The PR containers/podman#6442 enables a new way to create
shell completions scripts. The shell completion is handled
by cobra and since the build flags are defined here
the completion functions for this should be defined here
as well. For Reference see:
https://github.com/spf13/cobra/blob/master/shell_completions.md
I added a unit test to ensure that the flags have a
completion function set.
These completions could also be used by buildah if someone
wants to implements this cobra completion logic for buildah.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2659: add: preserve ownerships and permissions on ADDed archives r=vrothberg a=nalind
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
When extracting archives that are added using ADD, don't override permissions and ownership information. We regressed on this when we switched to using the copier package to handle them.
#### How to verify it
Added a new conformance test for it.
#### Which issue(s) this PR fixes:
Fixes#2657.
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```
Permissions and ownership information on the contents of archives added using the ADD instruction or "buildah add" on the command line should be preserved again.
```
Co-authored-by: Nalin Dahyabhai <nalin@redhat.com>
When extracting archives that are added using ADD, don't override
permissions and ownership information. We regressed on this when we
switched to using the copier package to handle them.
Add a conformance test to prevent regressions on this.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2614: Add a few tests of push command r=rhatdan a=hshiina
The following tests are added.
- `--authfile` flag with an existing file
- `--quiet` flag
Signed-off-by: Hironori Shiina <shiina.hironori@fujitsu.com>
<!--
Thanks for sending a pull request!
Please make sure you've read and understood our contributing guidelines
(https://github.com/containers/buildah/blob/master/CONTRIBUTING.md) as well as ensuring
that all your commits are signed with `git commit -s`.
-->
#### What type of PR is this?
<!--
Please label this pull request according to what type of issue you are
addressing, especially if this is a release targeted pull request.
Uncomment only one `/kind <>` line, hit enter to put that in a new line, and
remove leading whitespace from that line:
-->
/kind other
#### What this PR does / why we need it:
This PR adds a few tests for `push` command:
- `--authfile` flag with an existing file
- `--quiet` flag
#### How to verify it
Run `bats tests/push.bats`.
#### Which issue(s) this PR fixes:
None
<!--
Automatically closes linked issue when PR is merged.
Uncomment the following comment block and include the issue
number or None on one line.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`, or `None`.
-->
<!--
Fixes #
or
None
-->
#### Special notes for your reviewer:
None
#### Does this PR introduce a user-facing change?
<!--
If no, just write `None` in the release-note block below. If yes, a release note
is required: Enter your extended release note in the block below. If the PR
requires additional action from users switching to the new release, include the
string "action required".
For more information on release notes please follow the kubernetes model:
https://git.k8s.io/community/contributors/guide/release-notes.md
-->
```release-note
None
```
Co-authored-by: Hironori Shiina <shiina.hironori@fujitsu.com>
2644: chroot: fix handling of errno seccomp rules r=rhatdan a=nalind
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
When converting seccomp rules from the runtime spec to the structure that we can feed to libseccomp, combine the prescribed errno value with the action when we're mapping the "return an errno" action from one to the other.
#### How to verify it
Currently, chroot isolation hits an error processing this seccomp rule:
```
{
"names": [
"socket"
],
"action": "SCMP_ACT_ERRNO",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
},
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
},
"errnoRet": 22
},
```
on Fedora 33.
#### Which issue(s) this PR fixes:
None
#### Special notes for your reviewer:
Definitely going to need to backport this to older branches.
#### Does this PR introduce a user-facing change?
```
None
```
Co-authored-by: Nalin Dahyabhai <nalin@redhat.com>
2650: Bump containers/common to v0.23.0 r=rhatdan a=Luap99
<!--
Thanks for sending a pull request!
Please make sure you've read and understood our contributing guidelines
(https://github.com/containers/buildah/blob/master/CONTRIBUTING.md) as well as ensuring
that all your commits are signed with `git commit -s`.
-->
#### What type of PR is this?
<!--
Please label this pull request according to what type of issue you are
addressing, especially if this is a release targeted pull request.
Uncomment only one `/kind <>` line, hit enter to put that in a new line, and
remove leading whitespace from that line:
-->
> /kind api-change
> /kind bug
> /kind cleanup
> /kind deprecation
> /kind design
> /kind documentation
> /kind failing-test
> /kind feature
> /kind flake
> /kind other
#### What this PR does / why we need it:
#### How to verify it
#### Which issue(s) this PR fixes:
<!--
Automatically closes linked issue when PR is merged.
Uncomment the following comment block and include the issue
number or None on one line.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`, or `None`.
-->
Closes#2648
<!--
Fixes #
or
None
-->
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
<!--
If no, just write `None` in the release-note block below. If yes, a release note
is required: Enter your extended release note in the block below. If the PR
requires additional action from users switching to the new release, include the
string "action required".
