diff options
24 files changed, 211 insertions, 86 deletions
diff --git a/.copr/prepare.sh b/.copr/prepare.sh index 713cdc2ee..d5a9a7f85 100644 --- a/.copr/prepare.sh +++ b/.copr/prepare.sh @@ -34,6 +34,6 @@ if [ ! -d conmon ]; then git clone -n --quiet https://github.com/containers/conmon fi pushd conmon -git checkout 6f3572558b97bc60dd8f8c7f0807748e6ce2c440 +git checkout --detach 6f3572558b97bc60dd8f8c7f0807748e6ce2c440 git archive --prefix "conmon/" --format "tar.gz" HEAD -o "../build/conmon.tar.gz" popd diff --git a/Dockerfile b/Dockerfile index a7d795b29..f85c47937 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,7 +50,7 @@ RUN set -x \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ && cd "$GOPATH/src/github.com/opencontainers/runc" \ && git fetch origin --tags \ - && git checkout -q "$RUNC_COMMIT" \ + && git checkout --detach -q "$RUNC_COMMIT" \ && make static BUILDTAGS="seccomp selinux" \ && cp runc /usr/bin/runc \ && rm -rf "$GOPATH" @@ -62,7 +62,7 @@ RUN set -x \ && git clone https://github.com/containers/conmon.git "$GOPATH/src/github.com/containers/conmon.git" \ && cd "$GOPATH/src/github.com/containers/conmon.git" \ && git fetch origin --tags \ - && git checkout -q "$CONMON_COMMIT" \ + && git checkout --detach -q "$CONMON_COMMIT" \ && make \ && install -D -m 755 bin/conmon /usr/libexec/podman/conmon \ && rm -rf "$GOPATH" @@ -73,7 +73,7 @@ RUN set -x \ && export GOPATH="$(mktemp -d)" GOCACHE="$(mktemp -d)" \ && git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \ && cd "$GOPATH/src/github.com/containernetworking/plugins" \ - && git checkout -q "$CNI_COMMIT" \ + && git checkout --detach -q "$CNI_COMMIT" \ && ./build_linux.sh \ && mkdir -p /usr/libexec/cni \ && cp bin/* /usr/libexec/cni \ diff --git a/Dockerfile.centos b/Dockerfile.centos index 7c2a05dd1..f5a2b891c 100644 --- a/Dockerfile.centos +++ b/Dockerfile.centos @@ -35,7 +35,7 @@ RUN set -x \ && export GOPATH="$(mktemp -d)" GOCACHE="$(mktemp -d)" \ && git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \ && cd "$GOPATH/src/github.com/containernetworking/plugins" \ - && git checkout -q "$CNI_COMMIT" \ + && git checkout --detach -q "$CNI_COMMIT" \ && ./build_linux.sh \ && mkdir -p /usr/libexec/cni \ && cp bin/* /usr/libexec/cni \ @@ -59,7 +59,7 @@ RUN set -x \ && git clone https://github.com/containers/conmon.git "$GOPATH/src/github.com/containers/conmon.git" \ && cd "$GOPATH/src/github.com/containers/conmon.git" \ && git fetch origin --tags \ - && git checkout -q "$CONMON_COMMIT" \ + && git checkout --detach -q "$CONMON_COMMIT" \ && make \ && install -D -m 755 bin/conmon /usr/libexec/podman/conmon \ && rm -rf "$GOPATH" diff --git a/Dockerfile.fedora b/Dockerfile.fedora index ef9a718dc..45b2c3670 100644 --- a/Dockerfile.fedora +++ b/Dockerfile.fedora @@ -52,7 +52,7 @@ RUN set -x \ && git clone https://github.com/containers/conmon.git "$GOPATH/src/github.com/containers/conmon.git" \ && cd "$GOPATH/src/github.com/containers/conmon.git" \ && git fetch origin --tags \ - && git checkout -q "$CONMON_COMMIT" \ + && git checkout --detach -q "$CONMON_COMMIT" \ && make \ && install -D -m 755 bin/conmon /usr/libexec/podman/conmon \ && rm -rf "$GOPATH" @@ -476,7 +476,7 @@ endef if [ ! -x "$(GOBIN)/gometalinter" ]; then \ $(call go-get,github.com/alecthomas/gometalinter); \ cd $(FIRST_GOPATH)/src/github.com/alecthomas/gometalinter; \ - git checkout e8d801238da6f0dfd14078d68f9b53fa50a7eeb5; \ + git checkout --detach e8d801238da6f0dfd14078d68f9b53fa50a7eeb5; \ $(GO) install github.com/alecthomas/gometalinter; \ $(GOBIN)/gometalinter --install; \ fi @@ -498,7 +498,7 @@ varlink_api_generate: .gopathok API.md install.libseccomp.sudo: rm -rf ../../seccomp/libseccomp git clone https://github.com/seccomp/libseccomp ../../seccomp/libseccomp - cd ../../seccomp/libseccomp && git checkout $(LIBSECCOMP_COMMIT) && ./autogen.sh && ./configure --prefix=/usr && make all && make install + cd ../../seccomp/libseccomp && git checkout --detach $(LIBSECCOMP_COMMIT) && ./autogen.sh && ./configure --prefix=/usr && make all && make install cmd/podman/varlink/iopodman.go: cmd/podman/varlink/io.podman.varlink diff --git a/contrib/build_rpm.sh b/contrib/build_rpm.sh index 507c03591..ceb4ca176 100644..100755 --- a/contrib/build_rpm.sh +++ b/contrib/build_rpm.sh @@ -1,15 +1,12 @@ #!