From ff0b4652efe4c502459d88fa6743168c6113244f Mon Sep 17 00:00:00 2001 From: TomSweeneyRedHat Date: Thu, 21 Feb 2019 15:38:58 -0500 Subject: Vendor Buildah v1.7 Signed-off-by: TomSweeneyRedHat Vendors in Buildah 1.7 into Podman. Also the latest imagebuilder and changes for `build --target` Signed-off-by: TomSweeneyRedHat --- vendor/github.com/containers/buildah/buildah.go | 7 +- .../containers/buildah/imagebuildah/build.go | 19 +-- vendor/github.com/containers/buildah/new.go | 68 +++++----- .../containers/buildah/pkg/cli/common.go | 10 +- .../containers/buildah/pkg/parse/parse.go | 6 +- vendor/github.com/containers/buildah/pull.go | 117 +++++++++-------- .../containers/buildah/unshare/unshare.c | 140 +++++++++++++++++++++ .../containers/buildah/unshare/unshare.go | 6 +- vendor/github.com/containers/buildah/util/util.go | 56 +++------ vendor/github.com/containers/buildah/vendor.conf | 24 +--- vendor/github.com/openshift/imagebuilder/README.md | 2 +- .../github.com/openshift/imagebuilder/builder.go | 31 +++++ .../openshift/imagebuilder/dispatchers.go | 13 +- 13 files changed, 322 insertions(+), 177 deletions(-) (limited to 'vendor/github.com') diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go index 8b9baea12..755bc348e 100644 --- a/vendor/github.com/containers/buildah/buildah.go +++ b/vendor/github.com/containers/buildah/buildah.go @@ -26,7 +26,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.7-dev" + Version = "1.7" // The value we use to identify what type of information, currently a // serialized Builder structure, we are using as per-container state. // This should only be changed when we make incompatible changes to @@ -336,11 +336,6 @@ type BuilderOptions struct { // needs to be pulled and the image name alone can not be resolved to a // reference to a source image. No separator is implicitly added. Registry string - // Transport is a value which is prepended to the image's name, if it - // needs to be pulled and the image name alone, or the image name and - // the registry together, can not be resolved to a reference to a - // source image. No separator is implicitly added. - Transport string // PullBlobDirectory is the name of a directory in which we'll attempt // to store copies of layer blobs that we pull down, if any. It should // already exist. diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index 56ab7aa57..d69eab52f 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -62,11 +62,6 @@ type BuildOptions struct { // needs to be pulled and the image name alone can not be resolved to a // reference to a source image. No separator is implicitly added. Registry string - // Transport is a value which is prepended to the image's name, if it - // needs to be pulled and the image name alone, or the image name and - // the registry together, can not be resolved to a reference to a - // source image. No separator is implicitly added. - Transport string // IgnoreUnrecognizedInstructions tells us to just log instructions we // don't recognize, and try to keep going. IgnoreUnrecognizedInstructions bool @@ -171,6 +166,8 @@ type BuildOptions struct { ForceRmIntermediateCtrs bool // BlobDirectory is a directory which we'll use for caching layer blobs. BlobDirectory string + // Target the targeted FROM in the Dockerfile to build + Target string } // Executor is a buildah-based implementation of the imagebuilder.Executor @@ -184,7 +181,6 @@ type Executor struct { builder *buildah.Builder pullPolicy buildah.PullPolicy registry string - transport string ignoreUnrecognizedInstructions bool quiet bool runtime string @@ -580,7 +576,6 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) { contextDir: options.ContextDirectory, pullPolicy: options.PullPolicy, registry: options.Registry, - transport: options.Transport, ignoreUnrecognizedInstructions: options.IgnoreUnrecognizedInstructions, quiet: options.Quiet, runtime: options.Runtime, @@ -670,7 +665,6 @@ func (b *Executor) Prepare(ctx context.Context, stage imagebuilder.Stage, from s FromImage: from, PullPolicy: b.pullPolicy, Registry: b.registry, - Transport: b.transport, PullBlobDirectory: b.blobDirectory, SignaturePolicyPath: b.signaturePolicyPath, ReportWriter: b.reportWriter, @@ -783,7 +777,7 @@ func (b *Executor) resolveNameToImageRef() (types.ImageReference, error) { if b.output != "" { imageRef, err = alltransports.ParseImageName(b.output) if err != nil { - candidates, _, err := util.ResolveName(b.output, "", b.systemContext, b.store) + candidates, _, _, err := util.ResolveName(b.output, "", b.systemContext, b.store) if err != nil { return nil, errors.Wrapf(err, "error parsing target image name %q", b.output) } @@ -1441,6 +1435,13 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt if err != nil { return "", nil, errors.Wrap(err, "error reading multiple stages") } + if options.Target != "" { + stagesTargeted, ok := stages.ThroughTarget(options.Target) + if !ok { + return "", nil, errors.Errorf("The target %q was not found in the provided Dockerfile", options.Target) + } + stages = stagesTargeted + } return exec.Build(ctx, stages) } diff --git a/vendor/github.com/containers/buildah/new.go