summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/projectatomic/buildah/add.go27
-rw-r--r--vendor/github.com/projectatomic/buildah/buildah.go4
-rw-r--r--vendor/github.com/projectatomic/buildah/commit.go4
-rw-r--r--vendor/github.com/projectatomic/buildah/image.go7
-rw-r--r--vendor/github.com/projectatomic/buildah/imagebuildah/build.go286
-rw-r--r--vendor/github.com/projectatomic/buildah/new.go3
-rw-r--r--vendor/github.com/projectatomic/buildah/pkg/cli/common.go20
-rw-r--r--vendor/github.com/projectatomic/buildah/run.go13
-rw-r--r--vendor/github.com/projectatomic/buildah/util.go51
-rw-r--r--vendor/github.com/projectatomic/buildah/util/util.go5
-rw-r--r--vendor/github.com/projectatomic/buildah/vendor.conf2
11 files changed, 384 insertions, 38 deletions
diff --git a/vendor/github.com/projectatomic/buildah/add.go b/vendor/github.com/projectatomic/buildah/add.go
index ee2cf253a..5c53c8dda 100644
--- a/vendor/github.com/projectatomic/buildah/add.go
+++ b/vendor/github.com/projectatomic/buildah/add.go
@@ -19,15 +19,24 @@ import (
"github.com/sirupsen/logrus"
)
-//AddAndCopyOptions holds options for add and copy commands.
+// AddAndCopyOptions holds options for add and copy commands.
type AddAndCopyOptions struct {
+ // Chown is a spec for the user who should be given ownership over the
+ // newly-added content, potentially overriding permissions which would
+ // otherwise match those of local files and directories being copied.
Chown string
+ // All of the data being copied will pass through Hasher, if set.
+ // If the sources are URLs or files, their contents will be passed to
+ // Hasher.
+ // If the sources include directory trees, Hasher will be passed
+ // tar-format archives of the directory trees.
+ Hasher io.Writer
}
// addURL copies the contents of the source URL to the destination. This is
// its own function so that deferred closes happen after we're done pulling
// down each item of potentially many.
-func addURL(destination, srcurl string, owner idtools.IDPair) error {
+func addURL(destination, srcurl string, owner idtools.IDPair, hasher io.Writer) error {
logrus.Debugf("saving %q to %q", srcurl, destination)
resp, err := http.Get(srcurl)
if err != nil {
@@ -53,7 +62,11 @@ func addURL(destination, srcurl string, owner idtools.IDPair) error {
}
}
defer f.Close()
- n, err := io.Copy(f, resp.Body)
+ bodyReader := io.Reader(resp.Body)
+ if hasher != nil {
+ bodyReader = io.TeeReader(bodyReader, hasher)
+ }
+ n, err := io.Copy(f, bodyReader)
if err != nil {
return errors.Wrapf(err, "error reading contents for %q", destination)
}
@@ -122,9 +135,9 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
if len(source) > 1 && (destfi == nil || !destfi.IsDir()) {
return errors.Errorf("destination %q is not a directory", dest)
}
- copyFileWithTar := b.copyFileWithTar(&containerOwner)
- copyWithTar := b.copyWithTar(&containerOwner)
- untarPath := b.untarPath(nil)
+ copyFileWithTar := b.copyFileWithTar(&containerOwner, options.Hasher)
+ copyWithTar := b.copyWithTar(&containerOwner, options.Hasher)
+ untarPath := b.untarPath(nil, options.Hasher)
for _, src := range source {
if strings.HasPrefix(src, "http://") || strings.HasPrefix(src, "https://") {
// We assume that source is a file, and we're copying
@@ -140,7 +153,7 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
if destfi != nil && destfi.IsDir() {
d = filepath.Join(dest, path.Base(url.Path))
}
- if err := addURL(d, src, hostOwner); err != nil {
+ if err := addURL(d, src, hostOwner, options.Hasher); err != nil {
return err
}
continue
diff --git a/vendor/github.com/projectatomic/buildah/buildah.go b/vendor/github.com/projectatomic/buildah/buildah.go
index e90e2ee68..5d241564c 100644
--- a/vendor/github.com/projectatomic/buildah/buildah.go
+++ b/vendor/github.com/projectatomic/buildah/buildah.go
@@ -23,7 +23,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.0"
+ Version = "1.2-dev"
// The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to
@@ -165,6 +165,8 @@ type Builder struct {
IDMappingOptions IDMappingOptions
CommonBuildOpts *CommonBuildOptions
+ // TopLayer is the top layer of the image
+ TopLayer string
}
// BuilderInfo are used as objects to display container information
diff --git a/vendor/github.com/projectatomic/buildah/commit.go b/vendor/github.com/projectatomic/buildah/commit.go
index ab46a0643..3c5958f2d 100644
--- a/vendor/github.com/projectatomic/buildah/commit.go
+++ b/vendor/github.com/projectatomic/buildah/commit.go
@@ -55,6 +55,8 @@ type CommitOptions struct {
// OnBuild is a list of commands to be run by images based on this image
OnBuild []string
+ // Parent is the base image that this image was created by.
