Add the --sign-by option to `buildah build-using-dockerfile`,
`buildah commit`, `buildah push`, and `buildah manifest push`. Add the
`--remove-signatures` option to `buildah pull`, `buildah push`, and
`buildah manifest push`. We just pass them to the image library, which
does all of the heavy lifting.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #2085
Approved by: rhatdan
We have moved share code from buildah, podman and others into containers/common.
Specifically for this PR we are moving to use containers/common/pkg/unshare and
containers/common/pkg/cgroups.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #2010
Approved by: QiWang19
This commit enabled the `unparam` linter and applies all reported issues.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1719
Approved by: rhatdan
We don't want to vendor anything from libpod into Buildah.
We want to switch this around. Moving pkg content from libpod
to Buildah allows us to fix this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1400
Approved by: giuseppe
Currently rootless podman attempts to write to /var/lib/containers/cache
and fails. This causes us to repeatedly push images that have already been
pushed. This cache directory should be relative to the location of containers/storage
and not always stored in the same directory.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1411
Approved by: TomSweeneyRedHat
- OCIInsecureSkipTLSVerify applies only to c/image/layout.Transport and
c/image/archive.Transport; in both, ImageTransport.DockerReference
always returns nil, which causes isReferenceSomething, and therefore
isRegistryInsecure, to always return false; i.e., this code
was never executed for those transports for which it could make a difference.
- The oci: and oci-archive: transports refer to local filesystems, so matching that
against docker/distribution hostnames does not really make sense.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1255
Approved by: rhatdan
Mostly this is a straightforward elimination of manual GetRegistries calls.
In getCopyOptions, we just remove setting the DockerInsecureSkipTLSVerify
values because the docker:// tranport now does that automatically. (This
actually changes behavior, because docker:// supports namespace prefixes
in addition to matching only by hostnames, but that's a superset of the
previous behavior.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1214
Approved by: rhatdan
The image library's copy routine doesn't itself consult the registries
configuration in order to decide whether or not to disable TLS
verification when communicating with a registry, so it's on us to use
the name of a source or destination image to decide whether to set the
flag for that behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1056
Approved by: rhatdan
When locating an image for pulling, inspection, or pushing, if we're
given an image name that doesn't include a domain/registry, try building
a set of candidate names using the configured registries as domains, and
then pull/inspect/push using the first of those names that works.
If a name that we're given corresponds to a prefix of the ID of a local
image, skip completion and use the ID directly instead.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #360
Approved by: rhatdan
buildah push supports manifest type conversion when pushing using the 'dir' transport
Manifest types include oci, v2s1, and v2s2
e.g buildah push --format v2s2 alpine dir:my-directory
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Have 'from', 'commit', and 'build-using-dockerfile' report progress via
stderr (so that capturing output from 'from' and 'commit' still works as
expected) unless --quiet is used to suppress the reporting.
Closes#94.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #98
Approved by: rhatdan
Pull most of the core logic from the CLI into a package that should be
easier to consume as a library. Add a "config" command that updates the
builder object's configuration.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai
Daniel J Walsh
Miloslav Trmač
Sascha Grunert
Giuseppe Scrivano
Urvashi Mohnani
TomSweeneyRedHat