b/vendor/github.com/containers/buildah/new.go index 7e7f97e49..01c2e733f 100644 --- a/vendor/github.com/containers/buildah/new.go +++ b/vendor/github.com/containers/buildah/new.go @@ -28,15 +28,14 @@ const ( minimumTruncatedIDLength = 3 ) -func pullAndFindImage(ctx context.Context, store storage.Store, imageName string, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) { +func pullAndFindImage(ctx context.Context, store storage.Store, transport string, imageName string, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) { pullOptions := PullOptions{ ReportWriter: options.ReportWriter, Store: store, SystemContext: options.SystemContext, - Transport: options.Transport, BlobDirectory: options.PullBlobDirectory, } - ref, err := pullImage(ctx, store, imageName, pullOptions, sc) + ref, err := pullImage(ctx, store, transport, imageName, pullOptions, sc) if err != nil { logrus.Debugf("error pulling image %q: %v", imageName, err) return nil, nil, err @@ -101,16 +100,16 @@ func newContainerIDMappingOptions(idmapOptions *IDMappingOptions) storage.IDMapp return options } -func resolveImage(ctx context.Context, systemContext *types.SystemContext, store storage.Store, options BuilderOptions) (types.ImageReference, *storage.Image, error) { +func resolveImage(ctx context.Context, systemContext *types.SystemContext, store storage.Store, options BuilderOptions) (types.ImageReference, string, *storage.Image, error) { type failure struct { resolvedImageName string err error } - - candidates, searchRegistriesWereUsedButEmpty, err := util.ResolveName(options.FromImage, options.Registry, systemContext, store) + candidates, transport, searchRegistriesWereUsedButEmpty, err := util.ResolveName(options.FromImage, options.Registry, systemContext, store) if err != nil { - return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage) + return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage) } + failures := []failure{} for _, image := range candidates { var err error @@ -118,25 +117,25 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store if img, err := store.Image(image); err == nil && img != nil && strings.HasPrefix(img.ID, image) { ref, err := is.Transport.ParseStoreReference(store, img.ID) if err != nil { - return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", img.ID) + return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", img.ID) } - return ref, img, nil + return ref, transport, img, nil } } if options.PullPolicy == PullAlways { - pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) + pulledImg, pulledReference, err := pullAndFindImage(ctx, store, transport, image, options, systemContext) if err != nil { logrus.Debugf("unable to pull and read image %q: %v", image, err) failures = append(failures, failure{resolvedImageName: image, err: err}) continue } - return pulledReference, pulledImg, nil + return pulledReference, transport, pulledImg, nil } srcRef, err := alltransports.ParseImageName(image) if err != nil { - if options.Transport == "" { + if transport == "" { logrus.Debugf("error parsing image name %q: %v", image, err) failures = append(failures, failure{ resolvedImageName: image, @@ -144,12 +143,13 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store }) continue } - logrus.Debugf("error parsing image name %q as given, trying with transport %q: %v", image, options.Transport, err) - transport := options.Transport + logrus.Debugf("error parsing image name %q as given, trying with transport %q: %v", image, transport, err) + + trans := transport if transport != util.DefaultTransport { - transport = transport + ":" + trans = trans + ":" } - srcRef2, err := alltransports.ParseImageName(transport + image) + srcRef2, err := alltransports.ParseImageName(trans + image) if err != nil { logrus.Debugf("error parsing image name %q: %v", transport+image, err) failures = append(failures, failure{ @@ -163,19 +163,19 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store destImage, err := localImageNameForReference(ctx, store, srcRef, options.FromImage) if err != nil { - return nil, nil, errors.Wrapf(err, "error computing local image name for %q", transports.ImageName(srcRef)) + return nil, "", nil, errors.Wrapf(err, "error computing local image name for %q", transports.ImageName(srcRef)) } if destImage == "" { - return nil, nil, errors.Errorf("error computing local image name for %q", transports.ImageName(srcRef)) + return nil, "", nil, errors.Errorf("error computing local image name for %q", transports.ImageName(srcRef)) } ref, err := is.Transport.ParseStoreReference(store, destImage) if err != nil { - return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", destImage) + return nil, "", nil, errors.Wrapf(err, "error parsing reference to image %q", destImage) } img, err := is.Transport.GetStoreImage(store, ref) if err == nil { - return ref, img, nil + return ref, transport, img, nil } if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy != PullIfMissing { @@ -187,26 +187,26 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store continue } - pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) + pulledImg, pulledReference, err := pullAndFindImage(ctx, store, transport, image, options, systemContext) if err != nil { logrus.Debugf("unable to pull and read image %q: %v", image, err) failures = append(failures, failure{resolvedImageName: image, err: err}) continue } - return pulledReference, pulledImg, nil + return pulledReference, transport, pulledImg, nil } if len(failures) != len(candidates) { - return nil, nil, fmt.Errorf("internal error: %d candidates (%#v) vs. %d failures (%#v)", len(candidates), candidates, len(failures), failures) + return nil, "", nil, fmt.Errorf("internal error: %d candidates (%#v) vs. %d failures (%#v)", len(candidates), candidates, len(failures), failures) } registriesConfPath := sysregistries.RegistriesConfPath(systemContext) switch len(failures) { case 0: if searchRegistriesWereUsedButEmpty { - return nil, nil, errors.Errorf("image name %q is a short name and no search registries are defined in %s.", options.FromImage, registriesConfPath) + return nil, "", nil, errors.Errorf("image name %q is a short name and no search registries are defined in %s.", options.FromImage, registriesConfPath) } - return nil, nil, fmt.Errorf("internal error: no pull candidates were available for %q for an unknown reason", options.FromImage) + return nil, "", nil, fmt.Errorf("internal error: no pull candidates were available for %q for an unknown reason", options.FromImage) case 1: err := failures[0].err @@ -216,7 +216,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store if searchRegistriesWereUsedButEmpty { err = errors.Wrapf(err, "(image name %q is a short name and no search registries are defined in %s)", options.FromImage, registriesConfPath) } - return nil, nil, err + return nil, "", nil, err default: // NOTE: a multi-line error string: @@ -224,7 +224,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store for _, f := range failures { e = e + fmt.Sprintf("\n* %q: %s", f.resolvedImageName, f.err.Error()) } - return nil, nil, errors.New(e) + return nil, "", nil, errors.New(e) } } @@ -250,21 +250,19 @@ func findUnusedContainer(name string, containers []storage.Container) string { } func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions) (*Builder, error) { - var ref types.ImageReference - var img *storage.Image - var err error - + var ( + ref types.ImageReference + img *storage.Image + err error + ) if options.FromImage == BaseImageFakeName { options.FromImage = "" } - if options.Transport == "" { - options.Transport = util.DefaultTransport - } systemContext := getSystemContext(options.SystemContext, options.SignaturePolicyPath) if options.FromImage != "" && options.FromImage != "scratch" { - ref, img, err = resolveImage(ctx, systemContext, store, options) + ref, _, img, err = resolveImage(ctx, systemContext, store, options) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go index bbbbf3476..09f951b35 100644 --- a/vendor/github.com/containers/buildah/pkg/cli/common.go +++ b/vendor/github.com/containers/buildah/pkg/cli/common.go @@ -55,20 +55,21 @@ type BudResults struct { File []string Format string Iidfile string - NoCache bool Label []string Logfile string Loglevel int + NoCache bool Platform string Pull bool PullAlways bool Quiet bool Rm bool Runtime string - RuntimeOpts []string + RuntimeFlags []string SignaturePolicy string Squash bool Tag []string + Target string TlsVerify bool } @@ -138,7 +139,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { fs.StringVar(&flags.CertDir, "cert-dir", "", "use certificates at the specified path to access the registry") fs.BoolVar(&flags.Compress, "compress", false, "This is legacy option, which has no effect on the image") fs.StringVar(&flags.Creds, "creds", "", "use `[username[:password]]` for accessing the registry") - fs.BoolVarP(&flags.DisableCompression, "disable-compression", "D", false, "don't compress layers by default") + fs.BoolVarP(&flags.DisableCompression, "disable-compression", "D", true, "don't compress layers by default") fs.BoolVar(&flags.DisableContentTrust, "disable-content-trust", false, "This is a Docker specific option and is a NOOP") fs.StringSliceVarP(&flags.File, "file", "f", []string{}, "`pathname or URL` of a Dockerfile") fs.StringVar(&flags.Format, "format", DefaultFormat(), "`format` of the built image's manifest and metadata. Use BUILDAH_FORMAT environment variable to override.") @@ -153,10 +154,11 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { fs.BoolVarP(&flags.Quiet, "quiet", "q", false, "refrain from announcing build instructions and image read/write progress") fs.BoolVar(&flags.Rm, "rm", true, "Remove intermediate containers after a successful build (default true)") fs.StringVar(&flags.Runtime, "runtime", util.Runtime(), "`path` to an alternate runtime. Use BUILDAH_RUNTIME environment variable to override.") - fs.StringSliceVar(&flags.RuntimeOpts, "runtime-flag", []string{}, "add global flags for the container runtime") + fs.StringSliceVar(&flags.RuntimeFlags, "runtime-flag", []string{}, "add global flags for the container runtime") fs.StringVar(&flags.SignaturePolicy, "signature-policy", "", "`pathname` of signature policy file (not usually