Remove the parent image's ID from the config blob when we're squashing
the image, since after squashing, we share no layers or history with
what was once our base image, and leaving it set triggers verification
errors in registries that expect consistency between parent IDs and
perhaps layers and history.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Golangs os.* functions return the name of the file/directory they
fail to use. We should not wrap these errors with the file/directory
to use names, causes stuttering when the user sees the errors, and looks
bad having huge error messages.
Since this is just code cleanup, existing tests should handle the
changes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
every error from copier.Get was previously lost and not propagated
back. That caused the caller to believe the operation was successful
and lead to incomplete images on errors.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This PR removes the pkg/auth which brings in docker/docker
since it really is not needed, and was only there to help users
discover the settings of where the authfile was, when the environment
variables were set. Would almost never be of any value.
Move imagebuildah.BuildOptions to define.BuildOptions
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the name of the base image being used by the build
in the comments of the first layer created.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
We want to shrink the size of the import when importing pkg from
buildah. This should help us shrink the size of the golang bindings
in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If UID and GID mappings are specified, the container has a
mapped-layer, whose diffID is not computed when created.
Committing the image fails due to lack of diffID. This fix
computes diffID at creating an image source if a layer
doesn't have a diffID (UncompressedDigest).
This fix also tests if a container with UID and GID mappings
can be committed.
Signed-off-by: Hironori Shiina <shiina.hironori@fujitsu.com>
Golang built in functions like os.Create and others print the name of
the file system object when they fail. Wrapping them a second time
with the file system object, makes the error message look like crap
when reported to the user.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Avoid forcing the timestamps on content in new layers to the current
time when a timestamp is not specified.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We recieved feedback on the --omit-timestamp that
users would rather specify the timestamp seconds
rather then just use EPOCH.
This PR removes --omit-timestamp from buildah bud
since this has never been released.
We also hide --omit-timestamp from buildah commit
and allow users to continue to use it, but it conflicts
with --timestamp.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use the copier package to rework how we handle ADD and COPY.
When evaluating cache for content that's being copied/added in, switch
from (digest the data, check for a cache entry, then maybe copy the data
and create the new layer) to (copy the data and create the new layer,
digesting as we go, check for a cache entry, either commit or discard
the new layer).
Use the copier package for ADD, COPY, and for ensuring that a specified
directory exists in the working container's rootfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Currently you can only do deterministic builds with commit command
this change will cause the metadata in the container image to be
epoch 0.
Next step is to save the data in the tar balls as 0.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Remove these error checks since the instanceDigest is not used
and can just be ignored.
Signed-off-by: zvier <liuzekun0524@163.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
For the sake of the Docker output format, always set the ContainerID
field, and if we have a non-nil Config, set ContainerConfig to the same
values.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1989
Approved by: rhatdan
Update the blobcache implementation to match API changes to the image
library.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1902
Approved by: rhatdan
If Squash is set, then we're only committing one layer, so if EmptyLayer
is set, which would normally tell us to skip committing the final layer,
we should ignore the EmptyLayer flag.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1839
Approved by: TomSweeneyRedHat
Don't try to use zstd to compress layers until we know what MIME type to
use to describe layers that are compressed with zstd.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1723
Approved by: TomSweeneyRedHat
Fix handling of ID mapping for COPY: when copying from other containers,
use their mappings, and when copying from the host, use host mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1630
Approved by: TomSweeneyRedHat
When building an image with multiple layers, go back to committing
images for instructions for which we previously wouldn't bother
committing an image, but create them without adding a new layer.
This violates some assumptions that we currently make elsewhere, as it's
possible for an image that's derived from a base image to add no layers
relative to the base image, when previously it was always the case that
we'd add at least one whenever we committed it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1539
Approved by: rhatdan
Instead of passing in an increasing number of the fields of
CommitOptions to makeImageRef(), just pass the whole thing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1539
Approved by: rhatdan
Always set a parent ID when we go to commit an image, whether it's as
part of build-using-dockerfile or our "commit" CLI. Coerce the parent
image's ID directly into the value that we use instead of digesting it
again.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1538
Approved by: vrothberg
Set the CreatedBy field of the new image's new history item to the shell
if we don't have a different value to set.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
By default, a field called "createdAt" is written into the image manifest.