+ Parent string
}
// PushOptions can be used to alter how an image is copied somewhere.
@@ -106,7 +108,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
// Check if we're keeping everything in local storage. If so, we can take certain shortcuts.
_, destIsStorage := dest.Transport().(is.StoreTransport)
exporting := !destIsStorage
- src, err := b.makeImageRef(options.PreferredManifestType, exporting, options.Squash, options.Compression, options.HistoryTimestamp)
+ src, err := b.makeImageRef(options.PreferredManifestType, options.Parent, exporting, options.Squash, options.Compression, options.HistoryTimestamp)
if err != nil {
return imgID, errors.Wrapf(err, "error computing layer digests and building metadata")
}
diff --git a/vendor/github.com/projectatomic/buildah/image.go b/vendor/github.com/projectatomic/buildah/image.go
index 1cb5d7022..070f721d4 100644
--- a/vendor/github.com/projectatomic/buildah/image.go
+++ b/vendor/github.com/projectatomic/buildah/image.go
@@ -55,6 +55,7 @@ type containerImageRef struct {
exporting bool
squash bool
tarPath func(path string) (io.ReadCloser, error)
+ parent string
}
type containerImageSource struct {
@@ -178,6 +179,7 @@ func (i *containerImageRef) createConfigsAndManifests() (v1.Image, v1.Manifest,
if err := json.Unmarshal(i.dconfig, &dimage); err != nil {
return v1.Image{}, v1.Manifest{}, docker.V2Image{}, docker.V2S2Manifest{}, err
}
+ dimage.Parent = docker.ID(digest.FromString(i.parent))
// Always replace this value, since we're newer than our base image.
dimage.Created = created
// Clear the list of diffIDs, since we always repopulate it.
@@ -404,6 +406,7 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System
EmptyLayer: false,
}
dimage.History = append(dimage.History, dnews)
+ dimage.Parent = docker.ID(digest.FromString(i.parent))
// Sanity check that we didn't just create a mismatch between non-empty layers in the
// history and the number of diffIDs.
@@ -578,7 +581,7 @@ func (i *containerImageSource) GetBlob(ctx context.Context, blob types.BlobInfo)
return ioutils.NewReadCloserWrapper(layerFile, closer), size, nil
}
-func (b *Builder) makeImageRef(manifestType string, exporting bool, squash bool, compress archive.Compression, historyTimestamp *time.Time) (types.ImageReference, error) {
+func (b *Builder) makeImageRef(manifestType, parent string, exporting bool, squash bool, compress archive.Compression, historyTimestamp *time.Time) (types.ImageReference, error) {
var name reference.Named
container, err := b.store.Container(b.ContainerID)
if err != nil {
@@ -604,6 +607,7 @@ func (b *Builder) makeImageRef(manifestType string, exporting bool, squash bool,
if historyTimestamp != nil {
created = historyTimestamp.UTC()
}
+
ref := &containerImageRef{
store: b.store,
compression: compress,
@@ -622,6 +626,7 @@ func (b *Builder) makeImageRef(manifestType string, exporting bool, squash bool,
exporting: exporting,
squash: squash,
tarPath: b.tarPath(),
+ parent: parent,
}
return ref, nil
}
diff --git a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
index ce0734a2b..075e588ba 100644
--- a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
+++ b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go
@@ -9,6 +9,7 @@ import (
"path/filepath"
"strconv"
"strings"
+ "time"
is "github.com/containers/image/storage"
"github.com/containers/image/transports"
@@ -20,6 +21,7 @@ import (
"github.com/containers/storage/pkg/stringid"
"github.com/docker/docker/builder/dockerfile/parser"
docker "github.com/fsouza/go-dockerclient"
+ "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/openshift/imagebuilder"
"github.com/pkg/errors"
@@ -141,6 +143,11 @@ type BuildOptions struct {
Annotations []string
// OnBuild commands to be run by images based on this image
OnBuild []string
+ // Layers tells the builder to create a cache of images for each step in the Dockerfile
+ Layers bool
+ // NoCache tells the builder to build the image from scratch without checking for a cache.
