diff options
author | Aditya R <arajan@redhat.com> | 2022-05-25 01:54:25 +0530 |
---|---|---|
committer | Aditya R <arajan@redhat.com> | 2022-05-26 21:01:31 +0530 |
commit | 66a56ce05a577913a66c3d3f98c47cbe6cb4a3c0 (patch) | |
tree | 6f0be19d2b25a00bde9b4693693614291b5f254f /vendor/github.com | |
parent | 6124b51993b0a8010b7b276086cf4464e168932a (diff) | |
download | podman-66a56ce05a577913a66c3d3f98c47cbe6cb4a3c0.tar.gz podman-66a56ce05a577913a66c3d3f98c47cbe6cb4a3c0.tar.bz2 podman-66a56ce05a577913a66c3d3f98c47cbe6cb4a3c0.zip |
vendor: bump buildah to v1.26.1-0.20220524184833-5500333c2e06
Bump buildah to v1.26.1-0.20220524184833-5500333c2e06
Signed-off-by: Aditya R <arajan@redhat.com>
Diffstat (limited to 'vendor/github.com')
31 files changed, 711 insertions, 143 deletions
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index 36fa66893..46e5dc9d6 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -2,11 +2,6 @@ # Changelog -## v1.26.1 (2022-05-04) - - Make `buildah build --label foo` create an empty "foo" label again - Bump to v1.27.0-dev - ## v1.26.0 (2022-05-04) imagebuildah,build: move deepcopy of args before we spawn goroutine diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index 127c674bf..a8a010bcd 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,7 +1,3 @@ -- Changelog for v1.26.1 (2022-05-04) - * Make `buildah build --label foo` create an empty "foo" label again - * Bump to v1.27.0-dev - - Changelog for v1.26.0 (2022-05-04) * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go index 00aa29ccc..8b6e1bf46 100644 --- a/vendor/github.com/containers/buildah/copier/copier.go +++ b/vendor/github.com/containers/buildah/copier/copier.go @@ -40,14 +40,6 @@ const ( func init() { reexec.Register(copierCommand, copierMain) - // Attempt a user and host lookup to force libc (glibc, and possibly others that use dynamic - // modules to handle looking up user and host information) to load modules that match the libc - // our binary is currently using. Hopefully they're loaded on first use, so that they won't - // need to be loaded after we've chrooted into the rootfs, which could include modules that - // don't match our libc and which can't be loaded, or modules which we don't want to execute - // because we don't trust their code. - _, _ = user.Lookup("buildah") - _, _ = net.LookupHost("localhost") } // isArchivePath returns true if the specified path can be read like a (possibly @@ -712,6 +704,15 @@ func copierMain() { encoder := json.NewEncoder(os.Stdout) previousRequestRoot := "" + // Attempt a user and host lookup to force libc (glibc, and possibly others that use dynamic + // modules to handle looking up user and host information) to load modules that match the libc + // our binary is currently using. Hopefully they're loaded on first use, so that they won't + // need to be loaded after we've chrooted into the rootfs, which could include modules that + // don't match our libc and which can't be loaded, or modules which we don't want to execute + // because we don't trust their code. + _, _ = user.Lookup("buildah") + _, _ = net.LookupHost("localhost") + // Set logging. if level := os.Getenv("LOGLEVEL"); level != "" { if ll, err := strconv.Atoi(level); err == nil { diff --git a/vendor/github.com/containers/buildah/define/build.go b/vendor/github.com/containers/buildah/define/build.go index 568be203c..bf9bf7fb2 100644 --- a/vendor/github.com/containers/buildah/define/build.go +++ b/vendor/github.com/containers/buildah/define/build.go @@ -11,6 +11,21 @@ import ( "golang.org/x/sync/semaphore" ) +// AdditionalBuildContext contains verbose details about a parsed build context from --build-context +type AdditionalBuildContext struct { + // Value is the URL of an external tar archive. + IsURL bool + // Value is the name of an image which may or may not have already been pulled. + IsImage bool + // Value holds a URL, an image name, or an absolute filesystem path. + Value string + // Absolute filesystem path to downloaded and exported build context + // from external tar archive. This will be populated only if following + // buildcontext is created from IsURL and was downloaded before in any + // of the RUN step. + DownloadedCache string +} + // CommonBuildOptions are resources that can be defined by flags for both buildah from and build type CommonBuildOptions struct { // AddHost is the list of hostnames to add to the build container's /etc/hosts. @@ -121,6 +136,8 @@ type BuildOptions struct { Compression archive.Compression // Arguments which can be interpolated into Dockerfiles Args map[string]string + // Map of external additional build contexts + AdditionalBuildContexts map[string]*AdditionalBuildContext // Name of the image to write to. Output string // BuildOutput specifies if any custom build output is selected for following build. @@ -187,6 +204,8 @@ type BuildOptions struct { DropCapabilities []string // CommonBuildOpts is *required*. CommonBuildOpts *CommonBuildOptions + // CPPFlags are additional arguments to pass to the C Preprocessor (cpp). + CPPFlags []string // DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format DefaultMountsFilePath string // IIDFile tells the builder to write the image ID to the specified file diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go index 459a161cd..985558140 100644 --- a/vendor/github.com/containers/buildah/define/types.go +++ b/vendor/github.com/containers/buildah/define/types.go @@ -29,7 +29,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.26.1" + Version = "1.27.0-dev" // DefaultRuntime if containers.conf fails. DefaultRuntime = "runc" @@ -127,13 +127,18 @@ func TempDirForURL(dir, prefix, url string) (name string, subdir string, err err return "", "", errors.Wrapf(err, "error parsing url %q", url) } if strings.HasPrefix(url, "git://") || strings.HasSuffix(urlParsed.Path, ".git") { - combinedOutput, err := cloneToDirectory(url, name) + combinedOutput, gitSubDir, err := cloneToDirectory(url, name) if err != nil { if err2 := os.RemoveAll(name); err2 != nil { logrus.Debugf("error removing temporary directory %q: %v", name, err2) } return "", "", errors.Wrapf(err, "cloning %q to %q:\n%s", url, name, string(combinedOutput)) } + // Check if git url specifies any subdir + // if subdir is there switch to subdir. + if gitSubDir != "" { + name = filepath.Join(name, gitSubDir) + } return name, "", nil } if strings.HasPrefix(url, "github.com/") { @@ -170,17 +175,29 @@ func TempDirForURL(dir, prefix, url string) (name string, subdir string, err err return "", "", errors.Errorf("unreachable code reached") } -func cloneToDirectory(url, dir string) ([]byte, error) { - gitBranch := strings.Split(url, "#") +func cloneToDirectory(url, dir string) ([]byte, string, error) { + gitSubdir := "" + gitBranch := "" + gitBranchPart := strings.Split(url, "#") var cmd *exec.Cmd - if len(gitBranch) < 2 { - logrus.Debugf("cloning %q to %q", url, dir) - cmd = exec.Command("git", "clone", url, dir) + if len(gitBranchPart) > 1 { + // check if string contains path to a subdir + gitSubDirPart := strings.Split(gitBranchPart[1], ":") + if len(gitSubDirPart) > 1 { + gitSubdir = gitSubDirPart[1] + } + gitBranch = gitSubDirPart[0] + } + if gitBranch == "" { + logrus.Debugf("cloning %q to %q", gitBranchPart[0], dir) + cmd = exec.Command("git", "clone", "--recurse-submodules", gitBranchPart[0], dir) } else { - logrus.Debugf("cloning repo %q and branch %q to %q", gitBranch[0], gitBranch[1], dir) - cmd = exec.Command("git", "clone", "--recurse-submodules", "-b", gitBranch[1], gitBranch[0], dir) + logrus.Debugf("cloning repo %q and branch %q to %q", gitBranchPart[0], gitBranch, dir) + cmd = exec.Command("git", "clone", "--recurse-submodules", "-b", gitBranch, gitBranchPart[0], dir) } - return cmd.CombinedOutput() + + combinedOutput, err := cmd.CombinedOutput() + return combinedOutput, gitSubdir, err } func downloadToDirectory(url, dir string) error { diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod index cd3d63a0f..a66698be2 100644 --- a/vendor/github.com/containers/buildah/go.mod +++ b/vendor/github.com/containers/buildah/go.mod @@ -5,12 +5,12 @@ go 1.16 require ( github.com/containerd/containerd v1.6.4 github.com/containernetworking/cni v1.1.0 - github.com/containers/common v0.48.0 - github.com/containers/image/v5 v5.21.1 + github.com/containers/common v0.48.1-0.20220519181648-280c6f69fa82 + github.com/containers/image/v5 v5.21.2-0.20220520105616-e594853d6471 github.com/containers/ocicrypt v1.1.4-0.20220428134531-566b808bdf6f - github.com/containers/storage v1.40.2 + github.com/containers/storage v1.41.1-0.20220517121726-5019cd55275c github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v20.10.14+incompatible + github.com/docker/docker v20.10.16+incompatible github.com/docker/go-units v0.4.0 github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 github.com/fsouza/go-dockerclient v1.7.11 @@ -23,7 +23,7 @@ require ( github.com/onsi/gomega v1.19.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84 - github.com/opencontainers/runc v1.1.1 + github.com/opencontainers/runc v1.1.2 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/runtime-tools v0.9.0 github.com/opencontainers/selinux v1.10.1 diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum index b73dc0069..65302e94e 100644 --- a/vendor/github.com/containers/buildah/go.sum +++ b/vendor/github.com/containers/buildah/go.sum @@ -217,7 +217,6 @@ github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0 github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s= github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE= -github.com/containerd/containerd v1.6.3/go.mod h1:gCVGrYRYFm2E8GmuUIbj/NGD7DLZQLzSJQazjVKDOig= github.com/containerd/containerd v1.6.4 h1:SEDZBp10mhCp+hkO3Njz/YhGrI7ah3edNcUlRdUPOgg= github.com/containerd/containerd v1.6.4/go.mod h1:oWOqbuJUZmOVafhA0lj2NAXbiO1u7F0K5l1bUgdyo94= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -239,7 +238,6 @@ github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZH github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk= github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= -github.com/containerd/go-cni v1.1.4/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= github.com/containerd/go-cni v1.1.5/go.mod h1:Rf2ZrMycr1El589IyuRzn7RkfdRZVKaFGaxSDHVAjj0= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= @@ -285,10 +283,11 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE= github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNGz0C1d3wVYlHE= github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8= -github.com/containers/common v0.48.0 h1:997nnXBZ+eNpfSM7L4SxhhZubQrfEyw3jRyNMTSsNlw= -github.com/containers/common v0.48.0/go.mod h1:zPLZCfLXfnd1jI0QRsD4By54fP4k1+ifQs+tulIe3o0= -github.com/containers/image/v5 v5.21.1 h1:Cr3zw2f0FZs4SCkdGlc8SN/mpcmg2AKG4OUuDbeGS/Q= -github.com/containers/image/v5 v5.21.1/go.mod h1:zl35egpcDQa79IEXIuoUe1bW+D1pdxRxYjNlyb3YiXw= +github.com/containers/common v0.48.1-0.20220519181648-280c6f69fa82 h1:+FcjjNdCzhLp9jmkkZJ9wxqGwFtQVlKKDR/GWHwTOXY= +github.com/containers/common v0.48.1-0.20220519181648-280c6f69fa82/go.mod h1:Ru/JjL1CTHzlxghVMhchzcFUwHLvlIeR5/SUMw8VUOI= +github.com/containers/image/v5 v5.21.2-0.20220511203756-fe4fd4ed8be4/go.mod h1:OsX9sFexyGF0FCNAjfcVFv3IwMqDyLyV/WQY/roLPcE= +github.com/containers/image/v5 v5.21.2-0.20220520105616-e594853d6471 h1:2mm1jEFATvpdFfp8lUB/yc237OqwruMvfIPiVn1Wpgg= +github.com/containers/image/v5 v5.21.2-0.20220520105616-e594853d6471/go.mod h1:KntCBNQn3qOuZmQuJ38ORyTozmWXiuo05Vef2S0Sm5M= github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU= github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= @@ -299,9 +298,10 @@ github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pA github.com/containers/ocicrypt v1.1.4-0.20220428134531-566b808bdf6f h1:hffElEaoDQfREHltc2wtFPd68BqDmzW6KkEDpuSRBjs= github.com/containers/ocicrypt v1.1.4-0.20220428134531-566b808bdf6f/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g= github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4= -github.com/containers/storage v1.40.0/go.mod h1:zUyPC3CFIGR1OhY1CKkffxgw9+LuH76PGvVcFj38dgs= -github.com/containers/storage v1.40.2 h1:GUlHaGnrs1JOEwv6YEvkQdgYXOXZdU1Angy4wgWNgF8= github.com/containers/storage v1.40.2/go.mod h1:zUyPC3CFIGR1OhY1CKkffxgw9+LuH76PGvVcFj38dgs= +github.com/containers/storage v1.41.0/go.mod h1:Pb0l5Sm/89kolX3o2KolKQ5cCHk5vPNpJrhNaLcdS5s= +github.com/containers/storage v1.41.1-0.20220517121726-5019cd55275c h1:DQVf7UhxndNUtZ2+BIS/GtEdzszxMxrdqe43DRKRV2w= +github.com/containers/storage v1.41.1-0.20220517121726-5019cd55275c/go.mod h1:HjV2DQuTFnjKYXDS3foE1EHODXu+dKHi7gT+uxT+kNk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -353,8 +353,9 @@ github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w= -github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.15+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.16+incompatible h1:2Db6ZR/+FUR3hqPMwnogOPHFn405crbpxvWzKovETOQ= +github.com/docker/docker v20.10.16+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= @@ -631,8 +632,9 @@ github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.2 h1:3WH+AG7s2+T8o3nrM/8u2rdqUEcQhmga7smjrT41nAw= github.com/klauspost/compress v1.15.2/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ= +github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -773,8 +775,9 @@ github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84 github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= -github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU= github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= +github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw= +github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -811,8 +814,9 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/proglottis/gpgme v0.1.1 h1:72xI0pt/hy7pqsRxk32KExITkXp+RZErRizsA+up/lQ= github.com/proglottis/gpgme v0.1.1/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0= +github.com/proglottis/gpgme v0.1.2 h1:dKlhDqJ0kdEt+YHCD8FQEUdF9cJj/+mbJUNyUGNAEzY= +github.com/proglottis/gpgme v0.1.2/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index cf0a7cfba..cc37f5c9a 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -28,6 +28,7 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/hashicorp/go-multierror" + "github.com/mattn/go-shellwords" v1 "github.com/opencontainers/image-spec/specs-go/v1" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/openshift/imagebuilder" @@ -157,7 +158,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B // pre-process Dockerfiles with ".in" suffix if strings.HasSuffix(dfile, ".in") { - pData, err := preprocessContainerfileContents(logger, dfile, data, options.ContextDirectory) + pData, err := preprocessContainerfileContents(logger, dfile, data, options.ContextDirectory, options.CPPFlags) if err != nil { return "", nil, err } @@ -211,7 +212,10 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B } if options.AllPlatforms { - options.Platforms, err = platformsForBaseImages(ctx, logger, paths, files, options.From, options.Args, options.SystemContext) + if options.AdditionalBuildContexts == nil { + options.AdditionalBuildContexts = make(map[string]*define.AdditionalBuildContext) + } + options.Platforms, err = platformsForBaseImages(ctx, logger, paths, files, options.From, options.Args, options.AdditionalBuildContexts, options.SystemContext) if err != nil { return "", nil, err } @@ -467,7 +471,7 @@ func warnOnUnsetBuildArgs(logger *logrus.Logger, node *parser.Node, args map[str // preprocessContainerfileContents runs CPP(1) in preprocess-only mode on the input // dockerfile content and will use ctxDir as the base include path. -func preprocessContainerfileContents(logger *logrus.Logger, containerfile string, r io.Reader, ctxDir string) (stdout io.Reader, err error) { +func preprocessContainerfileContents(logger *logrus.Logger, containerfile string, r io.Reader, ctxDir string, cppFlags []string) (stdout io.Reader, err error) { cppCommand := "cpp" cppPath, err := exec.LookPath(cppCommand) if err != nil { @@ -480,7 +484,16 @@ func preprocessContainerfileContents(logger *logrus.Logger, containerfile string stdoutBuffer := bytes.Buffer{} stderrBuffer := bytes.Buffer{} - cmd := exec.Command(cppPath, "-E", "-iquote", ctxDir, "-traditional", "-undef", "-") + cppArgs := []string{"-E", "-iquote", ctxDir, "-traditional", "-undef", "-"} + if flags, ok := os.LookupEnv("BUILDAH_CPPFLAGS"); ok { + args, err := shellwords.Parse(flags) + if err != nil { + return nil, errors.Errorf("error parsing BUILDAH_CPPFLAGS %q: %v", flags, err) + } + cppArgs = append(cppArgs, args...) + } + cppArgs = append(cppArgs, cppFlags...) + cmd := exec.Command(cppPath, cppArgs...) cmd.Stdin = r cmd.Stdout = &stdoutBuffer cmd.Stderr = &stderrBuffer @@ -502,8 +515,8 @@ func preprocessContainerfileContents(logger *logrus.Logger, containerfile string // platformsForBaseImages resolves the names of base images from the // dockerfiles, and if they are all valid references to manifest lists, returns // the list of platforms that are supported by all of the base images. -func platformsForBaseImages(ctx context.Context, logger *logrus.Logger, dockerfilepaths []string, dockerfiles [][]byte, from string, args map[string]string, systemContext *types.SystemContext) ([]struct{ OS, Arch, Variant string }, error) { - baseImages, err := baseImages(dockerfilepaths, dockerfiles, from, args) +func platformsForBaseImages(ctx context.Context, logger *logrus.Logger, dockerfilepaths []string, dockerfiles [][]byte, from string, args map[string]string, additionalBuildContext map[string]*define.AdditionalBuildContext, systemContext *types.SystemContext) ([]struct{ OS, Arch, Variant string }, error) { + baseImages, err := baseImages(dockerfilepaths, dockerfiles, from, args, additionalBuildContext) if err != nil { return nil, errors.Wrapf(err, "determining list of base images") } @@ -631,7 +644,7 @@ func platformsForBaseImages(ctx context.Context, logger *logrus.Logger, dockerfi // stage's base image with FROM, and returns the list of base images as // provided. Each entry in the dockerfilenames slice corresponds to a slice in // dockerfilecontents. -func baseImages(dockerfilenames []string, dockerfilecontents [][]byte, from string, args map[string]string) ([]string, error) { +func baseImages(dockerfilenames []string, dockerfilecontents [][]byte, from string, args map[string]string, additionalBuildContext map[string]*define.AdditionalBuildContext) ([]string, error) { mainNode, err := imagebuilder.ParseDockerfile(bytes.NewReader(dockerfilecontents[0])) if err != nil { return nil, errors.Wrapf(err, "error parsing main Dockerfile: %s", dockerfilenames[0]) @@ -670,6 +683,13 @@ func baseImages(dockerfilenames []string, dockerfilecontents [][]byte, from stri child.Next.Value = from from = "" } + if replaceBuildContext, ok := additionalBuildContext[child.Next.Value]; ok { + if replaceBuildContext.IsImage { + child.Next.Value = replaceBuildContext.Value + } else { + return nil, fmt.Errorf("build context %q is not an image, can not be used for FROM %q", child.Next.Value, child.Next.Value) + } + } base := child.Next.Value if base != "scratch" && !nicknames[base] { // TODO: this didn't undergo variable and arg diff --git a/vendor/github.com/containers/buildah/imagebuildah/executor.go b/vendor/github.com/containers/buildah/imagebuildah/executor.go index 6b63b5162..a33e1ffdd 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go @@ -126,6 +126,7 @@ type Executor struct { imageInfoLock sync.Mutex imageInfoCache map[string]imageTypeAndHistoryAndDiffIDs fromOverride string + additionalBuildContexts map[string]*define.AdditionalBuildContext manifest string secrets map[string]define.Secret sshsources map[string]*sshagent.Source @@ -275,6 +276,7 @@ func newExecutor(logger *logrus.Logger, logPrefix string, store storage.Store, o rusageLogFile: rusageLogFile, imageInfoCache: make(map[string]imageTypeAndHistoryAndDiffIDs), fromOverride: options.From, + additionalBuildContexts: options.AdditionalBuildContexts, manifest: options.Manifest, secrets: secrets, sshsources: sshsources, @@ -609,6 +611,12 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image } base := child.Next.Value if base != "scratch" { + if replaceBuildContext, ok := b.additionalBuildContexts[child.Next.Value]; ok { + if replaceBuildContext.IsImage { + child.Next.Value = replaceBuildContext.Value + base = child.Next.Value + } + } userArgs := argsMapToSlice(stage.Builder.Args) baseWithArg, err := imagebuilder.ProcessWord(base, userArgs) if err != nil { diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go index 01b70369b..4a5920f09 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go @@ -369,18 +369,73 @@ func (s *StageExecutor) Copy(excludes []string, copies ...imagebuilder.Copy) err if fromErr != nil { return errors.Wrapf(fromErr, "unable to resolve argument %q", copy.From) } - if isStage, err := s.executor.waitForStage(s.ctx, from, s.stages[:s.index]); isStage && err != nil { - return err - } - if other, ok := s.executor.stages[from]; ok && other.index < s.index { - contextDir = other.mountPoint - idMappingOptions = &other.builder.IDMappingOptions - } else if builder, ok := s.executor.containerMap[copy.From]; ok { - contextDir = builder.MountPoint - idMappingOptions = &builder.IDMappingOptions + var additionalBuildContext *define.AdditionalBuildContext + if foundContext, ok := s.executor.additionalBuildContexts[from]; ok { + additionalBuildContext = foundContext } else { - return errors.Errorf("the stage %q has not been built", copy.From) + // Maybe index is given in COPY --from=index + // if that's the case check if provided index + // exists and if stage short_name matches any + // additionalContext replace stage with addtional + // build context. + if _, err := strconv.Atoi(from); err == nil { + if stage, ok := s.executor.stages[from]; ok { + if foundContext, ok := s.executor.additionalBuildContexts[stage.name]; ok { + additionalBuildContext = foundContext + } + } + } } + if additionalBuildContext != nil { + if !additionalBuildContext.IsImage { + contextDir = additionalBuildContext.Value + if additionalBuildContext.IsURL { + // Check if following buildContext was already + // downloaded before in any other RUN step. If not + // download it and populate DownloadCache field for + // future RUN steps. + if additionalBuildContext.DownloadedCache == "" { + // additional context contains a tar file + // so