aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/images/build.go14
-rw-r--r--go.mod2
-rw-r--r--go.sum5
-rw-r--r--pkg/domain/infra/tunnel/images.go11
-rw-r--r--test/e2e/build_test.go2
-rw-r--r--vendor/github.com/containers/buildah/CHANGELOG.md8
-rw-r--r--vendor/github.com/containers/buildah/buildah.go2
-rw-r--r--vendor/github.com/containers/buildah/changelog.txt8
-rw-r--r--vendor/github.com/containers/buildah/commit.go22
-rw-r--r--vendor/github.com/containers/buildah/go.mod2
-rw-r--r--vendor/github.com/containers/buildah/go.sum4
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/executor.go4
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/stage_executor.go3
-rw-r--r--vendor/github.com/containers/buildah/run_linux.go2
-rw-r--r--vendor/modules.txt2
15 files changed, 54 insertions, 37 deletions
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go
index 308944ce5..895bdb631 100644
--- a/cmd/podman/images/build.go
+++ b/cmd/podman/images/build.go
@@ -264,7 +264,18 @@ func build(cmd *cobra.Command, args []string) error {
return err
}
- _, err = registry.ImageEngine().Build(registry.GetContext(), containerFiles, *apiBuildOpts)
+ report, err := registry.ImageEngine().Build(registry.GetContext(), containerFiles, *apiBuildOpts)
+
+ if cmd.Flag("iidfile").Changed {
+ f, err := os.Create(buildOpts.Iidfile)
+ if err != nil {
+ return err
+ }
+ if _, err := f.WriteString("sha256:" + report.ID); err != nil {
+ return err
+ }
+ }
+
return err
}
@@ -468,7 +479,6 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
ForceRmIntermediateCtrs: flags.ForceRm,
From: flags.From,
IDMappingOptions: idmappingOptions,
- IIDFile: flags.Iidfile,
In: stdin,
Isolation: isolation,
Jobs: &flags.Jobs,
diff --git a/go.mod b/go.mod
index c2265e92b..f36134146 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
github.com/containernetworking/cni v0.8.1
github.com/containernetworking/plugins v0.9.0
- github.com/containers/buildah v1.19.3
+ github.com/containers/buildah v1.19.4
github.com/containers/common v0.34.3-0.20210208115708-8668c76dd577
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.10.1
diff --git a/go.sum b/go.sum
index 93c5cc6fa..2365581a4 100644
--- a/go.sum
+++ b/go.sum
@@ -89,7 +89,6 @@ github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv
github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI=
github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI=
@@ -97,8 +96,8 @@ github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ
github.com/containernetworking/plugins v0.8.7/go.mod h1:R7lXeZaBzpfqapcAbHRW8/CYwm0dHzbz0XEjofx0uB0=
github.com/containernetworking/plugins v0.9.0 h1:c+1gegKhR7+d0Caum9pEHugZlyhXPOG6v3V6xJgIGCI=
github.com/containernetworking/plugins v0.9.0/go.mod h1:dbWv4dI0QrBGuVgj+TuVQ6wJRZVOhrCQj91YyC92sxg=
-github.com/containers/buildah v1.19.3 h1:U0E1UKzqW5C11W7giHhLZI06xkZiV40ZKDK/c1jotbE=
-github.com/containers/buildah v1.19.3/go.mod h1:uZb6GuE36tmRSOcIXGfiYqdpr+GPXWmlUIJSk5sn19w=
+github.com/containers/buildah v1.19.4 h1:TygMnZAt8JCQ0i1APbSHfdn69B2vGvPoJKD+f6D6fuA=
+github.com/containers/buildah v1.19.4/go.mod h1:PfK0EiB871UFD1CT8xNsKq60s7xw2pgSOEGICf+x6O8=
github.com/containers/common v0.33.1 h1:XpDiq8Cta8+u1s4kpYSEWdB140ZmqgyIXfWkLqKx3z0=
github.com/containers/common v0.33.1/go.mod h1:mjDo/NKeweL/onaspLhZ38WnHXaYmrELHclIdvSnYpY=
github.com/containers/common v0.34.3-0.20210208115708-8668c76dd577 h1:tUJcLouJ1bC3w9gdqgKqZBsj2uCuM8D8jSR592lxbhE=
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index f10c8c175..daad911cd 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -350,17 +350,6 @@ func (ir *ImageEngine) Build(_ context.Context, containerFiles []string, opts en
if err != nil {
return nil, err
}
- // For remote clients, if the option for writing to a file was
- // selected, we need to write to the *client's* filesystem.