+ // It creates a new set of cached images for the build.
+ NoCache bool
}
// Executor is a buildah-based implementation of the imagebuilder.Executor
@@ -187,6 +194,9 @@ type Executor struct {
labels []string
annotations []string
onbuild []string
+ layers bool
+ topLayers []string
+ noCache bool
}
// withName creates a new child executor that will be used whenever a COPY statement uses --from=NAME.
@@ -539,6 +549,8 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) {
squash: options.Squash,
labels: append([]string{}, options.Labels...),
annotations: append([]string{}, options.Annotations...),
+ layers: options.Layers,
+ noCache: options.NoCache,
}
if exec.err == nil {
exec.err = os.Stderr
@@ -646,6 +658,9 @@ func (b *Executor) Prepare(ctx context.Context, ib *imagebuilder.Builder, node *
}
b.mountPoint = mountPoint
b.builder = builder
+ // Add the top layer of this image to b.topLayers so we can keep track of them
+ // when building with cached images.
+ b.topLayers = append(b.topLayers, builder.TopLayer)
return nil
}
@@ -661,7 +676,9 @@ func (b *Executor) Delete() (err error) {
}
// Execute runs each of the steps in the parsed tree, in turn.
-func (b *Executor) Execute(ib *imagebuilder.Builder, node *parser.Node) error {
+func (b *Executor) Execute(ctx context.Context, ib *imagebuilder.Builder, node *parser.Node) error {
+ checkForLayers := true
+ children := node.Children
for i, node := range node.Children {
step := ib.Step()
if err := step.Resolve(node); err != nil {
@@ -675,42 +692,270 @@ func (b *Executor) Execute(ib *imagebuilder.Builder, node *parser.Node) error {
if i < len(node.Children)-1 {
requiresStart = ib.RequiresStart(&parser.Node{Children: node.Children[i+1:]})
}
- err := ib.Run(step, b, requiresStart)
- if err != nil {
- return errors.Wrapf(err, "error building at step %+v", *step)
+
+ if !b.layers && !b.noCache {
+ err := ib.Run(step, b, requiresStart)
+ if err != nil {
+ return errors.Wrapf(err, "error building at step %+v", *step)
+ }
+ continue
+ }
+
+ var (
+ cacheID string
+ err error
+ imgID string
+ )
+ // checkForLayers will be true if b.layers is true and a cached intermediate image is found.
+ // checkForLayers is set to false when either there is no cached image or a break occurs where
+ // the instructions in the Dockerfile change from a previous build.
+ // Don't check for cache if b.noCache is set to true.
+ if checkForLayers && !b.noCache {
+ cacheID, err = b.layerExists(ctx, node, children[:i])
+ if err != nil {
+ return errors.Wrap(err, "error checking if cached image exists from a previous build")
+ }
+ }
+ if cacheID == "" || !checkForLayers {
+ checkForLayers = false
+ err := ib.Run(step, b, requiresStart)
+ if err != nil {
+ return errors.Wrapf(err, "error building at step %+v", *step)
+ }
+ } else {
+ b.log("Using cache %s", cacheID)
+ }
+ // Commit if at the last step of the Dockerfile and a cached image is found.
+ // Also commit steps if no cache is found.
