summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--vendor/github.com/projectatomic/buildah/buildah.go2
-rw-r--r--vendor/github.com/projectatomic/buildah/commit.go11
-rw-r--r--vendor/github.com/projectatomic/buildah/config.go14
-rw-r--r--vendor/github.com/projectatomic/buildah/image.go4
-rw-r--r--vendor/github.com/projectatomic/buildah/imagebuildah/build.go5
-rw-r--r--vendor/github.com/projectatomic/buildah/pkg/cli/common.go16
-rw-r--r--vendor/github.com/projectatomic/buildah/pkg/parse/parse.go13
-rw-r--r--vendor/github.com/projectatomic/buildah/run.go17
-rw-r--r--vendor/github.com/projectatomic/buildah/secrets.go198
9 files changed, 65 insertions, 215 deletions
diff --git a/vendor/github.com/projectatomic/buildah/buildah.go b/vendor/github.com/projectatomic/buildah/buildah.go
index 9b55dc320..da07e37eb 100644
--- a/vendor/github.com/projectatomic/buildah/buildah.go
+++ b/vendor/github.com/projectatomic/buildah/buildah.go
@@ -89,6 +89,8 @@ type Builder struct {
ImageAnnotations map[string]string `json:"annotations,omitempty"`
// ImageCreatedBy is a description of how this container was built.
ImageCreatedBy string `json:"created-by,omitempty"`
+ // ImageHistoryComment is a description of how our added layers were built.
+ ImageHistoryComment string `json:"history-comment,omitempty"`
// Image metadata and runtime settings, in multiple formats.
OCIv1 v1.Image `json:"ociv1,omitempty"`
diff --git a/vendor/github.com/projectatomic/buildah/commit.go b/vendor/github.com/projectatomic/buildah/commit.go
index a5b8aaf40..d752473fa 100644
--- a/vendor/github.com/projectatomic/buildah/commit.go
+++ b/vendor/github.com/projectatomic/buildah/commit.go
@@ -4,6 +4,7 @@ import (
"context"
"fmt"
"io"
+ "io/ioutil"
"time"
cp "github.com/containers/image/copy"
@@ -46,6 +47,8 @@ type CommitOptions struct {
// github.com/containers/image/types SystemContext to hold credentials
// and other authentication/authorization information.
SystemContext *types.SystemContext
+ // IIDFile tells the builder to write the image ID to the specified file
+ IIDFile string
}
// PushOptions can be used to alter how an image is copied somewhere.
@@ -121,7 +124,13 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
img, err := is.Transport.GetStoreImage(b.store, dest)
if err == nil {
- fmt.Printf("%s\n", img.ID)
+ if options.IIDFile != "" {
+ if err := ioutil.WriteFile(options.IIDFile, []byte(img.ID), 0644); err != nil {
+ return errors.Wrapf(err, "failed to write Image ID File %q", options.IIDFile)
+ }
+ } else {
+ fmt.Printf("%s\n", img.ID)
+ }
}
return nil
}
diff --git a/vendor/github.com/projectatomic/buildah/config.go b/vendor/github.com/projectatomic/buildah/config.go
index efbb133de..c5fabdec6 100644
--- a/vendor/github.com/projectatomic/buildah/config.go
+++ b/vendor/github.com/projectatomic/buildah/config.go
@@ -588,7 +588,7 @@ func (b *Builder) Comment() string {
return b.Docker.Comment
}
-// SetComment sets the Comment which will be set in the container and in
+// SetComment sets the comment which will be set in the container and in
// containers built using images built from the container.
// Note: this setting is not present in the OCIv1 image format, so it is
// discarded when writing images using OCIv1 formats.
@@ -596,6 +596,18 @@ func (b *Builder) SetComment(comment string) {
b.Docker.Comment = comment
}
+// HistoryComment returns the comment which will be used in the history item
+// which will describe the latest layer when we commit an image.
+func (b *Builder) HistoryComment() string {
+ return b.ImageHistoryComment
+}
+
+// SetHistoryComment sets the comment which will be used in the history item
+// which will describe the latest layer when we commit an image.
