Drop the "omitempty" tag from the "json" tag on struct members that are
themselves structs, since the JSON encoder doesn't actually do that, per
golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the CutPrefix(), SplitSeq(), and FieldsSeq() functions from the
strings package when chopping up or iterating over parts of strings, per
golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When generating archives, clear user and group names to keep up with
recent changes to the storage library.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Have Ensure() also return the parent directories of items that it
created, along with information about them that can be used to filter
them out of the layer at commit-time.
This modifies the signature of Ensure(), but it was added in 1.41.0, and
shouldn't (yet) have any external users.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add an optional ModTimeNew field to MkdirOptions, for setting the
timestamp on newly-created directories. Note that the timestamps on
parent directories of the topmost newly-created directories are not
something we affect, so they'll be updated as usual.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The `filepath.Glob` function does not provide deterministic output. In order to achieve a reproducible build, files must be copied in a deterministic manner, and `filepath.Glob` did not guarantee this. Other functions such as `filepath.Walk` and `os.ReadDir` return deterministic output. So copying files to the image is done in the same order each time.
Fixes: https://issues.redhat.com/browse/RUN-2661
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Add copier.Ensure() and copier.ConditionalRemove(), for controlling the
permissions and datestamps we set on multiple items we create with one
call (along with any parents), and selectively removing multiple items
with one call.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --timestamp flag to the "add" and "copy" CLIs, along with a
corresponding field in AddAndCopyOptions.
When a timestamp is set, we'll force the timestamp on data copied in to
be the specified value while reading it, so that the content will have
the specified datestamp in the rootfs and when the image is committed.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This function always returns nil as the first parameter, which makes
unparam linter sad.
Rather than adding //nolint:unparam, let's just move nil to actual
returns.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
These:
> copier/copier.go:1664:2: QF1003: could use tagged switch on hdr.Typeflag (staticcheck)
> if hdr.Typeflag == tar.TypeReg {
> ^
> pkg/parse/parse.go:708:4: QF1003: could use tagged switch on arr[1] (staticcheck)
> if arr[1] == "local" {
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Handle glob patterns with "**" path components by expanding "**" to the
set of subdirectories and calling filepath.Glob() on the results.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we get a tried-to-write-to-closed-pipe error while encoding
something for a coprocess, try to capture error output from the
coprocess and add it to the error message, to hopefully catch a flake
we're seeing in CI.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This allows podman to import the copier package on the remote client
without needing the full libimage package.
Based on Miloslav's work: https://github.com/containers/podman/pull/19718
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixes golangci-lint message:
`tar.TypeRegA has been deprecated since Go 1.11 and an alternative has
been available since Go 1.1: Use TypeReg instead.`
Signed-off-by: Chris Evich <cevich@redhat.com>
In golang 1.19, `io/ioutil` is fully deprecated preventing Buildah from
compiling. Replace all calls with equivalent calls from the `os`
package.
Signed-off-by: Chris Evich <cevich@redhat.com>
When noting that a non-symlink has setuid/setgid/sticky bits, switch
from using "syscall" package bits and syscall.Chmod() to using "os"
package bits and os.Chmod(), and if the item's a directory, record the
updated mode information in the "directoryModes" map that we'll use to
reset its permissions later.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This call to os.Mkdir got missed the first time I tried to add the
workaround for the FreeBSD EISDIR bug since I was only testing with
'buildah run'. Trying to use 'buildah add' triggers the same bug whan
trying to extract an archive into a container's filesystem.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If errors for which os.IsExist() or os.IsNotExist() would have returned
true have been wrapped using fmt.Errorf()'s "%w" verb, os.IsExist() and
os.IsNotExist(), not having been retrofitted to use errors.Is(), will
return false.
Use errors.Is() to check if an error is an os.ErrExist or os.ErrNotExist
error instead of calling os.IsExist() or os.IsNotExist().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
On FreeBSD, os.Mkdir can return EISDIR if the target is the root. As a
workaround, treat EISDIR as a non-error similarly to EEXISTS.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Similar to the `NoOverwriteDirNonDir` one, add an option that disables
non-directories from being overwritten by directories.
Required-for: containers/podman/issues/14420
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
do not attempt to load NSS modules at init() time but do it only when
it is needed before a chroot.
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Since we started calling into the standard library's io/fs package
directly, we effectively made Go 1.16 our minimum Go version, so we
don't need to keep the workaround for compiling with Go 1.12.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add StripSetuidBit/StripSetgidBit/StripStickyBit flags to
copier.PutOptions, that are interpreted similarly to their counterparts
in copier.GetOptions.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Try to improve our ability to write to directories that aren't
writable. If we encounter an EPERM error while attempting to create an
item, attempt to temporarily make writable the directory that we're
writing the item to, and restore its permissions on our way out.
The error usually isn't seen when run as UID 0, whether in a user
namespace or not, which is usually how we're called, but running the
unit tests as an unprivileged user will verify it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
it is needed to fix a failing test.
commit 985eec5391 changed the behavior
since the directory is not opened first before adding it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Should speed up most walks escpecially if they don't need to
stat every directory entry.
[ NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When checking if something that we want to overwrite with a directory is
already a directory or not, use lstat instead of stat. If it's a
symbolic link, it's not a directory.
This is a subtle behavior change, but it's in line with docker build.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we attempt to remove a directory to make way for a non-directory as
part of extracting content, use RemoveAll() instead of Remove().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When processing a directory tree, only descend into a directory that is
marked for exclusion if its path is literally a prefix of an exception
pattern.
Subtly, but in a way that's compatible with docker, this means that if
we exclude directory "subdir", but we've been told to also include
"**/file" (with an exclusion pattern of "!**/file"), we won't descend
into "subdir" and find a file named "subdir/file", because "**/file"
doesn't start with "subdir/".
More generally, exclusion patterns that start with "!" which include any
wildcards before their final component technically won't be treated
correctly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai
Jan Kaluza
Jan Rodák
openshift-merge-bot[bot]
Sascha Brawer
Kir Kolyshkin
David Negstad
Paul Holzinger
Chris Evich
Doug Rabson
Daniel J Walsh
Sascha Grunert
Valentin Rothberg
Giuseppe Scrivano
OpenShift Merge Robot