However, even if my image build process is perfectly deterministic, the image
sha256 hash will be different every time, even if my sources are exactly the
same. In many cases it is desirable that the same input results in the exactly
same output.
This commit introduces the flag --omit-timestamp to the commit command. If set to
true, the timestamp is set to epoch 0, instead of the current timestamp (which
causes different results every time commit is invoked).
Signed-off-by: Johannes Brüderl <johannes.bruederl@gmail.com>
Closes: #1294
Approved by: nalind
Add configuration methods for adding entries which will show up in a
committed image's history, both before and after the new layer that we
add while committing the image. Expose them from the CLI in the form of
a new --add-history option for the "add", "config", "copy", and "run"
commands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1300
Approved by: rhatdan
NOTE: This is a very minimal update; blobinfocache.go should be
substantially reworked to benefit from the cache instead of decompressing
layers to get the DiffID values.
Also removes some HasBlob checks in the blobinfocache test suite which don't have
a direct equivalent in the new API, and makes the test suite independent
of host's signature policy.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1218
Approved by: rhatdan
Add API hooks for designating locations to be used as blob caches when
pulling and pushing images. When we commit read-only copies of
container layers for use in images, if we're using blob caching, store a
copy of the layer in the blob cache directory so that it can be found.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1149
Approved by: rhatdan
Make sure that when attempting to diagnose an error, if we encounter an
error during the diagnostic attempt, we return the original error rather
than the error encountered in trying to diagnose it. Log that one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1072
Approved by: rhatdan
Update github.com/containers/storage and github.com/containers/image,
and modify containerImageRef.NewImageSource() to account for the change
that the ReadCloser that store.Diff() returns now holds a lock until
it's closed, and because that's the same lock that store.PutLayer()
takes, we can't read more than one layer's contents at a time.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1024
Approved by: nalind
Use ID mapping information when setting permissions on content that we
add to the container, and on secrets that we copy in, on pipes that we
use for stdio, and when extracting the whole filesystem as a "layer".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #700
Approved by: rhatdan
Handle a Squash option when committing images, and make it available as
a flag for "buildah commit" and "buildah build-using-dockerfile".
Breaks up containerImageRef.NewImageSource to keep the complexity more
manageable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #714
Approved by: rhatdan
Return errors indicating that a containerImageSource doesn't support
manifest lists when methods that take an instance digest are given
non-nil values, instead of the catch-all TODO errors that they used to
return.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #705
Approved by: rhatdan
Add options to "buildah config" for setting comment, domainname, and
hostname configuration bits, and the comment in history items which
describe layers that we add, and tests for them. Add a test for the
--shell option while we're at it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #641
Approved by: rhatdan
Changes to paramters in functions.
Change to the error returned by the oci and oci-archive transport.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #578
Approved by: rhatdan
Fixes the naming issue of blobs and config for the dir transport
by removing the .tar extension
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #489
Approved by: rhatdan
When building an image's config blob, add a sanity check that the number
of diffIDs that we're including matches the number of entries in the
history which don't claim to be empty layers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #383
Approved by: rhatdan
Update shallowCopy() to work with the newer version of image.
Remove things from Push() that we don't need to do any more.
Preserve digests in image names, make sure we update creation times, and
add a test to ensure that we can pull, commit, and push using such names
as sources.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #187
Approved by: rhatdan
Update to adjust to new types and method signatures in just-updated
vendored code.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #174
Approved by: rhatdan
Add CommitOption option that to allow a caller to specify a creation
timestamp to use in images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #141
Approved by: rhatdan
Nalin Dahyabhai
Daniel J Walsh
Giuseppe Scrivano
Ashley
Diego
Hironori Shiina
zvier
Miloslav Trmač
Sascha Grunert
Johannes Brüderl
Valentin Rothberg
TomSweeneyRedHat
umohnani8