diff options
51 files changed, 818 insertions, 227 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 325c1dc69..6200592b4 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -660,18 +660,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, ) _ = cmd.RegisterFlagCompletionFunc(mountFlagName, AutocompleteMountFlag) - volumeDesciption := "Bind mount a volume into the container" - if registry.IsRemote() { - volumeDesciption = "Bind mount a volume into the container. Volume src will be on the server machine, not the client" - } - volumeFlagName := "volume" - createFlags.StringArrayVarP( - &cf.Volume, - volumeFlagName, "v", volumes(), - volumeDesciption, - ) - _ = cmd.RegisterFlagCompletionFunc(volumeFlagName, AutocompleteVolumeFlag) - volumesFromFlagName := "volumes-from" createFlags.StringArrayVar( &cf.VolumesFrom, @@ -865,4 +853,16 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, "PID namespace to use", ) _ = cmd.RegisterFlagCompletionFunc(pidFlagName, AutocompleteNamespace) + + volumeDesciption := "Bind mount a volume into the container" + if registry.IsRemote() { + volumeDesciption = "Bind mount a volume into the container. Volume source will be on the server machine, not the client" + } + volumeFlagName := "volume" + createFlags.StringArrayVarP( + &cf.Volume, + volumeFlagName, "v", volumes(), + volumeDesciption, + ) + _ = cmd.RegisterFlagCompletionFunc(volumeFlagName, AutocompleteVolumeFlag) } diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index 31d014dfe..642da0c83 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -11,6 +11,7 @@ import ( buildahDefine "github.com/containers/buildah/define" buildahCLI "github.com/containers/buildah/pkg/cli" "github.com/containers/buildah/pkg/parse" + buildahUtil "github.com/containers/buildah/pkg/util" "github.com/containers/common/pkg/auth" "github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/config" @@ -359,6 +360,12 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil } } + cleanTmpFile := false + flags.Authfile, cleanTmpFile = buildahUtil.MirrorToTempFileIfPathIsDescriptor(flags.Authfile) + if cleanTmpFile { + defer os.Remove(flags.Authfile) + } + args := make(map[string]string) if c.Flag("build-arg").Changed { for _, arg := range flags.BuildArg { diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index b3f84dcd8..7000c92c8 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -132,12 +132,7 @@ func create(cmd *cobra.Command, args []string) error { createOptions.Share = nil } else { // reassign certain optios for lbpod api, these need to be populated in spec - createOptions.InfraConmonPidFile = infraOptions.ConmonPIDFile - createOptions.InfraName = infraOptions.Name - createOptions.Hostname = infraOptions.Hostname - createOptions.Cpus = infraOptions.CPUS - createOptions.CpusetCpus = infraOptions.CPUSetCPUs - createOptions.Pid = infraOptions.PID + MapOptions() flags := cmd.Flags() infraOptions.Net, err = common.NetFlagsToNetOptions(nil, *flags, false) if err != nil { @@ -265,6 +260,10 @@ func create(cmd *cobra.Command, args []string) error { if err != nil { return err } + podSpec.Volumes = podSpec.InfraContainerSpec.Volumes + podSpec.ImageVolumes = podSpec.InfraContainerSpec.ImageVolumes + podSpec.OverlayVolumes = podSpec.InfraContainerSpec.OverlayVolumes + podSpec.Mounts = podSpec.InfraContainerSpec.Mounts } PodSpec := entities.PodSpec{PodSpecGen: *podSpec} response, err := registry.ContainerEngine().PodCreate(context.Background(), PodSpec) @@ -291,3 +290,13 @@ func replacePod(name string) error { } return removePods([]string{name}, rmOptions, false) } + +func MapOptions() { + createOptions.Cpus = infraOptions.CPUS + createOptions.CpusetCpus = infraOptions.CPUSetCPUs + createOptions.Hostname = infraOptions.Hostname + createOptions.InfraConmonPidFile = infraOptions.ConmonPIDFile + createOptions.InfraName = infraOptions.Name + createOptions.Pid = infraOptions.PID + createOptions.Volume = infraOptions.Volume +} diff --git a/cmd/podman/root.go b/cmd/podman/root.go index c798e6634..02e6dcd27 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -174,7 +174,11 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { } // Hard code TMPDIR functions to use /var/tmp, if user did not override if _, ok := os.LookupEnv("TMPDIR"); !ok { - os.Setenv("TMPDIR", "/var/tmp") + if tmpdir, err := cfg.ImageCopyTmpDir(); err != nil { + logrus.Warnf("failed to retrieve default tmp dir: %s", err.Error()) + } else { + os.Setenv("TMPDIR", tmpdir) + } } context := cmd.Root().LocalFlags().Lookup("context") diff --git a/contrib/tmpfile/podman.conf b/contrib/tmpfile/podman.conf index bd7dec5ce..729d1a549 100644 --- a/contrib/tmpfile/podman.conf +++ b/contrib/tmpfile/podman.conf @@ -3,5 +3,6 @@ x /tmp/podman-run-* x /tmp/containers-user-* x /tmp/run-*/libpod +D! /var/lib/containers/storage/tmp 0700 root root D! /run/podman 0700 root root D! /var/lib/cni/networks diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 21ca35eef..4f873248d 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -31,7 +31,7 @@ Run podman info with plain text response: $ podman info host: arch: amd64 - buildahVersion: 1.22.3 + buildahVersion: 1.23.0 cgroupControllers: [] cgroupManager: systemd cgroupVersion: v2 @@ -64,7 +64,7 @@ host: kernel: 5.13.13-200.fc34.x86_64 linkmode: dynamic logDriver: journald - memFree: 1351262208 + memFree: 1833385984 memTotal: 16401895424 ociRuntime: name: crun @@ -95,9 +95,9 @@ host: libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.0 - swapFree: 16818888704 + swapFree: 15687475200 swapTotal: 16886259712 - uptime: 33h 57m 32.85s (Approximately 1.38 days) + uptime: 47h 15m 9.91s (Approximately 1.96 days) plugins: log: - k8s-file @@ -109,24 +109,18 @@ plugins: volume: - local registries: - localhost:5000: - Blocked: false - Insecure: true - Location: localhost:5000 - MirrorByDigestOnly: false - Mirrors: null - Prefix: localhost:5000 search: - registry.fedoraproject.org - registry.access.redhat.com - docker.io + - quay.io store: configFile: /home/dwalsh/.config/containers/storage.conf containerStore: - number: 2 + number: 9 paused: 0 running: 1 - stopped: 1 + stopped: 8 graphDriverName: overlay graphOptions: {} graphRoot: /home/dwalsh/.local/share/containers/storage @@ -135,26 +129,27 @@ store: Native Overlay Diff: "true" Supports d_type: "true" Using metacopy: "false" + imageCopyTmpDir: /home/dwalsh/.local/share/containers/storage/tmp imageStore: - number: 37 + number: 5 runRoot: /run/user/3267/containers volumePath: /home/dwalsh/.local/share/containers/storage/volumes version: - APIVersion: 3.3.1 - Built: 1631137208 - BuiltTime: Wed Sep 8 17:40:08 2021 - GitCommit: ab272d1e9bf4daac224fb230e0c9b5c56c4cab4d-dirty + APIVersion: 4.0.0 + Built: 1631648722 + BuiltTime: Tue Sep 14 15:45:22 2021 + GitCommit: 23677f92dd83e96d2bc8f0acb611865fb8b1a56d GoVersion: go1.16.6 OsArch: linux/amd64 - Version: 3.3.1 + Version: 4.0.0 ``` Run podman info with JSON formatted response: ``` -$ ./bin/podman info --format json +$ podman info --format json { "host": { "arch": "amd64", - "buildahVersion": "1.22.3", + "buildahVersion": "1.23.0", "cgroupManager": "systemd", "cgroupVersion": "v2", "cgroupControllers": [], @@ -172,33 +167,33 @@ $ ./bin/podman info --format json "hostname": "localhost.localdomain", "idMappings": { "gidmap": [ - { - "container_id": 0, - "host_id": 3267, - "size": 1 - }, - { - "container_id": 1, - "host_id": 100000, - "size": 65536 - } + { + "container_id": 0, + "host_id": 3267, + "size": 1 + }, + { + "container_id": 1, + "host_id": 100000, + "size": 65536 + } ], "uidmap": [ - { - "container_id": 0, - "host_id": 3267, - "size": 1 - }, - { - "container_id": 1, - "host_id": 100000, - "size": 65536 - } + { + "container_id": 0, + "host_id": 3267, + "size": 1 + }, + { + "container_id": 1, + "host_id": 100000, + "size": 65536 + } ] }, "kernel": "5.13.13-200.fc34.x86_64", "logDriver": "journald", - "memFree": 1274040320, + "memFree": 1785753600, "memTotal": 16401895424, "ociRuntime": { "name": "crun", @@ -224,21 +219,22 @@ $ ./bin/podman info --format json "package": "slirp4netns-1.1.12-2.fc34.x86_64", "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" }, - "swapFree": 16818888704, + "swapFree": 15687475200, "swapTotal": 16886259712, - "uptime": "33h 59m 25.69s (Approximately 1.38 days)", + "uptime": "47h 17m 29.75s (Approximately 1.96 days)", "linkmode": "dynamic" }, "store": { "configFile": "/home/dwalsh/.config/containers/storage.conf", "containerStore": { - "number": 2, + "number": 9, "paused": 0, "running": 1, - "stopped": 1 + "stopped": 8 }, "graphDriverName": "overlay", "graphOptions": { + }, "graphRoot": "/home/dwalsh/.local/share/containers/storage", "graphStatus": { @@ -247,25 +243,19 @@ $ ./bin/podman info --format json "Supports d_type": "true", "Using metacopy": "false" }, + "imageCopyTmpDir": "/home/dwalsh/.local/share/containers/storage/tmp", "imageStore": { - "number": 37 + "number": 5 }, "runRoot": "/run/user/3267/containers", "volumePath": "/home/dwalsh/.local/share/containers/storage/volumes" }, "registries": { - "localhost:5000": { - "Prefix": "localhost:5000", - "Location": "localhost:5000", - "Insecure": true, - "Mirrors": null, - "Blocked": false, - "MirrorByDigestOnly": false -}, "search": [ "registry.fedoraproject.org", "registry.access.redhat.com", - "docker.io" + "docker.io", + "quay.io" ] }, "plugins": { @@ -283,12 +273,12 @@ $ ./bin/podman info --format json ] }, "version": { - "APIVersion": "3.3.1", - "Version": "3.3.1", + "APIVersion": "4.0.0", + "Version": "4.0.0", "GoVersion": "go1.16.6", - "GitCommit": "", - "BuiltTime": "Mon Aug 30 16:46:36 2021", - "Built": 1630356396, + "GitCommit": "23677f92dd83e96d2bc8f0acb611865fb8b1a56d", + "BuiltTime": "Tue Sep 14 15:45:22 2021", + "Built": 1631648722, "OsArch": "linux/amd64" } } diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index fc7d39754..bed94080a 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -200,6 +200,168 @@ Valid _mode_ values are: - *host*: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). - *keep-id*: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. +#### **--volume**, **-v**[=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] + +Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman +bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman +container. Similarly, `-v SOURCE-VOLUME:/CONTAINER-DIR` will mount the volume +in the host to the container. If no such named volume exists, Podman will +create one. The `OPTIONS` are a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup> (Note when using the remote client, the volumes will be mounted from the remote server, not necessarily the client machine.) + +The _options_ is a comma-separated list and can be: + +* **rw**|**ro** +* **z**|**Z** +* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** +* [**r**]**bind** +* [**no**]**exec** +* [**no**]**dev** +* [**no**]**suid** +* [**O**] +* [**U**] + +The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume +will be mounted into the container at this directory. + +Volumes may specify a source as well, as either a directory on the host +or the name of a named volume. If no source is given, the volume will be created as an +anonymously named volume with a randomly generated name, and will be removed when +the pod is removed via the `--rm` flag or `podman rm --volumes` commands. + +If a volume source is specified, it must be a path on the host or the name of a +named volume. Host paths are allowed to be absolute or relative; relative paths +are resolved relative to the directory Podman is run in. If the source does not +exist, Podman will return an error. Users must pre-create the source files or +directories. + +Any source that does not begin with a `.