- if len(opts.IIDFile) > 0 {
- f, err := os.Create(opts.IIDFile)
- if err != nil {
- return nil, err
- }
- if _, err := f.WriteString(report.ID); err != nil {
- return nil, err
- }
- }
return report, nil
}
diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go
index 43524298f..9bab4c926 100644
--- a/test/e2e/build_test.go
+++ b/test/e2e/build_test.go
@@ -194,7 +194,7 @@ var _ = Describe("Podman build", func() {
inspect := podmanTest.Podman([]string{"inspect", string(id)})
inspect.WaitWithDefaultTimeout()
data := inspect.InspectImageJSON()
- Expect(data[0].ID).To(Equal(string(id)))
+ Expect("sha256:" + data[0].ID).To(Equal(string(id)))
})
It("podman Test PATH in built image", func() {
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 0ad3069ce..ccf46b324 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,6 +2,14 @@
# Changelog
+## v1.19.4 (2021-02-06)
+ run: fix check for host pid namespace
+ bump containernetworking/cni library to v0.8.1 - fix for CVE-2021-20206
+ Finish plumbing for buildah bud --manifest
+ buildah manifest add localimage should work
+ Fix build arg check
+ --iidfile: print hash prefix
+
## v1.19.3 (2021-01-28)
[ci:docs] Fix man page for buildah push
Vendor in containers/image v5.10.1
diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go
index 4fbc475c2..7065e00e4 100644
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@@ -28,7 +28,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.19.3"
+ Version = "1.19.4"
// The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index db2faf71a..4a0f81b04 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,3 +1,11 @@
+- Changelog for v1.19.4 (2021-02-06)
+ * run: fix check for host pid namespace
+ * bump containernetworking/cni library to v0.8.1 - fix for CVE-2021-20206
+ * Finish plumbing for buildah bud --manifest
+ * buildah manifest add localimage should work
+ * Fix build arg check
+ * --iidfile: print hash prefix
+
- Changelog for v1.19.3 (2021-01-28)
* [ci:docs] Fix man page for buildah push
* Vendor in containers/image v5.10.1
diff --git a/vendor/github.com/containers/buildah/commit.go b/vendor/github.com/containers/buildah/commit.go
index 9c6831601..f588c8043 100644
--- a/vendor/github.com/containers/buildah/commit.go
+++ b/vendor/github.com/containers/buildah/commit.go
@@ -224,7 +224,7 @@ func checkRegistrySourcesAllows(forWhat string, dest types.ImageReference) (inse
return false, nil
}
-func (b *Builder) addManifest(ctx context.Context, manifestName string, imageSpec string) error {
+func (b *Builder) addManifest(ctx context.Context, manifestName string, imageSpec string) (string, error) {
var create bool
systemContext := &types.SystemContext{}
var list manifests.List
@@ -235,13 +235,13 @@ func (b *Builder) addManifest(ctx context.Context, manifestName string, imageSpe
} else {
_, list, err = manifests.LoadFromImage(b.store, listImage.ID)
if err != nil {
- return err
+ return "", err
}
}
names, err := util.ExpandNames([]string{manifestName}, "", systemContext, b.store)
if err != nil {
- return errors.Wrapf(err, "error encountered while expanding image name %q", manifestName)
+ return "", errors.Wrapf(err, "error encountered while expanding image name %q", manifestName)
}
ref, err := alltransports.ParseImageName(imageSpec)
@@ -249,13 +249,13 @@ func (b *Builder) addManifest(ctx context.Context, manifestName string, imageSpe
if ref, err = alltransports.ParseImageName(util.DefaultTransport + imageSpec); err != nil {
// check if the local image exists
if ref, _, err = util.FindImage(b.store, "", systemContext, imageSpec); err != nil {
- return err
+ return "", err
}
}
}
if _, err = list.Add(ctx, systemContext, ref, true); err != nil {
- return err
+ return "", err
}
var imageID string
if create {
@@ -263,10 +263,7 @@ func (b *Builder) addManifest(ctx context.Context, manifestName string, imageSpe
} else {
imageID, err = list.SaveToImage(b.store, listImage.ID, nil, "")
}
- if err == nil {
- fmt.Printf("%s\n", imageID)
- }
- return err
+ return imageID, err
}
// Commit writes the contents of the container, along with its updated
@@ -469,7 +466,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
dest = dest2
}
if options.IIDFile != "" {
- if err = ioutil.WriteFile(options.IIDFile, []byte(img.ID), 0644); err != nil {
+ if err = ioutil.WriteFile(options.IIDFile, []byte("sha256:"+img.ID), 0644); err != nil {
return imgID, nil, "", err
}
}
@@ -489,9 +486,12 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
}
if options.Manifest != "" {
- if err := b.addManifest(ctx, options.Manifest, imgID); err != nil {
+ manifestID, err := b.addManifest(ctx, options.Manifest, imgID)
+ if err != nil {
return imgID, nil, "", err
}
+ logrus.Debugf("added imgID %s to manifestID %s", imgID, manifestID)
