Sometime around `docker.io 20.10.2-0ubuntu1~20.04.2` several error
message strings were updated from `file not found` to `file does not
exist`. This breaks conformance testing. Fix this by adding in
the new error message.
Signed-off-by: Chris Evich <cevich@redhat.com>
When SELinux is enabled, add the :Z mount flag to transient mounts that
we use in the tests that use transient mounts.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In Docker if you are copying more then one object, and
one of them is successful, then the command is successful. Currently in
buildah each glob has to be successful. This PR matches Buildah to
Docker.
Fixes: https://github.com/containers/podman/issues/9594
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add conformance tests that ensure that when we COPY a subdirectory
that's specified as an absolute path, that we don't regress on treating
the absolute path as still being relative to the build context's
location.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Check that COPY --from doesn't do something different when given a
symbolic link as its source than it would without the --from.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Expand conformance test coverage for COPY --chown, and correct our
behavior when the argument is a single number: instead of assuming the
number is the UID and GID = 0, the GID should be the same as the UID.
This means that we can't quite use the same function for parsing the
arguments for COPY --chown and USER, as they evidently have different
defaults for the case where the argument is a single number.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we're using the overlay driver (which means we know overlay is
available), use it to make volumes appear to be writeable during RUN
instructions instead of saving/restoring their contents.
This avoids having to copy the contents of the volume directory before
each RUN instruction, and having to remove and extract the contents
after each RUN instruction, which should be faster, particularly if the
amount of content in that volume location is large.
For empty directories, it will at least avoid adding an "opaque"
notation for the directory in a layer that might otherwise be empty.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This PR removes the pkg/auth which brings in docker/docker
since it really is not needed, and was only there to help users
discover the settings of where the authfile was, when the environment
variables were set. Would almost never be of any value.
Move imagebuildah.BuildOptions to define.BuildOptions
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Always create the destination directory first when ADDing or COPYing
content into a container, then extract contents into it using the
destination directory as the chroot instead of the container's root
directory.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We want to shrink the size of the import when importing pkg from
buildah. This should help us shrink the size of the golang bindings
in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Current version of Docker, has a bug we believe, that is
creating top level directories when using ADD and COPY of
tar balls. Basically the directories end up with a 777
permissions, Buildah creates these with 755, which we
believe is correct, and matches older versions of Docker.
We need to revert this patch once we have a version of Docker
that creates these direcories with the corret permissions.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Prior to Docker 20.10, failed COPY/ADD instructions result in error
messages containing the string `no such file or directory`. This was
changed in docker to a string containing `file not found`. Since
the conformance tests potentially need to work with multiple docker
versions, they need to be sensitive to both errors.
Signed-off-by: Chris Evich <cevich@redhat.com>
Improve handling of cases where extracting an archive requires us to
replace a directory with something that is not a directory, or vice-
versa:
* when replacing a directory with something that isn't a directory,
remove the directory even if it has contents
* don't fail when replacing something that isn't a directory with a
directory
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Ignore PAX global headers when extracting archives, like the archive
package does, instead of erroring out.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When a directly-named (or globbed) source directory for ADD or COPY is
marked for exclusion by .dockerignore, check if its name is a prefix for
any exceptions in the .dockerignore file, and if it is, check the
directory for things we need to include anyway.
This will miss exceptions where the pattern uses a wildcard for anything
but the final component.
When adding items, count items that are actually passed over the tar
pipe, rather than items scanned, so that we can correctly diagnose not
having found anything that we needed to copy under a directory that
would otherwise have been excluded.
In copierHandlerGet(), just don't discount any globbed directories that
are excluded.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When ADD was used to ADD a directory, the contents of archives that we
found inside of it were incorrectly being expanded at the destination
for the ADD.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we carried over the linting configuration from podman, we carried
over the list of checkers that were disabled for podman's sake, even
ones that don't complain about the code in this repository.
Make trivial changes to make gosimple happy.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When extracting archives that are added using ADD, don't override
permissions and ownership information. We regressed on this when we
switched to using the copier package to handle them.
Add a conformance test to prevent regressions on this.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
COPY --from was incorrectly discarding ownership information on files
copied from other layers, which unlike content copied from the build
context, should not default to being owned by 0:0.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the copier package to rework how we handle ADD and COPY.
When evaluating cache for content that's being copied/added in, switch
from (digest the data, check for a cache entry, then maybe copy the data
and create the new layer) to (copy the data and create the new layer,
digesting as we go, check for a cache entry, either commit or discard
the new layer).
Use the copier package for ADD, COPY, and for ensuring that a specified
directory exists in the working container's rootfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When ADDing an archive file, the destination file-name is blanked out to ensure
that archive contents are extracted in-place. However, when COPYing an
archive-file, we don’t want to blank out the destination filename.
Fixes: #2549
Signed-off-by: Sebastian Reuße <seb@wirrsal.net>
Ignore the buildah.BuilderIdentityAnnotation label when comparing images
that we build with images built using other tools, which of course don't
automatically set that label.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
For the sake of conformance tests, callers need to be able to strip
setuid and setgid bits from contents being copied from the build context
while leaving the sticky bit intact. Split the StripSetidBits option
for copier.Get() into three separate flags (StripSetuidBit /
StripSetgidBit / StripStickyBit).
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Move the conformance tests from ginkgo to using the default testing
package and github.com/stretchr/testify/require, preserving the existing
tests and adding more.
Add conformance tests to our Cirrus configuration, currently marked as
an allowed failure.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Chris Evich
Nalin Dahyabhai
Daniel J Walsh
Josh Soref
OpenShift Merge Robot
Sebastian Reuße