+ if (cacheID != "" && i == len(children)-1) || cacheID == "" {
+ imgID, err = b.Commit(ctx, ib, getCreatedBy(node))
+ if err != nil {
+ return errors.Wrapf(err, "error committing container for step %+v", *step)
+ }
+ if i == len(children)-1 {
+ b.log("COMMIT %s", b.output)
+ }
+ } else {
+ // Cache is found, assign imgID the id of the cached image so
+ // it is used to create the container for the next step.
+ imgID = cacheID
+ }
+ // Delete the intermediate container.
+ if err := b.Delete(); err != nil {
+ return errors.Wrap(err, "error deleting intermediate container")
+ }
+ // Prepare for the next step with imgID as the new base image.
+ if i != len(children)-1 {
+ if err := b.Prepare(ctx, ib, node, imgID); err != nil {
+ return errors.Wrap(err, "error preparing container for next step")
+ }
}
}
return nil
}
+// layerExists returns true if an intermediate image of currNode exists in the image store from a previous build.
+// It verifies tihis by checking the parent of the top layer of the image and the history.
+func (b *Executor) layerExists(ctx context.Context, currNode *parser.Node, children []*parser.Node) (string, error) {
+ // Get the list of images available in the image store
+ images, err := b.store.Images()
+ if err != nil {
+ return "", errors.Wrap(err, "error getting image list from store")
+ }
+ for _, image := range images {
+ layer, err := b.store.Layer(image.TopLayer)
+ if err != nil {
+ return "", errors.Wrapf(err, "error getting top layer info")
+ }
+ // If the parent of the top layer of an image is equal to the last entry in b.topLayers
+ // it means that this image is potentially a cached intermediate image from a previous
+ // build. Next we double check that the history of this image is equivalent to the previous
+ // lines in the Dockerfile up till the point we are at in the build.
+ if layer.Parent == b.topLayers[len(b.topLayers)-1] {
+ history, err := b.getImageHistory(ctx, image.ID)
+ if err != nil {
+ return "", errors.Wrapf(err, "error getting history of %q", image.ID)
+ }
+ // children + currNode is the point of the Dockerfile we are currently at.
+ if historyMatches(append(children, currNode), history) {
+ // This checks if the files copied during build have been changed if the node is
+ // a COPY or ADD command.
+ filesMatch, err := b.copiedFilesMatch(currNode, history[len(history)-1].Created)
+ if err != nil {
+ return "", errors.Wrapf(err, "error checking if copied files match")
+ }
+ if filesMatch {
+ return image.ID, nil
+ }
+ }
+ }
+ }
+ return "", nil
+}
+
+// getImageHistory returns the history of imageID.
+func (b *Executor) getImageHistory(ctx context.Context, imageID string) ([]v1.History, error) {
+ imageRef, err := is.Transport.ParseStoreReference(b.store, "@"+imageID)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error getting image reference %q", imageID)
+ }
+ ref, err := imageRef.NewImage(ctx, nil)
+ if err != nil {
+ return nil, errors.Wrap(err, "error creating new image from reference")
+ }
+ oci, err := ref.OCIConfig(ctx)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error getting oci config of image %q", imageID)
+ }
+ return oci.History, nil
+}
+
+// getCreatedBy returns the command the image at node will be created by.
+func getCreatedBy(node *parser.Node) string {
+ if node.Value == "run" {
+ return "/bin/sh -c " + node.Original[4:]
+ }
+ return "/bin/sh -c #(nop) " + node.Original
+}
+
+// historyMatches returns true if the history of the image matches the lines
+// in the Dockerfile till the point of build we are at.
+// Used to verify whether a cache of the intermediate image exists and whether
+// to run the build again.
+func historyMatches(children []*parser.Node, history []v1.History) bool {
+ i := len(history) - 1
+ for j := len(children) - 1; j >= 0; j-- {
+ instruction := children[j].Original
+ if children[j].Value == "run" {
+ instruction = instruction[4:]
+ }
+ if !strings.Contains(history[i].CreatedBy, instruction) {
+ return false
+ }
+ i--
+ }
+ return true
+}
+
+// getFilesToCopy goes through node to get all the src files that are copied, added or downloaded.
+// It is possible for the Dockerfile to have src as hom*, which means all files that have hom as a prefix.
+// Another format is hom?.txt, which means all files that have that name format with the ? replaced by another character.