+func (b *Builder) SetHistoryComment(comment string) {
+ b.ImageHistoryComment = comment
+}
+
// StopSignal returns the signal which will be set in the container and in
// containers built using images buiilt from the container
func (b *Builder) StopSignal() string {
diff --git a/vendor/github.com/projectatomic/buildah/image.go b/vendor/github.com/projectatomic/buildah/image.go
index e5a49f1f9..a54643806 100644
--- a/vendor/github.com/projectatomic/buildah/image.go
+++ b/vendor/github.com/projectatomic/buildah/image.go
@@ -46,6 +46,7 @@ type containerImageRef struct {
dconfig []byte
created time.Time
createdBy string
+ historyComment string
annotations map[string]string
preferredManifestType string
exporting bool
@@ -303,6 +304,7 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System
Created: &i.created,
CreatedBy: i.createdBy,
Author: oimage.Author,
+ Comment: i.historyComment,
EmptyLayer: false,
}
oimage.History = append(oimage.History, onews)
@@ -310,6 +312,7 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System
Created: i.created,
CreatedBy: i.createdBy,
Author: dimage.Author,
+ Comment: i.historyComment,
EmptyLayer: false,
}
dimage.History = append(dimage.History, dnews)
@@ -521,6 +524,7 @@ func (b *Builder) makeImageRef(manifestType string, exporting bool, compress arc
dconfig: dconfig,
created: created,
createdBy: b.CreatedBy(),
+ historyComment: b.HistoryComment(),
annotations: b.Annotations(),
preferredManifestType: manifestType,
exporting: exporting,
diff --git a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
index c477e0996..81e8108a0 100644
--- a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
+++ b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
@@ -110,6 +110,8 @@ type BuildOptions struct {
CommonBuildOpts *buildah.CommonBuildOptions
// DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format
DefaultMountsFilePath string
+ // IIDFile tells the builder to write the image ID to the specified file
+ IIDFile string
}
// Executor is a buildah-based implementation of the imagebuilder.Executor
@@ -146,6 +148,7 @@ type Executor struct {
reportWriter io.Writer
commonBuildOptions *buildah.CommonBuildOptions
defaultMountsFilePath string
+ iidfile string
}
// withName creates a new child executor that will be used whenever a COPY statement uses --from=NAME.
@@ -477,6 +480,7 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) {
reportWriter: options.ReportWriter,
commonBuildOptions: options.CommonBuildOpts,
defaultMountsFilePath: options.DefaultMountsFilePath,
+ iidfile: options.IIDFile,
}
if exec.err == nil {
exec.err = os.Stderr
@@ -683,6 +687,7 @@ func (b *Executor) Commit(ctx context.Context, ib *imagebuilder.Builder) (err er
AdditionalTags: b.additionalTags,
ReportWriter: b.reportWriter,
PreferredManifestType: b.outputFormat,
+ IIDFile: b.iidfile,
}
return b.builder.Commit(ctx, imageRef, options)
}
diff --git a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
index bead9e6be..ea9114688 100644
--- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
+++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
@@ -24,6 +24,10 @@ var (
Value: "",
Usage: "use certificates at the specified path to access the registry",
},
+ cli.BoolFlag{
+ Name: "compress",
+ Usage: "This is legacy option, which has no effect on the image",
+ },
cli.StringFlag{
Name: "creds",
Value: "",
@@ -37,6 +41,10 @@ var (
Name: "format",
Usage: "`format` of the built image's manifest and metadata",
},
+ cli.StringFlag{
+ Name: "iidfile",
+ Usage: "Write the image ID to the file",
+ },
cli.BoolTFlag{
Name: "pull",
Usage: "pull the image if not present",
@@ -49,6 +57,10 @@ var (
Name: "quiet, q",
Usage: "refrain from announcing build instructions and image read/write progress",
},
+ cli.BoolFlag{
+ Name: "rm",
+ Usage: "Remove intermediate containers after a successful build. Buildah does not currently support cacheing so this is a NOOP.",
+ },
cli.StringFlag{
Name: "runtime",
Usage: "`path` to an alternate runtime",
@@ -62,6 +74,10 @@ var (
Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)",
},
+ cli.BoolFlag{
+ Name: "squash",
+ Usage: "Squash newly built layers into a single new layer. Buildah does not currently support cacheing so this is a NOOP.",
+ },
cli.StringSliceFlag{
Name: "tag, t",
Usage: "`tag` to apply to the built image",
diff --git a/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go b/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go
index f2159d930..505601f25 100644
--- a/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go