` or `/` will be treated as the name of +a named volume. If a volume with that name does not exist, it will be created. +Volumes created with names are not anonymous, and they are not removed by the `--rm` +option and the `podman rm --volumes` command. + +You can specify multiple **-v** options to mount one or more volumes into a +pod. + + `Write Protected Volume Mounts` + +You can add `:ro` or `:rw` suffix to a volume to mount it read-only or +read-write mode, respectively. By default, the volumes are mounted read-write. +See examples. + + `Chowning Volume Mounts` + +By default, Podman does not change the owner and group of source volume +directories mounted into containers. If a pod is created in a new user +namespace, the UID and GID in the container may correspond to another UID and +GID on the host. + +The `:U` suffix tells Podman to use the correct host UID and GID based on the +UID and GID within the pod, to change recursively the owner and group of +the source volume. + +**Warning** use with caution since this will modify the host filesystem. + + `Labeling Volume Mounts` + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a pod. Without a label, the security system might +prevent the processes running inside the pod from using the content. By +default, Podman does not change the labels set by the OS. + +To change a label in the pod context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Podman to relabel file +objects on the shared volumes. The `z` option tells Podman that two pods +share the volume content. As a result, Podman labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Podman to label the content with a private unshared label. +Only the current pod can use a private volume. + + `Overlay Volume Mounts` + + The `:O` flag tells Podman to mount the directory from the host as a +temporary storage using the `overlay file system`. The pod processes +can modify content within the mountpoint which is stored in the +container storage in a separate directory. In overlay terms, the source +directory will be the lower, and the container storage directory will be the +upper. Modifications to the mount point are destroyed when the pod +finishes executing, similar to a tmpfs mount point being unmounted. + + Subsequent executions of the container will see the original source directory +content, any changes from previous pod executions no longer exist. + + One use case of the overlay mount is sharing the package cache from the +host into the container to allow speeding up builds. + + Note: + + - The `O` flag conflicts with other options listed above. +Content mounted into the container is labeled with the private label. + On SELinux systems, labels in the source directory must be readable +by the infra container label. Usually containers can read/execute `container_share_t` +and can read/write `container_file_t`. If you cannot change the labels on a +source volume, SELinux container separation must be disabled for the infra container/pod +to work. + - The source directory mounted into the pod with an overlay mount +should not be modified, it can cause unexpected failures. It is recommended +that you do not modify the directory until the container finishes running. + + `Mounts propagation` + +By default bind mounted volumes are `private`. That means any mounts done +inside pod will not be visible on host and vice versa. One can change +this behavior by specifying a volume mount propagation property. Making a +volume `shared` mounts done under that volume inside pod will be +visible on host and vice versa. Making a volume `slave` enables only one +way mount propagation and that is mounts done on host under that volume +will be visible inside container but not the other way around. <sup>[[1]](#Footnote1)</sup> + +To control mount propagation property of a volume one can use the [**r**]**shared**, +[**r**]**slave**, [**r**]**private** or the [**r**]**unbindable** propagation flag. +Propagation property can be specified only for bind mounted volumes and not for +internal volumes or named volumes. For mount propagation to work the source mount +point (the mount point where source dir is mounted on) has to have the right propagation +properties. For shared volumes, the source mount point has to be shared. And for +slave volumes, the source mount point has to be either shared or slave. +<sup>[[1]](#Footnote1)</sup> + +If you want to recursively mount a volume and all of its submounts into a +pod, then you can use the `rbind` option. By default the bind option is +used, and submounts of the source directory will not be mounted into the +pod. + +Mounting the volume with the `nosuid` options means that SUID applications on +the volume will not be able to change their privilege. By default volumes +are mounted with `nosuid`. + +Mounting the volume with the noexec option means that no executables on the +volume will be able to executed within the pod. + +Mounting the volume with the nodev option means that no devices on the volume +will be able to be used by processes within the pod. By default volumes +are mounted with `nodev`. + +If the `<source-dir>` is a mount point, then "dev", "suid", and "exec" options are +ignored by the kernel. + +Use `df <source-dir>` to figure out the source mount and then use +`findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation +properties of source mount. If `findmnt` utility is not available, then one +can look at the mount entry for the source mount point in `/proc/self/mountinfo`. Look +at `optional fields` and see if any propagation properties are specified. +`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if +nothing is there that means mount is `private`. <sup>[[1]](#Footnote1)</sup> + +To change propagation properties of a mount point use `mount` command. For +example, if one wants to bind mount source directory `/foo` one can do +`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This +will convert /foo into a `shared` mount point. Alternatively one can directly +change propagation properties of source mount. Say `/` is source mount for +`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. + +Note: if the user only has access rights via a group, accessing the volume +from inside a rootless pod will fail. + + ## EXAMPLES ``` @@ -11,8 +11,8 @@ require ( github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9 github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 - github.com/containers/buildah v1.22.1-0.20210824095355-fc1e256f5051 - github.com/containers/common v0.44.0 + github.com/containers/buildah v1.23.0 + github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.0 github.com/containers/ocicrypt v1.1.2 @@ -244,15 +244,13 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV github.com/containernetworking/plugins v0.8.7/go.mod h1:R7lXeZaBzpfqapcAbHRW8/CYwm0dHzbz0XEjofx0uB0= github.com/containernetworking/plugins v0.9.1 h1:FD1tADPls2EEi3flPc2OegIY1M9pUa9r2Quag7HMLV8= github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= -github.com/containers/buildah v1.22.1-0.20210824095355-fc1e256f5051 h1:mG1L/+I+E2YRa8tfKCdVUCKsD6KrP7EOBJ1NurCE8Ng= -github.com/containers/buildah v1.22.1-0.20210824095355-fc1e256f5051/go.mod h1:g0AG9b/3oZqvDWW47yl9jTDMQXLHvEeZF4YymZ5j0Js= -github.com/containers/common v0.43.2/go.mod h1:BAoVyRYlxKZKAYpHcFMdrXlIZyzbJp9NwKTgadTd/Dg= -github.com/containers/common v0.44.0 h1:YpjfOxmWrnVyxugYgiWV1Vo/Xg8JUfe32QZz3SAMfUk= +github.com/containers/buildah v1.23.0 h1:qGIeSNOczUHzvnaaOS29HSMiYAjw6JgIXYksAyvqnLs= +github.com/containers/buildah v1.23.0/go.mod h1:K0iMKgy/MffkkgELBXhSXwTy2HTT6hM0X8qruDR1FwU= github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= +github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 h1:sXBzh8CcqR5cGGY9cM/AUIk58CJKHbyljVtFh8HYyLY= +github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= -github.com/containers/image/v5 v5.15.0/go.mod h1:gzdBcooi6AFdiqfzirUqv90hUyHyI0MMdaqKzACKr2s= -github.com/containers/image/v5 v5.15.2/go.mod h1:8jejVSzTDfyPwr/HXp9rri34n/vbdavYk6IzTiB3TBw= github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI= github.com/containers/image/v5 v5.16.0/go.mod h1:XgTpfAPLRGOd1XYyCU5cISFr777bLmOerCSpt/v7+Q4= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= @@ -265,9 +263,6 @@ github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B github.com/containers/psgo v1.6.0 h1:jkl/5kndKmJ/bnSFq8in6xRDAzgW26GnNuTxoycNFvk= github.com/containers/psgo v1.6.0/go.mod h1:ggVhB2KQi9qGZdqSlczqN0BwcJdotmpRru87S1anRO8= github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM= -github.com/containers/storage v1.33.0/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY= -github.com/containers/storage v1.34.0/go.mod h1:t6I+hTgPU0/tVxQ75vw406wDi/TXwYBqZp4QZV9N7b8= -github.com/containers/storage v1.34.1/go.mod h1:FY2TcbfgCLMU4lYoKnlZeZXeH353TOTbpDEA+sAcqAY= github.com/containers/storage v1.35.0/go.mod h1:qzYhasQP2/V9D9XdO+vRwkHBhsBO0oznMLzzRDQ8s20= github.com/containers/storage v1.36.0 h1:OelxllCW19tnNngYuZw2ty/zLabVMG5rSs3KSwO1Lzc= github.com/containers/storage v1.36.0/go.mod h1:vbd3SKVQNHdmU5qQI6hTEcKPxnZkGqydG4f6uwrI5a8= @@ -326,7 +321,6 @@ github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TT github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.8+incompatible h1:RVqD337BgQicVCzYrrlhLDWhq6OAD2PJDUg2LsEUvKM= github.com/docker/docker v20.10.8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= @@ -593,8 +587,6 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.11.