+
}
return imgID, ref, manifestDigest, nil
}
diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod
index cccf42895..17469ad12 100644
--- a/vendor/github.com/containers/buildah/go.mod
+++ b/vendor/github.com/containers/buildah/go.mod
@@ -4,7 +4,7 @@ go 1.12
require (
github.com/containerd/containerd v1.4.1 // indirect
- github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784
+ github.com/containernetworking/cni v0.8.1
github.com/containers/common v0.33.1
github.com/containers/image/v5 v5.10.1
github.com/containers/ocicrypt v1.0.3
diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum
index bf796c496..cab904fcf 100644
--- a/vendor/github.com/containers/buildah/go.sum
+++ b/vendor/github.com/containers/buildah/go.sum
@@ -76,8 +76,8 @@ github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv
github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 h1:rqUVLD8I859xRgUx/WMC3v7QAFqbLKZbs+0kqYboRJc=
-github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
+github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI=
+github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
github.com/containers/common v0.33.1 h1:XpDiq8Cta8+u1s4kpYSEWdB140ZmqgyIXfWkLqKx3z0=
github.com/containers/common v0.33.1/go.mod h1:mjDo/NKeweL/onaspLhZ38WnHXaYmrELHclIdvSnYpY=
github.com/containers/image/v5 v5.9.0 h1:dRmUtcluQcmasNo3DpnRoZjfU0rOu1qZeL6wlDJr10Q=
diff --git a/vendor/github.com/containers/buildah/imagebuildah/executor.go b/vendor/github.com/containers/buildah/imagebuildah/executor.go
index a72e24eea..74ed9a42b 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go
@@ -115,6 +115,7 @@ type Executor struct {
imageInfoLock sync.Mutex
imageInfoCache map[string]imageTypeAndHistoryAndDiffIDs
fromOverride string
+ manifest string
}
type imageTypeAndHistoryAndDiffIDs struct {
@@ -231,6 +232,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod
logRusage: options.LogRusage,
imageInfoCache: make(map[string]imageTypeAndHistoryAndDiffIDs),
fromOverride: options.From,
+ manifest: options.Manifest,
}
if exec.err == nil {
exec.err = os.Stderr
@@ -679,7 +681,7 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image
}
logrus.Debugf("printing final image id %q", imageID)
if b.iidfile != "" {
- if err = ioutil.WriteFile(b.iidfile, []byte(imageID), 0644); err != nil {
+ if err = ioutil.WriteFile(b.iidfile, []byte("sha256:"+imageID), 0644); err != nil {
return imageID, ref, errors.Wrapf(err, "failed to write image ID to file %q", b.iidfile)
}
} else {
diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
index 9c15785bc..13631108e 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@@ -838,7 +838,7 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
// we need to call ib.Run() to correctly put the args together before
// determining if a cached layer with the same build args already exists
// and that is done in the if block below.
- if checkForLayers && s.builder.Args == nil {
+ if checkForLayers && len(s.builder.Args) == 0 {
cacheID, err = s.intermediateImageExists(ctx, node, addedContentSummary, s.stepRequiresLayer(step))
if err != nil {
return "", nil, errors.Wrap(err, "error checking if cached image exists from a previous build")
@@ -1276,6 +1276,7 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
MaxRetries: s.executor.maxPullPushRetries,
RetryDelay: s.executor.retryPullPushDelay,
HistoryTimestamp: s.executor.timestamp,
+ Manifest: s.executor.manifest,
}
imgID, _, manifestDigest, err := s.builder.Commit(ctx, imageRef, options)
if err != nil {
diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go
index 66c856884..8c7c1bbc0 100644
--- a/vendor/github.com/containers/buildah/run_linux.go
+++ b/vendor/github.com/containers/buildah/run_linux.go
@@ -2210,7 +2210,7 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions)
case IsolationOCI:
pidns := options.NamespaceOptions.Find(string(specs.PIDNamespace))
userns := options.NamespaceOptions.Find(string(specs.UserNamespace))
- if (pidns == nil || pidns.Host) && (userns != nil && !userns.Host) {
+ if (pidns != nil && pidns.Host) && (userns != nil && !userns.Host) {
return errors.Errorf("not allowed to mix host PID namespace with container user namespace")
}
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 719285112..3c5cc129c 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -70,7 +70,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr
github.com/containernetworking/plugins/pkg/utils/sysctl
github.com/containernetworking/plugins/plugins/ipam/host-local/backend
github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator
-# github.com/containers/buildah v1.19.3
+# github.com/containers/buildah v1.19.4
github.com/containers/buildah
github.com/containers/buildah/bind
github.com/containers/buildah/chroot