diff options
16 files changed, 118 insertions, 59 deletions
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go index a0951f677..6a68a3aea 100644 --- a/pkg/adapter/runtime.go +++ b/pkg/adapter/runtime.go @@ -259,7 +259,7 @@ func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, opti if err != nil { return errors.Wrapf(err, "error parsing namespace-related options") } - usernsOption, idmappingOptions, err := parse.IDMappingOptions(c.PodmanCommand.Command) + usernsOption, idmappingOptions, err := parse.IDMappingOptions(c.PodmanCommand.Command, options.Isolation) if err != nil { return errors.Wrapf(err, "error parsing ID mapping options") } diff --git a/vendor.conf b/vendor.conf index 08590bfe9..23a6e4c05 100644 --- a/vendor.conf +++ b/vendor.conf @@ -93,13 +93,13 @@ k8s.io/apimachinery kubernetes-1.10.13-beta.0 https://github.com/kubernetes/apim k8s.io/client-go kubernetes-1.10.13-beta.0 https://github.com/kubernetes/client-go github.com/mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7 github.com/varlink/go 3ac79db6fd6aec70924193b090962f92985fe199 -github.com/containers/buildah 345ffc2b29b4255a83cfa763db88799d8ec9c569 https://github.com/QiWang19/buildah +github.com/containers/buildah 3ba8822d309128f7d76599432b8d9cdf77d4032f # TODO: Gotty has not been updated since 2012. Can we find replacement? github.com/Nvveen/Gotty cd527374f1e5bff4938207604a14f2e38a9cf512 # do not go beyond the below commit as the next one requires a more recent # docker which is in conflict with openshift/imagebuilder github.com/fsouza/go-dockerclient 29c1814d12c072344bb91aac5d2ff719db39c523 -github.com/openshift/imagebuilder 36823496a6868f72bc36282cc475eb8a070c0934 +github.com/openshift/imagebuilder 705fe9255c57f8505efb9723a9ac4082b67973bc github.com/ulikunitz/xz v0.5.5 github.com/coreos/go-iptables v0.4.0 github.com/google/shlex c34317bd91bf98fab745d77b03933cf8769299fe diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index 4f0ffac1c..f50b11f6c 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -27,11 +27,11 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/stringid" - "github.com/docker/docker/builder/dockerfile/parser" docker "github.com/fsouza/go-dockerclient" "github.com/opencontainers/image-spec/specs-go/v1" "github.com/opencontainers/runtime-spec/specs-go" "github.com/openshift/imagebuilder" + "github.com/openshift/imagebuilder/dockerfile/parser" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -510,20 +510,21 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { stdin = devNull } options := buildah.RunOptions{ - Hostname: config.Hostname, - Runtime: b.runtime, - Args: b.runtimeArgs, - NoPivot: os.Getenv("BUILDAH_NOPIVOT") != "", - Mounts: convertMounts(b.transientMounts), - Env: config.Env, - User: config.User, - WorkingDir: config.WorkingDir, - Entrypoint: config.Entrypoint, - Cmd: config.Cmd, - Stdin: stdin, - Stdout: b.out, - Stderr: b.err, - Quiet: b.quiet, + Hostname: config.Hostname, + Runtime: b.runtime, + Args: b.runtimeArgs, + NoPivot: os.Getenv("BUILDAH_NOPIVOT") != "", + Mounts: convertMounts(b.transientMounts), + Env: config.Env, + User: config.User, + WorkingDir: config.WorkingDir, + Entrypoint: config.Entrypoint, + Cmd: config.Cmd, + Stdin: stdin, + Stdout: b.out, + Stderr: b.err, + Quiet: b.quiet, + NamespaceOptions: b.namespaceOptions, } if config.NetworkDisabled { options.ConfigureNetwork = buildah.NetworkDisabled diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go index f167353b8..da07545c7 100644 --- a/vendor/github.com/containers/buildah/pkg/cli/common.go +++ b/vendor/github.com/containers/buildah/pkg/cli/common.go @@ -156,7 +156,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { fs.StringVar(&flags.Runtime, "runtime", util.Runtime(), "`path` to an alternate runtime. Use BUILDAH_RUNTIME environment variable to override.") fs.StringSliceVar(&flags.RuntimeFlags, "runtime-flag", []string{}, "add global flags for the container runtime") fs.StringVar(&flags.SignaturePolicy, "signature-policy", "", "`pathname` of signature policy file (not usually