+++ b/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go
@@ -8,6 +8,7 @@ import (
"fmt"
"net"
"os"
+ "path/filepath"
"reflect"
"regexp"
"strings"
@@ -56,7 +57,7 @@ func ParseCommonBuildOptions(c *cli.Context) (*buildah.CommonBuildOptions, error
if _, err := units.FromHumanSize(c.String("shm-size")); err != nil {
return nil, errors.Wrapf(err, "invalid --shm-size")
}
- if err := parseVolumes(c.StringSlice("volume")); err != nil {
+ if err := ParseVolumes(c.StringSlice("volume")); err != nil {
return nil, err
}
@@ -122,7 +123,8 @@ func parseSecurityOpts(securityOpts []string, commonOpts *buildah.CommonBuildOpt
return nil
}
-func parseVolumes(volumes []string) error {
+// ParseVolumes validates the host and container paths passed in to the --volume flag
+func ParseVolumes(volumes []string) error {
if len(volumes) == 0 {
return nil
}
@@ -147,6 +149,9 @@ func parseVolumes(volumes []string) error {
}
func validateVolumeHostDir(hostDir string) error {
+ if !filepath.IsAbs(hostDir) {
+ return errors.Errorf("invalid host path, must be an absolute path %q", hostDir)
+ }
if _, err := os.Stat(hostDir); err != nil {
return errors.Wrapf(err, "error checking path %q", hostDir)
}
@@ -154,8 +159,8 @@ func validateVolumeHostDir(hostDir string) error {
}
func validateVolumeCtrDir(ctrDir string) error {
- if ctrDir[0] != '/' {
- return errors.Errorf("invalid container directory path %q", ctrDir)
+ if !filepath.IsAbs(ctrDir) {
+ return errors.Errorf("invalid container path, must be an absolute path %q", ctrDir)
}
return nil
}
diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go
index 12312f6a4..b45a0e3a6 100644
--- a/vendor/github.com/projectatomic/buildah/run.go
+++ b/vendor/github.com/projectatomic/buildah/run.go
@@ -19,6 +19,7 @@ import (
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
+ "github.com/projectatomic/libpod/pkg/secrets"
"github.com/sirupsen/logrus"
"golang.org/x/crypto/ssh/terminal"
)
@@ -197,20 +198,14 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, optionMounts
}
// Add secrets mounts
- mountsFiles := []string{OverrideMountsFile, b.DefaultMountsFilePath}
- for _, file := range mountsFiles {
- secretMounts, err := secretMounts(file, b.MountLabel, cdir)
- if err != nil {
- logrus.Warn("error mounting secrets, skipping...")
+ secretMounts := secrets.SecretMounts(b.MountLabel, cdir, b.DefaultMountsFilePath)
+ for _, mount := range secretMounts {
+ if haveMount(mount.Destination) {
continue
}
- for _, mount := range secretMounts {
- if haveMount(mount.Destination) {
- continue
- }
- mounts = append(mounts, mount)
- }
+ mounts = append(mounts, mount)
}
+
// Add temporary copies of the contents of volume locations at the
// volume locations, unless we already have something there.
for _, volume := range builtinVolumes {
diff --git a/vendor/github.com/projectatomic/buildah/secrets.go b/vendor/github.com/projectatomic/buildah/secrets.go
deleted file mode 100644
index 087bf6ba5..000000000
--- a/vendor/github.com/projectatomic/buildah/secrets.go
+++ /dev/null
@@ -1,198 +0,0 @@
-package buildah
-
-import (
- "bufio"
- "fmt"
- "io/ioutil"
- "os"
- "path/filepath"
- "strings"
-
- rspec "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/opencontainers/selinux/go-selinux/label"
- "github.com/pkg/errors"
- "github.com/sirupsen/logrus"
-)
-
-var (
- // DefaultMountsFile holds the default mount paths in the form
- // "host_path:container_path"
- DefaultMountsFile = "/usr/share/containers/mounts.conf"
- // OverrideMountsFile holds the default mount paths in the form
- // "host_path:container_path" overriden by the user
- OverrideMountsFile = "/etc/containers/mounts.conf"
-)
-
-// secretData stores the name of the file and the content read from it
-type secretData struct {
- name string
- data []byte
-}
-
-// saveTo saves secret data to given directory
-func (s secretData) saveTo(dir string) error {
- path := filepath.Join(dir, s.name)
- if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil && !os.IsExist(err) {
- return err
- }
- return ioutil.WriteFile(path, s.data, 0700)
-}
-
-func readAll(root, prefix string) ([]secretData, error) {
- path := filepath.Join(root, prefix)
-
- data := []secretData{}
-
- files, err := ioutil.ReadDir(path)
- if err != nil {
- if os.IsNotExist(err) {
- return data, nil
- }
-
- return nil, err
- }
-
- for _, f := range files {
- fileData, err := readFile(root, filepath.Join(prefix, f.Name()))
- if err != nil {
- // If the file did not exist, might be a dangling symlink
- // Ignore the error
- if os.IsNotExist(err) {
- continue
- }
- return nil, err
- }
- data = append(data, fileData...)