download and explode tar to buildah + // temp and point context to that. + path, subdir, err := define.TempDirForURL(internalUtil.GetTempDir(), internal.BuildahExternalArtifactsDir, additionalBuildContext.Value) + if err != nil { + return errors.Wrapf(err, "unable to download context from external source %q", additionalBuildContext.Value) + } + // point context dir to the extracted path + contextDir = filepath.Join(path, subdir) + // populate cache for next RUN step + additionalBuildContext.DownloadedCache = contextDir + } else { + contextDir = additionalBuildContext.DownloadedCache + } + } + } else { + copy.From = additionalBuildContext.Value + } + } + if additionalBuildContext == nil { + if isStage, err := s.executor.waitForStage(s.ctx, from, s.stages[:s.index]); isStage && err != nil { + return err + } + if other, ok := s.executor.stages[from]; ok && other.index < s.index { + contextDir = other.mountPoint + idMappingOptions = &other.builder.IDMappingOptions + } else if builder, ok := s.executor.containerMap[copy.From]; ok { + contextDir = builder.MountPoint + idMappingOptions = &builder.IDMappingOptions + } else { + return errors.Errorf("the stage %q has not been built", copy.From) + } + } else if additionalBuildContext.IsImage { + // Image was selected as additionalContext so only process image. + mountPoint, err := s.getImageRootfs(s.ctx, copy.From) + if err != nil { + return err + } + contextDir = mountPoint + } + // Original behaviour of buildah still stays true for COPY irrespective of additional context. preserveOwnership = true copyExcludes = excludes } else { @@ -446,6 +501,55 @@ func (s *StageExecutor) runStageMountPoints(mountList []string) (map[string]inte if fromErr != nil { return nil, errors.Wrapf(fromErr, "unable to resolve argument %q", kv[1]) } + // If additional buildContext contains this + // give priority to that and break if additional + // is not an external image. + if additionalBuildContext, ok := s.executor.additionalBuildContexts[from]; ok { + if additionalBuildContext.IsImage { + mountPoint, err := s.getImageRootfs(s.ctx, additionalBuildContext.Value) + if err != nil { + return nil, errors.Errorf("%s from=%s: image found with that name", flag, from) + } + // The `from` in stageMountPoints should point + // to `mountPoint` replaced from additional + // build-context. Reason: Parser will use this + // `from` to refer from stageMountPoints map later. + stageMountPoints[from] = internal.StageMountDetails{IsStage: false, MountPoint: mountPoint} + break + } else { + // Most likely this points to path on filesystem + // or external tar archive, Treat it as a stage + // nothing is different for this. So process and + // point mountPoint to path on host and it will + // be automatically handled correctly by since + // GetBindMount will honor IsStage:false while + // processing stageMountPoints. + mountPoint := additionalBuildContext.Value + if additionalBuildContext.IsURL { + // Check if following buildContext was already + // downloaded before in any other RUN step. If not + // download it and populate DownloadCache field for + // future RUN steps. + if additionalBuildContext.DownloadedCache == "" { + // additional context contains a tar file + // so download and explode tar to buildah + // temp and point context to that. + path, subdir, err := define.TempDirForURL(internalUtil.GetTempDir(), internal.BuildahExternalArtifactsDir, additionalBuildContext.Value) + if err != nil { + return nil, errors.Wrapf(err, "unable to download context from external source %q", additionalBuildContext.Value) + } + // point context dir to the extracted path + mountPoint = filepath.Join(path, subdir) + // populate cache for next RUN step + additionalBuildContext.DownloadedCache = mountPoint + } else { + mountPoint = additionalBuildContext.DownloadedCache + } + } + stageMountPoints[from] = internal.StageMountDetails{IsStage: true, MountPoint: mountPoint} + break + } + } // If the source's name corresponds to the // result of an earlier stage, wait for that // stage to finish being built. @@ -865,14 +969,14 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, // squash the contents of the base image. Whichever is // the case, we need to commit() to create a new image. logCommit(s.output, -1) - if imgID, ref, err = s.commit(ctx, s.getCreatedBy(nil, ""), false, s.output); err != nil { + if imgID, ref, err = s.commit(ctx, s.getCreatedBy(nil, ""), false, s.output, s.executor.squash); err != nil { return "", nil, errors.Wrapf(err, "error committing base container") } } else if len(s.executor.labels) > 0 || len(s.executor.annotations) > 0 { // The image would be modified by the labels passed // via the command line, so we need to commit. logCommit(s.output, -1) - if imgID, ref, err = s.commit(ctx, s.getCreatedBy(stage.Node, ""), true, s.output); err != nil { + if imgID, ref, err = s.commit(ctx, s.getCreatedBy(stage.Node, ""), true, s.output, s.executor.squash); err != nil { return "", nil, err } } else { @@ -923,6 +1027,25 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, if fromErr != nil { return "", nil, errors.Wrapf(fromErr, "unable to resolve argument %q", arr[1]) } + // If additional buildContext contains this + // give priority to that and break if additional + // is not an external image. + if additionalBuildContext, ok := s.executor.additionalBuildContexts[from]; ok { + if !additionalBuildContext.IsImage { + // We don't need to pull this + // since this additional context + // is not an image. + break + } else { + // replace with image set in build context + from = additionalBuildContext.Value + if _, err := s.getImageRootfs(ctx, from); err != nil { + return "", nil, errors.Errorf("%s --from=%s: no stage or image found with that name", command, from) + } + break + } + } + // If the source's name corresponds to the // result of an earlier stage, wait for that // stage to finish being built. @@ -984,7 +1107,7 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, // stage. if lastStage || imageIsUsedLater { logCommit(s.output, i) - imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), false, s.output) + imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), false, s.output, s.executor.squash) if err != nil { return "", nil, errors.Wrapf(err, "error committing container for step %+v", *step) } @@ -1018,7 +1141,7 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, // we need to call ib.Run() to correctly put the args together before // determining if a cached layer with the same build args already exists // and that is done in the if block below. - if checkForLayers && step.Command != "arg" { + if checkForLayers && step.Command != "arg" && !