/bin/bash set -euxo pipefail -pkg_manager=`command -v dnf` -if [ -z "$pkg_manager" ]; then - pkg_manager=`command -v yum` -fi - +# returned path can vary: /usr/bin/dnf /bin/dnf ... +pkg_manager=`command -v dnf yum | head -n1` echo "Package manager binary: $pkg_manager" -if [ $pkg_manager == "/usr/bin/yum" ]; then +if [ $pkg_manager == "*yum" ]; then echo "[virt7-container-common-candidate] name=virt7-container-common-candidate baseurl=https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/ @@ -31,11 +28,11 @@ declare -a PKGS=(device-mapper-devel \ go-compilers-golang-compiler \ ) -if [ $pkg_manager == "/usr/bin/dnf" ]; then +if [ $pkg_manager == "*dnf" ]; then PKGS+=(python3-devel \ python3-varlink \ ) -# btrfs-progs-devel is not available in CentOS/RHEL-8 + # btrfs-progs-devel is not available in CentOS/RHEL-8 if ! grep -i -q 'Red Hat\|CentOS' /etc/redhat-release; then PKGS+=(btrfs-progs-devel) fi @@ -49,16 +46,16 @@ if [ -z "$extra_arg" ]; then fi echo ${PKGS[*]} -$pkg_manager install -y ${PKGS[*]} +sudo $pkg_manager install -y ${PKGS[*]} make -f .copr/Makefile rpmbuild --rebuild ${extra_arg:-""} podman-*.src.rpm # Test to make sure the install of the binary works -$pkg_manager -y install ~/rpmbuild/RPMS/x86_64/podman-*.x86_64.rpm +sudo $pkg_manager -y install ~/rpmbuild/RPMS/x86_64/podman-*.x86_64.rpm # If we built python/varlink packages, we should test their installs too -if [ $pkg_manager == "/usr/bin/dnf" ]; then - $pkg_manager -y install ~/rpmbuild/RPMS/noarch/python* +if [ $pkg_manager == "*dnf" ]; then + sudo $pkg_manager -y install ~/rpmbuild/RPMS/noarch/python* fi @@ -10,7 +10,7 @@ require ( github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 github.com/containernetworking/plugins v0.8.2 - github.com/containers/buildah v1.11.5 + github.com/containers/buildah v1.11.6 github.com/containers/conmon v2.0.2+incompatible // indirect github.com/containers/image/v5 v5.0.0 github.com/containers/psgo v1.3.2 @@ -76,6 +76,8 @@ github.com/containers/buildah v1.11.5-0.20191031204705-20e92ffe0982 h1:5WUe09k2s github.com/containers/buildah v1.11.5-0.20191031204705-20e92ffe0982/go.mod h1:eGWB4tLoo0hIBuytQpvgUC0hk2mvl2ofaYBeDsU/qoc= github.com/containers/buildah v1.11.5 h1:bVpkaVlvA7G+1mBDAcX6yf7jNZJ/ZrrAHDt4WCx2i8E= github.com/containers/buildah v1.11.5/go.mod h1:bfNPqLO8GnI0qMPmI6MHSpQNK+a3TH9syYsRg+iqhRw= +github.com/containers/buildah v1.11.6 h1:PhlF++LAezRtOKHfKhBlo8DLvpMQIvU/K2VfAhknadE= +github.com/containers/buildah v1.11.6/go.mod h1:02+o3ZTICaPyP0QcQFoQd07obLMdAecSnFN2kDhcqNo= github.com/containers/conmon v2.0.2+incompatible h1:h2HCdd/EBpwFn7RT82Y2GyXnVUHWxk1Jm4cESSZG4P8= github.com/containers/conmon v2.0.2+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.0.0 h1:arnXgbt1ucsC/ndtSpiQY87rA0UjhF+/xQnPzqdBDn4= diff --git a/hack/get_release_info.sh b/hack/get_release_info.sh index b75751170..c2be6a270 100755 --- a/hack/get_release_info.sh +++ b/hack/get_release_info.sh @@ -4,9 +4,10 @@ # a script allows uniform behavior across multiple environments and # distributions. The script expects a single argument, as reflected below. -set -e +set -euo pipefail -cd "${GOSRC:-$(dirname $0)/../}" +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +cd "${GOSRC:-${DIR}/../}" valid_args() { REGEX='^\s+[[:upper:]]+\*[)]' diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 9604de638..193c788c0 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -19,24 +19,31 @@ #include <sys/select.h> #include <stdio.h> -#ifndef RENAME_NOREPLACE -# define RENAME_NOREPLACE (1 << 0) - -int renameat2 (int olddirfd, const char *oldpath, int newdirfd, const char *newpath, unsigned int flags) +int rename_noreplace (int olddirfd, const char *oldpath, int newdirfd, const char *newpath) { + int ret; + # ifdef SYS_renameat2 - return (int) syscall (SYS_renameat2, olddirfd, oldpath, newdirfd, newpath, flags); -# else +# ifndef RENAME_NOREPLACE +# define RENAME_NOREPLACE (1 << 0) +# endif + + ret = (int) syscall (SYS_renameat2, olddirfd, oldpath, newdirfd, newpath, RENAME_NOREPLACE); + if (ret == 0 || errno != EINVAL) + return ret; + + /* Fallback in case of errno==EINVAL. */ +# endif + /* This might be an issue if another process is trying to read the file while it is empty. */ - int fd = open (newpath, O_EXCL|O_CREAT, 0700); - if (fd < 0) - return fd; - close (fd); + ret = open (newpath, O_EXCL|O_CREAT, 0700); + if (ret < 0) + return ret; + close (ret); + /* We are sure we created the file, let's overwrite it. */ return rename (oldpath, newpath); -# endif } -#endif #ifndef TEMP_FAILURE_RETRY #define TEMP_FAILURE_RETRY(expression) \ @@ -453,7 +460,7 @@ create_pause_process (const char *pause_pid_file_path, char **argv) /* There can be another process at this point trying to configure the user namespace and the pause process, do not override the pid file if it already exists. */ - if (renameat2 (AT_FDCWD, tmp_file_path, AT_FDCWD, pause_pid_file_path, RENAME_NOREPLACE) < 0) + if (rename_noreplace (AT_FDCWD, tmp_file_path, AT_FDCWD, pause_pid_file_path) < 0) { unlink (tmp_file_path); kill (pid, SIGKILL); diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index b41ff8350..a0baf30e9 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -2,6 +2,46 @@ # Changelog +## v1.11.6 (2019-12-03) + Handle missing equal sign in --from and --chown flags for COPY/ADD + bud COPY does not download URL + Bump github.com/onsi/gomega from 1.7.0 to 1.7.1 + Fix .dockerignore exclude regression + Ran buildah through codespell + commit(docker): always set ContainerID and ContainerConfig + Touch up commit man page image parameter + Add builder identity annotations. + info: use util.Runtime() + Bump github.com/onsi/ginkgo from 1.10.2 to 1.10.3 + Bump back to v1.12.0-dev + +## v1.11.5 (2019-11-11) + Enhance error on unsafe symbolic link targets + Add OCIRuntime to info + Check nonexsit authfile + Only output image id if running buildah bud --quiet + Fix --pull=true||false and add --pull-never to bud and from (retry) + cgroups v2: tweak or skip tests + Prepwork: new 'skip' helpers for tests + Handle configuration blobs for manifest lists + unmarshalConvertedConfig: avoid using the updated image's ref + Add completions for Manifest commands + Add disableFips option to secrets pkg + Update bud.bats test archive test + Add test for caching based on content digest + Builder.untarPath(): always evaluate b.ContentDigester.Hash() + Bump github.com/onsi/ginkgo from 1.10.1 to 1.10.2 + Fix another broken test: copy-url-mtime + yet more fixes + Actual bug fix for 'add' test: fix the expected mode + BATS tests - lots of mostly minor cleanup + build: drop support for ostree + Add support for make vendor-in-container + imgtype: exit with error if storage fails + remove XDG_RUNTIME_DIR from default authfile path + fix troubleshooting redirect instructions + Bump back to v1.12.0-dev + ## v1.11.4 (2019-10-28) buildah: add a "manifest" command manifests: add the module diff --git a/vendor/github.com/containers/buildah/add.go b/vendor/github.com/containers/buildah/add.go index bd3d25cd4..b5119e369 100644 --- a/vendor/github.com/containers/buildah/add.go +++ b/vendor/github.com/containers/buildah/add.go @@ -299,7 +299,9 @@ func (b *Builder) addHelper(excludes *fileutils.PatternMatcher, extract bool, de } } logrus.Debugf("copying[%d] %q to %q", n, esrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*") - if excludes == nil || !excludes.Exclusions() { + + // Copy the whole directory because we do not exclude anything + if excludes == nil { if err = copyWithTar(esrc, dest); err != nil { return errors.Wrapf(err, "error copying %q to %q", esrc, dest) } @@ -309,13 +311,22 @@ func (b *Builder) addHelper(excludes *fileutils.PatternMatcher, extract bool, de if err != nil { return err } - skip, err := excludes.Matches(path) + + res, err := excludes.MatchesResult(path) if err != nil { return errors.Wrapf(err, "error checking if %s is an excluded path", path) } - if skip { + // Skip the whole directory if the pattern matches exclusively + if res.Excludes() == 0 && res.Matches() == 1 && info.IsDir() { + return filepath.SkipDir + } + // The latest match result has the highest priority, + // which means that we only skip the filepath if + // the last result matched. + if res.IsMatched() { return nil } + // combine the source's basename with the dest directory fpath, err := filepath.Rel(esrc, path) if err != nil { diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go index 7042590d1..bceafc241 100644 --- a/vendor/github.com/containers/buildah/buildah.go +++ b/vendor/github.com/containers/buildah/buildah.go @@ -27,7 +27,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.11.5" + Version = "1.11.6" // The value we use to identify what type of information, currently a // serialized Builder structure, we are using as per-container state. // This should only be changed when we make incompatible changes to @@ -325,7 +325,7 @@ type CommonBuildOptions struct { ShmSize string // Ulimit specifies resource limit options, in the form type:softlimit[:hardlimit]. // These types are recognized: - // "core": maximimum core dump size (ulimit -c) + // "core": maximum core dump size (ulimit -c) // "cpu": maximum CPU time (ulimit -t) // "data": maximum size of a process's data segment (ulimit -d) // "fsize": maximum size of new files (ulimit -f) diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index 098e6d6d4..58d784e35 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,3 +1,16 @@ +- Changelog for v1.11.6 (2019-12-03) + * Handle missing equal sign in --from and --chown flags for COPY/ADD + * bud COPY does not download URL + * Bump github.com/onsi/gomega from 1.7.0 to 1.7.1 + * Fix .dockerignore exclude regression + * Ran buildah through codespell + * commit(docker): always set ContainerID and ContainerConfig + * Touch up commit man page image parameter + * Add builder identity annotations. + * info: use util.Runtime() + * Bump github.com/onsi/ginkgo from 1.10.2 to 1.10.3 + * Bump back to v1.12.0-dev + - Changelog for v1.11.5 (2019-11-11) * Enhance error on unsafe symbolic link targets * Add OCIRuntime to info diff --git a/vendor/github.com/containers/buildah/commit.go b/vendor/github.com/containers/buildah/commit.go index 4df3b9908..24642f4dc 100644 --- a/vendor/github.com/containers/buildah/commit.go +++ b/vendor/github.com/containers/buildah/commit.go @@ -29,6 +29,13 @@ import ( "github.com/sirupsen/logrus" ) +const ( + // BuilderIdentityAnnotation is the name of the annotation key containing + // the name and version of the producer of the image stored as an + // annotation on commit. + BuilderIdentityAnnotation = "io.buildah.version" +) + // CommitOptions can be used to alter how an image is committed. type CommitOptions struct { // PreferredManifestType is the preferred type of image manifest. The diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod index 2c76c46bf..684b00ff5 100644 --- a/vendor/github.com/containers/buildah/go.mod +++ b/vendor/github.com/containers/buildah/go.mod @@ -6,7 +6,7 @@ require ( github.com/blang/semver v3.5.0+incompatible // indirect github.com/containernetworking/cni v0.7.1 github.com/containers/image/v5 v5.0.0 - github.com/containers/storage v1.13.5 + github.com/containers/storage v1.14.0 github.com/cyphar/filepath-securejoin v0.2.2 github.com/docker/distribution v2.7.1+incompatible github.com/docker/docker-credential-helpers v0.6.1 // indirect @@ -21,11 +21,11 @@ require ( github.com/ishidawataru/sctp v0.0.0-20180918013207-6e2cb1366111 // indirect github.com/mattn/go-shellwords v1.0.6 github.com/morikuni/aec v1.0.0 // indirect - github.com/onsi/ginkgo