- }
-
- return data, nil
-}
-
-func readFile(root, name string) ([]secretData, error) {
- path := filepath.Join(root, name)
-
- s, err := os.Stat(path)
- if err != nil {
- return nil, err
- }
-
- if s.IsDir() {
- dirData, err := readAll(root, name)
- if err != nil {
- return nil, err
- }
- return dirData, nil
- }
- bytes, err := ioutil.ReadFile(path)
- if err != nil {
- return nil, err
- }
- return []secretData{{name: name, data: bytes}}, nil
-}
-
-func getHostSecretData(hostDir string) ([]secretData, error) {
- var allSecrets []secretData
- hostSecrets, err := readAll(hostDir, "")
- if err != nil {
- return nil, errors.Wrapf(err, "failed to read secrets from %q", hostDir)
- }
- return append(allSecrets, hostSecrets...), nil
-}
-
-func getMounts(filePath string) []string {
- file, err := os.Open(filePath)
- if err != nil {
- logrus.Warnf("file %q not found, skipping...", filePath)
- return nil
- }
- defer file.Close()
- scanner := bufio.NewScanner(file)
- if err = scanner.Err(); err != nil {
- logrus.Warnf("error reading file %q, skipping...", filePath)
- return nil
- }
- var mounts []string
- for scanner.Scan() {
- mounts = append(mounts, scanner.Text())
- }
- return mounts
-}
-
-// getHostAndCtrDir separates the host:container paths
-func getMountsMap(path string) (string, string, error) {
- arr := strings.SplitN(path, ":", 2)
- if len(arr) == 2 {
- return arr[0], arr[1], nil
- }
- return "", "", errors.Errorf("unable to get host and container dir")
-}
-
-// secretMount copies the contents of host directory to container directory
-// and returns a list of mounts
-func secretMounts(filePath, mountLabel, containerWorkingDir string) ([]rspec.Mount, error) {
- var mounts []rspec.Mount
- defaultMountsPaths := getMounts(filePath)
- for _, path := range defaultMountsPaths {
- hostDir, ctrDir, err := getMountsMap(path)
- if err != nil {
- return nil, err
- }
- // skip if the hostDir path doesn't exist
- if _, err = os.Stat(hostDir); os.IsNotExist(err) {
- logrus.Warnf("%q doesn't exist, skipping", hostDir)
- continue
- }
-
- ctrDirOnHost := filepath.Join(containerWorkingDir, ctrDir)
- if err = os.RemoveAll(ctrDirOnHost); err != nil {
- return nil, fmt.Errorf("remove container directory failed: %v", err)
- }
-
- if err = os.MkdirAll(ctrDirOnHost, 0755); err != nil {
- return nil, fmt.Errorf("making container directory failed: %v", err)
- }
-
- hostDir, err = resolveSymbolicLink(hostDir)
- if err != nil {
- return nil, err
- }
-
- data, err := getHostSecretData(hostDir)
- if err != nil {
- return nil, errors.Wrapf(err, "getting host secret data failed")
- }
- for _, s := range data {
- if err := s.saveTo(ctrDirOnHost); err != nil {
- return nil, errors.Wrapf(err, "error saving data to container filesystem on host %q", ctrDirOnHost)
- }
- }
-
- err = label.Relabel(ctrDirOnHost, mountLabel, false)
- if err != nil {
- return nil, errors.Wrap(err, "error applying correct labels")
- }
-
- m := rspec.Mount{
- Source: ctrDirOnHost,
- Destination: ctrDir,
- Type: "bind",
- Options: []string{"bind"},
- }
-
- mounts = append(mounts, m)
- }
- return mounts, nil
-}
-
-// resolveSymbolicLink resolves a possbile symlink path. If the path is a symlink, returns resolved
-// path; if not, returns the original path.
-func resolveSymbolicLink(path string) (string, error) {
- info, err := os.Lstat(path)
- if err != nil {
- return "", err
- }
- if info.Mode()&os.ModeSymlink != os.ModeSymlink {
- return path, nil
- }
- return filepath.EvalSymlinks(path)
-}