From 0f7d54b0260c1be992ee3b9cee359ef3a9e8bd21 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Thu, 22 Apr 2021 08:01:12 +0200 Subject: migrate Podman to containers/common/libimage Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg --- docs/source/markdown/podman-build.1.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'docs/source/markdown') diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 791e2d907..9fc4ffb5b 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -381,12 +381,6 @@ BUILDAH\_LAYERS environment variable. `export BUILDAH_LAYERS=true` Log output which would be sent to standard output and standard error to the specified file instead of to standard output and standard error. -#### **\-\-loglevel**=*number* - -Adjust the logging level up or down. Valid option values range from -2 to 3, -with 3 being roughly equivalent to using the global *--debug* option, and -values below 0 omitting even error messages which accompany fatal errors. - #### **\-\-manifest** "manifest" Name of the manifest list to which the image will be added. Creates the manifest list @@ -490,6 +484,18 @@ commands specified by the **RUN** instruction. Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME environment variable. `export BUILDAH_RUNTIME=/usr/local/bin/runc` + +#### **\-\-secret**=**id=id,src=path** + +Pass secret information to be used in the Containerfile for building images +in a safe way that will not end up stored in the final image, or be seen in other stages. +The secret will be mounted in the container at the default location of `/run/secrets/id`. + +To later use the secret, use the --mount flag in a `RUN` instruction within a `Containerfile`: + +`RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret` + + #### **\-\-security-opt**=*option* Security Options -- cgit v1.2.3-54-g00ecf