+func (b *Executor) getFilesToCopy(node *parser.Node) ([]string, error) {
+ currNode := node.Next
+ var src []string
+ for currNode.Next != nil {
+ if currNode.Next == nil {
+ break
+ }
+ if strings.HasPrefix(currNode.Value, "http://") || strings.HasPrefix(currNode.Value, "https://") {
+ src = append(src, currNode.Value)
+ continue
+ }
+ matches, err := filepath.Glob(filepath.Join(b.contextDir, currNode.Value))
+ if err != nil {
+ return nil, errors.Wrapf(err, "error finding match for pattern %q", currNode.Value)
+ }
+ src = append(src, matches...)
+ currNode = currNode.Next
+ }
+ return src, nil
+}
+
+// copiedFilesMatch checks to see if the node instruction is a COPY or ADD.
+// If it is either of those two it checks the timestamps on all the files copied/added
+// by the dockerfile. If the host version has a time stamp greater than the time stamp
+// of the build, the build will not use the cached version and will rebuild.
+func (b *Executor) copiedFilesMatch(node *parser.Node, historyTime *time.Time) (bool, error) {
+ if node.Value != "add" && node.Value != "copy" {
+ return true, nil
+ }
+
+ src, err := b.getFilesToCopy(node)
+ if err != nil {
+ return false, err
+ }
+ for _, item := range src {
+ // for urls, check the Last-Modified field in the header.
+ if strings.HasPrefix(item, "http://") || strings.HasPrefix(item, "https://") {
+ urlContentNew, err := urlContentModified(item, historyTime)
+ if err != nil {
+ return false, err
+ }
+ if urlContentNew {
+ return false, nil
+ }
+ continue
+ }
+ // For local files, walk the file tree and check the time stamps.
+ timeIsGreater := false
+ err := filepath.Walk(item, func(path string, info os.FileInfo, err error) error {
+ if info.ModTime().After(*historyTime) {
+ timeIsGreater = true
+ return nil
+ }
+ return nil
+ })
+ if err != nil {
+ return false, errors.Wrapf(err, "error walking file tree %q", item)
+ }
+ if timeIsGreater {
+ return false, nil
+ }
+ }
+ return true, nil
+}
+
+// urlContentModified sends a get request to the url and checks if the header has a value in
+// Last-Modified, and if it does compares the time stamp to that of the history of the cached image.
+// returns true if there is no Last-Modified value in the header.
+func urlContentModified(url string, historyTime *time.Time) (bool, error) {
+ resp, err := http.Get(url)
+ if err != nil {
+ return false, errors.Wrapf(err, "error getting %q", url)
+ }
+ if lastModified := resp.Header.Get("Last-Modified"); lastModified != "" {
+ lastModifiedTime, err := time.Parse(time.RFC1123, lastModified)
+ if err != nil {
+ return false, errors.Wrapf(err, "error parsing time for %q", url)
+ }
+ return lastModifiedTime.After(*historyTime), nil
+ }
+ logrus.Debugf("Response header did not have Last-Modified %q, will rebuild.", url)
+ return true, nil
+}
+
// Commit writes the container's contents to an image, using a passed-in tag as
// the name if there is one, generating a unique ID-based one otherwise.