v1.10.2 - github.com/onsi/gomega v1.7.0 + github.com/onsi/ginkgo v1.10.3 + github.com/onsi/gomega v1.7.1 github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 - github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158 + github.com/opencontainers/runc v1.0.0-rc9 github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 github.com/opencontainers/runtime-tools v0.9.0 github.com/opencontainers/selinux v1.3.0 diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum index 15dab4794..1cce3ff7e 100644 --- a/vendor/github.com/containers/buildah/go.sum +++ b/vendor/github.com/containers/buildah/go.sum @@ -60,6 +60,12 @@ github.com/containers/storage v1.13.4 h1:j0bBaJDKbUHtAW1MXPFnwXJtqcH+foWeuXK1YaB github.com/containers/storage v1.13.4/go.mod h1:6D8nK2sU9V7nEmAraINRs88ZEscM5C5DK+8Npp27GeA= github.com/containers/storage v1.13.5 h1:/SUzGeOP2HDijpF7Yur21Ch6WTZC1BNeZF917CWcp5c= github.com/containers/storage v1.13.5/go.mod h1:HELz8Sn+UVbPaUZMI8RvIG9doD4y4z6Gtg4k7xdd2ZY= +github.com/containers/storage v1.13.6-0.20191016135324-ed4762ae6c66 h1:b/loDwYh+0nIA/9su3SI4kcYaYKtPe74EFYe/Uew6RE= +github.com/containers/storage v1.13.6-0.20191016135324-ed4762ae6c66/go.mod h1:imKnA8Ozb99yPWt64WPrtNOR0v0HKQZFH4oLV45N22k= +github.com/containers/storage v1.13.6-0.20191017175359-7daeec89a243 h1:k97CWHLLrJWEKPX3a3uCtj7QClyVC+aBFSGeswKRLFg= +github.com/containers/storage v1.13.6-0.20191017175359-7daeec89a243/go.mod h1:imKnA8Ozb99yPWt64WPrtNOR0v0HKQZFH4oLV45N22k= +github.com/containers/storage v1.14.0 h1:LbX6WZaDmkXt4DT4xWIg3YXAWd6oA4K9Fi6/KG1xt84= +github.com/containers/storage v1.14.0/go.mod h1:qGPsti/qC1xxX+xcpHfiTMT+8ThVE2Jf83wFHHqkDAY= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -187,6 +193,10 @@ github.com/klauspost/compress v1.7.2 h1:liMOoeIvFpr9kEvalrZ7VVBA4wGf7zfOgwBjzz/5 github.com/klauspost/compress v1.7.2/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.8.1 h1:oygt2ychZFHOB6M9gUgajzgKrwRgHbGC77NwA4COVgI= github.com/klauspost/compress v1.8.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/compress v1.9.1 h1:TWy0o9J9c6LK9C8t7Msh6IAJNXbsU/nvKLTQUU5HdaY= +github.com/klauspost/compress v1.9.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/compress v1.9.2 h1:LfVyl+ZlLlLDeQ/d2AqfGIIH4qEDu0Ed2S5GyhCWIWY= +github.com/klauspost/compress v1.9.2/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w= github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/pgzip v1.2.1 h1:oIPZROsWuPHpOdMVWLuJZXwgjhrW8r1yEX8UqMyeNHM= @@ -239,11 +249,15 @@ github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.2 h1:uqH7bpe+ERSiDa34FDOF7RikN6RzXgduUF8yarlZp94= github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.3 h1:OoxbjfXVZyod1fmWYhI7SEyaD8B00ynP3T+D5GiyHOY= +github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -257,6 +271,8 @@ github.com/opencontainers/runc v1.0.0-rc8 h1:dDCFes8Hj1r/i5qnypONo5jdOme/8HWZC/a github.com/opencontainers/runc v1.0.0-rc8/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158 h1:/A6bAdnSZoTQmKml3MdHAnSEPnBAQeigNBl4sxnfaaQ= github.com/opencontainers/runc v1.0.0-rc8.0.20190827142921-dd075602f158/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runc v1.0.0-rc9 h1:/k06BMULKF5hidyoZymkoDCzdJzltZpz/UU4LguQVtc= +github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go= github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -303,6 +319,24 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8= github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/saschagrunert/storage v1.12.3-0.20191015073819-a34ddea087da h1:5aEGhStFh+0r/t0kT0utSi5C6MIMHBgMHkeIu1JUvfA= +github.com/saschagrunert/storage v1.12.3-0.20191015073819-a34ddea087da/go.mod h1:imKnA8Ozb99yPWt64WPrtNOR0v0HKQZFH4oLV45N22k= +github.com/saschagrunert/storage v1.12.3-0.20191018073047-1d43d5290f84 h1:iBs6FOO2GpFpdaa3WC4XhqHI6S2LE7RTlgn8LodsXVo= +github.com/saschagrunert/storage v1.12.3-0.20191018073047-1d43d5290f84/go.mod h1:imKnA8Ozb99yPWt64WPrtNOR0v0HKQZFH4oLV45N22k= +github.com/saschagrunert/storage