diff options
Diffstat (limited to 'vendor')
5 files changed, 19 insertions, 44 deletions
diff --git a/vendor/github.com/containers/buildah/common.go b/vendor/github.com/containers/buildah/common.go index dfdc33a22..e369dc407 100644 --- a/vendor/github.com/containers/buildah/common.go +++ b/vendor/github.com/containers/buildah/common.go @@ -6,10 +6,8 @@ import ( "path/filepath" cp "github.com/containers/image/copy" - "github.com/containers/image/transports" "github.com/containers/image/types" "github.com/containers/libpod/pkg/rootless" - "github.com/sirupsen/logrus" ) const ( @@ -34,12 +32,6 @@ func getCopyOptions(reportWriter io.Writer, sourceReference types.ImageReference } } - sourceInsecure, err := isReferenceInsecure(sourceReference, sourceCtx) - if err != nil { - logrus.Debugf("error determining if registry for %q is insecure: %v", transports.ImageName(sourceReference), err) - } else if sourceInsecure { - sourceCtx.OCIInsecureSkipTLSVerify = true - } destinationCtx := &types.SystemContext{} if destinationSystemContext != nil { @@ -51,12 +43,6 @@ func getCopyOptions(reportWriter io.Writer, sourceReference types.ImageReference } } } - destinationInsecure, err := isReferenceInsecure(destinationReference, destinationCtx) - if err != nil { - logrus.Debugf("error determining if registry for %q is insecure: %v", transports.ImageName(destinationReference), err) - } else if destinationInsecure { - destinationCtx.OCIInsecureSkipTLSVerify = true - } return &cp.Options{ ReportWriter: reportWriter, diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index d838260e7..217bcfc79 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -517,6 +517,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { Hostname: config.Hostname, Runtime: b.runtime, Args: b.runtimeArgs, + NoPivot: os.Getenv("BUILDAH_NOPIVOT") != "", Mounts: convertMounts(b.transientMounts), Env: config.Env, User: config.User, diff --git a/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go b/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go index ae55316b0..31e6a428c 100644 --- a/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go +++ b/vendor/github.com/containers/buildah/pkg/blobcache/blobcache.go @@ -52,14 +52,18 @@ type BlobCache interface { type blobCacheReference struct { reference types.ImageReference + // WARNING: The contents of this directory may be accessed concurrently, + // both within this process and by multiple different processes directory string compress types.LayerCompression } type blobCacheSource struct { - reference *blobCacheReference - source types.ImageSource - sys types.SystemContext + reference *blobCacheReference + source types.ImageSource + sys types.SystemContext + // this mutex synchronizes the counters below + mu sync.Mutex cacheHits int64 cacheMisses int64 cacheErrors int64 @@ -219,7 +223,7 @@ func (s *blobCacheSource) GetManifest(ctx context.Context, instanceDigest *diges } func (s *blobCacheSource) HasThreadSafeGetBlob() bool { - return false + return s.source.HasThreadSafeGetBlob() } func (s *blobCacheSource) GetBlob(ctx context.Context, blobinfo types.BlobInfo, cache types.BlobInfoCache) (io.ReadCloser, int64, error) { @@ -232,16 +236,22 @@ func (s *blobCacheSource) GetBlob(ctx context.Context, blobinfo types.BlobInfo, filename := filepath.Join(s.reference.directory, makeFilename(blobinfo.Digest, isConfig)) f, err := os.Open(filename) if err == nil { + s.mu.Lock() s.cacheHits++ + s.mu.Unlock() return f, size, nil } if !os.IsNotExist(err) { + s.mu.Lock() s.cacheErrors++ + s.mu.Unlock() return nil, -1, errors.Wrapf(err, "error checking for cache file %q", filepath.Join(s.reference.directory, filename)) } } } + s.mu.Lock() s.cacheMisses++ + s.mu.Unlock() rc, size, err := s.source.GetBlob(ctx, blobinfo, cache) if err != nil { return rc, size, errors.Wrapf(err, "error reading blob from source image %q", transports.ImageName(s.reference)) @@ -403,7 +413,7 @@ func saveStream(wg *sync.WaitGroup, decompressReader io.ReadCloser, tempFile *os } func (s *blobCacheDestination) HasThreadSafePutBlob() bool { - return false + return s.destination.HasThreadSafePutBlob() } func (d *blobCacheDestination) PutBlob(ctx context.Context, stream io.Reader, inputInfo types.BlobInfo, cache types.BlobInfoCache, isConfig bool) (types.BlobInfo, error) { diff --git a/vendor/github.com/containers/buildah/util.go b/vendor/github.com/containers/buildah/util.go index 66a4e535a..5dadec7c2 100644 --- a/vendor/github.com/containers/buildah/util.go +++ b/vendor/github.com/containers/buildah/util.go @@ -173,24 +173,6 @@ func (b *Builder) tarPath() func(path string) (io.ReadCloser, error) { } } -// isRegistryInsecure checks if the named registry is marked as not secure -func isRegistryInsecure(registry string, sc *types.SystemContext) (bool, error) { - reginfo, err := sysregistriesv2.FindRegistry(sc, registry) - if err != nil { - return false, errors.Wrapf(err, "unable to parse the registries configuration (%s)", sysregistries.RegistriesConfPath(sc)) - } - if reginfo != nil { - if reginfo.Insecure { - logrus.Debugf("registry %q is marked insecure in registries configuration %q", registry, sysregistries.RegistriesConfPath(sc)) - } else { - logrus.Debugf("registry %q is not marked insecure in registries configuration %q", registry, sysregistries.RegistriesConfPath(sc)) - } - return reginfo.Insecure, nil - } - logrus.Debugf("registry %q is not listed in registries configuration %q, assuming it's secure", registry, sysregistries.RegistriesConfPath(sc)) - return false, nil -} - // isRegistryBlocked checks if the named registry is marked as blocked func isRegistryBlocked(registry string, sc *types.SystemContext) (bool, error) { reginfo, err := sysregistriesv2.FindRegistry(sc, registry) @@ -221,11 +203,6 @@ func isReferenceSomething(ref types.ImageReference, sc *types.SystemContext, wha return false, nil } -// isReferenceInsecure checks if the registry part of a reference is insecure -func isReferenceInsecure(ref types.ImageReference, sc *types.SystemContext) (bool, error) { - return isReferenceSomething(ref, sc, isRegistryInsecure) -} - // isReferenceBlocked checks if the registry part of a reference is blocked func isReferenceBlocked(ref types.ImageReference, sc *types.SystemContext) (bool, error) { if ref != nil && ref.Transport() != nil { diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index a166799c6..5877c3b06 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -2992,7 +2992,8 @@ func copyStringInterfaceMap(m map[string]interface{}) map[string]interface{} { return ret } -const defaultConfigFile = "/etc/containers/storage.conf" +// DefaultConfigFile path to the system wide storage.conf file +const DefaultConfigFile = "/etc/containers/storage.conf" // ThinpoolOptionsConfig represents the "storage.options.thinpool" // TOML config table. @@ -3237,7 +3238,7 @@ func init() { DefaultStoreOptions.GraphRoot = "/var/lib/containers/storage" DefaultStoreOptions.GraphDriverName = "" - ReloadConfigurationFile(defaultConfigFile, &DefaultStoreOptions) + ReloadConfigurationFile(DefaultConfigFile, &DefaultStoreOptions) } func GetDefaultMountOptions() ([]string, error) { |