-func (b *Executor) Commit(ctx context.Context, ib *imagebuilder.Builder) (err error) {
- var imageRef types.ImageReference
+func (b *Executor) Commit(ctx context.Context, ib *imagebuilder.Builder, createdBy string) (string, error) {
+ var (
+ imageRef types.ImageReference
+ err error
+ )
if b.output != "" {
imageRef, err = alltransports.ParseImageName(b.output)
if err != nil {
candidates := util.ResolveName(b.output, "", b.systemContext, b.store)
if len(candidates) == 0 {
- return errors.Errorf("error parsing target image name %q", b.output)
+ return "", errors.Errorf("error parsing target image name %q", b.output)
}
imageRef2, err2 := is.Transport.ParseStoreReference(b.store, candidates[0])
if err2 != nil {
- return errors.Wrapf(err, "error parsing target image name %q", b.output)
+ return "", errors.Wrapf(err, "error parsing target image name %q", b.output)
}
imageRef = imageRef2
}
} else {
imageRef, err = is.Transport.ParseStoreReference(b.store, "@"+stringid.GenerateRandomID())
if err != nil {
- return errors.Wrapf(err, "error parsing reference for image to be written")
+ return "", errors.Wrapf(err, "error parsing reference for image to be written")
}
}
if ib.Author != "" {
b.builder.SetMaintainer(ib.Author)
}
config := ib.Config()
+ b.builder.SetCreatedBy(createdBy)
b.builder.SetHostname(config.Hostname)
b.builder.SetDomainname(config.Domainname)
b.builder.SetUser(config.User)
@@ -758,32 +1003,37 @@ func (b *Executor) Commit(ctx context.Context, ib *imagebuilder.Builder) (err er
if imageRef != nil {
logName := transports.ImageName(imageRef)
logrus.Debugf("COMMIT %q", logName)
- if !b.quiet {
+ if !b.quiet && !b.layers && !b.noCache {
b.log("COMMIT %s", logName)
}
} else {
logrus.Debugf("COMMIT")
- if !b.quiet {
+ if !b.quiet && !b.layers && !b.noCache {
b.log("COMMIT")
}
}
+ writer := b.reportWriter
+ if b.layers || b.noCache {
+ writer = nil
+ }
options := buildah.CommitOptions{
Compression: b.compression,
SignaturePolicyPath: b.signaturePolicyPath,
AdditionalTags: b.additionalTags,
- ReportWriter: b.reportWriter,
+ ReportWriter: writer,
PreferredManifestType: b.outputFormat,
IIDFile: b.iidfile,
Squash: b.squash,
+ Parent: b.builder.FromImageID,
}
imgID, err := b.builder.Commit(ctx, imageRef, options)
if err != nil {
- return err
+ return "", err
}
if options.IIDFile == "" && imgID != "" {
fmt.Fprintf(b.out, "%s\n", imgID)
}
- return nil
+ return imgID, nil
}
// Build takes care of the details of running Prepare/Execute/Commit/Delete
@@ -799,11 +1049,15 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) error
return err
}
defer stageExecutor.Delete()
- if err := stageExecutor.Execute(stage.Builder, stage.Node); err != nil {
+ if err := stageExecutor.Execute(ctx, stage.Builder, stage.Node); err != nil {
return err
}
}
- return stageExecutor.Commit(ctx, stages[len(stages)-1].Builder)
+ if b.layers || b.noCache {
+ return nil
+ }
+ _, err := stageExecutor.Commit(ctx, stages[len(stages)-1].Builder, "")
+ return err
}
// BuildDockerfiles parses a set of one or more Dockerfiles (which may be
diff --git a/vendor/github.com/projectatomic/buildah/new.go b/vendor/github.com/projectatomic/buildah/new.go
index da170d591..dc349221b 100644
--- a/vendor/github.com/projectatomic/buildah/new.go
+++ b/vendor/github.com/projectatomic/buildah/new.go
@@ -255,9 +255,11 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
}
image := options.FromImage
imageID := ""
+ topLayer := ""
if img != nil {
image = getImageName(imageNamePrefix(image), img)
imageID = img.ID
+ topLayer = img.TopLayer
}
if manifest, config, err = imageManifestAndConfig(ctx, ref, systemContext); err != nil {
return nil, errors.Wrapf(err, "error reading data from image %q", transports.ImageName(ref))
@@ -335,6 +337,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
GIDMap: gidmap,
},
CommonBuildOpts: options.CommonBuildOpts,
+ TopLayer: topLayer,
}
if options.Mount {
diff --git a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
index e545e97d3..d00ebbdc5 100644
--- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
+++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
@@ -5,6 +5,10 @@ package cli
// that vendor in this code can use them too.
import (
+ "fmt"
+ "os"
+ "strings"
+
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/projectatomic/buildah"
"github.com/projectatomic/buildah/util"
@@ -120,8 +124,12 @@ var (
Usage: "Set metadata for an image (default [])",
},
cli.BoolFlag{
+ Name: "layers",
+ Usage: fmt.Sprintf("cache intermediate layers during build (default %t)", UseLayers()),
+ },
+ cli.BoolFlag{
Name: "no-cache",
- Usage: "Do not use caching for the container build. The build process does not currently support caching so this is a NOOP.",
+ Usage: "Do not use existing cached images for the container build. Build from the start with a new set of cached layers.",
},
cli.StringFlag{
Name: "logfile",
@@ -230,3 +238,13 @@ var (
},
}, usernsFlags...), NamespaceFlags...)