used)") fs.BoolVar(&flags.Squash, "squash", false, "Squash newly built layers into a single new layer. The build process does not currently support caching so this is a NOOP.") fs.StringSliceVarP(&flags.Tag, "tag", "t", []string{}, "tagged `name` to apply to the built image") + fs.StringVar(&flags.Target, "target", "", "set the target build stage to build") fs.BoolVar(&flags.TlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry") return fs } diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go index ffc7c15bb..a26d15631 100644 --- a/vendor/github.com/containers/buildah/pkg/parse/parse.go +++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go @@ -251,9 +251,9 @@ func SystemContextFromOptions(c *cobra.Command) (*types.SystemContext, error) { } tlsVerify, err := c.Flags().GetBool("tls-verify") if err == nil && c.Flag("tls-verify").Changed { - ctx.DockerInsecureSkipTLSVerify = types.NewOptionalBool(tlsVerify) - ctx.OCIInsecureSkipTLSVerify = tlsVerify - ctx.DockerDaemonInsecureSkipTLSVerify = tlsVerify + ctx.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!tlsVerify) + ctx.OCIInsecureSkipTLSVerify = !tlsVerify + ctx.DockerDaemonInsecureSkipTLSVerify = !tlsVerify } creds, err := c.Flags().GetString("creds") if err == nil && c.Flag("creds").Changed { diff --git a/vendor/github.com/containers/buildah/pull.go b/vendor/github.com/containers/buildah/pull.go index aede1784b..d1f33fb01 100644 --- a/vendor/github.com/containers/buildah/pull.go +++ b/vendor/github.com/containers/buildah/pull.go @@ -9,10 +9,13 @@ import ( "github.com/containers/buildah/pkg/blobcache" "github.com/containers/buildah/util" cp "github.com/containers/image/copy" + "github.com/containers/image/directory" "github.com/containers/image/docker" + dockerarchive "github.com/containers/image/docker/archive" "github.com/containers/image/docker/reference" tarfile "github.com/containers/image/docker/tarfile" ociarchive "github.com/containers/image/oci/archive" + oci "github.com/containers/image/oci/layout" "github.com/containers/image/signature" is "github.com/containers/image/storage" "github.com/containers/image/transports" @@ -40,10 +43,6 @@ type PullOptions struct { // github.com/containers/image/types SystemContext to hold credentials // and other authentication/authorization information. SystemContext *types.SystemContext - // Transport is a value which is prepended to the image's name, if the - // image name alone can not be resolved to a reference to a source - // image. No separator is implicitly added. - Transport string // BlobDirectory is the name of a directory in which we'll attempt to // store copies of layer blobs that we pull down, if any. It should // already exist. @@ -51,10 +50,6 @@ type PullOptions struct { // AllTags is a boolean value that determines if all tagged images // will be downloaded from the repository. The default is false. AllTags bool - // Quiet is a boolean value that determines if minimal output to - // the user will be displayed, this is best used for logging. - // The default is false. - Quiet bool } func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference, spec string) (string, error) { @@ -65,7 +60,7 @@ func localImageNameForReference(ctx context.Context, store storage.Store, srcRef file := split[len(split)-1] var name string switch srcRef.Transport().Name() { - case util.DockerArchive: + case dockerarchive.Transport.Name(): tarSource, err := tarfile.NewSourceFromFile(file) if err != nil { return "", errors.Wrapf(err, "error opening tarfile %q as a source image", file) @@ -92,7 +87,7 @@ func localImageNameForReference(ctx context.Context, store storage.Store, srcRef } } } - case util.OCIArchive: + case ociarchive.Transport.Name(): // retrieve the manifest from index.json to access the image name manifest, err := ociarchive.LoadManifestDescriptor(srcRef) if err != nil { @@ -107,7 +102,14 @@ func localImageNameForReference(ctx context.Context, store storage.Store, srcRef } else { name = manifest.Annotations["org.opencontainers.image.ref.name"] } - case util.DirTransport: + case directory.Transport.Name(): + // supports pull from a directory + name = split[1] + // remove leading "/" + if name[:1] == "/" { + name = name[1:] + } + case oci.Transport.Name(): // supports pull from a directory name = split[1] // remove leading "/" @@ -152,76 +154,71 @@ func localImageNameForReference(ctx context.Context, store storage.Store, srcRef // Pull copies the contents of the image from somewhere else to local storage. func Pull(ctx context.Context, imageName string, options PullOptions) error { - spec := imageName systemContext := getSystemContext(options.SystemContext, options.SignaturePolicyPath) - srcRef, err := alltransports.ParseImageName(spec) - if err != nil { - if options.Transport == "" { - options.Transport = util.DefaultTransport - } - logrus.Debugf("error parsing image name %q, trying with transport %q: %v", spec, options.Transport, err) - transport := options.Transport - if transport != util.DefaultTransport { - transport = transport + ":" - } - spec = transport + spec - srcRef2, err2 := alltransports.ParseImageName(spec) - if err2 != nil { - return errors.Wrapf(err2, "error parsing image name %q", imageName) - } - srcRef = srcRef2 + + boptions := BuilderOptions{ + FromImage: imageName, + SignaturePolicyPath: options.SignaturePolicyPath, + SystemContext: systemContext, + PullBlobDirectory: options.BlobDirectory, + ReportWriter: options.ReportWriter, } - if options.Quiet { - options.ReportWriter = nil // Turns off logging output + + storageRef, transport, img, err := resolveImage(ctx, systemContext, options.Store, boptions) + if err != nil { + return err } - var names []string + + var errs *multierror.Error if options.AllTags { - if srcRef.DockerReference() == nil { - return errors.New("Non-docker transport is currently not supported") + if transport != util.DefaultTransport { + return errors.New("Non-docker transport is not supported, for --all-tags pulling") + } + + spec := transport + storageRef.DockerReference().Name() + storageRef, err = alltransports.ParseImageName(spec) + if err != nil { + return errors.Wrapf(err, "error getting repository tags") } - tags, err := docker.GetRepositoryTags(ctx, systemContext, srcRef) + tags, err := docker.GetRepositoryTags(ctx, systemContext, storageRef) if err != nil { return errors.Wrapf(err, "error getting repository tags") } for _, tag := range tags { name := spec + ":" + tag - names = append(names, name) + if options.ReportWriter != nil { + options.ReportWriter.Write([]byte("Pulling " + name + "\n")) + } + ref, err := pullImage(ctx, options.Store, transport, name, options, systemContext) + if err != nil { + errs = multierror.Append(errs, err) + continue + } + img, err := is.Transport.GetStoreImage(options.Store, ref) + if err != nil { + errs = multierror.Append(errs, err) + continue + } + fmt.Printf("%s\n", img.ID) } } else { - names = append(names, spec) - } - var errs *multierror.Error - for _, name := range names { - if options.ReportWriter != nil { - options.ReportWriter.Write([]byte("Pulling " + name + "\n")) - } - ref, err := pullImage(ctx, options.Store, name, options, systemContext) - if err != nil { - errs = multierror.Append(errs, err) - continue - } - img, err := is.Transport.GetStoreImage(options.Store, ref) - if err != nil { - errs = multierror.Append(errs, err) - continue - } fmt.Printf("%s\n", img.ID) } return errs.ErrorOrNil() } -func pullImage(ctx context.Context, store storage.Store, imageName string, options PullOptions, sc *types.SystemContext) (types.ImageReference, error) { +func pullImage(ctx context.Context, store storage.Store, transport string, imageName string, options PullOptions, sc *types.SystemContext) (types.ImageReference, error) { spec := imageName srcRef, err := alltransports.ParseImageName(spec) if err != nil { - if options.Transport == "" { - options.Transport = util.DefaultTransport - } - logrus.Debugf("error parsing image name %q, trying with transport %q: %v", spec, options.Transport, err) - transport := options.Transport - if transport != util.DefaultTransport { - transport = transport + ":" + logrus.Debugf("error parsing image name %q, trying with transport %q: %v", spec, transport, err) + if transport == "" { + transport = util.DefaultTransport + } else { + if transport != util.DefaultTransport { + transport = transport + ":" + } } spec = transport + spec srcRef2, err2 := alltransports.ParseImageName(spec) diff --git a/vendor/github.com/containers/buildah/unshare/unshare.c b/vendor/github.com/containers/buildah/unshare/unshare.c index 3865e414f..8eefae41b 100644 --- a/vendor/github.com/containers/buildah/unshare/unshare.c +++ b/vendor/github.com/containers/buildah/unshare/unshare.c @@ -2,6 +2,8 @@ #include #include #include +#include +#include #include #include #include @@ -12,6 +14,28 @@ #include #include +#ifndef F_LINUX_SPECIFIC_BASE +#define F_LINUX_SPECIFIC_BASE 1024 +#endif +#ifndef F_ADD_SEALS +#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) +#define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) +#endif +#ifndef F_SEAL_SEAL +#define F_SEAL_SEAL 0x0001LU +#endif +#ifndef F_SEAL_SHRINK +#define F_SEAL_SHRINK 0x0002LU +#endif +#ifndef F_SEAL_GROW +#define F_SEAL_GROW 0x0004LU +#endif +#ifndef F_SEAL_WRITE +#define F_SEAL_WRITE 0x0008LU +#endif + +#define BUFSTEP 1024 + static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces"; static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone"; @@ -59,6 +83,119 @@ static void _check_proc_sys_file(const char *path) } } +static char **parse_proc_stringlist(const char *list) { + int fd, n, i, n_strings; + char *buf, *new_buf, **ret; + size_t size, new_size, used; + + fd = open(list, O_RDONLY); + if (fd == -1) { + return NULL; + } + buf = NULL; + size = 0; + used = 0; + for (;;) { + new_size = used + BUFSTEP; + new_buf = realloc(buf, new_size); + if (new_buf == NULL) { + free(buf); + fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP)); + return NULL; + } + buf = new_buf; + size = new_size; + memset(buf + used, '\0', size - used); + n = read(fd, buf + used, size - used - 1); + if (n < 0) { + fprintf(stderr, "read(): %m\n"); + return NULL; + } + if (n == 0) { + break; + } + used += n; + } + close(fd); + n_strings = 0; + for (n = 0; n < used; n++) { + if ((n == 0) || (buf[n-1] == '\0')) { + n_strings++; + } + } + ret = calloc(n_strings + 1, sizeof(char *)); + if (ret == NULL) { + fprintf(stderr, "calloc(): out of memory\n"); + return NULL; + } + i = 0; + for (n = 0; n < used; n++) { + if ((n == 0) || (buf[n-1] == '\0')) { + ret[i++] = &buf[n]; + } + } + ret[i] = NULL; + return ret; +} + +static int buildah_reexec(void) { + char **argv, *exename; + int fd, mmfd, n_read, n_written; + struct stat st; + char buf[2048]; + + argv = parse_proc_stringlist("/proc/self/cmdline"); + if (argv == NULL) { + return -1; + } + fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); + if (fd == -1) { + fprintf(stderr, "open(\"/proc/self/exe\"): %m\n"); + return -1; + } + if (fstat(fd, &st) == -1) { + fprintf(stderr, "fstat(\"/proc/self/exe\"): %m\n"); + return -1; + } + exename = basename(argv[0]); + mmfd = syscall(SYS_memfd_create, exename, (long) MFD_ALLOW_SEALING | MFD_CLOEXEC); + if (mmfd == -1) { + fprintf(stderr, "memfd_create(): %m\n"); + return -1; + } + for (;;) { + n_read = read(fd, buf, sizeof(buf)); + if (n_read < 0) { + fprintf(stderr, "read(\"/proc/self/exe\"): %m\n"); + return -1; + } + if (n_read == 0) { + break; + } + n_written = write(mmfd, buf, n_read); + if (n_written < 0) { + fprintf(stderr, "write(anonfd): %m\n"); + return -1; + } + if (n_written != n_read) { + fprintf(stderr, "write(anonfd): short write (%d != %d)\n", n_written, n_read); + return -1; + } + } + close(fd); + if (fcntl(mmfd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL) == -1) { + close(mmfd); + fprintf(stderr, "Error sealing memfd copy: %m\n"); + return -1; + } + if (fexecve(mmfd, argv, environ) == -1) { + close(mmfd); + fprintf(stderr, "Error during reexec(...): %m\n"); + return -1; + } + return 0; +} + void _buildah_unshare(void) { int flags, pidfd, continuefd, n, pgrp, sid, ctty; @@ -132,5 +269,8 @@ void _buildah_unshare(void) _exit(1); } } + if (buildah_reexec() != 0) { + _exit(1); + } return; } diff --git a/vendor/github.com/containers/buildah/unshare/unshare.go b/vendor/github.com/containers/buildah/unshare/unshare.go index 2a970b8d6..1072c2035 100644 --- a/vendor/github.com/containers/buildah/unshare/unshare.go +++ b/vendor/github.com/containers/buildah/unshare/unshare.go @@ -56,8 +56,10 @@ func (c *Cmd) Start() error { c.Env = append(c.Env, fmt.Sprintf("_Buildah-unshare=%d", c.UnshareFlags)) // Please the libpod "rootless" package to find the expected env variables. - c.Env = append(c.Env, "_LIBPOD_USERNS_CONFIGURED=done") - c.Env = append(c.Env, fmt.Sprintf("_LIBPOD_ROOTLESS_UID=%d", os.Geteuid())) + if os.Geteuid() != 0 { + c.Env = append(c.Env, "_LIBPOD_USERNS_CONFIGURED=done") + c.Env = append(c.Env, fmt.Sprintf("_LIBPOD_ROOTLESS_UID=%d", os.Geteuid())) + } // Create the pipe for reading the child's PID. pidRead, pidWrite, err := os.Pipe() diff --git a/vendor/github.com/containers/buildah/util/util.go b/vendor/github.com/containers/buildah/util/util.go index e46f9b7cb..d98493634 100644 --- a/vendor/github.com/containers/buildah/util/util.go +++ b/vendor/github.com/containers/buildah/util/util.go @@ -11,14 +11,11 @@ import ( "strings" "syscall" - "github.com/containers/image/directory" - dockerarchive "github.com/containers/image/docker/archive" "github.com/containers/image/docker/reference" - ociarchive "github.com/containers/image/oci/archive" "github.com/containers/image/pkg/sysregistriesv2" "github.com/containers/image/signature" is "github.com/containers/image/storage" - "github.com/containers/image/tarball" + "github.com/containers/image/transports" "github.com/containers/image/types" "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" @@ -43,36 +40,18 @@ var ( "index.docker.io": "library", "docker.io": "library", } - // Transports contains the possible transports used for images - Transports = map[string]string{ - dockerarchive.Transport.Name(): "", - ociarchive.Transport.Name(): "", - directory.Transport.Name(): "", - tarball.Transport.Name(): "", - } - // DockerArchive is the transport we prepend to an image name - // when saving to docker-archive - DockerArchive = dockerarchive.Transport.Name() - // OCIArchive is the transport we prepend to an image name - // when saving to oci-archive - OCIArchive = ociarchive.Transport.Name() - // DirTransport is the transport for pushing and pulling - // images to and from a directory - DirTransport = directory.Transport.Name() - // TarballTransport is the transport for importing a tar archive - // and creating a filesystem image - TarballTransport = tarball.Transport.Name() ) // ResolveName checks if name is a valid image name, and if that name doesn't // include a domain portion, returns a list of the names which it might -// correspond to in the set of configured registries, -// and a boolean which is true iff 1) the list of search registries was used, and 2) it was empty. +// correspond to in the set of configured registries, the transport used to +// pull the image, and a boolean which is true iff +// 1) the list of search registries was used, and 2) it was empty. // NOTE: The "list of search registries is empty" check does