Add a unit test that commits OCI layouts with various types of
compression specified, and verifies that the layers end up written with
the desired compression and media type descriptors.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Without this change, specifying `Compression: imagebuildah.Zstd` in
`imagebuildah`'s `BuildOptions fails, so it is not possible to push
cache to a registry with zstd compression.
Note this is only applicable to OCI manifests.
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
Dynamically link sqlite3 when installed, the main motivation is that we
reduce the podman binary size with that. I see about 3.2 MB savings.
But also dynamically linking it means if there a vulnerabilities only
the sqlite3 distro package needs updating and we don't have to make a
new podman release with the vendored update.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When using either --source-date-epoch or --timestamp, default to not
adding a label with our version number in it, since it can change
between builds.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Consistently use --releasever instead of --release in dnf examples
* Remove trailing whitespace
* Use --use-host-config --setopt "*.countme=false" when running dnf with
an empty --installroot
* Use Fedora 42 instead of Fedora 30 in examples
* Block quote console examples in tutorials
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Set up permissions on the scanner output directory so that scanners
whose images specify that they be run as non-root users can still write
to it. The most recent syft image exposed our bug.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When using either --source-date-epoch or --timestamp, make sure that
handling of RUN instructions uses a defined hostname if possible, and
commits using a reference to a static container name.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use $SOURCE_DATE_EPOCH as the default for the --source-date-epoch flag
to the "build" CLI.
When a source-date-epoch is set, we'll use it when writing new history
entries, force timestamps in data written for --output to the specified
timestamp, and populate a "SOURCE_DATE_EPOCH" ARG that we treat as
always being set, and which we don't complain about being left unused.
By default, this will not affect timestamps in newly-added layers.
Add a --rewrite-timestamp flag, which "clamps" timestamps in newly-added
layers to not be later than the --source-date-epoch value if the
--source-date-epoch flag is set, but has no effect otherwise.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --source-date-epoch flag, defaulting to $SOURCE_DATE_EPOCH if set,
which sets the created-on date and the timestamp for the new history
entries, but does not default to modifying the timestamps on contents in
new layers.
Add a --rewrite-timestamp flag, which "clamps" timestamps in the new
layers to not be later than the --source-date-epoch value if both
the --rewrite-timestamp and --source-date-epoch flags were set.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Ensure that when not invoked with --platform, we use the default
platform, and that when invoked with --platform, we use the platform
information from the base image that we ended up using for the build,
with no accidental mixing of the two.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We are not opting into the ostree backend, and it doesn't
build: https://github.com/containers/image/pull/2821 .
So, stop referencing the dependency.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Flag `--add-host` should support `host-gateway` when argument is in the
form of `buildah build --add-host=proxyhost:host-gateway .`
This is consistent with podman.
Closes: https://github.com/containers/podman/issues/26034
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
The `filepath.Glob` function does not provide deterministic output. In order to achieve a reproducible build, files must be copied in a deterministic manner, and `filepath.Glob` did not guarantee this. Other functions such as `filepath.Walk` and `os.ReadDir` return deterministic output. So copying files to the image is done in the same order each time.
Fixes: https://issues.redhat.com/browse/RUN-2661
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Run integration tests (both as root and rootless) with both crun and
runc on Fedora, to help ensure that we can use either.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Tweak the wording that describes the effects of --cgroup-parent to be
clear that it only affects handling of RUN instructions.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the named constants for the status values that runtimes can report
to us when we run them with the "state" command.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a dummy "runtime" that just dumps its runtime config, either the
entirety of it, or a section of it corresponding to each command line
argument. Tests can use it to ensure that we set the right thing in the
configuration without also depending on the runtime to do as its asked,
which isn't always something we have control over.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Handle requested relabeling of bind mounts (i.e., the "z" and "Z" flags)
directly, instead of letting the runtime handle the relabeling.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Replace our use of the
github.com/docker/docker/api/types.BuildCachePruneOptions with the
github.com/docker/docker/api/types/build.CachePruneOptions type, which
the former is now an alias for.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai
Aaron Lehmann
openshift-merge-bot[bot]
renovate[bot]
Paul Holzinger
flouthoc
Miloslav Trmač
Jan Rodák
John Kwiatkoski