From 2c500a8145854c5f566bf76199d2a27226925b60 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 2 Mar 2021 14:57:46 -0500 Subject: Add support for podman build --ignorefile Fixes: https://github.com/containers/podman/issues/9570 Signed-off-by: Daniel J Walsh --- cmd/podman/images/build.go | 24 +++++++++++++++ test/system/070-build.bats | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index de532ed78..78cf4efd0 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -2,6 +2,7 @@ package images import ( "io" + "io/ioutil" "os" "path/filepath" "strings" @@ -512,6 +513,14 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil TransientMounts: flags.Volumes, } + if flags.IgnoreFile != "" { + excludes, err := parseDockerignore(flags.IgnoreFile) + if err != nil { + return nil, errors.Wrapf(err, "unable to obtain decrypt config") + } + opts.Excludes = excludes + } + if c.Flag("timestamp").Changed { timestamp := time.Unix(flags.Timestamp, 0).UTC() opts.Timestamp = ×tamp @@ -534,3 +543,18 @@ func getDecryptConfig(decryptionKeys []string) (*encconfig.DecryptConfig, error) return decConfig, nil } + +func parseDockerignore(ignoreFile string) ([]string, error) { + excludes := []string{} + ignore, err := ioutil.ReadFile(ignoreFile) + if err != nil { + return excludes, err + } + for _, e := range strings.Split(string(ignore), "\n") { + if len(e) == 0 || e[0] == '#' { + continue + } + excludes = append(excludes, e) + } + return excludes, nil +} diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 1e7d366a1..a9f97d5ab 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -362,6 +362,82 @@ Labels.$label_name | $label_value run_podman rmi -f build_test } +@test "podman build - COPY with ignore" { + local tmpdir=$PODMAN_TMPDIR/build-test-$(random_string 10) + mkdir -p $tmpdir/subdir + + # Create a bunch of files. Declare this as an array to avoid duplication + # because we iterate over that list below, checking for each file. + # A leading "-" indicates that the file SHOULD NOT exist in the built image + local -a files=( + -test1 -test1.txt + test2 test2.txt + subdir/sub1 subdir/sub1.txt + -subdir/sub2 -subdir/sub2.txt + this-file-does-not-match-anything-in-ignore-file + comment + ) + for f in ${files[@]}; do + # The magic '##-' strips off the '-' prefix + echo "$f" > $tmpdir/${f##-} + done + + # Directory that doesn't exist in the image; COPY should create it + local newdir=/newdir-$(random_string 12) + cat >$tmpdir/Containerfile <$tmpdir/$ignorefile < Date: Tue, 2 Mar 2021 15:28:50 -0500 Subject: podman build --build-arg should fall back to environment Fixes: https://github.com/containers/podman/issues/9571 Signed-off-by: Daniel J Walsh --- cmd/podman/images/build.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index 78cf4efd0..97eb966b7 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -318,7 +318,12 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil if len(av) > 1 { args[av[0]] = av[1] } else { - delete(args, av[0]) + // check if the env is set in the local environment and use that value if it is + if val, present := os.LookupEnv(av[0]); present { + args[av[0]] = val + } else { + delete(args, av[0]) + } } } } -- cgit v1.2.3-54-g00ecf From 326f3eda313606bcf28f413b5e6cdbd02ce2586b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 2 Mar 2021 15:44:45 -0500 Subject: Handle podman build --dns-search Fixes: https://github.com/containers/podman/issues/9574 Signed-off-by: Daniel J Walsh --- cmd/podman/images/build.go | 54 +++++++++------------------------ docs/source/markdown/podman-build.1.md | 6 ++-- pkg/api/handlers/compat/images_build.go | 36 ++++++++++++++++++++++ pkg/bindings/images/build.go | 22 ++++++++++++++ test/system/070-build.bats | 8 +++++ 5 files changed, 83 insertions(+), 43 deletions(-) diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index 97eb966b7..cd23557db 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -20,7 +20,6 @@ import ( "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/cmd/podman/utils" "github.com/containers/podman/v3/pkg/domain/entities" - "github.com/docker/go-units" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -299,6 +298,11 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil } } + commonOpts, err := parse.CommonBuildOptions(c) + if err != nil { + return nil, err + } + pullPolicy := imagebuildah.PullIfMissing if c.Flags().Changed("pull") && flags.Pull { pullPolicy = imagebuildah.PullAlways @@ -362,22 +366,6 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil reporter = logfile } - var memoryLimit, memorySwap int64 - var err error - if c.Flags().Changed("memory") { - memoryLimit, err = units.RAMInBytes(flags.Memory) - if err != nil { - return nil, err - } - } - - if c.Flags().Changed("memory-swap") { - memorySwap, err = units.RAMInBytes(flags.MemorySwap) - if err != nil { - return nil, err - } - } - nsValues, networkPolicy, err := parse.NamespaceOptions(c) if err != nil { return nil, err @@ -455,29 +443,15 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil } opts := imagebuildah.BuildOptions{ - AddCapabilities: flags.CapAdd, - AdditionalTags: tags, - Annotations: flags.Annotation, - Architecture: arch, - Args: args, - BlobDirectory: flags.BlobCache, - CNIConfigDir: flags.CNIConfigDir, - CNIPluginPath: flags.CNIPlugInPath, - CommonBuildOpts: &buildah.CommonBuildOptions{ - AddHost: flags.AddHost, - CPUPeriod: flags.CPUPeriod, - CPUQuota: flags.CPUQuota, - CPUSetCPUs: flags.CPUSetCPUs, - CPUSetMems: flags.CPUSetMems, - CPUShares: flags.CPUShares, - CgroupParent: flags.CgroupParent, - HTTPProxy: flags.HTTPProxy, - Memory: memoryLimit, - MemorySwap: memorySwap, - ShmSize: flags.ShmSize, - Ulimit: flags.Ulimit, - Volumes: flags.Volumes, - }, + AddCapabilities: flags.CapAdd, + AdditionalTags: tags, + Annotations: flags.Annotation, + Architecture: arch, + Args: args, + BlobDirectory: flags.BlobCache, + CNIConfigDir: flags.CNIConfigDir, + CNIPluginPath: flags.CNIPlugInPath, + CommonBuildOpts: commonOpts, Compression: compression, ConfigureNetwork: networkPolicy, ContextDirectory: contextDir, diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 84a624e53..9b34499d6 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -259,7 +259,7 @@ solely for scripting compatibility. #### **--dns**=*dns* -Set custom DNS servers +Set custom DNS servers to be used during the build. This option can be used to override the DNS configuration passed to the container. Typically this is necessary when the host DNS configuration is @@ -272,11 +272,11 @@ image will be used without changes. #### **--dns-option**=*option* -Set custom DNS options +Set custom DNS options to be used during the build. #### **--dns-search**=*domain* -Set custom DNS search domains +Set custom DNS search domains to be used during the build. #### **--file**, **-f**=*Containerfile* diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index e06f93b89..392f688dd 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -77,6 +77,9 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Devices string `schema:"devices"` Dockerfile string `schema:"dockerfile"` DropCapabilities string `schema:"dropcaps"` + DNSServers string `schema:"dnsservers"` + DNSOptions string `schema:"dnsoptions"` + DNSSearch string `schema:"dnssearch"` Excludes string `schema:"excludes"` ForceRm bool `schema:"forcerm"` From string `schema:"from"` @@ -160,6 +163,36 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { devices = m } + var dnsservers = []string{} + if _, found := r.URL.Query()["dnsservers"]; found { + var m = []string{} + if err := json.Unmarshal([]byte(query.DNSServers), &m); err != nil { + utils.BadRequest(w, "dnsservers", query.DNSServers, err) + return + } + dnsservers = m + } + + var dnsoptions = []string{} + if _, found := r.URL.Query()["dnsoptions"]; found { + var m = []string{} + if err := json.Unmarshal([]byte(query.DNSOptions), &m); err != nil { + utils.BadRequest(w, "dnsoptions", query.DNSOptions, err) + return + } + dnsoptions = m + } + + var dnssearch = []string{} + if _, found := r.URL.Query()["dnssearch"]; found { + var m = []string{} + if err := json.Unmarshal([]byte(query.DNSSearch), &m); err != nil { + utils.BadRequest(w, "dnssearches", query.DNSSearch, err) + return + } + dnssearch = m + } + var output string if len(query.Tag) > 0 { output = query.Tag[0] @@ -285,6 +318,9 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { CPUQuota: query.CpuQuota, CPUShares: query.CpuShares, CPUSetCPUs: query.CpuSetCpus, + DNSServers: dnsservers, + DNSOptions: dnsoptions, + DNSSearch: dnssearch, HTTPProxy: query.HTTPProxy, Memory: query.Memory, MemorySwap: query.MemSwap, diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 27706fd2c..1cbd28c37 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -87,6 +87,28 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO params.Add("devices", d) } + if dnsservers := options.CommonBuildOpts.DNSServers; len(dnsservers) > 0 { + c, err := jsoniter.MarshalToString(dnsservers) + if err != nil { + return nil, err + } + params.Add("dnsservers", c) + } + if dnsoptions := options.CommonBuildOpts.DNSOptions; len(dnsoptions) > 0 { + c, err := jsoniter.MarshalToString(dnsoptions) + if err != nil { + return nil, err + } + params.Add("dnsoptions", c) + } + if dnssearch := options.CommonBuildOpts.DNSSearch; len(dnssearch) > 0 { + c, err := jsoniter.MarshalToString(dnssearch) + if err != nil { + return nil, err + } + params.Add("dnssearch", c) + } + if caps := options.DropCapabilities; len(caps) > 0 { c, err := jsoniter.MarshalToString(caps) if err != nil { diff --git a/test/system/070-build.bats b/test/system/070-build.bats index a9f97d5ab..1a89800a5 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -168,6 +168,9 @@ EOF CAT_SECRET="cat /run/secrets/$secret_filename" fi + # For --dns-search: a domain that is unlikely to exist + local nosuchdomain=nx$(random_string 10).net + # Command to run on container startup with no args cat >$tmpdir/mycmd < Date: Thu, 4 Mar 2021 15:11:18 -0500 Subject: build-arg Signed-off-by: Daniel J Walsh --- test/system/070-build.bats | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 1a89800a5..d413b0c10 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -191,11 +191,17 @@ EOF https_proxy=https-proxy-in-env-file EOF + # Build args: one explicit (foo=bar), one implicit (foo) + local arg_implicit_value=implicit_$(random_string 15) + local arg_explicit_value=explicit_$(random_string 15) + # NOTE: it's important to not create the workdir. # Podman will make sure to create a missing workdir # if needed. See #9040. cat >$tmpdir/Containerfile <