)
+
+// UseLayers returns true if BUILDAH_LAYERS is set to "1" or "true"
+// otherwise it returns false
+func UseLayers() bool {
+ layers := os.Getenv("BUILDAH_LAYERS")
+ if strings.ToLower(layers) == "true" || layers == "1" {
+ return true
+ }
+ return false
+}
diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go
index 436c2ea2e..9d7fb8d7d 100644
--- a/vendor/github.com/projectatomic/buildah/run.go
+++ b/vendor/github.com/projectatomic/buildah/run.go
@@ -393,7 +393,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, optionMounts
// Add temporary copies of the contents of volume locations at the
// volume locations, unless we already have something there.
- copyWithTar := b.copyWithTar(nil)
+ copyWithTar := b.copyWithTar(nil, nil)
builtins, err := runSetupBuiltinVolumes(b.MountLabel, mountPoint, cdir, copyWithTar, builtinVolumes)
if err != nil {
return err
@@ -534,7 +534,7 @@ func runSetupVolumeMounts(mountLabel string, volumeMounts []string, optionMounts
// addNetworkConfig copies files from host and sets them up to bind mount into container
func (b *Builder) addNetworkConfig(rdir, hostPath string) (string, error) {
- copyFileWithTar := b.copyFileWithTar(nil)
+ copyFileWithTar := b.copyFileWithTar(nil, nil)
cfile := filepath.Join(rdir, filepath.Base(hostPath))
@@ -809,6 +809,15 @@ func (b *Builder) Run(command []string, options RunOptions) error {
// Now grab the spec from the generator. Set the generator to nil so that future contributors
// will quickly be able to tell that they're supposed to be modifying the spec directly from here.
spec := g.Spec()
+
+ //Remove capabilities if not running as root
+ if user.UID != 0 {
+ var caplist []string
+ spec.Process.Capabilities.Permitted = caplist
+ spec.Process.Capabilities.Inheritable = caplist
+ spec.Process.Capabilities.Effective = caplist
+ spec.Process.Capabilities.Ambient = caplist
+ }
g = nil
if spec.Process.Cwd == "" {
spec.Process.Cwd = DefaultWorkingDir
diff --git a/vendor/github.com/projectatomic/buildah/util.go b/vendor/github.com/projectatomic/buildah/util.go
index 1b8667b79..661221ebc 100644
--- a/vendor/github.com/projectatomic/buildah/util.go
+++ b/vendor/github.com/projectatomic/buildah/util.go
@@ -1,11 +1,13 @@
package buildah
import (
+ "archive/tar"
"bufio"
"io"
"os"
"strconv"
"strings"
+ "sync"
"github.com/containers/image/docker/reference"
"github.com/containers/image/pkg/sysregistries"
@@ -91,30 +93,73 @@ func convertRuntimeIDMaps(UIDMap, GIDMap []rspec.LinuxIDMapping) ([]idtools.IDMa
// copyFileWithTar returns a function which copies a single file from outside
// of any container into our working container, mapping permissions using the
// container's ID maps, possibly overridden using the passed-in chownOpts
-func (b *Builder) copyFileWithTar(chownOpts *idtools.IDPair) func(src, dest string) error {
+func (b *Builder) copyFileWithTar(chownOpts *idtools.IDPair, hasher io.Writer) func(src, dest string) error {
convertedUIDMap, convertedGIDMap := convertRuntimeIDMaps(b.IDMappingOptions.UIDMap, b.IDMappingOptions.GIDMap)
untarMappings := idtools.NewIDMappingsFromMaps(convertedUIDMap, convertedGIDMap)
archiver := chrootarchive.NewArchiverWithChown(nil, chownOpts, untarMappings)
+ if hasher != nil {
+ originalUntar := archiver.Untar
+ archiver.Untar = func(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
+ contentReader, contentWriter, err := os.Pipe()
+ if err != nil {
+ return err
+ }
+ defer contentReader.Close()
+ defer contentWriter.Close()
+ var hashError error
+ var hashWorker sync.WaitGroup
+ hashWorker.Add(1)
+ go func() {
+ t := tar.NewReader(contentReader)
+ _, err := t.Next()
+ if err != nil {
+ hashError = err