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.5 h1:9O69jUPDcsT9fEm74W92rZL9FQY7rCdaXVneq+yyzl4= github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= @@ -728,7 +720,6 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c= github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -739,8 +730,6 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.2-0.20210730191737-8e42a01fb1b7/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2-0.20210819154149-5ad6f50d6283 h1:TVzvdjOalkJBNkbpPVMAr4KV9QRf2IjfxdyxwAK78Gs= github.com/opencontainers/image-spec v1.0.2-0.20210819154149-5ad6f50d6283/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= @@ -767,7 +756,6 @@ github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwy github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= -github.com/opencontainers/selinux v1.8.3/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= github.com/opencontainers/selinux v1.8.4/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= github.com/opencontainers/selinux v1.8.5 h1:OkT6bMHOQ1JQQO4ihjQ49sj0+wciDcjziSVTRn8VeTA= github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= @@ -923,7 +911,6 @@ github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlI github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vbauerster/mpb/v6 v6.0.4 h1:h6J5zM/2wimP5Hj00unQuV8qbo5EPcj6wbkCqgj7KcY= github.com/vbauerster/mpb/v6 v6.0.4/go.mod h1:a/+JT57gqh6Du0Ay5jSR+uBMfXGdlR7VQlGP52fJxLM= -github.com/vbauerster/mpb/v7 v7.0.3/go.mod h1:NXGsfPGx6G2JssqvEcULtDqUrxuuYs4llpv8W6ZUpzk= github.com/vbauerster/mpb/v7 v7.1.3/go.mod h1:X5GlohZw2fIpypMXWaKart+HGSAjpz49skxkDk+ZL7c= github.com/vbauerster/mpb/v7 v7.1.4 h1:XGWpWEB8aWnvqSlAMA7F7kdeUGqcTujuVFvYj9+59Ww= github.com/vbauerster/mpb/v7 v7.1.4/go.mod h1:4zulrZfvshMOnd2APiHgWS9Yrw08AzZVRr9G11tkpcQ= diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 2ef4532cd..530160b2d 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -92,7 +92,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver } namedVolumes, mounts := c.sortUserVolumes(ctrSpec) - inspectMounts, err := c.getInspectMounts(namedVolumes, c.config.ImageVolumes, mounts) + inspectMounts, err := c.GetInspectMounts(namedVolumes, c.config.ImageVolumes, mounts) if err != nil { return nil, err } @@ -194,7 +194,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver // Get inspect-formatted mounts list. // Only includes user-specified mounts. Only includes bind mounts and named // volumes, not tmpfs volumes. -func (c *Container) getInspectMounts(namedVolumes []*ContainerNamedVolume, imageVolumes []*ContainerImageVolume, mounts []spec.Mount) ([]define.InspectMount, error) { +func (c *Container) GetInspectMounts(namedVolumes []*ContainerNamedVolume, imageVolumes []*ContainerImageVolume, mounts []spec.Mount) ([]define.InspectMount, error) { inspectMounts := []define.InspectMount{} // No mounts, return early diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index ae029dc62..4194a0d93 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2490,9 +2490,6 @@ func (c *Container) getOCICgroupPath() (string, error) { case c.config.NoCgroups: return "", nil case c.config.CgroupsMode == cgroupSplit: - if c.config.CgroupParent != "" { - return c.config.CgroupParent, nil - } selfCgroup, err := utils.GetOwnCgroup() if err != nil { return "", err diff --git a/libpod/define/info.go b/libpod/define/info.go index f4aa0031c..61f2f4c75 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -108,6 +108,7 @@ type StoreInfo struct { GraphOptions map[string]interface{} `json:"graphOptions"` GraphRoot string `json:"graphRoot"` GraphStatus map[string]string `json:"graphStatus"` + ImageCopyTmpDir string `json:"imageCopyTmpDir"` ImageStore ImageStore `json:"imageStore"` RunRoot string `json:"runRoot"` VolumePath string `json:"volumePath"` diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go index f91fd198d..b7a6e76b5 100644 --- a/libpod/define/pod_inspect.go +++ b/libpod/define/pod_inspect.go @@ -57,6 +57,8 @@ type InspectPodData struct { CPUQuota int64 `json:"cpu_quota,omitempty"` // CPUSetCPUs contains linux specific CPU data for the pod CPUSetCPUs string `json:"cpuset_cpus,omitempty"` + // Mounts contains volume related information for the pod + Mounts []InspectMount `json:"mounts,omitempty"` } // InspectPodInfraConfig contains the configuration of the pod's infra diff --git a/libpod/info.go b/libpod/info.go index 2eba4bbff..7b60ee46f 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -288,6 +288,7 @@ func (r *Runtime) storeInfo() (*define.StoreInfo, error) { info := define.StoreInfo{ ImageStore: imageInfo, + ImageCopyTmpDir: os.Getenv("TMPDIR"), ContainerStore: conInfo, GraphRoot: r.store.GraphRoot(), RunRoot: r.store.RunRoot(), diff --git a/libpod/pod_api.go b/libpod/pod_api.go index 5f4d983b9..4e0acf950 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -582,6 +582,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { // Infra config contains detailed information on the pod's infra // container. var infraConfig *define.InspectPodInfraConfig + var inspectMounts []define.InspectMount if p.state.InfraContainerID != "" { infra, err := p.runtime.GetContainer(p.state.InfraContainerID) if err != nil { @@ -597,6 +598,11 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus infraConfig.PidNS = p.PidMode() infraConfig.UserNS = p.UserNSMode() + namedVolumes, mounts := infra.sortUserVolumes(infra.Config().Spec) + inspectMounts, err = infra.GetInspectMounts(namedVolumes, infra.config.ImageVolumes, mounts) + if err != nil { + return nil, err + } if len(infra.Config().ContainerNetworkConfig.DNSServer) > 0 { infraConfig.DNSServer = make([]string, 0, len(infra.Config().ContainerNetworkConfig.DNSServer)) @@ -645,6 +651,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { CPUSetCPUs: p.ResourceLim().CPU.Cpus, CPUPeriod: p.CPUPeriod(), CPUQuota: p.CPUQuota(), + Mounts: inspectMounts, } return &inspectData, nil diff --git a/pkg/api/handlers/libpod/pods.go b/pkg/api/handlers/libpod/pods.go index cc686c69d..1f03e121e 100644 --- a/pkg/api/handlers/libpod/pods.go +++ b/pkg/api/handlers/libpod/pods.go @@ -52,13 +52,11 @@ func PodCreate(w http.ResponseWriter, r *http.Request) { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to decode specgen")) return } - tempSpec := &specgen.SpecGenerator{} // temporary spec since infra cannot be decoded into - err = json.Unmarshal(out, tempSpec) // unmarhal matching options + err = json.Unmarshal(out, psg.InfraContainerSpec) // unmarhal matching options if err != nil { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to decode specgen")) return } - psg.InfraContainerSpec = tempSpec // set infra spec equal to temp // a few extra that do not have the same json tags psg.InfraContainerSpec.Name = psg.InfraName psg.InfraContainerSpec.ConmonPidFile = psg.InfraConmonPidFile diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go index d9dd0c532..a74725c63 100644 --- a/pkg/domain/entities/pods.go +++ b/pkg/domain/entities/pods.go @@ -131,6 +131,7 @@ type PodCreateOptions struct { Cpus float64 CpusetCpus string Userns specgen.Namespace + Volume []string } // PodLogsOptions describes the options to extract pod logs. diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index fbb229e1c..91230338e 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -28,15 +28,27 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener return nil, nil, nil, err } - // If joining a pod, retrieve the pod for use. + // If joining a pod, retrieve the pod for use, and its infra container var pod *libpod.Pod + var cont *libpod.Container + var config *libpod.ContainerConfig if s.Pod != "" { pod, err = rt.LookupPod(s.Pod) if err != nil { return nil, nil, nil, errors.Wrapf(err, "error retrieving pod %s", s.Pod) } + if pod.HasInfraContainer() { + cont, err = pod.InfraContainer() + if err != nil { + return nil, nil, nil, err + } + config = cont.Config() + } } + if config != nil && (len(config.NamedVolumes) > 0 || len(config.UserVolumes) > 0 || len(config.ImageVolumes) > 0 || len(config.OverlayVolumes) > 0) { + s.VolumesFrom = append(s.VolumesFrom, config.ID) + } // Set defaults for unset namespaces if s.PidNS.IsDefault() { defaultNS, err := GetDefaultNamespaceMode("pid", rtc, pod) diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go index 8872a1321..5f72fc47d 100644 --- a/pkg/specgen/podspecgen.go +++ b/pkg/specgen/podspecgen.go @@ -72,6 +72,22 @@ type PodBasicConfig struct { // Any containers created within the pod will inherit the pod's userns settings. // Optional Userns Namespace `json:"userns,omitempty"` + // Mounts are mounts that will be added to the pod. + // These will supersede Image Volumes and VolumesFrom (WIP) volumes where + // there are conflicts. + // Optional. + Mounts []spec.Mount `json:"mounts,omitempty"` + // Volumes are named volumes that will be added to the pod. + // These will supersede Image Volumes and VolumesFrom (WIP) volumes where + // there are conflicts. + // Optional. + Volumes []*NamedVolume `json:"volumes,omitempty"` + // Overlay volumes are named volumes that will be added to the pod. + // Optional. + OverlayVolumes []*OverlayVolume `json:"overlay_volumes,omitempty"` + // Image volumes bind-mount a container-image mount into the pod's infra container. + // Optional. + ImageVolumes []*ImageVolume `json:"image_volumes,omitempty"` } // PodNetworkConfig contains networking configuration for a pod. diff --git a/test/buildah-bud/buildah-tests.diff b/test/buildah-bud/buildah-tests.diff index bb28e11c9..87923484f 100644 --- a/test/buildah-bud/buildah-tests.diff +++ b/test/buildah-bud/buildah-tests.diff @@ -70,7 +70,7 @@ index 166316d5..775d7c9b 100644 + local podman_or_buildah=${BUILDAH_BINARY} + local _opts="${ROOTDIR_OPTS} ${BUILDAH_REGISTRY_OPTS}" -+ if [[ $1 == "bud" || $1 == "build-using-dockerfile" ]]; then ++ if [[ $1 == "build" || $1 == "build-using-dockerfile" ]]; then + shift + # podman defaults to --layers=true; buildah to --false. + # If command line includes explicit --layers, leave it untouched, diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 08fc4e6cc..f5e85e723 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -397,4 +397,51 @@ var _ = Describe("Podman run", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(Equal(profile)) }) + + It("podman info image_copy_tmp_dir", func() { + session := podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal("/var/tmp")) + + configPath := filepath.Join(podmanTest.TempDir, "containers.conf") + os.Setenv("CONTAINERS_CONF", configPath) + + containersConf := []byte(fmt.Sprintf("[engine]\nimage_copy_tmp_dir=\"/foobar\"")) + err = ioutil.WriteFile(configPath, containersConf, os.ModePerm) + Expect(err).To(BeNil()) + + if IsRemote() { + podmanTest.RestartRemoteService() + } + + session = podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal("/foobar")) + + containersConf = []byte(fmt.Sprintf("[engine]\nimage_copy_tmp_dir=\"storage\"")) + err = ioutil.WriteFile(configPath, containersConf, os.ModePerm) + Expect(err).To(BeNil()) + if IsRemote() { + podmanTest.RestartRemoteService() + } + + session = podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.LineInOutputContains("containers/storage/tmp")).To(BeTrue()) + + containersConf = []byte(fmt.Sprintf("[engine]\nimage_copy_tmp_dir=\"storage1\"")) + err = ioutil.WriteFile(configPath, containersConf, os.ModePerm) + Expect(err).To(BeNil()) + if IsRemote() { + podmanTest.RestartRemoteService() + } + + session = podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.ErrorToString()).To(ContainSubstring("invalid image_copy_tmp_dir")) + }) }) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 7297bfc6e..7d40d36dd 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -850,4 +850,38 @@ ENTRYPOINT ["sleep","99999"] Expect(ok).To(BeTrue()) }) + It("podman pod create --volume", func() { + volName := "testVol" + volCreate := podmanTest.Podman([]string{"volume", "create", volName}) + volCreate.WaitWithDefaultTimeout() + Expect(volCreate).Should(Exit(0)) + podName := "testPod" + podCreate := podmanTest.Podman([]string{"pod", "create", "--volume", volName + ":/tmp1", "--name", podName}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate).Should(Exit(0)) + podInspect := podmanTest.Podman([]string{"pod", "inspect", podName}) + podInspect.WaitWithDefaultTimeout() + Expect(podInspect).Should(Exit(0)) + data := podInspect.InspectPodToJSON() + Expect(data.Mounts[0].Name).To(Equal(volName)) + ctrName := "testCtr" + ctrCreate := podmanTest.Podman([]string{"create", "--pod", podName, "--name", ctrName, ALPINE}) + ctrCreate.WaitWithDefaultTimeout() + Expect(ctrCreate).Should(Exit(0)) + ctrInspect := podmanTest.Podman([]string{"inspect", ctrName}) + ctrInspect.WaitWithDefaultTimeout() + Expect(ctrInspect).Should(Exit(0)) + ctrData := ctrInspect.InspectContainerToJSON() + Expect(ctrData[0].Mounts[0].Name).To(Equal(volName)) + + ctr2 := podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "sh", "-c", "echo hello >> " + "/tmp1/test"}) + ctr2.WaitWithDefaultTimeout() + Expect(ctr2).Should(Exit(0)) + + ctr3 := podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/tmp1/test"}) + ctr3.WaitWithDefaultTimeout() + Expect(ctr3.OutputToString()).To(ContainSubstring("hello")) + + }) + }) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index cb61aba21..ec4b0d997 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1296,31 +1296,42 @@ USER mail`, BB) SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") SkipIfRemote("--cgroups=split cannot be used in remote mode") - container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) - container.WaitWithDefaultTimeout() - Expect(container).Should(Exit(0)) - lines := container.OutputToStringArray() - - cgroup := "" - for _, line := range lines { - parts := strings.SplitN(line, ":", 3) - if !CGROUPSV2 { - // ignore unified on cgroup v1. - // both runc and crun do not set it. - // crun does not set named hierarchies. - if parts[1] == "" || strings.Contains(parts[1], "name=") { + checkLines := func(lines []string) { + cgroup := "" + for _, line := range lines { + parts := strings.SplitN(line, ":", 3) + if len(parts) < 2 { continue } + if !CGROUPSV2 { + // ignore unified on cgroup v1. + // both runc and crun do not set it. + // crun does not set named hierarchies. + if parts[1] == "" || strings.Contains(parts[1], "name=") { + continue + } + } + if parts[2] == "/" { + continue + } + if cgroup == "" { + cgroup = parts[2] + continue + } + Expect(cgroup).To(Equal(parts[2])) } - if parts[2] == "/" { - continue - } - if cgroup == "" { - cgroup = parts[2] - continue - } - Expect(cgroup).To(Equal(parts[2])) } + + container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) + container.WaitWithDefaultTimeout() + Expect(container).Should(Exit(0)) + checkLines(container.OutputToStringArray()) + + // check that --cgroups=split is honored also when a container runs in a pod + container = podmanTest.Podman([]string{"run", "--rm", "--pod", "new:split-test-pod", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) + container.WaitWithDefaultTimeout() + Expect(container).Should(Exit(0)) + checkLines(container.OutputToStringArray()) }) It("podman run with cgroups=disabled runs without cgroups", func() { diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 47db08eb1..03c7984e2 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -464,7 +464,7 @@ Labels.$label_name | $label_value local -a files=( -test1 -test1.txt test2 test2.txt - subdir/sub1 subdir/sub1.txt + -subdir/sub1 -subdir/sub1.txt -subdir/sub2 -subdir/sub2.txt this-file-does-not-match-anything-in-ignore-file comment diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml index 2c91a6eee..c9629b9a3 100644 --- a/vendor/github.com/containers/buildah/.cirrus.yml +++ b/vendor/github.com/containers/buildah/.cirrus.yml @@ -139,7 +139,7 @@ unit_task: - smoke - vendor - timeout_in: 50m + timeout_in: 1h matrix: - env: @@ -177,7 +177,7 @@ conformance_task: conformance_test_script: '${SCRIPT_BASE}/test.sh conformance |& ${_TIMESTAMP}' -# Confirm cross-compile ALL archetectures on a Mac OS-X VM. +# Confirm cross-compile ALL architectures on a Mac OS-X VM. cross_build_task: name: "Cross Compile" alias: cross_build @@ -186,13 +186,14 @@ cross_build_task: - unit osx_instance: - image: 'catalina-base' + image: 'big-sur-base' script: - brew update - brew install go - brew install go-md2man - brew install gpgme + - go version - make cross CGO_ENABLED=0 binary_artifacts: diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index 9dc7a3d72..1864a4564 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -2,6 +2,64 @@ # Changelog +## v1.23.0 (2021-09-13) + + Vendor in containers/common v0.44.0 + build(deps): bump github.com/containers/storage from 1.35.0 to 1.36.0 + Update 05-openshift-rootless-build.md + build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 + .cirrus.yml: run cross_build_task on Big Sur + Makefile: update cross targets + Add support for rootless overlay mounts + Cirrus: Increase unit-test timeout + Docs: Clarify rmi w/ manifest/index use + build: mirror --authfile to filesystem if pointing to FD instead of file + Fix build with .git url with branch + manifest: rm should remove only manifests not referenced images. + vendor: bump c/common to v0.43.3-0.20210902095222-a7acc160fb25 + Avoid rehashing and noop compression writer + corrected man page section; .conf file to mention its man page + copy: add --max-parallel-downloads to tune that copy option + copier.Get(): try to avoid descending into directories + tag: Support tagging manifest list instead of resolving to images + Install new manpages to correct sections + conformance: tighten up exception specifications + Add support for libsubid + Add epoch time field to buildah images + Fix ownership of /home/build/.local/share/containers + build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.0 + Rename bud to build, while keeping an alias for to bud. + Replace golang.org/x/crypto/ssh/terminal with golang.org/x/term + build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 + build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0 + build(deps): bump github.com/fsouza/go-dockerclient from 1.7.3 to 1.7.4 + build(deps): bump github.com/containers/common from 0.43.1 to 0.43.2 + Move DiscoverContainerfile to pkg/util directory + build(deps): bump github.com/containers/image/v5 from 5.15.1 to 5.15.2 + Remove some references to Docker + build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.15.1 + imagebuildah: handle --manifest directly + build(deps): bump github.com/containers/common from 0.42.1 to 0.43.1 + build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 + executor: make sure imageMap is updated with terminatedStage + tests/serve/serve.go: use a kernel-assigned port + Bump go for vendor-in-container from 1.13 to 1.16 + imagebuildah: move multiple-platform building internal + Adds GenerateStructure helper function to support rootfs-overlay. + Run codespell to fix spelling + Implement SSH RUN mount + build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0 + Fix resolv.conf content with run --net=private + run: fix nil deref using the option's logger + build(deps): bump github.com/containerd/containerd from 1.5.1 to 1.5.5 + make vendor-in-container + bud: teach --platform to take a list + set base-image annotations + build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 + [CI:DOCS] Fix CHANGELOG.md + Bump to v1.23.0-dev [NO TESTS NEEDED] + Accept repositories on login/logout + ## v1.22.0 (2021-08-02) c/image, c/storage, c/common vendor before Podman 3.3 release WIP: tests: new assert() diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile index b21e9deb8..27e4ade6d 100644 --- a/vendor/github.com/containers/buildah/Makefile +++ b/vendor/github.com/containers/buildah/Makefile @@ -1,7 +1,7 @@ export GOPROXY=https://proxy.golang.org APPARMORTAG := $(shell hack/apparmor_tag.sh) -STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./libdm_tag.sh) +STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./libdm_tag.sh) $(shell ./hack/libsubid_tag.sh) SECURITYTAGS ?= seccomp $(APPARMORTAG) TAGS ?= $(SECURITYTAGS) $(STORAGETAGS) BUILDTAGS += $(TAGS) @@ -70,8 +70,11 @@ bin/buildah: $(SOURCES) cmd/buildah/*.go .PHONY: buildah buildah: bin/buildah +LINUX_CROSS_TARGETS = $(addprefix bin/buildah.,$(subst /,.,$(shell $(GO) tool dist list | grep ^linux/))) +DARWIN_CROSS_TARGETS = $(addprefix bin/buildah.,$(subst /,.,$(shell $(GO) tool dist list | grep ^darwin/))) +WINDOWS_CROSS_TARGETS = $(addsuffix .exe,$(addprefix bin/buildah.,$(subst /,.,$(shell $(GO) tool dist list | grep ^windows/)))) .PHONY: cross -cross: bin/buildah.darwin.amd64 bin/buildah.linux.386 bin/buildah.linux.amd64 bin/buildah.linux.arm64 bin/buildah.linux.arm bin/buildah.linux.mips64 bin/buildah.linux.mips64le bin/buildah.linux.mips bin/buildah.linux.mipsle bin/buildah.linux.ppc64 bin/buildah.linux.ppc64le bin/buildah.linux.riscv64 bin/buildah.linux.s390x bin/buildah.windows.amd64.exe +cross: $(LINUX_CROSS_TARGETS) $(DARWIN_CROSS_TARGETS) $(WINDOWS_CROSS_TARGETS) bin/buildah.