diff options
Diffstat (limited to 'vendor/github.com/projectatomic/buildah/buildah.go')
-rw-r--r-- | vendor/github.com/projectatomic/buildah/buildah.go | 513 |
1 files changed, 0 insertions, 513 deletions
diff --git a/vendor/github.com/projectatomic/buildah/buildah.go b/vendor/github.com/projectatomic/buildah/buildah.go deleted file mode 100644 index 60688b372..000000000 --- a/vendor/github.com/projectatomic/buildah/buildah.go +++ /dev/null @@ -1,513 +0,0 @@ -package buildah - -import ( - "context" - "encoding/json" - "fmt" - "io" - "io/ioutil" - "os" - "path/filepath" - - "github.com/containers/image/types" - "github.com/containers/storage" - "github.com/containers/storage/pkg/ioutils" - "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "github.com/projectatomic/buildah/docker" - "github.com/projectatomic/buildah/util" -) - -const ( - // Package is the name of this package, used in help output and to - // identify working containers. - Package = "buildah" - // Version for the Package. Bump version in contrib/rpm/buildah.spec - // too. - Version = "1.4-dev" - // The value we use to identify what type of information, currently a - // serialized Builder structure, we are using as per-container state. - // This should only be changed when we make incompatible changes to - // that data structure, as it's used to distinguish containers which - // are "ours" from ones that aren't. - containerType = Package + " 0.0.1" - // The file in the per-container directory which we use to store our - // per-container state. If it isn't there, then the container isn't - // one of our build containers. - stateFile = Package + ".json" -) - -// PullPolicy takes the value PullIfMissing, PullAlways, or PullNever. -type PullPolicy int - -const ( - // PullIfMissing is one of the values that BuilderOptions.PullPolicy - // can take, signalling that the source image should be pulled from a - // registry if a local copy of it is not already present. - PullIfMissing PullPolicy = iota - // PullAlways is one of the values that BuilderOptions.PullPolicy can - // take, signalling that a fresh, possibly updated, copy of the image - // should be pulled from a registry before the build proceeds. - PullAlways - // PullNever is one of the values that BuilderOptions.PullPolicy can - // take, signalling that the source image should not be pulled from a - // registry if a local copy of it is not already present. - PullNever -) - -// String converts a PullPolicy into a string. -func (p PullPolicy) String() string { - switch p { - case PullIfMissing: - return "PullIfMissing" - case PullAlways: - return "PullAlways" - case PullNever: - return "PullNever" - } - return fmt.Sprintf("unrecognized policy %d", p) -} - -// NetworkConfigurationPolicy takes the value NetworkDefault, NetworkDisabled, -// or NetworkEnabled. -type NetworkConfigurationPolicy int - -const ( - // NetworkDefault is one of the values that BuilderOptions.ConfigureNetwork - // can take, signalling that the default behavior should be used. - NetworkDefault NetworkConfigurationPolicy = iota - // NetworkDisabled is one of the values that BuilderOptions.ConfigureNetwork - // can take, signalling that network interfaces should NOT be configured for - // newly-created network namespaces. - NetworkDisabled - // NetworkEnabled is one of the values that BuilderOptions.ConfigureNetwork - // can take, signalling that network interfaces should be configured for - // newly-created network namespaces. - NetworkEnabled -) - -// String formats a NetworkConfigurationPolicy as a string. -func (p NetworkConfigurationPolicy) String() string { - switch p { - case NetworkDefault: - return "NetworkDefault" - case NetworkDisabled: - return "NetworkDisabled" - case NetworkEnabled: - return "NetworkEnabled" - } - return fmt.Sprintf("unknown NetworkConfigurationPolicy %d", p) -} - -// Builder objects are used to represent containers which are being used to -// build images. They also carry potential updates which will be applied to -// the image's configuration when the container's contents are used to build an -// image. -type Builder struct { - store storage.Store - - // Args define variables that users can pass at build-time to the builder - Args map[string]string - // Type is used to help identify a build container's metadata. It - // should not be modified. - Type string `json:"type"` - // FromImage is the name of the source image which was used to create - // the container, if one was used. It should not be modified. - FromImage string `json:"image,omitempty"` - // FromImageID is the ID of the source image which was used to create - // the container, if one was used. It should not be modified. - FromImageID string `json:"image-id"` - // Config is the source image's configuration. It should not be - // modified. - Config []byte `json:"config,omitempty"` - // Manifest is the source image's manifest. It should not be modified. - Manifest []byte `json:"manifest,omitempty"` - - // Container is the name of the build container. It should not be modified. - Container string `json:"container-name,omitempty"` - // ContainerID is the ID of the build container. It should not be modified. - ContainerID string `json:"container-id,omitempty"` - // MountPoint