For more information on release notes please follow the kubernetes model:
https://git.k8s.io/community/contributors/guide/release-notes.md
-->
```release-note
Allow users to specify the default format for image builds in containers.conf
```
Co-authored-by: Paul Holzinger <paul.holzinger@web.de>
2652: Makefile: tweak the cross-compile target r=TomSweeneyRedHat a=nalind
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
What `go tool dist list` says the toolchain supports changes, so this change removes these attempted cross-compile build targets.
* GOOS=darwin, GOARCH unspecified build
* GOOS=darwin, GOARCH=386 build
Replace our use of slices of github.com/opencontainers/runc/libcontainer/configs.Device structures with a locally-defined type alias so that we can avoid importing the package on non-Unixy systems. The result is not going to be a very useful binary on non-Linux systems, but it helps ensure that our subpackages won't break compilation for other projects who consume us as a library.
#### How to verify it
CI all the way.
#### Which issue(s) this PR fixes:
None
#### Special notes for your reviewer:
Don't try to actually run the non-Linux binaries.
#### Does this PR introduce a user-facing change?
```
None
```
Co-authored-by: Nalin Dahyabhai <nalin@redhat.com>
What `go tool dist list` says the toolchain supports changes, so this
change removes these attempted cross-compile build targets.
* GOOS=darwin, GOARCH unspecified
* GOOS=darwin, GOARCH=386
Replace our use of slices of
github.com/opencontainers/runc/libcontainer/configs.Device structures
with a locally-defined type alias so that we can avoid importing the
package on non-Unixy systems. The result is not going to be a very
useful binary on non-Linux systems, but it helps ensure that our
subpackages won't break compilation for other projects who consume us as
a library.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2646: chroot: create bind mount targets 0755 instead of 0700 r=rhatdan a=nalind
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
When running using chroot isolation, create the target mountpoints for bind mounts, when they don't already exist, with 0755 permissions, for better consistency with runc.
#### How to verify it
Build an image derived from an image that doesn't include a `/dev`, for example `registry.suse.co/suse/sles12sp4@sha256:7504649ba71f61492c309ccada877a47ea11272b8658a9ad52923e8d17204628`, using chroot isolation, and examine the layers in the image we produce, comparing the permissions on `/dev`, `/proc`, and `/sys` for inconsistencies.
#### Which issue(s) this PR fixes:
None
#### Special notes for your reviewer:
Running conformance tests with different types of isolation would give us a chance to catch this, but I really don't have a strong feeling for whether or not we want to effectively run all of the tests twice every time to be sure.
#### Does this PR introduce a user-facing change?
```
None
```
Co-authored-by: Nalin Dahyabhai <nalin@redhat.com>
2645: Change call to Split() to safer SplitN() r=rhatdan a=TomSweeneyRedHat
Change calls to Split to SplitN when we are splitting on an "=" sign to make sure
we're not over chopping what the caller requested.
I started this search after seeing https://github.com/containers/podman/pull/7759.
I'll do similar for Podman, but initial results on my search is order of
magnitudes bigger there.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Co-authored-by: TomSweeneyRedHat <tsweeney@redhat.com>
Create the target mountpoints for bind mounts, when they don't already
exist, with 0755 permissions, for better consistency with runc.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Change calls to Split to SplitN when we are splitting on an "=" sign to make sure
we're not over chopping what the caller requested.
I started this search after seeing https://github.com/containers/podman/pull/7759.
I'll do similar for Podman, but initial results on my search is order of
magnitudes bigger there.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
When converting seccomp rules from the runtime spec to the structure
that we can feed to libseccomp, combine the prescribed errno value with
the action when we're mapping the "return an errno" action from one to
the other.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2622: Warn when setting healthcheck in OCI format r=rhatdan a=ashley-cui
