aboutsummaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2022-10-03 10:14:49 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2022-10-03 10:17:14 -0400
commit11e83a0952468558092f0cec197611b06fd55b9c (patch)
treedb509a0e455f7e5d50ce020196eed8544fbafe52 /vendor
parentddf36e06490b5112fd8150f8e5090aa85bfa4018 (diff)
downloadpodman-11e83a0952468558092f0cec197611b06fd55b9c.tar.gz
podman-11e83a0952468558092f0cec197611b06fd55b9c.tar.bz2
podman-11e83a0952468558092f0cec197611b06fd55b9c.zip
Update vendor of containers/buildah v1.28.0
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/containers/buildah/CHANGELOG.md71
-rw-r--r--vendor/github.com/containers/buildah/Makefile4
-rw-r--r--vendor/github.com/containers/buildah/changelog.txt70
-rw-r--r--vendor/github.com/containers/buildah/config.go13
-rw-r--r--vendor/github.com/containers/buildah/copier/copier.go4
-rw-r--r--vendor/github.com/containers/buildah/define/types.go2
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/build.go19
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/stage_executor.go2
-rw-r--r--vendor/github.com/containers/buildah/info.go4
-rw-r--r--vendor/github.com/containers/buildah/internal/util/util.go17
-rw-r--r--vendor/github.com/containers/buildah/release.sh26
-rw-r--r--vendor/github.com/containers/buildah/run_linux.go40
-rw-r--r--vendor/modules.txt2
13 files changed, 226 insertions, 48 deletions
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 667d5f81f..32175538b 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,6 +2,77 @@
# Changelog
+## v1.28.0 (2022-09-30)
+
+ Update vendor containers/(common,image)
+ [CI:DOCS] Add quay-description update reminder
+ vendor: bump c/common to v0.49.2-0.20220929111928-2d1b45ae2423
+ build(deps): bump github.com/opencontainers/selinux
+ Vendor in latest containers/storage
+ Changing shell list operators from `;` to `&&`
+ Fix buildahimage container.conf permissions regression
+ Set sysctls from containers.conf
+ refactor: stop using Normalize directly from containerd package
+ config,builder: process variant while populating image spec
+ Proof of concept: nightly dependency treadmill
+ Run codespell on code
+ Check for unset build args after TARGET args
+ pkg/cli: improve completion test
+ vendor in latest containers/(common,storage,image)
+ copier: work around freebsd bug for "mkdir /"
+ vendor: update c/image
+ test: run in the host cgroup namespace
+ vendor: update c/storage
+ vendor: update c/common
+ cmd: check for user UID instead of privileges
+ run,build: conflict --isolation=chroot and --network
+ Fix broken dns test (from merge collision)
+ Fix stutters
+ Fix broken command completion
+ buildah bud --network=none should have no network
+ build: support --skip-unused-stages for multi-stage builds
+ Prevent use of --dns* options with --net=none
+ buildah: make --cache-ttl=0s equivalent to --no-cache
+ parse: make processing flags in --mount order agnostic
+ Minor test fix for podman-remote
+ build: honor <Containerfile>.containerignore as ignore file
+ Update install.md: Debian 11 (Bullseye) is stable
+ build(deps): bump github.com/docker/docker
+ Use constants from containers/common for finding seccomp.json
+ Don't call os.Exit(1) from manifest exist
+ manifest: add support for buildah manifest exists
+ Buildah should ignore /etc/crio/seccomp.json
+ chroot: Fix cross build break
+ chroot: Move isDevNull to run_common.go
+ chroot: Fix setRlimit build on FreeBSD
+ chroot: Move parseRLimits and setRlimits to run_common.go
+ chroot: Fix runUsingChrootExecMain on FreeBSD
+ chroot: Move runUsingChrootExecMain to run_common.go
+ chroot: Factor out Linux-specific unshare options from runUsingChroot
+ chroot: Move runUsingChroot to run_common.go
+ chroot: Move RunUsingChroot and runUsingChrootMain to run_common.go
+ chroot: Factor out /dev/ptmx pty implementation
+ chroot: Add FreeBSD support for run with chroot isolation
+ build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0
+ Replace k8s.gcr.io/pause in tests with registry.k8s.io/pause
+ build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.1
+ Cirrus: use image with fewer downloaded dependencies
+ build(deps): bump github.com/opencontainers/runc from 1.1.3 to 1.1.4
+ run: add container gid to additional groups
+ buildah: support for --retry and --retry-delay for push/pull failures
+ Makefile: always call $(GO) instead of `go`
+ build(deps): bump github.com/fsouza/go-dockerclient from 1.8.2 to 1.8.3
+ test: use `T.TempDir` to create temporary test directory
+ mount,cache: enable SElinux shared content label option by default
+ commit: use race-free RemoveNames instead of SetNames
+ Drop util/util.Cause()
+ cmd/buildah: add "manifest create --amend"
+ build(deps): bump github.com/fsouza/go-dockerclient from 1.8.1 to 1.8.2
+ docs: specify git protocol is not supported for github hosted repo
+ Scrub user and group names from layer diffs
+ build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8
+ version: bump to 1.28.0-dev
+
## v1.27.0 (2022-08-01)
build: support filtering cache by duration using `--cache-ttl`.
diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile
index 7c7bf1596..8b6bb8f44 100644
--- a/vendor/github.com/containers/buildah/Makefile
+++ b/vendor/github.com/containers/buildah/Makefile
@@ -113,7 +113,7 @@ gopath:
test $(shell pwd) = $(shell cd ../../../../src/github.com/containers/buildah ; pwd)
codespell:
- codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L uint,iff,od,ERRO -w
+ codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L uint,iff,od,erro -w
.PHONY: validate
validate: install.tools
@@ -187,7 +187,7 @@ vendor-in-container:
.PHONY: vendor
vendor:
- GO111MODULE=on $(GO) mod tidy
+ GO111MODULE=on $(GO) mod tidy -compat=1.17
GO111MODULE=on $(GO) mod vendor
GO111MODULE=on $(GO) mod verify
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index a6fa96acf..1d066f068 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,3 +1,73 @@
+- Changelog for v1.28.0 (2022-09-30)
+ * Update vendor containers/(common,image)
+ * [CI:DOCS] Add quay-description update reminder
+ * vendor: bump c/common to v0.49.2-0.20220929111928-2d1b45ae2423
+ * build(deps): bump github.com/opencontainers/selinux
+ * Vendor in latest containers/storage
+ * Changing shell list operators from `;` to `&&`
+ * Fix buildahimage container.conf permissions regression
+ * Set sysctls from containers.conf
+ * refactor: stop using Normalize directly from containerd package
+ * config,builder: process variant while populating image spec
+ * Proof of concept: nightly dependency treadmill
+ * Run codespell on code
+ * Check for unset build args after TARGET args
+ * pkg/cli: improve completion test
+ * vendor in latest containers/(common,storage,image)
+ * copier: work around freebsd bug for "mkdir /"
+ * vendor: update c/image
+ * test: run in the host cgroup namespace
+ * vendor: update c/storage
+ * vendor: update c/common
+ * cmd: check for user UID instead of privileges
+ * run,build: conflict --isolation=chroot and --network
+ * Fix broken dns test (from merge collision)
+ * Fix stutters
+ * Fix broken command completion
+ * buildah bud --network=none should have no network
+ * build: support --skip-unused-stages for multi-stage builds
+ * Prevent use of --dns* options with --net=none
+ * buildah: make --cache-ttl=0s equivalent to --no-cache
+ * parse: make processing flags in --mount order agnostic
+ * Minor test fix for podman-remote
+ * build: honor <Containerfile>.containerignore as ignore file
+ * Update install.md: Debian 11 (Bullseye) is stable
+ * build(deps): bump github.com/docker/docker
+ * Use constants from containers/common for finding seccomp.json
+ * Don't call os.Exit(1) from manifest exist
+ * manifest: add support for buildah manifest exists
+ * Buildah should ignore /etc/crio/seccomp.json
+ * chroot: Fix cross build break
+ * chroot: Move isDevNull to run_common.go
+ * chroot: Fix setRlimit build on FreeBSD
+ * chroot: Move parseRLimits and setRlimits to run_common.go
+ * chroot: Fix runUsingChrootExecMain on FreeBSD
+ * chroot: Move runUsingChrootExecMain to run_common.go
+ * chroot: Factor out Linux-specific unshare options from runUsingChroot
+ * chroot: Move runUsingChroot to run_common.go
+ * chroot: Move RunUsingChroot and runUsingChrootMain to run_common.go
+ * chroot: Factor out /dev/ptmx pty implementation
+ * chroot: Add FreeBSD support for run with chroot isolation
+ * build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0
+ * Replace k8s.gcr.io/pause in tests with registry.k8s.io/pause
+ * build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.1
+ * Cirrus: use image with fewer downloaded dependencies
