diff options
Diffstat (limited to 'vendor/github.com/projectatomic/buildah')
10 files changed, 82 insertions, 41 deletions
diff --git a/vendor/github.com/projectatomic/buildah/add.go b/vendor/github.com/projectatomic/buildah/add.go index 93ecba9f4..1aad8ad37 100644 --- a/vendor/github.com/projectatomic/buildah/add.go +++ b/vendor/github.com/projectatomic/buildah/add.go @@ -11,12 +11,12 @@ import ( "syscall" "time" + "github.com/containers/libpod/pkg/chrootuser" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/idtools" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/projectatomic/buildah/util" - "github.com/projectatomic/libpod/pkg/chrootuser" "github.com/sirupsen/logrus" ) diff --git a/vendor/github.com/projectatomic/buildah/buildah.go b/vendor/github.com/projectatomic/buildah/buildah.go index b435895e7..32785a26f 100644 --- a/vendor/github.com/projectatomic/buildah/buildah.go +++ b/vendor/github.com/projectatomic/buildah/buildah.go @@ -146,7 +146,6 @@ type Builder struct { // Image metadata and runtime settings, in multiple formats. OCIv1 v1.Image `json:"ociv1,omitempty"` Docker docker.V2Image `json:"docker,omitempty"` - // DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format. DefaultMountsFilePath string `json:"defaultMountsFilePath,omitempty"` @@ -292,7 +291,6 @@ type CommonBuildOptions struct { // BuilderOptions are used to initialize a new Builder. type BuilderOptions struct { - // Args define variables that users can pass at build-time to the builder Args map[string]string // FromImage is the name of the image which should be used as the @@ -360,9 +358,7 @@ type BuilderOptions struct { // after processing the AddCapabilities set, when running commands in the // container. If a capability appears in both lists, it will be dropped. DropCapabilities []string - // ImageOnly is a boolean designating that we wish to only pull the image and - // to not create a container from it. Used by pull command. - ImageOnly bool + CommonBuildOpts *CommonBuildOptions } diff --git a/vendor/github.com/projectatomic/buildah/chroot/run.go b/vendor/github.com/projectatomic/buildah/chroot/run.go index 286f3c7ac..2cae5b9da 100644 --- a/vendor/github.com/projectatomic/buildah/chroot/run.go +++ b/vendor/github.com/projectatomic/buildah/chroot/run.go @@ -933,7 +933,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } logrus.Debugf("bind mounted %q to %q", "/dev", filepath.Join(spec.Root.Path, "/dev")) - // Bind /proc read-write. + // Bind /proc read-only. subProc := filepath.Join(spec.Root.Path, "/proc") if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil { if os.IsNotExist(err) { @@ -1131,6 +1131,15 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } } + // Create an empty directory for to use for masking directories. + roEmptyDir := filepath.Join(bundlePath, "empty") + if len(spec.Linux.MaskedPaths) > 0 { + if err := os.Mkdir(roEmptyDir, 0700); err != nil { + return undoBinds, errors.Wrapf(err, "error creating empty directory %q", roEmptyDir) + } + removes = append(removes, roEmptyDir) + } + // Set up any masked paths that we need to. If we're running inside of // a container, some of these locations will already be read-only tmpfs // filesystems or bind mounted to os.DevNull. If we're not running @@ -1218,10 +1227,10 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } } } - // The target's a directory, so mount a read-only tmpfs on it. - roFlags := uintptr(syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY) + // The target's a directory, so read-only bind mount an empty directory on it. + roFlags := uintptr(syscall.MS_BIND | syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY) if !isReadOnly || (hasContent && isAccessible) { - if err = unix.Mount("none", target, "tmpfs", roFlags, "size=0"); err != nil { + if err = unix.Mount(roEmptyDir, target, "bind", roFlags, ""); err != nil { return undoBinds, errors.Wrapf(err, "error masking directory %q in mount namespace", target) } if err = unix.Statfs(target, &fs); err != nil { diff --git a/vendor/github.com/projectatomic/buildah/config.go b/vendor/github.com/projectatomic/buildah/config.go index b39d2b6c6..731e3b80a 100644 --- a/vendor/github.com/projectatomic/buildah/config.go +++ b/vendor/github.com/projectatomic/buildah/config.go @@ -3,6 +3,7 @@ package buildah import ( "context" "encoding/json" + "os" "path/filepath" "runtime" "strings" @@ -260,11 +261,21 @@ func (b *Builder) Env() []string { // built using an image built from this container. func (b *Builder) SetEnv(k string, v string) { reset := func(s *[]string) { + getenv := func(name string) string { + for i := range *s { + val := strings.SplitN((*s)[i], "=", 2) + if len(val) == 2 && val[0] == name { + return val[1] + } + } + return name + } n := []string{} for i := range *s { if !strings.HasPrefix((*s)[i], k+"=") { n = append(n, (*s)[i]) } + v = os.Expand(v, getenv) } n = append(n, k+"="+v) *s = n diff --git a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go index c7182e15e..bcdcfb678 100644 --- a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go +++ b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go @@ -96,6 +96,8 @@ type BuildOptions struct { // is supplied, the message will be sent to Err (or os.Stderr, if Err // is nil) by default. Log func(format string, args ...interface{}) + // In is connected to stdin for RUN instructions. + In io.Reader // Out is a place where non-error log messages are sent. Out io.Writer // Err is a place where error log messages should be sent. @@ -190,6 +192,7 @@ type Executor struct { outputFormat string additionalTags []string log func(format string, args ...interface{}) + in io.Reader out io.Writer err io.Writer signaturePolicyPath string @@ -471,11 +474,15 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { if b.builder == nil { return errors.Errorf("no build container available") } - devNull, err := os.Open(os.DevNull) - if err != nil { - return errors.Errorf("error opening %q for reading: %v", os.DevNull, err) + stdin := b.in + if stdin == nil { + devNull, err := os.Open(os.DevNull) + if err != nil { + return errors.Errorf("error opening %q for reading: %v", os.DevNull, err) + } + defer devNull.Close() + stdin = devNull } - defer devNull.Close() options := buildah.RunOptions{ Hostname: config.Hostname, Runtime: b.runtime, @@ -486,7 +493,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { WorkingDir: config.WorkingDir, Entrypoint: config.Entrypoint, Cmd: config.Cmd, - Stdin: devNull, + Stdin: stdin, Stdout: b.out, Stderr: b.err, Quiet: b.quiet, @@ -504,7 +511,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { if err := b.volumeCacheSave(); err != nil { return err } - err = b.builder.Run(args, options) + err := b.builder.Run(args, options) if err2 := b.volumeCacheRestore(); err2 != nil { if err == nil { return err2 @@ -557,6 +564,7 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) { volumeCache: make(map[string]string), volumeCacheInfo: make(map[string]os.FileInfo), log: options.Log, + in: options.In, out: options.Out, err: options.Err, reportWriter: options.ReportWriter, diff --git a/vendor/github.com/projectatomic/buildah/new.go b/vendor/github.com/projectatomic/buildah/new.go index 60d217552..1895bae48 100644 --- a/vendor/github.com/projectatomic/buildah/new.go +++ b/vendor/github.com/projectatomic/buildah/new.go @@ -66,7 +66,13 @@ func reserveSELinuxLabels(store storage.Store, id string) error { } func pullAndFindImage(ctx context.Context, store storage.Store, imageName string, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) { - ref, err := pullImage(ctx, store, imageName, options, sc) + pullOptions := PullOptions{ + ReportWriter: options.ReportWriter, + Store: store, + SystemContext: options.SystemContext, + Transport: options.Transport, + } + ref, err := pullImage(ctx, store, imageName, pullOptions, sc) if err != nil { logrus.Debugf("error pulling image %q: %v", imageName, err) return nil, nil, err @@ -248,15 +254,6 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions defer src.Close() } - // If the pull command was used, we only pull the image, - // we don't create a container. - if options.ImageOnly { - imgBuilder := &Builder{ - FromImageID: imageID, - } - return imgBuilder, nil - } - name := "working-container" if options.Container != "" { name = options.Container diff --git a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go index de3326842..39a1773e4 100644 --- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go +++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go @@ -176,10 +176,6 @@ var ( Name: "squash", Usage: "Squash newly built layers into a single new layer. The build process does not currently support caching so this is a NOOP.", }, - cli.BoolTFlag{ - Name: "stream", - Usage: "There is no daemon in use, so this command is a NOOP.", - }, cli.StringSliceFlag{ Name: "tag, t", Usage: "tagged `name` to apply to the built image", diff --git a/vendor/github.com/projectatomic/buildah/pull.go b/vendor/github.com/projectatomic/buildah/pull.go index e9ce03f02..48d7f76ed 100644 --- a/vendor/github.com/projectatomic/buildah/pull.go +++ b/vendor/github.com/projectatomic/buildah/pull.go @@ -2,6 +2,7 @@ package buildah import ( "context" + "io" "strings" cp "github.com/containers/image/copy" @@ -20,6 +21,28 @@ import ( "github.com/sirupsen/logrus" ) +// PullOptions can be used to alter how an image is copied in from somewhere. +type PullOptions struct { + // SignaturePolicyPath specifies an override location for the signature + // policy which should be used for verifying the new image as it is + // being written. Except in specific circumstances, no value should be + // specified, indicating that the shared, system-wide default policy + // should be used. + SignaturePolicyPath string + // ReportWriter is an io.Writer which will be used to log the writing + // of the new image. + ReportWriter io.Writer + // Store is the local storage store which holds the source image. + Store storage.Store + // github.com/containers/image/types SystemContext to hold credentials + // and other authentication/authorization information. + SystemContext *types.SystemContext + // Transport is a value which is prepended to the image's name, if the + // image name alone can not be resolved to a reference to a source + // image. No separator is implicitly added. + Transport string +} + func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference, spec string) (string, error) { if srcRef == nil { return "", errors.Errorf("reference to image is empty") @@ -112,7 +135,13 @@ func localImageNameForReference(ctx context.Context, store storage.Store, srcRef return name, nil } -func pullImage(ctx context.Context, store storage.Store, imageName string, options BuilderOptions, sc *types.SystemContext) (types.ImageReference, error) { +// Pull copies the contents of the image from somewhere else. +func Pull(ctx context.Context, imageName string, options PullOptions) (types.ImageReference, error) { + systemContext := getSystemContext(options.SystemContext, options.SignaturePolicyPath) + return pullImage(ctx, options.Store, imageName, options, systemContext) +} + +func pullImage(ctx context.Context, store storage.Store, imageName string, options PullOptions, sc *types.SystemContext) (types.ImageReference, error) { spec := imageName srcRef, err := alltransports.ParseImageName(spec) if err != nil { @@ -144,12 +173,6 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio return nil, errors.Wrapf(err, "error parsing image name %q", destName) } - img, err := srcRef.NewImageSource(ctx, sc) - if err != nil { - return nil, errors.Wrapf(err, "error initializing %q as an image source", spec) - } - img.Close() - policy, err := signature.DefaultPolicy(sc) if err != nil { return nil, errors.Wrapf(err, "error obtaining default signature policy") diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index e91b02588..71a76862e 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -19,6 +19,7 @@ import ( "time" "github.com/containernetworking/cni/libcni" + "github.com/containers/libpod/pkg/secrets" "github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/ioutils" "github.com/containers/storage/pkg/reexec" @@ -31,7 +32,6 @@ import ( "github.com/projectatomic/buildah/bind" "github.com/projectatomic/buildah/chroot" "github.com/projectatomic/buildah/util" - "github.com/projectatomic/libpod/pkg/secrets" "github.com/sirupsen/logrus" "golang.org/x/crypto/ssh/terminal" "golang.org/x/sys/unix" @@ -1094,7 +1094,7 @@ func (b *Builder) Run(command []string, options RunOptions) error { } } options.Args = append(options.Args, rootlessFlag...) - err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, []string{"--no-new-keyring", "--no-pivot"}, spec, mountPoint, path, Package+"-"+filepath.Base(path)) + err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, []string{"--no-new-keyring"}, spec, mountPoint, path, Package+"-"+filepath.Base(path)) default: err = errors.Errorf("don't know how to run this command") } diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf index 45f25d8d6..3fec2d1f1 100644 --- a/vendor/github.com/projectatomic/buildah/vendor.conf +++ b/vendor/github.com/projectatomic/buildah/vendor.conf @@ -7,7 +7,7 @@ github.com/seccomp/containers-golang master github.com/containers/image 216acb1bcd2c1abef736ee322e17147ee2b7d76c github.com/containers/storage 17c7d1fee5603ccf6dd97edc14162fc1510e7e23 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 -github.com/docker/docker b8571fd81c7d2223c9ecbf799c693e3ef1daaea9 +github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 github.com/docker/engine-api master github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d @@ -42,7 +42,8 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 github.com/pborman/uuid master github.com/pkg/errors master github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac -github.com/projectatomic/libpod master +github.com/containers/libpod master +github.com/containers/libpod master github.com/sirupsen/logrus master github.com/syndtr/gocapability master github.com/tchap/go-patricia master |