Mohnani
Anthony Green