(s.executor.squash && lastInstruction && lastStage) { cacheID, err = s.intermediateImageExists(ctx, node, addedContentSummary, s.stepRequiresLayer(step)) if err != nil { return "", nil, errors.Wrap(err, "error checking if cached image exists from a previous build") @@ -1071,10 +1194,6 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, } } - // We want to save history for other layers during a squashed build. - // Toggle flag allows executor to treat other instruction and layers - // as regular builds and only perform squashing at last - squashToggle := false // Note: If the build has squash, we must try to re-use as many layers as possible if cache is found. // So only perform commit if its the lastInstruction of lastStage. if cacheID != "" { @@ -1091,30 +1210,27 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string, } } } else { - if s.executor.squash { - // We want to save history for other layers during a squashed build. - // squashToggle flag allows executor to treat other instruction and layers - // as regular builds and only perform squashing at last - s.executor.squash = false - squashToggle = true - } // We're not going to find any more cache hits, so we // can stop looking for them. checkForLayers = false // Create a new image, maybe with a new layer, with the // name for this stage if it's the last instruction. logCommit(s.output, i) - imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), !s.stepRequiresLayer(step), commitName) + // While commiting we always set squash to false here + // because at this point we want to save history for + // layers even if its a squashed build so that they + // can be part of build-cache. + imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), !s.stepRequiresLayer(step), commitName, false) if err != nil { return "", nil, errors.Wrapf(err, "error committing container for step %+v", *step) } } - // Perform final squash for this build as we are one the, - // last instruction of last stage - if (s.executor.squash || squashToggle) && lastInstruction && lastStage { - s.executor.squash = true - imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), !s.stepRequiresLayer(step), commitName) + // Create a squashed version of this image + // if we're supposed to create one and this + // is the last instruction of the last stage. + if s.executor.squash && lastInstruction && lastStage { + imgID, ref, err = s.commit(ctx, s.getCreatedBy(node, addedContentSummary), !s.stepRequiresLayer(step), commitName, true) if err != nil { return "", nil, errors.Wrapf(err, "error committing final squash step %+v", *step) } @@ -1450,7 +1566,7 @@ func (s *StageExecutor) intermediateImageExists(ctx context.Context, currNode *p // commit writes the container's contents to an image, using a passed-in tag as // the name if there is one, generating a unique ID-based one otherwise. // or commit via any custom exporter if specified. -func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer bool, output string) (string, reference.Canonical, error) { +func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer bool, output string, squash bool) (string, reference.Canonical, error) { ib := s.stage.Builder var buildOutputOption define.BuildOutputOption if s.executor.buildOutput != "" { @@ -1591,7 +1707,7 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer ReportWriter: writer, PreferredManifestType: s.executor.outputFormat, SystemContext: s.executor.systemContext, - Squash: s.executor.squash, + Squash: squash, EmptyLayer: emptyLayer, BlobDirectory: s.executor.blobDirectory, SignBy: s.executor.signBy, diff --git a/vendor/github.com/containers/buildah/install.md b/vendor/github.com/containers/buildah/install.md index 02a81be6f..8c9de2ae7 100644 --- a/vendor/github.com/containers/buildah/install.md +++ b/vendor/github.com/containers/buildah/install.md @@ -52,9 +52,9 @@ rpm-ostree install buildah Note: [`podman`](https://podman.io) build is available by default. ### [Gentoo](https://www.gentoo.org) - +[app-containers/podman](https://packages.gentoo.org/packages/app-containers/podman) ```bash -sudo emerge app-emulation/libpod +sudo emerge app-containers/podman ``` ### [openSUSE](https://www.opensuse.org) diff --git a/vendor/github.com/containers/buildah/internal/parse/parse.go b/vendor/github.com/containers/buildah/internal/parse/parse.go index ec4638215..1c736cdf1 100644 --- a/vendor/github.com/containers/buildah/internal/parse/parse.go +++ b/vendor/github.com/containers/buildah/internal/parse/parse.go @@ -309,7 +309,7 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a // add subdirectory if specified // cache parent directory - cacheParent := filepath.Join(getTempDir(), BuildahCacheDir) + cacheParent := filepath.Join(internalUtil.GetTempDir(), BuildahCacheDir) // create cache on host if not present err = os.MkdirAll(cacheParent, os.FileMode(0755)) if err != nil { @@ -597,12 +597,3 @@ func GetTmpfsMount(args []string) (specs.Mount, error) { return newMount, nil } - -/* This is internal function and could be changed at any time */ -/* for external usage please refer to buildah/pkg/parse.GetTempDir() */ -func getTempDir() string { - if tmpdir, ok := os.LookupEnv("TMPDIR"); ok { - return tmpdir - } - return "/var/tmp" -} diff --git a/vendor/github.com/containers/buildah/internal/types.go b/vendor/github.com/containers/buildah/internal/types.go index 8ddff99fb..3b1c10623 100644 --- a/vendor/github.com/containers/buildah/internal/types.go +++ b/vendor/github.com/containers/buildah/internal/types.go @@ -1,5 +1,11 @@ package internal +const ( + // Temp directory which stores external artifacts which are download for a build. + // Example: tar files from external sources. + BuildahExternalArtifactsDir = "buildah-external-artifacts" +) + // Types is internal packages are suspected to change with releases avoid using these outside of buildah // StageMountDetails holds the Stage/Image mountpoint returned by StageExecutor diff --git a/vendor/github.com/containers/buildah/internal/util/util.go b/vendor/github.com/containers/buildah/internal/util/util.go index 691d89d65..20438051b 100644 --- a/vendor/github.com/containers/buildah/internal/util/util.go +++ b/vendor/github.com/containers/buildah/internal/util/util.go @@ -32,6 +32,14 @@ func LookupImage(ctx *types.SystemContext, store storage.Store, image string) (* return localImage, nil } +// GetTempDir returns base for a temporary directory on host. +func GetTempDir() string { + if tmpdir, ok := os.LookupEnv("TMPDIR"); ok { + return tmpdir + } + return "/var/tmp" +} + // ExportFromReader reads bytes from given reader and exports to external tar, directory or stdout. func ExportFromReader(input io.Reader, opts define.BuildOutputOption) error { var err error diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go index 98fa4fbc0..0ebbb9835 100644 --- a/vendor/github.com/containers/buildah/pkg/cli/common.go +++ b/vendor/github.com/containers/buildah/pkg/cli/common.go @@ -53,10 +53,12 @@ type BudResults struct { Annotation []string Authfile string BuildArg []string + BuildContext []string CacheFrom string CertDir string Compress bool Creds string + CPPFlags []string DisableCompression bool DisableContentTrust bool IgnoreFile string @@ -191,9 +193,11 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { fs.StringArrayVar(&flags.Annotation, "annotation", []string{}, "set metadata for an image (default [])") fs.StringVar(&flags.Authfile, "authfile", "", "path of the authentication file.") fs.StringArrayVar(&flags.BuildArg, "build-arg", []string{}, "`argument=value` to supply to the builder") + fs.StringArrayVar(&flags.BuildContext, "build-context", []string{}, "`argument=value` to supply additional build context to the builder") fs.StringVar(&flags.CacheFrom, "cache-from", "", "images to utilise as potential cache sources. The build process does not currently support caching so this is a NOOP.") fs.StringVar(&flags.CertDir, "cert-dir", "", "use certificates at the specified path to access the registry") fs.BoolVar(&flags.Compress, "compress", false, "this is a legacy option, which has no effect on the image") + fs.StringArrayVar(&flags.CPPFlags, "cpp-flag", []string{}, "set additional flag to pass to C preprocessor (cpp)") fs.StringVar(&flags.Creds, "creds", "", "use `[username[:password]]` for accessing