not count blocked registries, // and neither the implied "localhost" nor a possible firstRegistry are counted -func ResolveName(name string, firstRegistry string, sc *types.SystemContext, store storage.Store) ([]string, bool, error) { +func ResolveName(name string, firstRegistry string, sc *types.SystemContext, store storage.Store) ([]string, string, bool, error) { if name == "" { - return nil, false, nil + return nil, "", false, nil } // Maybe it's a truncated image ID. Don't prepend a registry name, then. @@ -80,27 +59,28 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto if img, err := store.Image(name); err == nil && img != nil && strings.HasPrefix(img.ID, name) { // It's a truncated version of the ID of an image that's present in local storage; // we need only expand the ID. - return []string{img.ID}, false, nil + return []string{img.ID}, "", false, nil } } // If the image includes a transport's name as a prefix, use it as-is. + if strings.HasPrefix(name, DefaultTransport) { + return []string{strings.TrimPrefix(name, DefaultTransport)}, DefaultTransport, false, nil + } split := strings.SplitN(name, ":", 2) if len(split) == 2 { - if _, ok := Transports[split[0]]; ok { - return []string{split[1]}, false, nil + if trans := transports.Get(split[0]); trans != nil { + return []string{split[1]}, trans.Name(), false, nil } } - - name = strings.TrimPrefix(name, DefaultTransport) // If the image name already included a domain component, we're done. named, err := reference.ParseNormalizedNamed(name) if err != nil { - return nil, false, errors.Wrapf(err, "error parsing image name %q", name) + return nil, "", false, errors.Wrapf(err, "error parsing image name %q", name) } if named.String() == name { // Parsing produced the same result, so there was a domain name in there to begin with. - return []string{name}, false, nil + return []string{name}, DefaultTransport, false, nil } if reference.Domain(named) != "" && RegistryDefaultPathPrefix[reference.Domain(named)] != "" { // If this domain can cause us to insert something in the middle, check if that happened. @@ -117,7 +97,7 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto defaultPrefix := RegistryDefaultPathPrefix[reference.Domain(named)] + "/" if strings.HasPrefix(repoPath, defaultPrefix) && path.Join(domain, repoPath[len(defaultPrefix):])+tag+digest == name { // Yup, parsing just inserted a bit in the middle, so there was a domain name there to begin with. - return []string{name}, false, nil + return []string{name}, DefaultTransport, false, nil } } @@ -153,7 +133,7 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto candidate := path.Join(registry, middle, name) candidates = append(candidates, candidate) } - return candidates, searchRegistriesAreEmpty, nil + return candidates, DefaultTransport, searchRegistriesAreEmpty, nil } // ExpandNames takes unqualified names, parses them as image names, and returns @@ -164,7 +144,7 @@ func ExpandNames(names []string, firstRegistry string, systemContext *types.Syst expanded := make([]string, 0, len(names)) for _, n := range names { var name reference.Named - nameList, _, err := ResolveName(n, firstRegistry, systemContext, store) + nameList, _, _, err := ResolveName(n, firstRegistry, systemContext, store) if err != nil { return nil, errors.Wrapf(err, "error parsing name %q", n) } @@ -200,7 +180,7 @@ func FindImage(store storage.Store, firstRegistry string, systemContext *types.S var ref types.ImageReference var img *storage.Image var err error - names, _, err := ResolveName(image, firstRegistry, systemContext, store) + names, _, _, err := ResolveName(image, firstRegistry, systemContext, store) if err != nil { return nil, nil, errors.Wrapf(err, "error parsing name %q", image) } diff --git a/vendor/github.com/containers/buildah/vendor.conf b/vendor/github.com/containers/buildah/vendor.conf index bda5f3965..7438fc909 100644 --- a/vendor/github.com/containers/buildah/vendor.conf +++ b/vendor/github.com/containers/buildah/vendor.conf @@ -3,10 +3,13 @@ github.com/blang/semver v3.5.0 github.com/BurntSushi/toml v0.2.0 github.com/containerd/continuity 004b46473808b3e7a4a3049c20e4376c91eb966d github.com/containernetworking/cni v0.7.0-alpha1 -github.com/containers/image v1.3 +github.com/containers/image v1.4 +github.com/vbauerster/mpb v3.3.4 +github.com/mattn/go-isatty v0.0.4 +github.com/VividCortex/ewma v1.1.1 github.com/boltdb/bolt v1.3.1 github.com/containers/libpod v1.0 -github.com/containers/storage v1.9 +github.com/containers/storage v1.10 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 github.com/docker/docker-credential-helpers v0.6.1 @@ -21,7 +24,6 @@ github.com/gorilla/mux v1.6.2 github.com/hashicorp/errwrap v1.0.0 github.com/hashicorp/go-multierror v1.0.0 github.com/imdario/mergo v0.3.6 -github.com/mattn/go-runewidth v0.0.4 github.com/mattn/go-shellwords v1.0.3 github.com/Microsoft/go-winio v0.4.11 github.com/Microsoft/hcsshim v0.8.3 @@ -36,7 +38,7 @@ github.com/opencontainers/runc v1.0.0-rc6 github.com/opencontainers/runtime-spec v1.0.0 github.com/opencontainers/runtime-tools v0.8.0 github.com/opencontainers/selinux v1.1 -github.com/openshift/imagebuilder