+ }
+ if _, err = io.Copy(hasher, t); err != nil && err != io.EOF {
+ hashError = err
+ }
+ hashWorker.Done()
+ }()
+ err = originalUntar(io.TeeReader(tarArchive, contentWriter), dest, options)
+ hashWorker.Wait()
+ if err == nil {
+ err = hashError
+ }
+ return err
+ }
+ }
return archiver.CopyFileWithTar
}
// copyWithTar returns a function which copies a directory tree from outside of
// any container into our working container, mapping permissions using the
// container's ID maps, possibly overridden using the passed-in chownOpts
-func (b *Builder) copyWithTar(chownOpts *idtools.IDPair) func(src, dest string) error {
+func (b *Builder) copyWithTar(chownOpts *idtools.IDPair, hasher io.Writer) func(src, dest string) error {
convertedUIDMap, convertedGIDMap := convertRuntimeIDMaps(b.IDMappingOptions.UIDMap, b.IDMappingOptions.GIDMap)
untarMappings := idtools.NewIDMappingsFromMaps(convertedUIDMap, convertedGIDMap)
archiver := chrootarchive.NewArchiverWithChown(nil, chownOpts, untarMappings)
+ if hasher != nil {
+ originalUntar := archiver.Untar
+ archiver.Untar = func(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
+ return originalUntar(io.TeeReader(tarArchive, hasher), dest, options)
+ }
+ }
return archiver.CopyWithTar
}
// untarPath returns a function which extracts an archive in a specified
// location into our working container, mapping permissions using the
// container's ID maps, possibly overridden using the passed-in chownOpts
-func (b *Builder) untarPath(chownOpts *idtools.IDPair) func(src, dest string) error {
+func (b *Builder) untarPath(chownOpts *idtools.IDPair, hasher io.Writer) func(src, dest string) error {
convertedUIDMap, convertedGIDMap := convertRuntimeIDMaps(b.IDMappingOptions.UIDMap, b.IDMappingOptions.GIDMap)
untarMappings := idtools.NewIDMappingsFromMaps(convertedUIDMap, convertedGIDMap)
archiver := chrootarchive.NewArchiverWithChown(nil, chownOpts, untarMappings)
+ if hasher != nil {
+ originalUntar := archiver.Untar
+ archiver.Untar = func(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
+ return originalUntar(io.TeeReader(tarArchive, hasher), dest, options)
+ }
+ }
return archiver.UntarPath
}
diff --git a/vendor/github.com/projectatomic/buildah/util/util.go b/vendor/github.com/projectatomic/buildah/util/util.go
index e8539f978..3f1d7530c 100644
--- a/vendor/github.com/projectatomic/buildah/util/util.go
+++ b/vendor/github.com/projectatomic/buildah/util/util.go
@@ -112,11 +112,6 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto
logrus.Debugf("unable to read configured registries to complete %q: %v", name, err)
registries = []string{}
}
- if sc.DockerInsecureSkipTLSVerify {
- if unverifiedRegistries, err := sysregistries.GetInsecureRegistries(sc); err == nil {
- registries = append(registries, unverifiedRegistries...)
- }
- }
// Create all of the combinations. Some registries need an additional component added, so
// use our lookaside map to keep track of them. If there are no configured registries, we'll
diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf
index 50f91b072..4a00ad05e 100644
--- a/vendor/github.com/projectatomic/buildah/vendor.conf
+++ b/vendor/github.com/projectatomic/buildah/vendor.conf
@@ -38,7 +38,7 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460
github.com/pborman/uuid master
github.com/pkg/errors master
github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac
-github.com/projectatomic/libpod e686269da34ed4208f4ed517c0587ab38e8eaf2c
+github.com/projectatomic/libpod 781eec27b52c842fc83c8b1c97fbf825065f3b0c
github.com/sirupsen/logrus master
github.com/syndtr/gocapability master
github.com/tchap/go-patricia master