+ * build(deps): bump github.com/opencontainers/runc from 1.1.3 to 1.1.4
+ * run: add container gid to additional groups
+ * buildah: support for --retry and --retry-delay for push/pull failures
+ * Makefile: always call $(GO) instead of `go`
+ * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.2 to 1.8.3
+ * test: use `T.TempDir` to create temporary test directory
+ * mount,cache: enable SElinux shared content label option by default
+ * commit: use race-free RemoveNames instead of SetNames
+ * Drop util/util.Cause()
+ * cmd/buildah: add "manifest create --amend"
+ * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.1 to 1.8.2
+ * docs: specify git protocol is not supported for github hosted repo
+ * Scrub user and group names from layer diffs
+ * build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8
+ * version: bump to 1.28.0-dev
+
- Changelog for v1.27.0 (2022-08-01)
* build: support filtering cache by duration using `--cache-ttl`.
* build: support building from commit when using git repo as build context.
diff --git a/vendor/github.com/containers/buildah/config.go b/vendor/github.com/containers/buildah/config.go
index a9883a595..fde35529a 100644
--- a/vendor/github.com/containers/buildah/config.go
+++ b/vendor/github.com/containers/buildah/config.go
@@ -9,9 +9,9 @@ import (
"strings"
"time"
- "github.com/containerd/containerd/platforms"
"github.com/containers/buildah/define"
"github.com/containers/buildah/docker"
+ internalUtil "github.com/containers/buildah/internal/util"
"github.com/containers/common/pkg/util"
"github.com/containers/image/v5/manifest"
"github.com/containers/image/v5/pkg/compression"
@@ -136,7 +136,16 @@ func (b *Builder) fixupConfig(sys *types.SystemContext) {
b.SetArchitecture(runtime.GOARCH)
}
// in case the arch string we started with was shorthand for a known arch+variant pair, normalize it
- ps := platforms.Normalize(ociv1.Platform{OS: b.OS(), Architecture: b.Architecture(), Variant: b.Variant()})
+ ps := internalUtil.NormalizePlatform(ociv1.Platform{OS: b.OS(), Architecture: b.Architecture(), Variant: b.Variant()})
+ b.SetArchitecture(ps.Architecture)
+ b.SetVariant(ps.Variant)
+ }
+ if b.Variant() == "" {
+ if sys != nil && sys.VariantChoice != "" {
+ b.SetVariant(sys.VariantChoice)
+ }
+ // in case the arch string we started with was shorthand for a known arch+variant pair, normalize it
+ ps := internalUtil.NormalizePlatform(ociv1.Platform{OS: b.OS(), Architecture: b.Architecture(), Variant: b.Variant()})
b.SetArchitecture(ps.Architecture)
b.SetVariant(ps.Variant)
}
diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go
index fd4c6b394..6d4c81c67 100644
--- a/vendor/github.com/containers/buildah/copier/copier.go
+++ b/vendor/github.com/containers/buildah/copier/copier.go
@@ -1794,7 +1794,9 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
}
}
case tar.TypeDir:
- if err = os.Mkdir(path, 0700); err != nil && errors.Is(err, os.ErrExist) {
+ // FreeBSD can return EISDIR for "mkdir /":
+ // https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=59739.
+ if err = os.Mkdir(path, 0700); err != nil && (errors.Is(err, os.ErrExist) || errors.Is(err, syscall.EISDIR)) {
if st, stErr := os.Lstat(path); stErr == nil && !st.IsDir() {
if req.PutOptions.NoOverwriteNonDirDir {
break
diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go
index fb4735baa..ae088a43d 100644
--- a/vendor/github.com/containers/buildah/define/types.go
+++ b/vendor/github.com/containers/buildah/define/types.go
@@ -30,7 +30,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.28.0-dev"
+ Version = "1.28.0"
// DefaultRuntime if containers.conf fails.
