Add support for secrets. Secrets is a two-part flag that allows secret files to
be accessed for a certain RUN instruction, but not any other
instructions, as well as now showing up in the final image.
Signed-off-by: Ashley Cui <acui@redhat.com>
Move all code related handling container image over to the new
`libimage` package in containers/common. The new package is an
attempt to consolidate the code across the containers tools under the
github.com/containers umbrella.
The new `libimage` packages provides functionality to perform all kinds
of operations for managing images such as local lookups, pushing,
pulling, listing, removing, etc.
The following packages have been moved over the containers/common:
`manifests` -> `common/image/manifests`
`pkg/manifests` -> `common/pkg/manifests`
`pkg/supplemented` -> `common/pkg/supplemented`
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Golangs os.* functions return the name of the file/directory they
fail to use. We should not wrap these errors with the file/directory
to use names, causes stuttering when the user sees the errors, and looks
bad having huge error messages.
Since this is just code cleanup, existing tests should handle the
changes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When we parse isolation we expect users to input chroot, oci, rootless.
So when we translate the constants back to strings, we should use the
same values.
These human names need to be passed over the podman-remote build
bindings, so we need to make them match.
Also docker describes an isolation of "default", which we should also
handle for potential scripts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want to shrink the size of the import when importing pkg from
buildah. This should help us shrink the size of the golang bindings
in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1900822
Currently we are not passing the TMPDIR to the destination context
so when copying to containers storage we always fall back to /var/tmp.
This change sets the destination to match the source, so we can better
handle the storage.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Remove --override-os and --override-arch flags.
Also use --platform option if specified when generating the SystemContext.
Conflict --platform option with --os, --arch and --variant options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently if you give a bogus --network flag,
buildah just ignores it and continues on.
This change will throw proper errors.
Add tests to make sure it works correctly.
Also remove some stuttering to clean up error messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When we carried over the linting configuration from podman, we carried
over the list of checkers that were disabled for podman's sake, even
ones that don't complain about the code in this repository.
Make trivial changes to make gosimple happy.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Change calls to Split to SplitN when we are splitting on an "=" sign to make sure
we're not over chopping what the caller requested.
I started this search after seeing https://github.com/containers/podman/pull/7759.
I'll do similar for Podman, but initial results on my search is order of
magnitudes bigger there.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Podman namespaces flags handle the options slightly differently.
Specifically namespace flag `container` is very different.
Replace the `container` option with `private` to better match podman
but continue to support `container`
Similarly Podman expects --network ns:/PATH to allow the indication of a
path to a precreated network namespace. Buildah just supported
--network /PATH, buildah will now support both formats, but document
ns:/path.
Finally use Aliases for fix some duplicated code in buildah.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2443: Allow "readonly" as alias to "ro" in mount options r=rhatdan a=mariushoch
Apparently docker supports this as well, see [Use a read-only volume](https://docs.docker.com/storage/volumes/#use-a-read-only-volume) in the docker docs.
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
To be fully compatible with docker in this regard.
#### How to verify it
With a mount option like `type=bind,source=/var/source,target=/src,readonly`.
```release-note
None
```
Co-authored-by: Marius Hoch <hoo@online.de>
In porting containers.conf to libpod, we found that buildah needed
to handle the containers.conf on the server side rather then from
the CLI.
Since the `podman-remote build` would probably not have the same content
as containers.conf on the server, the processesing of the defaults needs
to be handled in imagebuildah. The CapAdd and CapDrop values need to be
passed in.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When building images we now allow the architecture and operating system
to be overwritten via the new `--os` and `--arch` flags. This allows the
use case of packing pre-built or cross-compiled binaries into container
images with specifying the correct environment. The `--platform` flag
now takes the `os/arch` format into account as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #2097
Approved by: rhatdan
This is a rework of Qi Wang's patches.