used)") - fs.BoolVar(&flags.Squash, "squash", false, "Squash newly built layers into a single new layer. The build process does not currently support caching so this is a NOOP.") + fs.BoolVar(&flags.Squash, "squash", false, "Squash newly built layers into a single new layer.") fs.StringSliceVarP(&flags.Tag, "tag", "t", []string{}, "tagged `name` to apply to the built image") fs.StringVar(&flags.Target, "target", "", "set the target build stage to build") fs.BoolVar(&flags.TlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry") diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go index a26d15631..c309f686a 100644 --- a/vendor/github.com/containers/buildah/pkg/parse/parse.go +++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go @@ -9,6 +9,7 @@ import ( "github.com/spf13/cobra" "net" "os" + "os/exec" "path/filepath" "strconv" "strings" @@ -319,7 +320,7 @@ func getDockerAuth(creds string) (*types.DockerAuthConfig, error) { } // IDMappingOptions parses the build options related to user namespaces and ID mapping. -func IDMappingOptions(c *cobra.Command) (usernsOptions buildah.NamespaceOptions, idmapOptions *buildah.IDMappingOptions, err error) { +func IDMappingOptions(c *cobra.Command, isolation buildah.Isolation) (usernsOptions buildah.NamespaceOptions, idmapOptions *buildah.IDMappingOptions, err error) { user := c.Flag("userns-uid-map-user").Value.String() group := c.Flag("userns-gid-map-group").Value.String() // If only the user or group was specified, use the same value for the @@ -391,11 +392,26 @@ func IDMappingOptions(c *cobra.Command) (usernsOptions buildah.NamespaceOptions, if len(gidmap) == 0 && len(uidmap) != 0 { gidmap = uidmap } + + useSlirp4netns := false + + if isolation == buildah.IsolationOCIRootless { + _, err := exec.LookPath("slirp4netns") + if execerr, ok := err.(*exec.Error); ok && !strings.Contains(execerr.Error(), "not found") { + return nil, nil, errors.Wrapf(err, "cannot lookup slirp4netns %v", execerr) + } + if err == nil { + useSlirp4netns = true + } else { + logrus.Warningf("could not find slirp4netns. Using host network namespace") + } + } + // By default, having mappings configured means we use a user // namespace. Otherwise, we don't. usernsOption := buildah.NamespaceOption{ Name: string(specs.UserNamespace), - Host: len(uidmap) == 0 && len(gidmap) == 0, + Host: len(uidmap) == 0 && len(gidmap) == 0 && !useSlirp4netns, } // If the user specifically requested that we either use or don't use // user namespaces, override that default. diff --git a/vendor/github.com/containers/buildah/run.go b/vendor/github.com/containers/buildah/run.go index f56ce30b1..2fa3cd572 100644 --- a/vendor/github.com/containers/buildah/run.go +++ b/vendor/github.com/containers/buildah/run.go @@ -1765,7 +1765,9 @@ func runConfigureNetwork(isolation Isolation, options RunOptions, configureNetwo var netconf, undo []*libcni.NetworkConfigList if isolation == IsolationOCIRootless { - return setupRootlessNetwork(pid) + if ns := options.NamespaceOptions.Find(string(specs.NetworkNamespace)); ns != nil && !ns.Host { + return setupRootlessNetwork(pid) + } } // Scan for CNI configuration files. confdir := options.CNIConfigDir diff --git a/vendor/github.com/containers/buildah/vendor.conf b/vendor/github.com/containers/buildah/vendor.conf index 3cdb9c95f..53c2e673e 100644 --- a/vendor/github.com/containers/buildah/vendor.conf +++ b/vendor/github.com/containers/buildah/vendor.conf @@ -11,12 +11,13 @@ github.com/boltdb/bolt v1.3.1 github.com/containers/libpod v1.0 github.com/containers/storage v1.11 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 -github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 +github.com/docker/docker 54dddadc7d5d89fe0be88f76979f6f6ab0dede83 github.com/docker/docker-credential-helpers v0.6.1 github.com/docker/go-connections v0.4.0 github.com/docker/go-units v0.3.2 github.com/docker/libtrust aabc10ec26b754e797f9028f4589c5b7bd90dc20 -github.com/fsouza/go-dockerclient 29c1814d12c072344bb91aac5d2ff719db39c523 +github.com/docker/libnetwork 