DefaultRuntime = "runc"
diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go
index 293e5bc96..09267f966 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/build.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/build.go
@@ -17,6 +17,7 @@ import (
"github.com/containerd/containerd/platforms"
"github.com/containers/buildah/define"
+ internalUtil "github.com/containers/buildah/internal/util"
"github.com/containers/buildah/util"
"github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
@@ -216,12 +217,12 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
systemContext := options.SystemContext
for _, platform := range options.Platforms {
platformContext := *systemContext
- platformSpec := platforms.Normalize(v1.Platform{
+ platformSpec := internalUtil.NormalizePlatform(v1.Platform{
OS: platform.OS,
Architecture: platform.Arch,
Variant: platform.Variant,
})
- // platforms.Normalize converts an empty os value to GOOS
+ // internalUtil.NormalizePlatform converts an empty os value to GOOS
// so we have to check the original value here to not overwrite the default for no reason
if platform.OS != "" {
platformContext.OSChoice = platformSpec.OS
@@ -248,7 +249,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
loggerPerPlatform := logger
if platformOptions.LogFile != "" && platformOptions.LogSplitByPlatform {
logFile := platformOptions.LogFile + "_" + platformOptions.OS + "_" + platformOptions.Architecture
- f, err := os.OpenFile(logFile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
+ f, err := os.OpenFile(logFile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600)
if err != nil {
return fmt.Errorf("opening logfile: %q: %w", logFile, err)
}
@@ -285,7 +286,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
return "", nil, merr.ErrorOrNil()
}
- // Reasons for this id, ref assigment w.r.t to use-case:
+ // Reasons for this id, ref assignment w.r.t to use-case:
//
// * Single-platform build: On single platform build we only
// have one built instance i.e on indice 0 of built instances,
@@ -294,7 +295,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B
// * Multi-platform build with manifestList: If this is a build for
// multiple platforms ( more than one platform ) and --manifest
// option then this assignment is insignificant since it will be
- // overriden anyways with the id and ref of manifest list later in
+ // overridden anyways with the id and ref of manifest list later in
// in this code.
//
// * Multi-platform build without manifest list: If this is a build for
@@ -377,8 +378,6 @@ func buildDockerfilesOnce(ctx context.Context, store storage.Store, logger *logr
return "", nil, fmt.Errorf("parsing main Dockerfile: %s: %w", containerFiles[0], err)
}
- warnOnUnsetBuildArgs(logger, mainNode, options.Args)
-
// --platform was explicitly selected for this build
// so set correct TARGETPLATFORM in args if it is not
// already selected by the user.
@@ -413,6 +412,8 @@ func buildDockerfilesOnce(ctx context.Context, store storage.Store, logger *logr
}
}
+ warnOnUnsetBuildArgs(logger, mainNode, options.Args)
+
for i, d := range dockerfilecontents[1:] {
additionalNode, err := imagebuilder.ParseDockerfile(bytes.NewReader(d))
if err != nil {
@@ -622,7 +623,7 @@ func platformsForBaseImages(ctx context.Context, logger *logrus.Logger, dockerfi
if instance.Platform == nil {
continue
}
- platform := platforms.Normalize(*instance.Platform)
+ platform := internalUtil.NormalizePlatform(*instance.Platform)
targetPlatforms[platforms.Format(platform)] = struct{}{}
logger.Debugf("image %q supports %q", baseImage, platforms.Format(platform))
}
@@ -633,7 +634,7 @@ func platformsForBaseImages(ctx context.Context, logger *logrus.Logger, dockerfi
if instance.Platform == nil {
continue
}
- platform := platforms.Normalize(*instance.Platform)
+ platform := internalUtil.NormalizePlatform(*instance.Platform)
imagePlatforms[platforms.Format(platform)] = struct{}{}
logger.Debugf("image %q supports %q", baseImage, platforms.Format(platform))
}
diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
index de0e16bcc..8c858ea91 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@@ -1677,7 +1677,7 @@ func (s *StageExecutor) tagExistingImage(ctx context.Context, cacheID, output st
// generateCacheKey returns a computed digest for the current STEP
// running its history and diff against a hash algorithm and this
// generated CacheKey is further used by buildah to lock and decide
-// tag for the intermeidate image which can be pushed and pulled to/from
+// tag for the intermediate image which can be pushed and pulled to/from
// the remote repository.
