summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--go.mod3
-rw-r--r--go.sum4
-rw-r--r--vendor/github.com/containers/buildah/.cirrus.yml2
-rw-r--r--vendor/github.com/containers/buildah/.gitignore1
-rw-r--r--vendor/github.com/containers/buildah/CHANGELOG.md12
-rw-r--r--vendor/github.com/containers/buildah/buildah.go2
-rw-r--r--vendor/github.com/containers/buildah/changelog.txt12
-rw-r--r--vendor/github.com/containers/buildah/chroot/run.go19
-rw-r--r--vendor/github.com/containers/buildah/go.mod1
-rw-r--r--vendor/github.com/containers/buildah/go.sum2
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/stage_executor.go8
-rw-r--r--vendor/github.com/containers/buildah/pkg/parse/parse.go10
-rw-r--r--vendor/github.com/containers/buildah/run_linux.go6
-rw-r--r--vendor/modules.txt2
14 files changed, 62 insertions, 22 deletions
diff --git a/go.mod b/go.mod
index 50c991a38..227979afb 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.6
- github.com/containers/buildah v1.15.0
+ github.com/containers/buildah v1.15.1
github.com/containers/common v0.14.6
github.com/containers/conmon v2.0.18+incompatible
github.com/containers/image/v5 v5.5.1
@@ -63,7 +63,6 @@ require (
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
- golang.org/x/text v0.3.3 // indirect
gopkg.in/yaml.v2 v2.3.0
k8s.io/api v0.18.4
k8s.io/apimachinery v0.18.4
diff --git a/go.sum b/go.sum
index 4a6d41158..32601c7a6 100644
--- a/go.sum
+++ b/go.sum
@@ -66,8 +66,8 @@ github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 h1:eUMd8
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
github.com/containernetworking/plugins v0.8.6 h1:npZTLiMa4CRn6m5P9+1Dz4O1j0UeFbm8VYN6dlsw568=
github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containers/buildah v1.15.0 h1:p9cYJwcQ5Fnv0iBeHAFwHR0K+kcv7LbyAjUtc+HjYsc=
-github.com/containers/buildah v1.15.0/go.mod h1:j0AY2kWpmaOPPV5GKDJY9dMtekk5WMmMhcB+z0OW+vc=
+github.com/containers/buildah v1.15.1 h1:fVYZedNKir1B7qW43KR3zmkjHH+ZAmPoPQix9zHwgxE=
+github.com/containers/buildah v1.15.1/go.mod h1:AQPeirYl0bqtXuJaxM9d/xslMm+1qrABc73AEFw0M9U=
github.com/containers/common v0.14.0 h1:hiZFDPf6ajKiDmojN5f5X3gboKPO73NLrYb0RXfrQiA=
github.com/containers/common v0.14.0/go.mod h1:9olhlE+WhYof1npnMJdyRMX14/yIUint6zyHzcyRVAg=
github.com/containers/common v0.14.6 h1:GhMuqWEgH1e2YRXcTUYXOVakgj2srAGBkG1bqmOn+x8=
diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml
index cb16fa89c..c4e0e6f1f 100644
--- a/vendor/github.com/containers/buildah/.cirrus.yml
+++ b/vendor/github.com/containers/buildah/.cirrus.yml
@@ -6,7 +6,7 @@ env:
#### Global variables used for all tasks
####
# Name of the ultimate destination branch for this CI run, PR or post-merge.
- DEST_BRANCH: "master"
+ DEST_BRANCH: "release-1.15"
GOPATH: "/var/tmp/go"
GOSRC: "${GOPATH}/src/github.com/containers/buildah"
# Overrides default location (/tmp/cirrus) for repo clone
diff --git a/vendor/github.com/containers/buildah/.gitignore b/vendor/github.com/containers/buildah/.gitignore
index fe45e198a..d102b7979 100644
--- a/vendor/github.com/containers/buildah/.gitignore
+++ b/vendor/github.com/containers/buildah/.gitignore
@@ -1,4 +1,5 @@
docs/buildah*.1
+/bin
/buildah
/imgtype
/build/
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 0664b4040..cedb12798 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,6 +2,18 @@
# Changelog
+## v1.15.1 (2020-07-27)
+ Mask over the /sys/fs/selinux in mask branch
+ chroot: do not use setgroups if it is blocked
+ chroot, run: not fail on bind mounts from /sys
+ Allow "readonly" as alias to "ro" in mount options
+ Add VFS additional image store to container
+ Ignore OS X specific consistency mount option
+ vendor golang.org/x/text@v0.3.3
+ Cirrus: Fix missing htpasswd in registry img
+ Switch scripts to use containers.conf
+ Make imagebuildah.BuildOptions.Architecture/OS optional
+
## v1.15.0 (2020-06-17)
Bump github.com/containers/common from 0.12.0 to 0.13.1
Bump github.com/containers/storage from 1.20.1 to 1.20.2
diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go
index b5f0993fa..0ca3a2707 100644
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@@ -28,7 +28,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.15.0"
+ Version = "1.15.1"
// The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index ab0fd2415..6a688fb5e 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,4 +1,16 @@
- Changelog for v1.15.0 (2020-06-17)
+ * Mask over the /sys/fs/selinux in mask branch
+ * chroot: do not use setgroups if it is blocked
+ * chroot, run: not fail on bind mounts from /sys
+ * Allow "readonly" as alias to "ro" in mount options
+ * Add VFS additional image store to container
+ * Ignore OS X specific consistency mount option
+ * vendor golang.org/x/text@v0.3.3
+ * Cirrus: Fix missing htpasswd in registry img
+ * Switch scripts to use containers.conf
+ * Make imagebuildah.BuildOptions.Architecture/OS optional
+
+- Changelog for v1.15.0 (2020-06-17)
* Bump github.com/containers/common from 0.12.0 to 0.13.1
* Bump github.com/containers/storage from 1.20.1 to 1.20.2
* Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0
diff --git a/vendor/github.com/containers/buildah/chroot/run.go b/vendor/github.com/containers/buildah/chroot/run.go
index d65c36470..8616c4cac 100644
--- a/vendor/github.com/containers/buildah/chroot/run.go
+++ b/vendor/github.com/containers/buildah/chroot/run.go
@@ -7,6 +7,7 @@ import (
"encoding/json"
"fmt"
"io"
+ "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -741,10 +742,13 @@ func runUsingChrootExecMain() {
os.Exit(1)
}
} else {
- logrus.Debugf("clearing supplemental groups")
- if err = syscall.Setgroups([]int{}); err != nil {
- fmt.Fprintf(os.Stderr, "error clearing supplemental groups list: %v", err)
- os.Exit(1)
+ setgroups, _ := ioutil.ReadFile("/proc/self/setgroups")
+ if strings.Trim(string(setgroups), "\n") != "deny" {
+ logrus.Debugf("clearing supplemental groups")
+ if err = syscall.Setgroups([]int{}); err != nil {
+ fmt.Fprintf(os.Stderr, "error clearing supplemental groups list: %v", err)
+ os.Exit(1)
+ }
}
}
@@ -1093,7 +1097,8 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
}
subSys := filepath.Join(spec.Root.Path, m.Mountpoint)
if err := unix.Mount(m.Mountpoint, subSys, "bind", sysFlags, ""); err != nil {
- return undoBinds, errors.Wrapf(err, "error bind mounting /sys from host into mount namespace")
+ logrus.Warningf("could not bind mount %q, skipping: %v", m.Mountpoint, err)
+ continue
}
if err := makeReadOnly(subSys, sysFlags); err != nil {
return undoBinds, err
@@ -1101,10 +1106,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
}
logrus.Debugf("bind mounted %q to %q", "/sys", filepath.Join(spec.Root.Path, "/sys"))
- // Add /sys/fs/selinux to the set of masked paths, to ensure that we don't have processes
- // attempting to interact with labeling, when they aren't allowed to do so.
- spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux")
-
// Bind mount in everything we've been asked to mount.
for _, m := range spec.Mounts {
// Skip anything that we just mounted.
diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod
index daf5a4f19..c616af38a 100644
--- a/vendor/github.com/containers/buildah/go.mod
+++ b/vendor/github.com/containers/buildah/go.mod
@@ -38,6 +38,7 @@ require (
go.etcd.io/bbolt v1.3.4
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
+ golang.org/x/text v0.3.3 // indirect
)
replace github.com/sirupsen/logrus => github.com/sirupsen/logrus v1.4.2
diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum
index ece611305..a63fd7b5f 100644
--- a/vendor/github.com/containers/buildah/go.sum
+++ b/vendor/github.com/containers/buildah/go.sum
@@ -418,6 +418,8 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
index 7ba5e2e96..fa637c5a0 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@@ -1230,8 +1230,12 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
}
s.builder.SetHostname(config.Hostname)
s.builder.SetDomainname(config.Domainname)
- s.builder.SetArchitecture(s.executor.architecture)
- s.builder.SetOS(s.executor.os)
+ if s.executor.architecture != "" {
+ s.builder.SetArchitecture(s.executor.architecture)
+ }
+ if s.executor.os != "" {
+ s.builder.SetOS(s.executor.os)
+ }
s.builder.SetUser(config.User)
s.builder.ClearPorts()
for p := range config.ExposedPorts {
diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go
index 3b7d7587f..5b966b239 100644
--- a/vendor/github.com/containers/buildah/pkg/parse/parse.go
+++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go
@@ -342,6 +342,9 @@ func GetBindMount(args []string) (specs.Mount, error) {
// TODO: detect duplication of these options.
// (Is this necessary?)
newMount.Options = append(newMount.Options, kv[0])
+ case "readonly":
+ // Alias for "ro"
+ newMount.Options = append(newMount.Options, "ro")
case "shared", "rshared", "private", "rprivate", "slave", "rslave", "Z", "z":
newMount.Options = append(newMount.Options, kv[0])
case "bind-propagation":
@@ -367,6 +370,10 @@ func GetBindMount(args []string) (specs.Mount, error) {
}
newMount.Destination = kv[1]
setDest = true
+ case "consistency":
+ // Option for OS X only, has no meaning on other platforms
+ // and can thus be safely ignored.
+ // See also the handling of the equivalent "delegated" and "cached" in ValidateVolumeOpts
default:
return newMount, errors.Wrapf(errBadMntOption, kv[0])
}
@@ -403,6 +410,9 @@ func GetTmpfsMount(args []string) (specs.Mount, error) {
switch kv[0] {
case "ro", "nosuid", "nodev", "noexec":
newMount.Options = append(newMount.Options, kv[0])
+ case "readonly":
+ // Alias for "ro"
+ newMount.Options = append(newMount.Options, "ro")
case "tmpfs-mode":
if len(kv) == 1 {
return newMount, errors.Wrapf(optionArgError, kv[0])
diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go
index fd2597d62..412d1f385 100644
--- a/vendor/github.com/containers/buildah/run_linux.go
+++ b/vendor/github.com/containers/buildah/run_linux.go
@@ -1779,6 +1779,7 @@ func setupMaskedPaths(g *generate.Generator) {
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware",
+ "/sys/fs/selinux",
} {
g.AddLinuxMaskedPaths(mp)
}
@@ -2023,13 +2024,10 @@ func setupRootlessSpecChanges(spec *specs.Spec, bundleDir string, shmSize string
Options: []string{bind.NoBindOption, "rbind", "private", "nodev", "noexec", "nosuid", "ro"},
},
}
- // Cover up /sys/fs/cgroup and /sys/fs/selinux, if they exist in our source for /sys.
+ // Cover up /sys/fs/cgroup, if it exist in our source for /sys.
if _, err := os.Stat("/sys/fs/cgroup"); err == nil {
spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/cgroup")
}
- if _, err := os.Stat("/sys/fs/selinux"); err == nil {
- spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux")
- }
// Keep anything that isn't under /dev, /proc, or /sys.
for i := range spec.Mounts {
if spec.Mounts[i].Destination == "/dev" || strings.HasPrefix(spec.Mounts[i].Destination, "/dev/") ||
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 8a6b3cc2d..bf2a14d4c 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -66,7 +66,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr
github.com/containernetworking/plugins/pkg/utils/sysctl
github.com/containernetworking/plugins/plugins/ipam/host-local/backend
github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator
-# github.com/containers/buildah v1.15.0
+# github.com/containers/buildah v1.15.1
github.com/containers/buildah
github.com/containers/buildah/bind
github.com/containers/buildah/chroot