1a06131fb8a047d919f7deaf02a4c414d7884b83 +github.com/fsouza/go-dockerclient v1.3.0 github.com/ghodss/yaml v1.0.0 github.com/gogo/protobuf v1.2.0 github.com/gorilla/context v1.1.1 @@ -38,7 +39,7 @@ github.com/opencontainers/runc v1.0.0-rc6 github.com/opencontainers/runtime-spec v1.0.0 github.com/opencontainers/runtime-tools v0.8.0 github.com/opencontainers/selinux v1.1 -github.com/openshift/imagebuilder 36823496a6868f72bc36282cc475eb8a070c0934 +github.com/openshift/imagebuilder 705fe9255c57f8505efb9723a9ac4082b67973bc github.com/ostreedev/ostree-go 9ab99253d365aac3a330d1f7281cf29f3d22820b github.com/pkg/errors v0.8.1 github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac diff --git a/vendor/github.com/openshift/imagebuilder/README.md b/vendor/github.com/openshift/imagebuilder/README.md index f26b4a7e0..fd96ed940 100644 --- a/vendor/github.com/openshift/imagebuilder/README.md +++ b/vendor/github.com/openshift/imagebuilder/README.md @@ -1,4 +1,4 @@ -Docker / OCI Image Builder +OCI Image Builder ========================== [![Go Report Card](https://goreportcard.com/badge/github.com/openshift/imagebuilder)](https://goreportcard.com/report/github.com/openshift/imagebuilder) @@ -6,22 +6,22 @@ Docker / OCI Image Builder [![Travis](https://travis-ci.org/openshift/imagebuilder.svg?branch=master)](https://travis-ci.org/openshift/imagebuilder) [![Join the chat at freenode:openshift-dev](https://img.shields.io/badge/irc-freenode%3A%20%23openshift--dev-blue.svg)](http://webchat.freenode.net/?channels=%23openshift-dev) -Note: this library is beta and may contain bugs that prevent images from being identical to Docker build. Test your images (and add to our conformance suite)! +Please test your images (and add to our conformance suite)! -This library supports using the Dockerfile syntax to build Docker -compatible images, without invoking Docker build. It is intended to give -clients more control over how a Docker build is run, including: +This library supports using the Dockerfile syntax to build OCI & Docker +compatible images, without invoking a container build command such as `buildah bud` or `docker build`. It is intended to give +clients more control over how they build container images, including: * Instead of building one layer per line, run all instructions in the same container -* Set Docker HostConfig settings like network and memory controls that - are not available when running Docker builds +* Set HostConfig settings like network and memory controls that + are not available when running container builds * Mount external files into the build that are not persisted as part of the final image (i.e. "secrets") * If there are no RUN commands in the Dockerfile, the container is created and committed, but never started. -The final image should be 99.9% compatible with regular docker builds, +The final image should be 99.9% compatible with regular container builds, but bugs are always possible. Future goals include: @@ -54,9 +54,6 @@ $ imagebuilder --mount ~/secrets/private.key:/etc/keys/private.key path/to/my/co Any processes in the Dockerfile will have access to `/etc/keys/private.key`, but that file will not be part of the committed image. -Running `--mount` requires Docker 1.10 or newer, as it uses a Docker volume to hold the mounted files and the volume API was not -available in earlier versions. - You can also customize which Dockerfile is run, or run multiple Dockerfiles in sequence (the FROM is ignored on later files): diff --git a/vendor/github.com/openshift/imagebuilder/builder.go b/vendor/github.com/openshift/imagebuilder/builder.go index 16682af7d..86b139b65 100644 --- a/vendor/github.com/openshift/imagebuilder/builder.go +++ b/vendor/github.com/openshift/imagebuilder/builder.go @@ -13,8 +13,8 @@ import ( docker "github.com/fsouza/go-dockerclient" - "github.com/docker/docker/builder/dockerfile/command" - "github.com/docker/docker/builder/dockerfile/parser" + "github.com/openshift/imagebuilder/dockerfile/command" + "github.com/openshift/imagebuilder/dockerfile/parser" ) // Copy defines a copy