These changes will allow the "FROM" statement in a Containerfile
to be overridden with a new `--from` option. If I have this Dockerfile.fedora
```
FROM fedora
```
This command will instead build an alpine image:
```
STEP 1: FROM alpine
Completed short name "alpine" with unqualified-search registries (origin: /etc/containers/registries.conf)
Getting image source signatures
Copying blob 188c0c94c7c5 done
Copying config d6e46aa247 done
Writing manifest to image destination
Storing signatures
STEP 2: COMMIT tom
--> d6e46aa2470
d6e46aa2470df1d32034c6707c8041158b652f38d2a9ae3d7ad7e7532d22ebe0
```
Addresses: #2404
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
when running as rootless, make sure the cli default isolation is set
to "rootless" instead of "oci".
Closes: https://github.com/containers/buildah/issues/2750
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Allow users to override location of the .dockerignore file.
If user specified an --ignorefile flag, buildah will read the
file and pass in the exclude lines based on the .dockerignore
contents.
Also add a --contextdir flag to buildah copy and buildah add to
specify where the context directory is located. For these two
commands the --ignorefile flag requires the --contextdir flag.
When the --ignorefile flag is passed in, the .dockerignore files
in the context directory will be ignored.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The format of the userns-uid-map and userns-gid-map fields must be
the form of a triple `ctrUid:hostUid:length` but we were not validating
that, doing a lot of useless processing, and then not even failing.
Addresses: #2676
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The PR containers/podman#6442 enables a new way to create
shell completions scripts. The shell completion is handled
by cobra and since the build flags are defined here
the completion functions for this should be defined here
as well. For Reference see:
https://github.com/spf13/cobra/blob/master/shell_completions.md
I added a unit test to ensure that the flags have a
completion function set.
These completions could also be used by buildah if someone
wants to implements this cobra completion logic for buildah.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
We recieved feedback on the --omit-timestamp that
users would rather specify the timestamp seconds
rather then just use EPOCH.
This PR removes --omit-timestamp from buildah bud
since this has never been released.
We also hide --omit-timestamp from buildah commit
and allow users to continue to use it, but it conflicts
with --timestamp.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a flag to imagebuildah.BuildOptions that will log timing and i/o
information at each step of the build process, and enable it if we're
given the hidden --log-rusage flag in the CLI.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Podman namespaces flags handle the options slightly differently.
Specifically namespace flag `container` is very different.
Replace the `container` option with `private` to better match podman
but continue to support `container`
Similarly Podman expects --network ns:/PATH to allow the indication of a
path to a precreated network namespace. Buildah just supported
--network /PATH, buildah will now support both formats, but document
ns:/path.
Finally use Aliases for fix some duplicated code in buildah.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently you can only do deterministic builds with commit command
this change will cause the metadata in the container image to be
epoch 0.
Next step is to save the data in the tar balls as 0.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In porting containers.conf to libpod, we found that buildah needed
to handle the containers.conf on the server side rather then from
the CLI.
Since the `podman-remote build` would probably not have the same content
as containers.conf on the server, the processesing of the defaults needs
to be handled in imagebuildah. The CapAdd and CapDrop values need to be
passed in.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Touching up the OS, ARCH and PLATFORM options
doc just a bit from #2907.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #2101
Approved by: rhatdan
When building images we now allow the architecture and operating system
to be overwritten via the new `--os` and `--arch` flags. This allows the
use case of packing pre-built or cross-compiled binaries into container
images with specifying the correct environment. The `--platform` flag
now takes the `os/arch` format into account as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #2097
Approved by: rhatdan
Add the --sign-by option to `buildah build-using-dockerfile`,
`buildah commit`, `buildah push`, and `buildah manifest push`. Add the
`--remove-signatures` option to `buildah pull`, `buildah push`, and
`buildah manifest push`. We just pass them to the image library, which
does all of the heavy lifting.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #2085
Approved by: rhatdan
This is a rework of Qi Wang's patches.
Import package pkg/config from containers/common to read containers.conf
This patch allows users to specify default values stored in containers.conf
that will modify the behaviour of buildah tool.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #2011
Approved by: TomSweeneyRedHat
If the volume option was specified like: `--volume "${HOME}/.cache/zae9ujei:/myvol:rw,Z"`,
the COBRA code that processed the input from the user was considering the value to be a
SliceVar with two volumes `${HOME}/.cache/zae9ujei:/myvol:rw` and `Z` due to the comma.
Converted the COBRA code to consider the input as an ArrayVar instead and the value is
handled appropriately. Also increased the testing to catch this going forward.
Addresses: #2000
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #2039
Approved by: rhatdan
Thanks to Dmitry Smirnov @onlyjob for suggesting this tool.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1985
Approved by: TomSweeneyRedHat
(Replaces #1873 as it had lint issues that were timing out tests that I couldn't
track down easily)
Prior to this fix, if someone did `buildah bud --pull=false .` and the image in
the Containerfile's FROM statement was not local, the build would fail. The same
build on Docker will succeed. In Docker, when `--pull` is set to false, it only
pulls the image from the registry if there was not one locally. Buildah would never
pull the image and if the image was not locally available, it would throw an error.
