From 5e4f7e915ebec279f20329bba5701a7b8d8dfe32 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 14 Sep 2018 22:25:08 -0400 Subject: Vendor in latest projectatomic/buildah Buildah Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link Print out a digest message on successful push. We should not drop the Bounding set when running as a non priv user in podman build Signed-off-by: Daniel J Walsh Closes: #1483 Approved by: rhatdan --- vendor/github.com/projectatomic/buildah/README.md | 34 ++++++++++++++++++++++ vendor/github.com/projectatomic/buildah/add.go | 28 ++++++++++-------- .../github.com/projectatomic/buildah/chroot/run.go | 5 +++- vendor/github.com/projectatomic/buildah/commit.go | 6 ++-- vendor/github.com/projectatomic/buildah/new.go | 31 +++++++++++++------- vendor/github.com/projectatomic/buildah/pull.go | 8 ++--- vendor/github.com/projectatomic/buildah/run.go | 4 ++- .../github.com/projectatomic/buildah/vendor.conf | 6 ++-- 8 files changed, 88 insertions(+), 34 deletions(-) (limited to 'vendor/github.com/projectatomic') diff --git a/vendor/github.com/projectatomic/buildah/README.md b/vendor/github.com/projectatomic/buildah/README.md index 8927488bc..0d3d19ee3 100644 --- a/vendor/github.com/projectatomic/buildah/README.md +++ b/vendor/github.com/projectatomic/buildah/README.md @@ -15,6 +15,8 @@ The Buildah package provides a command line tool that can be used to * delete a working container or an image * rename a local container +## Buildah Information for Developers + **[Buildah Demos](demos)** **[Changelog](CHANGELOG.md)** @@ -29,6 +31,38 @@ The Buildah package provides a command line tool that can be used to **[Tutorials](docs/tutorials)** +## Buildah and Podman relationship + +Buildah and Podman are two complementary Open-source projects that are available on +most Linux platforms and both projects reside at [GitHub.com](https://github.com) +with Buildah [here](https://github.com/projectatomic/buildah) and +Podman [here](https://github.com/containers/libpod). Both Buildah and Podman are +command line tools that work on OCI images and containers. The two projects +differentiate in their specialization. + +Buildah specializes in building OCI images. Buildah's commands replicate all +of the commands that are found in a Dockerfile. Buildah’s goal is also to +provide a lower level coreutils interface to build images, allowing people to build +containers without requiring a Dockerfile. The intent with Buildah is to allow other +scripting languages to build container images, without requiring a daemon. + +Podman specializes in all of the commands and functions that help you to maintain and modify +OCI images, such as pulling and tagging. It also allows you to create, run, and maintain those containers +created from those images. + +A major difference between Podman and Buildah is their concept of a container. Podman +allows users to create "traditional containers" where the intent of these containers is +to be long lived. While Buildah containers are really just created to allow content +to be added back to the container image. An easy way to think of it is the +`buildah run` command emulates the RUN command in a Dockerfile while the `podman run` +command emulates the `docker run` command in functionality. Because of this and their underlying +storage differences, you can not see Podman containers from within Buildah or vice versa. + +In short Buildah is an efficient way to create OCI images while Podman allows +you to manage and maintain those images and containers in a production environment using +familiar container cli commands. For more details, see the +[Container Tools Guide](https://github.com/projectatomic/buildah/tree/master/docs/containertools). + ## Example From [`./examples/lighttpd.sh`](examples/lighttpd.sh): diff --git a/vendor/github.com/projectatomic/buildah/add.go b/vendor/github.com/projectatomic/buildah/add.go index 1aad8ad37..27c07c323 100644 --- a/vendor/github.com/projectatomic/buildah/add.go +++ b/vendor/github.com/projectatomic/buildah/add.go @@ -168,9 +168,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption return errors.Wrapf(syscall.ENOENT, "no files found matching %q", src) } for _, gsrc := range glob { - srcfi, err := os.Stat(gsrc) + esrc, err := filepath.EvalSymlinks(gsrc) if err != nil { - return errors.Wrapf(err, "error reading %q", gsrc) + return errors.Wrapf(err, "error evaluating symlinks %q", gsrc) + } + srcfi, err := os.Stat(esrc) + if err != nil { + return errors.Wrapf(err, "error reading %q", esrc) } if srcfi.IsDir() { // The source is a directory, so copy the contents of @@ -180,13 +184,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption if err = idtools.MkdirAllAndChownNew(dest, 0755, hostOwner); err != nil { return err } - logrus.Debugf("copying %q to %q", gsrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*") - if