func (s *StageExecutor) generateCacheKey(ctx context.Context, currNode *parser.Node, addedContentDigest string, buildAddsLayer bool) (string, error) {
hash := sha256.New()
diff --git a/vendor/github.com/containers/buildah/info.go b/vendor/github.com/containers/buildah/info.go
index 9155bb318..85e570ce7 100644
--- a/vendor/github.com/containers/buildah/info.go
+++ b/vendor/github.com/containers/buildah/info.go
@@ -9,7 +9,7 @@ import (
"strconv"
"strings"
- "github.com/containerd/containerd/platforms"
+ internalUtil "github.com/containers/buildah/internal/util"
putil "github.com/containers/buildah/pkg/util"
"github.com/containers/buildah/util"
"github.com/containers/storage"
@@ -43,7 +43,7 @@ func Info(store storage.Store) ([]InfoData, error) {
func hostInfo() map[string]interface{} {
info := map[string]interface{}{}
- ps := platforms.Normalize(v1.Platform{OS: runtime.GOOS, Architecture: runtime.GOARCH})
+ ps := internalUtil.NormalizePlatform(v1.Platform{OS: runtime.GOOS, Architecture: runtime.GOARCH})
info["os"] = ps.OS
info["arch"] = ps.Architecture
info["variant"] = ps.Variant
diff --git a/vendor/github.com/containers/buildah/internal/util/util.go b/vendor/github.com/containers/buildah/internal/util/util.go
index 7d824ccf2..36fc4daba 100644
--- a/vendor/github.com/containers/buildah/internal/util/util.go
+++ b/vendor/github.com/containers/buildah/internal/util/util.go
@@ -15,6 +15,7 @@ import (
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/chrootarchive"
"github.com/containers/storage/pkg/unshare"
+ v1 "github.com/opencontainers/image-spec/specs-go/v1"
)
// LookupImage returns *Image to corresponding imagename or id
@@ -34,6 +35,22 @@ func LookupImage(ctx *types.SystemContext, store storage.Store, image string) (*
return localImage, nil
}
+// NormalizePlatform validates and translate the platform to the canonical value.
+//
+// For example, if "Aarch64" is encountered, we change it to "arm64" or if
+// "x86_64" is encountered, it becomes "amd64".
+//
+// Wrapper around libimage.NormalizePlatform to return and consume
+// v1.Platform instead of independent os, arch and variant.
+func NormalizePlatform(platform v1.Platform) v1.Platform {
+ os, arch, variant := libimage.NormalizePlatform(platform.OS, platform.Architecture, platform.Variant)
+ return v1.Platform{
+ OS: os,
+ Architecture: arch,
+ Variant: variant,
+ }
+}
+
// GetTempDir returns base for a temporary directory on host.
func GetTempDir() string {
if tmpdir, ok := os.LookupEnv("TMPDIR"); ok {
diff --git a/vendor/github.com/containers/buildah/release.sh b/vendor/github.com/containers/buildah/release.sh
index 007f238d8..508ae90d5 100644
--- a/vendor/github.com/containers/buildah/release.sh
+++ b/vendor/github.com/containers/buildah/release.sh
@@ -21,28 +21,6 @@ write_go_version()
sed -i "s/^\(.*Version = \"\).*/\1${LOCAL_VERSION}\"/" define/types.go
}
-write_spec_version()
-{
- LOCAL_VERSION="$1"
- sed -i "s/^\(Version: *\).*/\1${LOCAL_VERSION}/" contrib/rpm/buildah.spec
-}
-
-write_spec_changelog()
-{
- sed '/\*.*-dev-1/d' -i ./contrib/rpm/buildah.spec
- VERSION=$1
- date=$(date "+%a %b %d, %Y")
- name=$(getent passwd $USERNAME | cut -d ':' -f 5)
- echo "* ${date} ${name} <${USER}@redhat.com> ${VERSION}-1" >.changelog.txt
- if [[ "${VERSION}" != *-dev ]]; then
- git log --no-merges --format='- %s' "${LAST_TAG}..HEAD" >>.changelog.txt
- else
- echo "" >>.changelog.txt
- fi
- sed '/^%changelog.*/r .changelog.txt' -i ./contrib/rpm/buildah.spec
- rm -f .changelog.txt
-}