In certain Kubernetes environments, this was especially troublesome.
To retain the old `--pull=false` functionality, I've created a new `--pull-never`
option that fails if an image is not locally available just like the old
`--pull=false` option used to do.
In addition, if there was a newer version of the image on the repository than
the one locally, the `--pull=true` option would not pull the image as it should
have, this corrects that.
Changes both the from and bud commands.
Addresses: #1675
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1959
Approved by: rhatdan
This patch will let authfile path default to the containers/image location for authentication file. Which for now will be xdg_runtime_dir, but eventually will switch to kernel keyring.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1947
Approved by: rhatdan
Move the runtime Cobra flag for the build command to the
command itself and out of the common definitions. Podman
uses the same definition and there was a collision with that
flag and the one here: https://github.com/containers/libpod/blob/master/cmd/podman/main_local.go#L69
This caused wonky results. The podman global flag would
think it had been set, but no value was captured, or reversely,
the flag didn't think it had been set, but if you peered inside
you'd see the appropriate value from the user input.
This was all based on whether you did
`podman --runtime=/usr/bin/runc build` or
`podman build --runtime=/usr/bin/runc`
As Podman uses their runtime flag in multiple places, it's
easier to remove it from the common definition here in Buildah
and then add the flag into the bud command.
Once merged and vendored into Podman, this will fix: https://bugzilla.redhat.com/show_bug.cgi?id=1758082
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1904
Approved by: rhatdan
Some Dockerfiles (fuse-overlay) require additional devices to be in the
build environment.
This patch allows the user to specify additional devices.
Also I noticed that CapAdd and CapDrop was not working in buildah bud situations,
so this patch also fixes this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1820
Approved by: @TomSweeneyRedHat
The command line help should contain the indicator that `--dns=none` is
possble to disable the creation of the `/etc/resolv.conf` file.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1774
Approved by: rhatdan
This commit enabled to golint linter in golangci-lint and applies all
necessary fixes.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1740
Approved by: rhatdan
Panic when hiding the flags does not work.
Reported by golangci-lint.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Closes: #1678
Approved by: rhatdan
We should show the location of the default authfile in user help
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1591
Approved by: TomSweeneyRedHat
buildah bud is ignoring --volumes flag.
This patch parses the volumes and then passes them into the builder to be used.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1559
Approved by: vrothberg
- pass all proxy env vars
- --http-proxy option for bud and from
- bash_completion and docs
Signed-off-by: James Cassell <code@james.cassell.me>
Closes: #1525
Approved by: giuseppe
use --dns* flags to change /etc/resolv.conf in the container during the build.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1491
Approved by: rhatdan
Cobra does not allow a "," in a StringSlice, so we should
be using StringArrays. This fixes issues with setting
security-opts level flags.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1467
Approved by: TomSweeneyRedHat
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Removes noop note from the squash on bud --help. This will need
to be vendored into Podman to address https://github.com/containers/libpod/issues/2568
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1394
Approved by: @rhatdan
Currently we are printing two defaults. This change will
let the flags package print out the defaults.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1358
Approved by: TomSweeneyRedHat
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The man pages for `--disable-compression` indicates that it is
true by default. However the code has it set to false. This changes
that.
Fixes: #1336
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1337
Approved by: rhatdan
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Picks off a few left over nits from #1303. Also formats the
description of each help to have a blank line then everything spaced
over by two. Examples have been added for each too.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1318
Approved by: rhatdan
Add configuration methods for adding entries which will show up in a
committed image's history, both before and after the new layer that we
add while committing the image. Expose them from the CLI in the form of
a new --add-history option for the "add", "config", "copy", and "run"
commands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1300
Approved by: rhatdan
Add the `--platform` option for Moby/Docker CLI-compat reasons. This
option allows to control which platform (i.e., Windows or Linux) the
image will be build on and for. Make this a nop as Buildah supports
only Linux.
Fixes: #629
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Closes: #1230
Approved by: rhatdan
Add a hidden --blob-cache option to bud, commit, from, pull, and push,
mainly so that we can exercise the APIs using integration tests. It's
easy to accidentally get to a place where an image created while using
this option at various times won't be pushable, so for at least now, it
should stay hidden and undocumented.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1149
Approved by: rhatdan
Add a --disable-compression flag to the 'build-using-dockerfile'
command, and set OCIAcceptUncompressedLayers and DirForceCompress in the
SystemContext during Commit() and Push() based on whether or not the
flag is set.
For other transports, we still end up going with the receiver's
preference, so update the man page to mention that this controls a
default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1149
Approved by: rhatdan
Need this so we can override it to true by default in podman.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #1163
Approved by: TomSweeneyRedHat
TomSweeneyRedHat
Giuseppe Scrivano
Daniel J Walsh
OpenShift Merge Robot
Paul Holzinger
Nalin Dahyabhai
Brandon Lum
Qi Wang
Sascha Grunert
Valentin Rothberg
James Cassell
baude
Urvashi Mohnani
Zhou Hao