operation required on the container. diff --git a/vendor/github.com/openshift/imagebuilder/dockerfile/NOTICE b/vendor/github.com/openshift/imagebuilder/dockerfile/NOTICE new file mode 100644 index 000000000..519a7e995 --- /dev/null +++ b/vendor/github.com/openshift/imagebuilder/dockerfile/NOTICE @@ -0,0 +1,26 @@ +Source files in this directory and all sub-directories have been +copied from github.com/docker/docker/builder/dockerfile and are +Licensed under the Apache License Version 2.0. + +Note that the fork of github.com/docker/docker used commit +b68221c37ee597950364788204546f9c9d0e46a1. + +Docker +Copyright 2012-2017 Docker, Inc. + +This product includes software developed at Docker, Inc. (https://www.docker.com). + +This product contains software (https://github.com/kr/pty) developed +by Keith Rarick, licensed under the MIT License. + +The following is courtesy of our legal counsel: + + +Use and transfer of Docker may be subject to certain restrictions by the +United States and other governments. +It is your responsibility to ensure that your use and/or transfer does not +violate applicable laws. + +For more information, please see https://www.bis.doc.gov + +See also https://www.apache.org/dev/crypto.html and/or seek legal counsel. diff --git a/vendor/github.com/docker/docker/builder/dockerfile/command/command.go b/vendor/github.com/openshift/imagebuilder/dockerfile/command/command.go index f23c6874b..f23c6874b 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/command/command.go +++ b/vendor/github.com/openshift/imagebuilder/dockerfile/command/command.go diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go b/vendor/github.com/openshift/imagebuilder/dockerfile/parser/line_parsers.go index 2c375b74e..82d912b26 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/parser/line_parsers.go +++ b/vendor/github.com/openshift/imagebuilder/dockerfile/parser/line_parsers.go @@ -15,7 +15,7 @@ import ( "unicode" "unicode/utf8" - "github.com/docker/docker/builder/dockerfile/command" + "github.com/openshift/imagebuilder/dockerfile/command" ) var ( diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go b/vendor/github.com/openshift/imagebuilder/dockerfile/parser/parser.go index 822c42b41..0223963e1 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/parser/parser.go +++ b/vendor/github.com/openshift/imagebuilder/dockerfile/parser/parser.go @@ -12,7 +12,7 @@ import ( "strings" "unicode" - "github.com/docker/docker/builder/dockerfile/command" + "github.com/openshift/imagebuilder/dockerfile/command" "github.com/docker/docker/pkg/system" "github.com/pkg/errors" ) @@ -91,6 +91,9 @@ var ( // DefaultEscapeToken is the default escape token const DefaultEscapeToken = '\\' +// defaultPlatformToken is the platform assumed for the build if not explicitly provided +var defaultPlatformToken = runtime.GOOS + // Directive is the structure used during a build run to hold the state of // parsing directives. type Directive struct { @@ -140,7 +143,7 @@ func (d *Directive) possibleParserDirective(line string) error { if len(tecMatch) != 0 { for i, n := range tokenEscapeCommand.SubexpNames() { if n == "escapechar" { - if d.escapeSeen { + if d.escapeSeen == true { return errors.New("only one escape parser directive can be used") } d.escapeSeen = true @@ -149,13 +152,14 @@ func (d *Directive) possibleParserDirective(line string) error { } } - // Only recognise a platform token if LCOW is supported + // TODO @jhowardmsft LCOW Support: Eventually this check can be removed, + // but only recognise a platform token if running in LCOW mode. if system.LCOWSupported() { tpcMatch := tokenPlatformCommand.FindStringSubmatch(strings.ToLower(line)) if len(tpcMatch) != 0 { for i, n := range tokenPlatformCommand.SubexpNames() { if n == "platform" { - if d.platformSeen { + if d.platformSeen == true { return errors.New("only one platform parser directive can be used") } d.platformSeen = true @@ -173,6 +177,7 @@ func (d *Directive) possibleParserDirective(line string) error { func NewDefaultDirective() *Directive { directive := Directive{} directive.setEscapeToken(string(DefaultEscapeToken)) + directive.setPlatformToken(defaultPlatformToken) return &directive } @@ -237,10 +242,8 @@ func newNodeFromLine(line string, directive *Directive) (*Node, error) { type Result struct { AST *Node EscapeToken rune - // TODO @jhowardmsft - see https://github.com/moby/moby/issues/34617 - // This next field will be removed in a future update for LCOW support. - OS string - Warnings []string + Platform string + Warnings []string } // PrintWarnings to the writer @@ -287,10 +290,6 @@ func Parse(rwc io.Reader) (*Result, error) { } currentLine++ - if isComment(scanner.Bytes()) { - // original line was a comment (processLine strips comments) - continue - } if isEmptyContinuationLine(bytesRead) { hasEmptyContinuationLine = true continue @@ -320,7 +319,7 @@ func Parse(rwc io.Reader) (*Result, error) { AST: root, Warnings: warnings, EscapeToken: d.escapeToken, - OS: d.platformToken, + Platform: d.platformToken, }, nil } @@ -332,12 +331,8 @@ func trimWhitespace(src []byte) []byte { return bytes.TrimLeftFunc(src, unicode.IsSpace) } -func isComment(line []byte) bool { - return tokenComment.Match(trimWhitespace(line)) -} - func isEmptyContinuationLine(line []byte) bool { - return len(trimWhitespace(line)) == 0 + return len(trimComments(trimWhitespace(line))) == 0 } var utf8bom = []byte{0xEF, 0xBB, 0xBF} diff --git a/vendor/github.com/docker/docker/builder/dockerfile/parser/split_command.go b/vendor/github.com/openshift/imagebuilder/dockerfile/parser/split_command.go index 171f454f6..171f454f6 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/parser/split_command.go +++ b/vendor/github.com/openshift/imagebuilder/dockerfile/parser/split_command.go diff --git a/vendor/github.com/openshift/imagebuilder/evaluator.go b/vendor/github.com/openshift/imagebuilder/evaluator.go index e1cd5d6d6..1ea358451 100644 --- a/vendor/github.com/openshift/imagebuilder/evaluator.go +++ b/vendor/github.com/openshift/imagebuilder/evaluator.go @@ -5,8 +5,8 @@ import ( "io" "strings" - "github.com/docker/docker/builder/dockerfile/command" - "github.com/docker/docker/builder/dockerfile/parser" + "github.com/openshift/imagebuilder/dockerfile/command" + "github.com/openshift/imagebuilder/dockerfile/parser" ) // ParseDockerfile parses the provided stream as a canonical Dockerfile diff --git a/vendor/github.com/openshift/imagebuilder/vendor.conf b/vendor/github.com/openshift/imagebuilder/vendor.conf new file mode 100644 index 000000000..39b216feb --- /dev/null +++ b/vendor/github.com/openshift/imagebuilder/vendor.conf @@ -0,0 +1,21 @@ +github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109 +github.com/containerd/continuity 004b46473808b3e7a4a3049c20e4376c91eb966d +github.com/docker/docker b68221c37ee597950364788204546f9c9d0e46a1 +github.com/docker/go-connections 97c2040d34dfae1d1b1275fa3a78dbdd2f41cf7e +github.com/docker/go-units 2fb04c6466a548a03cb009c5569ee1ab1e35398e +github.com/fsouza/go-dockerclient openshift-4.0 https://github.com/openshift/go-dockerclient.git +github.com/gogo/protobuf c5a62797aee0054613cc578653a16c6237fef080 +github.com/golang/glog 23def4e6c14b4da8ac2ed8007337bc5eb5007998 +github.com/golang/protobuf v1.3.0 +github.com/konsorten/go-windows-terminal-sequences f55edac94c9bbba5d6182a4be46d86a2c9b5b50e +github.com/Microsoft/go-winio 1a8911d1ed007260465c3bfbbc785ac6915a0bb8 +github.com/Nvveen/Gotty cd527374f1e5bff4938207604a14f2e38a9cf512 +github.com/opencontainers/go-digest ac19fd6e7483ff933754af248d80be865e543d22 +github.com/opencontainers/image-spec 243ea084a44451d27322fed02b682d99e2af3ba9 +github.com/opencontainers/runc 923a8f8a9a07aceada5fc48c4d37e905d9b019b5 +github.com/pkg/errors 27936f6d90f9c8e1145f11ed52ffffbfdb9e0af7 +github.com/sirupsen/logrus d7b6bf5e4d26448fd977d07d745a2a66097ddecb +golang.org/x/crypto ff983b9c42bc9fbf91556e191cc8efb585c16908 +golang.org/x/net 45ffb0cd1ba084b73e26dee67e667e1be5acce83 +golang.org/x/sync 37e7f081c4d4c64e13b10787722085407fe5d15f +golang.org/x/sys 7fbe1cd0fcc20051e1fcb87fbabec4a1bacaaeba |