the registry") fs.BoolVarP(&flags.DisableCompression, "disable-compression", "D", true, "don't compress layers by default") fs.BoolVar(&flags.DisableContentTrust, "disable-content-trust", false, "this is a Docker specific option and is a NOOP") @@ -261,17 +265,19 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { // GetBudFlagsCompletions returns the FlagCompletions for the common build flags func GetBudFlagsCompletions() commonComp.FlagCompletions { flagCompletion := commonComp.FlagCompletions{} - flagCompletion["arch"] = commonComp.AutocompleteNone flagCompletion["annotation"] = commonComp.AutocompleteNone + flagCompletion["arch"] = commonComp.AutocompleteNone flagCompletion["authfile"] = commonComp.AutocompleteDefault flagCompletion["build-arg"] = commonComp.AutocompleteNone + flagCompletion["build-context"] = commonComp.AutocompleteNone flagCompletion["cache-from"] = commonComp.AutocompleteNone flagCompletion["cert-dir"] = commonComp.AutocompleteDefault + flagCompletion["cpp-flag"] = commonComp.AutocompleteNone flagCompletion["creds"] = commonComp.AutocompleteNone flagCompletion["env"] = commonComp.AutocompleteNone flagCompletion["file"] = commonComp.AutocompleteDefault - flagCompletion["from"] = commonComp.AutocompleteDefault flagCompletion["format"] = commonComp.AutocompleteNone + flagCompletion["from"] = commonComp.AutocompleteDefault flagCompletion["ignorefile"] = commonComp.AutocompleteDefault flagCompletion["iidfile"] = commonComp.AutocompleteDefault flagCompletion["jobs"] = commonComp.AutocompleteNone @@ -281,18 +287,18 @@ func GetBudFlagsCompletions() commonComp.FlagCompletions { flagCompletion["os"] = commonComp.AutocompleteNone flagCompletion["os-feature"] = commonComp.AutocompleteNone flagCompletion["os-version"] = commonComp.AutocompleteNone + flagCompletion["output"] = commonComp.AutocompleteNone flagCompletion["pull"] = commonComp.AutocompleteDefault flagCompletion["runtime-flag"] = commonComp.AutocompleteNone flagCompletion["secret"] = commonComp.AutocompleteNone - flagCompletion["ssh"] = commonComp.AutocompleteNone flagCompletion["sign-by"] = commonComp.AutocompleteNone flagCompletion["signature-policy"] = commonComp.AutocompleteNone + flagCompletion["ssh"] = commonComp.AutocompleteNone flagCompletion["tag"] = commonComp.AutocompleteNone flagCompletion["target"] = commonComp.AutocompleteNone flagCompletion["timestamp"] = commonComp.AutocompleteNone - flagCompletion["variant"] = commonComp.AutocompleteNone flagCompletion["unsetenv"] = commonComp.AutocompleteNone - flagCompletion["output"] = commonComp.AutocompleteNone + flagCompletion["variant"] = commonComp.AutocompleteNone return flagCompletion } diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go index 079863845..d2c0a1888 100644 --- a/vendor/github.com/containers/buildah/pkg/parse/parse.go +++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go @@ -175,6 +175,31 @@ func CommonBuildOptionsFromFlagSet(flags *pflag.FlagSet, findFlagFunc func(name return commonOpts, nil } +// GetAdditionalBuildContext consumes raw string and returns parsed AdditionalBuildContext +func GetAdditionalBuildContext(value string) (define.AdditionalBuildContext, error) { + ret := define.AdditionalBuildContext{IsURL: false, IsImage: false, Value: value} + if strings.HasPrefix(value, "docker-image://") { + ret.IsImage = true + ret.Value = strings.TrimPrefix(value, "docker-image://") + } else if strings.HasPrefix(value, "container-image://") { + ret.IsImage = true + ret.Value = strings.TrimPrefix(value, "container-image://") + } else if strings.HasPrefix(value, "docker://") { + ret.IsImage = true + ret.Value = strings.TrimPrefix(value, "docker://") + } else if strings.HasPrefix(value, "http://") || strings.HasPrefix(value, "https://") { + ret.IsImage = false + ret.IsURL = true + } else { + path, err := filepath.Abs(value) + if err != nil { + return define.AdditionalBuildContext{}, errors.Wrapf(err, "unable to convert additional build-context %q path to absolute", value) + } + ret.Value = path + } + return ret, nil +} + func parseSecurityOpts(securityOpts []string, commonOpts *define.CommonBuildOptions) error { for _, opt := range securityOpts { if opt == "no-new-privileges" { diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index f52754c54..b817ccd10 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -2688,10 +2688,6 @@ func getSecretMount(tokens []string, secrets map[string]define.Secret, mountlabe return nil, "", err } ctrFileOnHost = filepath.Join(containerWorkingDir, "secrets", id) - _, err = os.Stat(ctrFileOnHost) - if !os.IsNotExist(err) { - return nil, "", err - } default: return nil, "", errors.New("invalid source secret type") } diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod index 1b9f25bcb..ea9de11db 100644 --- a/vendor/github.com/containers/storage/go.mod +++ b/vendor/github.com/containers/storage/go.mod @@ -18,7 +18,7 @@ require ( github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible github.com/moby/sys/mountinfo v0.6.1 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/runc v1.1.1 + github.com/opencontainers/runc v1.1.2 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/selinux v1.10.1 github.com/pkg/errors v0.9.1 diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum index 6587fddb3..4776904ff 100644 --- a/vendor/github.com/containers/storage/go.sum +++ b/vendor/github.com/containers/storage/go.sum @@ -521,8 +521,8 @@ github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= -github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU= -github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= +github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw= +github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= diff --git a/vendor/github.com/containers/storage/pkg/system/meminfo_freebsd.go b/vendor/github.com/containers/storage/pkg/system/meminfo_freebsd.go new file mode 100644 index 000000000..a0183885b --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/system/meminfo_freebsd.go @@ -0,0 +1,84 @@ +//go:build freebsd && cgo +// +build freebsd,cgo + +package system + +import ( + "fmt" + "unsafe" + + "golang.org/x/sys/unix" +) + +// #include <unistd.h> +// #include <sys/vmmeter.h> +// #include <sys/sysctl.h> +// #include <vm/vm_param.h> +import "C" + +func getMemInfo() (int64, int64, error) { + data, err := unix.SysctlRaw("vm.vmtotal") + if err != nil { + return -1, -1, fmt.Errorf("Can't get kernel info: %v", err) + } + if len(data) != C.sizeof_struct_vmtotal { + return -1, -1, fmt.Errorf("unexpected vmtotal size %d", len(data)) + } + + total := (*C.struct_vmtotal)(unsafe.Pointer(&data[0])) + + pagesize := int64(C.sysconf(C._SC_PAGESIZE)) + npages := int64(C.sysconf(C._SC_PHYS_PAGES)) + return pagesize * npages, pagesize * int64(total.t_free), nil +} + +func getSwapInfo() (int64, int64, error) { + var ( + total int64 = 0 + used int64 = 0 + ) + swapCount, err := unix.SysctlUint32("vm.nswapdev") + if err != nil { + return -1, -1, fmt.Errorf("error reading vm.nswapdev: %v", err) + } + for i := 0; i < int(swapCount); i++ { + data, err := unix.SysctlRaw("vm.swap_info", i) + if err != nil { + return -1, -1, fmt.Errorf("error reading vm.swap_info.