%: mkdir -p ./bin diff --git a/vendor/github.com/containers/buildah/README.md b/vendor/github.com/containers/buildah/README.md index 0c275e4a9..95c8a9a7b 100644 --- a/vendor/github.com/containers/buildah/README.md +++ b/vendor/github.com/containers/buildah/README.md @@ -104,7 +104,7 @@ $ sudo ./lighttpd.sh | Command | Description | | ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | | [buildah-add(1)](/docs/buildah-add.md) | Add the contents of a file, URL, or a directory to the container. | -| [buildah-bud(1)](/docs/buildah-bud.md) | Build an image using instructions from Dockerfiles. | +| [buildah-build(1)](/docs/buildah-build.md) | Build an image using instructions from Containerfiles or Dockerfiles. | | [buildah-commit(1)](/docs/buildah-commit.md) | Create an image from a working container. | | [buildah-config(1)](/docs/buildah-config.md) | Update image configuration settings. | | [buildah-containers(1)](/docs/buildah-containers.md) | List the working containers and their base images. | diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go index ae10cdae0..f760d2527 100644 --- a/vendor/github.com/containers/buildah/buildah.go +++ b/vendor/github.com/containers/buildah/buildah.go @@ -245,7 +245,7 @@ func GetBuildInfo(b *Builder) BuilderInfo { } } -// CommonBuildOptions are resources that can be defined by flags for both buildah from and build-using-dockerfile +// CommonBuildOptions are resources that can be defined by flags for both buildah from and build type CommonBuildOptions = define.CommonBuildOptions // BuilderOptions are used to initialize a new Builder. diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index 6755535b1..24a101016 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,3 +1,60 @@ +- Changelog for v1.23.0 (2021-09-13) + * Vendor in containers/common v0.44.0 + * build(deps): bump github.com/containers/storage from 1.35.0 to 1.36.0 + * Update 05-openshift-rootless-build.md + * build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 + * .cirrus.yml: run cross_build_task on Big Sur + * Makefile: update cross targets + * Add support for rootless overlay mounts + * Cirrus: Increase unit-test timeout + * Docs: Clarify rmi w/ manifest/index use + * build: mirror --authfile to filesystem if pointing to FD instead of file + * Fix build with .git url with branch + * manifest: rm should remove only manifests not referenced images. + * vendor: bump c/common to v0.43.3-0.20210902095222-a7acc160fb25 + * Avoid rehashing and noop compression writer + * corrected man page section; .conf file to mention its man page + * copy: add --max-parallel-downloads to tune that copy option + * copier.Get(): try to avoid descending into directories + * tag: Support tagging manifest list instead of resolving to images + * Install new manpages to correct sections + * conformance: tighten up exception specifications + * Add support for libsubid + * Add epoch time field to buildah images + * Fix ownership of /home/build/.local/share/containers + * build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.0 + * Rename bud to build, while keeping an alias for to bud. + * Replace golang.org/x/crypto/ssh/terminal with golang.org/x/term + * build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 + * build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0 + * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.3 to 1.7.4 + * build(deps): bump github.com/containers/common from 0.43.1 to 0.43.2 + * Move DiscoverContainerfile to pkg/util directory + * build(deps): bump github.com/containers/image/v5 from 5.15.1 to 5.15.2 + * Remove some references to Docker + * build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.15.1 + * imagebuildah: handle --manifest directly + * build(deps): bump github.com/containers/common from 0.42.1 to 0.43.1 + * build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 + * executor: make sure imageMap is updated with terminatedStage + * tests/serve/serve.go: use a kernel-assigned port + * Bump go for vendor-in-container from 1.13 to 1.16 + * imagebuildah: move multiple-platform building internal + * Adds GenerateStructure helper function to support rootfs-overlay. + * Run codespell to fix spelling + * Implement SSH RUN mount + * build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0 + * Fix resolv.conf content with run --net=private + * run: fix nil deref using the option's logger + * build(deps): bump github.com/containerd/containerd from 1.5.1 to 1.5.5 + * make vendor-in-container + * bud: teach --platform to take a list + * set base-image annotations + * build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 + * [CI:DOCS] Fix CHANGELOG.md + * Bump to v1.23.0-dev [NO TESTS NEEDED] + * Accept repositories on login/logout + - Changelog for v1.22.0 (2021-08-02) * c/image, c/storage, c/common vendor before Podman 3.3 release * WIP: tests: new assert() diff --git a/vendor/github.com/containers/buildah/chroot/run.go b/vendor/github.com/containers/buildah/chroot/run.go index 591003568..e6f28e81a 100644 --- a/vendor/github.com/containers/buildah/chroot/run.go +++ b/vendor/github.com/containers/buildah/chroot/run.go @@ -31,8 +31,8 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/syndtr/gocapability/capability" - "golang.org/x/crypto/ssh/terminal" "golang.org/x/sys/unix" + "golang.org/x/term" ) const ( @@ -138,13 +138,13 @@ func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reade // Set our terminal's mode to raw, to pass handling of special // terminal input to the terminal in the container. - if spec.Process.Terminal && terminal.IsTerminal(unix.Stdin) { - state, err := terminal.MakeRaw(unix.Stdin) + if spec.Process.Terminal && term.IsTerminal(unix.Stdin) { + state, err := term.MakeRaw(unix.Stdin) if err != nil { logrus.Warnf("error setting terminal state: %v", err) } else { defer func() { - if err = terminal.Restore(unix.Stdin, state); err != nil { + if err = term.Restore(unix.Stdin, state); err != nil { logrus.Errorf("unable to restore terminal state: %v", err) } }() @@ -275,7 +275,7 @@ func runUsingChrootMain() { winsize.Row = uint16(options.Spec.Process.ConsoleSize.Height) winsize.Col = uint16(options.Spec.Process.ConsoleSize.Width) } else { - if terminal.IsTerminal(unix.Stdin) { + if term.IsTerminal(unix.Stdin) { // Use the size of our terminal. winsize, err = unix.IoctlGetWinsize(unix.Stdin, unix.TIOCGWINSZ) if err != nil { diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go index a2cc6c97c..1823e5238 100644 --- a/vendor/github.com/containers/buildah/copier/copier.go +++ b/vendor/github.com/containers/buildah/copier/copier.go @@ -1211,13 +1211,42 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa // skip the "." entry return nil } - _, skip, err := pathIsExcluded(req.Root, path, pm) + skippedPath, skip, err := pathIsExcluded(req.Root, path, pm) if err != nil { return err } if skip { - // don't use filepath.SkipDir - // here, since a more specific + if info.IsDir() { + // if there are no "include + // this anyway" patterns at + // all, we don't need to + // descend into this particular + // directory if it's a directory + if !pm.Exclusions() { + return filepath.SkipDir + } + // if there are exclusion + // patterns for which this + // path is a prefix, we + // need to keep descending + for _, pattern := range pm.Patterns() { + if !pattern.Exclusion() { + continue + } + spec := strings.Trim(pattern.String(), string(os.PathSeparator)) + trimmedPath := strings.Trim(skippedPath, string(os.PathSeparator)) + if strings.HasPrefix(spec+string(os.PathSeparator), trimmedPath) { + // we can't just skip over + // this directory + return nil + } + } + // there are exclusions, but + // none of them apply here + return filepath.SkipDir + } + // skip this item, but if we're + // a directory, a more specific // but-include-this for // something under it might // also be in the excludes list diff --git a/vendor/github.com/containers/buildah/define/build.go b/vendor/github.com/containers/buildah/define/build.go index 1fdad2e0e..cff9a3d83 100644 --- a/vendor/github.com/containers/buildah/define/build.go +++ b/vendor/github.com/containers/buildah/define/build.go @@ -10,7 +10,7 @@ import ( "golang.org/x/sync/semaphore" ) -// CommonBuildOptions are resources that can be defined by flags for both buildah from and build-using-dockerfile +// CommonBuildOptions are resources that can be defined by flags for both buildah from and build type CommonBuildOptions struct { // AddHost is the list of hostnames to add to the build container's /etc/hosts. AddHost []string diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go index c180c327f..fc56aeef8 100644 --- a/vendor/github.com/containers/buildah/define/types.go +++ b/vendor/github.com/containers/buildah/define/types.go @@ -6,6 +6,7 @@ import ( "fmt" "io/ioutil" "net/http" + urlpkg "net/url" "os" "os/exec" "path" @@ -28,7 +29,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.23.0-dev" + Version = "1.23.0" // DefaultRuntime if containers.conf fails. DefaultRuntime = "runc" @@ -111,7 +112,11 @@ func TempDirForURL(dir, prefix, url string) (name string, subdir string, err err if err != nil { return "", "", errors.Wrapf(err, "error creating temporary directory for %q", url) } - if strings.HasPrefix(url, "git://") || strings.HasSuffix(url, ".git") { + urlParsed, err := urlpkg.Parse(url) + if err != nil { + return "", "", errors.Wrapf(err, "error parsing url %q", url) + } + if strings.HasPrefix(url, "git://") || strings.HasSuffix(urlParsed.Path, ".git") { err = cloneToDirectory(url, name) if err != nil { if err2 := os.RemoveAll(name); err2 != nil { @@ -156,9 +161,6 @@ func TempDirForURL(dir, prefix, url string) (name string, subdir string, err err } func cloneToDirectory(url, dir string) error { - if !strings.HasPrefix(url, "git://") && !strings.HasSuffix(url, ".git") { - url = "git://" + url - } gitBranch := strings.Split(url, "#") var cmd *exec.Cmd if len(gitBranch) < 2 { diff --git a/vendor/github.com/containers/buildah/developmentplan.md b/vendor/github.com/containers/buildah/developmentplan.md index 72e667ac3..7d82c2e6d 100644 --- a/vendor/github.com/containers/buildah/developmentplan.md +++ b/vendor/github.com/containers/buildah/developmentplan.md @@ -6,8 +6,8 @@ * Integration into Kubernetes and potentially other tools. The biggest requirement for this is to be able run Buildah within a standard linux container without SYS_ADMIN privileges. This would allow Buildah to run non-privileged containers inside of Kubernetes, so you could distribute your container workloads. - * Integration with User Namespace, Podman has this already and the goal is to get `buildah bud` and `buildah run` to be able to run its containers in a usernamespace to give the builder better security isolation from the host. + * Integration with User Namespace, Podman has this already and the goal is to get `buildah build` and `buildah run` to be able to run its containers in a usernamespace to give the builder better security isolation from the host. - * Buildah `buildah bud` command's goal is to have feature parity with other OCI image