err := copyWithTar(gsrc, dest); err != nil { - return errors.Wrapf(err, "error copying %q to %q", gsrc, dest) + logrus.Debugf("copying %q to %q", esrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*") + if err := copyWithTar(esrc, dest); err != nil { + return errors.Wrapf(err, "error copying %q to %q", esrc, dest) } continue } - if !extract || !archive.IsArchivePath(gsrc) { + if !extract || !archive.IsArchivePath(esrc) { // This source is a file, and either it's not an // archive, or we don't care whether or not it's an // archive. @@ -195,16 +199,16 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption d = filepath.Join(dest, filepath.Base(gsrc)) } // Copy the file, preserving attributes. - logrus.Debugf("copying %q to %q", gsrc, d) - if err := copyFileWithTar(gsrc, d); err != nil { - return errors.Wrapf(err, "error copying %q to %q", gsrc, d) + logrus.Debugf("copying %q to %q", esrc, d) + if err := copyFileWithTar(esrc, d); err != nil { + return errors.Wrapf(err, "error copying %q to %q", esrc, d) } continue } // We're extracting an archive into the destination directory. - logrus.Debugf("extracting contents of %q into %q", gsrc, dest) - if err := untarPath(gsrc, dest); err != nil { - return errors.Wrapf(err, "error extracting %q into %q", gsrc, dest) + logrus.Debugf("extracting contents of %q into %q", esrc, dest) + if err := untarPath(esrc, dest); err != nil { + return errors.Wrapf(err, "error extracting %q into %q", esrc, dest) } } } diff --git a/vendor/github.com/projectatomic/buildah/chroot/run.go b/vendor/github.com/projectatomic/buildah/chroot/run.go index 9a70e0f51..c8aec181a 100644 --- a/vendor/github.com/projectatomic/buildah/chroot/run.go +++ b/vendor/github.com/projectatomic/buildah/chroot/run.go @@ -1075,11 +1075,14 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( // The target isn't there yet, so create it, and make a // note to remove it later. if srcinfo.IsDir() { - if err = os.Mkdir(target, 0111); err != nil { + if err = os.MkdirAll(target, 0111); err != nil { return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) } removes = append(removes, target) } else { + if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil { + return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target)) + } var file *os.File if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil { return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) diff --git a/vendor/github.com/projectatomic/buildah/commit.go b/vendor/github.com/projectatomic/buildah/commit.go index b25ec7029..2d49832a7 100644 --- a/vendor/github.com/projectatomic/buildah/commit.go +++ b/vendor/github.com/projectatomic/buildah/commit.go @@ -171,7 +171,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options return errors.Wrapf(err, "error creating new signature policy context") } // Look up the image. - src, _, err := util.FindImage(options.Store, "", systemContext, image) + src, img, err := util.FindImage(options.Store, "", systemContext, image) if err != nil { return err } @@ -181,7 +181,9 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options return errors.Wrapf(err, "error copying layers and metadata") } if options.ReportWriter != nil { - fmt.Fprintf(options.ReportWriter, "\n") + fmt.Fprintf(options.ReportWriter, "") } + digest := "@" + img.Digest.Hex() + fmt.Printf("Successfully pushed %s%s\n", dest.StringWithinTransport(), digest) return nil } diff --git a/vendor/github.com/projectatomic/buildah/new.go b/vendor/github.com/projectatomic/buildah/new.go index 1abb2f1f1..0eb8d8e42 100644 --- a/vendor/github.com/projectatomic/buildah/new.go +++ b/vendor/github.com/projectatomic/buildah/new.go @@ -12,6 +12,7 @@ import ( "github.com/containers/image/transports/alltransports" "github.com/containers/image/types" "github.com/containers/storage" + multierror "github.com/hashicorp/go-multierror" "github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux/label" "github.com/openshift/imagebuilder" @@ -144,6 +145,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store if err != nil { return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage) } + var pullErrors *multierror.Error for _, image := range images { var err error if len(image) >= minimumTruncatedIDLength { @@ -158,6 +160,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store if options.PullPolicy == PullAlways { pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) if err != nil { + pullErrors = multierror.Append(pullErrors, err) logrus.Debugf("unable to pull and read image %q: %v", image, err) continue } @@ -169,6 +172,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store srcRef, err := alltransports.ParseImageName(image) if err != nil { if options.Transport == "" { + pullErrors = multierror.Append(pullErrors, err) logrus.Debugf("error parsing image name %q: %v", image, err) continue } @@ -178,6 +182,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store } srcRef2, err := alltransports.ParseImageName(transport + image) if err != nil { + pullErrors = multierror.Append(pullErrors, err) logrus.Debugf("error parsing image name %q: %v", image, err) continue } @@ -199,11 +204,13 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store img, err = is.Transport.GetStoreImage(store, ref) if err != nil { if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy != PullIfMissing { + pullErrors = multierror.Append(pullErrors, err) logrus.Debugf("no such image %q: %v", transports.ImageName(ref), err) continue } pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) if err != nil { + pullErrors = multierror.Append(pullErrors, err) logrus.Debugf("unable to pull and read image %q: %v", image, err) continue } @@ -212,6 +219,11 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store } break } + + if img == nil && pullErrors != nil { + return nil, nil, pullErrors + } + return ref, img, nil } @@ -262,26 +274,23 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions if options.Container != "" { name = options.Container } else { - var err2 error if image != "" { name = imageNamePrefix(image) + "-" + name } - suffix := 1 - tmpName := name - for errors.Cause(err2) != storage.ErrContainerUnknown { - _, err2 = store.Container(tmpName) - if err2 == nil { - suffix++ - tmpName = fmt.Sprintf("%s-%d", name, suffix) - } - } - name = tmpName } coptions := storage.ContainerOptions{} coptions.IDMappingOptions = newContainerIDMappingOptions(options.IDMappingOptions) container, err := store.CreateContainer("", []string{name}, imageID, "", "", &coptions) + suffix := 1 + for err != nil && errors.Cause(err) == storage.ErrDuplicateName && options.Container == "" { + suffix++ + tmpName := fmt.Sprintf("%s-%d", name, suffix) + if container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions); err == nil { + name = tmpName + } + } if err != nil { return nil, errors.Wrapf(err, "error creating container") } diff --git a/vendor/github.com/projectatomic/buildah/pull.go b/vendor/github.com/projectatomic/buildah/pull.go index 48d7f76ed..1d2bb7f87 100644 --- a/vendor/github.com/projectatomic/buildah/pull.go +++ b/vendor/github.com/projectatomic/buildah/pull.go @@ -190,8 +190,8 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio }() logrus.Debugf("copying %q to %q", spec, destName) - err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, "")) - if err == nil { + pullError := cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, "")) + if pullError == nil { return destRef, nil } @@ -206,9 +206,9 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio return nil, err } if !hasRegistryInName && len(searchRegistries) == 0 { - return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s.", registryPath) + return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s: %s", registryPath, pullError) } - return nil, errors.Errorf("unable to find image in the registries defined in %q", registryPath) + return nil, pullError } // getImageDigest creates an image object and uses the hex value of the digest as the image ID diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index 12560de3c..2ce5add39 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -868,9 +868,11 @@ func (b *Builder) configureUIDGID(g *generate.Generator, mountPoint string, opti g.AddProcessAdditionalGid(gid) } - // Remove capabilities if not running as root + // Remove capabilities if not running as root except Bounding set if user.UID != 0 { + bounding := g.Config.Process.Capabilities.Bounding g.ClearProcessCapabilities() + g.Config.Process.Capabilities.Bounding = bounding } return nil diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf index 870fb4bdd..0112a2d91 100644 --- a/vendor/github.com/projectatomic/buildah/vendor.conf +++ b/vendor/github.com/projectatomic/buildah/vendor.conf @@ -4,8 +4,8 @@ github.com/BurntSushi/toml master github.com/containerd/continuity master github.com/containernetworking/cni v0.7.0-alpha1 github.com/seccomp/containers-golang master -github.com/containers/image 5df44e095ed826fbe2beeaabb329c749d7d6c3b6 -github.com/containers/storage 9fcbb57eb6c732e7b67003bb8ed861f169d33d63 +github.com/containers/image d8b5cf2b804a48489e5203d51254ef576794049d +github.com/containers/storage 243c4cd616afdf06b4a975f18c4db083d26b1641 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 @@ -42,7 +42,7 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 github.com/pborman/uuid master github.com/pkg/errors master github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac -github.com/containers/libpod d20f3a51463ce75d139dd830e19a173906b0b0cb +github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75 github.com/sirupsen/logrus master github.com/syndtr/gocapability master github.com/tchap/go-patricia master -- cgit v1.2.3-54-g00ecf