Signed-off-by: Ashley Cui <acui@redhat.com>
#### What type of PR is this?
/kind other
#### What this PR does / why we need it:
Healthcheck only works in Docker format, so when healthcheck is set in OCI format, warn user that it will be discarded
#### How to verify it
#### Which issue(s) this PR fixes:
Fixes: https://github.com/containers/buildah/issues/2388
Co-authored-by: Ashley Cui <acui@redhat.com>
2640: build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 r=rhatdan a=dependabot-preview[bot]
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.5.2 to 5.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/containers/image/releases">github.com/containers/image/v5's releases</a>.</em></p>
<blockquote>
<h2>v5.6.0</h2>
<ul>
<li>When we can't store signatures, point the user at the destination.</li>
<li>Update for <a href="https://github-redirect.dependabot.com/containers/skopeo/issues/932">containers/skopeo#932</a></li>
<li>Refactor configPath API</li>
<li>Load the rootless registries.conf.d for override</li>
<li>docker config: clean up after test</li>
<li>blobinfocache: clean up after test</li>
<li>enable search using pagination</li>
<li>pkg/docker/config: correct default file mode when create auth.json file</li>
<li>Update to Go 1.13</li>
<li>Coverity found potential nil dereference</li>
<li>Look for normalized paths in tarfile.</li>
<li>Move docker/tarfile.Destination to docker/internal/tarfile.Destination</li>
<li>Use the docker/internal/tarfile.Destination from docker/daemon and docker/archive</li>
<li>Remove deprecated non-SystemContext functions from docker/internal.tarfile</li>
<li>Introduce Destination.configPath and Destination.physicalLayerPath</li>
<li>Split docker/internal.tarfile.Writer from Destination</li>
<li>Move createRepositoriesFile to a bit better place</li>
<li>Split Writer.createManifest from Destination.PutManifest</li>
<li>Reorganize docker/internal/tarfile.Writer.createManifest a bit</li>
<li>Move the computation of layerPaths in docker-archive</li>
<li>Implement writing multiple images in the modern format.</li>
<li>Split createSingleLegacyLayer from writeLegacyLayerMetadata</li>
<li>Move legacy layer ID computation to a bit later</li>
<li>Merge writeLegacyMetadata and createRepositoriesFile</li>
<li>Implement writing multiple images in the legacy format</li>
<li>Separate tarfile.Writer creation from Destination creation</li>
<li>Lock docker/internal/tarfile.Writer to support concurrent uses</li>
<li>Split openArchiveForWriting from docker/archive/newImageDestination</li>
<li>Finally, introduce docker/archive.Writer</li>
<li>use container/storage/pkg/homedir</li>
<li>Fix an error message on docker-archive:path:name@sha256:$digest</li>
<li>Move docker/tarfile.Source to docker/internal/tarfile.Source</li>
<li>Use the docker/internal/tarfile.Source from docker/daemon and docker/archive</li>
<li>Remove deprecated non-SystemContext functions from docker/internal/tarfile</li>
<li>Split docker/internal/tarfile.Reader from Source</li>
<li>Separate tarfile.Reader creation from Source creation</li>
<li>Read the tarfile manifest already when initializing tarfile.Reader</li>
<li>Turn tarfile.Source.LoadTarManifest into a TarManifest</li>
<li>Allow choosing an image from tarfile.Reader by reference</li>
<li>Introduce docker-archive:path:<a href="https://github.com/Index">@Index</a> syntax for reading untagged images</li>
<li>Introduce docker/archive.Reader</li>
<li>Finally, share a tarfile.Reader across archiveSource objects</li>
<li>Add docker/archive.NewReaderForReference</li>
<li>Add docker/archive.Reader.ManifestTagsForReference</li>
<li>Support per user registries.d</li>
<li>Move TestInvalidPolicyFormatError</li>
<li>Reduce duplication in policy_config_test.go</li>
<li>Eliminate more duplication in signature/policy_config_tests.go</li>
<li>Return error body if UnexpectedHTTPResponseError</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="4f7144c652"><code>4f7144c</code></a> v5.6.0</li>
<li><a href="c806115681"><code>c806115</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/image/issues/1044">#1044</a> from containers/dependabot/go_modules/github.com/con...</li>
<li><a href="b3df60ead3"><code>b3df60e</code></a> Bump github.com/containers/storage from 1.23.4 to 1.23.5</li>
<li><a href="18b976011b"><code>18b9760</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/image/issues/1040">#1040</a> from containers/dependabot/go_modules/github.com/con...</li>
<li><a href="a771cba5b4"><code>a771cba</code></a> Bump github.com/containers/storage from 1.23.3 to 1.23.4</li>
<li><a href="6edae75b24"><code>6edae75</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/image/issues/1038">#1038</a> from containers/dependabot/go_modules/github.com/kla...</li>
<li><a href="a9088a36d0"><code>a9088a3</code></a> Bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5</li>
<li><a href="2a714d7108"><code>2a714d7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/image/issues/1042">#1042</a> from containers/dependabot/go_modules/github.com/kla...</li>
<li><a href="22dea1132d"><code>22dea11</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/image/issues/1039">#1039</a> from QiWang19/untar</li>
<li><a href="1b1d2f6794"><code>1b1d2f6</code></a> Set NoLchown to true in untar opts</li>
<li>Additional commits viewable in <a href="https://github.com/containers/image/compare/v5.5.2...v5.6.0">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=github.com/containers/image/v5&package-manager=go_modules&previous-version=5.5.2&new-version=5.6.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2635: Run(): ignore containers.conf's environment configuration r=rhatdan a=nalind
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
The hardwired default for containers.conf now includes a TERM variable, and passing it through to commands that we "RUN" during a build can subtly cause the resulting image to be different from one that `docker build` would create, so stop using it there.