-
write_makefile_epoch()
{
LOCAL_EPOCH="$1"
@@ -68,8 +46,6 @@ write_changelog()
release_commit()
{
write_go_version "${VERSION}" &&
- write_spec_version "${VERSION}" &&
- write_spec_changelog "${VERSION}" &&
write_changelog &&
git commit -asm "Bump to v${VERSION}
@@ -80,8 +56,6 @@ release_commit()
dev_version_commit()
{
write_go_version "${NEXT_VERSION}-dev" &&
- write_spec_version "${NEXT_VERSION}-dev" &&
- write_spec_changelog "${NEXT_VERSION}-dev" &&
git commit -asm "Bump to v${NEXT_VERSION}-dev
[NO TESTS NEEDED]
diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go
index d4707e39a..09a3cd066 100644
--- a/vendor/github.com/containers/buildah/run_linux.go
+++ b/vendor/github.com/containers/buildah/run_linux.go
@@ -605,11 +605,37 @@ func runMakeStdioPipe(uid, gid int) ([][]int, error) {
}
func setupNamespaces(logger *logrus.Logger, g *generate.Generator, namespaceOptions define.NamespaceOptions, idmapOptions define.IDMappingOptions, policy define.NetworkConfigurationPolicy) (configureNetwork bool, configureNetworks []string, configureUTS bool, err error) {
+ defaultContainerConfig, err := config.Default()
+ if err != nil {
+ return false, nil, false, fmt.Errorf("failed to get container config: %w", err)
+ }
+
+ addSysctl := func(prefixes []string) error {
+ for _, sysctl := range defaultContainerConfig.Sysctls() {
+ splitn := strings.SplitN(sysctl, "=", 2)
+ if len(splitn) > 2 {
+ return fmt.Errorf("sysctl %q defined in containers.conf must be formatted name=value", sysctl)
+ }
+ for _, prefix := range prefixes {
+ if strings.HasPrefix(splitn[0], prefix) {
+ g.AddLinuxSysctl(splitn[0], splitn[1])
+ }
+ }
+ }
+ return nil
+ }
+
// Set namespace options in the container configuration.
configureUserns := false
specifiedNetwork := false
for _, namespaceOption := range namespaceOptions {
switch namespaceOption.Name {
+ case string(specs.IPCNamespace):
+ if !namespaceOption.Host {
+ if err := addSysctl([]string{"fs.mqueue"}); err != nil {
+ return false, nil, false, err
+ }
+ }
case string(specs.UserNamespace):
configureUserns = false
if !namespaceOption.Host && namespaceOption.Path == "" {
@@ -627,8 +653,13 @@ func setupNamespaces(logger *logrus.Logger, g *generate.Generator, namespaceOpti
}
case string(specs.UTSNamespace):
configureUTS = false
- if !namespaceOption.Host && namespaceOption.Path == "" {
- configureUTS = true
+ if !namespaceOption.Host {
+ if namespaceOption.Path == "" {
+ configureUTS = true
+ }
+ if err := addSysctl([]string{"kernel.hostname", "kernel.domainame"}); err != nil {
+ return false, nil, false, err
+ }
}
}
if namespaceOption.Host {
@@ -684,7 +715,10 @@ func setupNamespaces(logger *logrus.Logger, g *generate.Generator, namespaceOpti
}
}
}
- if configureNetwork && !unshare.IsRootless() {
+ if configureNetwork {
+ if err := addSysctl([]string{"net"}); err != nil {
+ return false, nil, false, err
+ }
for name, val := range define.DefaultNetworkSysctl {
// Check that the sysctl we are adding is actually supported
// by the kernel
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 714e6fbfa..d2de96573 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -97,7 +97,7 @@ github.com/containernetworking/cni/pkg/version
# github.com/containernetworking/plugins v1.1.1
## explicit; go 1.17
github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/buildah v1.27.1-0.20220921131114-d3064796af36
+# github.com/containers/buildah v1.28.0
## explicit; go 1.17
github.com/containers/buildah
github.com/containers/buildah/bind