v1.12.3-0.20191018074207-004188d8ee96 h1:hDio2zc3wMjwSPmUEXSz7lnFeKvP/537/hoEh/5QUls= +github.com/saschagrunert/storage v1.12.3-0.20191018074207-004188d8ee96/go.mod h1:imKnA8Ozb99yPWt64WPrtNOR0v0HKQZFH4oLV45N22k= +github.com/saschagrunert/storage v1.12.3-0.20191018074751-2a78ca44fc55 h1:WMsV+abtQGrEahhpTh4RR3q/mdMN3EyJihJzt0x86SY= +github.com/saschagrunert/storage v1.12.3-0.20191018074751-2a78ca44fc55/go.mod h1:imKnA8Ozb99yPWt64WPrtNOR0v0HKQZFH4oLV45N22k= +github.com/saschagrunert/storage v1.12.3-0.20191018080359-fa072a5579b2 h1:a2UZl3C4vVtqfIZHAnRSgaa9vs9EjTEpcJES0O3gWqM= +github.com/saschagrunert/storage v1.12.3-0.20191018080359-fa072a5579b2/go.mod h1:imKnA8Ozb99yPWt64WPrtNOR0v0HKQZFH4oLV45N22k= +github.com/saschagrunert/storage v1.12.3-0.20191113150726-1d1b91a958a6 h1:6hOuOZqXF7MTt/a44ZWBpLwBrrc+PPs43wh5LW3p3gs= +github.com/saschagrunert/storage v1.12.3-0.20191113150726-1d1b91a958a6/go.mod h1:apitPTJaaw4MMr0U+Z3WwpX86dwUMOlV/lp0NgZhXTU= +github.com/saschagrunert/storage v1.12.3-0.20191113151852-f8b56918440b h1:Quf1YA+T4xhABFYYMN/ORBGAYa4WLD2O/cX/NPmoOgc= +github.com/saschagrunert/storage v1.12.3-0.20191113151852-f8b56918440b/go.mod h1:apitPTJaaw4MMr0U+Z3WwpX86dwUMOlV/lp0NgZhXTU= +github.com/saschagrunert/storage v1.12.3-0.20191114093559-52adfaa6f31e h1:iX1xFl6TYGIIVcW9xR0OvXrH9dJ69MpIzRt4dc6v1u0= +github.com/saschagrunert/storage v1.12.3-0.20191114093559-52adfaa6f31e/go.mod h1:apitPTJaaw4MMr0U+Z3WwpX86dwUMOlV/lp0NgZhXTU= +github.com/saschagrunert/storage v1.12.3-0.20191116170926-5e07044cf0e2 h1:azd4fIVaZqFbBcgbMSuP9YyskvNwRdiV+SO2Z1qJfA8= +github.com/saschagrunert/storage v1.12.3-0.20191116170926-5e07044cf0e2/go.mod h1:apitPTJaaw4MMr0U+Z3WwpX86dwUMOlV/lp0NgZhXTU= github.com/seccomp/containers-golang v0.0.0-20180629143253-cdfdaa7543f4 h1:rOG9oHVIndNR14f3HRyBy9UPQYmIPniWqTU1TDdHhq4= github.com/seccomp/containers-golang v0.0.0-20180629143253-cdfdaa7543f4/go.mod h1:f/98/SnvAzhAEFQJ3u836FePXvcbE8BS0YGMQNn4mhA= github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo= @@ -463,6 +497,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gotest.tools v0.0.0-20190624233834-05ebafbffc79/go.mod h1:R//lfYlUuTOTfblYI3lGoAAAebUdzjvbmQsuB7Ykd90= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= diff --git a/vendor/github.com/containers/buildah/image.go b/vendor/github.com/containers/buildah/image.go index 79c75ce0b..d333442b8 100644 --- a/vendor/github.com/containers/buildah/image.go +++ b/vendor/github.com/containers/buildah/image.go @@ -190,6 +190,10 @@ func (i *containerImageRef) createConfigsAndManifests() (v1.Image, v1.Manifest, return v1.Image{}, v1.Manifest{}, docker.V2Image{}, docker.V2S2Manifest{}, err } dimage.Parent = docker.ID(i.parent) + dimage.Container = i.containerID + if dimage.Config != nil { + dimage.ContainerConfig = *dimage.Config + } // Always replace this value, since we're newer than our base image. dimage.Created = created // Clear the list of diffIDs, since we always repopulate it. @@ -455,7 +459,6 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System } dimage.History = append(dimage.History, dnews) appendHistory(i.postEmptyLayers) - dimage.Parent = docker.ID(i.parent) // Sanity check that we didn't just create a mismatch between non-empty layers in the // history and the number of diffIDs. diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go index 67c0a0eb9..311031a95 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go @@ -248,7 +248,7 @@ func (s *StageExecutor) volumeCacheRestore() error { return nil } -// digestContent digests any content that this next instruction would add to +// digestSpecifiedContent digests any content that this next instruction would add to // the image, returning the digester if there is any, or nil otherwise. We // don't care about the details of where in the filesystem the content actually // goes, because we're not actually going to add it here, so this is less @@ -424,37 +424,37 @@ func (s *StageExecutor) Copy(excludes []string, copies ...imagebuilder.Copy) err for _, src := range copy.Src { if strings.HasPrefix(src, "http://") || strings.HasPrefix(src, "https://") { // Source is a URL. - sources = append(sources, src) - } else { - // Treat the source, which is not a URL, as a - // location relative to the - // all-content-comes-from-below-this-directory - // directory. - srcSecure, err := securejoin.SecureJoin(contextDir, src) - if err != nil { - return errors.Wrapf(err, "forbidden path for %q, it is outside of the build context %q", src, contextDir) - } - if hadFinalPathSeparator { - // If destination is a folder, we need to take extra care to - // ensure that files are copied with correct names (since - // resolving a symlink may result in a different name). - _, srcName := filepath.Split(src) - _, srcNameSecure := filepath.Split(srcSecure) - if srcName != srcNameSecure { - options := buildah.AddAndCopyOptions{ - Chown: copy.Chown, - ContextDir: contextDir, - Excludes: copyExcludes, - IDMappingOptions: idMappingOptions, - } - if err := s.builder.Add(filepath.Join(copy.Dest, srcName), copy.Download, options, srcSecure); err != nil { - return err - } - continue + // returns an error to be compatible with docker + return errors.Errorf("source can't be a URL for COPY") + } + // Treat the source, which is not a URL, as a + // location relative to the + // all-content-comes-from-below-this-directory + // directory. + srcSecure, err := securejoin.SecureJoin(contextDir, src) + if err != nil { + return errors.Wrapf(err, "forbidden path for %q, it is outside of the build context %q", src, contextDir) + } + if hadFinalPathSeparator { + // If destination is a folder, we need to take extra care to + // ensure that files are copied with correct names (since + // resolving a symlink may result in a different name). + _, srcName := filepath.Split(src) + _, srcNameSecure := filepath.Split(srcSecure) + if srcName != srcNameSecure { + options := buildah.AddAndCopyOptions{ + Chown: copy.Chown, + ContextDir: contextDir, + Excludes: copyExcludes, + IDMappingOptions: idMappingOptions, + } + if err := s.builder.Add(filepath.Join(copy.Dest, srcName), copy.Download, options, srcSecure); err != nil { + return err } + continue } - sources = append(sources, srcSecure) } + sources = append(sources, srcSecure) } options := buildah.AddAndCopyOptions{ Chown: copy.Chown, @@ -816,14 +816,22 @@ func (s *StageExecutor) Execute(ctx context.Context, stage imagebuilder.Stage, b // Check if there's a --from if the step command is COPY or // ADD. Set copyFrom to point to either the context directory // or the root of the container from the specified stage. + // Also check the chown flag for validity. s.copyFrom = s.executor.contextDir - for _, n := range step.Flags { + for _, flag := range step.Flags { command := strings.ToUpper(step.Command) - if strings.Contains(n, "--from") && (command == "COPY" || command == "ADD") { + // chown and from flags should have an '=' sign, '--chown=' or '--from=' + if command == "COPY" && (flag == "--chown" || flag == "--from") { + return "", nil, errors.Errorf("COPY only supports the --chown=<uid:gid> and the --from=<image|stage> flags") + } + if command == "ADD" && flag == "--chown" { + return "", nil, errors.Errorf("ADD only supports the --chown=<uid:gid> flag") + } + if strings.Contains(flag, "--from") && command == "COPY" { var mountPoint string - arr := strings.Split(n, "=") + arr := strings.Split(flag, "=") if len(arr) != 2 { - return "", nil, errors.Errorf("%s: invalid --from flag, should be --from=<name|index>", command) + return "", nil, errors.Errorf("%s: invalid --from flag, should be --from=<name|stage>", command) } otherStage, ok := s.executor.stages[arr[1]] if !ok { diff --git a/vendor/github.com/containers/buildah/info.go b/vendor/github.com/containers/buildah/info.go index 322bd8834..68d217b8f 100644 --- a/vendor/github.com/containers/buildah/info.go +++ b/vendor/github.com/containers/buildah/info.go @@ -13,6 +13,7 @@ import ( "github.com/containers/buildah/pkg/cgroups" "github.com/containers/buildah/pkg/unshare" + "github.com/containers/buildah/util" "github.com/containers/storage" "github.com/containers/storage/pkg/system" "github.com/sirupsen/logrus" @@ -52,10 +53,9 @@ func hostInfo() map[string]interface{} { logrus.Error(err, "err reading cgroups mode") } cgroupVersion := "v1" - ociruntime := "runc" + ociruntime := util.Runtime() if unified { cgroupVersion = "v2" - ociruntime = "crun" } info["CgroupVersion"] = cgroupVersion info["OCIRuntime"] = ociruntime diff --git a/vendor/github.com/containers/buildah/install.md b/vendor/github.com/containers/buildah/install.md index f533b0fb2..af340eb86 100644 --- a/vendor/github.com/containers/buildah/install.md +++ b/vendor/github.com/containers/buildah/install.md @@ -374,7 +374,7 @@ cat /etc/containers/policy.json ## Vendoring -Buildah uses Go Modules for vendoring purposes. If you need to update or add a vendored package into Buildah, please follow this proceedure: +Buildah uses Go Modules for vendoring purposes. If you need to update or add a vendored package into Buildah, please follow this procedure: * Enter into your sandbox `src/github.com/containers/buildah` and ensure that the GOPATH variable is set to the directory prior as noted above. * `export GO111MODULE=on` * Assuming you want to 'bump' the `github.com/containers/storage` package to version 1.12.13, use this command: `go get github.com/containers/storage@v1.12.13` diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go index 6f49cc240..60353bebb 100644 --- a/vendor/github.com/containers/buildah/pkg/cli/common.go +++ b/vendor/github.com/containers/buildah/pkg/cli/common.go @@ -194,7 +194,7 @@ func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults, fs.StringSliceVar(&flags.DNSSearch, "dns-search", []string{}, "Set custom DNS search domains") fs.StringSliceVar(&flags.DNSServers, "dns", []string{}, "Set custom DNS servers or disable it completely by setting it to 'none', which prevents the automatic creation of `/etc/resolv.conf`.") fs.StringSliceVar(&flags.DNSOptions, "dns-option", []string{}, "Set custom DNS options") - fs.BoolVar(&flags.HTTPProxy, "http-proxy", true, "pass thru HTTP Proxy environment variables") + fs.BoolVar(&flags.HTTPProxy, "http-proxy", true, "pass through HTTP Proxy environment variables") fs.StringVar(&flags.Isolation, "isolation", DefaultIsolation(), "`type` of process isolation to use. Use BUILDAH_ISOLATION environment variable to override.") fs.StringVarP(&flags.Memory, "memory", "m", "", "memory limit (format: <number>[<unit>], where unit = b, k, m or g)") fs.StringVar(&flags.MemorySwap, "memory-swap", "", "swap limit equal to memory plus swap: '-1' to enable unlimited swap") diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go index 9194ddf58..0ec6b5ee3 100644 --- a/vendor/github.com/containers/buildah/pkg/parse/parse.go +++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go @@ -270,7 +270,7 @@ func getMounts(mounts []string) (map[string]specs.Mount, error) { // TODO(vrothberg): the manual parsing can be replaced with a regular expression // to allow a more robust parsing of the mount format and to give - // precise errors regarding supported format versus suppored options. + // precise errors regarding supported format versus supported options. for _, mount := range mounts { arr := strings.SplitN(mount, ",", 2) if len(arr) < 2 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 4fb9b9d44..3337bae80 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -60,7 +60,7 @@ github.com/containernetworking/plugins/pkg/ns github.com/containernetworking/plugins/pkg/utils/hwaddr github.com/containernetworking/plugins/plugins/ipam/host-local/backend github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator -# github.com/containers/buildah v1.11.5 +# github.com/containers/buildah v1.11.6 github.com/containers/buildah github.com/containers/buildah/bind github.com/containers/buildah/chroot |