When a runtime runs the image we eventually produce, it'll consult the configuration file, so the variable will still be set, even when it isn't set in the image.
#### How to verify it
This change prevents a failure in the `TestConformance/ci-pipeline-modified` conformance test, which checks which variables are set during RUN.
#### Which issue(s) this PR fixes:
None
#### Special notes for your reviewer:
This creates an exception to the "environment variables in containers.conf are used everywhere" rule, but while the conformance test is a pretty harmless example of differences in builds that can result from environment variables being set or not, I wouldn't want to have to debug a build problem that was triggered based on whether or not a variable was set in the configuration.
#### Does this PR introduce a user-facing change?
```
Environment variables set in containers.conf will no longer be set for commands run using `buildah run` or by RUN instructions during `buildah build-using-dockerfile`.
```
Co-authored-by: Nalin Dahyabhai <nalin@redhat.com>
2636: Add In Progress section to contributing r=rhatdan a=TomSweeneyRedHat
Add an "In Progress" section to the CONTRIBUTING.md
page of Buildah. Once this is approved, I will open
a similar PR for Podman.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Co-authored-by: TomSweeneyRedHat <tsweeney@redhat.com>
2638: integration tests: make sure tests run in ${topdir}/tests r=TomSweeneyRedHat a=nalind
#### What type of PR is this?
/kind other
#### What this PR does / why we need it:
Add a pushd/popd to setup()/teardown() to ensure that tests run in our tests directory, even if they're not invoked by test_runner.sh, so that we can reliably use relative paths in tests without having to ensure our location on a per-test or per-test-file basis.
#### How to verify it
If you run `bats` directly and point it to either the `tests` directory, or the `add.bats` file within it, the test shouldn't fail for attempting to access a path relative to the current directory which should actually be relative to the `tests` directory.
#### Which issue(s) this PR fixes:
None
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```
None
```
Co-authored-by: Nalin Dahyabhai <nalin@redhat.com>
Add an "In Progress" section to the CONTRIBUTING.md
page of Buildah. Once this is approved, I will open
a similar PR for Podman.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Add a pushd/popd to setup()/teardown() to ensure that tests run in our
tests directory, even if they're not invoked by test_runner.sh, so that
we can reliably use relative paths in tests without having to ensure our
location on a per-test or per-test-file basis.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The hardwired default for containers.conf now includes a TERM variable,
and passing it through to commands that we "RUN" during a build can
subtly cause the resulting image to be different from one that `docker
build` would create, so stop using it there.
When a runtime runs the image we eventually produce, it'll consult the
configuration file, so the variable will still be set, even when it
isn't set in the image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
healthcheck only works in Docker format, so when healthcheck is set in OCI format, warn user that it will be discarded
Signed-off-by: Ashley Cui <acui@redhat.com>
2634: No branch validate r=rhatdan a=cevich
#### What type of PR is this?
> /kind failing-test
#### What this PR does / why we need it:
Update the vendor git-validate tool due to a bug in it's output processing. This also required updates to golangci-lint and ginkgo due to dependency issues.
#### How to verify it
Running `bors try` will pass (by skipping the 'gate' job entirely)
#### Which issue(s) this PR fixes:
Many 😢
#### Special notes for your reviewer:
None
#### Does this PR introduce a user-facing change?
None
Co-authored-by: Valentin Rothberg <rothberg@redhat.com>
Co-authored-by: Chris Evich <cevich@redhat.com>
Update golangci-lint to v1.18.0. Purely out of neccessity to get the
tests/tools/go.mod into a working state. The previous version had a
non-existent dependency which broke all attempts to do anything.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add() is supposed to handle relative paths when the ContextDir value
passed to it is not set, but it hasn't been doing that correctly since
it was overhauled. Correct it to recognize relative paths at the
function start, when ContextDir is not set, by combining them with the
current directory to convert them to absolute paths.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Currently we are displaying containerid rather then containername,
which is unknown to users. Users refer to the container names all
of the time, so we should show the mounted containers based on names.
This change eliminates the need for the truncate flag on buildah mount
as well, so this PR hides it.
Fix up the man page documentation to use container names and show
proper output.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@suse.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Paul Holzinger
bors[bot]
Nalin Dahyabhai
TomSweeneyRedHat
dependabot-preview[bot]
Ashley Cui
Daniel J Walsh
Chris Evich
Valentin Rothberg
Hironori Shiina
Wong Hoi Sing Edison