a4122153148e3b34161191f868565d8dffe65a69 +github.com/openshift/imagebuilder 36823496a6868f72bc36282cc475eb8a070c0934 github.com/ostreedev/ostree-go 9ab99253d365aac3a330d1f7281cf29f3d22820b github.com/pkg/errors v0.8.1 github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac @@ -55,7 +57,6 @@ golang.org/x/net 45ffb0cd1ba084b73e26dee67e667e1be5acce83 https://github.com/gol golang.org/x/sync 37e7f081c4d4c64e13b10787722085407fe5d15f https://github.com/golang/sync golang.org/x/sys 7fbe1cd0fcc20051e1fcb87fbabec4a1bacaaeba https://github.com/golang/sys golang.org/x/text e6919f6577db79269a6443b9dc46d18f2238fb5d https://github.com/golang/text -gopkg.in/cheggaaa/pb.v1 v1.0.27 gopkg.in/yaml.v2 v2.2.2 k8s.io/client-go kubernetes-1.10.13-beta.0 https://github.com/kubernetes/client-go github.com/klauspost/pgzip v1.2.1 @@ -63,17 +64,4 @@ github.com/klauspost/compress v1.4.1 github.com/klauspost/cpuid v1.2.0 github.com/onsi/gomega v1.4.3 github.com/spf13/cobra v0.0.3 -github.com/cpuguy83/go-md2man v1.0.8 github.com/spf13/pflag v1.0.3 -github.com/inconshreveable/mousetrap v1.0.0 -github.com/russross/blackfriday v2.0.1 -github.com/mitchellh/go-homedir v1.0.0 -github.com/spf13/viper v1.3.1 -github.com/fsnotify/fsnotify v1.4.7 -github.com/hashicorp/hcl v1.0.0 -github.com/magiconair/properties v1.8.0 -github.com/mitchellh/mapstructure v1.1.2 -github.com/pelletier/go-toml v1.2.0 -github.com/spf13/afero v1.2.0 -github.com/spf13/cast v1.3.0 -github.com/spf13/jwalterweatherman v1.0.0 diff --git a/vendor/github.com/openshift/imagebuilder/README.md b/vendor/github.com/openshift/imagebuilder/README.md index 2f9c110dd..f26b4a7e0 100644 --- a/vendor/github.com/openshift/imagebuilder/README.md +++ b/vendor/github.com/openshift/imagebuilder/README.md @@ -70,7 +70,7 @@ is ignored. ## Code Example -``` +```go f, err := os.Open("path/to/Dockerfile") if err != nil { return err diff --git a/vendor/github.com/openshift/imagebuilder/builder.go b/vendor/github.com/openshift/imagebuilder/builder.go index d37965df6..16682af7d 100644 --- a/vendor/github.com/openshift/imagebuilder/builder.go +++ b/vendor/github.com/openshift/imagebuilder/builder.go @@ -40,6 +40,7 @@ type Run struct { type Executor interface { Preserve(path string) error + EnsureContainerPath(path string) error Copy(excludes []string, copies ...Copy) error Run(run Run, config docker.Config) error UnrecognizedInstruction(step *Step) error @@ -52,6 +53,11 @@ func (logExecutor) Preserve(path string) error { return nil } +func (logExecutor) EnsureContainerPath(path string) error { + log.Printf("ENSURE %s", path) + return nil +} + func (logExecutor) Copy(excludes []string, copies ...Copy) error { for _, c := range copies { log.Printf("COPY %v -> %s (from:%s download:%t), chown: %s", c.Src, c.Dest, c.From, c.Download, c.Chown) @@ -75,6 +81,10 @@ func (noopExecutor) Preserve(path string) error { return nil } +func (noopExecutor) EnsureContainerPath(path string) error { + return nil +} + func (noopExecutor) Copy(excludes []string, copies ...Copy) error { return nil } @@ -153,6 +163,7 @@ func (stages Stages) ByName(name string) (Stage, bool) { return Stage{}, false } +// Get just the target stage. func (stages Stages) ByTarget(target string) (Stages, bool) { if len(target) == 0 { return stages, true @@ -165,6 +176,19 @@ func (stages Stages) ByTarget(target string) (Stages, bool) { return nil, false } +// Get all the stages up to and including the target. +func (stages Stages) ThroughTarget(target string) (Stages, bool) { + if len(target) == 0 { + return stages, true + } + for i, stage := range stages { + if stage.Name == target { + return stages[0 : i+1], true + } + } + return nil, false +} + type Stage struct { Position int Name string @@ -319,6 +343,13 @@ func (b *Builder) Run(step *Step, exec Executor, noRunsRemaining bool) error { if err := exec.Copy(b.Excludes, copies...); err != nil { return err } + + if len(b.RunConfig.WorkingDir) > 0 { + if err := exec.EnsureContainerPath(b.RunConfig.WorkingDir); err != nil { + return err + } + } + for _, run := range runs { config := b.Config() config.Env = step.Env diff --git a/vendor/github.com/openshift/imagebuilder/dispatchers.go b/vendor/github.com/openshift/imagebuilder/dispatchers.go index f6510c2fd..ff365848a 100644 --- a/vendor/github.com/openshift/imagebuilder/dispatchers.go +++ b/vendor/github.com/openshift/imagebuilder/dispatchers.go @@ -128,9 +128,20 @@ func add(b *Builder, args []string, attributes map[string]bool, flagArgs []strin if len(args) < 2 { return errAtLeastOneArgument("ADD") } + var chown string last := len(args) - 1 dest := makeAbsolute(args[last], b.RunConfig.WorkingDir) - b.PendingCopies = append(b.PendingCopies, Copy{Src: args[0:last], Dest: dest, Download: true}) + if len(flagArgs) > 0 { + for _, arg := range flagArgs { + switch { + case strings.HasPrefix(arg, "--chown="): + chown = strings.TrimPrefix(arg, "--chown=") + default: + return fmt.Errorf("ADD only supports the --chown= flag") + } + } + } + b.PendingCopies = append(b.PendingCopies, Copy{Src: args[0:last], Dest: dest, Download: true, Chown: chown}) return nil } -- cgit v1.2.3-54-g00ecf