Import package pkg/config from containers/common to read containers.conf
This patch allows users to specify default values stored in containers.conf
that will modify the behaviour of buildah tool.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #2011
Approved by: TomSweeneyRedHat
If the volume option was specified like: `--volume "${HOME}/.cache/zae9ujei:/myvol:rw,Z"`,
the COBRA code that processed the input from the user was considering the value to be a
SliceVar with two volumes `${HOME}/.cache/zae9ujei:/myvol:rw` and `Z` due to the comma.
Converted the COBRA code to consider the input as an ArrayVar instead and the value is
handled appropriately. Also increased the testing to catch this going forward.
Addresses: #2000
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #2039
Approved by: rhatdan
Or set it to /var/tmp if the user did not specify.
Currently certain large workloads can not be handled because users are running
out of space on pulls/ and pushes. Containers/image stores data temporarily in
the file system. This allows the user to overide the location of the temporary
storage.
Also update containers/image to v5.0.1
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Thanks to Dmitry Smirnov @onlyjob for suggesting this tool.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1985
Approved by: TomSweeneyRedHat
This change is required to allow podman for windows to build.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1855
Approved by: TomSweeneyRedHat
Some Dockerfiles (fuse-overlay) require additional devices to be in the
build environment.
This patch allows the user to specify additional devices.
Also I noticed that CapAdd and CapDrop was not working in buildah bud situations,
so this patch also fixes this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1820
Approved by: @TomSweeneyRedHat
Also, ensure ordering is correct on other entries. The current
code will increment *after* checking for validity in some cases,
which allows such options as '-v /tmp:/test1:ro,rw' to pass
validation when they obviously don't make much sense.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Closes: #1794
Approved by: rhatdan
when running in rootless mode, use fuse-overlayfs for mounting the
overlay file system on the host. Then create a bind mount inside the
container.
Closes: https://github.com/containers/buildah/issues/1741
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1743
Approved by: rhatdan
This commit enabled to golint linter in golangci-lint and applies all
necessary fixes.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1740
Approved by: rhatdan
move ValidateVolumeOpts from libpod to buildah so libpod can vendor it in.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1698
Approved by: rhatdan
close#1464
fix the paring typo cpu-shared of --cpu-shares.
fix expect value in from.bats
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1662
Approved by: TomSweeneyRedHat
Overlay mounts allow buildah bud and buildah from to
specify a directory on the disk that will be mounted
as an overlay into the container, where the overlay can be written to
but when the RUN or buildah run exits, the modified files will dissapear.
The basic idea is to be able to mount cache from the disk for things like yum/dnf/apt
to be able to be used and modified in the contianer on a run command, but to be
kept fresh for each RUN.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1560
Approved by: giuseppe
Fix the bug that buildah reads /var/run/containers.. as authentication file.(in readme files it should be /run/containers/uid).
Add `buildah login`, `buildah logout` to close#1329, enable to use buildah login before running buildah bud for multi-stage bud and avoiding using --creds flag.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1501
Approved by: rhatdan
buildah bud is ignoring --volumes flag.
This patch parses the volumes and then passes them into the builder to be used.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1559
Approved by: vrothberg
the podman remote-client for windows pulls in some buildah code for
things like commit and build. we need to perform some slight
refactoring of buildah code to accomodate that build.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1551
Approved by: rhatdan
- pass all proxy env vars
- --http-proxy option for bud and from
- bash_completion and docs
Signed-off-by: James Cassell <code@james.cassell.me>
Closes: #1525
Approved by: giuseppe
use --dns* flags to change /etc/resolv.conf in the container during the build.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1491
Approved by: rhatdan
Cobra does not allow a "," in a StringSlice, so we should
be using StringArrays. This fixes issues with setting
security-opts level flags.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1467
Approved by: TomSweeneyRedHat
Ashley Cui
Valentin Rothberg
Daniel J Walsh
Josh Soref
Eduardo Vega
Nalin Dahyabhai
TomSweeneyRedHat
bors[bot]
Marius Hoch
dependabot-preview[bot]
Qi Wang
Brandon Lum
Sascha Grunert
Miloslav Trmač
Matthew Heon
Giuseppe Scrivano
Jordan Webb
baude
James Cassell