%d: %v", i, err) + } + if len(data) != C.sizeof_struct_xswdev { + return -1, -1, fmt.Errorf("unexpected swap_info size %d", len(data)) + } + xsw := (*C.struct_xswdev)(unsafe.Pointer(&data[0])) + total += int64(xsw.xsw_nblks) + used += int64(xsw.xsw_used) + } + pagesize := int64(C.sysconf(C._SC_PAGESIZE)) + return pagesize * total, pagesize * (total - used), nil +} + +// ReadMemInfo retrieves memory statistics of the host system and returns a +// MemInfo type. +func ReadMemInfo() (*MemInfo, error) { + MemTotal, MemFree, err := getMemInfo() + if err != nil { + return nil, fmt.Errorf("error getting memory totals %v\n", err) + } + SwapTotal, SwapFree, err := getSwapInfo() + if err != nil { + return nil, fmt.Errorf("error getting swap totals %v\n", err) + } + + if MemTotal < 0 || MemFree < 0 || SwapTotal < 0 || SwapFree < 0 { + return nil, fmt.Errorf("error getting system memory info %v\n", err) + } + + meminfo := &MemInfo{} + // Total memory is total physical memory less than memory locked by kernel + meminfo.MemTotal = MemTotal + meminfo.MemFree = MemFree + meminfo.SwapTotal = SwapTotal + meminfo.SwapFree = SwapFree + + return meminfo, nil +} diff --git a/vendor/github.com/containers/storage/pkg/system/meminfo_unsupported.go b/vendor/github.com/containers/storage/pkg/system/meminfo_unsupported.go index 3ce019dff..8d14fe9f8 100644 --- a/vendor/github.com/containers/storage/pkg/system/meminfo_unsupported.go +++ b/vendor/github.com/containers/storage/pkg/system/meminfo_unsupported.go @@ -1,4 +1,5 @@ -// +build !linux,!windows,!solaris +//go:build !linux && !windows && !solaris && !freebsd +// +build !linux,!windows,!solaris,!freebsd package system diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare.c b/vendor/github.com/containers/storage/pkg/unshare/unshare.c index c0e359b27..f5a7c3a25 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare.c +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare.c @@ -1,4 +1,4 @@ -#ifndef UNSHARE_NO_CODE_AT_ALL +#if !defined(UNSHARE_NO_CODE_AT_ALL) && defined(__linux__) #define _GNU_SOURCE #include <sys/types.h> diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare.go b/vendor/github.com/containers/storage/pkg/unshare/unshare.go index 53cfeb0ec..221c7e088 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare.go @@ -7,7 +7,7 @@ import ( "sync" "github.com/pkg/errors" - "github.com/syndtr/gocapability/capability" + "github.com/sirupsen/logrus" ) var ( @@ -38,19 +38,13 @@ func HomeDir() (string, error) { return homeDir, homeDirErr } -// HasCapSysAdmin returns whether the current process has CAP_SYS_ADMIN. -func HasCapSysAdmin() (bool, error) { - hasCapSysAdminOnce.Do(func() { - currentCaps, err := capability.NewPid2(0) - if err != nil { - hasCapSysAdminErr = err - return - } - if err = currentCaps.Load(); err != nil { - hasCapSysAdminErr = err - return +func bailOnError(err error, format string, a ...interface{}) { // nolint: golint,goprintffuncname + if err != nil { + if format != "" { + logrus.Errorf("%s: %v", fmt.Sprintf(format, a...), err) + } else { + logrus.Errorf("%v", err) } - hasCapSysAdminRet = currentCaps.Get(capability.EFFECTIVE, capability.CAP_SYS_ADMIN) - }) - return hasCapSysAdminRet, hasCapSysAdminErr + os.Exit(1) + } } diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go index b3f8099f6..6a6f21d9c 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_cgo.go @@ -1,4 +1,5 @@ -// +build linux,cgo,!gccgo +//go:build (linux && cgo && !gccgo) || (freebsd && cgo) +// +build linux,cgo,!gccgo freebsd,cgo package unshare diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.c b/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.c new file mode 100644 index 000000000..0b2f17886 --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.c @@ -0,0 +1,76 @@ +#if !defined(UNSHARE_NO_CODE_AT_ALL) && defined(__FreeBSD__) + + +#include <sys/types.h> +#include <sys/ioctl.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +static int _containers_unshare_parse_envint(const char *envname) { + char *p, *q; + long l; + + p = getenv(envname); + if (p == NULL) { + return -1; + } + q = NULL; + l = strtol(p, &q, 10); + if ((q == NULL) || (*q != '\0')) { + fprintf(stderr, "Error parsing \"%s\"=\"%s\"!\n", envname, p); + _exit(1); + } + unsetenv(envname); + return l; +} + +void _containers_unshare(void) +{ + int pidfd, continuefd, n, pgrp, sid, ctty; + char buf[2048]; + + pidfd = _containers_unshare_parse_envint("_Containers-pid-pipe"); + if (pidfd != -1) { + snprintf(buf, sizeof(buf), "%llu", (unsigned long long) getpid()); + size_t size = write(pidfd, buf, strlen(buf)); + if (size != strlen(buf)) { + fprintf(stderr, "Error writing PID to pipe on fd %d: %m\n", pidfd); + _exit(1); + } + close(pidfd); + } + continuefd = _containers_unshare_parse_envint("_Containers-continue-pipe"); + if (continuefd != -1) { + n = read(continuefd, buf, sizeof(buf)); + if (n > 0) { + fprintf(stderr, "Error: %.*s\n", n, buf); + _exit(1); + } + close(continuefd); + } + sid = _containers_unshare_parse_envint("_Containers-setsid"); + if (sid == 1) { + if (setsid() == -1) { + fprintf(stderr, "Error during setsid: %m\n"); + _exit(1); + } + } + pgrp = _containers_unshare_parse_envint("_Containers-setpgrp"); + if (pgrp == 1) { + if (setpgrp(0, 0) == -1) { + fprintf(stderr, "Error during setpgrp: %m\n"); + _exit(1); + } + } + ctty = _containers_unshare_parse_envint("_Containers-ctty"); + if (ctty != -1) { + if (ioctl(ctty, TIOCSCTTY, 0) == -1) { + fprintf(stderr, "Error while setting controlling terminal to %d: %m\n", ctty); + _exit(1); + } + } +} + +#endif diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.go new file mode 100644 index 000000000..aec416720 --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.go @@ -0,0 +1,179 @@ +//go:build freebsd +// +build freebsd + +package unshare + +import ( + "bytes" + "fmt" + "io" + "os" + "os/exec" + "runtime" + "strconv" + "syscall" + + "github.com/containers/storage/pkg/reexec" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +) + +// Cmd wraps an exec.Cmd created by the reexec package in unshare(), +// and one day might handle setting ID maps and other related setting*s +// by triggering initialization code in the child. +type Cmd struct { + *exec.Cmd + Setsid bool + Setpgrp bool + Ctty *os.File + Hook func(pid int) error +} + +// Command creates a new Cmd which can be customized. +func Command(args ...string) *Cmd { + cmd := reexec.Command(args...) + return &Cmd{ + Cmd: cmd, + } +} + +func (c *Cmd) Start() error { + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + // Set environment variables to tell the child to synchronize its startup. + if c.Env == nil { + c.Env = os.Environ() + } + + // Create the pipe for reading the child's PID. + pidRead, pidWrite, err := os.Pipe() + if err != nil { + return errors.Wrapf(err, "error creating pid pipe") + } + c.Env = append(c.Env, fmt.Sprintf("_Containers-pid-pipe=%d", len(c.ExtraFiles)+3)) + c.ExtraFiles = append(c.ExtraFiles, pidWrite) + + // Create the pipe for letting the child know to proceed. + continueRead, continueWrite, err := os.Pipe() + if err != nil { + pidRead.Close() + pidWrite.Close() + return errors.Wrapf(err, "error creating pid pipe") + } + c.Env = append(c.Env, fmt.Sprintf("_Containers-continue-pipe=%d", len(c.ExtraFiles)+3)) + c.ExtraFiles = append(c.ExtraFiles, continueRead) + + // Pass along other instructions. + if c.Setsid { + c.Env = append(c.Env, "_Containers-setsid=1") + } + if c.Setpgrp { + c.Env = append(c.Env, "_Containers-setpgrp=1") + } + if c.Ctty != nil { + c.Env = append(c.Env, fmt.Sprintf("_Containers-ctty=%d", len(c.ExtraFiles)+3)) + c.ExtraFiles = append(c.ExtraFiles, c.Ctty) + } + + // Make sure we clean up our pipes. + defer func() { + if pidRead != nil { + pidRead.Close() + } + if pidWrite != nil { + pidWrite.Close() + } + if continueRead != nil { + continueRead.Close() + } + if continueWrite != nil { + continueWrite.Close() + } + }() + + // Start the new process. + err = c.Cmd.Start() + if err != nil { + return err + } + + // Close the ends of the pipes that the parent doesn't need. + continueRead.Close() + continueRead = nil + pidWrite.Close() + pidWrite = nil + + // Read the child's PID from the pipe. + pidString := "" + b := new(bytes.Buffer) + if _, err := io.Copy(b, pidRead); err != nil { + return errors.Wrapf(err, "Reading child PID") + } + pidString = b.String() + pid, err := strconv.Atoi(pidString) + if err != nil { + fmt.Fprintf(continueWrite, "error parsing PID %q: %v", pidString, err) + return errors.Wrapf(err, "error parsing PID %q", pidString) + } + + // Run any additional setup that we want to do before the child starts running proper. + if c.Hook != nil { + if err = c.Hook(pid); err != nil { + fmt.Fprintf(continueWrite, "hook error: %v", err) + return err + } + } + + return nil +} + +func (c *Cmd) Run() error { + if err := c.Start(); err != nil { + return err + } + return c.Wait() +} + +func (c *Cmd) CombinedOutput() ([]byte, error) { + return nil, errors.New("unshare: CombinedOutput() not implemented") +} + +func (c *Cmd) Output() ([]byte, error) { + return nil, errors.New("unshare: Output() not implemented") +} + +type Runnable interface { + Run() error +} + +// ExecRunnable runs the specified unshare command, captures its exit status, +// and exits with the same status. +func ExecRunnable(cmd Runnable, cleanup func()) { + exit := func(status int) { + if cleanup != nil { + cleanup() + } + os.Exit(status) + } + if err := cmd.Run(); err != nil { + if exitError, ok := errors.Cause(err).(*exec.ExitError); ok { + if exitError.ProcessState.Exited() { + if waitStatus, ok := exitError.ProcessState.Sys().(syscall.WaitStatus); ok { + if waitStatus.Exited() { + logrus.Debugf("%v", exitError) + exit(waitStatus.ExitStatus()) + } + if waitStatus.Signaled() { + logrus.Debugf("%v", exitError) + exit(int(waitStatus.Signal()) + 128) + } + } + } + } + logrus.Errorf("%v", err) + logrus.Errorf("(Unable to determine exit status)") + exit(1) + } + exit(0) +} diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go index baeb8f1aa..8ee3ee125 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go @@ -414,17 +414,6 @@ type Runnable interface { Run() error } -func bailOnError(err error, format string, a ...interface{}) { // nolint: golint,goprintffuncname - if err != nil { - if format != "" { - logrus.Errorf("%s: %v", fmt.Sprintf(format, a...), err) - } else { - logrus.Errorf("%v", err) - } - os.Exit(1) - } -} - // MaybeReexecUsingUserNamespace re-exec the process in a new namespace func MaybeReexecUsingUserNamespace(evenForRoot bool) { // If we've already been through this once, no need to try again. @@ -674,3 +663,20 @@ func ParseIDMappings(uidmap, gidmap []string) ([]idtools.IDMap, []idtools.IDMap, } return uid, gid, nil } + +// HasCapSysAdmin returns whether the current process has CAP_SYS_ADMIN. +func HasCapSysAdmin() (bool, error) { + hasCapSysAdminOnce.Do(func() { + currentCaps, err := capability.NewPid2(0) + if err != nil { + hasCapSysAdminErr = err + return + } + if err = currentCaps.Load(); err != nil { + hasCapSysAdminErr = err + return + } + hasCapSysAdminRet = currentCaps.Get(capability.EFFECTIVE, capability.CAP_SYS_ADMIN) + }) + return hasCapSysAdminRet, hasCapSysAdminErr +} diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported.go index bf4d567b8..166fa050b 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package unshare @@ -43,3 +44,8 @@ func GetHostIDMappings(pid string) ([]specs.LinuxIDMapping, []specs.LinuxIDMappi func ParseIDMappings(uidmap, gidmap []string) ([]idtools.IDMap, []idtools.IDMap, error) { return nil, nil, nil } + +// HasCapSysAdmin returns whether the current process has CAP_SYS_ADMIN. +func HasCapSysAdmin() (bool, error) { + return os.Geteuid() == 0, nil +} diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported_cgo.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported_cgo.go index d5f2d22a8..a6b38eda8 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported_cgo.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_unsupported_cgo.go @@ -1,4 +1,5 @@ -// +build !linux,cgo +//go:build cgo && !(linux || freebsd) +// +build cgo,!linux,!freebsd package unshare diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index 45912d0ca..6bc104f19 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -173,6 +173,7 @@ type Store interface { GraphRoot() string GraphDriverName() string GraphOptions() []string + PullOptions() map[string]string UIDMap() []idtools.IDMap GIDMap() []idtools.IDMap @@ -607,6 +608,7 @@ type store struct { graphRoot string graphDriverName string graphOptions []string + pullOptions map[string]string uidMap []idtools.IDMap gidMap []idtools.IDMap autoUsernsUser string @@ -726,6 +728,7 @@ func GetStore(options types.StoreOptions) (Store, error) { additionalGIDs: nil, usernsLock: usernsLock, disableVolatile: options.DisableVolatile, + pullOptions: options.PullOptions, } if err := s.load(); err != nil { return nil, err @@ -776,6 +779,14 @@ func (s *store) GraphOptions() []string { return s.graphOptions } +func (s *store) PullOptions() map[string]string { + cp := make(map[string]string, len(s.pullOptions)) + for k, v := range s.pullOptions { + cp[k] = v + } + return cp +} + func (s *store) UIDMap() []idtools.IDMap { return copyIDMap(s.uidMap) } diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go index d318421a4..38e780b44 100644 --- a/vendor/github.com/containers/storage/types/options.go +++ b/vendor/github.com/containers/storage/types/options.go @@ -187,6 +187,7 @@ func getRootlessStorageOpts(rootlessUID int, systemOpts StoreOptions) (StoreOpti return opts, err } opts.RunRoot = rootlessRuntime + opts.PullOptions = systemOpts.PullOptions if systemOpts.RootlessStoragePath != "" { opts.GraphRoot, err = expandEnvPath(systemOpts.RootlessStoragePath, rootlessUID) if err != nil { @@ -203,7 +204,7 @@ func getRootlessStorageOpts(rootlessUID int, systemOpts StoreOptions) (StoreOpti opts.GraphDriverName = driver } if opts.GraphDriverName == overlay2 { - logrus.Warnf("Switching default driver from overlay2 to the equivalent overlay driver.") + logrus.Warnf("Switching default driver from overlay2 to the equivalent overlay driver") opts.GraphDriverName = overlayDriver } @@ -280,7 +281,7 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) { if err == nil { keys := meta.Undecoded() if len(keys) > 0 { - logrus.Warningf("Failed to decode the keys %q from %q.", keys, configFile) + logrus.Warningf("Failed to decode the keys %q from %q", keys, configFile) } } else { if !os.IsNotExist(err) { @@ -299,11 +300,11 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) { storeOptions.GraphDriverName = config.Storage.Driver } if storeOptions.GraphDriverName == overlay2 { - logrus.Warnf("Switching default driver from overlay2 to the equivalent overlay driver.") + logrus.Warnf("Switching default driver from overlay2 to the equivalent overlay driver") storeOptions.GraphDriverName = overlayDriver } if storeOptions.GraphDriverName == "" { - logrus.Errorf("The storage 'driver' option must be set in %s, guarantee proper operation.", configFile) + logrus.Errorf("The storage 'driver' option must be set in %s to guarantee proper operation", configFile) } if config.Storage.RunRoot != "" { storeOptions.RunRoot = config.Storage.RunRoot |