is the last location where the container's root - // filesystem was mounted. It should not be modified. - MountPoint string `json:"mountpoint,omitempty"` - // ProcessLabel is the SELinux process label associated with the container - ProcessLabel string `json:"process-label,omitempty"` - // MountLabel is the SELinux mount label associated with the container - MountLabel string `json:"mount-label,omitempty"` - - // ImageAnnotations is a set of key-value pairs which is stored in the - // image's manifest. - ImageAnnotations map[string]string `json:"annotations,omitempty"` - // ImageCreatedBy is a description of how this container was built. - ImageCreatedBy string `json:"created-by,omitempty"` - // ImageHistoryComment is a description of how our added layers were built. - ImageHistoryComment string `json:"history-comment,omitempty"` - - // Image metadata and runtime settings, in multiple formats. - OCIv1 v1.Image `json:"ociv1,omitempty"` - Docker docker.V2Image `json:"docker,omitempty"` - // DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format. - DefaultMountsFilePath string `json:"defaultMountsFilePath,omitempty"` - - // Isolation controls how we handle "RUN" statements and the Run() method. - Isolation Isolation - // NamespaceOptions controls how we set up the namespaces for processes that we run in the container. - NamespaceOptions NamespaceOptions - // ConfigureNetwork controls whether or not network interfaces and - // routing are configured for a new network namespace (i.e., when not - // joining another's namespace and not just using the host's - // namespace), effectively deciding whether or not the process has a - // usable network. - ConfigureNetwork NetworkConfigurationPolicy - // CNIPluginPath is the location of CNI plugin helpers, if they should be - // run from a location other than the default location. - CNIPluginPath string - // CNIConfigDir is the location of CNI configuration files, if the files in - // the default configuration directory shouldn't be used. - CNIConfigDir string - // ID mapping options to use when running processes in the container with non-host user namespaces. - IDMappingOptions IDMappingOptions - // AddCapabilities is a list of capabilities to add to the default set when running - // commands in the container. - AddCapabilities []string - // DropCapabilities is a list of capabilities to remove from the default set, - // after processing the AddCapabilities set, when running commands in the container. - // If a capability appears in both lists, it will be dropped. - DropCapabilities []string - - CommonBuildOpts *CommonBuildOptions - // TopLayer is the top layer of the image - TopLayer string - // Format for the build Image - Format string -} - -// BuilderInfo are used as objects to display container information -type BuilderInfo struct { - Type string - FromImage string - FromImageID string - Config string - Manifest string - Container string - ContainerID string - MountPoint string - ProcessLabel string - MountLabel string - ImageAnnotations map[string]string - ImageCreatedBy string - OCIv1 v1.Image - Docker docker.V2Image - DefaultMountsFilePath string - Isolation string - NamespaceOptions NamespaceOptions - ConfigureNetwork string - CNIPluginPath string - CNIConfigDir string - IDMappingOptions IDMappingOptions - DefaultCapabilities []string - AddCapabilities []string - DropCapabilities []string -} - -// GetBuildInfo gets a pointer to a Builder object and returns a BuilderInfo object from it. -// This is used in the inspect command to display Manifest and Config as string and not []byte. -func GetBuildInfo(b *Builder) BuilderInfo { - return BuilderInfo{ - Type: b.Type, - FromImage: b.FromImage, - FromImageID: b.FromImageID, - Config: string(b.Config), - Manifest: string(b.Manifest), - Container: b.Container, - ContainerID: b.ContainerID, - MountPoint: b.MountPoint, - ProcessLabel: b.ProcessLabel, - ImageAnnotations: b.ImageAnnotations, - ImageCreatedBy: b.ImageCreatedBy, - OCIv1: b.OCIv1, - Docker: b.Docker, - DefaultMountsFilePath: b.DefaultMountsFilePath, - Isolation: b.Isolation.String(), - NamespaceOptions: b.NamespaceOptions, - ConfigureNetwork: fmt.Sprintf("%v", b.ConfigureNetwork), - CNIPluginPath: b.CNIPluginPath, - CNIConfigDir: b.CNIConfigDir, - IDMappingOptions: b.IDMappingOptions, - DefaultCapabilities: append([]string{}, util.DefaultCapabilities...), - AddCapabilities: append([]string{}, b.AddCapabilities...), - DropCapabilities: append([]string{}, b.DropCapabilities...), - } -} - -// CommonBuildOptions are resources that can be defined by flags for both buildah from and build-using-dockerfile -type CommonBuildOptions struct { - // AddHost is the list of hostnames to add to the build container's /etc/hosts. - AddHost []string - // CgroupParent is the path to cgroups under which the cgroup for the container will be created. - CgroupParent string - // CPUPeriod limits the CPU CFS (Completely Fair Scheduler) period - CPUPeriod uint64 - // CPUQuota limits the CPU CFS (Completely Fair Scheduler) quota - CPUQuota int64 - // CPUShares (relative weight - CPUShares uint64 - // CPUSetCPUs in which to allow execution (0-3, 0,1) - CPUSetCPUs string - // CPUSetMems memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. - CPUSetMems string - // Memory is the upper limit (in bytes) on how much memory running containers can use. - Memory int64 - // MemorySwap limits the amount of memory and swap together. - MemorySwap int64 - // LabelOpts is the a slice of fields of an SELinux context, given in "field:pair" format, or "disable". - // Recognized field names are "role", "type", and "level". - LabelOpts []string - // SeccompProfilePath is the pathname of a seccomp profile. - SeccompProfilePath string - // ApparmorProfile is the name of an apparmor profile. - ApparmorProfile string - // ShmSize is the "size" value to use when mounting an shmfs on the container's /dev/shm directory. - ShmSize string - // Ulimit specifies resource limit options, in the form type:softlimit[:hardlimit]. - // These types are recognized: - // "core": maximimum core dump size (ulimit -c) - // "cpu": maximum CPU time (ulimit -t) - // "data": maximum size of a process's data segment (ulimit -d) - // "fsize": maximum size of new files (ulimit -f) - // "locks": maximum number of file locks (ulimit -x) - // "memlock": maximum amount of locked memory (ulimit -l) - // "msgqueue": maximum amount of data in message queues (ulimit -q) - // "nice": niceness adjustment (nice -n, ulimit -e) - // "nofile": maximum number of open files (ulimit -n) - // "nproc": maximum number of processes (ulimit -u) - // "rss": maximum size of a process's (ulimit -m) - // "rtprio": maximum real-time scheduling priority (ulimit -r) - // "rttime": maximum amount of real-time execution between blocking syscalls - // "sigpending": maximum number of pending signals (ulimit -i) - // "stack": maximum stack size (ulimit -s) - Ulimit []string - // Volumes to bind mount into the container - Volumes []string -} - -// BuilderOptions are used to initialize a new Builder. -type BuilderOptions struct { - // Args define variables that users can pass at build-time to the builder - Args map[string]string - // FromImage is the name of the image which should be used as the - // starting point for the container. It can be set to an empty value - // or "scratch" to indicate that the container should not be based on - // an image. - FromImage string - // Container is a desired name for the build container. - Container string - // PullPolicy decides whether or not we should pull the image that - // we're using as a base image. It should be PullIfMissing, - // PullAlways, or PullNever. - PullPolicy PullPolicy - // Registry is a value which is prepended to the image's name, if it - // needs to be pulled and the image name alone can not be resolved to a - // reference to a source image. No separator is implicitly added. - Registry string - // Transport is a value which is prepended to the image's name, if it - // needs to be pulled and the image name alone, or the image name and - // the registry together, can not be resolved to a reference to a - // source image. No separator is implicitly added. - Transport string - // Mount signals to NewBuilder() that the container should be mounted - // immediately. - Mount bool - // SignaturePolicyPath specifies an override location for the signature - // policy which should be used for verifying the new image as it is - // being written. Except in specific circumstances, no value should be - // specified, indicating that the shared, system-wide default policy - // should be used. - SignaturePolicyPath string - // ReportWriter is an io.Writer which will be used to log the reading - // of the source image from a registry, if we end up pulling the image. - ReportWriter io.Writer - // github.com/containers/image/types SystemContext to hold credentials - // and other authentication/authorization information. - SystemContext *types.SystemContext - // DefaultMountsFilePath is the file path holding the mounts to be - // mounted in "host-path:container-path" format - DefaultMountsFilePath string - // Isolation controls how we handle "RUN" statements and the Run() - // method. - Isolation Isolation - // NamespaceOptions controls how we set up namespaces for processes that - // we might need to run using the container's root filesystem. - NamespaceOptions NamespaceOptions - // ConfigureNetwork controls whether or not network interfaces and - // routing are configured for a new network namespace (i.e., when not - // joining another's namespace and not just using the host's - // namespace), effectively deciding whether or not the process has a - // usable network. - ConfigureNetwork NetworkConfigurationPolicy - // CNIPluginPath is the location of CNI plugin helpers, if they should be - // run from a location other than the default location. - CNIPluginPath string - // CNIConfigDir is the location of CNI configuration files, if the files in - // the default configuration directory shouldn't be used. - CNIConfigDir string - // ID mapping options to use if we're setting up our own user namespace. - IDMappingOptions *IDMappingOptions - // AddCapabilities is a list of capabilities to add to the default set when - // running commands in the container. - AddCapabilities []string - // DropCapabilities is a list of capabilities to remove from the default set, - // after processing the AddCapabilities set, when running commands in the - // container. If a capability appears in both lists, it will be dropped. - DropCapabilities []string - - CommonBuildOpts *CommonBuildOptions - // Format for the container image - Format string -} - -// ImportOptions are used to initialize a Builder from an existing container -// which was created elsewhere. -type ImportOptions struct { - // Container is the name of the build container. - Container string - // SignaturePolicyPath specifies an override location for the signature - // policy which should be used for verifying the new image as it is - // being written. Except in specific circumstances, no value should be - // specified, indicating that the shared, system-wide default policy - // should be used. - SignaturePolicyPath string -} - -// ImportFromImageOptions are used to initialize a Builder from an image. -type ImportFromImageOptions struct { - // Image is the name or ID of the image we'd like to examine. - Image string - // SignaturePolicyPath specifies an override location for the signature - // policy which should be used for verifying the new image as it is - // being written. Except in specific circumstances, no value should be - // specified, indicating that the shared, system-wide default policy - // should be used. - SignaturePolicyPath string - // github.com/containers/image/types SystemContext to hold information - // about which registries we should check for completing image names - // that don't include a domain portion. - SystemContext *types.SystemContext -} - -// NewBuilder creates a new build container. -func NewBuilder(ctx context.Context, store storage.Store, options BuilderOptions) (*Builder, error) { - return newBuilder(ctx, store, options) -} - -// ImportBuilder creates a new build configuration using an already-present -// container. -func ImportBuilder(ctx context.Context, store storage.Store, options ImportOptions) (*Builder, error) { - return importBuilder(ctx, store, options) -} - -// ImportBuilderFromImage creates a new builder configuration using an image. -// The returned object can be modified and examined, but it can not be saved -// or committed because it is not associated with a working container. -func ImportBuilderFromImage(ctx context.Context, store storage.Store, options ImportFromImageOptions) (*Builder, error) { - return importBuilderFromImage(ctx, store, options) -} - -// OpenBuilder loads information about a build container given its name or ID. -func OpenBuilder(store storage.Store, container string) (*Builder, error) { - cdir, err := store.ContainerDirectory(container) - if err != nil { - return nil, err - } - buildstate, err := ioutil.ReadFile(filepath.Join(cdir, stateFile)) - if err != nil { - return nil, err - } - b := &Builder{} - err = json.Unmarshal(buildstate, &b) - if err != nil { - return nil, err - } - if b.Type != containerType { - return nil, errors.Errorf("container is not a %s container", Package) - } - b.store = store - b.fixupConfig() - return b, nil -} - -// OpenBuilderByPath loads information about a build container given a -// path to the container's root filesystem -func OpenBuilderByPath(store storage.Store, path string) (*Builder, error) { - containers, err := store.Containers() - if err != nil { - return nil, err - } - abs, err := filepath.Abs(path) - if err != nil { - return nil, err - } - builderMatchesPath := func(b *Builder, path string) bool { - return (b.MountPoint == path) - } - for _, container := range containers { - cdir, err := store.ContainerDirectory(container.ID) - if err != nil { - return nil, err - } - buildstate, err := ioutil.ReadFile(filepath.Join(cdir, stateFile)) - if err != nil { - return nil, err - } - b := &Builder{} - err = json.Unmarshal(buildstate, &b) - if err == nil && b.Type == containerType && builderMatchesPath(b, abs) { - b.store = store - b.fixupConfig() - return b, nil - } - } - return nil, storage.ErrContainerUnknown -} - -// OpenAllBuilders loads all containers which have a state file that we use in -// their data directory, typically so that they can be listed. -func OpenAllBuilders(store storage.Store) (builders []*Builder, err error) { - containers, err := store.Containers() - if err != nil { - return nil, err - } - for _, container := range containers { - cdir, err := store.ContainerDirectory(container.ID) - if err != nil { - return nil, err - } - buildstate, err := ioutil.ReadFile(filepath.Join(cdir, stateFile)) - if err != nil && os.IsNotExist(err) { - continue - } - b := &Builder{} - err = json.Unmarshal(buildstate, &b) - if err == nil && b.Type == containerType { - b.store = store - b.fixupConfig() - builders = append(builders, b) - } - } - return builders, nil -} - -// Save saves the builder's current state to the build container's metadata. -// This should not need to be called directly, as other methods of the Builder -// object take care of saving their state. -func (b *Builder) Save() error { - buildstate, err := json.Marshal(b) - if err != nil { - return err - } - cdir, err := b.store.ContainerDirectory(b.ContainerID) - if err != nil { - return err - } - return ioutils.AtomicWriteFile(filepath.Join(cdir, stateFile), buildstate, 0600) -} |