and container build systems. + * Buildah `buildah build` command's goal is to have feature parity with other OCI image and container build systems. * Addressing issues from the community as reported in the [Issues](https://github.com/containers/buildah/issues) page. diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod index e9f5e4d8a..c641a11a6 100644 --- a/vendor/github.com/containers/buildah/go.mod +++ b/vendor/github.com/containers/buildah/go.mod @@ -5,10 +5,10 @@ go 1.13 require ( github.com/containerd/containerd v1.5.5 github.com/containernetworking/cni v0.8.1 - github.com/containers/common v0.43.2 - github.com/containers/image/v5 v5.15.2 + github.com/containers/common v0.44.0 + github.com/containers/image/v5 v5.16.0 github.com/containers/ocicrypt v1.1.2 - github.com/containers/storage v1.34.1 + github.com/containers/storage v1.36.0 github.com/docker/distribution v2.7.1+incompatible github.com/docker/go-units v0.4.0 github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 @@ -21,11 +21,11 @@ require ( github.com/onsi/ginkgo v1.16.4 github.com/onsi/gomega v1.16.0 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.0.2-0.20210730191737-8e42a01fb1b7 + github.com/opencontainers/image-spec v1.0.2-0.20210819154149-5ad6f50d6283 github.com/opencontainers/runc v1.0.2 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/runtime-tools v0.9.0 - github.com/opencontainers/selinux v1.8.4 + github.com/opencontainers/selinux v1.8.5 github.com/openshift/imagebuilder v1.2.2-0.20210415181909-87f3e48c2656 github.com/pkg/errors v0.9.1 github.com/seccomp/libseccomp-golang v0.9.2-0.20200616122406-847368b35ebf @@ -37,7 +37,8 @@ require ( go.etcd.io/bbolt v1.3.6 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 + golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55 + golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b k8s.io/klog v1.0.0 // indirect ) diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum index 37dc8ce32..1733a00cb 100644 --- a/vendor/github.com/containers/buildah/go.sum +++ b/vendor/github.com/containers/buildah/go.sum @@ -76,8 +76,9 @@ github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= github.com/Microsoft/hcsshim v0.8.18/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= -github.com/Microsoft/hcsshim v0.8.20 h1:ZTwcx3NS8n07kPf/JZ1qwU6vnjhVPMUWlXBF8r9UxrE= github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= +github.com/Microsoft/hcsshim v0.8.22 h1:CulZ3GW8sNJExknToo+RWD+U+6ZM5kkNfuxywSDPd08= +github.com/Microsoft/hcsshim v0.8.22/go.mod h1:91uVCVzvX2QD16sMCenoxxXo6L1wJnLMX2PSufFMtF0= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -171,6 +172,7 @@ github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMX github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ= github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI= @@ -206,6 +208,8 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= +github.com/containerd/stargz-snapshotter/estargz v0.8.0 h1:oA1wx8kTFfImfsT5bScbrZd8gK+WtQnn15q82Djvm0Y= +github.com/containerd/stargz-snapshotter/estargz v0.8.0/go.mod h1:mwIwuwb+D8FX2t45Trwi0hmWmZm5VW7zPP/rekwhWQU= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= @@ -226,11 +230,10 @@ github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= -github.com/containers/common v0.43.2 h1:oSP5d5sDrq7OkoqLPVrLpi1LZOAwpTwOZXgPDHfmD0E= -github.com/containers/common v0.43.2/go.mod h1:BAoVyRYlxKZKAYpHcFMdrXlIZyzbJp9NwKTgadTd/Dg= -github.com/containers/image/v5 v5.15.0/go.mod h1:gzdBcooi6AFdiqfzirUqv90hUyHyI0MMdaqKzACKr2s= -github.com/containers/image/v5 v5.15.2 h1:DKicmVr0h1HGkzs9muoErX+fVbV9sV9W5TyMy5perLE= -github.com/containers/image/v5 v5.15.2/go.mod h1:8jejVSzTDfyPwr/HXp9rri34n/vbdavYk6IzTiB3TBw= +github.com/containers/common v0.44.0 h1:YpjfOxmWrnVyxugYgiWV1Vo/Xg8JUfe32QZz3SAMfUk= +github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= +github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI= +github.com/containers/image/v5 v5.16.0/go.mod h1:XgTpfAPLRGOd1XYyCU5cISFr777bLmOerCSpt/v7+Q4= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= @@ -238,10 +241,9 @@ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgU github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0= github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/containers/storage v1.33.0/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY= -github.com/containers/storage v1.34.0/go.mod h1:t6I+hTgPU0/tVxQ75vw406wDi/TXwYBqZp4QZV9N7b8= -github.com/containers/storage v1.34.1 h1:PsBGMH7hwuQ3MOr7qTgPznFrE8ebfIbwQbg2gKvg0lE= -github.com/containers/storage v1.34.1/go.mod h1:FY2TcbfgCLMU4lYoKnlZeZXeH353TOTbpDEA+sAcqAY= +github.com/containers/storage v1.35.0/go.mod h1:qzYhasQP2/V9D9XdO+vRwkHBhsBO0oznMLzzRDQ8s20= +github.com/containers/storage v1.36.0 h1:OelxllCW19tnNngYuZw2ty/zLabVMG5rSs3KSwO1Lzc= +github.com/containers/storage v1.36.0/go.mod h1:vbd3SKVQNHdmU5qQI6hTEcKPxnZkGqydG4f6uwrI5a8= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= @@ -285,7 +287,6 @@ github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TT github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.8+incompatible h1:RVqD337BgQicVCzYrrlhLDWhq6OAD2PJDUg2LsEUvKM= github.com/docker/docker v20.10.8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= @@ -398,7 +399,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -519,10 +519,9 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.4 h1:0zhec2I8zGnjWcKyLl6i3gPqKANCCn5e9xmviEEeX6s= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.13.5 h1:9O69jUPDcsT9fEm74W92rZL9FQY7rCdaXVneq+yyzl4= +github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -625,7 +624,6 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c= github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -636,9 +634,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.2-0.20210730191737-8e42a01fb1b7 h1:axgApq2XShTLwQii2zAnIkMPlhGVHbAXHUcHezu5G/k= -github.com/opencontainers/image-spec v1.0.2-0.20210730191737-8e42a01fb1b7/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.0.2-0.20210819154149-5ad6f50d6283 h1:TVzvdjOalkJBNkbpPVMAr4KV9QRf2IjfxdyxwAK78Gs= +github.com/opencontainers/image-spec v1.0.2-0.20210819154149-5ad6f50d6283/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= @@ -660,9 +657,9 @@ github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pK github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= -github.com/opencontainers/selinux v1.8.3/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= -github.com/opencontainers/selinux v1.8.4 h1:krlgQ6/j9CkCXT5oW0yVXdQFOME3NjKuuAZXuR6O7P4= github.com/opencontainers/selinux v1.8.4/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= +github.com/opencontainers/selinux v1.8.5 h1:OkT6bMHOQ1JQQO4ihjQ49sj0+wciDcjziSVTRn8VeTA= +github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= github.com/openshift/imagebuilder v1.2.2-0.20210415181909-87f3e48c2656 h1:WaxyNFpmIDu4i6so9r6LVFIbSaXqsj8oitMitt86ae4= github.com/openshift/imagebuilder v1.2.2-0.20210415181909-87f3e48c2656/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo= github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw= @@ -787,10 +784,11 @@ github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE= -github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= -github.com/vbauerster/mpb/v7 v7.0.3 h1:NfX0pHWhlDTev15M/C3qmSTM1EiIjcS+/d6qS6H4FnI= -github.com/vbauerster/mpb/v7 v7.0.3/go.mod h1:NXGsfPGx6G2JssqvEcULtDqUrxuuYs4llpv8W6ZUpzk= +github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= +github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= +github.com/vbauerster/mpb/v7 v7.1.3 h1:VJkiLuuBs/re5SCHLVkYOPYAs+1jagk5QIDHgAXLVVA= +github.com/vbauerster/mpb/v7 v7.1.3/go.mod h1:X5GlohZw2fIpypMXWaKart+HGSAjpz49skxkDk+ZL7c= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 h1:cPXZWzzG0NllBLdjWoD1nDfaqu98YMv+OneaKc8sPOA= @@ -1053,8 +1051,10 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55 h1:rw6UNGRMfarCepjI8qOepea/SXwIBVfTKjztZ5gBbq4= +golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= diff --git a/vendor/github.com/containers/buildah/image.go b/vendor/github.com/containers/buildah/image.go index a3050ce10..ef05f37d2 100644 --- a/vendor/github.com/containers/buildah/image.go +++ b/vendor/github.com/containers/buildah/image.go @@ -393,9 +393,18 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System rc.Close() return nil, errors.Wrapf(err, "error opening file for %s", what) } - destHasher := digest.Canonical.Digester() + counter := ioutils.NewWriteCounter(layerFile) - multiWriter := io.MultiWriter(counter, destHasher.Hash()) + var destHasher digest.Digester + var multiWriter io.Writer + // Avoid rehashing when we do not compress. + if i.compression != archive.Uncompressed { + destHasher = digest.Canonical.Digester() + multiWriter = io.MultiWriter(counter, destHasher.Hash()) + } else { + destHasher = srcHasher + multiWriter = counter + } // Compress the layer, if we're recompressing it. writeCloser, err := archive.CompressStream(multiWriter, i.compression) if err != nil { diff --git a/vendor/github.com/containers/buildah/install.md b/vendor/github.com/containers/buildah/install.md index 30ec26cc3..2a09821f3 100644 --- a/vendor/github.com/containers/buildah/install.md +++ b/vendor/github.com/containers/buildah/install.md @@ -157,7 +157,7 @@ On other Linux distributions Buildah requires a kernel version that supports the ### runc Requirement -Buildah uses `runc` to run commands when `buildah run` is used, or when `buildah build-using-dockerfile` +Buildah uses `runc` to run commands when `buildah run` is used, or when `buildah build` encounters a `RUN` instruction, so you'll also need to build and install a compatible version of [runc](https://github.com/opencontainers/runc) for Buildah to call for those cases. If Buildah is installed via a package manager such as yum, dnf or apt-get, runc will be installed as part of that process. @@ -396,7 +396,7 @@ registries = [] `/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf` -The mounts.conf files specify volume mount files or directories that are automatically mounted inside containers when executing the `buildah run` or `buildah build-using-dockerfile` commands. Container processes can then use this content. The volume mount content does not get committed to the final image. This file is usually provided by the containers-common package. +The mounts.conf files specify volume mount files or directories that are automatically mounted inside containers when executing the `buildah run` or `buildah build` commands. Container processes can then use this content. The volume mount content does not get committed to the final image. This file is usually provided by the containers-common package. Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories. diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go index b54344d11..aaf48d49f 100644 --- a/vendor/github.com/containers/buildah/pkg/cli/common.go +++ b/vendor/github.com/containers/buildah/pkg/cli/common.go @@ -46,7 +46,7 @@ type NameSpaceResults struct { UTS string } -// BudResults represents the results for Bud flags +// BudResults represents the results for Build flags type BudResults struct { Annotation []string Authfile string @@ -89,7 +89,7 @@ type BudResults struct { } // FromAndBugResults represents the results for common flags -// in bud and from +// in build and from type FromAndBudResults struct { AddHost []string BlobCache string @@ -172,7 +172,7 @@ func GetLayerFlags(flags *LayerResults) pflag.FlagSet { // Note: GetLayerFlagsCompletion is not needed since GetLayerFlags only contains bool flags -// GetBudFlags returns common bud flags +// GetBudFlags returns common build flags func GetBudFlags(flags *BudResults) pflag.FlagSet { fs := pflag.FlagSet{} fs.String("arch", runtime.GOARCH, "set the ARCH of the image to the provided value instead of the architecture of the host") @@ -213,7 +213,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { fs.BoolVar(&flags.PullNever, "pull-never", false, "do not pull the image, use the image present in store if available") fs.BoolVarP(&flags.Quiet, "quiet", "q", false, "refrain from announcing build instructions and image read/write progress") fs.BoolVar(&flags.Rm, "rm", true, "Remove intermediate containers after a successful build") - // "runtime" definition moved to avoid name collision in podman build. Defined in cmd/buildah/bud.go. + // "runtime" definition moved to avoid name collision in podman build. Defined in cmd/buildah/build.go. fs.StringSliceVar(&flags.RuntimeFlags, "runtime-flag", []string{}, "add global flags for the container runtime") fs.StringArrayVar(&flags.Secrets, "secret", []string{}, "secret file to expose to the build") fs.StringVar(&flags.SignBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`") @@ -232,7 +232,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { return fs } -// GetBudFlagsCompletions returns the FlagCompletions for the common bud flags +// GetBudFlagsCompletions returns the FlagCompletions for the common build flags func GetBudFlagsCompletions() commonComp.FlagCompletions { flagCompletion := commonComp.FlagCompletions{} flagCompletion["arch"] = commonComp.AutocompleteNone @@ -264,7 +264,7 @@ func GetBudFlagsCompletions() commonComp.FlagCompletions { return flagCompletion } -// GetFromAndBudFlags returns from and bud flags +// GetFromAndBudFlags returns from and build flags func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults, namespaceResults *NameSpaceResults) (pflag.FlagSet, error) { fs := pflag.FlagSet{} defaultContainerConfig, err := config.Default() @@ -312,7 +312,7 @@ func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults, return fs, nil } -// GetFromAndBudFlagsCompletions returns the FlagCompletions for the from and bud flags +// GetFromAndBudFlagsCompletions returns the FlagCompletions for the from and build flags func GetFromAndBudFlagsCompletions() commonComp.FlagCompletions { flagCompletion := commonComp.FlagCompletions{} flagCompletion["arch"] = commonComp.AutocompleteNone diff --git a/vendor/github.com/containers/buildah/pkg/overlay/overlay.go b/vendor/github.com/containers/buildah/pkg/overlay/overlay.go index 84b0e12b8..8ee4ab6d1 100644 --- a/vendor/github.com/containers/buildah/pkg/overlay/overlay.go +++ b/vendor/github.com/containers/buildah/pkg/overlay/overlay.go @@ -144,6 +144,7 @@ func mountHelper(contentDir, source, dest string, _, _ int, graphOptions []strin return mount, nil } /* If a mount_program is not specified, fallback to try mount native overlay. */ + overlayOptions = fmt.Sprintf("%s,userxattr", overlayOptions) } mount.Source = mergeDir diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go index de3cbcaae..685d63d31 100644 --- a/vendor/github.com/containers/buildah/pkg/parse/parse.go +++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go @@ -25,7 +25,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" - "golang.org/x/crypto/ssh/terminal" + "golang.org/x/term" ) const ( @@ -716,7 +716,7 @@ func AuthConfig(creds string) (*types.DockerAuthConfig, error) { } if password == "" { fmt.Print("Password: ") - termPassword, err := terminal.ReadPassword(0) + termPassword, err := term.ReadPassword(0) if err != nil { return nil, errors.Wrapf(err, "could not read password from terminal") } diff --git a/vendor/github.com/containers/buildah/pkg/util/util.go b/vendor/github.com/containers/buildah/pkg/util/util.go new file mode 100644 index 000000000..209ad9544 --- /dev/null +++ b/vendor/github.com/containers/buildah/pkg/util/util.go @@ -0,0 +1,81 @@ +package util + +import ( + "io/ioutil" + "os" + "path/filepath" + "strings" + + "github.com/pkg/errors" +) + +// Mirrors path to a tmpfile if path points to a +// file descriptor instead of actual file on filesystem +// reason: operations with file descriptors are can lead +// to edge cases where content on FD is not in a consumable +// state after first consumption. +// returns path as string and bool to confirm if temp file +// was created and needs to be cleaned up. +func MirrorToTempFileIfPathIsDescriptor(file string) (string, bool) { + // one use-case is discussed here + // https://github.com/containers/buildah/issues/3070 + if !strings.HasPrefix(file, "/dev/fd") { + return file, false + } + b, err := ioutil.ReadFile(file) + if err != nil { + // if anything goes wrong return original path + return file, false + } + tmpfile, err := ioutil.TempFile(os.TempDir(), "buildah-temp-file") + if err != nil { + return file, false + } + if _, err := tmpfile.Write(b); err != nil { + // if anything goes wrong return original path + return file, false + } + + return tmpfile.Name(), true +} + +// DiscoverContainerfile tries to find a Containerfile or a Dockerfile within the provided `path`. +func DiscoverContainerfile(path string) (foundCtrFile string, err error) { + // Test for existence of the file + target, err := os.Stat(path) + if err != nil { + return "", errors.Wrap(err, "discovering Containerfile") + } + + switch mode := target.Mode(); { + case mode.IsDir(): + // If the path is a real directory, we assume a Containerfile or a Dockerfile within it + ctrfile := filepath.Join(path, "Containerfile") + + // Test for existence of the Containerfile file + file, err := os.Stat(ctrfile) + if err != nil { + // See if we have a Dockerfile within it + ctrfile = filepath.Join(path, "Dockerfile") + + // Test for existence of the Dockerfile file + file, err = os.Stat(ctrfile) + if err != nil { + return "", errors.Wrap(err, "cannot find Containerfile or Dockerfile in context directory") + } + } + + // The file exists, now verify the correct mode + if mode := file.Mode(); mode.IsRegular() { + foundCtrFile = ctrfile + } else { + return "", errors.Errorf("assumed Containerfile %q is not a file", ctrfile) + } + + case mode.IsRegular(): + // If the context dir is a file, we assume this as Containerfile + foundCtrFile = path + } + + return foundCtrFile, nil +} diff --git a/vendor/github.com/containers/buildah/release.sh b/vendor/github.com/containers/buildah/release.sh index ef1c248c7..007f238d8 100644 --- a/vendor/github.com/containers/buildah/release.sh +++ b/vendor/github.com/containers/buildah/release.sh @@ -56,6 +56,13 @@ write_changelog() echo >>.changelog.txt && cat changelog.txt >>.changelog.txt && mv -f .changelog.txt changelog.txt + + echo " +## v${VERSION} (${DATE}) +" >.CHANGELOG.md && + git log --no-merges --format=' %s' "${LAST_TAG}..HEAD" >>.CHANGELOG.md && + sed -i -e '/# Changelog/r .CHANGELOG.md' CHANGELOG.md && + rm -f .CHANGELOG.md } release_commit() @@ -64,7 +71,10 @@ release_commit() write_spec_version "${VERSION}" && write_spec_changelog "${VERSION}" && write_changelog && - git commit -asm "Bump to v${VERSION}" + git commit -asm "Bump to v${VERSION} + +[NO TESTS NEEDED] +" } dev_version_commit() @@ -72,18 +82,24 @@ dev_version_commit() write_go_version "${NEXT_VERSION}-dev" && write_spec_version "${NEXT_VERSION}-dev" && write_spec_changelog "${NEXT_VERSION}-dev" && - git commit -asm "Bump to v${NEXT_VERSION}-dev" + git commit -asm "Bump to v${NEXT_VERSION}-dev + +[NO TESTS NEEDED] +" } epoch_commit() { LOCAL_EPOCH="$1" write_makefile_epoch "${LOCAL_EPOCH}" && - git commit -asm 'Bump gitvalidation epoch' + git commit -asm 'Bump gitvalidation epoch + + [NO TESTS NEEDED] +' } git fetch origin && -git checkout -b "bump-${VERSION}" origin/master && +git checkout -b "bump-${VERSION}" origin/main && EPOCH=$(git rev-parse HEAD) && release_commit && git tag -s -m "version ${VERSION}" "v${VERSION}" && diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index c1919d6b5..113c83ef9 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -48,8 +48,8 @@ import ( "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "golang.org/x/crypto/ssh/terminal" "golang.org/x/sys/unix" + "golang.org/x/term" ) // ContainerDevices is an alias for a slice of github.com/opencontainers/runc/libcontainer/configs.Device structures. @@ -719,7 +719,7 @@ func (b *Builder) generateHosts(rdir, hostname string, addHosts []string, chownO func setupTerminal(g *generate.Generator, terminalPolicy TerminalPolicy, terminalSize *specs.Box) { switch terminalPolicy { case DefaultTerminal: - onTerminal := terminal.IsTerminal(unix.Stdin) && terminal.IsTerminal(unix.Stdout) && terminal.IsTerminal(unix.Stderr) + onTerminal := term.IsTerminal(unix.Stdin) && term.IsTerminal(unix.Stdout) && term.IsTerminal(unix.Stderr) if onTerminal { logrus.Debugf("stdio is a terminal, defaulting to using a terminal") } else { @@ -1276,12 +1276,12 @@ func runCopyStdio(logger *logrus.Logger, stdio *sync.WaitGroup, copyPipes bool, writeDesc[unix.Stdout] = "output" // Set our terminal's mode to raw, to pass handling of special // terminal input to the terminal in the container. - if terminal.IsTerminal(unix.Stdin) { - if state, err := terminal.MakeRaw(unix.Stdin); err != nil { + if term.IsTerminal(unix.Stdin) { + if state, err := term.MakeRaw(unix.Stdin); err != nil { logger.Warnf("error setting terminal state: %v", err) } else { defer func() { - if err = terminal.Restore(unix.Stdin, state); err != nil { + if err = term.Restore(unix.Stdin, state); err != nil { logger.Errorf("unable to restore terminal state: %v", err) } }() @@ -1504,7 +1504,7 @@ func runAcceptTerminal(logger *logrus.Logger, consoleListener *net.UnixListener, winsize.Row = uint16(terminalSize.Height) winsize.Col = uint16(terminalSize.Width) } else { - if terminal.IsTerminal(unix.Stdin) { + if term.IsTerminal(unix.Stdin) { // Use the size of our terminal. if winsize, err = unix.IoctlGetWinsize(unix.Stdin, unix.TIOCGWINSZ); err != nil { logger.Warnf("error reading size of controlling terminal: %v", err) diff --git a/vendor/github.com/containers/buildah/troubleshooting.md b/vendor/github.com/containers/buildah/troubleshooting.md index 2d8b99c6b..1299b354f 100644 --- a/vendor/github.com/containers/buildah/troubleshooting.md +++ b/vendor/github.com/containers/buildah/troubleshooting.md @@ -7,7 +7,7 @@ --- ### 1) No such image -When doing a `buildah pull` or `buildah bud` command and a "common" image can not be pulled, +When doing a `buildah pull` or `buildah build` command and a "common" image can not be pulled, it is likely that the `/etc/containers/registries.conf` file is either not installed or possibly misconfigured. This issue might also indicate that other required files as listed in the [Configuration Files](https://github.com/containers/buildah/blob/main/install.md#configuration-files) @@ -15,7 +15,7 @@ section of the Installation Instructions are also not installed. #### Symptom ```console -$ sudo buildah bud -f Dockerfile . +$ sudo buildah build -f Dockerfile . STEP 1: FROM alpine error creating build container: 2 errors occurred: @@ -35,7 +35,7 @@ error building: error creating build container: no such image "alpine" in regist --- ### 2) http: server gave HTTP response to HTTPS client -When doing a Buildah command such as `bud`, `commit`, `from`, or `push` to a registry, +When doing a Buildah command such as `build`, `commit`, `from`, or `push` to a registry, tls verification is turned on by default. If authentication is not used with those commands, this error can occur. @@ -50,7 +50,7 @@ Get https://localhost:5000/v2/: http: server gave HTTP response to HTTPS client By default tls verification is turned on when communicating to registries from Buildah. If the registry does not require authentication the Buildah commands -such as `bud`, `commit`, `from` and `pull` will fail unless tls verification is turned +such as `build`, `commit`, `from` and `pull` will fail unless tls verification is turned off using the `--tls-verify` option. **NOTE:** It is not at all recommended to communicate with a registry and not use tls verification. @@ -110,13 +110,13 @@ lstat /home/myusername/~: no such file or directory --- -### 5) Rootless buildah bud fails EPERM on NFS: +### 5) Rootless buildah build fails EPERM on NFS: NFS enforces file creation on different UIDs on the server side and does not understand user namespace, which rootless Podman requires. When a container root process like YUM attempts to create a file owned by a different UID, NFS Server denies the creation. NFS is also a problem for the file locks when the storage is on it. Other distributed file systems (for example: Lustre, Spectrum Scale, the General Parallel File System (GPFS)) are also not supported when running in rootless mode as these file systems do not understand user namespace. #### Symptom ```console -$ buildah bud . +$ buildah build . ERRO[0014] Error while applying layer: ApplyLayer exit status 1 stdout: stderr: open /root/.bash_logout: permission denied error creating build container: Error committing the finished image: error adding layer with blob "sha256:a02a4930cb5d36f3290eb84f4bfa30668ef2e9fe3a1fb73ec015fc58b9958b17": ApplyLayer exit status 1 stdout: stderr: open /root/.bash_logout: permission denied ``` @@ -126,14 +126,14 @@ Choose one of the following: * Setup containers/storage in a different directory, not on an NFS share. * Otherwise just run buildah as root, via `sudo buildah` --- -### 6) Rootless buildah bud fails when using OverlayFS: +### 6) Rootless buildah build fails when using OverlayFS: The Overlay file system (OverlayFS) requires the ability to call the `mknod` command when creating whiteout files when extracting an image. However, a rootless user does not have the privileges to use `mknod` in this capacity. #### Symptom ```console -buildah bud --storage-driver overlay . +buildah build --storage-driver overlay . STEP 1: FROM docker.io/ubuntu:xenial Getting image source signatures Copying blob edf72af6d627 done @@ -144,7 +144,7 @@ Copying config 5e13f8dd4c done Writing manifest to image destination Storing signatures Error: error creating build container: Error committing the finished image: error adding layer with blob "sha256:8d3eac894db4dc4154377ad28643dfe6625ff0e54bcfa63e0d04921f1a8ef7f8": Error processing tar file(exit status 1): operation not permitted -$ buildah bud . +$ buildah build . ERRO[0014] Error while applying layer: ApplyLayer exit status 1 stdout: stderr: open /root/.bash_logout: permission denied error creating build container: Error committing the finished image: error adding layer with blob "sha256:a02a4930cb5d36f3290eb84f4bfa30668ef2e9fe3a1fb73ec015fc58b9958b17": ApplyLayer exit status 1 stdout: stderr: open /root/.bash_logout: permission denied ``` diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 3a6ce8780..b982aa552 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -234,6 +234,9 @@ type EngineConfig struct { // EventsLogger determines where events should be logged. EventsLogger string `toml:"events_logger,omitempty"` + // graphRoot internal stores the location of the graphroot + graphRoot string + // HelperBinariesDir is a list of directories which are used to search for // helper binaries. HelperBinariesDir []string `toml:"helper_binaries_dir"` @@ -384,6 +387,12 @@ type EngineConfig struct { // before sending kill signal. StopTimeout uint `toml:"stop_timeout,omitempty"` + // ImageCopyTmpDir is the default location for storing temporary + // container image content, Can be overridden with the TMPDIR + // environment variable. If you specify "storage", then the + // location of the container/storage tmp directory will be used. + ImageCopyTmpDir string `toml:"image_copy_tmp_dir,omitempty"` + // TmpDir is the path to a temporary directory to store per-boot container // files. Must be stored in a tmpfs. TmpDir string `toml:"tmp_dir,omitempty"` @@ -1148,3 +1157,22 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) } return "", errors.Errorf("could not find %q in one of %v", name, c.Engine.HelperBinariesDir) } + +// ImageCopyTmpDir default directory to store tempory image files during copy +func (c *Config) ImageCopyTmpDir() (string, error) { + if path, found := os.LookupEnv("TMPDIR"); found { + return path, nil + } + switch c.Engine.ImageCopyTmpDir { + case "": + return "", nil + case "storage": + return filepath.Join(c.Engine.graphRoot, "tmp"), nil + default: + if filepath.IsAbs(c.Engine.ImageCopyTmpDir) { + return c.Engine.ImageCopyTmpDir, nil + } + } + + return "", errors.Errorf("invalid image_copy_tmp_dir value %q (relative paths are not accepted)", c.Engine.ImageCopyTmpDir) +} diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index fc61ed709..dc38f8ec6 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -451,15 +451,20 @@ default_sysctls = [ # List of the OCI runtimes that support --format=json. When json is supported # engine will use it for reporting nicer errors. # -#runtime_supports_json = ["crun", "runc", "kata", "runsc"] +#runtime_supports_json = ["crun", "runc", "kata", "runsc", "krun"] # List of the OCI runtimes that supports running containers with KVM Separation. # -#runtime_supports_kvm = ["kata"] +#runtime_supports_kvm = ["kata", "krun"] # List of the OCI runtimes that supports running containers without cgroups. # -#runtime_supports_nocgroups = ["crun"] +#runtime_supports_nocgroups = ["crun", "krun"] + +# Default location for storing temporary container image content. Can be overridden with the TMPDIR environment +# variable. If you specify "storage", then the location of the +# container/storage tmp directory will be used. +# image_copy_tmp_dir="/var/tmp" # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage @@ -498,7 +503,7 @@ default_sysctls = [ # #volume_path = "/var/lib/containers/storage/volumes" -# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc) +# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc) [engine.runtimes] #crun = [ # "/usr/bin/crun", @@ -541,6 +546,11 @@ default_sysctls = [ # "/run/current-system/sw/bin/runsc", #] +#krun = [ +# "/usr/bin/krun", +# "/usr/local/bin/krun", +#] + [engine.volume_plugins] #testplugin = "/run/podman/plugins/test.sock" diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index db5ba6936..5ce73bd2a 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -244,6 +244,8 @@ func defaultConfigFromMemory() (*EngineConfig, error) { logrus.Warnf("Storage configuration is unset - using hardcoded default graph root %q", _defaultGraphRoot) storeOpts.GraphRoot = _defaultGraphRoot } + c.graphRoot = storeOpts.GraphRoot + c.ImageCopyTmpDir = "/var/tmp" c.StaticDir = filepath.Join(storeOpts.GraphRoot, "libpod") c.VolumePath = filepath.Join(storeOpts.GraphRoot, "volumes") @@ -297,6 +299,10 @@ func defaultConfigFromMemory() (*EngineConfig, error) { "/sbin/runsc", "/run/current-system/sw/bin/runsc", }, + "krun": { + "/usr/bin/krun", + "/usr/local/bin/krun", + }, } // Needs to be called after populating c.OCIRuntimes c.OCIRuntime = c.findRuntime() @@ -320,9 +326,10 @@ func defaultConfigFromMemory() (*EngineConfig, error) { "runc", "kata", "runsc", + "krun", } - c.RuntimeSupportsNoCgroups = []string{"crun"} - c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc"} + c.RuntimeSupportsNoCgroups = []string{"crun", "krun"} + c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc", "krun"} c.InitPath = DefaultInitPath c.NoPivotRoot = false diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index f248f0c7a..ba4dda5e6 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.44.0" +const Version = "0.44.1-dev" diff --git a/vendor/modules.txt b/vendor/modules.txt index f9bd7b465..00f3dd743 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,7 +81,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr github.com/containernetworking/plugins/pkg/utils/sysctl github.com/containernetworking/plugins/plugins/ipam/host-local/backend github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator -# github.com/containers/buildah v1.22.1-0.20210824095355-fc1e256f5051 +# github.com/containers/buildah v1.23.0 github.com/containers/buildah github.com/containers/buildah/bind github.com/containers/buildah/chroot @@ -97,8 +97,9 @@ github.com/containers/buildah/pkg/overlay github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent +github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.44.0 +# github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor |