summaryrefslogtreecommitdiff
path: root/vendor/github.com/projectatomic/buildah
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/projectatomic/buildah')
-rw-r--r--vendor/github.com/projectatomic/buildah/add.go2
-rw-r--r--vendor/github.com/projectatomic/buildah/buildah.go6
-rw-r--r--vendor/github.com/projectatomic/buildah/chroot/run.go17
-rw-r--r--vendor/github.com/projectatomic/buildah/config.go11
-rw-r--r--vendor/github.com/projectatomic/buildah/imagebuildah/build.go20
-rw-r--r--vendor/github.com/projectatomic/buildah/new.go17
-rw-r--r--vendor/github.com/projectatomic/buildah/pkg/cli/common.go4
-rw-r--r--vendor/github.com/projectatomic/buildah/pull.go37
-rw-r--r--vendor/github.com/projectatomic/buildah/run.go4
-rw-r--r--vendor/github.com/projectatomic/buildah/vendor.conf5
10 files changed, 82 insertions, 41 deletions
diff --git a/vendor/github.com/projectatomic/buildah/add.go b/vendor/github.com/projectatomic/buildah/add.go
index 93ecba9f4..1aad8ad37 100644
--- a/vendor/github.com/projectatomic/buildah/add.go
+++ b/vendor/github.com/projectatomic/buildah/add.go
@@ -11,12 +11,12 @@ import (
"syscall"
"time"
+ "github.com/containers/libpod/pkg/chrootuser"
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/idtools"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/projectatomic/buildah/util"
- "github.com/projectatomic/libpod/pkg/chrootuser"
"github.com/sirupsen/logrus"
)
diff --git a/vendor/github.com/projectatomic/buildah/buildah.go b/vendor/github.com/projectatomic/buildah/buildah.go
index b435895e7..32785a26f 100644
--- a/vendor/github.com/projectatomic/buildah/buildah.go
+++ b/vendor/github.com/projectatomic/buildah/buildah.go
@@ -146,7 +146,6 @@ type Builder struct {
// Image metadata and runtime settings, in multiple formats.
OCIv1 v1.Image `json:"ociv1,omitempty"`
Docker docker.V2Image `json:"docker,omitempty"`
-
// DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format.
DefaultMountsFilePath string `json:"defaultMountsFilePath,omitempty"`
@@ -292,7 +291,6 @@ type CommonBuildOptions struct {
// BuilderOptions are used to initialize a new Builder.
type BuilderOptions struct {
-
// Args define variables that users can pass at build-time to the builder
Args map[string]string
// FromImage is the name of the image which should be used as the
@@ -360,9 +358,7 @@ type BuilderOptions struct {
// after processing the AddCapabilities set, when running commands in the
// container. If a capability appears in both lists, it will be dropped.
DropCapabilities []string
- // ImageOnly is a boolean designating that we wish to only pull the image and
- // to not create a container from it. Used by pull command.
- ImageOnly bool
+
CommonBuildOpts *CommonBuildOptions
}
diff --git a/vendor/github.com/projectatomic/buildah/chroot/run.go b/vendor/github.com/projectatomic/buildah/chroot/run.go
index 286f3c7ac..2cae5b9da 100644
--- a/vendor/github.com/projectatomic/buildah/chroot/run.go
+++ b/vendor/github.com/projectatomic/buildah/chroot/run.go
@@ -933,7 +933,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
}
logrus.Debugf("bind mounted %q to %q", "/dev", filepath.Join(spec.Root.Path, "/dev"))
- // Bind /proc read-write.
+ // Bind /proc read-only.
subProc := filepath.Join(spec.Root.Path, "/proc")
if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
if os.IsNotExist(err) {
@@ -1131,6 +1131,15 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
}
}
+ // Create an empty directory for to use for masking directories.
+ roEmptyDir := filepath.Join(bundlePath, "empty")
+ if len(spec.Linux.MaskedPaths) > 0 {
+ if err := os.Mkdir(roEmptyDir, 0700); err != nil {
+ return undoBinds, errors.Wrapf(err, "error creating empty directory %q", roEmptyDir)
+ }
+ removes = append(removes, roEmptyDir)
+ }
+
// Set up any masked paths that we need to. If we're running inside of
// a container, some of these locations will already be read-only tmpfs
// filesystems or bind mounted to os.DevNull. If we're not running
@@ -1218,10 +1227,10 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
}
}
}
- // The target's a directory, so mount a read-only tmpfs on it.
- roFlags := uintptr(syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY)
+ // The target's a directory, so read-only bind mount an empty directory on it.
+ roFlags := uintptr(syscall.MS_BIND | syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY)
if !isReadOnly || (hasContent && isAccessible) {
- if err = unix.Mount("none", target, "tmpfs", roFlags, "size=0"); err != nil {
+ if err = unix.Mount(roEmptyDir, target, "bind", roFlags, ""); err != nil {
return undoBinds, errors.Wrapf(err, "error masking directory %q in mount namespace", target)
}
if err = unix.Statfs(target, &fs); err != nil {
diff --git a/vendor/github.com/projectatomic/buildah/config.go b/vendor/github.com/projectatomic/buildah/config.go
index b39d2b6c6..731e3b80a 100644
--- a/vendor/github.com/projectatomic/buildah/config.go
+++ b/vendor/github.com/projectatomic/buildah/config.go
@@ -3,6 +3,7 @@ package buildah
import (
"context"
"encoding/json"
+ "os"
"path/filepath"
"runtime"
"strings"
@@ -260,11 +261,21 @@ func (b *Builder) Env() []string {
// built using an image built from this container.
func (b *Builder) SetEnv(k string, v string) {
reset := func(s *[]string) {
+ getenv := func(name string) string {
+ for i := range *s {
+ val := strings.SplitN((*s)[i], "=", 2)
+ if len(val) == 2 && val[0] == name {
+ return val[1]
+ }
+ }
+ return name
+ }
n := []string{}
for i := range *s {
if !strings.HasPrefix((*s)[i], k+"=") {
n = append(n, (*s)[i])
}
+ v = os.Expand(v, getenv)
}
n = append(n, k+"="+v)
*s = n
diff --git a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
index c7182e15e..bcdcfb678 100644
--- a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
+++ b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
@@ -96,6 +96,8 @@ type BuildOptions struct {
// is supplied, the message will be sent to Err (or os.Stderr, if Err
// is nil) by default.
Log func(format string, args ...interface{})
+ // In is connected to stdin for RUN instructions.
+ In io.Reader
// Out is a place where non-error log messages are sent.
Out io.Writer
// Err is a place where error log messages should be sent.
@@ -190,6 +192,7 @@ type Executor struct {
outputFormat string
additionalTags []string
log func(format string, args ...interface{})
+ in io.Reader
out io.Writer
err io.Writer
signaturePolicyPath string
@@ -471,11 +474,15 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error {
if b.builder == nil {
return errors.Errorf("no build container available")
}
- devNull, err := os.Open(os.DevNull)
- if err != nil {
- return errors.Errorf("error opening %q for reading: %v", os.DevNull, err)
+ stdin := b.in
+ if stdin == nil {
+ devNull, err := os.Open(os.DevNull)
+ if err != nil {
+ return errors.Errorf("error opening %q for reading: %v", os.DevNull, err)
+ }
+ defer devNull.Close()
+ stdin = devNull
}
- defer devNull.Close()
options := buildah.RunOptions{
Hostname: config.Hostname,
Runtime: b.runtime,
@@ -486,7 +493,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error {
WorkingDir: config.WorkingDir,
Entrypoint: config.Entrypoint,
Cmd: config.Cmd,
- Stdin: devNull,
+ Stdin: stdin,
Stdout: b.out,
Stderr: b.err,
Quiet: b.quiet,
@@ -504,7 +511,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error {
if err := b.volumeCacheSave(); err != nil {
return err
}
- err = b.builder.Run(args, options)
+ err := b.builder.Run(args, options)
if err2 := b.volumeCacheRestore(); err2 != nil {
if err == nil {
return err2
@@ -557,6 +564,7 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) {
volumeCache: make(map[string]string),
volumeCacheInfo: make(map[string]os.FileInfo),
log: options.Log,
+ in: options.In,
out: options.Out,
err: options.Err,
reportWriter: options.ReportWriter,
diff --git a/vendor/github.com/projectatomic/buildah/new.go b/vendor/github.com/projectatomic/buildah/new.go
index 60d217552..1895bae48 100644
--- a/vendor/github.com/projectatomic/buildah/new.go
+++ b/vendor/github.com/projectatomic/buildah/new.go
@@ -66,7 +66,13 @@ func reserveSELinuxLabels(store storage.Store, id string) error {
}
func pullAndFindImage(ctx context.Context, store storage.Store, imageName string, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) {
- ref, err := pullImage(ctx, store, imageName, options, sc)
+ pullOptions := PullOptions{
+ ReportWriter: options.ReportWriter,
+ Store: store,
+ SystemContext: options.SystemContext,
+ Transport: options.Transport,
+ }
+ ref, err := pullImage(ctx, store, imageName, pullOptions, sc)
if err != nil {
logrus.Debugf("error pulling image %q: %v", imageName, err)
return nil, nil, err
@@ -248,15 +254,6 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
defer src.Close()
}
- // If the pull command was used, we only pull the image,
- // we don't create a container.
- if options.ImageOnly {
- imgBuilder := &Builder{
- FromImageID: imageID,
- }
- return imgBuilder, nil
- }
-
name := "working-container"
if options.Container != "" {
name = options.Container
diff --git a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
index de3326842..39a1773e4 100644
--- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
+++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
@@ -176,10 +176,6 @@ var (
Name: "squash",
Usage: "Squash newly built layers into a single new layer. The build process does not currently support caching so this is a NOOP.",
},
- cli.BoolTFlag{
- Name: "stream",
- Usage: "There is no daemon in use, so this command is a NOOP.",
- },
cli.StringSliceFlag{
Name: "tag, t",
Usage: "tagged `name` to apply to the built image",
diff --git a/vendor/github.com/projectatomic/buildah/pull.go b/vendor/github.com/projectatomic/buildah/pull.go
index e9ce03f02..48d7f76ed 100644
--- a/vendor/github.com/projectatomic/buildah/pull.go
+++ b/vendor/github.com/projectatomic/buildah/pull.go
@@ -2,6 +2,7 @@ package buildah
import (
"context"
+ "io"
"strings"
cp "github.com/containers/image/copy"
@@ -20,6 +21,28 @@ import (
"github.com/sirupsen/logrus"
)
+// PullOptions can be used to alter how an image is copied in from somewhere.
+type PullOptions struct {
+ // SignaturePolicyPath specifies an override location for the signature
+ // policy which should be used for verifying the new image as it is
+ // being written. Except in specific circumstances, no value should be
+ // specified, indicating that the shared, system-wide default policy
+ // should be used.
+ SignaturePolicyPath string
+ // ReportWriter is an io.Writer which will be used to log the writing
+ // of the new image.
+ ReportWriter io.Writer
+ // Store is the local storage store which holds the source image.
+ Store storage.Store
+ // github.com/containers/image/types SystemContext to hold credentials
+ // and other authentication/authorization information.
+ SystemContext *types.SystemContext
+ // Transport is a value which is prepended to the image's name, if the
+ // image name alone can not be resolved to a reference to a source
+ // image. No separator is implicitly added.
+ Transport string
+}
+
func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference, spec string) (string, error) {
if srcRef == nil {
return "", errors.Errorf("reference to image is empty")
@@ -112,7 +135,13 @@ func localImageNameForReference(ctx context.Context, store storage.Store, srcRef
return name, nil
}
-func pullImage(ctx context.Context, store storage.Store, imageName string, options BuilderOptions, sc *types.SystemContext) (types.ImageReference, error) {
+// Pull copies the contents of the image from somewhere else.
+func Pull(ctx context.Context, imageName string, options PullOptions) (types.ImageReference, error) {
+ systemContext := getSystemContext(options.SystemContext, options.SignaturePolicyPath)
+ return pullImage(ctx, options.Store, imageName, options, systemContext)
+}
+
+func pullImage(ctx context.Context, store storage.Store, imageName string, options PullOptions, sc *types.SystemContext) (types.ImageReference, error) {
spec := imageName
srcRef, err := alltransports.ParseImageName(spec)
if err != nil {
@@ -144,12 +173,6 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio
return nil, errors.Wrapf(err, "error parsing image name %q", destName)
}
- img, err := srcRef.NewImageSource(ctx, sc)
- if err != nil {
- return nil, errors.Wrapf(err, "error initializing %q as an image source", spec)
- }
- img.Close()
-
policy, err := signature.DefaultPolicy(sc)
if err != nil {
return nil, errors.Wrapf(err, "error obtaining default signature policy")
diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go
index e91b02588..71a76862e 100644
--- a/vendor/github.com/projectatomic/buildah/run.go
+++ b/vendor/github.com/projectatomic/buildah/run.go
@@ -19,6 +19,7 @@ import (
"time"
"github.com/containernetworking/cni/libcni"
+ "github.com/containers/libpod/pkg/secrets"
"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/ioutils"
"github.com/containers/storage/pkg/reexec"
@@ -31,7 +32,6 @@ import (
"github.com/projectatomic/buildah/bind"
"github.com/projectatomic/buildah/chroot"
"github.com/projectatomic/buildah/util"
- "github.com/projectatomic/libpod/pkg/secrets"
"github.com/sirupsen/logrus"
"golang.org/x/crypto/ssh/terminal"
"golang.org/x/sys/unix"
@@ -1094,7 +1094,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
}
}
options.Args = append(options.Args, rootlessFlag...)
- err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, []string{"--no-new-keyring", "--no-pivot"}, spec, mountPoint, path, Package+"-"+filepath.Base(path))
+ err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, []string{"--no-new-keyring"}, spec, mountPoint, path, Package+"-"+filepath.Base(path))
default:
err = errors.Errorf("don't know how to run this command")
}
diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf
index 45f25d8d6..3fec2d1f1 100644
--- a/vendor/github.com/projectatomic/buildah/vendor.conf
+++ b/vendor/github.com/projectatomic/buildah/vendor.conf
@@ -7,7 +7,7 @@ github.com/seccomp/containers-golang master
github.com/containers/image 216acb1bcd2c1abef736ee322e17147ee2b7d76c
github.com/containers/storage 17c7d1fee5603ccf6dd97edc14162fc1510e7e23
github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
-github.com/docker/docker b8571fd81c7d2223c9ecbf799c693e3ef1daaea9
+github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1
github.com/docker/engine-api master
github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
@@ -42,7 +42,8 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460
github.com/pborman/uuid master
github.com/pkg/errors master
github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac
-github.com/projectatomic/libpod master
+github.com/containers/libpod master
+github.com/containers/libpod master
github.com/sirupsen/logrus master
github.com/syndtr/gocapability master
github.com/tchap/go-patricia master